Автор: Seth James Nielson
Издательство: Apress
Год: 2023
Страниц: 447
Язык: английский
Формат: pdf (true), epub
Размер: 27.7 MB
The contemporary IT landscape is littered with various technologies that vendors claim will “solve” an organization’s cybersecurity challenges. These technologies are powerful and, in the right context, can be very effective. But misunderstood and misused, they either do not provide effective protection or do not protect the right things. This results in unnecessary expenditures, false beliefs of security, and interference with an organization’s mission.
This book introduces major technologies that are employed in today’s cybersecurity landscape and the fundamental principles and philosophies behind them. By grasping these core concepts, professionals in every organization are better equipped to know what kind of technology they need, ask the right questions of vendors, and better interface with their CISO and security organization. The book is largely directed at beginners, including non-technical professionals such as policy makers, compliance teams, and business executives.
The Chapter 4 introduces the concept of cryptography, or mathematical codes used to protect data. It can be a tough concept. To help make this concept more comprehensible, this chapter covers some of the goals and requirements for cryptography. It then uses some historical examples to illustrate a subset of these principles. People have been using secret codes since before computers. These examples can be easier to understand but can also effectively introduce some concepts like key size, block size, brute force, block ciphers, stream ciphers, and cryptanalysis.
In modern cryptography, symmetric cryptography uses the same key to encrypt and decrypt, while asymmetric cryptography uses different keys to perform each function. All of the historical examples that follow are symmetric. Because the same key is used for encryption and decryption, these historical examples require that both the sender and receiver of a message must share the same key. The security objective is that, assuming only authorized parties have the key, unauthorized parties will not be able to decode the message and read/understand it.
What You Will Learn:
Authentication technologies, including secure password storage and how hackers “crack” password lists
Access control technology, such as BLP, BIBA, and more recent models such as RBAC and ABAC
Core cryptography technology, including AES encryption and public key signatures
Classical host security technologies that protect against malware (viruses, trojans, ransomware)
Classical network security technologies, such as border security (gateways, firewalls, proxies), network IDS and IPS, and modern deception systems
Web security technologies, including cookies, state, and session defenses, and threats that try to subvert them
Email and social media security threats such as spam, phishing, social media, and other email threats
Who This Book Is For:
Professionals with no technical training in engineering, computers, or other technology; those who want to know things at a technical level but have no previous background; professionals with a background in policy, compliance, and management; technical professionals without a background in computer security who seek an introduction to security topics; those with a security background who are not familiar with this breadth of technology.
Contents:
Скачать Discovering Cybersecurity: A Technical Introduction for the Absolute Beginner