Und dann auf "Zum Home-Bildschirm [+]".
Stöbern
genialokal zum Startbildschirm hinzufügen
Installieren Sie die genialokal App auf Ihrem Startbildschirm für einen schnellen Zugriff und eine komfortable Nutzung.
Installieren Sie die genialokal App auf Ihrem Startbildschirm für einen schnellen Zugriff und eine komfortable Nutzung.
Clearly explains core concepts, terminology, challenges, technologies, and skills Covers today's latest attacks and countermeasures The perfect beginner's guide for anyone interested in a computer security career Dr. Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started. Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected. This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples reflect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you've learned. Whether you're a student, a professional, or a manager, this guide will help you protect your assets-and expand your career options. LEARN HOW TO - Identify and prioritize potential threats to your network - Use basic networking knowledge to improve security - Get inside the minds of hackers, so you can deter their attacks - Implement a proven layered approach to network security - Resist modern social engineering attacks - Defend against today's most common Denial of Service (DoS) attacks - Halt viruses, spyware, worms, Trojans, and other malware - Prevent problems arising from malfeasance or ignorance - Choose the best encryption methods for your organization - Compare security technologies, including the latest security appliances - Implement security policies that will work in your environment - Scan your network for vulnerabilities - Evaluate potential security consultants - Master basic computer forensics and know what to do if you're attacked - Learn how cyberterrorism and information warfare are evolving
Dr. Chuck Easttom is the author of 26 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 16 computer science patents. He holds a Doctor of Science in cyber security (dissertation topic: a study of lattice-based algorithms for post quantum cryptography) and three master's degrees (one in applied computer science, one in education, and one in systems engineering). He also holds 44 industry certifications (CISSP, CEH, etc.) He is a frequent speaker at cybersecurity, computer science, and engineering conferences. He is a Distinguished Speaker of the ACM and a Senior member of the IEEE and a Senior member of the ACM. Dr. Easttom is also a reviewer for five scientific journals and Editor in Chief for the American Journal of Science and Engineering. You can find out more about Dr. Easttom and his research at www.ChuckEasttom.com.
Introduction xxvi Chapter 1: Introduction to Computer Security 2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 How Seriously Should You Take Threats to Network Security? . . . . . . . . . 4 Identifying Types of Threats . . . . . . . . . . . . . . . . . . . . . . . . 7 Assessing the Likelihood of an Attack on Your Network . . . . . . . . . . . . 16 Basic Security Terminology . . . . . . . . . . . . . . . . . . . . . . . 16 Concepts and Approaches . . . . . . . . . . . . . . . . . . . . . . . . 19 How Do Legal Issues Impact Network Security? . . . . . . . . . . . . . . . 22 Online Security Resources . . . . . . . . . . . . . . . . . . . . . . . . 23 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Chapter 2: Networks and the Internet 32 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Network Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 How the Internet Works . . . . . . . . . . . . . . . . . . . . . . . . . 40 History of the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . 49 Other Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 55 Advanced Network Communications Topics . . . . . . . . . . . . . . . . 56 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Chapter 3: Cyber Stalking, Fraud, and Abuse 66 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 How Internet Fraud Works . . . . . . . . . . . . . . . . . . . . . . . . 67 Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Cyber Stalking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Chapter 4: Denial of Service Attacks 96 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Illustrating an Attack . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Common Tools Used for DoS Attacks . . . . . . . . . . . . . . . . . . . 99 DoS Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Specific DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 102 Real-World Examples of DoS Attacks . . . . . . . . . . . . . . . . . . . 109 How to Defend Against DoS Attacks . . . . . . . . . . . . . . . . . . . 111 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Chapter 5: Malware 120 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 The Buffer-Overflow Attack . . . . . . . . . . . . . . . . . . . . . . . 132 Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Other Forms of Malware . . . . . . . . . . . . . . . . . . . . . . . . 137 Detecting and Eliminating Viruses and Spyware . . . . . . . . . . . . . . 140 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Chapter 6: Techniques Used by Hackers 152 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Basic Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 The Reconnaissance Phase . . . . . . . . . . . . . . . . . . . . . . . 153 Actual Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Malware Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 171 The Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Chapter 7: Industrial Espionage in Cyberspace 182 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 What Is Industrial Espionage? . . . . . . . . . . . . . . . . . . . . . . 183 Information as an Asset . . . . . . . . . . . . . . . . . . . . . . . . 184 Real-World Examples of Industrial Espionage . . . . . . . . . . . . . . . 187 How Does Espionage Occur? . . . . . . . . . . . . . . . . . . . . . . 189 Low-Tech Industrial Espionage . . . . . . . . . . . . . . . . 189 Spyware Used in Industrial Espionage . . . . . . . . . . . . . 193 Steganography Used in Industrial Espionage . . . . . . . . . . . 193 Phone Taps and Bugs . . . . . . . . . . . . . . . . . . . . 194 Protecting Against Industrial Espionage . . . . . . . . . . . . . . . . . . 194 The Industrial Espionage Act . . . . . . . . . . . . . . . . . . . . . . 197 Spear Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Chapter 8: Encryption 206 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Cryptography Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 207 History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Modern Cryptography Methods . . . . . . . . . . . . . . . . . . . . . 216 Public Key (Asymmetric) Encryption . . . . . . . . . . . . . . . . . . . 223 PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Legitimate Versus Fraudulent Encryption Methods . . . . . . . . . . . . . 229 Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 MAC and HMAC . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Cryptography Used on the Internet . . . . . . . . . . . . . . . . . . . . 236 Quantum Computing Cryptography . . . . . . . . . . . . . . . . . . . 237 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Chapter 9: Computer Security Technology 244 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Antispyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 SSL/TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . 268 Wi-Fi Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Chapter 10: Security Policies 278 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 What Is a Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . 280 Defining System Administration Policies . . . . . . . . . . . . . . . . . . 287 New Employees . . . . . . . . . . . . . . . . . . . . . . . 287 Departing Employees . . . . . . . . . . . . . . . . . . . . 287 Change Requests . . . . . . . . . . . . . . . . . . . . . . 288 Security Breaches . . . . . . . . . . . . . . . . . . . . . . 290 Virus Infection . . . . . . . . . . . . . . . . . . . . . . . 290 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . 291 Intrusion by a Hacker . . . . . . . . . . . . . . . . . . . . 291 Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . 292 Development Policies . . . . . . . . . . . . . . . . . . . . . . . . . 293 Standards, Guidelines, and Procedures . . . . . . . . . . . . . . . . . . 294 Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Important Laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Chapter 11: Network Scanning and Vulnerability Scanning 306 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 Basics of Assessing a System . . . . . . . . . . . . . . . . . . . . . . 307 Securing Computer Systems . . . . . . . . . . . . . . . . . . . . . . 315 Scanning Your Network . . . . . . . . . . . . . . . . . . . . . . . . 321 Getting Professional Help . . . . . . . . . . . . . . . . . . . . . . . . 330 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Chapter 12: Cyber Terrorism and Information Warfare 342 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342 Actual Cases of Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 343 Weapons of Cyber Warfare . . . . . . . . . . . . . . . . . . . . . . . 345 Economic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 Military Operations Attacks . . . . . . . . . . . . . . . . . . . . . . . 350 General Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Supervisory Control and Data Acquisitions (SCADA) . . . . . . . . . . . . . 351 Information Warfare . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Actual Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Future Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Defense Against Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 362 Terrorist Recruiting and Communication . . . . . . . . . . . . . . . . . . 362 TOR and the Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . 363 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 Chapter 13: Cyber Detective 370 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 General Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Court Records and Criminal Checks . . . . . . . . . . . . . . . . . . . 375 Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Chapter 14: Introduction to Forensics 386 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 General Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . 397 Finding Evidence in System Logs . . . . . . . . . . . . . . . . . . . . 398 Getting Back Deleted Files . . . . . . . . . . . . . . . . . . . . . . . 399 Operating System Utilities . . . . . . . . . . . . . . . . . . . . . . . 402 The Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . 404 Mobile Forensics: Cell Phone Concepts . . . . . . . . . . . . . . . . . . 408 The Need for Forensic Certification . . . . . . . . . . . . . . . . . . . . 413 Expert Witnesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Additional Types of Forensics . . . . . . . . . . . . . . . . . . . . . . 415 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 Chapter 15: Cybersecurity Engineering 422 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Defining Cybersecurity Engineering . . . . . . . . . . . . . . . . . . . . 423 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 Glossary 442 Appendix A: Resources 448 Appendix B: Answers to the Multiple Choice Questions 450 9780135774779, TOC, 8/15/19
