Home > Store

Computer Security Fundamentals, 4th Edition

By Chuck Easttom
Published Oct 22, 2019 by Pearson IT Certification.

Best Value Purchase

Book + eBook Bundle

Your Price: $98.10
List Price: $165.99
Includes EPUB and PDF
About eBook Formats

This eBook includes the following formats, accessible from your Account page after purchase:

ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Add to cart

FREE SHIPPING!

More Purchase Options

Book

Your Price: $68.00
List Price: $80.00
Usually ships in 24 hours.

Add to cart

FREE SHIPPING!

eBook

Your Price: $73.09
List Price: $85.99
Includes EPUB and PDF
About eBook Formats

This eBook includes the following formats, accessible from your Account page after purchase:

ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Add to cart

About

Description

Sample Content

Updates

More Information

About

Features

The most up-to-date computer security concepts text on the market
Strong coverage and comprehensive analysis of key attacks, including denial of service, malware, and viruses
Covers oft-neglected subject areas such as cyberterrorism, computer fraud, and industrial espionage
Contains end-of-chapter exercises, projects, review questions, and plenty of real-world tips
Instructor's guide, lecture slides, and test bank included to make planning for class a breeze

Additional Information

We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata (44 KB .doc)



Description

Copyright 2020
Dimensions: 7" x 9-1/8"
Pages: 512
Edition: 4th

Book
ISBN-10: 0-13-577477-2
ISBN-13: 978-0-13-577477-9

Clearly explains core concepts, terminology, challenges, technologies, and skills

Covers today’s latest attacks and countermeasures

The perfect beginner’s guide for anyone interested in a computer security career

Dr. Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started.

Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.

This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples reflect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you’ve learned.

Whether you’re a student, a professional, or a manager, this guide will help you protect your assets—and expand your career options.

LEARN HOW TO

Identify and prioritize potential threats to your network
Use basic networking knowledge to improve security
Get inside the minds of hackers, so you can deter their attacks
Implement a proven layered approach to network security
Resist modern social engineering attacks
Defend against today’s most common Denial of Service (DoS) attacks
Halt viruses, spyware, worms, Trojans, and other malware
Prevent problems arising from malfeasance or ignorance
Choose the best encryption methods for your organization
Compare security technologies, including the latest security appliances
Implement security policies that will work in your environment
Scan your network for vulnerabilities
Evaluate potential security consultants
Master basic computer forensics and know what to do if you’re attacked
Learn how cyberterrorism and information warfare are evolving



Sample Content

Online Sample Chapter

Introduction to Computer Security

Sample Pages

Download the sample pages (includes Chapter 1)

Introduction xxvi
Chapter 1: Introduction to Computer Security 2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How Seriously Should You Take Threats to Network Security? . . . . . . . . . 4
Identifying Types of Threats . . . . . . . . . . . . . . . . . . . . . . . . 7
Assessing the Likelihood of an Attack on Your Network . . . . . . . . . . . . 16
Basic Security Terminology . . . . . . . . . . . . . . . . . . . . . . . 16
Concepts and Approaches . . . . . . . . . . . . . . . . . . . . . . . . 19
How Do Legal Issues Impact Network Security? . . . . . . . . . . . . . . . 22
Online Security Resources . . . . . . . . . . . . . . . . . . . . . . . . 23
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Networks and the Internet 32
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Network Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
How the Internet Works . . . . . . . . . . . . . . . . . . . . . . . . . 40
History of the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . 49
Other Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 55
Advanced Network Communications Topics . . . . . . . . . . . . . . . . 56
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Chapter 3: Cyber Stalking, Fraud, and Abuse 66
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
How Internet Fraud Works . . . . . . . . . . . . . . . . . . . . . . . . 67
Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Cyber Stalking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 4: Denial of Service Attacks 96
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Illustrating an Attack . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Common Tools Used for DoS Attacks . . . . . . . . . . . . . . . . . . . 99
DoS Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Specific DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 102
Real-World Examples of DoS Attacks . . . . . . . . . . . . . . . . . . . 109
How to Defend Against DoS Attacks . . . . . . . . . . . . . . . . . . . 111
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Chapter 5: Malware 120
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
The Buffer-Overflow Attack . . . . . . . . . . . . . . . . . . . . . . . 132
Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Other Forms of Malware . . . . . . . . . . . . . . . . . . . . . . . . 137
Detecting and Eliminating Viruses and Spyware . . . . . . . . . . . . . . 140
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Chapter 6: Techniques Used by Hackers 152
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Basic Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
The Reconnaissance Phase . . . . . . . . . . . . . . . . . . . . . . . 153
Actual Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Malware Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 171
The Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Chapter 7: Industrial Espionage in Cyberspace 182
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
What Is Industrial Espionage? . . . . . . . . . . . . . . . . . . . . . . 183
Information as an Asset . . . . . . . . . . . . . . . . . . . . . . . . 184
Real-World Examples of Industrial Espionage . . . . . . . . . . . . . . . 187
How Does Espionage Occur? . . . . . . . . . . . . . . . . . . . . . . 189
Low-Tech Industrial Espionage . . . . . . . . . . . . . . . . 189
Spyware Used in Industrial Espionage . . . . . . . . . . . . . 193
Steganography Used in Industrial Espionage . . . . . . . . . . . 193
Phone Taps and Bugs . . . . . . . . . . . . . . . . . . . . 194
Protecting Against Industrial Espionage . . . . . . . . . . . . . . . . . . 194
The Industrial Espionage Act . . . . . . . . . . . . . . . . . . . . . . 197
Spear Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Chapter 8: Encryption 206
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Cryptography Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 207
History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Modern Cryptography Methods . . . . . . . . . . . . . . . . . . . . . 216
Public Key (Asymmetric) Encryption . . . . . . . . . . . . . . . . . . . 223
PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Legitimate Versus Fraudulent Encryption Methods . . . . . . . . . . . . . 229
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
MAC and HMAC . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Cryptography Used on the Internet . . . . . . . . . . . . . . . . . . . . 236
Quantum Computing Cryptography . . . . . . . . . . . . . . . . . . . 237
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Chapter 9: Computer Security Technology 244
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Antispyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
SSL/TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . 268
Wi-Fi Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Chapter 10: Security Policies 278
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
What Is a Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . 280
Defining System Administration Policies . . . . . . . . . . . . . . . . . . 287
New Employees . . . . . . . . . . . . . . . . . . . . . . . 287
Departing Employees . . . . . . . . . . . . . . . . . . . . 287
Change Requests . . . . . . . . . . . . . . . . . . . . . . 288
Security Breaches . . . . . . . . . . . . . . . . . . . . . . 290
Virus Infection . . . . . . . . . . . . . . . . . . . . . . . 290
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . 291
Intrusion by a Hacker . . . . . . . . . . . . . . . . . . . . 291
Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . 292
Development Policies . . . . . . . . . . . . . . . . . . . . . . . . . 293
Standards, Guidelines, and Procedures . . . . . . . . . . . . . . . . . . 294
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Important Laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Chapter 11: Network Scanning and Vulnerability Scanning 306
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Basics of Assessing a System . . . . . . . . . . . . . . . . . . . . . . 307
Securing Computer Systems . . . . . . . . . . . . . . . . . . . . . . 315
Scanning Your Network . . . . . . . . . . . . . . . . . . . . . . . . 321
Getting Professional Help . . . . . . . . . . . . . . . . . . . . . . . . 330
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Chapter 12: Cyber Terrorism and Information Warfare 342
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Actual Cases of Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 343
Weapons of Cyber Warfare . . . . . . . . . . . . . . . . . . . . . . . 345
Economic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Military Operations Attacks . . . . . . . . . . . . . . . . . . . . . . . 350
General Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Supervisory Control and Data Acquisitions (SCADA) . . . . . . . . . . . . . 351
Information Warfare . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Actual Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Future Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Defense Against Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 362
Terrorist Recruiting and Communication . . . . . . . . . . . . . . . . . . 362
TOR and the Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . 363
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Chapter 13: Cyber Detective 370
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
General Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Court Records and Criminal Checks . . . . . . . . . . . . . . . . . . . 375
Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Chapter 14: Introduction to Forensics 386
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
General Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . 397
Finding Evidence in System Logs . . . . . . . . . . . . . . . . . . . . 398
Getting Back Deleted Files . . . . . . . . . . . . . . . . . . . . . . . 399
Operating System Utilities . . . . . . . . . . . . . . . . . . . . . . . 402
The Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . 404
Mobile Forensics: Cell Phone Concepts . . . . . . . . . . . . . . . . . . 408
The Need for Forensic Certification . . . . . . . . . . . . . . . . . . . . 413
Expert Witnesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Additional Types of Forensics . . . . . . . . . . . . . . . . . . . . . . 415
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Chapter 15: Cybersecurity Engineering 422
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Defining Cybersecurity Engineering . . . . . . . . . . . . . . . . . . . . 423
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Glossary 442
Appendix A: Resources 448
Appendix B: Answers to the Multiple Choice Questions 450
9780135774779, TOC, 8/15/19



Updates

Submit Errata



More Information



Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Email Address