Computer Security: Principles and Practice (3rd Edition)
William Stallings, Lawrie Brown
Format: PDF / Kindle (mobi) / ePub
Computer Security: Principles and Practice, Third Edition, is ideal for courses in Computer/Network Security. It also provides a solid, up-to-date reference or self-study tutorial for system engineers, programmers, system managers, network managers, product marketing personnel, system support specialists.
In recent years, the need for education in computer security and related topics has grown dramatically—and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research and modeling projects, giving students a broader perspective.
It covers all security topics considered Core in the EEE/ACM Computer Science Curriculum. This textbook can be used to prep for CISSP Certification, and includes in-depth coverage of Computer Security, Technology and Principles, Software Security, Management Issues, Cryptographic Algorithms, Internet Security and more.
The Text and Academic Authors Association named Computer Security: Principles and Practice, First Edition, the winner of the Textbook Excellence Award for the best Computer Science textbook of 2008.
Teaching and Learning Experience
This program presents a better teaching and learning experience—for you and your students. It will help:
- Easily Integrate Projects in your Course: This book provides an unparalleled degree of support for including both research and modeling projects in your course, giving students a broader perspective.
- Keep Your Course Current with Updated Technical Content: This edition covers the latest trends and developments in computer security.
- Enhance Learning with Engaging Features: Extensive use of case studies and examples provides real-world context to the text material.
- Provide Extensive Support Material to Instructors and Students: Student and instructor resources are available to expand on the topics presented in the text.
Open Systems Security Services Security Mechanisms 1.5 Computer Security Trends 1.6 Computer Security Strategy Security Policy Security Implementation Assurance and Evaluation 1.7 Recommended Reading and Web Sites 1.8 Key Terms, Review Questions, and Problems 9 10 CHAPTER 1 / OVERVIEW LEARNING OBJECTIVES After studying this chapter, you should be able to: ᭜ Describe the key security requirements of confidentiality, integrity, and availability. ᭜ Discuss the types of security threats and
attacker generates the hash values associated with each possible salt value. The result is a mammoth table of hash values known as a rainbow table. For example, [OECH03] showed that using 1.4 GB of data, he could crack 99.9% of all alphanumeric Windows password hashes in 13.8 seconds. This approach can be countered by using a sufficiently large salt value and a sufficiently large hash length. Both the FreeBSD and OpenBSD approaches should be secure from this attack for the foreseeable future.
(xG%#jj98) ϭ 998 If the password xG%#jj98 is presented to the system, it will be rejected even though it is not in the dictionary. If there are too many such false positives, it will be difficult for users to select passwords. Therefore, we would like to design the hash scheme to minimize false positives. It can be shown that the probability of a false positive can be approximated by P Ϸ 11 k - ekD/N 2 = 11 - ek/R 2 k or, equivalently, R Ϸ -k ln(1-p 1/k) where k ϭ number of hash
International to introduce stronger Triple DES, and pressure from U.S. regulators to introduce new features for disabled users. Many banks, such as those audited by Redspin, included a number of other enhancements at the same time as the introduction of Windows and triple DES, especially the use of TCP/IP as a network transport. Because issuers typically run their own Internet-connected local area networks (LANs) and intranets using TCP/IP, it was attractive to connect ATMs to these issuer
taken from the character set consisting of lowercase letters and digits. They were generated by a pseudorandom number generator with 215 possible starting values. Using the technology of the time, the time required to search through all character strings of length 8 from a 36-character alphabet was 112 years. Unfortunately, this is not a true reflection of the actual security of the system. Explain the problem. Assume that passwords are selected from four-character combinations of 26 alphabetic