Book description
The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise.
The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more.
- Chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertise
- Comprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpoints
- Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Dedication
- Foreword
- Preface
- Acknowledgments
- About the Editor
- Contributors
-
Part I: Overview of System and Network Security: A Comprehensive Introduction
-
Chapter 1. Building a Secure Organization
- 1 Obstacles to Security
- 2 Computers are Powerful and Complex
- 3 Current Trend is to Share, Not Protect
- 4 Security isn’t about Hardware and Software
- 5 Ten Steps to Building a Secure Organization
- 6 Preparing for the Building of Security Control Assessments
- 7 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 2. A Cryptography Primer
-
Chapter 3. Detecting System Intrusions
- 1 Introduction
- 2 Monitoring Key Files in the System
- 3 Security Objectives
- 4 0day Attacks
- 5 Good Known State
- 6 Rootkits
- 7 Low Hanging Fruit
- 8 Antivirus Software
- 9 Homegrown Intrusion Detection
- 10 Full-Packet Capture Devices
- 11 Out-of-Band Attack Vectors
- 12 Security Awareness Training
- 13 Data Correlation
- 14 SIEM
- 15 Other Weird Stuff on the System
- 16 Detection
- 17 Network-Based Detection of System Intrusions (DSIs)
- 18 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
-
Chapter 4. Preventing System Intrusions
- 1 So, What is an Intrusion?
- 2 Sobering Numbers
- 3 Know Your Enemy: Hackers versus Crackers
- 4 Motives
- 5 The Crackers’ Tools of the Trade
- 6 Bots
- 7 Symptoms of Intrusions
- 8 What Can You Do?
- 9 Security Policies
- 10 Risk Analysis
- 11 Tools of Your Trade
- 12 Controlling User Access
- 13 Intrusion Prevention Capabilities
- 14 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 5. Guarding Against Network Intrusions
-
Chapter 6. Securing Cloud Computing Systems
- 1 Cloud Computing Essentials: Examining the Cloud Layers
- 2 Software as a Service (SaaS): Managing Risks in the Cloud
- 3 Platform as a Service (PaaS): Securing the Platform
- 4 Infrastructure as a Service (IaaS)
- 5 Leveraging Provider-Specific Security Options
- 6 Achieving Security in a Private Cloud
- 7 Meeting Compliance Requirements
- 8 Preparing for Disaster Recovery
- 9 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
-
Chapter 7. Fault Tolerance and Resilience in Cloud Computing Environments
- 1 Introduction
- 2 Cloud Computing Fault Model
- 3 Basic Concepts on Fault Tolerance
- 4 Different Levels of Fault Tolerance in Cloud Computing
- 5 Fault Tolerance against Crash Failures in Cloud Computing
- 6 Fault Tolerance against Byzantine Failures in Cloud Computing
- 7 Fault Tolerance as a Service in Cloud Computing
- 8 Summary
- Chapter Review Questions/Exercises
- Exercise
- Acknowledgments
- References
- Chapter 8. Securing Web Applications, Services, and Servers
-
Chapter 9. Unix and Linux Security
- 1 Unix and Security
- 2 Basic Unix Security Overview
- 3 Achieving Unix Security
- 4 Protecting User Accounts and Strengthening Authentication
- 5 Limiting Superuser Privileges
- 6 Securing Local and Network File Systems
- 7 Network Configuration
- 8 Improving the Security of Linux and Unix Systems
- 9 Additional Resources
- 10 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 10. Eliminating the Security Weakness of Linux and Unix Operating Systems
- Chapter 11. Internet Security
- Chapter 12. The Botnet Problem
-
Chapter 13. Intranet Security
- 1 Smartphones and Tablets in the Intranet
- 2 Security Considerations
- 3 Plugging the Gaps: NAC and Access Control
- 4 Measuring Risk: Audits
- 5 Guardian at the Gate: Authentication and Encryption
- 6 Wireless Network Security
- 7 Shielding the Wire: Network Protection
- 8 Weakest Link in Security: User Training
- 9 Documenting the Network: Change Management
- 10 Rehearse the Inevitable: Disaster Recovery
- 11 Controlling Hazards: Physical and Environmental Protection
- 12 Know Your Users: Personnel Security
- 13 Protecting Data Flow: Information and System Integrity
- 14 Security Assessments
- 15 Risk Assessments
- 16 Intranet Security Implementation Process Checklist
- 17 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 14. Local Area Network Security
- 1 Identify Network Threats
- 2 Establish Network Access Controls
- 3 Risk Assessment
- 4 Listing Network Resources
- 5 Threats
- 6 Security Policies
- 7 The Incident-Handling Process
- 8 Secure Design Through Network Access Controls
- 9 IDS Defined
- 10 NIDS: Scope and Limitations
- 11 A Practical Illustration of NIDS
- 12 Firewalls
- 13 Dynamic NAT Configuration
- 14 The Perimeter
- 15 Access List Details
- 16 Types of Firewalls
- 17 Packet Filtering: IP Filtering Routers
- 18 Application-Layer Firewalls: Proxy Servers
- 19 Stateful Inspection Firewalls
- 20 NIDS Complements Firewalls
- 21 Monitor and Analyze System Activities
- 22 Signature Analysis
- 23 Statistical Analysis
- 24 Signature Algorithms
- 25 Local Area Network Security Countermeasures Implementation Checklist
- 26 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 15. Wireless Network Security
- Chapter 16. Wireless Sensor Network Security
- Chapter 17. Cellular Network Security
- Chapter 18. RFID Security
- Chapter 19. Optical Network Security
- Chapter 20. Optical Wireless Security
-
Chapter 1. Building a Secure Organization
-
Part II: Managing Information Security
- Chapter 21. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems
- Chapter 22. Security Management Systems
- Chapter 23. Policy-driven System Management
- Chapter 24. Information Technology Security Management
- Chapter 25. Online Identity and User Management Services
-
Chapter 26. Intrusion Prevention and Detection Systems
- 1 What is an ‘Intrusion’ Anyway?
- 2 Physical Theft
- 3 Abuse of Privileges (The Insider Threat)
- 4 Unauthorized Access by Outsider
- 5 Malware Infection
- 6 The Role of the ‘0-Day’
- 7 The Rogue’s Gallery: Attackers and Motives
- 8 A Brief Introduction to TCP/IP
- 9 The TCP/IP Data Architecture and Data Encapsulation
- 10 Survey of Intrusion Detection and Prevention Technologies
- 11 Anti-Malware Software
- 12 Network-Based Intrusion Detection Systems
- 13 Network-Based Intrusion Prevention Systems
- 14 Host-Based Intrusion Prevention Systems
- 15 Security Information Management Systems
- 16 Network Session Analysis
- 17 Digital Forensics
- 18 System Integrity Validation
- 19 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
- Chapter 27. TCP/IP Packet Analysis
- Chapter 28. The Enemy (The Intruder’s Genesis)
- Chapter 29. Firewalls
-
Chapter e29. Firewalls
- 1 Introduction
- 2 Network Firewalls
- 3 Firewall Security Policies
- 4 A Simple Mathematical Model for Policies, Rules, and Packets
- 5 First-Match Firewall Policy Anomalies
- 6 Policy Optimization
- 7 Firewall Types
- 8 Host and Network Firewalls
- 9 Software and Hardware Firewall Implementations
- 10 Choosing the Correct Firewall
- 11 Firewall Placement and Network Topology
- 12 Firewall Installation and Configuration
- 13 Supporting Outgoing Services Through Firewall Configuration
- 14 Secure External Services Provisioning
- 15 Network Firewalls for Voice and Video Applications
- 16 Firewalls and Important Administrative Service Protocols
- 17 Internal IP Services Protection
- 18 Firewall Remote Access Configuration
- 19 Load Balancing and Firewall Arrays
- 20 Highly Available Firewalls
- 21 Firewall Management
- 22 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 30. Penetration Testing
- 1 Introduction
- 2 What is Penetration Testing?
- 3 How Does Penetration Testing Differ from an Actual “Hack?”
- 4 Types of Penetration Testing
- 5 Phases of Penetration Testing
- 6 Defining What’s Expected
- 7 The Need for a Methodology
- 8 Penetration Testing Methodologies
- 9 Methodology in Action
- 10 Penetration Testing Risks
- 11 Liability Issues
- 12 Legal Consequences
- 13 “Get Out of Jail Free” Card
- 14 Penetration Testing Consultants
- 15 Required Skill Sets
- 16 Accomplishments
- 17 Hiring a Penetration Tester
- 18 Why Should a Company Hire You?
- 19 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 31. What is Vulnerability Assessment?
- 1 Introduction
- 2 Reporting
- 3 The “it Won’t Happen to US” Factor
- 4 Why Vulnerability Assessment?
- 5 Penetration Testing Versus Vulnerability Assessment
- 6 Vulnerability Assessment Goal
- 7 Mapping the Network
- 8 Selecting the Right Scanners
- 9 Central Scans Versus Local Scans
- 10 Defense in Depth Strategy
- 11 Vulnerability Assessment Tools
- 12 SARA
- 13 SAINT
- 14 MBSA
- 15 Scanner Performance
- 16 Scan Verification
- 17 Scanning Cornerstones
- 18 Network Scanning Countermeasures
- 19 Vulnerability Disclosure Date
- 20 Proactive Security Versus Reactive Security
- 21 Vulnerability Causes
- 22 Diy Vulnerability Assessment
- 23 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 32. Security Metrics: An Introduction and Literature Review
-
Part III: Cyber, Network, and Systems Forensics Security and Assurance
-
Chapter 33. Cyber Forensics
- 1 What is Cyber Forensics?
- 2 Analysis of Data
- 3 Cyber Forensics in the Court System
- 4 Understanding Internet History
- 5 Temporary Restraining Orders and Labor Disputes
- 6 First Principles
- 7 Hacking a Windows XP Password
- 8 Network Analysis
- 9 Cyber Forensics Applied
- 10 Tracking, Inventory, Location of Files, Paperwork, Backups, and so on
- 11 Testifying as an Expert
- 12 Beginning to End in Court
- 13 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 34. Cyber Forensics and Incident Response
- 1 Introduction to Cyber Forensics
- 2 Handling Preliminary Investigations
- 3 Controlling an Investigation
- 4 Conducting Disk-Based Analysis
- 5 Investigating Information-Hiding Techniques
- 6 Scrutinizing Email
- 7 Validating Email Header Information
- 8 Tracing Internet Access
- 9 Searching Memory in Real Time
- 10 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
- Chapter 35. Securing e-Discovery
- Chapter 36. Network Forensics
-
Chapter 33. Cyber Forensics
-
Part IV: Encryption Technology
-
Chapter 37. Data Encryption
- 1 Need for Cryptography
- 2 Mathematical Prelude to Cryptography
- 3 Classical Cryptography
- 4 Modern Symmetric Ciphers
- 5 Algebraic Structure
- 6 The Internal Functions of Rijndael in AES Implementation
- 7 Use of Modern Block Ciphers
- 8 Public-Key Cryptography
- 9 Cryptanalysis of RSA
- 10 Diffie-Hellman Algorithm
- 11 Elliptic Curve Cryptosystems
- 12 Message Integrity and Authentication
- 13 Triple Data Encryption Algorithm (TDEA) Block Cipher
- 14 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
- Chapter 38. Satellite Encryption
- Chapter 39. Public Key Infrastructure
-
Chapter 39. Public Key Infrastructure
- 1 Cryptographic Background
- 2 Overview of PKI
- 3 The X.509 Model
- 4 X.509 Implementation Architectures
- 5 X.509 Certificate Validation
- 6 X.509 Certificate Revocation
- 7 Server-Based Certificate Validity Protocol
- 8 X.509 Bridge Certification Systems
- 9 X.509 Certificate Format
- 10 PKI Policy Description
- 11 PKI Standards Organizations
- 12 PGP Certificate Formats
- 13 PGP PKI Implementations
- 14 W3C
- 15 Is PKI Secure?
- 16 Alternative PKI Architectures
- 17 Modified X.509 Architectures
- 18 Alternative Key Management Models
- 19 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
- Chapter 40. Password-based Authenticated Key Establishment Protocols
-
Chapter 41. Instant-Messaging Security
- 1 Why Should I Care about Instant Messaging?
- 2 What is Instant Messaging?
- 3 The Evolution of Networking Technologies
- 4 Game Theory and Instant Messaging
- 5 The Nature of the Threat
- 6 Common IM Applications
- 7 Defensive Strategies
- 8 Instant-Messaging Security Maturity and Solutions
- 9 Processes
- 10 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 37. Data Encryption
-
Part V: Privacy and Access Management
- Chapter 42. Privacy on the Internet
- Chapter 43. Privacy-Enhancing Technologies
-
Chapter 44. Personal Privacy Policies
- 1 Introduction
- 2 Content of Personal Privacy Policies
- 3 Semiautomated Derivation of Personal Privacy Policies
- 4 Specifying Well-Formed Personal Privacy Policies
- 5 Preventing Unexpected Negative Outcomes
- 6 The Privacy Management Model
- 7 Discussion and Related Work
- 8 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 45. Detection of Conflicts in Security Policies
-
Chapter 46. Supporting User Privacy Preferences in Digital Interactions
- 1 Introduction
- 2 Basic Concepts and Desiderata
- 3 Cost-Sensitive Trust Negotiation
- 4 Point-Based Trust Management
- 5 Logical-Based Minimal Credential Disclosure
- 6 Privacy Preferences in Credential-Based Interactions
- 7 Fine-Grained Disclosure of Sensitive Access Policies
- 8 Open Issues
- 9 Summary
- Chapter Review Questions/Exercises
- Exercise
- Acknowledgments
- References
- Chapter 47. Privacy and Security in Environmental Monitoring Systems: Issues and Solutions
- Chapter 48. Virtual Private Networks
- Chapter 49. Identity Theft
- Chapter e49. Identity Theft
- Chapter 50. VoIP Security
-
Part VI: Storage Security
- Chapter 51. SAN Security
-
Chapter e51. SAN Security
- 1 Organizational Structure
- 2 Access Control Lists (ACl) and policies
- 3 Physical Access
- 4 Change Management
- 5 Password Policies
- 6 Defense in Depth
- 7 Vendor Security Review
- 8 Data Classification
- 9 Security Management
- 10 Auditing
- 11 Security Maintenance
- 12 Host Access: Partitioning
- 13 Data Protection: Replicas
- 14 Encryption in Storage
- 15 Application of Encryption
- 16 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
- Chapter 52. Storage Area Networking Security Devices
- Chapter 53. Risk Management
-
Part VII: Physical Security
-
Chapter 54. Physical Security Essentials
- 1 Overview
- 2 Physical Security Threats
- 3 Physical Security Prevention and Mitigation Measures
- 4 Recovery from Physical Security Breaches
- 5 Threat Assessment, Planning, and Plan Implementation
- 6 Example: A Corporate Physical Security Policy
- 7 Integration of Physical and Logical Security
- 8 Physical Security Checklist
- 9 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 55. Disaster Recovery
- Chapter 56. Biometrics
- Chapter 57. Homeland Security
- Chapter e57. Homeland Security
- Chapter 58. Cyber Warfare
-
Chapter 54. Physical Security Essentials
- Part VIII: Practical Security
-
Part IX: Advanced Security
-
Chapter 64. Security Through Diversity
- 1 Ubiquity
- 2 Example Attacks Against Uniformity
- 3 Attacking Ubiquity with Antivirus Tools
- 4 The Threat of Worms
- 5 Automated Network Defense
- 6 Diversity and the Browser
- 7 Sandboxing and Virtualization
- 8 DNS Example of Diversity Through Security
- 9 Recovery from Disaster is Survival
- 10 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 65. Online e-Reputation Management Services
- Chapter 66. Content Filtering
-
Chapter e66. Content Filtering
- 1 Defining the Problem
- 2 Why Content Filtering is Important
- 3 Content Categorization Technologies
- 4 Perimeter Hardware and Software Solutions
- 5 Categories
- 6 Legal Issues
- 7 Circumventing Content Filtering
- 8 Additional Items to Consider: Overblocking and Underblocking
- 9 Related Products
- 10 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 67. Data Loss Protection
- 1 Precursors of DLP
- 2 What is DLP?
- 3 Where to Begin?
- 4 Data is Like Water
- 5 You Don’t Know What You Don’t Know
- 6 How Do DLP Applications Work?
- 7 Eat Your Vegetables
- 8 IT’s a Family Affair, not Just it Security’s Problem
- 9 Vendors, Vendors Everywhere! Who do you Believe?
- 10 Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 68. Satellite Cyber Attack Search and Destroy
- Chapter 69. Verifiable Voting Systems
- Chapter 70. Advanced Data Encryption
-
Chapter 64. Security Through Diversity
-
Part X: Appendices
- Appendix eA. Configuring Authentication Service on Microsoft Windows 7
- Appendix eB. Security Management and Resiliency
- Appendix eC. List of Top Information and Network Security Implementation and Deployment Companies
- Appendix eD. List of Security Products
- Appendix eE. List of Security Standards
- Appendix eF. List of Miscellaneous Security Resources
- Appendix eG. Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security
-
Appendix eH. Configuring Wireless Internet Security Remote Access
- Adding the Access Points as Radius Clients to IAS
- Adding Access Points to the First IAS Server
- Scripting the Addition of Access Points to IAS Server (Alternative Procedure)
- Configuring the Wireless Access Points
- Enabling Secure Wlan Authentication on Access Points
- Additional Settings to Secure Wireless Access Points
- Replicating Radius Client Configuration to Other IAS Servers
- Appendix eI. Frequently Asked Questions
-
Appendix eJ. Case Studies
- 1 Case Study 1: SSL VPN Solution Planning And Implementation
- 2 Challenges
- 3 Solution
- 4 Case Study 2: Cyber Attacks on Critical Infrastructures—A Risk to the Nation
- 5 Challenges
- 6 Solution
- 7 Case Study 3: Department of Homeland Security Battle Insider Threats and Maintain National Cyber Security
- 8 Challenges
- 9 Solution
- 10 Case Study 4: Cyber Security Development Lifecycle
- 11 Challenges
- 12 Solution
- 13 Case Study 5: Cyber Security and Beyond ……
- 14 Challenges
-
Appendix eK. Answers To Review Questions/Exercises, Hands-On Projects, Case Projects And Optional Team Case Project By Chapter
- Chapter 1: Building A Secure Organization
- Chapter 2: A Cryptography Primer
- Chapter 3: Detecting System Intrusions
- Chapter 4: Preventing System Intrusions
- Chapter 5: Guarding Against Network Intrusions
- Chapter 6: Securing Cloud Computing Systems
- Chapter 7: Fault Tolerance and Resilience in Cloud Computing Environments
- Chapter 8: Securing Web Applications, Services and Servers
- Chapter 9: UNIX and Linux Security
- Chapter 10: Eliminating the Security Weakness of Linux and UNIX Operating Systems
- Chapter 11: Internet Security
- Chapter 12: The Botnet Problem
- Chapter 13: Intranet Security
- Chapter 14: Local Area Network Security
- Chapter 15: Wireless Network Security
- Chapter 16: Wireless Sensor Network Security
- Chapter 17: Cellular Network Security
- Chapter 18: RFID Security
- Chapter 19: Optical Network Security
- Chapter 20: Optical Wireless Security
- Chapter 21: Information Security Essentials for IT Managers: Protecting Mission-Critical Systems
- Chapter 22: Security Management Systems
- Chapter 23: Policy-Driven System Management
- Chapter 24: Information Technology Security Management
- Chapter 25: Online Identity and User Management Services
- Chapter 26: Intrusion Detection And Prevention Systems
- Chapter 27: TCP/IP Packet Analysis
- Chapter 28: The Enemy (The Intruder’s Genesis)
- Chapter 29: Firewalls
- Chapter 30: Penetration Testing
- Chapter 31: Building A Secure Organization
- Chapter 32: Security Metrics: An Introduction and Literature Review
- Chapter 33: Cyber Forensics
- Chapter 34: Cyber Forensics And Incident Response
- Chapter 35: Secure E-Discovery
- Chapter 36: Network Forensics
- Chapter 37: Data Encryption
- Chapter 38: Satellite Encryption
- Chapter 39: Public Key Infrastructure
- Chapter 40: Password-based Authenticated Key Establishment Protocols
- Chapter 41: Instant-Messaging Security
- Chapter 42: Privacy On The Internet
- Chapter 43: Physical Security Essentials
- Chapter 44: Personal Privacy Policies
- Chapter 45: Detection Of Conflicts In Security Policies
- Chapter 46: Supporting User Privacy Preferences in Digital Interactions
- Chapter 47: Physical Security Essentials
- Chapter 48: Virtual Private Networks
- Chapter 49: Identity Theft
- Chapter 50: Physical Security Essentials
- Chapter 51: SAN Security
- Chapter 52: Storage Area Networking Security Devices
- Chapter 53: Risk Management
- Chapter 54: Physical Security Essentials
- Chapter 55: Disaster Recovery
- Chapter 56: Biometrics
- Chapter 57: Homeland Security
- Chapter 58: Cyber Warefare
- Chapter 59: Systems Security
- Chapter 60: Securing The Infrastructure
- Chapter 61: Access Controls
- Chapter 62: Assessments And Audits
- Chapter 63: Fundamentals Of Cryptography
- Chapter 64: Security Through Diversity
- Chapter 65: Online e-Reputation Management Services
- Chapter 66: Content Filtering
- Chapter 67: Data Loss Protection
- Chapter 68: Satellite Cyber Attack Search And Destroy
- Chapter 69: Verifiable Voting Systems
- Chapter 70: Advanced Data Encryption
- Appendix eL. Glossary
- Index
Product information
- Title: Computer and Information Security Handbook, 2nd Edition
- Author(s):
- Release date: November 2012
- Publisher(s): Morgan Kaufmann
- ISBN: 9780123946126
You might also like
book
Computer and Information Security Handbook
Presents information on how to analyze risks to your networks and the steps needed to select …
book
Computer and Information Security Handbook, 3rd Edition
Computer and Information Security Handbook, Third Edition, provides the most current and complete reference on computer …
book
Information Security Handbook
Implement information security effectively as per your organization's needs. About This Book Learn to build your …
book
Computer Security Handbook, Fifth Edition
The classic and authoritative reference in the field of computer security, now completely updated and revised. …