Computer Security: Principles and Practice, 4th Edition

William Stallings • Lawrie Brown COMPUTER SECURITY Principles and Practice Pearson Fourth Edition.

[Audio] Computer security measures and controls guarantee the confidentiality, integrity, and availability of information system assets, encompassing hardware, software, firmware, and information undergoing processing, storage, and communication. These measures and controls strive to safeguard sensitive information from unauthorized access, revelation, alteration, or annihilation..

[Audio] Ensuring the confidentiality, integrity, and availability of information system assets, including hardware, software, firmware, and information being processed, stored, and communicated is the concern of computer security. This involves controlling who has access to these assets and what they can do with them once they have gained access. Protecting against unauthorized access, modification, destruction, or disclosure of these assets is also crucial..

[Audio] Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where these designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps..

[Audio] Ensuring the confidentiality, integrity, and availability of information system assets, including hardware, software, firmware, and information being processed, stored, and communicated is the objective of computer security. These assets encompass data, programs, and systems. The purpose is to safeguard them from unauthorized access, use, disclosure, disruption, modification, or destruction..

[Audio] User authentication is a crucial aspect of computer security, ensuring that only authorized users can access a system or resource. There are several methods of digital user authentication, including password-based, token-based, biometric, and remote user authentication. Each method has its own strengths and weaknesses, and a combination of techniques may be used to provide optimal security..

[Audio] Malicious software, also known as malware, is any type of software designed to harm a computer system. This can include viruses, worms, Trojan horses, spyware, adware, and ransomware. Malware can spread through various means such as infected content, vulnerability exploits, social engineering, and email attachments. Once installed, malware can perform various malicious activities like stealing sensitive information, corrupting system files, and disrupting normal system functioning..

[Audio] The Intrusion Detection Exchange Format is used by intrusion detection systems to share information about detected intrusions. This format enables communication between different intrusion detection systems, allowing them to share information about detected attacks. As a result, it facilitates the integration of multiple intrusion detection systems into a single system, thereby enhancing overall security..

[Audio] Operating systems play a crucial role in maintaining the overall security posture of a system. Techniques used to harden operating systems include configuring firewalls, implementing secure protocols, and utilizing intrusion detection systems to prevent unauthorized access. Patch management and software updates are also essential in ensuring the continued security of an operating system. By understanding these concepts, students will be better equipped to design and implement effective security measures for their own systems..

[Audio] Understanding computer security principles and practices requires a strong foundation built upon key terms, review questions, and problems. These elements serve as essential building blocks for a comprehensive education in computer security. Key terms define crucial concepts, enabling students to grasp complex ideas. Review questions help reinforce learning, identifying areas where additional study is necessary. Problems provide hands-on experience in applying theoretical knowledge to practical scenarios. By mastering these fundamental components, students establish a solid foundation for their future studies in computer security..

[Audio] Symmetric encryption protects data confidentiality by encrypting it with a secret key. This type of encryption is fast and efficient, but it requires secure key distribution. Examples include DES and AES..

[Audio] Mobile devices and wireless networks are essential components of modern computing systems, providing users with greater flexibility and mobility. However, they also introduce new security risks. To address these risks, it is necessary to take certain security measures when using mobile devices and wireless networks. These measures include the use of encryption, firewalls, and intrusion detection systems to protect against threats such as hacking and eavesdropping. Additionally, standards organizations like IEEE play a crucial role in developing secure protocols for wireless communication. Furthermore, understanding key terms and reviewing relevant questions is essential for ensuring the security of mobile devices and wireless networks..

[Audio] In this appendix, we have a collection of projects and exercises designed to help students learn computer security principles and practices. These projects cover various aspects of computer security, including hacking, laboratory exercises, security education, research, programming, practical assessments, firewall configuration, case studies, reading and report assignments, and webcasts. This comprehensive set of materials will provide instructors with a valuable resource for teaching computer security concepts..

[Audio] The online chapters and appendices are premium content available through the access card at the front of this book. They cover topics such as the security models of Linux and Windows, vulnerabilities and defenses, cryptographic services, and formal models for computer security. These include chapters on Linux security, Windows and Windows Vista security, and trusted computing and multilevel security..

[Audio] Multilevel security is applied in various ways, including the use of different levels of clearance, need-to-know principles, and compartmentalization. This approach ensures that sensitive information is protected from unauthorized access. Trusted computing and the trusted platform module provide a secure environment for executing software applications. This technology enables users to verify the integrity of their systems and ensure that they are running on a trusted platform. Common criteria for information technology security evaluation provides a framework for evaluating the security of IT systems. This standard helps organizations assess the effectiveness of their security controls and identify areas for improvement. Assurance and evaluation are critical components of any security program. They involve verifying the security controls in place and ensuring that they are functioning correctly..

[Audio] Since the publication of the previous edition, the field of computer security has continued to evolve, with numerous innovations and improvements. We have made significant efforts to capture these changes while maintaining a comprehensive coverage of the entire field. To achieve this, we have extensively reviewed the third edition of this book by professors teaching the subject and professionals working in the field. As a result, the narrative has been clarified and tightened, and illustrations have been improved. Beyond these refinements, we have introduced major substantive changes throughout the book. These changes include discussions on data center security, malware, virtualization security, cloud security, IoT security, SEIM, privacy, and authenticated encryption. These updates aim to provide readers with a broader understanding of the field and its various aspects..

[Audio] Interest in education in computer security and related topics has grown dramatically over the past few years due to two key factors. Firstly, the widespread adoption of information systems, databases, and internet-based technologies has made it essential for organizations to develop comprehensive security strategies involving the use of specialized hardware, software, and trained personnel to mitigate the increasing threat of sophisticated security breaches. Secondly, computer security education has emerged as a national priority in many countries, driven by concerns about national defense and homeland security. The NSA/DHS National Center of Academic Excellence in Information Assurance/Cyber Defense plays a crucial role in establishing standards for computer security education, resulting in more courses being offered in universities, community colleges, and other institutions, focusing on computer security and related topics..

[Audio] This textbook provides comprehensive coverage of the Information Assurance and Security Knowledge Area recommended by the ACM/IEEE Computer Science Curricula 2013. The text covers all Tier 1 and Tier 2 topics and subtopics, as well as many elective topics, ensuring that students receive a thorough understanding of the principles and practices of computer security..

[Audio] When designing a secure system, it's essential to reduce the trusted computing base and minimize the attack surface by using vetted security components. Usable security requires ensuring that security measures do not compromise the usability of the system. Prevention, detection, and deterrence should include input validation and data sanitization. Carefully chosen programming languages and type-safe security programming languages can help avoid common pitfalls like buffer overflows and SQL injection vulnerabilities. Exceptions and unexpected behaviors must be handled correctly, and security updates must be deployed effectively. Finally, it's crucial to consider attacker goals, capabilities, and motivations when designing our systems..

[Audio] This book provides a comprehensive overview of the field of computer security, covering all subject areas specified for CISSP certification. The book's coverage aligns with the eight domains of the Common Body of Knowledge, giving readers a thorough understanding of essential concepts and techniques. The book explores fundamental principles and practices of computer security, including confidentiality, integrity, and availability, security governance, risk management, and compliance. With a focus on practical applications and real-world scenarios, the book prepares students for challenges in the field of computer security. Studying this book enables readers to develop a solid foundation in computer security, protecting sensitive information and ensuring system integrity..

[Audio] Identity and access management is crucial in ensuring the confidentiality, integrity, and availability of information system assets. Controlling physical and logical assets, identifying and authenticating users and devices, and providing identity as a service are essential components of this process. Third-party identity services, access control attacks, and the identity and access provisioning lifecycle must also be considered..

[Audio] Cryptography is a fundamental concept in computer security, encompassing various techniques such as symmetric cryptography, public-key cryptography, hash functions, and digital signatures. These methods ensure secure data transmission and storage, protecting sensitive information from unauthorized access. The book discusses databases, including their overview, access controls, and security concerns related to inference. By understanding these concepts, students will gain a solid foundation in computer security principles and practices..

[Audio] Instructors using this textbook will find a range of resources available to support their teaching. These resources include links to websites for other courses being taught using this book, sign-up information for an internet mailing list for instructors to share information, suggestions, and questions with each other and with the author. Additionally, there are student resources available online, including a list of relevant links organized by chapter and an errata sheet for the book. To access these resources, instructors can visit the instructor resource center at www.pearsonhighered.com/stallings or click on the Pearson Resources for Instructors link at the companion website. They can also contact their local Pearson sales representative or call Pearson Faculty Services at 1-800-526-0485..

[Audio] Students will have the opportunity to engage in various projects and exercises that will help them understand the concepts presented in the chapter. These projects and exercises are designed to provide hands-on experience and reinforce the ideas discussed in the chapter. By working on these projects and exercises, students will be able to apply what they have learned and develop a deeper understanding of the subject matter..

[Audio] In this section, we offer various exercises and projects that accommodate different learning styles and preferences. Hands-on labs, research projects, programming projects, practical security assessments, firewall projects, case studies, reading/report assignments, and writing assignments are included. Each component provides a distinct chance for students to interact with the material and develop their computer security skills. By integrating these exercises into the course, instructors can establish a dynamic and interactive learning environment that caters to the diverse needs of their students..

[Audio] In this slide, we will discuss the various notations used in computer security. The notation for symmetric decryption, denoted as D, stands for the process of decrypting ciphertext using a secret key, represented as K. This ensures confidentiality of data. The notation for asymmetric decryption, denoted as D, stands for the process of decrypting ciphertext using a user's private key. This ensures authenticity and confidentiality of data. The notation for symmetric encryption, denoted as E, stands for the process of encrypting plaintext using a secret key, represented as K. This ensures confidentiality of data. The notation for asymmetric encryption, denoted as E, stands for the process of encrypting plaintext using a user's private key. This ensures authenticity and confidentiality of data. The notations for the public and private keys of a user, denoted as PUa and PRa respectively, are used in the asymmetric encryption and decryption processes to ensure data security. The notation for the hash function, denoted as H, generates a unique code for a message, ensuring data integrity. Symbols for logical operations, denoted as +, 'x', ∨ and ∩, are used for logical operations such as OR, AND, and intersection, to perform data analysis and access control. The notation | | represents the magnitude of a database, measuring the number of records that satisfy a query. These notations are essential in understanding the principles and practices of computer security..

[Audio] William Stallings has authored 18 textbooks, counting revised editions, a total of 70 books on various aspects of computer security. His writings have appeared in numerous ACM and IEEE publications, including the Proceedings of the IEEE and ACM Computing Reviews. He has received the award for the best Computer Science textbook of the year from the Text and Academic Authors Association 13 times. Over 30 years in the field, he has been a technical contributor, technical manager, and executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. Currently, he is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions. He created and maintains the Computer Science Student Resource Site at ComputerScienceStudent.com. This site provides documents and links on a variety of subjects of general interest to computer science students and professionals. He is a member of the editorial board of Cryptologia, a scholarly journal devoted to all aspects of cryptology..

[Audio] Dr. Lawrie Brown is a visiting senior lecturer in the School of Engineering and Information Technology, UNSW Canberra at the Australian Defence Force Academy. His professional interests include communications and computer systems security and cryptography. He has researched pseudo-anonymous communication, authentication, security and trust issues in Web environments, designed secure remote code execution environments using the functional language Erlang, and implemented the LOKI family of block ciphers. Throughout his career, he has taught courses on cryptography, cybersecurity, data communications, data structures, and programming in Java to both undergraduate and postgraduate students..

[Audio] Computer security is about ensuring that information system assets are protected from unauthorized access, use, disclosure, modification, or destruction. These assets include hardware, software, firmware, and information being processed, stored, and communicated. There are three key objectives that are at the heart of computer security: confidentiality, integrity, and availability. Confidentiality ensures that private or confidential information is not made available or disclosed to unauthorized individuals. Integrity guarantees that information is accurate and reliable. Availability means that information systems are accessible and usable when needed. We will discuss the types of security threats and attacks that must be dealt with, such as data breaches, malware, and denial-of-service attacks. We will also explore how to protect against these threats and attacks..

[Audio] To ensure the confidentiality, integrity, and availability of computer-related assets, it is necessary to identify the types of assets that require protection. These assets include hardware, software, firmware, and information being processed, stored, and communicated. Fundamental security design principles emphasize the importance of protecting sensitive information from unauthorized access, ensuring data accuracy and reliability, and guaranteeing system accessibility when needed. Attack surfaces refer to the points where an attacker could potentially exploit vulnerabilities in a system, while attack trees represent the various ways an attacker could use these vulnerabilities to launch an attack. A comprehensive security strategy involves considering all aspects of security, including prevention, detection, and response, by implementing measures to prevent attacks, detecting anomalies and intrusions, and responding quickly and effectively to incidents..

[Audio] Computer security measures and controls ensure that information system assets, including hardware, software, firmware, and information being processed, stored, and communicated, maintain their confidentiality, integrity, and availability. These three objectives - confidentiality, integrity, and availability - form the foundation of computer security, covering aspects such as data confidentiality, data integrity, system integrity, privacy, and prompt system functioning. The CIA triad represents the essential security goals for data and information systems, encompassing the principles of controlling access to sensitive information, preventing unauthorized modifications, and guaranteeing uninterrupted system performance..

[Audio] Confidentiality preserves authorized restrictions on information access and disclosure, integrity guards against improper information modification or destruction, and availability ensures timely and reliable access to and use of information. These three objectives are characterized by FIPS 199 in terms of requirements and definitions of a loss of security in each category. Confidentiality is about preserving authorized restrictions on information access and disclosure, integrity is about guarding against improper information modification or destruction, and availability is about ensuring timely and reliable access to and use of information..

[Audio] Confidentiality, integrity, and availability are essential components of maintaining the security of information systems. Student grade information is highly confidential and should only be accessible to authorized individuals. Student enrollment information, while less sensitive than grade information, still requires moderate confidentiality. These examples highlight the significance of confidentiality, integrity, and availability in securing information systems. By recognizing the varying levels of impact, organizations can better safeguard their assets and maintain stakeholder trust..

[Audio] Confidentially rated information, when disclosed, results in less damage than if it remained secret. Directory information, such as lists of students or faculty members, may be assigned a low confidentiality rating or even no rating because it is typically publicly available and published on a school's website. Ensuring the accuracy and trustworthiness of information is crucial, as seen in the case of a hospital patient's allergy information, which must be reliable and up-to-date for doctors to rely on. If an employee intentionally falsifies this information to harm the hospital, the database must be restored to its original state, and the responsible individual must be identified. Patient allergy information has a high integrity requirement because inaccurate information could lead to serious harm or even death. In contrast, a website offering a discussion forum for registered users may require moderate integrity due to the possibility of falsified entries or defacement. An anonymous online poll, however, has a low integrity requirement since its accuracy and scientific value are already questionable..

[Audio] Computer security is a complex field because it involves considering multiple factors and anticipating potential attacks. It's not enough to simply implement a security mechanism; we must also think about how it could be exploited. Additionally, security is not always intuitive, and it may take subtle reasoning to understand why certain measures are necessary. Furthermore, deciding where to apply security mechanisms can be challenging, especially when considering physical and logical placement. Finally, security relies heavily on the creation, distribution, and protection of secret information, which adds another layer of complexity..

[Audio] William Stallings and Lawrie Brown are authors of the book "Computer Security: Principles and Practice". They define computer security as measures and controls that ensure confidentiality, integrity, and availability of information system assets. Confidentiality ensures that private or confidential information is not made available or disclosed to unauthorized individuals. Integrity ensures that information is accurate and reliable. Availability means that information is accessible and usable when needed..

[Audio] A security policy is a set of criteria that outlines the rules and guidelines for providing security services. It defines what needs to be done to maintain a secure environment for systems and data. This policy serves as a constraint on the activities of a data processing facility, ensuring that all actions taken within the organization align with the defined security goals..

[Audio] In the context of security, our concern is with the vulnerabilities of system resources. These vulnerabilities can take several forms. The system can be corrupted, so it does the wrong thing or gives wrong answers. This could happen if stored data values are modified in an improper manner. Alternatively, the system can become leaky, allowing unauthorized access to information. Or, the system can become unavailable or very slow, making it difficult or impossible to use. These three types of vulnerability correspond to the concepts of integrity, confidentiality, and availability. Correspondingly, there are threats that can exploit these vulnerabilities. A threat represents a potential security harm to an asset. An attack is a threat that is carried out, leading to an undesirable violation of security. There are different types of attacks, including active and passive attacks, and inside and outside attacks. Countermeasures can be used to deal with these attacks, aiming to prevent, detect, or recover from them. However, even with countermeasures in place, residual vulnerabilities may still exist, introducing a level of risk to the assets..

[Audio] The table indicates that there are four primary types of threat consequences. When an attack occurs, one of these consequences will arise. Let's examine each type closely. Unauthorized disclosure refers to the direct release of sensitive data to an unauthorized entity. This can happen through exposure, interception, inference, intrusion, or deception. For instance, if someone intercepts an email containing confidential information, they will gain unauthorized access to that data. Similarly, if someone infers the contents of a message by analyzing its characteristics, they will also gain unauthorized access. Intrusion occurs when an attacker bypasses a system's security measures to access sensitive data. Deception, on the other hand, involves pretending to be an authorized entity to gain access to a system or data. All these situations pose a significant risk to the confidentiality, integrity, and availability of our assets..

[Audio] Deception is a threat to either system integrity or data integrity. The types of attacks that can result in this threat consequence include masquerade, falsification, repudiation, disruption, obstruction, usurpation, and misuse. These attacks can lead to unauthorized disclosure, which poses a threat to confidentiality..

[Audio] Deception poses a significant danger to the integrity of both systems and data. There are various forms of deception attacks that can have detrimental consequences. For instance, masquerade, falsification, and repudiation are all examples of attacks that can compromise the integrity of systems or data. Such attacks can be carried out by unauthorized individuals pretending to be authorized users or through deceptive software that appears to have a useful purpose but in reality gains unauthorized access to system resources. These types of attacks can also cause disruptions, corruption, and obstruction to system availability and operation. Additionally, there are other threats to the integrity of systems and data, such as usurpation, misuse, incapacitation, corruption, obstruction, and disruption, which can be launched by hackers, malware, or other malicious parties. In order to safeguard against these attacks, it is crucial to implement robust security measures..

[Audio] In this section, we will discuss the assets of a computer system, which can be categorized into four main categories: hardware, software, data, and communication lines and networks. Hardware refers to the physical components of a computer system, such as equipment, devices, and peripherals. Software refers to the programs and operating systems that run on a computer system. Data refers to the information stored, processed, and transmitted within a computer system. Communication lines and networks refer to the infrastructure used to transmit data between systems. The integrity, confidentiality, and availability of these assets are crucial, as their malfunction, unauthorized access, or disruption can significantly impact the overall performance of a computer system..

[Audio] Software programs can be attacked in several ways. They can be copied, deleted, or modified to cause them to fail or behave unexpectedly. Unauthorized copies of software can be made to cause the original program to malfunction or perform unintended tasks. Similarly, existing files can be modified or deleted, denying access to users. New files can even be fabricated, revealing underlying data. Furthermore, messages can be destroyed, read, or modified, disrupting communication. Network traffic patterns can be observed, and false messages can be fabricated, rendering networks unavailable. Hardware is another area where attacks can occur. Equipment can be damaged accidentally or intentionally, leading to unavailability. Personal computers and workstations, as well as local area networks, increase the risk of such attacks. Even USB drives can be stolen, compromising confidentiality. To address these threats, physical and administrative security measures are necessary..

[Audio] Confidentiality, integrity, and availability are the three main objectives of computer security. Confidentiality ensures that private or confidential information is not made available or disclosed to unauthorized individuals. Integrity guards against improper information modification or destruction, ensuring information nonrepudiation and authenticity. Availability ensures timely and reliable access to and use of information. Data security encompasses all these aspects, including protecting against data loss or destruction, preventing unauthorized access, and ensuring data accuracy and integrity. These concerns are crucial for individuals, groups, and businesses controlling data files and databases. Data security safeguards sensitive information, maintains trust, and protects reputations, playing a vital role in ensuring the continuity of operations and maintaining public confidence. As technology advances, data security must evolve to address emerging threats and vulnerabilities..

[Audio] Encryption is used to mask the contents of messages or other information traffic, making it impossible for an opponent to extract the information even if they capture the message. Although encryption protection is in place, an opponent may still be able to observe the pattern of these messages, such as identifying the location and identity of communicating hosts and noting the frequency and length of messages being exchanged. This information can be useful in guessing the nature of the communication. Passive attacks are challenging to detect because they do not alter the data. They often occur normally, and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. Encryption prevents the success of these attacks..

[Audio] It is essential to detect potential threats to our computer systems because it allows us to identify and respond to incidents quickly, preventing them from occurring in the first place. Detection plays a crucial role in ensuring the continuity of our operations, enabling us to take corrective action and minimize the impact of disruptions. Having a detection mechanism in place serves as a deterrent, encouraging would-be attackers to think twice before launching an attack. By detecting potential threats early on, we can reduce the likelihood of successful breaches and maintain the trustworthiness of our systems..

[Audio] Functional requirements refer to the necessary conditions or attributes that must be present in order to achieve a specific goal or objective. In the context of computer security, functional requirements are essential because they define what needs to be done to protect the confidentiality, integrity, and availability of information systems and the information processed, stored, and transmitted by those systems. The Federal Information Processing Standards Publication 200, also known as FIPS 200, outlines 17 security-related areas that must be considered when designing and implementing secure information systems. These areas include access control, awareness and training, audit and accountability, certification, accreditation, and security assessments, configuration management, incident response, media protection, network security, personnel security, physical security, risk management, security planning, system and communication protection, system and information integrity, and system maintenance. Each of these areas represents a critical component of a comprehensive security plan, and they must be carefully considered and implemented in order to ensure the security of information systems. By understanding the functional requirements outlined in FIPS 200, organizations can better design and implement secure information systems that meet the needs of their stakeholders while minimizing the risk of security breaches and other security incidents..

[Audio] William Stallings and Lawrie Brown's book "Computer Security: Principles and Practice" discusses the concept of computer security. According to the National Institute of Standards and Technology (NIST), computer security refers to measures and controls that ensure the confidentiality, integrity, and availability of information system assets. These assets include hardware, software, firmware, and information being processed, stored, and communicated. The book highlights the importance of confidentiality, which involves ensuring that private or confidential information is not made available or disclosed to unauthorized individuals..

[Audio] Information systems should employ system development life cycle processes that incorporate information security considerations. This involves considering security throughout the entire process of developing and implementing an information system, from initial planning to final deployment. This includes designing and developing the system with security in mind, implementing and testing security controls during the development process, limiting the potential impact of security breaches through software usage and installation restrictions, and ensuring that third-party providers employ adequate security measures to protect information, applications, and/or services outsourced from the organization. Additionally, organizational communications should be monitored, controlled, and protected at the external boundaries and key internal boundaries of the information systems, using architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational information systems..