• Learn about memory organization, buffer overflows, and relevant countermeasures • Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation • Survey of past malware and malware capabilities • Virus detection • Tips for programmers on writing code for security

• Survey authentication mechanisms • List available access control implementation options • Explain the problems encryption is designed to solve • Understand the various categories of encryption tools as well as the strengths, weaknesses, and applications of each • Learn about certificates and certificate authorities

• Basic security functions provided by operating systems • System resources that require operating system protection • Operating system design principles • How operating systems control access to resources • The history of trusted computing • Characteristics of operating system rootkits

• Learn basic terms and primitives of cryptography • Deep dive into how symmetric encryption algorithms work • Study the RSA asymmetric encryption algorithm • Compare message digest algorithms • Explain the math behind digital signatures • Learn the concepts behind quantum cryptography

• Define the Internet of Things and discuss associated emerging security issues • Discuss nascent efforts to financially measure cybersecurity to make sound investment decisions • Explore the evolving field of electronic voting, which has been an important and open security research problem for over a decade • Study potential examples of cyber warfare and their policy implications

• Define cloud services, including types and service models • How to define cloud service requirements and identify appropriate services • Survey cloud-based security capabilities and offerings • Discuss cloud storage encryption considerations • Protection of cloud-based applications and infrastructures • Explain the major federated identity management standards and how they differ

• Define privacy and fundamental computer-related privacy challenges • Privacy principles and laws • Privacy precautions for web surfing • Spyware • Email privacy • Privacy concerns in emerging technologies

• Define computer security as well as basic computer security terms • Introduce the C-I-A Triad • Introduce basic access control terminology • Explain basic threats, vulnerabilities, and attacks • Show how controls map to threats

上一章讨论的局域网是单个的同种协议网,即网络中每台机器对应层所用协议相同,通信 是在同一个网络内不同主机之间进行的。而所谓“网络互连”,就是采用各种网络互连设备将 同一类型的网络或不同类型的网络相互连接起来,形成所谓“internet“(互连网络),使一个 网络上的主机能与另一网络上的主机相互通信。因特网(Internet)是世界上最大的 internet 此外,为了保证网络的传输性能、可靠性及安全性,一般要求一个网络所管理的范围不要 太大,这就要求把一个大的网络分解成若干个较小的子网,通过网络互连技术,形成所谓的 Intranet(内部互连网),以便隔离故障,提高安全保密性,方便网络管理

 4.1 口令的历史与现状  4.2 口令破解方式  4.3 典型的口令破解工具  4.4 口令攻击的综合应用  4.5 口令攻击的防御  4.6 小结