Information Security. Mark Stamp
Чтение книги онлайн.
Читать онлайн книгу Information Security - Mark Stamp страница 9
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA
Editorial Office
111 River Street, Hoboken, NJ 07030, USA
For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.
Wiley also publishes its books in a variety of electronic formats and by print‐o‐-demand. Some content that appears in standard print versions of this book may not be available in other formats.
Limit of Liability/Disclaimer of Warranty
The contents of this work are intended to further general scientific research, understanding, and discussion only and are not intended and should not be relied upon as recommending or promoting scientific method, diagnosis, or treatment by physicians for any particular patient. In view of ongoing research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of medicines, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each medicine, equipment, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
Library of Congress Cataloging‐in‐Publication Data Applied for:
ISBN: 9781119505907
Cover Design: Wiley
Cover Image: © loops7/Getty Images
To Miles, Austin, and Melody.
Preface
Please sir or madam won't you read my book?
It took me years to write, won't you take a look?
— Lennon and McCartney
I hate black boxes. My primary goal in writing this book was to illuminate some of those black boxes that are popular in information security books today. On the other hand, I don't want to bore you to death with trivial details—if that's what you want, your can read RFCs. As a result, I'll often ignore details that I deem irrelevant to the point that I'm trying to make. You can judge whether I've struck the proper balance between these two competing goals.
I've strived to keep the presentation moving along so as to cover a broad selection of topics. My objective is to cover each item in just enough detail so that you can appreciate the security issue, while not getting too bogged down in details. I've also attempted to regularly emphasize and reiterate the main points so that crucial information doesn't slip by below the radar screen.
Another goal is to present the topic in a reasonably lively and interesting way. If any computing subject should be exciting and fun, it's information security. Security is happening now, and it's in the news—it's clearly alive and kicking.
I've also tried to inject a little humor. They say that humor is derived from pain, and judging by the quality of the jokes, I'd say that I've definitely led a charmed life. In any case, most of the bad jokes are in footnotes so they shouldn't be too distracting.
Some security textbooks offer a large dollop of dry theory. Reading one of those books is about as exciting as reading a calculus textbook. Other books offer a seemingly random collection of apparently unrelated facts, giving the impression that security is not really a coherent subject at all. Then there are books that present the topic as a bunch of high‐level managerial platitudes. Finally, some texts focus on the human factors in security. While all of these approaches have their place, my bias is that, first and foremost, a security engineer must have a solid understanding of the inherent strengths and weaknesses of the underlying technology.
Information security is a huge topic, and unlike more established fields, it's not entirely clear what material should be included in a book like this, or how best to organize it. I've chosen to organize this book around four major themes:
Cryptography
Access Control
Network Security
Software
In my usage, these themes are fairly elastic. For example, under the heading of access control I've included the traditional topics of authentication and authorization, along with such nontraditional topics as CAPTCHAs. The software theme is particularly flexible, and includes such diverse topics as software development, malware, and reverse engineering.
Although this book is focused on practical issues, I've tried to cover enough of the fundamental principles so that you will be prepared for further study in the field. In addition, I've strived to minimize the background requirements as much as possible. In particular, the mathematical formalism has been kept to a bare minimum (the Appendix contains a review of a few essential math topics). Despite this self‐imposed limitation, I believe this book contains more substantive cryptography than most security books out there. The required computer science background is also minimal—an introductory computer organization course (or comparable experience) is more than sufficient. Some programming experience is assumed and a rudimentary knowledge of assembly language would be helpful in a couple of sections, but is not mandatory. Networking basics are covered, so no previous knowledge or experience in that area is assumed.
If you are an information technology professional who's trying to learn more about security, I would suggest that you read the entire book. Most topics are interrelated, and skipping the few that are not would not save much time anyway. Even if are an expert in a particular area, it is worth at least skimming my presentation, as terminology is often used inconsistently in this field, and this book might provide a different perspective than you have seen elsewhere.
If you are teaching a security class, this book might contain slightly more material than can comfortably be covered in a one‐semester course. The schedule that I generally follow in my undergraduate security class appears in Table 1.
Security is not a spectator sport—solving a large number of the homework problems