Computer Security Basics (Paperback)

by Debby Russell (Author), Sr. G.T Gangemi (Author)

Editorial Reviews

Product Description
There's a lot more consciousness of security today, but not a lot of understanding of what it means and how far it should go. This handbook describes complicated concepts, such as trusted systems, encryption, and mandatory access control, in simple terms. For example, most U.S. government equipment acquisitions now require "Orange Book" (Trusted Computer System Evaluation Criteria) certification. A lot of people have a vague feeling that they ought to know about the Orange Book, but few make the effort to track it down and read it. Computer Security Basics contains a more readable introduction to the Orange Book---why it exists, what it contains, and what the different security levels are all about---than any other book or government publication.

From the Publisher
There's a lot more consciousness of security today, but not a lot of understanding of what it means and how far it should go. No one loves security, but most people---managers, system administrators and users alike---are starting to feel that they'd better accept it, or at least try to understand it. For example, most U.S. Government equipment acquisitions now require "Orange Book" (Trusted Computer System Evaluation Criteria) certification. A lot of people have a vague feeling that they ought to know about the Orange Book, but few make the effort to track it down and read it. Computer Security Basics contains a more readable introduction to the Orange Book---why it exists, what it contains, and what the different security levels are all about---than any other book or government publication. This handbook describes complicated concepts such as trusted systems, encryption, and mandatory access control in simple terms. It tells you what you need to know to understand the basics of computer security, and it will help you persuade your employees to practice safe computing. Contents include: Introduction (basic computer security concepts, security breaches such as the Internet worm). Computer security and requirements of the Orange Book. Communications and network security. Peripheral types of security (including biometric devices, physical controls, and TEMPEST). Appendices: terms, sources, user groups, and other reference material.

See all Editorial Reviews

Product Details

• Paperback: 468 pages
• Publisher: O'Reilly Media, Inc.; 1 edition (July 11, 1991)
• Language: English
• ISBN-10: 0937175714
• ISBN-13: 978-0937175712
• Product Dimensions: 9 x 6.1 x 1 inches
• Shipping Weight: 1.4 pounds
• Average Customer Review: 4.2 out of 5 stars See all reviews (12 customer reviews)
• Amazon.com Sales Rank: #951,860 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

12 of 12 people found the following review helpful:

5.0 out of 5 stars A perennial favorite. Great introduction to the basics, January 7, 1999

By	David Spalding (dspalding@korova.com) (cyberspace) - See all my reviews

There's a rather funny scene in HACKERS in which some nerds are quizzing the mysterious new kid about his "Red Book," "Orange Book," et al. It's supposed to be way over the viewer's head ... but after reading this book, you'll chuckle at the pedestrian writing. O'Reilly explains all. The publisher really ought to retitle this "ADP Security Manager in 21 days." No kidding. This book covers the basic issues, the references, the standards, specifics. It goes deeper, though, to explain WHY, with more than a healthy dose of historical background on the evolution of computer security. Also easily overlooked: a cogent explanation of most computer virus issues. And it's all done in witty, plain language writing that's a breeze to assimilate. For anyone who's preparing to manage a LAN/WAN, or has wondered why "the people upstairs" enforce particular policies, this is THE book to start with, no exception. For armchair 'net enthusiasts, this is still the first, best source for an understanding of online security issues. Seriously: walk into most shops and server rooms, and ask, "Where's your yellow, O'Reilly computer security book?" Chances are, it's nearby, with the spine well broken and worn.

9 of 9 people found the following review helpful:

5.0 out of 5 stars Great computer security book for absolute beginners, June 17, 2006

By	calvinnme "Texan refugee" (Fredericksburg, Va) - See all my reviews (TOP 10 REVIEWER)

This review is from: Computer Security Basics (Paperback)

This book is the long awaited second edition of a classic book in basic computer security. It is an introduction to the field, not a technical reference. If you need details on a particular aspect of computer security, you should refer to another more specialized book. Since Amazon does not show the table of contents, I review this book in reference to its table of contents:

Part I, SECURITY FOR TODAY
Chapter 1, Introduction
Introduces computer security: what it is and why it's important. It summarizes the threats to computers and the information stored on them, and it introduces the different types of computer security. It notes that if you ignore computer security you could not only be a crime victim but an unwitting partner in crime.
Chapter 2, Some Security History
Describes how we got to where we are today. It summarizes key events in the history of computer security, discusses some of the government standards and programs involved with computer security, and introduces the concept of computer databases and the preservation of privacy.

Part II, COMPUTER SECURITY
Chapter 3, Computer System Security and Access Controls
Introduces computer system security and describes how it controls access to systems and data.
Chapter 4, Viruses and Other Wildlife
Explores viruses, worms, Trojans, and other types of malicious code. The financial effects of malicious programs are discussed first, including that of wasted time. Next it equates viruses and public health - in that once your computer is infected others can be too using your computer as a jumping off point. The history of viruses is also discussed, including the fact that today's viruses and worms are basically malware written by malicious individuals, not computer scientists exploring the limits of technology as was once the case. Remedies, and more importantly, prevention is discussed.
Chapter 5, Establishing and Maintaining a Security Policy
Describes the administrative procedures that improve security within an organization and the three general categories of administrative security. It also introduces business continuity and disaster recovery as part of security. It also introduces the large numbers of laws now on the books relating to computer security, many that carry heavy fines in case of violation. It also mentions that it is important to implement separation of duties so no one person carries the load of security-related tasks.
Chapter 6, Web Attacks and Internet Vulnerabilities
This chapter deals with the basics of the Internet and the Web, as well as several important Internet protocols that keep the Internet humming from behind the scenes. The chapter then discusses vulnerabilities of several of these services, as well as exploits that can be used to attack them. Finally, this chapter gives several suggestions of how users can defend against those who misuse the Internet to steal or annoy.

Part III, COMMUNICATIONS SECURITY
Chapter 7, Encryption
This chapter explains what encryption is and how it protects data. The chapter discusses encryption definition and history. It also discusses DES (the Data Encryption Standard), as well as listing the acronyms of many other encryption algorithms. The chapter also defines message authentication, and lists several government cryptographic programs as well as mentioning cryptographic export restrictions.
Chapter 8, Communications and Network Security
Introduces network concepts and discusses some basic communications security issues. These issues include what makes communications secure, and the definition of modems, networks, and network security. Appropriate steps to keep your computer network safe from attack are outlined.

Part IV, OTHER TYPES OF SECURITY
Chapter 9, Physical Security and Biometrics
Introduces physical security and describes different types of biometric devices. Physical security is largely a system of common sense precautions and photo IDs, where biometrics is a new science where an individual's retina patterns, iris patterns, voice patterns, signatures, and keystroke patterns are measured and identified.
Chapter 10, Wireless Network Security
Describes the workings of wireless networks and the security ramifications of this access medium. Shows that although wireless computing is very convenient, it opens up a whole new world to hackers. Proper antenna selection to keep radio signals confined to the appropriate area is discussed. Careful attention to network cabling--all wireless networks end up connecting to a wired network at some point--also help assure security for the wireless environment.

In summary, this is a great little book for those just entering the field of computer security, as well as individual computer users who want to learn how to not be the weak link in either their professional or home network. It carefully defines terms and even has some good general advice on securing your computer and your network, but you should consult other books for details. I highly recommend it to the beginner who is interested in the field.

10 of 11 people found the following review helpful:

5.0 out of 5 stars Excellent basic Guide to Security, March 9, 2001

By	Edward P Yakabovicz (Delaware USA) - See all my reviews

Looking for that one book that offers basic security principals, maybe things you missed in other books ? This book offers the very BEST in the basics of Security.. Recommended as a starter book for CISSP, CISA, or any Information Security related self study.