Table of Contents; Preface; About This Book; Summary of Contents; Part I, Security for Today; Part II, Computer Security; Part III, Communications Security; Part IV, Other Types of Security; Part V, Appendixes; Using Code Examples; Comments and Questions; Safari� Enabled; Acknowledgments; Part I; Introduction; The New Insecurity; Who You Gonna Call?; Information Sharing and Analysis Centers; Vulnerable broadband; No computer is an island; The Sorry Trail; Computer crime; What Is Computer Security?; A Broader Definition of Security; Secrecy and Confidentiality. Accuracy, Integrity, and AuthenticityAvailability; Threats to Security; Vulnerabilities; Physical vulnerabilities; Natural vulnerabilities; Hardware and software vulnerabilities; Media vulnerabilities; Emanation vulnerabilities; Communications vulnerabilities; Human vulnerabilities; Exploiting vulnerabilities; Threats; Natural and physical threats; Unintentional threats; Intentional threats; Insiders and outsiders; Countermeasures; Computer security; Communications security; Physical security; Why Buy Security?; Government Requirements; Information Protection; What's a User to Do?; Summary. Some Security HistoryInformation and Its Controls; Computer Security: Then and Now; Early Computer Security Efforts; Tiger Teams; Research and Modeling; Secure Systems Development; Building Toward Standardization; Standards for Secure Systems; National Computer Security Center; Birth of the Orange Book; Standards for Cryptography; Standards for Emanations; Computer Security Mandates and Legislation; The Balancing Act; Computer Fraud and Abuse Act; Computer Security Act; Searching for a Balance; Recent Government Security Initiatives; Modern Standards for Computer Security. GASSP and GAISP OverviewPrivacy Considerations; Summary; Part II; Computer System Security and Access Controls; What Makes a System Secure?; System Access: Logging into Your System; Identification and Authentication; Multifactor authentication; Login Processes; Password Authentication Protocol; Challenge Handshake Authentication Protocol (CHAP); Mutual authentication; One-time password; Per-session authentication; Tokens; Biometrics; Remote access (TACACS and RADIUS); DIAMETER; Kerberos; Passwords; Protecting passwords; Protecting your login and password on entry. Protecting your password in storagePassword attacks; Authorization; Sensitivity labels; Access models; Access Control in Practice; Discretionary access control; Mandatory access control; Access decisions; Role-based access control; Access control lists; Directory Services; Email example; About X.500; Lightweight Directory Access Protocol; Identity Management; Financial and legal pressures; Summary; Viruses and Other Wildlife; Financial Effects of Malicious Programs; Viruses and Public Health; Viruses, Worms, and Trojans (Oh, My!); Viruses; The history of viruses; Worms; Trojan Horses; Bombs.