Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Introduction to computer and network security : navigating shades of gray
Brooks R., Chapman & Hall/CRC, Boca Raton, FL, 2014. 320 pp. Type: Book (978-1-439860-71-7)
Date Reviewed: Oct 27 2014

An introduction to computer and network security requires a careful balance between breadth and depth. For breadth, the author chooses mostly key topics: cryptography, network security, viruses, web security, privacy and anonymity, and digital rights management. This is a mixture of technical and nontechnical topics. For depth, case studies cover vulnerability analysis, cryptographic protocols, virtual private networks (VPNs), buffer overflow, and polymorphic viruses. These are clearly technical subjects. Such case studies are valuable teaching instruments and compensate for the shorter related chapters.

The first chapter is a “Brief History of Computers, Communications, and Security.” The next, “Security and Privacy Overview,” introduces an extended confidentiality, integrity, and availability (CIA) attribute list; various forms of computer-assisted social engineering; and authentication and authorization. It contains the taxonomy of security incidents. Two case studies, one on mobile code and one on connected vehicles, make the theory tangible.

Chapter 3, “Cryptography Primer,” also includes key management, message confidentiality, steganography, and obfuscation. “SSL/TLS – Case Study Project” focuses on the best-known cryptographic solution for communication protection. The author points at the many problems being identified, like man-in-the-middle risks and the complexity of the solution.

“Securing Networks,” chapter 5, is only 18 pages, which is a little surprising since the book title contains “network security.” Topics covered are firewalls, virtual private networks (VPNs), wireless security, intrusion detection systems (IDSs), and denial of service (DoS) attacks. Chapter 6 provides a case study on VPNs.

“Insertion Attacks” contains the expected content--buffer overflow, format string, and secure shell (SSH) and IDS insertion attacks--but it also contains a short discussion of virus and worm malware. One of the longer chapters, chapter 8, “Buffer Overflow – Advanced Case Study Project,” dives into the most important security problem of the last few decades, in various disguises. It briefly mentions countermeasures. “Polymorphic Virus – Advanced Case Study Project” is somewhat of a risk: it is dangerous to create a virus even if it is supposed to be friendly.

“Web Security” chapter 10, is just too short to do the topic justice. Cross-site scripting (XSS) is an important issue, but is not what this chapter is all about (nor is the man-in-the-browser nightmare). Chapters 7 and 8 could be seen as compensation.

Chapter 11, “Privacy and Anonymity,” attempts to provide the two sides of the coin: anonymity tools and forensic tools.

The next chapter, on side-channel attacks, presents eye-openers. There is more than great paper design and formal proofs of security: sometimes, a stupid environmental issue provides a simple way to circumvent all protection.

Chapter 13, on digital rights management and copyright, covers two well-known topics for the general public.

“Security Economics,” chapter 14, is a strange addendum. I expected an economical explanation of why software has so many security issues, but that is not provided.

Overall, the author has succeeded in providing an introduction to computer and network security: the problems, assignments, and glossaries at the end of each chapter support its use as an introductory textbook.

Reviewer:  A. Mariën Review #: CR142856 (1501-0001)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (C.2.0 ... )
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy