Introduction to Cybersecurity
A Multidisciplinary Challenge
Samenvatting
This book provides an introduction to the basic ideas involved in cybersecurity, whose principal aim is protection of IT systems against unwanted behaviour mediated by the networks which connect them. Due to the widespread use of the Internet in modern society for activities ranging from social networking and entertainment to distribution of utilities and public administration, failures of cybersecurity can threaten almost all aspects of life today. Cybersecurity is a necessity in the modern world, where computers and other electronic devices communicate via networks, and breakdowns in cybersecurity cost society many resources. The aims of cybersecurity are quite simple: data must not be read, modified, deleted or made unavailable by persons who are not allowed to. To meet this major challenge successfully in the digitally interconnected world, one needs to master numerous disciplines because modern IT systems contain software, cryptographic modules, computing units, networks, and human users—all of which can influence the success or failure in the effort. Topics and features: -Introduces readers to the main components of a modern IT system: basic hardware, networks, operating system, and network-based applications -Contains numerous theoretical and practical exercises to illustrate important topics -Discusses protective mechanisms commonly used to ensure cybersecurity and how effective they are -Discusses the use of cryptography for achieving security in IT systems -Explains how to plan for protecting IT systems based on analysing the risk of various forms of failure -Illustrates how human users may affect system security and ways of improving their behaviour -Discusses what to do if a security failure takes place -Presents important legal concepts relevant for cybersecurity, including the concept of cybercrime This accessible, clear textbook is intended especially for students starting a relevant course in computer science or engineering, as well as for professionals looking for a general introduction to the topic. Dr. Robin Sharp is an emeritus professor in the Cybersecurity Section at DTU Compute, the Dept. of Applied Mathematics and Computer Science at the Technical University of Denmark (DTU).
Specificaties
Inhoudsopgave
Information security vs. cybersecurity. The development of the Internet. Cyberattacks today. Security targets and policies. Cybersecurity as a multi-disciplinary challenge.
Reader’s guide.
• Chapter 2. Technique and human beings
Aim: To describe how human weaknesses can lead to security failures.
What are psychological attacks based on? Curiosity, helpfulness, sympathy and hate, belief in authority, making rapid decisions. Phishing. Humans vs. machines.
• Chapter 3. Risk
Aim: To explain the meaning of risk, and how to analyse it.
What is risk? What are “threats” in IT systems? Countering risk. Risk management. Systematic security analysis (ISO/IEC 27002; OCTAVE). Risk management as a PDCA
process.
• Chapter 4. Cryptography
Aim: To describe basic techniques of cryptography as a tool to provide confidentiality.
Some central concepts: Cryptosystems and cryptanalysis. Classical symmetric encryption. Modern ideas: One-time pads, confusion and diffusion, DES, AES and
symmetric stream ciphers. Asymmetric cryptosystems such as RSA.
• Chapter 5. Applied Cryptography
Aim: To show how cryptography can be used to achieve aims other than confidentiality.
Integrity (hash functions and MAC). Electronic signatures with RSA and DSS. Planning for the future. Authentication. Key distribution. Certificates and trust models.
Electronic identities.
• Chapter 6. Communication networks
Aim: To explain how communication networks such as the Internet work.
Basic network concepts: Layered architectures, services and protocols. Communication in the Internet: TCP and UDP Ports, functions in TCP and IP, DNS. How do the
layers work together? Technology: Shared cable-based media, wireless networks, mobile telephones in the internet.
• Chapter 7. Network Applications
Aim: To introduce some simple Internet applications.
Some simple applications in the Internet: Mail transfer, MIME, transfer of web pages. How do they work and where are the challenges for cybersecurity?
• Chapter 8. Network Security
Aim: To illustrate how networks are commonly protected against various forms of attack.
Cryptographic protection in the Internet layers. Mail security. Tunneling, VPNs and Tor. SSL/TLS for securing application protocols. Firewalls: types, placement and risks.
Intrusion Detection Systems (IDS). Security in wireless networks: WiFi, Bluetooth, GSM and UMTS. Eavesdropping on mobile networks. Denial of Service (DoS) attacks in
the Internet layers. Distributed DoS. Permanent DoS. Measures against DoS attacks. Risks and countermeasures in DNS and SNMP. Critical infrastructure protection.
• Chapter 9. Security in operating systems
Aim: To explain how the operating system supports security.
User authentication: Biometrics, passwords, pattern locks and MFA. Authentication through the net. Authorisation, protection & rights: MAC, DAC and RBAC. Access
Control mechanisms. Access Control in file systems, memory, hardware units, and the CPU. Bypassing access control: Rootkits. Reference Monitors. Encryption in the
operating system. Updating the operating system. What the OS cannot do.
• Chapter 10. Software security
Aim: To explain how security failures arise in software, and how they can be avoided or counteracted.
Classes of security failure in software: Buffer overflow, incomplete mediation and Time-of-check-to-Time-of-use errors. Detection of programming errors. Malicious code.
Antivirus systems. SQL and LDAP injection and countermeasures. Vulnerabilities in HTTP and in web servers. Cross-site scripting. Dynamic generation of web content.
• Chapter 11. Incident handling and system availability
Aim: To describe how to plan for and deal with security incidents of various degrees of seriousness.
Reacting to security incidents: Incident reporting. Investigation of incidents in ordinary computers and smartphones. Dealing with encrypted units. Business Continuity
Planning. Disaster Recovery Planning. The NIST Cybersecurity Framework. Security awareness.
• Chapter 12. Law and ethics
Aim: To review how the law helps the fight against cybercrime, and some ethical issues not covered by the law.
Computer crime and the Council of Europe conventions on cybercrime and terrorism. Protection of personal data and GDPR. Protection of healthcare data. Ethical
issues: Datamining, tracking and protection against breaches of privacy.
• Epilogue
Aim: To provoke the reader to think about the extent to which true cybersecurity can be achieved in practice.
• Appendix A. What’s in the box?
Aim: To explain what IT systems are made up of.
Hardware. Software. Networks. Systems and Systems of Systems.
• Appendix B. Mathematics
Basic concepts. Euclid’s algorithm. Euclid’s extended algorithm. The Chinese remainder theorem. Why does RSA work? The birthday paradox.
• Appendix C. Acronyms
• References
• Index
Net verschenen
Rubrieken
- aanbestedingsrecht
- aansprakelijkheids- en verzekeringsrecht
- accountancy
- algemeen juridisch
- arbeidsrecht
- bank- en effectenrecht
- bestuursrecht
- bouwrecht
- burgerlijk recht en procesrecht
- europees-internationaal recht
- fiscaal recht
- gezondheidsrecht
- insolventierecht
- intellectuele eigendom en ict-recht
- management
- mens en maatschappij
- milieu- en omgevingsrecht
- notarieel recht
- ondernemingsrecht
- pensioenrecht
- personen- en familierecht
- sociale zekerheidsrecht
- staatsrecht
- strafrecht en criminologie
- vastgoed- en huurrecht
- vreemdelingenrecht