ONE-VOLUME INTRODUCTION TO COMPUTER SECURITY Clearly explains core concepts, terminology, challenges, technologies, and skills Covers today’s latest attacks and countermeasures The perfect beginner’s guide for anyone interested in a computer security career Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started. Drawing on 20+ years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected. This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples reflect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you’ve learned. Whether you’re a student, a professional, or a manager, this guide will help you protect your assets—and expand your career options. Learn how to ·         Identify and prioritize potential threats to your network ·         Use basic networking knowledge to improve security ·         Get inside the minds of hackers, so you can deter their attacks ·         Implement a proven layered approach to network security ·         Resist modern social engineering attacks ·         Defend against today’s most common Denial of Service (DoS) attacks ·         Halt viruses, spyware, worms, Trojans, and other malware ·         Prevent problems arising from malfeasance or ignorance ·         Choose the best encryption methods for your organization ·         Compare security technologies, including the latest security appliances ·         Implement security policies that will work in your environment ·         Scan your network for vulnerabilities ·         Evaluate potential security consultants ·         Master basic computer forensics and know what to do if you’re attacked ·         Learn how cyberterrorism and information warfare are evolving  

Table of Contents:
Introduction Chapter 1: Introduction to Computer Security Introduction How Seriously Should You Take Threats to Network Security? Identifying Types of Threats     Malware     Compromising System Security     DoS Attacks     Web Attacks     Session Hijacking     Insider Threats     DNS Poisoning     New Attacks Assessing the Likelihood of an Attack on Your Network Basic Security Terminology     Hacker Slang     Professional Terms Concepts and Approaches How Do Legal Issues Impact Network Security? Online Security Resources     CERT     Microsoft Security Advisor     F-Secure     SANS Institute Summary Test Your Skills Chapter 2: Networks and the Internet Introduction Network Basics     The Physical Connection: Local Networks     Faster Connection Speeds     Data Transmission How the Internet Works     IP Addresses     CIDR     Uniform Resource Locators     What Is a Packet?     Basic Communications History of the Internet Basic Network Utilities     IPConfig     Ping     Tracert     Netstat     NSLookup Other Network Devices Advanced Network Communications Topics     The OSI Model     Media Access Control (MAC) Addresses Summary Test Your Skills Chapter 3: Cyber Stalking, Fraud, and Abuse Introduction How Internet Fraud Works     Investment Offers     Auction Frauds Identity Theft     Phishing Cyber Stalking     Real Cyber Stalking Cases     How to Evaluate Cyber Stalking     Crimes Against Children     Laws About Internet Fraud Protecting Yourself Against Cyber Crime     Protecting Against Investment Fraud     Protecting Against Identity Theft     Secure Browser Settings Summary Test Your Skills Chapter 4: Denial of Service Attacks Introduction DoS Illustrating an Attack     Common Tools Used for DoS     DoS Weaknesses     Specific DoS Attacks     Land Attack     DDoS Summary Test Your Skills Chapter 5: Malware Introduction Viruses     How a Virus Spreads     Types of Viruses     Virus Examples     Rombertik     Gameover ZeuS     CryptoLocker and CryptoWall     FakeAV     MacDefender     Troj/Invo-Zip     W32/Netsky-P     The Sobig Virus     The Mimail Virus     The Bagle Virus     A Nonvirus Virus     Flame     Rules for Avoiding Viruses Trojan Horses The Buffer-Overflow Attack The Sasser Virus/Buffer Overflow Spyware     Legal Uses of Spyware     How Is Spyware Delivered to a Target System?     Obtaining Spyware Software Other Forms of Malware     Rootkit     Malicious Web-Based Code     Logic Bombs     Spam     Advanced Persistent Threats Detecting and Eliminating Viruses and Spyware     Antivirus Software     Antispyware Software     Remediation Steps Summary Test Your Skills Chapter 6: Techniques Used by Hackers Introduction Basic Terminology The Reconnaissance Phase     Passive Scanning Techniques     Active Scanning Techniques Actual Attacks     SQL Script Injection     Cross-Site Scripting     Password Cracking Malware Creation     Windows Hacking Techniques Penetration Testing     NIST 800-115     National Security Agency Information Assessment Methodology     PCI Penetration Testing Standard Summary Test Your Skills Chapter 7: Industrial Espionage in Cyberspace Introduction What Is Industrial Espionage? Information as an Asset Real-World Examples of Industrial Espionage     Example 1: Houston Astros     Example 2: University Trade Secrets     Example 3: VIA Technology     Example 4: General Motors     Example 5: Bloomberg, Inc.     Example 6: Interactive Television Technologies, Inc.     Trends in Industrial Espionage     Industrial Espionage and You How Does Espionage Occur?     Low-Tech Industrial Espionage     Spyware Used in Industrial Espionage Steganography Used in Industrial Espionage Phone Taps and Bugs Protecting Against Industrial Espionage Industrial Espionage Act Spear Phishing Summary Test Your Skills Chapter 8: Encryption Introduction Cryptography Basics History of Encryption     The Caesar Cipher     Atbash     Multi-Alphabet Substitution     Rail Fence     Enigma     Binary Operations Modern Methods     Single-Key (Symmetric) Encryption     Modification of Symmetric Methods Public Key (Asymmetric) Encryption PGP Legitimate Versus Fraudulent Encryption Methods Digital Signatures Hashing     MD5     SHA     RipeMD MAC and HMAC     Rainbow Tables Steganography     Historical Steganography     Methods and Tools Cryptanalysis     Frequency Analysis     Modern Methods Cryptography Used on the Internet Summary Test Your Skills Chapter 9: Computer Security Technology Introduction Virus Scanners     How Does a Virus Scanner Work?     Virus-Scanning Techniques     Commercial Antivirus Software Firewalls     Benefits and Limitation of Firewalls     Firewall Types and Components     Firewall Configurations     Commercial and Free Firewall Products     Firewall Logs Antispyware IDS     IDS Categorization     Identifying an Intrusion     IDS Elements     Snort     Honey Pots     Database Activity Monitoring     Other Preemptive Techniques     Authentication Digital Certificates SSL/TLS Virtual Private Networks     Point-to-Point Tunneling Protocol     Layer 2 Tunneling Protocol     IPsec Wi-Fi Security     Wired Equivalent Privacy     Wi-Fi Protected Access     WPA2 Summary Test Your Skills Chapter 10: Security Policies Introduction What Is a Policy? Defining User Policies     Passwords     Internet Use     Email Usage     Installing/Uninstalling Software     Instant Messaging     Desktop Configuration     Bring Your Own Device     Final Thoughts on User Policies Defining System Administration Policies     New Employees     Departing Employees     Change Requests     Security Breaches     Virus Infection     DoS Attacks     Intrusion by a Hacker Defining Access Control Developmental Policies Standards, Guidelines, and Procedures Data Classification     DoD Clearances Disaster Recovery     Disaster Recovery Plan     Business Continuity Plan     Impact Analysis?     Fault Tolerance Important Laws     HIPAA     Sarbanes-Oxley     Payment Card Industry Data Security Standards Summary Test Your Skills Chapter 11: Network Scanning and Vulnerability Scanning Introduction Basics of Assessing a System     Patch     Ports     Protect     Policies     Probe     Physical Securing Computer Systems     Securing an Individual Workstation     Securing a Server     Securing a Network Scanning Your Network     MBSA     NESSUS Getting Professional Help Summary Test Your Skills Chapter 12: Cyber Terrorism and Information Warfare Introduction Actual Cases of Cyber Terrorism     The Chinese Eagle Union     China’s Advanced Persistent Threat     India and Pakistan     Russian Hackers Weapons of Cyber Warfare     Stuxnet     Flame     StopGeorgia.ru Malware     FinFisher     BlackEnergy     NSA ANT Catalog Economic Attacks Military Operations Attacks General Attacks Supervisory Control and Data Acquisitions (SCADA) Information Warfare     Propaganda     Information Control     Disinformation Actual Cases Future Trends     Positive Trends     Negative Trends Defense Against Cyber Terrorism Terrorist Recruiting and Communication TOR and the Dark Web Summary Test Your Skills Chapter 13: Cyber Detective Introduction General Searches Court Records and Criminal Checks     Sex Offender Registries     Civil Court Records     Other Resources Usenet Summary Test Your Skills Chapter 14: Introduction to Forensics Introduction General Guidelines     Don’t Touch the Suspect Drive     Image a Drive with Forensic Toolkit     Can You Ever Conduct Forensics on a Live Machine?     Document Trail     Secure the Evidence     Chain of Custody     FBI Forensics Guidelines     U.S. Secret Service Forensics Guidelines     EU Evidence Gathering     Scientific Working Group on Digital Evidence     Locard’s Principle of Transference     Tools Finding Evidence on the PC     Finding Evidence in the Browser Finding Evidence in System Logs     Windows Logs     Linux Logs Getting Back Deleted Files Operating System Utilities     Net Sessions     Openfiles     Fc     Netstat The Windows Registry     Specific Entries Mobile Forensics: Cell Phone Concepts     Cell Concepts Module     Cellular Networks     iOS     Android     Windows     What You Should Look For The Need for Forensic Certification Expert Witnesses     Federal Rule 702     Daubert Additional Types of Forensics     Network Forensics     Virtual Forensics Summary Test Your Skills Appendix A: Glossary Appendix B: Resources Appendix C: Answers to the Multiple Choice Questions     9780789757463    TOC    5/10/2016