Computer Security: Principles and Practice

  • ISBN13: 9780136004240
  • Condition: NEW
  • Notes: Brand New from Publisher. No Remainder Mark.

Product Description
For courses in Computer/Network Security. In recent years, the need for education in computer security and related topics has grown dramatically — and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research … More >>

Computer Security: Principles and Practice

4 replies
  1. M. Wright says:

    I’ve been using this book as a textbook in my intro to security class since for a couple of years. As an introductory text for upper-level undergrads or grads in computer science, I think it’s very appropriate and reasonably well written. In particular, I like it better than the Pfleeger and Pfleeger book (which is okay) and the Bishop book (which is very dense and theoretical — theory is obviously important, but not for an intro course).

    Like the other books of Stallings that I’ve read, it suffers somewhat from what I’ll call “standards-itis.” It uses well-known and well-documented methods and protocols as the only means of explaining some concepts. It thus may take a concept like “passwords” and say here is how UNIX does it, here is how that’s been improved, and here are some published ideas on stopping bad password use. That’s not bad, though it could be centered more around the principles of password protection. What’s worse is when the book goes into great detail about things like the options in a Snort rule. This can make for some unnecessarily boring stretches of reading, with little conceptual material being imparted.

    As another reviewer pointed out, you can’t just pick up the book and have a ready-made course. You should supplement with some online materials (probably necessary anyway) and prepare students specifically for any labs you do. And I don’t recommend this for someone learning without a teacher.

    Overall, however, I think it’s the best intro text for the subject that I’ve found.
    Rating: 4 / 5

  2. Rich says:

    The content is okay. I would prefer some more detail and less “fluff” that’s been pulled from old papers about security. My main complaint about this book is the sheer number of misspellings and typos. For example, I’ve just read one section that says “see section E” for further detail. There isn’t a section “E” — contextually, you can determine quickly that they mean section “D”. I feel like I’m reading someone’s draft and not a final product.

    Also, most modern books include either a self-testing CD or a web site where you can quiz yourself. If you’re using this book for self-study (as opposed to being in a class), it’s difficult to gauge how well you’re retaining the information. This book does not include a CD. It does, however have a companion web site but I was unable to find a self-assessment tool on that website.
    Rating: 2 / 5

  3. calvinnme says:

    The author of this book also wrote the widely used text “Cryptography and Network Security”. I like that book well enough, but you have to use outside resources to understand what’s going on in that book, and I would say that is even more true for this textbook. That is because the author is basically taking subjects discussed in the Cryptography and Network Security book and adding topics like management issues and security of specific operating systems – without getting specific enough that you could actually solve too many problems. To me the best parts of the book are the appendices. The information on number theory is quite good, as are the suggestions for projects and labs. Unfortunately, this book does not contain sufficient information to perform those projects and labs. The contents make a good starting point for the study of computer security, but if you are an instructor be prepared to use lots of supplemental material or your students are going to be left high and dry. Currently the table of contents is not shown, so I include it next. This book is just under 900 pages long, so its 24 chapters are covering their subject matter in under 40 pages each, which does not give much room for detail.

    Chapter 1 Overview

    PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES

    Chapter 2 Cryptographic Tools

    Chapter 3 User Authentication

    Chapter 4 Access Control

    Chapter 5 Database Security

    Chapter 6 Intrusion Detection

    Appendix 6A:The Base-Rate Fallacy

    Chapter 7 Malicious Software

    Chapter 8 Denial of Service

    Chapter 9 Firewalls and Intrusion Prevention Systems

    Chapter 10 Trusted Computing and Multilevel Security

    PART TWO SOFTWARE SECURITY

    Chapter 11 Buffer Overflow

    Chapter 12 Other Software Security Issues

    PART THREE MANAGEMENT ISSUES

    Chapter 13 Physical and Infrastructure Security

    Chapter 14 Human Factors

    Appendix 14A: Security Awareness Standard of Good Practice

    Appendix 14B: Security Policy Standard of Good Practice

    Chapter 15 Security Auditing

    Chapter 16 IT Security Management and Risk Assessment

    Chapter 17 IT Security Controls, Plans and Procedures

    Chapter 18 Legal and Ethical Aspects

    Appendix 18A: Information Privacy Standard of Good Practice

    PART FOUR CRYPTOGRAPHIC ALGORITHMS

    Chapter 19 Symmetric Encryption and Message Confidentiality

    Chapter 20 Public-Key Cryptography and Message Authentication

    PART FIVE INTERNET SECURITY

    Chapter 21 Internet Security Protocols and Standards

    Chapter 22 Internet Authentication Applications

    PART SIX OPERATING SYSTEM SECURITY

    Chapter 23 Linux Security

    Chapter 24 Windows Security

    APPENDICES

    Appendix A Some Aspects of Number Theory

    A.1 Prime and Relatively Prime Numbers

    A.2 Modular Arithmetic

    A.3 Fermat’s and Euler’s Theorems

    Appendix B Random and Pseudorandom Number Generation

    B.1 The Use of Random Numbers

    B.2 Pseudorandom Number Generators (PRNGs)

    B.3 True Random Number Generators

    Appendix C Projects for Teaching Computer Security

    C.1 Research Projects

    C.2 Programming Projects

    C.3 Laboratory Exercises

    C.4 Writing Assignments

    C.5 Reading/Report Assignments

    ONLINE APPENDICES

    Appendix D Standards and Standard-Setting Organizations

    Appendix E TCP/IP Protocol Architecture

    Appendix F Glossary
    Rating: 3 / 5

  4. W Boudville says:

    Stallings and Brown directs the book at a computer professional, who might be a programmer or system administrator. The book deliberately minimises the mathematical aspects. Much of the topic consists of layers above sophisticated encryption algorithms. Alas, a detailed treatment of the latter often requires heavy math background. If you do desire such a treatment, I recommend Matt Bishop’s Introduction to Computer Security. That book was deprecated by some reviewers, who found it too mathematical.

    Anyway, back to Stallings and Brown. It does proffer good technical explanations of various malware. Like worms and viruses. And attack modes like Denial of Service, and Distributed Denial of Service. Important variants are also covered – reflector and amplifier attacks.

    Countermeasures to malware then naturally enter the narrative. So you learn how a firewall functions. Plus how to set up a honeypot to attract spam, phishing and malware.

    So far, the above might be regarded as external attacks on your system. Sometimes, worms or viruses might try to take advantage of weaknesses in installed programs. Hence, another section of the book is for those of you who write such programs. Explaining how to guard against buffer and stack overflows, for example. These 2 are perhaps the most common entry points for malware.
    Rating: 4 / 5

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.