Cyber Security and IT Infrastructure Protection.
Title:
Cyber Security and IT Infrastructure Protection.
Author:
Vacca, John R.
ISBN:
9780124200470
Personal Author:
Physical Description:
1 online resource (381 pages)
Contents:
Front Cover -- Cyber Security and IT Infrastructure Protection -- Copyright Page -- Contents -- Acknowledgements -- About the Editor -- Contributors -- Introduction -- Organization of this Book -- 1. Fault Tolerance and Resilience in Cloud Computing Environments -- 1. Introduction -- 2. Cloud Computing Fault Model -- Cloud Computing Architecture -- Failure Behavior of Servers -- Failure Behavior of the Network -- 3. Basic Concepts on Fault Tolerance -- 4. Different Levels of Fault Tolerance in Cloud Computing -- 5. Fault Tolerance against Crash Failures in Cloud Computing -- 6. Fault Tolerance against Byzantine Failures in Cloud Computing -- 7. Fault Tolerance as a Service in Cloud Computing -- 8. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- Acknowledgments -- References -- 2. Data Encryption -- 1. Need for Cryptography -- Authentication -- Confidentiality -- Integrity -- Nonrepudiation -- 2. Mathematical Prelude to Cryptography -- Mapping or Function -- Probability -- Complexity -- 3. Classical Cryptography -- The Euclidean Algorithm -- The Extended Euclidean Algorithm -- Modular Arithmetic -- Congruence -- Residue Class -- Inverses -- Fundamental Theorem of Arithmetic -- Congruence Relation Defined -- Substitution Cipher -- Transposition Cipher -- 4. Modern Symmetric Ciphers -- S-Box -- P-Boxes -- Product Ciphers -- 5. Algebraic Structure -- Definition Group -- Definitions of Finite and Infinite Groups (Order of a Group) -- Definition Abelian Group -- Examples of a Group -- Definition: Subgroup -- Definition: Cyclic Group -- Rings -- Examples -- Definition: Field -- Examples -- Finite Fields GF(2n) -- Modular Polynomial Arithmetic Over GF(2).
Using a Generator to Represent the Elements of GF(2n) -- GF(23) is a Finite Field -- 6. The Internal Functions of Rijndael in AES Implementation -- Mathematical Preliminaries -- State -- The S-Box (SubByte) -- ShiftRows -- Mixing -- Subkey Addition -- Putting it Together -- Round -- 7. Use of Modern Block Ciphers -- The Electronic Code Book (ECB) -- Cipher-Block Chaining (CBC) -- 8. Public-Key Cryptography -- Review: Number Theory -- Coprimes -- Cardinality of Primes -- Factoring -- Fermat's Little Theorem -- Discrete Logarithm -- Primitive Roots -- 9. Cryptanalysis of RSA -- Factorization Attack -- Discrete Logarithm Problem -- 10. Diffie-Hellman Algorithm -- Diffie-Hellman Problem -- 11. Elliptic Curve Cryptosystems -- An Example -- Addition Formula -- Example of Elliptic Curve Addition -- EC Security -- 12. Message Integrity and Authentication -- Cryptographic Hash Functions -- Preimage Resistance -- Second Preimage Resistance (Weak Collision Resistance) -- Strong Collision Resistance -- Message Authentication -- Digital Signature -- Message Integrity Uses a Hash Function in Signing the Message -- RSA Digital Signature Scheme -- RSA Digital Signature and the Message Digest -- 13. Triple Data Encryption Algorithm (TDEA) Block Cipher -- Applications -- 14. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- References -- 3. Public Key Infrastructure -- 1. Cryptographic Background -- Digital Signatures -- Public Key Encryption -- 2. Overview of PKI -- 3. The X.509 Model -- The History of X.509 -- The X.509 Certificate Model -- 4. X.509 Implementation Architectures -- 5. X.509 Certificate Validation -- Validation Step 1: Construct the Chain and Validate Signatures.
Step 2: Check Validity Dates, Policy and Key Usage -- Step 3: Consult Revocation Authorities -- 6. X.509 Certificate Revocation -- Delta CRLs -- Online Certificate Status Protocol -- 7. Server-Based Certificate Validity Protocol -- 8. X.509 Bridge Certification Systems -- Mesh PKIs and Bridge CAs -- 9. X.509 Certificate Format -- X.509 V1 and V2 Format -- X.509 V3 Format -- X.509 Certificate Extensions -- Authority Key Identifier -- Subject Key Identifier -- Key Usage -- Subject Alternative Name -- Policy Extensions -- Certificate Policy -- Policy Mapping -- Policy Constraints -- 10. PKI Policy Description -- 11. PKI Standards Organizations -- IETF PKIX -- SDSI/SPKI -- IETF OpenPGP -- 12. PGP Certificate Formats -- 13. PGP PKI Implementations -- 14. W3C -- 15. Is PKI Secure? -- 16. Alternative PKI Architectures -- 17. Modified X.509 Architectures -- Perlman and Kaufman's User-Centric PKI -- Guttman's Plug and Play PKI -- Callas' Self-Assembling PKI -- 18. Alternative Key Management Models -- 19. Summary -- Directory Architectures -- Bridge Cas and Revocation Modeling -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- References -- 4. Physical Security Essentials -- 1. Overview -- 2. Physical Security Threats -- Natural Disasters -- Environmental Threats -- Inappropriate Temperature and Humidity -- Fire and Smoke -- Water Damage -- Chemical, Radiological, and Biological Hazards -- Dust -- Infestation -- Technical Threats -- Electrical Power -- Electromagnetic Interference -- Human-Caused Physical Threats -- 3. Physical Security Prevention and Mitigation Measures -- Environmental Threats -- Inappropriate Temperature and Humidity -- Fire and Smoke -- Water Damage -- Other Environmental Threats.
Technical Threats -- Human-Caused Physical Threats -- 4. Recovery from Physical Security Breaches -- 5. Threat Assessment, Planning, and Plan Implementation -- Threat Assessment -- Planning and Implementation -- 6. Example: A Corporate Physical Security Policy -- 7. Integration of Physical and Logical Security -- 8. Physical Security Checklist -- 9. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 5. Disaster Recovery -- 1. Introduction -- 2. Measuring Risk and Avoiding Disaster -- Assessing Risk in the Enterprise -- Steps in the Risk Process -- Matching the Response to the Threat -- 3. The Business Impact Assessment (BIA) -- Identifying Business-Critical Activities -- Specifying Required IT Support from Technical Staff -- Designing Recovery Solutions -- Establishing a Disaster Recovery Site -- Site Choices: Configuration and Acquisition -- Choosing Suppliers: In-House Versus Third Party -- Specifying Equipment -- 4. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 6. Biometrics -- 1. Relevant Standards -- 2. Biometric System Architecture -- Data Capture -- Signal Processing -- Matching -- Data Storage -- Decision -- Adaptation -- 3. Using Biometric Systems -- Enrollment -- Authentication -- Identification -- 4. Security Considerations -- Error Rates -- Doddington's Zoo -- Birthday Attacks -- Comparing Technologies -- Storage of Templates -- 5. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project.
Problem -- 7. Homeland Security -- 1. Statutory Authorities -- The USA PATRIOT Act of 2001 (PL 107-56) -- The Aviation and Transportation Security Act of 2001 (PL 107-71) -- Enhanced Border Security and Visa Entry Reform Act of 2002 (PL 107-173) -- Public Health Security, Bioterrorism Preparedness & Response Act of 2002 (PL 107-188) -- Homeland Security Act of 2002 (PL 107-296) -- E-Government Act of 2002 (PL 107-347) -- 2. Homeland Security Presidential Directives -- 3. Organizational Actions -- Department of Homeland Security Subcomponents -- State and Federal Organizations -- The Governor's Office of Homeland Security -- California Office of Information Security and Privacy Protection -- Private Sector Organizations for Information Sharing -- 4. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-on Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 8. Cyber Warfare -- 1. Cyber Warfare Model -- 2. Cyber Warfare Defined -- 3. CW: Myth or Reality? -- 4. Cyber Warfare: Making CW Possible -- Preparation -- Research -- Reconnaissance -- Vulnerability Enumeration -- Offensive Strategies -- Psychological Weapons -- Technical Weapons -- Vulnerability Databases -- Deployment Tools -- Payloads -- Control Consoles -- Defensive Strategies -- 5. Legal Aspects of CW -- Terrorism and Sovereignty -- Liability Under International Law -- State Responsibility -- Individual Liability -- Remedies Under International Law -- Self-Defense -- International Criminal Court -- Other Remedies -- Developing Countries Response -- 6. Holistic View of Cyber Warfare -- 7. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem.
9. System Security.
Abstract:
This book serves as a security practitioner's guide to today's most crucial issues in cyber security and IT infrastructure. It offers in-depth coverage of theory, technology, and practice as they relate to established technologies as well as recent advancements. It explores practical solutions to a wide range of cyber-physical and IT infrastructure protection issues. Composed of 11 chapters contributed by leading experts in their fields, this highly useful book covers disaster recovery, biometrics, homeland security, cyber warfare, cyber security, national infrastructure security, access controls, vulnerability assessments and audits, cryptography, and operational and organizational security, as well as an extensive glossary of security terms and acronyms. Written with instructors and students in mind, this book includes methods of analysis and problem-solving techniques through hands-on exercises and worked examples as well as questions and answers and the ability to implement practical solutions through real-life case studies. For example, the new format includes the following pedagogical elements: Checklists throughout each chapter to gauge understanding Chapter Review Questions/Exercises and Case Studies Ancillaries: Solutions Manual; slide package; figure files This format will be attractive to universities and career schools as well as federal and state agencies, corporate security training programs, ASIS certification, etc. Chapters by leaders in the field on theory and practice of cyber security and IT infrastructure protection, allowing the reader to develop a new level of technical expertise Comprehensive and up-to-date coverage of cyber security issues allows the reader to remain current and fully informed from multiple viewpoints Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the
material and ability to implement practical solutions.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Electronic Access:
Click to View