Computer Security Basics, 2nd Edition (2011)
About This Book
This book is about computer security—what it is, where it came from, where it’s going, and why we should care about it. It introduces the many different areas of security in clear and simple terms: access controls, worms and viruses, cryptography, firewalls, network and web security, biometric devices, and more. If you’re at all interested in computer security or if computer security is a part of your job (whether you want it to be or not!), you should find this book useful. I’ve tried to give you the big picture and quite a few helpful details.
This book is not a technical reference. I’ve tried to pull together the basics about many different areas of computer security and put that information together comprehensively. If you need particularly technical information about a specific area of computer security (for example, making your specific system or operating system more secure, securing your web site, or configuring a router or firewall), you should refer to other, more specialized books.
Summary of Contents
This book is divided into 10 chapters and 3 appendixes.
Part I, Security for Today
This section presents a brief overview of what computer security is, where it came from, and where it’s going.
Chapter 1, Introduction
This chapter introduces computer security: what it is and why it’s important. It summarizes the threats to computers and the information stored on them, and it introduces the different types of computer security.
Chapter 2, Some Security History
This chapter briefly describes the history of computer security: where it came from, and what government mandates, laws, and standards address it.
Part II, Computer Security
This section discusses computer security methods of protecting information stored in a computer system, primarily by controlling access to that information.
Chapter 3, Computer System Security and Access Controls
This chapter introduces computer system security and describes how that security controls access to systems and data.
Chapter 4, Viruses and Other Wildlife
This chapter explores viruses, worms, Trojans, and other types of malicious code.
Chapter 5, Establishing and Maintaining a Security Policy
This chapter describes the administrative procedures that improve security within an organization. It also introduces business continuity and disaster recovery as part of security.
Chapter 6, Web Attacks and Internet Vulnerabilities
This chapter introduces the perils that can attack your system or network while it is connected to the Internet.
Part III, Communications Security
This section discusses communications security methods of protecting information while it’s being transmitted over communications lines and network backbones.
Chapter 7, Encryption
This chapter explains what encryption is and how it protects data.
Chapter 8, Communications and Network Security
This chapter introduces network concepts and discusses some basic communications security issues.
Part IV, Other Types of Security
This section describes several additional types of security.
Chapter 9, Physical Security and Biometrics
This chapter introduces physical security and describes different types of biometric devices.
Chapter 10, Wireless Network Security
This chapter describes the workings of wireless networks and the security ramifications of this access medium.
Part V, Appendixes
This section provides a number of quick references to computer security requirements and programs.
Appendix A, OSI Model
This appendix describes the seven layers of OSI and how each relates to security.
Appendix B, TEMPEST
This appendix describes what TEMPEST is and why it’s important.
Appendix C, The Orange Book, FIPS PUBS, and the Common Criteria
This appendix provides a summary of legacy Orange Book requirements, the Federal Information Processing Publications (FIPS PUBS), and the Common Criteria, which is the international successor to the Orange Book.
Using Code Examples
This book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation. You do not need to contact O’Reilly for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission.