William Stallings - Computer Security: Principles and Practice, 4/e

Principles and Practice

Fourth Edition

Director, Portfolio Management: Engineering, Computer Science & Global Editions: Julian Partridge

Specialist, Higher Ed Portfolio Management: Tracy Johnson (Dunkelberger)

Portfolio Management Assistant: Meghan Jacoby

Managing Content Producer: Scott Disanno

Content Producer: Robert Engelhardt

Web Developer: Steve Wright

Rights and Permissions Manager: Ben Ferrini

Manufacturing Buyer, Higher Ed, Lake Side Communications Inc (LSC): Maura Zaldivar-Garcia

Inventory Manager: Ann Lam

Product Marketing Manager: Yvonne Vannatta

Field Marketing Manager: Demetrius Hall

Marketing Assistant: Jon Bryant

Cover Designer: Marta Samsel

Cover Photo: E+/Getty Images

Full-Service Project Management: Kirthika Raj, SPi Global

Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on page 755.

Copyright 2018, 2015, 2012, 2008 by Pearson Education, Inc., Pearson Education, Inc., Hoboken, New Jersey 07030 . All rights reserved. Manufactured in the United States of America. This publication is protected by Copyright, and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission(s) to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, Pearson Education, Inc., Hoboken, New Jersey 07030.

Many of the designations by manufacturers and seller to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps.

Library of Congress Cataloging-in-Publication Data

Names: Stallings, William, author. | Brown, Lawrie, author.

Title: Computer security : principles and practice / William Stallings, Lawrie Brown, UNSW Canberra at the Australian Defence Force Academy.

Description: Fourth edition. | Upper Saddle River, New Jersey : Pearson Education, Inc., [2017] | Includes bibliographical references and index.

Identifiers: LCCN 2017025135| ISBN 9780134794105 | ISBN 0134794109

Subjects: LCSH: Computer security. | Computer networks--Security measures.

Classification: LCC QA76.9.A25 S685 2017 | DDC 005.8--dc23 LC record available at https://lccn.loc.gov/2017025135

1 17

ISBN-10: 0-13-479410-9

ISBN-13: 978-0-13-479410-5

For my loving wife, Tricia

WS

To my extended family and friends, who helped make this all possible

LB

Online chapters, appendices, and other documents are Premium Content, available via the access card at the front of this book.

Since the third edition of this book was published, the field has seen continued innovations and improvements. In this new edition, we try to capture these changes while maintaining a broad and comprehensive coverage of the entire field. To begin the process of revision, the third edition of this book was extensively reviewed by a number of professors who teach the subject and by professionals working in the field. The result is that in many places the narrative has been clarified and tightened, and illustrations have been improved.

Beyond these refinements to improve pedagogy and user-friendliness, there have been major substantive changes throughout the book. The most noteworthy changes are as follows:

• Data center security: includes a new discussion of data center security, including the TIA-492 specification of reliability tiers.

• Malware: The material on malware in has been revised to include additional material on macro viruses and their structure, as they are now the most common form of virus malware.

• Virtualization security: The material on virtualization security in has been extended, given the rising use of such systems by organizations and in cloud computing environments. A discussion of virtual firewalls, which may be used to help secure these environments, has also been added.

• Cloud security: includes a new discussion of cloud security. The discussion includes an introduction to cloud computing, key cloud security concepts, an analysis of approaches to cloud security, and an open-source example.

• IoT security: includes a new discussion of security for the Internet of Things (IoT). The discussion includes an introduction to IoT, an overview of IoT security issues, and an open-source example.

• SEIM: The discussion of Security Information and Event Management (SIEM) systems in has been updated.

• Privacy: The section on privacy issues and its management in has been extended with additional discussion of moral and legal approaches, and the privacy issues related to big data.

• Authenticated encryption: Authenticated encryption has become an increasingly widespread cryptographic tool in a variety of applications and protocols. includes a new discussion of authenticated description and describes an important authenticated encryption algorithm known as offset codebook (OCB) mode.

Interest in education in computer security and related topics has been growing at a dramatic rate in recent years. This interest has been spurred by a number of factors, two of which stand out:

1. As information systems, databases, and Internet-based distributed systems and communication have become pervasive in the commercial world, coupled with the increased intensity and sophistication of security-related attacks, organizations now recognize the need for a comprehensive security strategy. This strategy encompasses the use of specialized hardware and software and trained personnel to meet that need.

2. Computer security education, often termed information security education or information assuranceeducation, has emerged as a national goal in the United States and other countries, with national defense and homeland security implications. The NSA/DHS National Center of Academic Excellence in Information Assurance/Cyber Defense is spearheading a government role in the development of standards for computer security education.

Accordingly, the number of courses in universities, community colleges, and other institutions in computer security and related areas is growing.

The objective of this book is to provide an up-to-date survey of developments in computer security. Central problems that confront security designers and security administrators include defining the threats to computer and network systems, evaluating the relative risks of these threats, and developing cost-effective and user friendly countermeasures.