安全之美(影印版)
目 录内容简介
PREFACE
1 PSYCHOLOGICAL SECURITY TRAPS
by Pelter "Mudge" Zatko
Learned Helplessness and NaTvete
Confirmation Traps
Functional Fixation
Summary
2 WIRELESS NETWORKING: FERTILE GROUND FOR SOCIAL ENGINEERING
by Jim Stikley
Easy Money
Wireless Gone Wild
Still, Wireless Is the Future
3 BEAUTIFUL SECURITY METRICS
by Elizabeth A. Nichols
Security Metrics by Analogy: Health
Security Metrics by Example
Summary
4 THE UNDERGROUND ECONOMY OF SECURITY BREACHES
by Chenxi Wang
The Makeup and Infrastructure of the Cyber Underground
The Payoff
How Can We Combat This Growing Underground Economy?
Summary
5 BEAUTIFUL TRADE: RETHINKING E-COMMERCE SECURITY
by Ed Bellis
Deconstructing Commerce
Weak Amelioration Attempts
E-Commerce Redone: A New Security Model
The New Model
6 SECURING ONLINE ADVERTISING: RUSTLERS AND SHERIFFS IN THE NEW WILD WEST
by Benjamin Edelman
Attacks on Users
Advertisers As Victims
Creating Accountability in Online Advertising
7 THE EVOLUTION OF PGPS WEB OF TRUST
by Phil Zimmermann and Jon Callas
PGP and OpenPGP
Trust, Validity, and Authority
PGP and Crypto History
Enhancements to the Original Web of Trust Model
Interesting Areas for Further Research
References
8 OPEN SOURCE HONEYCLIENT: PROACTIVE DETECTION OF CLIENT-SIDE EXPLOITS
by Kathy Wang
Enter Honeyclients
Introducing the Worlds First Open Source Honeyclient
Second-Generation Honeyclients
Honeyclient Operational Results
Analysis of Exploits
Limitations of the Current Honeyclient Implementation
Related Work
The Future of Honeyclients
9 TOMORROWS SECURITY COGS AND LEVERS
by Mark Curphey
Cloud Computing and Web Services: The Single Machine Is Here
Connecting People, Process, and Technology: The Potential for Business Process Management
Social Networking: When People Start Communicating, Big Things Change
Information Security Economics: Supercrunching and the New Rules of the G rid
Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All
Conclusion
Acknowledgments
10 SECURITY BY DESIGN
by John McManus
Metrics with No Meaning
Time to Market or Time to Quality?
How a Disciplined System Development Lifecycle Can Help
Conclusion: Beautiful Security Is an Attribute of Beautiful Systems
11 FORCING FIRMS TO FOCUS: IS SECURE SOFTWARE IN YOUR FUTURE?
by,lira Routh
Implicit Requirements Can Still Be Powerful
How One Firm Came to Demand Secure Software
Enforcing Security in Off-the-Shelf Software
Analysis: How to Make the Worlds Software More Secure
12 OH NO, HERE COME THE INFOSECURITY LAWYERS!
by Randy V. Sabett
Culture
Balance
Communication
Doing the Right Thing
13 BEAUTIFUL LOG HANDLING
by Anton Chuuakin
Logs in Security Laws and Standards
Focus on Logs
When Logs Are Invaluable
Challenges with Logs
Case Study: Behind a Trashed Server
Future Logging
Conclusions
14 INCIDENT DETECTION: FINDING THE OTHER 68%
by Grant Geyer and Brian Dunphy
A Common Starting Point
Improving Detection with Context
Improving Perspective with Host Logging
Summary
15 DOING REAL WORK WITHOUT REAL DATA
by Peter Wayner
How Data Translucency Works
A Real-Life Example
Personal Data Stored As a Convenience
Trade-offs
Going Deeper
References
16 CASTING SPELLS: PC SECURITY THEATER
by Michael Wood and Fernando Francisco
Growing Attacks, Defenses in Retreat
The Illusion Revealed
Better Practices for Desktop Security
Conclusion
CONTRIBUTORS
INDEX
1 PSYCHOLOGICAL SECURITY TRAPS
by Pelter "Mudge" Zatko
Learned Helplessness and NaTvete
Confirmation Traps
Functional Fixation
Summary
2 WIRELESS NETWORKING: FERTILE GROUND FOR SOCIAL ENGINEERING
by Jim Stikley
Easy Money
Wireless Gone Wild
Still, Wireless Is the Future
3 BEAUTIFUL SECURITY METRICS
by Elizabeth A. Nichols
Security Metrics by Analogy: Health
Security Metrics by Example
Summary
4 THE UNDERGROUND ECONOMY OF SECURITY BREACHES
by Chenxi Wang
The Makeup and Infrastructure of the Cyber Underground
The Payoff
How Can We Combat This Growing Underground Economy?
Summary
5 BEAUTIFUL TRADE: RETHINKING E-COMMERCE SECURITY
by Ed Bellis
Deconstructing Commerce
Weak Amelioration Attempts
E-Commerce Redone: A New Security Model
The New Model
6 SECURING ONLINE ADVERTISING: RUSTLERS AND SHERIFFS IN THE NEW WILD WEST
by Benjamin Edelman
Attacks on Users
Advertisers As Victims
Creating Accountability in Online Advertising
7 THE EVOLUTION OF PGPS WEB OF TRUST
by Phil Zimmermann and Jon Callas
PGP and OpenPGP
Trust, Validity, and Authority
PGP and Crypto History
Enhancements to the Original Web of Trust Model
Interesting Areas for Further Research
References
8 OPEN SOURCE HONEYCLIENT: PROACTIVE DETECTION OF CLIENT-SIDE EXPLOITS
by Kathy Wang
Enter Honeyclients
Introducing the Worlds First Open Source Honeyclient
Second-Generation Honeyclients
Honeyclient Operational Results
Analysis of Exploits
Limitations of the Current Honeyclient Implementation
Related Work
The Future of Honeyclients
9 TOMORROWS SECURITY COGS AND LEVERS
by Mark Curphey
Cloud Computing and Web Services: The Single Machine Is Here
Connecting People, Process, and Technology: The Potential for Business Process Management
Social Networking: When People Start Communicating, Big Things Change
Information Security Economics: Supercrunching and the New Rules of the G rid
Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All
Conclusion
Acknowledgments
10 SECURITY BY DESIGN
by John McManus
Metrics with No Meaning
Time to Market or Time to Quality?
How a Disciplined System Development Lifecycle Can Help
Conclusion: Beautiful Security Is an Attribute of Beautiful Systems
11 FORCING FIRMS TO FOCUS: IS SECURE SOFTWARE IN YOUR FUTURE?
by,lira Routh
Implicit Requirements Can Still Be Powerful
How One Firm Came to Demand Secure Software
Enforcing Security in Off-the-Shelf Software
Analysis: How to Make the Worlds Software More Secure
12 OH NO, HERE COME THE INFOSECURITY LAWYERS!
by Randy V. Sabett
Culture
Balance
Communication
Doing the Right Thing
13 BEAUTIFUL LOG HANDLING
by Anton Chuuakin
Logs in Security Laws and Standards
Focus on Logs
When Logs Are Invaluable
Challenges with Logs
Case Study: Behind a Trashed Server
Future Logging
Conclusions
14 INCIDENT DETECTION: FINDING THE OTHER 68%
by Grant Geyer and Brian Dunphy
A Common Starting Point
Improving Detection with Context
Improving Perspective with Host Logging
Summary
15 DOING REAL WORK WITHOUT REAL DATA
by Peter Wayner
How Data Translucency Works
A Real-Life Example
Personal Data Stored As a Convenience
Trade-offs
Going Deeper
References
16 CASTING SPELLS: PC SECURITY THEATER
by Michael Wood and Fernando Francisco
Growing Attacks, Defenses in Retreat
The Illusion Revealed
Better Practices for Desktop Security
Conclusion
CONTRIBUTORS
INDEX
目 录内容简介
尽管大多数人在他们个人或者公司的系统没有遭到攻击之前不会给予安全高度的重视,这本充满激辩的书籍依然表明了数字安全不仅仅是值得思考而已,它还是一个可以令人陶醉的话题。罪犯通过大量富有创造力的行为得以成功,防御方也需要付出同等的代价。
本书通过一些有着深刻见解的文章和分析探索了这样一个具有挑战性的主题,其内容包括:
个人信息的秘密机制:它如何工作,罪犯之间的关系,以及一些他们针对被掠食对象发起突袭时所使用的新方法
社交网络、云计算和其他流行趋势如何帮助和伤害我们的在线安全
衡量标准、需求收集、设计和法律如何能够把安全提升到一个更高的高度
PGP真实又少为人知的历史
本书通过一些有着深刻见解的文章和分析探索了这样一个具有挑战性的主题,其内容包括:
个人信息的秘密机制:它如何工作,罪犯之间的关系,以及一些他们针对被掠食对象发起突袭时所使用的新方法
社交网络、云计算和其他流行趋势如何帮助和伤害我们的在线安全
衡量标准、需求收集、设计和法律如何能够把安全提升到一个更高的高度
PGP真实又少为人知的历史
比价列表
公众号、微信群
缺书网微信公众号
扫码进群实时获取购书优惠