Applied information security : a hands-on approach /
David Basin, Patrick Schaller, Michael Schläpfer.
Bok Engelsk 2011 David. Basin,· Electronic books.
| Utgitt | Berlin : : Springer, , 2011.
|
|---|---|
| Omfang | 209 s.
|
| Opplysninger | Bibliographic Level Mode of Issuance: Monograph. - ""Applied Information Security""; ""Preface""; ""Contents""; ""1 Security Principles""; ""1.1 Objectives""; ""1.2 Problem Context""; ""1.3 The Principles""; ""1.3.1 Simplicity""; ""1.3.2 Open Design""; ""1.3.3 Compartmentalization""; ""1.3.4 Minimum Exposure""; ""1.3.5 Least Privilege""; ""1.3.6 Minimum Trust and Maximum Trustworthiness""; ""1.3.7 Secure, Fail-Safe Defaults""; ""1.3.8 Complete Mediation""; ""1.3.9 No Single Point of Failure""; ""1.3.10 Traceability""; ""1.3.11 Generating Secrets""; ""1.3.12 Usability""; ""1.4 Discussion""; ""1.5 Assignment""; ""1.6 Exercises"". - ""2 The Virtual Environment""""2.1 Objectives""; ""2.2 VirtualBox""; ""2.2.1 Setting up a New Virtual Machine""; ""2.2.2 The Network""; ""2.3 The Lab Environment""; ""2.3.1 The Hosts""; ""2.4 Installing the Virtual Machines""; ""2.4.1 Installing host alice""; ""2.4.2 Installing host bob""; ""2.4.3 Installing host mallet""; ""3 Network Services""; ""3.1 Objectives""; ""3.2 Networking Background""; ""3.2.1 Internet Layer""; ""3.2.2 Transport Layer""; ""3.3 The Adversary's Point of View""; ""3.3.1 Information Gathering""; ""3.3.2 Finding Potential Vulnerabilities"". - ""3.3.3 Exploiting Vulnerabilities""""3.3.4 Vulnerable Configurations""; ""3.4 The Administrator's Point of View""; ""3.5 Actions to Be Taken""; ""3.5.1 Deactivating Services""; ""3.5.2 Restricting Services""; ""3.6 Exercises""; ""4 Authentication and Access Control""; ""4.1 Objectives""; ""4.2 Authentication""; ""4.2.1 Telnet and Remote Shell""; ""4.2.2 Secure Shell""; ""4.3 User IDs and Permissions""; ""4.3.1 File Access Permissions""; ""4.3.2 Setuid and Setgid""; ""4.4 Shell Script Security""; ""4.4.1 Symbolic Links""; ""4.4.2 Temporary Files""; ""4.4.3 Environment"". - ""4.4.4 Data Validation""""4.5 Quotas""; ""4.6 Change Root""; ""4.7 Exercises""; ""5 Logging and Log Analysis""; ""5.1 Objectives""; ""5.2 Logging Mechanisms and Log Files""; ""5.2.1 Remote Logging""; ""5.3 Problems with Logging""; ""5.3.1 Tampering and Authenticity""; ""5.3.2 Tamper-Proof Logging""; ""5.3.3 Input Validation""; ""5.3.4 Rotation""; ""5.4 Intrusion Detection""; ""5.4.1 Log Analysis""; ""5.4.2 Suspicious Files and Rootkits""; ""5.4.3 Integrity Checks""; ""5.5 Exercises""; ""6 Web Application Security""; ""6.1 Objectives""; ""6.2 Preparatory Work""; ""6.3 Black-Box Audit"". - ""6.10 Exercises"". - ""6.4 Attacking Web Applications""""6.4.1 Remote File Upload Vulnerability in Joomla!""; ""6.4.2 Remote Command Execution""; ""6.4.3 SQL Injections""; ""6.4.4 Privilege Escalation""; ""6.5 User Authentication and Session Management""; ""6.5.1 A PHP-Based Authentication Mechanism""; ""6.5.2 HTTP Basic Authentication""; ""6.5.3 Cookie-Based Session Management""; ""6.6 Cross-Site Scripting (XSS)""; ""6.6.1 Persistent XSS Attacks""; ""6.6.2 Reflected XSS Attacks""; ""6.6.3 DOM-Based XSS Attacks""; ""6.7 SQL Injections Revisited""; ""6.8 Secure Socket Layer""; ""6.9 Further Reading"". - This book explores fundamental principles for securing IT systems and illustrates them with hands-on experiments that may be carried out by the reader using accompanying software. The experiments highlight key information security problems that arise in modern operating systems, networks, and web applications. The authors explain how to identify and exploit such problems and they show different countermeasures and their implementation. The reader thus gains a detailed understanding of how vulnerabilities arise and practical experience tackling them. After presenting the basics of security principles, virtual environments, and network services, the authors explain the core security principles of authentication and access control, logging and log analysis, web application security, certificates and public-key cryptography, and risk management. The book concludes with appendices on the design of related courses, report templates, and the basics of Linux as needed for the assignments. The authors have successfully taught IT security to students and professionals using the content of this book and the laboratory setting it describes. The book can be used in undergraduate or graduate laboratory courses, complementing more theoretically oriented courses, and it can also be used for self-study by IT professionals who want hands-on experience in applied information security. The authors' supporting software is freely available online and the text is supported throughout with exercises.
|
| Emner | Business - Data processing.
Business—Data processing. Computer networks - Security measures. Computer security. Vis mer... Data encryption (Computer science)
Data protection. Data structures (Computer scienc. Data structures (Computer science). Industrial management. Information Systems. Information technology. Management information systems. Management. Electrical & Computer Engineering Engineering & Applied Sciences Telecommunications Computer Science. Data Structures and Information Theory. : http://scigraph.springernature.com/things/product-market-codes/I15009 Data Structures, Cryptology and Information Theory. IT in Business. Innovation/Technology Management. Management of Computing and Information Systems. Systems and Data Security. datasikkerhet |
| Sjanger | |
| Dewey | |
| ISBN | 978-3-642-24474-2
|
