top

  Info

  • Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.

  Info

  • Utilizzare questo link per rimuovere la selezione effettuata.

Biblioteca

MARC Lista (tabellare)
CompTIA security+ deluxe study guide [[electronic resource] /] / Emmett Dulaney
CompTIA security+ deluxe study guide [[electronic resource] /] / Emmett Dulaney
Autore Dulaney Emmett A
Edizione [2nd ed.]
Pubbl/distr/stampa Indianapolis, : Wiley Pub., Inc., c2011
Descrizione fisica 1 online resource (703 p.)
Disciplina 005.8
Soggetto topico Electronic data processing personnel - Certification
Computer security - Examinations
Computer networks - Security measures - Examinations
ISBN 1-283-40073-1
9786613400734
1-118-11366-7
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto CompTIA Discount Coupon; CompTIA Security+ Deluxe Study Guide; Contents; Foreword; Introduction; Assessment Test; Answers to Assessment Test; Chapter 1: Measuring and Weighing Risk; Risk Assessment; Developing Policies, Standards, and Guidelines; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 2: Infrastructure and Connectivity; Mastering TCP/IP; Distinguishing between Security Topologies; Understanding Infrastructure Security; Understanding the Different Network Infrastructure Devices; Understanding Remote Access; Summary; Exam Essentials; Review Questions
Answers to Review QuestionsChapter 3: Protecting Networks; Monitoring and Diagnosing Networks; Understanding Intrusion Detection Systems; Understanding Protocol Analyzers; Securing Workstations and Servers; Securing Internet Connections; Understanding Network Protocols; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 4: Threats and Vulnerabilities; Understanding Software Exploitation; Surviving Malicious Code; Calculating Attack Strategies; Recognizing Common Attacks; Identifying TCP/IP Security Concerns; Summary; Exam Essentials; Review Questions
Answers to Review QuestionsChapter 5: Access Control and Identity Management; Access Control Basics; Understanding Remote Access Connectivity; Understanding Authentication Services; Understanding Access Control; Implementing Access Control Best Practices; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 6: Educating and Protecting the User; Understanding Security Awareness and Training; Classifying Information; Information Access Controls; Complying with Privacy and Security Regulations; Understanding Social Engineering; Summary; Exam Essentials
Review QuestionsAnswers to Review Questions; Chapter 7: Operating System and Application Security; Hardening the Operating System; Application Hardening; Working with Data Repositories; Host Security; Mobile Devices; Best Practices for Security; Attack Types to Be Aware Of; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 8: Cryptography Basics; An Overview of Cryptography; Understanding Cryptographic Algorithms; Using Cryptographic Systems; Understanding Cryptography Standards and Protocols; Summary; Exam Essentials; Review Questions
Answers to Review QuestionsChapter 9: Cryptography Implementation; Using Public Key Infrastructure; Preparing for Cryptographic Attacks; Understanding Key Management and the Key Life Cycle; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 10: Physical and Hardware-Based Security; Implementing Access Control; Maintaining Environmental and Power Controls; Fire Suppression; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 11: Security and Vulnerability in the Network; Network Security Threats
Secure Network Administration Principles
Record Nr. UNINA-9910781856503321
Dulaney Emmett A  
Indianapolis, : Wiley Pub., Inc., c2011
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui
CompTIA security+ deluxe study guide / / Emmett Dulaney
CompTIA security+ deluxe study guide / / Emmett Dulaney
Autore Dulaney Emmett A
Edizione [2nd ed.]
Pubbl/distr/stampa Indianapolis, : Wiley Pub., Inc., c2011
Descrizione fisica 1 online resource (703 p.)
Disciplina 005.8
Soggetto topico Electronic data processing personnel - Certification
Computer security - Examinations
Computer networks - Security measures - Examinations
ISBN 1-283-40073-1
9786613400734
1-118-11366-7
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto CompTIA Discount Coupon; CompTIA Security+ Deluxe Study Guide; Contents; Foreword; Introduction; Assessment Test; Answers to Assessment Test; Chapter 1: Measuring and Weighing Risk; Risk Assessment; Developing Policies, Standards, and Guidelines; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 2: Infrastructure and Connectivity; Mastering TCP/IP; Distinguishing between Security Topologies; Understanding Infrastructure Security; Understanding the Different Network Infrastructure Devices; Understanding Remote Access; Summary; Exam Essentials; Review Questions
Answers to Review QuestionsChapter 3: Protecting Networks; Monitoring and Diagnosing Networks; Understanding Intrusion Detection Systems; Understanding Protocol Analyzers; Securing Workstations and Servers; Securing Internet Connections; Understanding Network Protocols; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 4: Threats and Vulnerabilities; Understanding Software Exploitation; Surviving Malicious Code; Calculating Attack Strategies; Recognizing Common Attacks; Identifying TCP/IP Security Concerns; Summary; Exam Essentials; Review Questions
Answers to Review QuestionsChapter 5: Access Control and Identity Management; Access Control Basics; Understanding Remote Access Connectivity; Understanding Authentication Services; Understanding Access Control; Implementing Access Control Best Practices; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 6: Educating and Protecting the User; Understanding Security Awareness and Training; Classifying Information; Information Access Controls; Complying with Privacy and Security Regulations; Understanding Social Engineering; Summary; Exam Essentials
Review QuestionsAnswers to Review Questions; Chapter 7: Operating System and Application Security; Hardening the Operating System; Application Hardening; Working with Data Repositories; Host Security; Mobile Devices; Best Practices for Security; Attack Types to Be Aware Of; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 8: Cryptography Basics; An Overview of Cryptography; Understanding Cryptographic Algorithms; Using Cryptographic Systems; Understanding Cryptography Standards and Protocols; Summary; Exam Essentials; Review Questions
Answers to Review QuestionsChapter 9: Cryptography Implementation; Using Public Key Infrastructure; Preparing for Cryptographic Attacks; Understanding Key Management and the Key Life Cycle; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 10: Physical and Hardware-Based Security; Implementing Access Control; Maintaining Environmental and Power Controls; Fire Suppression; Summary; Exam Essentials; Review Questions; Answers to Review Questions; Chapter 11: Security and Vulnerability in the Network; Network Security Threats
Secure Network Administration Principles
Record Nr. UNINA-9910810662203321
Dulaney Emmett A  
Indianapolis, : Wiley Pub., Inc., c2011
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui
Cyber security policy guidebook [[electronic resource] /] / Jennifer L. Bayuk ... [et al.]
Cyber security policy guidebook [[electronic resource] /] / Jennifer L. Bayuk ... [et al.]
Edizione [First edition]
Pubbl/distr/stampa Hoboken, N.J., : Wiley, c2012
Descrizione fisica 1 online resource (xvi, 270 pages) : illustrations
Disciplina 005.8
Altri autori (Persone) BayukJennifer L
Soggetto topico Information technology - Government policy
Computer security - Government policy
Data protection - Government policy
ISBN 1-299-18932-6
1-118-24132-0
1-118-24153-3
1-118-24148-7
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto Cyber Security Policy Guidebook; Contents; Foreword; Preface; Acknowledgments; 1: Introduction; 1.1 What Is Cyber Security?; 1.2 What Is Cyber Security Policy?; 1.3 Domains of Cyber Security Policy; 1.3.1 Laws and Regulations; 1.3.2 Enterprise Policy; 1.3.3 Technology Operations; 1.3.4 Technology Configuration; 1.4 Strategy versus Policy; 2: Cyber Security Evolution; 2.1 Productivity; 2.2 Internet; 2.3 e-Commerce; 2.4 Countermeasures; 2.5 Challenges; 3: Cyber Security Objectives; 3.1 Cyber Security Metrics; 3.2 Security Management Goals; 3.3 Counting Vulnerabilities; 3.4 Security Frameworks
3.4.1 e-Commerce Systems3.4.2 Industrial Control Systems; 3.4.3 Personal Mobile Devices; 3.5 Security Policy Objectives; 4: Guidance for Decision Makers; 4.1 Tone at the Top; 4.2 Policy as a Project; 4.3 Cyber Security Management; 4.3.1 Arriving at Goals; 4.3.2 Cyber Security Documentation; 4.4 Using the Catalog; 5: The Catalog Approach; 5.1 Catalog Format; 5.2 Cyber Security Policy Taxonomy; 6: Cyber Security Policy Catalog; 6.1 Cyber Governance Issues; 6.1.1 Net Neutrality; 6.1.2 Internet Names and Numbers; 6.1.3 Copyrights and Trademarks; 6.1.4 Email and Messaging; 6.2 Cyber User Issues
6.2.1 Malvertising6.2.2 Impersonation; 6.2.3 Appropriate Use; 6.2.4 Cyber Crime; 6.2.5 Geolocation; 6.2.6 Privacy; 6.3 Cyber Conflict Issues; 6.3.1 Intellectual Property Theft; 6.3.2 Cyber Espionage; 6.3.3 Cyber Sabotage; 6.3.4 Cyber Warfare; 6.4 Cyber Management Issues; 6.4.1 Fiduciary Responsibility; 6.4.2 Risk Management; 6.4.3 Professional Certification; 6.4.4 Supply Chain; 6.4.5 Security Principles; 6.4.6 Research and Development; 6.5 Cyber Infrastructure Issues; 6.5.1 Banking and Finance; 6.5.2 Health Care; 6.5.3 Industrial Control Systems
7: One Government's Approach to Cyber Security Policy7.1 U.S. Federal Cyber Security Strategy; 7.2 A Brief History of Cyber Security Public Policy Development in the U.S. Federal Government; 7.2.1 The Bombing of New York's World Trade Center on February 26, 1993; 7.2.2 Cyber Attacks against the United States Air Force, March-May 1994: Targeting the Pentagon; 7.2.3 The Citibank Caper, June-October, 1994: How to Catch a Hacker; 7.2.4 Murrah Federal Building, Oklahoma City-April 19, 1995: Major Terrorism Events and Their U.S. Outcomes
7.2.5 President's Commission on Critical Infrastructure Protection-19967.2.6 Presidential Decision Directive 63-1998; 7.2.7 National Infrastructure Protection Center (NIPC) and ISACs-1998; 7.2.8 Eligible Receiver-1997; 7.2.9 Solar Sunrise-1998; 7.2.10 Joint Task Force-Computer Network Defense (JTF-CND)-1998; 7.2.11 Terrorist Attacks against the United States-September 11, 2001 Effects of Catastrophic Events on Transportation System Management and Operations; 7.2.12 U.S. Government Response to the September 11, 2001 Terrorist Attacks; 7.2.13 Homeland Security Presidential Directives
7.2.14 National Strategies
Record Nr. UNINA-9910141299203321
Hoboken, N.J., : Wiley, c2012
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui
Cyber security policy guidebook / / Jennifer L. Bayuk ... [et al.]
Cyber security policy guidebook / / Jennifer L. Bayuk ... [et al.]
Edizione [First edition]
Pubbl/distr/stampa Hoboken, N.J., : Wiley, c2012
Descrizione fisica 1 online resource (xvi, 270 pages) : illustrations
Disciplina 005.8
Altri autori (Persone) BayukJennifer L
Soggetto topico Information technology - Government policy
Computer security - Government policy
Data protection - Government policy
ISBN 1-299-18932-6
1-118-24132-0
1-118-24153-3
1-118-24148-7
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto Cyber Security Policy Guidebook; Contents; Foreword; Preface; Acknowledgments; 1: Introduction; 1.1 What Is Cyber Security?; 1.2 What Is Cyber Security Policy?; 1.3 Domains of Cyber Security Policy; 1.3.1 Laws and Regulations; 1.3.2 Enterprise Policy; 1.3.3 Technology Operations; 1.3.4 Technology Configuration; 1.4 Strategy versus Policy; 2: Cyber Security Evolution; 2.1 Productivity; 2.2 Internet; 2.3 e-Commerce; 2.4 Countermeasures; 2.5 Challenges; 3: Cyber Security Objectives; 3.1 Cyber Security Metrics; 3.2 Security Management Goals; 3.3 Counting Vulnerabilities; 3.4 Security Frameworks
3.4.1 e-Commerce Systems3.4.2 Industrial Control Systems; 3.4.3 Personal Mobile Devices; 3.5 Security Policy Objectives; 4: Guidance for Decision Makers; 4.1 Tone at the Top; 4.2 Policy as a Project; 4.3 Cyber Security Management; 4.3.1 Arriving at Goals; 4.3.2 Cyber Security Documentation; 4.4 Using the Catalog; 5: The Catalog Approach; 5.1 Catalog Format; 5.2 Cyber Security Policy Taxonomy; 6: Cyber Security Policy Catalog; 6.1 Cyber Governance Issues; 6.1.1 Net Neutrality; 6.1.2 Internet Names and Numbers; 6.1.3 Copyrights and Trademarks; 6.1.4 Email and Messaging; 6.2 Cyber User Issues
6.2.1 Malvertising6.2.2 Impersonation; 6.2.3 Appropriate Use; 6.2.4 Cyber Crime; 6.2.5 Geolocation; 6.2.6 Privacy; 6.3 Cyber Conflict Issues; 6.3.1 Intellectual Property Theft; 6.3.2 Cyber Espionage; 6.3.3 Cyber Sabotage; 6.3.4 Cyber Warfare; 6.4 Cyber Management Issues; 6.4.1 Fiduciary Responsibility; 6.4.2 Risk Management; 6.4.3 Professional Certification; 6.4.4 Supply Chain; 6.4.5 Security Principles; 6.4.6 Research and Development; 6.5 Cyber Infrastructure Issues; 6.5.1 Banking and Finance; 6.5.2 Health Care; 6.5.3 Industrial Control Systems
7: One Government's Approach to Cyber Security Policy7.1 U.S. Federal Cyber Security Strategy; 7.2 A Brief History of Cyber Security Public Policy Development in the U.S. Federal Government; 7.2.1 The Bombing of New York's World Trade Center on February 26, 1993; 7.2.2 Cyber Attacks against the United States Air Force, March-May 1994: Targeting the Pentagon; 7.2.3 The Citibank Caper, June-October, 1994: How to Catch a Hacker; 7.2.4 Murrah Federal Building, Oklahoma City-April 19, 1995: Major Terrorism Events and Their U.S. Outcomes
7.2.5 President's Commission on Critical Infrastructure Protection-19967.2.6 Presidential Decision Directive 63-1998; 7.2.7 National Infrastructure Protection Center (NIPC) and ISACs-1998; 7.2.8 Eligible Receiver-1997; 7.2.9 Solar Sunrise-1998; 7.2.10 Joint Task Force-Computer Network Defense (JTF-CND)-1998; 7.2.11 Terrorist Attacks against the United States-September 11, 2001 Effects of Catastrophic Events on Transportation System Management and Operations; 7.2.12 U.S. Government Response to the September 11, 2001 Terrorist Attacks; 7.2.13 Homeland Security Presidential Directives
7.2.14 National Strategies
Record Nr. UNINA-9910825352603321
Hoboken, N.J., : Wiley, c2012
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui
The death of the internet / / edited by Markus Jakobsson
The death of the internet / / edited by Markus Jakobsson
Edizione [1st ed.]
Pubbl/distr/stampa Hoboken [New Jersey] : , : John Wiley & Sons, , c2012
Descrizione fisica 1 online resource (387 p.)
Disciplina 005.8
Altri autori (Persone) JakobssonMarkus
Soggetto topico Internet - Security measures
Electronic commerce - Security measures
Data protection
Computer crimes
ISBN 1-118-31254-6
1-280-99841-5
9786613770028
1-118-31253-8
1-118-31255-4
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto Foreword xv -- Preface xvii -- Is the Title of this Book a Joke? xix -- Acknowledgments xxi -- Contributors xxiii -- Part I The Problem -- 1 What Could Kill the Internet? And so What? 3 -- 2 It is About People 7 -- 2.1 Human and Social Issues 7 / Markus Jakobsson -- 2.1.1 Nigerian Scams 8 -- 2.1.2 Password Reuse 9 -- 2.1.3 Phishing 11 -- 2.2 Who are the Criminals? 13 / Igor Bulavko -- 2.2.1 Who are they? 13 -- 2.2.2 Where are they? 14 -- 2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers 14 -- 2.2.4 Let's try to Find Parallels in the World we Live in16 -- 2.2.5 Crime and Punishment? 16 -- 3 How Criminals Profit 19 -- 3.1 Online Advertising Fraud 20 / Nevena Vratonjic, Mohammad Hossein Manshaei, and Jean-PierreHubaux -- 3.1.1 Advertising on the Internet 20 -- 3.1.2 Exploits of Online Advertising Systems 23 -- 3.1.3 Click Fraud 25 -- 3.1.4 Malvertising: Spreading Malware via Ads 31 -- 3.1.5 Inflight Modification of Ad Traffic 32 -- 3.1.6 Adware: Unsolicited Software Ads 34 -- 3.1.7 Conclusion 35 -- 3.2 Toeing the Line: Legal but Deceptive Service Offers 35 / Markus Jakobsson and Ruilin Zhu -- 3.2.1 How Does it Work? 36 -- 3.2.2 What do they Earn? 36 -- 3.3 Phishing and Some Related Attacks 38 / Markus Jakobsson and William Leddy -- 3.3.1 The Problem is the User 38 -- 3.3.2 Phishing 38 -- 3.3.3 Man-in-the-Middle 39 -- 3.3.4 Man-in-the-Browser 40 -- 3.3.5 New Attack: Man-in-the-Screen 41 -- 3.4 Malware: Current Outlook 42 -- Members of the BITS Security Working Group and staff leads GregRattray and Andrew Kennedy -- 3.4.1 Malware Evolution 42 -- 3.4.2 Malware Supply and Demand 48 -- 3.5 Monetization 53 / Markus Jakobsson -- 3.5.1 There is Money Everywhere 53 -- 4 How ThingsWork and Fail 57 -- 4.1 Online Advertising: With Secret Security 58 / Markus Jakobsson -- 4.1.1 What is a Click? 58 -- 4.1.2 How Secret Filters are Evaluated 60 -- 4.1.3 What do Fraudsters Know? 62 -- 4.2 Web Security Remediation Efforts 63 / Jeff Hodges and Andy Steingruebl.
4.2.1 Introduction 63 -- 4.2.2 The Multitude of Web Browser Security Mechanisms 64 -- 4.2.3 Where do we go from Here? 75 -- 4.3 Content-Sniffing XSS Attacks: XSS with Non-HTML Content75 / Juan Caballero, Adam Barth, and Dawn Song -- 4.3.1 Introduction 75 -- 4.3.2 Content-Sniffing XSS Attacks 77 -- 4.3.3 Defenses 84 -- 4.3.4 Conclusion 89 -- 4.4 Our Internet Infrastructure at Risk 89 / Garth Bruen -- 4.4.1 Introduction 89 -- 4.4.2 The Political Structure 90 -- 4.4.3 The Domain 92 -- 4.4.4 WHOIS: Ownership and Technical Records 94 -- 4.4.5 Registrars: Sponsors of Domain Names 96 -- 4.4.6 Registries: Sponsors of Domain Extensions 97 -- 4.4.7 CCTLDs: The Sovereign Domain Extensions 99 -- 4.4.8 ICANN: The Main Internet Policy Body 100 -- 4.4.9 Conclusion 102 -- 4.5 Social Spam 103 / Dimitar Nikolov and Filippo Menczer -- 4.5.1 Introduction 103 -- 4.5.2 Motivations for Spammers 105 -- 4.5.3 Case Study: Spam in the GiveALink Bookmarking System108 -- 4.5.4 Web Pollution 114 -- 4.5.5 The Changing Nature of Social Spam: Content Farms 116 -- 4.5.6 Conclusion 117 -- 4.6 Understanding CAPTCHAs and Their Weaknesses 117 / Elie Bursztein -- 4.6.1 What is a Captcha? 117 -- 4.6.2 Types of Captchas 118 -- 4.6.3 Evaluating Captcha Attack Effectiveness 118 -- 4.6.4 Design of Captchas 119 -- 4.6.5 Automated Attacks 124 -- 4.6.6 Crowd-Sourcing: Using Humans to Break Captchas 127 -- 4.7 Security Questions 131 / Ariel Rabkin -- 4.7.1 Overview 131 -- 4.7.2 Vulnerabilities 134 -- 4.7.3 Variants and Possible Defenses 138 -- 4.7.4 Conclusion 139 -- 4.8 Folk Models of Home Computer Security 140 / Rick Wash and Emilee Rader -- 4.8.1 The Relationship Between Folk Models and Security 140 -- 4.8.2 Folk Models of Viruses and Other Malware 142 -- 4.8.3 Folk Models of Hackers and Break-Ins 146 -- 4.8.4 Following Security Advice 149 -- 4.8.5 Lessons Learned 153 -- 4.9 Detecting and Defeating Interception Attacks Against SSL154 / Christopher Soghoian and Sid Stamm -- 4.9.1 Introduction 154.
4.9.2 Certificate Authorities and the Browser Vendors 155 -- 4.9.3 Big Brother in the Browser 157 -- 4.9.4 Compelled Assistance 158 -- 4.9.5 Surveillance Appliances 159 -- 4.9.6 Protecting Users 160 -- 4.9.7 Threat Model Analysis 163 -- 4.9.8 Related Work 166 -- 4.9.9 Conclusion 168 -- 5 The Mobile Problem 169 -- 5.1 Phishing on Mobile Devices 169 / Adrienne Porter Felt and David Wagner -- 5.1.1 The Mobile Phishing Threat 170 -- 5.1.2 Common Control Transfers 172 -- 5.1.3 Phishing Attacks 178 -- 5.1.4 Web Sender⇒Mobile Target 182 -- 5.1.5 Web Sender⇒Web Target 184 -- 5.1.6 Attack Prevention 185 -- 5.2 Why Mobile Malware will Explode 185 / Markus Jakobsson and Mark Grandcolas -- 5.2.1 Nineteen Eighty-Six: When it all Started 186 -- 5.2.2 A Glimpse of Users 186 -- 5.2.3 Why Market Size Matters 186 -- 5.2.4 Financial Trends 187 -- 5.2.5 Mobile Malware Outlook 187 -- 5.3 Tapjacking: Stealing Clicks on Mobile Devices 189 / Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and DanBoneh -- 5.3.1 Framing Attacks 189 -- 5.3.2 Phone Tapjacking 191 -- 5.3.3 Framing Facebook 194 -- 5.3.4 Summary and Recommendations 195 -- 6 The Internet and the PhysicalWorld 197 -- 6.1 Malware-Enabled Wireless Tracking Networks 197 / Nathaniel Husted and Steven Myers -- 6.1.1 Introduction 198 -- 6.1.2 The Anatomy of a Modern Smartphone 199 -- 6.1.3 Mobile Tracking Networks: A Threat to Smartphones 200 -- 6.1.4 Conclusion 219 -- 6.2 Social Networking Leaks 219 / Mayank Dhiman and Markus Jakobsson -- 6.2.1 Introduction 220 -- 6.2.2 Motivations for Using Social Networking Sites 220 -- 6.2.3 Trust and Privacy 221 -- 6.2.4 Known Issues 222 -- 6.2.5 Case Study: Social Networking Leaks in the Physical World225 -- 6.3 Abuse of Social Media and Political Manipulation 231 / Bruno Gond calves, Michael Conover, and FilippoMenczer -- 6.3.1 The Rise of Online Grassroots Political Movements 231 -- 6.3.2 Spam and Astroturfing 232 -- 6.3.3 Deceptive Tactics 233 -- 6.3.4 The Truthy System for Astroturf Detection 236.
6.3.5 Discussion 240 -- Part II Thinking About Solutions -- 7 Solutions to the Problem 245 -- 7.1 When and How to Authenticate 245 / Richard Chow, Elaine Shi, Markus Jakobsson, Philippe Golle,Ryusuke Masuoka, Jesus Molina, Yuan Niu, and Jeff Song -- 7.1.1 Problem Description 246 -- 7.1.2 Use Cases 247 -- 7.1.3 System Architecture 248 -- 7.1.4 User Privacy 250 -- 7.1.5 Machine Learning/Algorithms 250 -- 7.1.6 User Study 252 -- 7.2 Fastwords: Adapting Passwords to Constrained Keyboards255 / Markus Jakobsson and Ruj Akavipat -- 7.2.1 The Principles Behind Fastwords 256 -- 7.2.2 Basic Feature Set 258 -- 7.2.3 Extended Feature Set 260 -- 7.2.4 Sample Stories and Frequencies 261 -- 7.2.5 Recall Rates 262 -- 7.2.6 Security Analysis 264 -- 7.2.7 The Security of Passwords 264 -- 7.2.8 Entry Speed 268 -- 7.2.9 Implementation of Fastword Entry 270 -- 7.2.10 Conclusion 271 -- 7.3 Deriving PINs from Passwords 271 / Markus Jakobsson and Debin Liu -- 7.3.1 Introduction 272 -- 7.3.2 A Brief Discussion of Passwords 273 -- 7.3.3 How to Derive PINs from Passwords 274 -- 7.3.4 Analysis of Passwords and Derived PINs 275 -- 7.3.5 Security Analysis 278 -- 7.3.6 Usability Experiments 280 -- 7.4 Visual Preference Authentication 282 / Yuan Niu, Markus Jakobsson, Gustav Rydstedt, and DahnTamir -- 7.4.1 Password Resets 282 -- 7.4.2 Security Questions Aren't so Secure 283 -- 7.4.3 What is Visual Preference-Based Authentication 283 -- 7.4.4 Evaluating Visual Preference-Based Authentication 285 -- 7.4.5 Case Study: Visual Blue Moon Authentication 286 -- 7.4.6 Conclusion 290 -- 7.5 The Deadly Sins of Security User Interfaces 290 / Nathan Good -- 7.5.1 Security Applications with Frustrating User Interfaces291 -- 7.5.2 The Four Sins of Security Application User Interfaces293 -- 7.5.3 Consumer Choice: A Security Bugbear 293 -- 7.5.4 Security by Verbosity 299 -- 7.5.5 Walls of Checkboxes 300 -- 7.5.6 All or Nothing Switch 302 -- 7.5.7 Conclusion 304 -- 7.6 SpoofKiller-Let's Kiss Spoofing Goodbye!304 / Markus Jakobsson and William Leddy.
7.6.1 A Key to the Solution: Interrupts 305 -- 7.6.2 Why can the User Log in to Good Sites, but not Bad Ones?305 -- 7.6.3 What About Sites that are Good . . . but not CertifiedGood? 308 -- 7.6.4 SpoofKiller: Under the Hood 309 -- 7.6.5 Say we Implement SpoofKiller-then What? 311 -- 7.7 Device Identification and Intelligence 312 / Ori Eisen -- 7.7.1 1995-2001: The Early Years of Device Identification313 -- 7.7.2 2001-2008 Tagless Device Identification Begins314 -- 7.7.3 2008-Present: Private Browsing and Beyond 319 -- 7.8 How can we Determine if a Device is Infected or not?323 / Aur'elien Francillon, Markus Jakobsson, and AdrianPerrig -- 7.8.1 Why Detection is Difficult 323 -- 7.8.2 Setting up an Isolated Environment 324 -- 7.8.3 What Could go Wrong? 326 -- 7.8.4 Brief Comparison with TrustZone 328 -- 7.8.5 Summary 328 -- 8 The Future 331 -- 8.1 Security Needs the Best User Experience 332 / Hampus Jakobsson -- 8.1.1 How the User Won Over Features 332 -- 8.1.2 So How Come the iPhone Became so Successful? 332 -- 8.1.3 A World of Information Anywhere 333 -- 8.1.4 Midas' Touch Screens 334 -- 8.1.5 New Input, New Opportunities 335 -- 8.1.6 Zero-Click and Real-Life User Interfaces 335 -- 8.1.7 Privacy and User Interfaces 336 -- 8.1.8 It all Comes Together 336 -- 8.2 Fraud and the Future 336 / Markus Jakobsson -- References 339 -- Index 359.
Record Nr. UNINA-9910138873603321
Hoboken [New Jersey] : , : John Wiley & Sons, , c2012
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui
The death of the internet / / edited by Markus Jakobsson
The death of the internet / / edited by Markus Jakobsson
Edizione [1st ed.]
Pubbl/distr/stampa Hoboken [New Jersey] : , : John Wiley & Sons, , c2012
Descrizione fisica 1 online resource (387 p.)
Disciplina 005.8
Altri autori (Persone) JakobssonMarkus
Soggetto topico Internet - Security measures
Electronic commerce - Security measures
Data protection
Computer crimes
ISBN 1-118-31254-6
1-280-99841-5
9786613770028
1-118-31253-8
1-118-31255-4
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto Foreword xv -- Preface xvii -- Is the Title of this Book a Joke? xix -- Acknowledgments xxi -- Contributors xxiii -- Part I The Problem -- 1 What Could Kill the Internet? And so What? 3 -- 2 It is About People 7 -- 2.1 Human and Social Issues 7 / Markus Jakobsson -- 2.1.1 Nigerian Scams 8 -- 2.1.2 Password Reuse 9 -- 2.1.3 Phishing 11 -- 2.2 Who are the Criminals? 13 / Igor Bulavko -- 2.2.1 Who are they? 13 -- 2.2.2 Where are they? 14 -- 2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers 14 -- 2.2.4 Let's try to Find Parallels in the World we Live in16 -- 2.2.5 Crime and Punishment? 16 -- 3 How Criminals Profit 19 -- 3.1 Online Advertising Fraud 20 / Nevena Vratonjic, Mohammad Hossein Manshaei, and Jean-PierreHubaux -- 3.1.1 Advertising on the Internet 20 -- 3.1.2 Exploits of Online Advertising Systems 23 -- 3.1.3 Click Fraud 25 -- 3.1.4 Malvertising: Spreading Malware via Ads 31 -- 3.1.5 Inflight Modification of Ad Traffic 32 -- 3.1.6 Adware: Unsolicited Software Ads 34 -- 3.1.7 Conclusion 35 -- 3.2 Toeing the Line: Legal but Deceptive Service Offers 35 / Markus Jakobsson and Ruilin Zhu -- 3.2.1 How Does it Work? 36 -- 3.2.2 What do they Earn? 36 -- 3.3 Phishing and Some Related Attacks 38 / Markus Jakobsson and William Leddy -- 3.3.1 The Problem is the User 38 -- 3.3.2 Phishing 38 -- 3.3.3 Man-in-the-Middle 39 -- 3.3.4 Man-in-the-Browser 40 -- 3.3.5 New Attack: Man-in-the-Screen 41 -- 3.4 Malware: Current Outlook 42 -- Members of the BITS Security Working Group and staff leads GregRattray and Andrew Kennedy -- 3.4.1 Malware Evolution 42 -- 3.4.2 Malware Supply and Demand 48 -- 3.5 Monetization 53 / Markus Jakobsson -- 3.5.1 There is Money Everywhere 53 -- 4 How ThingsWork and Fail 57 -- 4.1 Online Advertising: With Secret Security 58 / Markus Jakobsson -- 4.1.1 What is a Click? 58 -- 4.1.2 How Secret Filters are Evaluated 60 -- 4.1.3 What do Fraudsters Know? 62 -- 4.2 Web Security Remediation Efforts 63 / Jeff Hodges and Andy Steingruebl.
4.2.1 Introduction 63 -- 4.2.2 The Multitude of Web Browser Security Mechanisms 64 -- 4.2.3 Where do we go from Here? 75 -- 4.3 Content-Sniffing XSS Attacks: XSS with Non-HTML Content75 / Juan Caballero, Adam Barth, and Dawn Song -- 4.3.1 Introduction 75 -- 4.3.2 Content-Sniffing XSS Attacks 77 -- 4.3.3 Defenses 84 -- 4.3.4 Conclusion 89 -- 4.4 Our Internet Infrastructure at Risk 89 / Garth Bruen -- 4.4.1 Introduction 89 -- 4.4.2 The Political Structure 90 -- 4.4.3 The Domain 92 -- 4.4.4 WHOIS: Ownership and Technical Records 94 -- 4.4.5 Registrars: Sponsors of Domain Names 96 -- 4.4.6 Registries: Sponsors of Domain Extensions 97 -- 4.4.7 CCTLDs: The Sovereign Domain Extensions 99 -- 4.4.8 ICANN: The Main Internet Policy Body 100 -- 4.4.9 Conclusion 102 -- 4.5 Social Spam 103 / Dimitar Nikolov and Filippo Menczer -- 4.5.1 Introduction 103 -- 4.5.2 Motivations for Spammers 105 -- 4.5.3 Case Study: Spam in the GiveALink Bookmarking System108 -- 4.5.4 Web Pollution 114 -- 4.5.5 The Changing Nature of Social Spam: Content Farms 116 -- 4.5.6 Conclusion 117 -- 4.6 Understanding CAPTCHAs and Their Weaknesses 117 / Elie Bursztein -- 4.6.1 What is a Captcha? 117 -- 4.6.2 Types of Captchas 118 -- 4.6.3 Evaluating Captcha Attack Effectiveness 118 -- 4.6.4 Design of Captchas 119 -- 4.6.5 Automated Attacks 124 -- 4.6.6 Crowd-Sourcing: Using Humans to Break Captchas 127 -- 4.7 Security Questions 131 / Ariel Rabkin -- 4.7.1 Overview 131 -- 4.7.2 Vulnerabilities 134 -- 4.7.3 Variants and Possible Defenses 138 -- 4.7.4 Conclusion 139 -- 4.8 Folk Models of Home Computer Security 140 / Rick Wash and Emilee Rader -- 4.8.1 The Relationship Between Folk Models and Security 140 -- 4.8.2 Folk Models of Viruses and Other Malware 142 -- 4.8.3 Folk Models of Hackers and Break-Ins 146 -- 4.8.4 Following Security Advice 149 -- 4.8.5 Lessons Learned 153 -- 4.9 Detecting and Defeating Interception Attacks Against SSL154 / Christopher Soghoian and Sid Stamm -- 4.9.1 Introduction 154.
4.9.2 Certificate Authorities and the Browser Vendors 155 -- 4.9.3 Big Brother in the Browser 157 -- 4.9.4 Compelled Assistance 158 -- 4.9.5 Surveillance Appliances 159 -- 4.9.6 Protecting Users 160 -- 4.9.7 Threat Model Analysis 163 -- 4.9.8 Related Work 166 -- 4.9.9 Conclusion 168 -- 5 The Mobile Problem 169 -- 5.1 Phishing on Mobile Devices 169 / Adrienne Porter Felt and David Wagner -- 5.1.1 The Mobile Phishing Threat 170 -- 5.1.2 Common Control Transfers 172 -- 5.1.3 Phishing Attacks 178 -- 5.1.4 Web Sender⇒Mobile Target 182 -- 5.1.5 Web Sender⇒Web Target 184 -- 5.1.6 Attack Prevention 185 -- 5.2 Why Mobile Malware will Explode 185 / Markus Jakobsson and Mark Grandcolas -- 5.2.1 Nineteen Eighty-Six: When it all Started 186 -- 5.2.2 A Glimpse of Users 186 -- 5.2.3 Why Market Size Matters 186 -- 5.2.4 Financial Trends 187 -- 5.2.5 Mobile Malware Outlook 187 -- 5.3 Tapjacking: Stealing Clicks on Mobile Devices 189 / Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and DanBoneh -- 5.3.1 Framing Attacks 189 -- 5.3.2 Phone Tapjacking 191 -- 5.3.3 Framing Facebook 194 -- 5.3.4 Summary and Recommendations 195 -- 6 The Internet and the PhysicalWorld 197 -- 6.1 Malware-Enabled Wireless Tracking Networks 197 / Nathaniel Husted and Steven Myers -- 6.1.1 Introduction 198 -- 6.1.2 The Anatomy of a Modern Smartphone 199 -- 6.1.3 Mobile Tracking Networks: A Threat to Smartphones 200 -- 6.1.4 Conclusion 219 -- 6.2 Social Networking Leaks 219 / Mayank Dhiman and Markus Jakobsson -- 6.2.1 Introduction 220 -- 6.2.2 Motivations for Using Social Networking Sites 220 -- 6.2.3 Trust and Privacy 221 -- 6.2.4 Known Issues 222 -- 6.2.5 Case Study: Social Networking Leaks in the Physical World225 -- 6.3 Abuse of Social Media and Political Manipulation 231 / Bruno Gond calves, Michael Conover, and FilippoMenczer -- 6.3.1 The Rise of Online Grassroots Political Movements 231 -- 6.3.2 Spam and Astroturfing 232 -- 6.3.3 Deceptive Tactics 233 -- 6.3.4 The Truthy System for Astroturf Detection 236.
6.3.5 Discussion 240 -- Part II Thinking About Solutions -- 7 Solutions to the Problem 245 -- 7.1 When and How to Authenticate 245 / Richard Chow, Elaine Shi, Markus Jakobsson, Philippe Golle,Ryusuke Masuoka, Jesus Molina, Yuan Niu, and Jeff Song -- 7.1.1 Problem Description 246 -- 7.1.2 Use Cases 247 -- 7.1.3 System Architecture 248 -- 7.1.4 User Privacy 250 -- 7.1.5 Machine Learning/Algorithms 250 -- 7.1.6 User Study 252 -- 7.2 Fastwords: Adapting Passwords to Constrained Keyboards255 / Markus Jakobsson and Ruj Akavipat -- 7.2.1 The Principles Behind Fastwords 256 -- 7.2.2 Basic Feature Set 258 -- 7.2.3 Extended Feature Set 260 -- 7.2.4 Sample Stories and Frequencies 261 -- 7.2.5 Recall Rates 262 -- 7.2.6 Security Analysis 264 -- 7.2.7 The Security of Passwords 264 -- 7.2.8 Entry Speed 268 -- 7.2.9 Implementation of Fastword Entry 270 -- 7.2.10 Conclusion 271 -- 7.3 Deriving PINs from Passwords 271 / Markus Jakobsson and Debin Liu -- 7.3.1 Introduction 272 -- 7.3.2 A Brief Discussion of Passwords 273 -- 7.3.3 How to Derive PINs from Passwords 274 -- 7.3.4 Analysis of Passwords and Derived PINs 275 -- 7.3.5 Security Analysis 278 -- 7.3.6 Usability Experiments 280 -- 7.4 Visual Preference Authentication 282 / Yuan Niu, Markus Jakobsson, Gustav Rydstedt, and DahnTamir -- 7.4.1 Password Resets 282 -- 7.4.2 Security Questions Aren't so Secure 283 -- 7.4.3 What is Visual Preference-Based Authentication 283 -- 7.4.4 Evaluating Visual Preference-Based Authentication 285 -- 7.4.5 Case Study: Visual Blue Moon Authentication 286 -- 7.4.6 Conclusion 290 -- 7.5 The Deadly Sins of Security User Interfaces 290 / Nathan Good -- 7.5.1 Security Applications with Frustrating User Interfaces291 -- 7.5.2 The Four Sins of Security Application User Interfaces293 -- 7.5.3 Consumer Choice: A Security Bugbear 293 -- 7.5.4 Security by Verbosity 299 -- 7.5.5 Walls of Checkboxes 300 -- 7.5.6 All or Nothing Switch 302 -- 7.5.7 Conclusion 304 -- 7.6 SpoofKiller-Let's Kiss Spoofing Goodbye!304 / Markus Jakobsson and William Leddy.
7.6.1 A Key to the Solution: Interrupts 305 -- 7.6.2 Why can the User Log in to Good Sites, but not Bad Ones?305 -- 7.6.3 What About Sites that are Good . . . but not CertifiedGood? 308 -- 7.6.4 SpoofKiller: Under the Hood 309 -- 7.6.5 Say we Implement SpoofKiller-then What? 311 -- 7.7 Device Identification and Intelligence 312 / Ori Eisen -- 7.7.1 1995-2001: The Early Years of Device Identification313 -- 7.7.2 2001-2008 Tagless Device Identification Begins314 -- 7.7.3 2008-Present: Private Browsing and Beyond 319 -- 7.8 How can we Determine if a Device is Infected or not?323 / Aur'elien Francillon, Markus Jakobsson, and AdrianPerrig -- 7.8.1 Why Detection is Difficult 323 -- 7.8.2 Setting up an Isolated Environment 324 -- 7.8.3 What Could go Wrong? 326 -- 7.8.4 Brief Comparison with TrustZone 328 -- 7.8.5 Summary 328 -- 8 The Future 331 -- 8.1 Security Needs the Best User Experience 332 / Hampus Jakobsson -- 8.1.1 How the User Won Over Features 332 -- 8.1.2 So How Come the iPhone Became so Successful? 332 -- 8.1.3 A World of Information Anywhere 333 -- 8.1.4 Midas' Touch Screens 334 -- 8.1.5 New Input, New Opportunities 335 -- 8.1.6 Zero-Click and Real-Life User Interfaces 335 -- 8.1.7 Privacy and User Interfaces 336 -- 8.1.8 It all Comes Together 336 -- 8.2 Fraud and the Future 336 / Markus Jakobsson -- References 339 -- Index 359.
Record Nr. UNINA-9910810416403321
Hoboken [New Jersey] : , : John Wiley & Sons, , c2012
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui
Information security [[electronic resource] ] : principles and practice / / Mark Stamp
Information security [[electronic resource] ] : principles and practice / / Mark Stamp
Autore Stamp Mark
Edizione [2nd ed.]
Pubbl/distr/stampa Hoboken, NJ, : Wiley, c2011
Descrizione fisica 1 online resource (608 p.)
Disciplina 005.8
Soggetto topico Computer security
Data protection
Soggetto genere / forma Electronic books.
ISBN 1-283-13887-5
9786613138873
1-118-02796-5
1-118-02797-3
1-118-02795-7
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto Information Security: Principles and Practice; Contents; Preface; About The Author; Acknowledgments; 1 Introduction; 1.1 The Cast of Characters; 1.2 Alice's Online Bank; 1.2.1 Confidentiality, Integrity, and Availability; 1.2.2 Beyond CIA; 1.3 About This Book; 1.3.1 Cryptography; 1.3.2 Access Control; 1.3.3 Protocols; 1.3.4 Software; 1.4 The People Problem; 1.5 Principles and Practice; 1.6 Problems; I Crypto; 2 Crypto Basics; 2.1 Introduction; 2.2 How to Speak Crypto; 2.3 Classic Crypto; 2.3.1 Simple Substitution Cipher; 2.3.2 Cryptanalysis of a Simple Substitution; 2.3.3 Definition of Secure
2.3.4 Double Transposition Cipher2.3.5 One-Time Pad; 2.3.6 Project VENONA; 2.3.7 Codebook Cipher; 2.3.8 Ciphers of the Election of 1876; 2.4 Modern Crypto History; 2.5 A Taxonomy of Cryptography; 2.6 A Taxonomy of Cryptanalysis; 2.7 Summary; 2.8 Problems; 3 Symmetric Key Crypto; 3.1 Introduction; 3.2 Stream Ciphers; 3.2.1 A5/1; 3.2.2 RC4; 3.3 Block Ciphers; 3.3.1 Feistel Cipher; 3.3.2 DES; 3.3.3 Triple DES; 3.3.4 AES; 3.3.5 Three More Block Ciphers; 3.3.6 TEA; 3.3.7 Block Cipher Modes; 3.4 Integrity; 3.5 Summary; 3.6 Problems; 4 Public Key Crypto; 4.1 Introduction; 4.2 Knapsack; 4.3 RSA
4.3.1 Textbook RSA Example4.3.2 Repeated Squaring; 4.3.3 Speeding Up RSA; 4.4 Diffie-Hellman; 4.5 Elliptic Curve Cryptography; 4.5.1 Elliptic Curve Math; 4.5.2 ECC Diffie-Hellman; 4.5.3 Realistic Elliptic Curve Example; 4.6 Public Key Notation; 4.7 Uses for Public Key Crypto; 4.7.1 Confidentiality in the Real World; 4.7.2 Signatures and Non-repudiation; 4.7.3 Confidentiality and Non-repudiation; 4.8 Public Key Infrastructure; 4.9 Summary; 4.10 Problems; 5 Hash Functions++; 5.1 Introduction; 5.2 What is a Cryptographic Hash Function?; 5.3 The Birthday Problem; 5.4 A Birthday Attack
5.5 Non-Cryptographic Hashes5.6 Tiger Hash; 5.7 HMAC; 5.8 Uses for Hash Functions; 5.8.1 Online Bids; 5.8.2 Spam Reduction; 5.9 Miscellaneous Crypto-Related Topics; 5.9.1 Secret Sharing; 5.9.2 Random Numbers; 5.9.3 Information Hiding; 5.10 Summary; 5.11 Problems; 6 Advanced Cryptanalysis; 6.1 Introduction; 6.2 Enigma; 6.2.1 Enigma Cipher Machine; 6.2.2 Enigma Keyspace; 6.2.3 Rotors; 6.2.4 Enigma Attack; 6.3 RC4 as Used in WEP; 6.3.1 RC4 Algorithm; 6.3.2 RC4 Cryptanalytic Attack; 6.3.3 Preventing Attacks on RC4; 6.4 Linear and Differential Cryptanalysis; 6.4.1 Quick Review of DES
6.4.2 Overview of Differential Cryptanalysis6.4.3 Overview of Linear Cryptanalysis; 6.4.4 Tiny DES; 6.4.5 Differential Cryptanalysis of TDES; 6.4.6 Linear Cryptanalysis of TDES; 6.4.7 Implications Block Cipher Design; 6.5 Lattice Reduction and the Knapsack; 6.6 RSA Timing Attacks; 6.6.1 A Simple Timing Attack; 6.6.2 Kocher's Timing Attack; 6.7 Summary; 6.8 Problems; II Access Control; 7 Authentication; 7.1 Introduction; 7.2 Authentication Methods; 7.3 Passwords; 7.3.1 Keys Versus Passwords; 7.3.2 Choosing Passwords; 7.3.3 Attacking Systems via Passwords; 7.3.4 Password Verification
7.3.5 Math of Password Cracking
Record Nr. UNINA-9910139648303321
Stamp Mark  
Hoboken, NJ, : Wiley, c2011
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui
Information security : principles and practice / / Mark Stamp
Information security : principles and practice / / Mark Stamp
Autore Stamp Mark
Edizione [2nd ed.]
Pubbl/distr/stampa Hoboken, NJ, : Wiley, c2011
Descrizione fisica 1 online resource (608 p.)
Disciplina 005.8
Soggetto topico Computer security
Data protection
ISBN 1-283-13887-5
9786613138873
1-118-02796-5
1-118-02797-3
1-118-02795-7
Classificazione COM053000
Formato Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione eng
Nota di contenuto Information Security: Principles and Practice; Contents; Preface; About The Author; Acknowledgments; 1 Introduction; 1.1 The Cast of Characters; 1.2 Alice's Online Bank; 1.2.1 Confidentiality, Integrity, and Availability; 1.2.2 Beyond CIA; 1.3 About This Book; 1.3.1 Cryptography; 1.3.2 Access Control; 1.3.3 Protocols; 1.3.4 Software; 1.4 The People Problem; 1.5 Principles and Practice; 1.6 Problems; I Crypto; 2 Crypto Basics; 2.1 Introduction; 2.2 How to Speak Crypto; 2.3 Classic Crypto; 2.3.1 Simple Substitution Cipher; 2.3.2 Cryptanalysis of a Simple Substitution; 2.3.3 Definition of Secure
2.3.4 Double Transposition Cipher2.3.5 One-Time Pad; 2.3.6 Project VENONA; 2.3.7 Codebook Cipher; 2.3.8 Ciphers of the Election of 1876; 2.4 Modern Crypto History; 2.5 A Taxonomy of Cryptography; 2.6 A Taxonomy of Cryptanalysis; 2.7 Summary; 2.8 Problems; 3 Symmetric Key Crypto; 3.1 Introduction; 3.2 Stream Ciphers; 3.2.1 A5/1; 3.2.2 RC4; 3.3 Block Ciphers; 3.3.1 Feistel Cipher; 3.3.2 DES; 3.3.3 Triple DES; 3.3.4 AES; 3.3.5 Three More Block Ciphers; 3.3.6 TEA; 3.3.7 Block Cipher Modes; 3.4 Integrity; 3.5 Summary; 3.6 Problems; 4 Public Key Crypto; 4.1 Introduction; 4.2 Knapsack; 4.3 RSA
4.3.1 Textbook RSA Example4.3.2 Repeated Squaring; 4.3.3 Speeding Up RSA; 4.4 Diffie-Hellman; 4.5 Elliptic Curve Cryptography; 4.5.1 Elliptic Curve Math; 4.5.2 ECC Diffie-Hellman; 4.5.3 Realistic Elliptic Curve Example; 4.6 Public Key Notation; 4.7 Uses for Public Key Crypto; 4.7.1 Confidentiality in the Real World; 4.7.2 Signatures and Non-repudiation; 4.7.3 Confidentiality and Non-repudiation; 4.8 Public Key Infrastructure; 4.9 Summary; 4.10 Problems; 5 Hash Functions++; 5.1 Introduction; 5.2 What is a Cryptographic Hash Function?; 5.3 The Birthday Problem; 5.4 A Birthday Attack
5.5 Non-Cryptographic Hashes5.6 Tiger Hash; 5.7 HMAC; 5.8 Uses for Hash Functions; 5.8.1 Online Bids; 5.8.2 Spam Reduction; 5.9 Miscellaneous Crypto-Related Topics; 5.9.1 Secret Sharing; 5.9.2 Random Numbers; 5.9.3 Information Hiding; 5.10 Summary; 5.11 Problems; 6 Advanced Cryptanalysis; 6.1 Introduction; 6.2 Enigma; 6.2.1 Enigma Cipher Machine; 6.2.2 Enigma Keyspace; 6.2.3 Rotors; 6.2.4 Enigma Attack; 6.3 RC4 as Used in WEP; 6.3.1 RC4 Algorithm; 6.3.2 RC4 Cryptanalytic Attack; 6.3.3 Preventing Attacks on RC4; 6.4 Linear and Differential Cryptanalysis; 6.4.1 Quick Review of DES
6.4.2 Overview of Differential Cryptanalysis6.4.3 Overview of Linear Cryptanalysis; 6.4.4 Tiny DES; 6.4.5 Differential Cryptanalysis of TDES; 6.4.6 Linear Cryptanalysis of TDES; 6.4.7 Implications Block Cipher Design; 6.5 Lattice Reduction and the Knapsack; 6.6 RSA Timing Attacks; 6.6.1 A Simple Timing Attack; 6.6.2 Kocher's Timing Attack; 6.7 Summary; 6.8 Problems; II Access Control; 7 Authentication; 7.1 Introduction; 7.2 Authentication Methods; 7.3 Passwords; 7.3.1 Keys Versus Passwords; 7.3.2 Choosing Passwords; 7.3.3 Attacking Systems via Passwords; 7.3.4 Password Verification
7.3.5 Math of Password Cracking
Record Nr. UNINA-9910876903103321
Stamp Mark  
Hoboken, NJ, : Wiley, c2011
Materiale a stampa
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui