商品簡介
The first generation of Internet security professionals cut its teeth on Firewalls and Internet Security, Repelling the Wily Hacker, by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin.
But much has happened since that book became an instant classic in 1994. Unfortunately, the "good guys" have been gradually losing the Internet arms race. "The hackers have developed and deployed tools for attacks we had been anticipating for years. IP spoofing and TCP hijacking are now quite common...ISPs report that attacks on the Internet's infrastructure are increasing."
Well, it's taken nine years, but the Second Edition has arrived -- and not a moment too soon.
Above all, this book teaches the right attitude about security. With the right frame of mind, you're far more likely to make reasonable security decisions when new challenges arise. To that end, the authors waste no time, presenting the no-nonsense principles of Internet security right up front.
Keep the level of all your defenses at about the same height. (You wouldn't fit a bank vault with a screen door on the back, yet many people do the same thing with Internet security.) An attacker doesn't go through security, but around it. They're looking for your weakest link.
Put your defenses in layers. Some of the layers will be physical, some conceptual, but together, they're far more effective than any of them would be alone. (This is, incidentally, how your immune system works.) Keep it simple. Complex systems are difficult to understand, audit, explain, and troubleshoot, and virtually impossible to perfect.
Also: Don't hand out more privileges than someone needs to do the job. Security should be integral to the original design, not bolted on later. Programs are insecure until proven secure. But: If you don't run a program, who cares if it's secure? Most folks have heard at least some of these, but few people take them sufficiently to heart. The rest of this book is about translating these common-sense security maxims into safer systems.
In Chapters 2 and 3, the authors move on to discussing key Internet protocols from the viewpoint of security. They start at the lowest levels, with IP packets, ARP, and TCP-based virtual circuits, then systematically review routing protocols like BGP; DNS and DHCP; network address translation, and more.
When you really understand how TCP opens a connection, you can see how SYN flood attacks attempt to flood a host with "half-open connections." When you understand how UDP works, you can see why it's so easy to spoof UDP packets -- and why you'd better be careful about using the source addresses they present.
Along the way, the authors utterly massacre WEP, the standard wireless security protocol for WiFi networks. (When you read what they have to say, you have to shake your head and wonder about how this protocol was designed.)
Oh, and speaking of wireless: "[J]ust because you cannot access your wireless network with a PCMCIA card from the parking lot, it does not mean that someone with an inexpensive high gain antenna cannot reach it from a mile (or twenty miles!) away. In fact, we have demonstrated that a standard access point inside a building is easily reachable from that distance." Ouch.
The definitive coverage of protocols represents only one-fourth of this outstanding book. It's equally strong on assessing today's diverse classes of attacks; implementing safer tools and services; and designing and deploying secure firewalls and VPNs. The authors show how to improve security by optimizing your network's layout; present intelligent overviews of intrusion detection and encryption; and finally, preview some emerging innovations in Internet security.
While we hope we won't have to wait nine years for the next edition, this one should hold us in good stead for a very long time. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For DummiesR, Second Edition.
作者簡介
William R. Cheswick (http://cheswick.com) is Chief Scientist at Lumeta Corporation, which explores and maps clients' network infrastructures and finds perimeter leaks. Formerly he was a senior researcher at Lucent Bell Labs, where he did pioneering work in the areas of firewall design and implementation, PC viruses, mailers, and Internet munitions.
Steven M. Bellovin (http://stevebellovin.com) is a Fellow at AT&T Labs Research, where he works on networks, security, and, especially, why the two don't get along. He is a member of the National Academy of Engineering and is one of the Security Area directors of the Internet Engineering Task Force. Long ago he was one of the creators of NetNews.
Aviel D. Rubin (http://avirubin.com) is an Associate Professor in the Computer Science Department at Johns Hopkins University and serves as the Technical Director of their Information Security Institute. He was previously Principal Researcher in the Secure Systems Research Department at AT&T Laboratories and is the author of several books.
020163466XAB01302003
您曾經瀏覽過的商品
購物須知
外文書商品之書封,為出版社提供之樣本。實際出貨商品,以出版社所提供之現有版本為主。部份書籍,因出版社供應狀況特殊,匯率將依實際狀況做調整。
無庫存之商品,在您完成訂單程序之後,將以空運的方式為你下單調貨。為了縮短等待的時間,建議您將外文書與其他商品分開下單,以獲得最快的取貨速度,平均調貨時間為1~2個月。
為了保護您的權益,「三民網路書店」提供會員七日商品鑑賞期(收到商品為起始日)。
若要辦理退貨,請在商品鑑賞期內寄回,且商品必須是全新狀態與完整包裝(商品、附件、發票、隨貨贈品等)否則恕不接受退貨。