I 340

Invitation to Cybersecurity

Foreword	XV
About This Text	XVII
1. Introduction: The Hacker Advantage	1
1.1 Distanceless	1
1.2 Digital	2
1.3 Dynamic	3
1.4 Conclusion	4
2. The Context of Cybersecurity: Cyberspace	5
2.1 How Computers Work	5
2.1.1 Boolean Logic	6
2.1.2 Data Encoding	7
2.1.3 Binary	12
2.1.4 Computer Illustration	14
2.1.5 Encapsulation and Abstraction	16
2.2 Computer Hardware	18
2.2.1 Memory	18
2.2.2 Storage	19
2.2.3 CPU	20
2.2.4 I/O Devices	20
2.3 Computer Software	20
2.3.1 Algorithms	21
2.3.2 Computer Programming	21
2.3.3 The Operating System	24
2.3.4 The Web Browser	26
2.3.5 Virtual Machines	27
2.4 How the Internet Works	30
2.4.1 The Five Layer Model	31
2.4.2 Packet Switching	33
2.4.3 The Network Edge	36
2.5 The Frontiers of Computing	39
2.5.1 Artificial Intelligence (AI)	39
2.5.2 Quantum Computing	40
2.6 Conclusion	41
3. The Adversary of Cybersecurity: Hackers	43
3.1 Hackers	43
3.1.1 Ethical Hacking	45
3.1.2 Illegal Hacking	52
3.1.3 Hacking Skill Levels	56
3.1.4 Hacker Profile	57
3.2 Hacking Culture	58
3.2.1 Language and Art	58
3.2.2 Nicks	60
3.2.3 Literature and Films	60
3.2.4 Commerce	62
3.2.5 Folk Stories	62
3.2.6 Traditions	64
3.3 Conclusion	65
4. The Need for Cybersecurity: Cyber Attacks	67
4.1 Cyber Attacks	67
4.1.1 Reconnaissance	69
4.1.2 Gaining Unauthorized Access	69
4.1.3 Post Exploitation	81
4.1.4 Actions on Objectives	85
4.2 Cybersecurity Goals	89
4.2.1 Confidentiality	89
4.2.2 Integrity	89
4.2.3 Availability	90
4.3 Conclusion	91
5. The Approach to Cybersecurity: Cyber Risk Management	93
5.1 Cybersecurity Governance	93
5.2 Security Tradeoffs	97
5.3 The Cyber Risk Management Process	100
5.3.1 Cyber Assets	101
5.3.2 Cyber Threats	102
5.3.3 Cyber Vulnerabilities	104
5.3.4 Risk Analysis	106
5.3.5 Handling Risk	111
5.4 Planning for Failures	117
5.5 Conclusion	121
6. The Skill of Cybersecurity: Adversarial Thinking	123
6.1 Adversarial Thinking Defined	125
6.2 Game Theory	129
6.2.1 Real Life Through the Lens of Game Theory	133
6.2.2 Game Theory Summary	136
6.3 Behavioral Game Theory	137
6.3.1 Level-k Reasoning in Security Games	140
6.3.2 Behavioral Game Theory Summary	143
6.4 Conclusion	143
7. The Bedrock of Cybersecurity: Cryptography	145
7.1 Classic Cryptography	146
7.1.1 Letter Substitution: Ciphers	146
7.1.2 Word Substitution: Codebooks	154
7.1.3 Letter and Word Transposition	155
7.1.4 Combinations	156
7.2 Computer Cryptography	157
7.2.1 Symmetric Key Cryptography	158
7.2.2 Public Key Cryptography	165
7.2.3 Cryptographic Hashing	170
7.3 Steganography	177
7.4 Principles of Cryptography	181
7.4.1 Kerckhoffs’s Principle	181
7.4.2 Schneier’s Law	182
7.4.3 Simplicity and Security	183
7.5 Conclusion	184
8. The Means of Cybersecurity: Access Control	185
8.1 Authentication	185
8.1.1 Something You Know	188
8.1.2 Something You Are	191
8.1.3 Something You Have	195
8.1.4 Multi-factor Authentication	198
8.1.5 Network-based Authentication	199
8.1.6 Authentication on the Web	200
8.2 Authorization	202
8.2.1 Operating Systems	202
8.2.2 Multi-level Security	206
8.2.3 Authorization in Applications	208
8.2.4 Firewalls	209
8.3 Accounting	210
8.3.1 Analyzing Logs	213
8.4 Conclusion	215
9. The Application of Cybersecurity: Principles and Practices	217
9.1 Cybersecurity Principles	217
9.1.1 Adversarial Thinking	218
9.1.2 Depth Wins	219
9.1.3 Trusting Trust	221
9.1.4 Simplicity	223
9.1.5 Weakest Link	224
9.1.6 Least Privilege	225
9.1.7 Defense in Depth	227
9.1.8 Compartmentalization	228
9.1.9 Security as a Process	230
9.1.10 Planning for Failures	233
9.2 Practices	234
9.2.1 Manage Authentication Credentials	234
9.2.2 Use Cryptography	240
9.2.3 Harden Systems	242
9.2.4 Secure Networks	247
9.2.5 Online Safety	249
9.3 Conclusion	255
10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws	257
10.1 Ethics	258
10.1.1 Ethical Analysis	258
10.1.2 Ethics and Social Responsibility	265
10.2 Rights	267
10.2.1 United States Constitution	268
10.2.2 The Right to Due Process	270
10.2.3 The Right to Privacy	270
10.2.4 Summary	274
10.3 Laws	274
10.3.1 The United States Code	275
10.3.2 State Laws	281
10.3.3 International Laws	281
10.4 Civil Disobedience	286
10.5 Conclusion	289
11. Conclusion: The Impact of Cybersecurity	291
Acknowledgements	293
Glossary	295
Bibliography	332
Figure Sources	336
About the Author	338

Made with FlippingBook

RkJQdWJsaXNoZXIy MTM4ODY=