Computer Security and the Internet Tools and Jewels from Malware to Bitcoin 2nd Edition by Paul C Van Oorschot ISBN 9783030834104 3030834107

Computer Security and the Internet Tools and Jewels from Malware to Bitcoin 2nd Edition by Paul C Van Oorschot – Ebook PDF Instant Download/Delivery: 9783030834104 ,3030834107
Full download Computer Security and the Internet Tools and Jewels from Malware to Bitcoin 2nd Edition after payment

Product details:

ISBN 10: 3030834107
ISBN 13: 9783030834104
Author: Paul C Van Oorschot

Computer Security and the Internet Tools and Jewels from Malware to Bitcoin 2nd Edition Table of contents:

Chapter 1 Security Concepts and Principles

1.1 Fundamental goals of computer security

1.2 Computer security policies and attacks

1.3 Risk, risk assessment, and modeling expected losses

1.4 Adversary modeling and security analysis

1.5 Threat modeling: diagrams, trees, lists and STRIDE

1.5.1 Diagram-driven threat modeling

1.5.2 Attack trees for threat modeling

1.5.3 Other threat modeling approaches: checklists and STRIDE

1.6 Model-reality gaps and real-world outcomes

1.6.1 Threat modeling and model-reality gaps

1.6.2 Tying security policy back to real outcomes and security analysis

1.7 ‡Design principles for computer security

1.8 ‡Why computer security is hard

1.9 ‡End notes and further reading

References (Chapter 1)

Chapter 2 Cryptographic Building Blocks

2.1 Encryption and decryption (generic concepts)

2.2 Symmetric-key encryption and decryption

2.3 Public-key encryption and decryption

2.4 Digital signatures and verification using public keys

2.5 Cryptographic hash functions

2.6 Message authentication (data origin authentication)

2.7 ‡Authenticated encryption and further modes of operation

2.8 ‡Certificates, elliptic curves, and equivalent keylengths

2.9 ‡End notes and further reading

References (Chapter 2)

Chapter 3 User Authentication—Passwords, Biometrics and Alternatives

3.1 Password authentication

3.2 Password-guessing strategies and defenses

3.3 Account recovery and secret questions

3.4 One-time password generators and hardware tokens

3.5 Biometric authentication

3.6 ‡Password managers and graphical passwords

3.7 ‡CAPTCHAs (humans-in-the-loop) vs. automated attacks

3.8 ‡Entropy, passwords, and partial-guessing metrics

3.9 ‡End notes and further reading

References (Chapter 3)

Chapter 4 Authentication Protocols and Key Establishment

4.1 Entity authentication and key establishment (context)

4.2 Authentication protocols: concepts and mistakes

4.3 Establishing shared keys by public agreement (DH)

4.4 Key authentication properties and goals

4.5 Password-authenticated key exchange: EKE and SPEKE

4.6 ‡Weak secrets and forward search in authentication

4.7 ‡Single sign-on (SSO) and federated identity systems

4.8 ‡Cyclic groups and subgroup attacks on Diffie-Hellman

4.9 ‡End notes and further reading

References (Chapter 4)

Chapter 5 Operating System Security and Access Control

5.1 Memory protection, supervisor mode, and accountability

5.2 The reference monitor, access matrix, and security kernel

5.3 Object permissions and file-based access control

5.4 Setuid bit and effective userid (eUID)

5.5 Directory permissions and inode-based example

5.6 Symbolic links, hard links and deleting files

5.7 Role-based (RBAC) and mandatory access control

5.8 ‡Protection rings: isolation meets finer-grained sharing

5.9 ‡Relating subjects, processes, and protection domains

5.10 ‡End notes and further reading

References (Chapter 5)

Chapter 6 Software Security—Exploits and Privilege Escalation

6.1 Race conditions and resolving filenames to resources

6.2 Integer-based vulnerabilities and C-language issues

6.3 Stack-based buffer overflows

6.4 Heap-based buffer overflows and heap spraying

6.5 ‡Return-to-libc exploits

6.6 Buffer overflow exploit defenses and adoption barriers

6.7 Privilege escalation and the bigger picture

6.8 ‡Background: process creation, syscalls, shells, shellcode

6.9 ‡End notes and further reading

References (Chapter 6)

Chapter 7 Malicious Software

7.1 Defining malware

7.2 Viruses and worms

7.3 Virus anti-detection and worm-spreading techniques

7.4 Stealth: Trojan horses, backdoors, keyloggers, rootkits

7.5 Rootkit detail: installation, object modification, hijacking

7.6 ‡Drive-by downloads and droppers

7.7 Ransomware, botnets and other beasts

7.8 Social engineering and categorizing malware

7.9 ‡End notes and further reading

References (Chapter 7)

Chapter 8 Public-Key Certificate Management and Use Cases

8.1 Certificates, certification authorities and PKI

8.2 Certificate chain validation and certificate extensions

8.3 ‡Certificate revocation

8.4 CA/PKI architectures and certificate trust models

8.5 TLS web site certificates and CA/browser trust model

8.6 Secure email overview and public-key distribution

8.7 ‡Secure email: specific technologies

8.8 ‡End notes and further reading

References (Chapter 8)

Chapter 9 Web and Browser Security

9.1 Web review: domains, URLs, HTML, HTTP, scripts

9.2 TLS and HTTPS (HTTP over TLS)

9.3 HTTP cookies and DOM objects

9.4 Same-origin policy (DOM SOP)

9.5 Authentication cookies, malicious scripts and CSRF

9.6 More malicious scripts: cross-site scripting (XSS)

9.7 SQL injection

9.8 ‡Usable security, phishing and web security indicators

9.9 ‡End notes and further reading

References (Chapter 9)

Chapter 10 Firewalls and Tunnels

10.1 Packet-filter firewalls

10.2 Proxy firewalls and firewall architectures

10.3 SSH: Secure Shell

10.4 VPNs and encrypted tunnels (general concepts)

10.5 ‡IPsec: IP security suite (details)

10.6 ‡Background: networking and TCP/IP

10.7 ‡End notes and further reading

References (Chapter 10)

Chapter 11 Intrusion Detection and Network-Based Attacks

11.1 Intrusion detection: introduction

11.2 Intrusion detection: methodological approaches

11.3 Sniffers, reconnaissance scanners, vulnerability scanners

11.4 Denial of service attacks

11.5 Address resolution attacks (DNS, ARP)

11.6 ‡TCP session hijacking

11.7 ‡End notes and further reading

References (Chapter 11)

Chapter 12 Wireless LAN Security: 802.11 and Wi-Fi

12.1 Background: 802.11 WLAN architecture and overview

12.2 WLAN threats and mitigations

12.3 Security architecture: access control, EAP and RADIUS

12.4 RC4 stream cipher and its use in WEP

12.5 WEP attacks: authentication, integrity, keystream reuse

12.6 WEP security summary and full key recovery

12.7 ‡AES-CCMP frame encryption and key hierarchy

12.8 Robust authentication, key establishment and WPA3

12.9 ‡End notes and further reading

References (Chapter 12)

Chapter 13 Bitcoin, Blockchains and Ethereum

13.1 Bitcoin overview

13.2 Transaction types and fields

13.3 ‡Bitcoin script execution (signature validation)

13.4 Block structure, Merkle trees and the blockchain

13.5 Mining of blocks, block preparation and hashing targets

13.6 Building the blockchain, validation, and full nodes

13.7 ‡Simple payment verification, user wallets, private keys

13.8 ‡Ethereum and smart contracts

13.9 ‡End notes and further reading

References (Chapter 13)

Epilogue

References (Epilogue)

Index

People also search for Computer Security and the Internet Tools and Jewels from Malware to Bitcoin 2nd Edition:

q&a computer
    
computer security versus privacy
    
a computer virus can
    
difference between computer security and network security
    
internet security and you

Tags: Paul C Van Oorschot, Computer Security, Internet, Malware