E-Book Overview
This updated guide presents expert information on analyzing, designing, and implementing all aspects of computer network security. Based on the authors' earlier work, Computer System and Network Security, this new book addresses important concerns regarding network security. It contains new chapters on World Wide Web security issues, secure electronic commerce, incident response, as well as two new appendices on PGP and UNIX security fundamentals.
E-Book Content
By SriSri for epubcn
SECURE COMPUTERS and NETWORKS Analysis, Design, and Implementation Eric A. Fisch, Ph.D. KPMG LLP Information Risk Management Dallas, Texas
Gregory B. White, Ph.D. SecureLogix San Antonio, Texas
CRC PR E S S Boca Raton London New York Washington, D.C.
Library of Congress Cataloging-in-Publication Data Fisch, Eric A. Secure computers and networks : analysis, design, and implementation / Eric A. Fisch, Gregory B. White. p. cm. Includes bibliographical references and index. ISBN 0-8493-1868-8 (alk. paper) 1. Computer security. 2. Computer networks—Security measures. I. White, Gregory B. II. Title. QA76.9.A25 F5334 1999 005.8—dc21 99-052126 CIP
This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the author and the publisher cannot assume responsibility for the validity of all materials or for the consequences of their use. Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. The consent of CRC Press LLC does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such copying. Direct all inquiries to CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe.
Visit the CRC Press Web site at www.crcpress.com © 2000 by CRC Press LLC No claim to original U.S. Government works International Standard Book Number 0-8493-1868-8 Library of Congress Card Number 99-052126 Printed in the United States of America 3 4 5 6 7 8 9 0 Printed on acid-free paper
To the woman who makes anything possible, my beautiful bride, Doreen. E. A. F. To my wife Charlan, and our kids, Josie, Heather, and Gregory: Thanks for your understanding and encouragement. G. B. W.
© 2000 by CRC Press LLC
CONTENTS
1
FUNDAMENTALS OF COMPUTER SECURITY
1.1 1.2 1.3 1.4 1.5 1.6 1.7
Objectives of Computer Security Issues Involved in Computer Security Privacy and Ethics Computer Crime Projects References Extended Bibliography
2
RISK ASSESSMENT AND MITIGATION 2.1 Assessment Theory 2.1.1 Information Asset Value (A) 2.1.2 Vulnerability Evaluation (V) 2.1.3 Threat Measurement (T) 2.2 Applying the Risk Analysis Equation 2.3 Decision Support and Risk Mitigation 2.4 Summary 2.5 Projects 2.6 References 2.7 Extended Bibliography
3
DEVELOPING SECURE COMPUTER SYSTEMS
3.1 3.2 3.3 3.4 3.5 3.6 3.7
External Security Measures Structure of a Computer System Secure Computer System Issues Summary Projects References Extended Bibliography
4
SECURITY MODELS 4.1 Specification and Verification 4.2 Security Models 4.2.1 Biba © 2000 by CRC Press LLC
4.2.2 4.2.3 4.2.4 4.3 4.3.1 4.3.2 4.4 4.5 4.6 4.7