What Is New in This Book?

This is the third edition of Security in Computing , first published in 1989. Since then, the specific threats, vulnerabilities, and controls have changed, even though many of the basic notions have remained the same.

The two changes most obvious to people familiar with the previous editions are networks and encryption. Networking has evolved even since the second edition was published, and there are many new concepts to master, such as distributed denial-of-service attacks or scripted vulnerability probing. As a consequence, the networks chapter is almost entirely new. Previous editions of this book presented encryption details in the same chapter as encryption uses. Although encryption is a fundamental tool in computer security, in this edition the what is presented straightforwardly in Chapter 2, while the how is reserved for the later Chapter 10. This structure lets readers get to the technical uses of encryption in programs and networks more quickly.

There are numerous other additions, of which these are the most significant ones:

• the Advanced Encryption System (AES), the replacement for the Data Encryption System (DES) from the 1970s

• programming flaws leading to security failures, highlighting buffer overflows, incomplete mediation, and time-of-check to time-of-use errors

• recent malicious code attacks, such as Code Red

• software engineering practices to improve program quality

• assurance of code quality

• authentication techniques such as biometrics and password generators

• privacy issues in database management system security

• mobile code, agents , and assurance of security in them

• denial-of-service and distributed denial-of-service attacks

• flaws in network protocols

• security issues in wireless computing

• honeypots and intrusion detection

• copyright controls for digital media

• threats to and controls for personal privacy

• software quality, vulnerability reporting, and vendors ' responsibilities

• the ethics of hacking

In addition to these major changes, there are numerous small corrective and clarifying ones, ranging from wording changes to subtle notational changes for pedagogic reasons to replacement, deletion, rearrangement , and expansion of sections.