Applied Information Security - A Hands-on Approach
This book explores fundamental principles for securing IT systems and illustrates them with hands-on experiments that may be carried out by the reader using accompanying software. The experiments highlight key information security problems that arise in modern operating systems, networks, and web applications.
The authors explain how to identify and exploit such problems and they show different countermeasures and their implementation. The reader thus gains a detailed understanding of how vulnerabilities arise and practical experience tackling them.
After presenting the basics of security principles, virtual environments, and network services, the authors explain the core security principles of authentication and access control, logging and log analysis, web application security, certificates and public-key cryptography, and risk management. The book concludes with appendices on the design of related courses, report templates, and the basics of Linux as needed for the assignments.
The authors have successfully taught IT security to students and professionals using the content of this book and the laboratory setting it describes. The book can be used in undergraduate or graduate laboratory courses, complementing more theoretically oriented courses, and it can also be used for self-study by IT professionals who want hands-on experience in applied information security. The authors' supporting software is freely available online and the text is supported throughout with exercises.
Table of Contents
Chap. 1, Security Principles.- Chap. 2, The Virtual Environment.- Chap. 3, Network Services.- Chap. 4, Authentication and Access Control.- Chap. 5, Logging and Log Analysis.- Chap. 6, Web Application Security.- Chap. 7, Certificates and Public-Key Cryptography.- Chap. 8, Risk Management.- App. A, Using This Book in a Lab Course.- App. B, Report Template.- App. C, Linux Basics and Tools.- App. D, Answers to Questions.- References.- Index.
Authors:
David Basin
Patrick Schaller
Michael Schläpfer
Reviews
8 November 2012: The book is an editor's pick and the current highlight of ACM's Computing Reviews:
"This book is a good way for newcomers to the security field, or those who want an overview of a goodly sampling of security issues, to start understanding both the issues and possible defenses. It is very much a workbook, with numerous in-line problems to work on and a nice set of questions and exercises for each chapter; answers appear in an appendix. Many of the exercises involve using specific software to look at events as they occur. ... It is very readable and well organized, and the questions and exercises are generally very good. It is an excellent introduction to the subject and would make a good upper-level undergraduate text. It would also be quite useful as a self-study text for someone new to the field." (Jeffrey Putnam, ACM Computing Reviews, August 2012)
The full review is available here: external page Review
Get the Book
Errata and Improvements:
Download Errata v2 for the 2011 edition (10 December 2012)Virtual Machines Download
With the new versions of VirtualBox it is now possible to export all necessary configurations. For your convenience, first try to simply import the appliances below. If this fails, you may follow the installation and configuration instructions using the virtual disks as described in the book.
VirtualBox
- Virtualbox.org [external page www]
VirtualBox Appliances (v1.1, March 14, 2012)
* After extracting the zip-file, choose "File->Import Appliance..." to install the virtual machine (ova-file). Do not reassign new hardware MAC-addresses!
- All virtual machines [zip, ~2 GB]
- Alice [zip, ~880 MB]
- Bob [zip, ~450 MB]
- Mallet [zip, ~880 MB]
Virtual Machine Disks (v1.1, March 14, 2012)
* If the import of the above appliances fails, please follow the instructions in the book to install and configure the virtual machines!
- All virtual machines [zip, ~2 GB]
- Alice [zip, ~850 MB]
- Bob [zip, ~400 MB]
- Mallet [zip, ~800 MB]
Resources
Project Files:
- MySQL Dump File for the users table [Download dump]
Templates:
- System description template [Download pdf, Download tex]
- System review template [Download pdf, Download tex]
Lab Extensions
In this section we provide some links to extensions of the lab environment and the book in different topics. We would like to thank the authors of these extensions to share them here. If you would like to be listed here, please contact Christoph Sprenger.
Computer Forensics
This chapter extends the book by introducing Computer Forensics and was developed by Lukas Limacher as part of his Bachelor thesis (v1.1, 18 September 2014):
- Chapter Computer Forensics [Download pdf]
- Virtual machine Charlie and all needed material [zip, ~3 GB]
Back to Applied Security Laboratory