Table of Contents

PREFACE	How to Read This Book Acknowledgments
1. INTRODUCTION	Systems Systems and Security

PART 1 - THE LANDSCAPE
2. DIGITAL THREATS	The Unchanging Nature of Attacks The Changing Nature of Attacks Proaction vs. Reaction
3. ATTACKS	Criminal Attacks Privacy Violations Publicity Attacks Legal Attacks
4. ADVERSARIES	Hackers Lone Criminals Malicious Insider Industrial Espionage Press Organized Crime Police Terrorists National Intelligence Organizations Infowarriors
5. SECURITY NEEDS	Privacy Multilevel Security Anonymity Privacy and the Government Authentication Integrity Audit Electronic Currency Proactive Solutions

PART 2 - TECHNOLOGIES
6. CRYPTOGRAPHY	Symmetric Encryption Types of Cryptographic Attacks Recognizing Plaintext Message Authentication Codes One-Way Hash Functions Public-Key Encryption Digital Signature Schemes Random Number Generators Key Length
7. CRYPTOGRAPHY IN CONTEXT	Key Length and Security One-Time Pads Protocols Internet Cryptographic Protocols Types of Protocol Attacks Choosing an Algorithm or Protocol
8. COMPUTER SECURITY	Definitions Access Control Security Models Security Kernels and Trusted Computing Bases Covert Channels Evaluation Criteria Future of Secure Computers
9. IDENTIFICATION AND AUTHENTICATION	Passwords Biometrics Access Tokens Authentication Protocols Single Sign-On
10. NETWORKED- COMPUTER SECURITY	Malicious Software Modular Code Mobile Code Web Security
11. NETWORK SECURITY	How Networks Work IP Security DNS Security Denial-of-Service Attacks Distributed Denial-of-Service Attacks The Future of Network Security
12. NETWORK DEFENSES	Firewalls Demilitarized Zones (DMZs) Virtual Private Networks Intrusion Detection Systems Honey Pots and Burglar Alarms Vulnerability Scanners E-Mail Security Encryption and Network Defenses
13. SOFTWARE RELIABILITY	Faulty Code Attacks on Faulty Code Buffer Overflows The Ubiquity of Faulty Code
14. SECURE HARDWARE	Tamper Resistance Side-Channel Attacks Attacks against Smart Cards
15. CERTIFICATES AND CREDENTIALS	Trusted Third Parties Credentials Certificates Problems with Traditional PKIs PKIs on the Internet
16. SECURITY TRICKS	Government Access to Keys Database Security Steganography Subliminal Channels Digital Watermarking Copy Protection Erasing Digital Information
17. THE HUMAN FACTOR	Risk Exception Handling Human-Computer Interface Human-Computer Transference Malicious Insiders Social Engineering

PART 3 - STRATEGIES
18. VULNERABILITIES AND THE VULNERABILITY LANDSCAPE	Attack Methodology Countermeasures The Vulnerability Landscape Rationally Applying Countermeasures
19. THREAT MODELING AND RISK ASSESSMENT	Fair Elections Secure Telephones Secure E-Mail Stored-Value Smart Cards Risk Assessment The Point of Threat Modeling Getting the Threat Wrong
20. SECURITY POLICIES AND COUNTERMEASURES	Security Policies Trusted Client Software Automatic Teller Machines Computerized Lottery Terminals Smart Cards vs. Memory Cards Rational Countermeasures
21. ATTACK TREES	Basic Attack Trees A Pretty Good Privacy Attack Tree Creating and Using Attack Trees
22. PRODUCT TESTING AND VERIFICATION	The Failure of Testing Discovering Security Flaws After the Fact Open Standards and Open Source Solutions Reverse Engineering and the Law Cracking and Hacking Contests Evaluating and Choosing Security Products
23. THE FUTURE OF PRODUCTS	Software Complexity and Security Technologies to Watch Will We Ever Learn?
24. SECURITY PROCESSES	Processes Detection and Response Counterattack Manage Risk Outsourcing Security Processes
25. CONCLUSION
AFTERWORD

up to Secrets and Lies

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.