Security in Computing

摘要: From the Book: PREFACE: When first edition of this book was published in 1989, viruses and other forms malicious code were fairly uncommon, Internet used largely by just computing professionals, a Clipper sailing ship, computer crime seldom headline topic daily newspapers. In that era most people unconcerned about--even unaware of--how serious is threat to security use computers. The computers has spread at rate completely unexpected back then. Now you can bank computer, order pay for merchandise, even commit contracts computer. And uses business have similarly increased both volume richness. Alas, threats also significantly. Why Read This Book? Are your data programs risk? If answer "yes" any following questions, potential risk. Have acquired new within last year? Do communicate electronically with computers? Do ever receive or from people? Is there significant program item which do not second copy? Relax; are alone. Most users risk. Being risk does mean should stop using It learn more about face, how control Users managers large mainframe systems 1960s l970s developed techniques reasonably effective against thethreatsof era. However, two factors made those procedures outdated: Personal use. Vast numbers become dedicated personal systems, pleasure. We try make applications "user friendly" so be who know nothing hardware programming, as drive car need design an engine. Users may especially conscious involved use; aware what reduce their Networked remote-access systems. Machines being linked numbers. The its cousin, World-Wide Web, seem double every year number users. A user realize access same machine allowed throughout world almost uncountable Every professional must understand countermeasures currently available computing. addresses need. This designed student Beginning level appropriate experienced user, describes pitfalls inherent many important tasks today. Then, explores controls check these weaknesses. points out where existing inadequate consideration given present situation. Uses Book The chapters progress orderly manner. After introduction, encryption, process disguising something written conceal meaning, presented tool security. continues through different kinds applications, weaknesses, controls. The areas include: general operating data base management remote multicomputer networks These sections begin definition topic, continue description relationship conclude statement current state art research related topic. concludes examination analysis planning security, study law ethics Background required appreciate understanding programming Someone senior graduate science been field few years would understanding. Although some facility mathematics useful, all necessary mathematical background book. Similarly, material on software operating bases, relevant chapters. One detailed knowledge before reading textbook one- two-semester course functions equally well reference professional. introduction encryption fundamental rest studying pieces, however, reader later order. Furthermore, follow format then aspects work area. interested than middle one chapter go next. classes world. Roughly half covered semester. Therefore, instructor one-semester considers topics greater interest. What Does Book Contain? This revised Security Computing. based previous version, updates cover newer Among salient additions items: Viruses, worms, Trojan horses, code. Complete section (first Chapter 5) including sources code, they written, detected and/or prevented, several actual examples. Firewalls. (end 9) describing do, work, constructed, degree protection provide. Private e-mail. (middle explaining exposures e-mail, kind available, PEM PGP, key management, certificates. Clipper, Capstone, Tessera, Mosaic, escrow. Several sections, 3 technology, 4 protocol, 11 privacy issue. Trusted system evaluation. Extensive addition (in 7) criteria United States, Europe, Canada, soon-to-be-released Common Criteria. Program development processes, ISO 9000 SEI CMM. major 5 gives comparisons between methodologies. Guidance administering PC, Unix, networked environments. changes, numerous small ranging wording changes subtle notational pedagogic reasons, replacement, deletion, rearrangement, expansion sections. focus remains same, however. still covering complete subject target audience college students (advanced undergraduates students) professionals. expected bring general technology; networking expected, although advanced necessary. Mathematics appropriate, ignore foundation if he she chooses. Acknowledgments Many contributed content structure friends colleagues supplied thoughts, advice, challenges, criticism, suggestions influenced my writing book: Lance Hoffman, Marv Schaefer, Dave Balenson, Terry Benzel, Curt Barker, Debbie Cooper, Staffan Persson. Two outside community very encouraging: Gene Davenport Bruce Barnes. I apologize forgotten mention someone else; oversight accidental. Lance Hoffman deserves special mention. He preliminary copy George Washington University. Not only did provide me his own, but invaluable comments perspective effectively. want thank them constructive criticisms. Finally, alleges alone, distrust person immediately. While author working 16-hour days book, else needs see life, simple things like food, clothing, shelter, complex social family responsibilities. My wife, Shari Lawrence Pfleeger, took time her schedule could devote full energies writing. soothed when inexplicably slipped, went down, had writerOs block, crisis beset project. On top that, reviewed entire manuscript, giving thorough review had. Her improved content, organization, readability, overall quality immeasurably. it great pleasure dedicate Shari, team caused written. Charles P. Pfleeger DC