Overview

"Praise for Aviel D. Rubin's White-Hat Security Arsenal ""As a researcher, Avi has produced excellent work in a number of areas, and is an engaging writer. With the vast new opportunities on the Internet come problems, complex and confusing...This book considers many of these problems, analyzes them, and presents fine solutions. More importantly, Avi presents approaches to the solutions, which generalize to related problems you will encounter...A book like this is a tremendous aid."" - From the foreword by William R. Cheswick ""This is one of the most readable yet exhaustive books on a vital aspect of computer technology. All computer users, whether they be hackers, IT professionals, academics, or just lay users, will benefit from its content and derive pleasure from its clear and user-friendly style. Rubin has done a great service by identifying and explicating the complexities and subtleties of computer security."" - Jack Goldman, Ph.D., Founder of Xerox PARC ""White-Hat Security Arsenal is an enormously valuable toolkit for anyone who depends on the Internet today. It gives a refreshingly realistic and hype-free picture of the threats, with practical and up-to-date guidance not only on how to protect yourself, but on what to worry about if you don't."" - Matt Blaze, Ph.D., AT&T Labs-Research ""Avi's book has breadth and depth relating to information security defense needs. It tackles your shackles and threats in Nets with blistery history and constructive realism."" - Peter G. Neumann, Ph.D., Principal Scientist, Computer Science Lab, SRI International, author of Computer-Related Risks, moderator of the ACM Risks Forum ""Avi Rubin has done a stunning job of presenting the material and correctly stressing key points...I can't wait to recommend this book to security folks in my own company and other companies with whom I am affiliated. It is extremely well done and offers many you-can-use-them-today insights."" - Sandra Henry-Stocker, Lead Systems Engineer, E-Trade, and Security Columnist, UNIX Insider ""White-Hat Security Arsenal is an intelligent, informative, and well-written book. It's one of the most readable computer science books I've ever picked up."" - Bruce Davie, Ph.D., Cisco Fellow, Cisco Systems, Inc., coauthor of Computer Networks: A Systems Approach ""Avi's book examines commonly encountered security problems and offers sufficient insight for even the most lay computer user to appreciate the nature of threats and vulnerabilities associated with Internet-connected computers. But the book offers much more than basic diagnosis and treatment. More advanced network and security professionals should learn enough about the building blocks of security from this book to feel confident in designing, selecting, and implementing security systems and services."" - David M. Piscitello, Core Competence, Inc. ""An excellent resource for students and professionals wishing to learn about computer security. Each chapter directly delves into a specific branch of computer security. Rubin succinctly presents the main challenges and common solutions to each topic. Throughout the book the discussion is motivated by many entertaining real-world examples. The reader is quickly exposed to various security blunders and cutting-edge systems designed to defend against such blunders. Overall, this book is fun to read and introduces the reader to all current techniques used in computer security."" - Dan Boneh, Ph.D., Computer Science Professor, Stanford University ""This book is not your standard how-to security book. This is a well-designed, well-written volume on just what the threats are, how they work, and what you have on hand to resist them. Viruses, worms, and denial of service attacks are just the beginning. Most interestingly, Rubin dissects the Morris Worm, Melissa, I Love You, and several other malicious invertebrates. His explanations of just how these infiltrative beasties work are just brilliant. This is a 'different' security book, and it's one you really need."" - Peter H. Salus, Ph.D., Chief Knowledge Officer, Matrix.Net, author of A Quarter Century of UNIX and Casting the Net ""Avi Rubin does a great job of explaining the motivations behind many security solutions, as well as providing practical information about how you can solve real-world problems. White-Hat Security Arsenal is an invaluable resource--a judicious mix of practical information and the theory behind it."" --Marcus J. Ranum, CTO, NFR Security, Inc. ""White-Hat Security Arsenal ups the ante for the good guys in the arms race against computer-based crime. Like a barrage of cruise missiles, Avi's excellent book attains air superiority by leveraging smarts and advanced GPS technology t"

Full Product Details

Author:   Aviel D. Rubin
Publisher:   Pearson Education (US)
Imprint:   Addison Wesley
Dimensions:   Width: 23.50cm , Height: 2.10cm , Length: 18.70cm
Weight:   0.744kg
ISBN:  

9780201711141

ISBN 10:   0201711141
Pages:   368
Publication Date:   02 July 2001
Audience:   College/higher education ,  Tertiary & Higher Education
Format:   Paperback
Publisher's Status:   Out of Print
Availability:   In Print  
Limited stock is available. It will be ordered for you and shipped pending supplier's limited stock.

Table of Contents

Foreword. Preface. I: IS THERE REALLY A THREAT? 1. Shrouded in Secrecy. 2. Computer Security Risks. What Is at Risk. Data, Time, and Money. Confidentiality. Privacy. Resource Availability. Why Risks Exist. Buggy Code. The User. Poor Administration. Exploiting Risks. Moving On. 3. The Morris Worm Meets the Love Bug: Computer Viruses and Worms. Terminology. A Touch of History. The Morris Worm. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Melissa. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. CIH Chernobyl. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Happy. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Worm.ExploreZip. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Bubbleboy. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Babylonia. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. The Love Bug. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Summary. II: STORING DATA SECURELY. 4. Local Storage. Physical Security. Cryptographic Security. What Can Be Achieved with Cryptography. Cryptography Is Not Enough. Basic Encryption and Data Integrity. Protecting Data with Passwords. Graphical Passwords. Cryptographic File Systems. Case Studies. CFS. PGPDisk. EFS in Windows 2000. Further Reading. 5. Remote Storage. Remote Storage. NFS Security. Adding Security. User Authentication. Strengthening Passwords. Access Control Lists and Capabilities. AFS. Case Study. Pathnames. Further Reading. 6. Secure Backup. Secure Backups. Physical Security. Backup over a Network. Key Granularity. Backup Products. @backup. BitSTOR. Secure Backup Systems. BackJack. Datalock. NetMass SystemSafe. Saf-T-Net. Safeguard Interactive. Veritas Telebackup. Deleting Backups. Case Study. The Client Software. Incremental Backups. Further Reading. III: SECURE DATA TRANSFER. 7. Setting up a Long-Term Association. What Is Identity? Identity in Cyberspace. Exchanging Public Keys in Person. Certification Authorities. Public Key Certificates. Certificate Hierarchies. Long-Term Relationships within an Organization. Global Trust Register. Revocation. Long-Term Relationships in the Wild. Managing Private Keys. Symmetric Keys. Case Study. Summary. Further Reading. 8. Deriving Session Keys. Long-Term Keys Are Not Enough. What Are Session Keys? Key Exposure. Perfect Forward Secrecy. Security Associations. Picking a Random Key. Session Keys from Symmetric Long-Term Keys. Kerberos. Another Approach. Session Keys from Long-Term Public Keys. Diffie-Hellman Key Exchange. Session Keys in SSL. Protocol Design and Analysis. Case Study. Clogging Attacks. ISAKMP Exchanges. Key Refreshment. Primes in OAKLEY. Further Reading. 9. Communicating Securely After Key Setup. Protecting Information. Encryption. Authentication. Which Layer Is Best for Security? Encapsulation. The Link Layer. The Network Layer. The Transport Layer. The Application Layer. Replay Prevention. Case Study. ESP. AH. Further Reading. IV: PROTECTING AGAINST NETWORK THREATS. 10. Protecting a Network Perimeter. Insiders and Outsiders. Network Perimeter. Benefits of Firewalls. Types of Firewalls. Packet Filters. Application-Level Gateways. Using the Firewall. Configuring Rules. Web Server Placement. Exit Control. Remote Access8. Logging in Directly. Dial-up Access. VPN Access. Web-Only Access. Case Study. Further Reading. 11. Defending against Attacks. Bad Guys. Mapping. Attacks. Denial of Service. Defense. Defending against Mapping. Monitoring the Traffic. Intrusion Detection. Defense against DDOS. Other Tools. Case Study. Further Reading. V: COMMERCE AND PRIVACY. 12. Protecting E-Commerce Transactions. Credit Cards on the Web. The SSL Protocol. Protocol Overview. Configuring a Browser. Configuring a Server. Security. Performance. Caching. Case Study. How Passport Works. Risks of Passport. Further Reading. 13. Protecting Privacy. Online Privacy. What Is at Risk? E-Mail Privacy. Protecting E-Mail with Cryptography. Anonymous E-Mail. How Is Personal Privacy Compromised? Direct Methods. Indirect Methods. Defense Mechanisms and Countermeasures. Protecting Data on Your Machine. Protecting Credit Card Information. Safeguarding Your Browsing History. Hiding Your Surfing. Posting Anonymously to the Web. Case Study. Summary. Further Reading. Glossary. Bibliography. Index. 0201711141T01 001.

Reviews

Author Information

Aviel D. Rubin (http://avirubin.com) is an Associate Professor in the Computer Science Department at Johns Hopkins University and serves as the Technical Director of their Information Security Institute. He was previously Principal Researcher in the Secure Systems Research Department at AT&T Laboratories and is the author of several books. 0201711141AB01132003

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions