INFORMATION SECURITY PRINCIPLESANDPRACTICE - Printable Version +- Free Academic Seminars And Projects Reports (https://easyreport.in) +-- Forum: Seminars Topics And Discussions (https://easyreport.in/forumdisplay.php?fid=30) +--- Forum: Miscellaneous Seminars Topics (https://easyreport.in/forumdisplay.php?fid=21) +---- Forum: General Seminar Topics (https://easyreport.in/forumdisplay.php?fid=58) +---- Thread: INFORMATION SECURITY PRINCIPLESANDPRACTICE (/showthread.php?tid=55412) |
INFORMATION SECURITY PRINCIPLESANDPRACTICE - joannapaul - 10-04-2017 INFORMATION SECURITY PRINCIPLESANDPRACTICE Mark Stamp San Jose State University A JOHN WILEY & SONS, INC., PUBLICATION This book is printed on acid-free paper. Copyright 2006 by JohnWiley & Sons, Inc. All rights reserved. Published by JohnWiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, JohnWiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, e-mail: [email protected]. Limit of Liability/Disclaimer ofWarranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. The publisher is not engaged in rendering professional services, and you should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic format. For more information aboutWiley products, visit our web site at Library of Congress Cataloging-in-Publication Data: Stamp, Mark. Information security: principles and practice / Mark Stamp. p. cm. Includes bibliographical references and index. ISBN-10 0-471-73848-4 (cloth) ISBN-13 978-0-471-73848-0 1. Computer security. I. Title. QA76.9.A25S69 2005 005.8--dc22 2005005152 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 To Melody, Austin, and Miles. PREFACE I hate black boxes. One of my goals in writing this book was to illuminate some of those black boxes that are so popular in information security books today. On the other hand, I don t want to bore readers to death with trivial details (if that s what you want, go read some RFCs). As a result, I sometimes ignore details that I deem irrelevant to the topic at hand. You can judge whether I ve struck the proper balance between these two competing goals. Another goal of mine was to present the topic in a lively and interesting way. If any computing subject should be exciting and fun, it s information security. Security is happening now, it s in the news; it s clearly alive and kicking. Some security textbooks offer a large dollop of dry useless theory. Reading one of these books is about as exciting as reading a calculus textbook. Other security books offer nothing but a collection of apparently unrelated facts, giving the impression that security is not really a coherent subject at all. Then there are books that present the topic as a collection of high-level managerial platitudes. These books may have a place, but if your goal is to design and build secure systems, you d better understand something about the underlying technology. Finally, some security books focus on the human factors in security. While it is certainly critical to understand the role that human nature plays in security, I would argue that a security engineer must have a solid understanding of the inherent strengths and weaknesses of the technology before the human factors can be fully appreciated. Information security is a huge topic, and unlike more established fields, it s not clear what material should be included in a book like this, or how best to organize the selected material. I ve chosen to organize this book around the following four major themes. Cryptography Access Control Protocols Software These themes are fairly elastic so that I can include what I consider to be the most significant material. For example, in my usage, access control includes the traditional topics of authentication and authorization, along with such nontraditional topics as firewalls and CAPTCHAs. The software theme is particularly flexible, including such diverse topics as secure software development, computer viruses, software reverse engineering, and operating systems. xv xvi PREFACE I ve strived to keep the presentation moving along in order to cover a reasonable selection of the most significant material. My goal is to cover each topic in just enough detail so that a reader can appreciate the basic security issue at hand and to avoid getting bogged down in trivia. I also attempt to regularly emphasize and reiterate the main points so that a significant point doesn t slip past the radar screen undetected. Although this book is focused on practical issues, I ve tried to cover enough of the fundamental principles so that the reader will be prepared for further study in the field. In addition, I ve strived to minimize the required background knowledge as much as possible. In particular, the mathematical formalism has been kept to a bare minimum (the Appendix contains a review of all necessary math topics). Despite this self-imposed limitation, this book contains more substantive cryptography than most other security books. The required computer science background is also minimal an introductory computer organization course (or comparable experience) is more than sufficient. Some programming experience and a rudimentary knowledge of assembly language would be helpful in a couple of sections, but it s not mandatory. Networking basics arise in a few sections. The Appendix contains a brief overview of networking that provides sufficient background material. If you are an information technology professional who s trying to learn more about security, I would suggest that you read the entire book. Actually, that s my suggestion to everyone. But if you want to avoid the material that s most likely to slow you down and is not critical to the overall flow of the book, you can safely skip Section 4.5, all of Chapter 6 (though Section 6.3 is highly recommended), and Section 8.3. If you are teaching a security class, it s important to realize that this book has more material than can be covered in a one semester course. The schedule that I generally follow in my undergraduate security class appears in the table below. This schedule allows ample time to cover a few of the optional topics. Chapter Hours Comments 1. Introduction 1 Cover all. 2. Classic Cryptography 3 Sections 2.3.6 and 2.3.8 are optional. 3. Symmetric Key Crypto 4 Section 3.3.5 is optional. 4. Public Key Crypto 4 Omit 4.5; section 4.8 is optional. 5. Hash Functions 3 Cover 5.1 through 5.6 and 5.7.2. The remainder of 5.7 is optional. 6. Advanced Cryptanalysis 0 Omit entire chapter. 7. Authentication 4 Cover all. 8. Authorization 2 Cover 8.1 and 8.2. Sections 8.3 through 8.9 are optional (though 8.7 is recommended). 9. Authentication Protocols 4 Sections 9.4 and 9.5 are optional (9.5 is mentioned in Chapter 13). 10. Real-World Protocols 4 Cover all. 11. Software Flaws and Malware 4 Cover all. 12. Insecurity in Software 4 Sections 12.3 and 12.4 are optional. Recommended to cover part of 12.4. 13. OS and Security 3 Cover all. Total 40 PREFACE xvii Many variations on the outline above are possible. For example, For a greater emphasis on network security, cover the networking material in the Appendix and Sections 8.7 through 8.9. Then cover only the bare minimum of crypto and software topics. For a heavier crypto emphasis, cover all of Chapters 2 through 6 and Chapters 9 and 10 (where the crypto is applied) with selected additional topics as time permits. Although Chapter 6 is somewhat more technical than other chapters, it provides a solid introduction to cryptanalysis, a topic that is usually not treated in any substantive way, even in crypto books. If you prefer slightly more theory, cover security modeling in Sections 8.3 through 8.6, which can be supplemented by [212]. To stay within the time constraints, you can de-emphasize the software topics. In any incarnation, a security course based on this book is an ideal venue for individual or group projects. The annotated bibliography provides an excellent starting point to search for suitable projects. In addition, many topics and problems lend themselves well to class discussions or in-class assignments (see, for example, Problem 13 in Chapter 10 or Problem 11 in Chapter 11). If I were teaching this class for the first time, I would appreciate the PowerPoint slides that are available at the textbook website. These slides have all been thoroughly battle tested in a classroom setting and improved over several iterations. In addition, a solutions manual is available to instructors (sorry students) from the publisher. It is alsoworth noting howthe Appendices fit into the flowof the text. AppendixA-1, Network Security Basics, does not play a significant role until Part II. Even if you (or your students) have a solid foundation in networking, it s probably worthwhile to review this material, since networking terminology is not always consistent, and since the focus here is on security. The Math Essentials of Appendix A-2 are required in various places. Elementary modular arithmetic (A-2.1) arises in a few sections of Chapter 3 and Chapter 5, while some of the more advanced concepts are required in Chapter 4 and Section 9.5. Permutations (A-2.2) are most prominent in Chapter 3, while elementary discrete probability (A-2.3) appears in several places. The elementary linear algebra in A-2.4 is only required in Section 6.4. Appendix A-3 is only used as a reference for problems in Chapter 3. Just as any large and complex piece of software must have bugs, this book inevitably has errors. I would like to hear about any errors that you find. I will try to maintain a reasonably up-to-data errata on the textbook website. Also, I would appreciate a copy of any software that you develop that is related to the topics in this book. Applets that illustrate algorithms and protocolswould be especially nice.And I d appreciate problems or exercises that you develop and would be willing to share. Finally, don t hesitate to provide any suggestions you might have for future editions of this book. ABOUT THE AUTHOR I ve got more than a dozen years of experience in information security, including extensive work in industry and government. My work experience includes seven years at the National Security Agency followed by two years at a Silicon Valley startup company where I helped design and develop a digital rights management security product. This real-world work was sandwiched between academic jobs. While in academia, my research interests have included a wide variety of security topics. With my return to academia in 2002, I quickly realized that none of the available security textbooks had much connection with the real world. I felt that I could write an information security book that would fill this gap, while also containing information that is vital to the working professional. I ve honed the material by using the manuscript and notes as the basis for several information security classes I ve taught over the past three years. As a result, I m confident that the book succeeds as a textbook. I also believe that this book will be valuable to working professionals, but then, I m biased. I can say that many of my former students who are now at leading SiliconValley companies tell me that the information they learned in my course has proved useful in the real world. And I certainly wish that a book like this had been available when I worked in industry, since my colleagues and I would have benefitted greatly from it. I do have a life outside of information security. My family includes my lovely wife, Melody, and two great sons, Austin, whose initials areAES, and Miles, whose initials are not DES (thanks to Melody).We enjoy the outdoors, with frequent local trips involving such activities as bicycling, hiking, camping and fishing. I also spend too much time watching cartoons. Another favorite activity of mine is complaining about the absurd price of housing in the San Francisco Bay Area. xix ACKNOWLEDGMENTS My work in information security began when I was in graduate school. I want to thank my thesis advisor, Clyde F. Martin for introducing me to this fascinating subject. In my seven years at NSA, I learned more about security than I could have learned in a lifetime anywhere else. Unfortunately, the people who taught me so much must remain anonymous. At my ill-fated startup company, MediaSnap, Inc., I witnessed firsthand the commercial pressures that all-too-often lead to bad security. In spite of these pressures, we produced a high-quality digital rights management product that was far ahead of its time. I want to thank all at MediaSnap, and especially Joe Pasqua and Paul Clarke, for giving me the chance to work on such a fascinating and challenging project. This book would not have been possible without the students here at San Jose State University who helped me to refine my notes over the past three years. Some of the students who deserve special mention for going above and beyond the call of duty includeWingWong, Martina Simova, Deepali Holankar, Xufen Gao, Neerja Bhatnager, Amit Mathur, Ali Hushyar, Smita Thaker, Subha Rajagopalan, Puneet Mishra, Jianning Yang, Konstantin Skachkov, Jian Dai, Thomas Nikl, Ikai Lan, Thu Nguyen, Samuel Reed,YueWang, David Stillion, EdwardYin, and Randy Fort. Richard Low, a colleague here at SJSU, provided helpful feedback on an early version of the manuscript. David Blockus deserves special mention for givingmedetailed comments on each chapter at a particularly critical juncture in the writing of this book. I want to thank all of the people atWiley who applied their vast expertise to make the book writing process as painless as possible. In particular,Val Moliere, Emily Simmons, and Christine Punzo were all extremely helpful. Of course, all remaining flaws are my responsibility alone. INFORMATION SECURITY PRINCIPLESANDPRACTICE - pawantiwari_3987 - 10-04-2017 to get information about the topic INFORMATION SECURITY full report ,ppt and related topic refer the page link bellow http://seminarsprojects.net/Thread-information-security-threats-in-today%E2%80%99s-organizations http://seminarsprojects.net/Thread-information-security--20424 http://seminarsprojects.net/Thread-information-security-ethical-hacking http://seminarsprojects.net/Thread-information-security-principlesandpractice http://seminarsprojects.net/Thread-information-security-in-electronic-toll-fare-system http://seminarsprojects.net/Thread-information-security-and-attacks http://seminarsprojects.net/Thread-information-security--10205 http://seminarsprojects.net/Thread-information-security-using-steganography |