Skip to main content
main-content
Top

About this book

As our society grows ever more reliant on computers, so it also becomes more vulnerable to computer crime. Cyber attacks have been plaguing computer users since the 1980s, and computer security experts are predicting that smart telephones and other mobile devices will also become the targets of cyber security threats in the future.

Developed from the author's successful Springer guide to Foundations of Computer Security, this accessible textbook/reference is fully updated and enhanced with resources for students and tutors.

Topics and features: examines the physical security of computer hardware, networks, and digital data; introduces the different forms of rogue software (or malware), discusses methods for preventing and defending against malware, and describes a selection of viruses, worms and Trojans in detail; investigates the important threats to network security, and explores the subjects of authentication, spyware, and identity theft; discusses issues of privacy and trust in the online world, including children's privacy and safety; includes appendices which discuss the definition, meaning, and history of the term hacker, introduce the language of "l33t Speak", and provide a detailed virus timeline; provides numerous exercises and examples throughout the text, in addition to a Glossary of terms used in the book; supplies additional resources at the associated website, http://www.DavidSalomon.name/, including an introduction to cryptography, and answers to the exercises.

Clearly and engagingly written, this concise textbook is an ideal resource for undergraduate classes on computer security. The book is mostly non-mathematical, and is suitable for anyone familiar with the basic concepts of computers and computations.

Table of Contents

1. Physical Security

Abstract
What normally comes to mind, when hearing about or discussing computer security, is either viruses or some of the many security issues that have to do with networks, such as loss of privacy, identity theft, or how to secure sensitive data sent on a network. Computer security, however, is a vast discipline that also includes mundane topics such as how to physically protect computer equipment and secure it against fire, theft, or flood. This chapter is a short discussion of various topics that have to do with physical security.
David Salomon

2. Viruses

Abstract
Computer viruses are the most familiar type of rogue software. A virus is a computer program that hides inside another program in a computer or on a disk drive, that attempts to propagate itself to other computers, and that often includes some destructive function (payload). This chapter discusses the main features of viruses and what makes them different from other types of software. The dictionary defines the adjective “rogue” as “large, destructive, and anomalous or unpredictable” and also as “operating outside normal or desirable controls.” Rogue software generally conforms to these definitions. It is not large, but it is virtually always destructive. It is anomalous because it replicates, and it operates outside of normal controls. This is software specifically designed, implemented, and tested to invade a computer, to replicate and spread to other computers, and to cause harm.
David Salomon

3. Worms

Abstract
A tapeworm is a parasite that lives inside the body of a bigger creature and sustains itself from its host’s resources. A software worm is a program that executes independently of other programs, replicates itself, and spreads through a network from computer to computer. A worm is a type of rogue software that resides in a host computer, but it is not a virus because it is not embedded in a host program. A worm propagates from host to host by exploiting a security hole or a vulnerability discovered by its creator. Section 3.4 shows how the Internet worm exploited security weaknesses in the finger and sendmail UNIX utilities. Section 2.11 describes a vulnerability in a decoder for jpeg images.
David Salomon

4. Trojan Horses

Abstract
A Trojan horse is a common type of rogue software. Such a program hides in a computer and has some malicious function. In contrast to viruses and worms, Trojans do not replicate. This chapter summarizes the main features of Trojans and also discusses how to modify a compiler in a devious way, to make it plant Trojans in programs that it compiles.
The Trojan war, described by Homer (Greek Oμηρoς) in the Iliadand the Odyssey, took place about 3200 years ago, in the beginning of the twelfth century b.c.. We don’t know whether the war actually happened or even if Homer existed, but throughout history (and even today) this chapter of Greek history has fascinated readers and writers alike and has inspired countless stories, poems, plays, and archaeological excavations. The Iliad describes how, having failed to capture Troy after ten years of siege and war, the Greeks, on the advice of Odysseus, made a giant wooden horse, left it at the gates of Troy, ostensibly as a peace offering, and pretended to sail away. The Trojans, intentionally confused by the Gods, dragged the horse inside the city walls and celebrated their “victory.” At night, Greek soldiers emerged from the horse’s hollow belly and opened the city gates, allowing their compatriots to pour in and capture and destroy Troy.
David Salomon

5. Examples of Malware

Abstract
The history and main features of several computer viruses and worms are described in this chapter. More examples can be found in Appendix C. Due to the prevalence of rogue software, there are many similar descriptions on the Internet. Notice that most of the examples are from the 1980s and 1990s, because this was the time when new, original, and very destructive malware appeared regularly and caused great alarm and much harm to computer users worldwide.
David Salomon

6. Prevention and Defense

Abstract
The discussion of rogue software in the preceding chapters illustrates how dangerous this menace is. A worm can appear out of nowhere and infect all the computers of an organization within minutes. Once deeply embedded, it starts sending tentacles outside, looking for more computers to infect, and may also look inside for sensitive information to send back to its creator. Thus, discovering this type of software early, preventing its appearance in the first place, and defending against it are important goals of any computer user, whether an individual or part of an organization. Methods and ideas for preventing malware and defending against it are the topic of this chapter.
David Salomon

7. Network Security

Abstract
A network vulnerability is an inherent weakness in the design, implementation, or use of a hardware component or a software routine. A vulnerability invites attacks and makes the network susceptible to threats.
A threat is anything that can disrupt the operation of the network. A threat can even be accidental or an act of nature, but threats are mostly intentional. A threat can damage the network, slow it down, or make it unavailable. Any type of rogue software represents a threat. An attack is a specific approach employed to exploit a known vulnerability. A passive attack is designed to monitor and record network activity in an attempt to collect information to be used later in an active attack. Examples of passive attacks are packet sniffing (page 226) and traffic analysis. Passive attacks are difficult to detect.
David Salomon

8. Authentication

Abstract
Billy left home when he was in his teens and went to seek his fortune in Australia. When he returned home 30 years later as a mature, successful man, his relatives came to meet him at the dock in Southampton. He later remarked on this meeting to a friend “after not having seen my mother for 30 years, I have recognized her instantly among my many aunts, uncles, and other family.” This short (and usually true) story illustrates the use of identification and authentication in real life. We authenticate a person by looking at them and listening to them, and we can do this even after a long interval during which the person has greatly changed. A computer, unfortunately, cannot see its owner/user and has to rely on other means for authentication, which is the topic of this chapter.
David Salomon

9. Spyware

Abstract
Spyware is the general name of an entire range of nasty software that monitors the users’ activities, collects information such as keystrokes, screen images, and file directories, and either saves this information or sends it to a remote location without the knowledge or consent of the computer owner.
Spyware has become one of the biggest headaches in computer security. Users who are wizards at avoiding virus-riddled email and always install the latest updates of the operating system are finding to their surprise that in spite of all their efforts their computers are loaded with spyware. And what makes this problem worse is that most spyware is particularly tricky to get rid of.
David Salomon

10. Identity Theft

Abstract
Identity theft is the crime of pretending to be someone else. The thief goes to the trouble of obtaining someone’s identity in order to gain financially from fraud, leaving the victim to sort out the resulting mess as best they can. Identity thieves use three main methods to obtain personal information:
David Salomon

11. Privacy and Trust

Abstract
In this age of computers, the Internet, and massive data bases that never lose or forget anything, it is no wonder that we feel we are losing our privacy and we get very concerned about it. The reason for this loss can be found in the phrase “once something is released into the Internet, it can never be completely deleted.” We give away bits and pieces of personal information all the time, but we give them to different entities, at different times, and through different media such as paper or verbally. We therefore expect these pieces of information to disappear or at least to stay separate. The nature of the online world, however, is such that individual pieces of information tend to gravitate toward one another and coalesce into solid objects called personal records.
David Salomon
Additional information