Contributors, Volume III
Threats, Vulnerabilities, Prevention, Detection and Management
Contents
Part 1: Threats and Vulnerabilities to Information and Computing Infrastructures
132. Internal Security Threats
Marcus K. Rogers
Purdue University
133. Physical Security Threats
Mark Michael
Research in Motion Ltd., Canada
134. Fixed-Line Telephone System Vulnerabilities
Mak Ming Tak
Hong Kong University of Science and Technology , Hong Kong
Xu Yan
Hong Kong University of Science and Technology , Hong Kong
Zenith Y.W. Law
JustSolve Consulting, Hong Kong
135. E-Mail Threats and Vulnerabilities
David Harley
NHS Connecting for Health, UK
136. E-Commerce Vulnerabilities
Sviatoslav Braynov
University of Illinois, Springfield
137. Hacking Techniques in Wired Networks
Qijun Gu
Pennsylvania State University
Peng Liu
Pennsylvania State University
Chao-Hsien Chu
Pennsylvania State University
138. Hacking Techniques in Wireless Networks
Prabhaker Mateti
Wright State University
139. Computer Viruses and Worms
Robert Slade
Independent Consultant, Canada
140. Trojan Horse Programs
Adam Young
Cigital, Inc.
141. Hoax Viruses and Virus Alerts
Robert Slade
Independent Consultant, Canada
142. Hostile Java Applets
David Evans
University of Virginia
143. Spyware
Tom S. Chan
Southern New Hampshire University
144. Mobile Code and Security
Song Fu
Wayne State University
Cheng-Zhong Xu
Wayne State University
145. Wireless Threats and Attacks
Robert J. Boncella
Washburn University
146. WEP Security
Nikita Borisov
University of California, Berkeley
147. Bluetooth Security
Susanne Wetzel
Stevens Institute of Technology
148. Cracking WEP
Pascal Meunier
Purdue University
149. Denial of Service Attacks
E. Eugene Schultz
University of California-Berkeley Lab
150. Network Attacks
Edward Amoroso
AT&T Laboratories
151. Fault Attacks
Hamid Choukri
Gemplus & University of Bordeaux, France
Michael Tunstall
Gemplus & Royal Holloway University, France
152. Side-Channel Attacks
Pankaj Rohatgi
IBM Corporation
Part 2: Prevention: Keeping the Hackers and Crackers at Bay
153. Physical Security Measures
Mark Michael
Research in Motion Ltd., Canada
154. RFID and Security
Stephen A. Weis
Massachusetts Institute of Technology
155. Cryptographic Privacy Protection Techniques
Markus Jakobsson
Indiana University, Bloomington
156. Cryptographic Hardware Security Modules
Nicko van Someren
nCipher Corporation, UK
157. Smart Card Security
Michael Tunstall
Gemplus & Royal Holloway University, France
Sebastien Petit
Gemplus, France
Stephanie Porte
Gemplus, France
158. Client-Side Security
Charles Border
Rochester Institute of Technology
159. Server-Side Security
Slim Rekhis
National Digital Certification Agency, and University of Carthage, Tunisia
Noureddine Boudriga
National Digital Certification Agency, and University of Carthage, Tunisia
Mohammad S. Obaidat
Monmouth University
160. Protecting Web Sites
Dawn Alexander
University of Maryland
April Giles
Independent Consultant
161. Database Security
Michael Gertz
University of California, Davis
Arnon Rosenthal
The MITRE Corporation
162. Medical Records Security
Normand M. Martel
Medical Technology Research Corp.
163. Access Control: Principles and Solutions
S. De Capitani di Vimercati
Università di Milano, Italy
S. Paraboschi
Università di Bergamo, Italy
Pierangela Samarati
Università di Milano, Italy
164. Password Authentication
Jeremy L. Rasmussen
Sypris Electronics, LLC
165. Computer and Network Authentication
Patrick McDaniel
Pennsylvania State University
166. Antivirus Technology
Matthew Schmid
Cigital, Inc.
167. Biometric Basics and Biometric Authentication
James. L. Wayman
San Jose State University
168. Issues and Concerns in Biometric IT Security
Philip Statham
CESG, Cheltenham, Gloucestershire, UK
169. Firewall Basics
James E. Goldman
Purdue University
170. Firewall Architectures
James E. Goldman
Purdue University
171. Packet Filtering and Stateful Firewalls
Avishai Wool
Tel Aviv University, Israel
172. Proxy Firewalls
John D. McLaren
Murray State University
173. E-Commerce Safeguards
Mark S. Merkow
University of Phoenix
174. Digital Signatures and Electronic Signatures
Raymond R. Panko
University of Hawai`I, Manoa
175. E-mail Security
Jon Callas
PGP Corporation
176. Security for ATM Networks
Thomas D. Tarman
Sandia National Laboratories
177. VPN Basics
G. I. Papadimitriou
Aristotle University, Greece
Mohammad S. Obaidat
Monmouth University
C. Papazoglou
Aristotle University, Greece
A.S. Pomportsis
Aristotle University, Greece
178. VPN Architecture
Stan Kurkovsky
Columbus State University
179. IP-Based VPN
David E. McDysan
MCI Corporation
180. Identity Management
John Linn
RSA Laboratories
181. Use of Deception Techniques: Honeypots and Decoys
Fred Cohen
University of New Haven
182. Active Response to Computer Intrusions
David Dittrich
University of Washington
Kenneth Einar Himma
Seattle Pacific University
Part 3: Detection, Recovery, Management and Policy Considerations
183. Intrusion Detection Systems Basics
Peng Ning
North Carolina State University
Sushil Jajodia
George Mason University
184. Host-Based Intrusion Detection Systems
Giovanni Vigna
Reliable Software Group
Christopher Kruegel
Technical University, Vienna, Austria
185. Network-Based Intrusion Detection Systems
Marco Cremonini
University of Milan, Italy
186. Use of Agent Technology for Intrusion Detection
Dipankar Dasgupta
The University of Memphis
187. Contingency Planning Management
Marco Cremonini
University of Milan, Italy
Pierangela Samarati
University of Milan, Italy
188. Computer Security Incident Response Teams (CSIRTs)
Raymond R. Panko
University of Hawai`I, Manoa
189. Implementing a Security Awareness Program
K Rudolph
Native Intelligence, Inc.
190. Risk Assessment for Risk Management
Rick Kazman
University of Hawaii, Manoa
Daniel N. Port
University of Hawaii, Manoa
David Klappholz
Stevens Institute of Technology
191. Security Insurance and Best Practices
Selahattin Kuru
Isik University, Turkey
Onur Ihsan Arsun
Isik University, Turkey
Mustafa Yıldız
Isik University, Turkey
192. Auditing Information Systems Security
S. Rao Vallabhaneni
SRV Professional Publications
193. Evidence Collection and Analysis Tools
Christopher L. T. Brown
Technology Pathways LLC
194. Information Leakage: Detection and Countermeasures
Phil Venables
Goldman Sachs
195. Digital Rights Management
Renato Iannella
National ICT, Australia
196. Web Hosting
Doug Kaye
IT Conversations
197. Managing a Network Environment
Jian Ren
Michigan State University
198. E-Mail and Internet Use Policies
Nancy J. King
Oregon State University
199. Forward Security: Adoptive Cryptography Time Evolution
Gene Itkis
Boston University
200. Security Policy Guidelines
Mohamed Hamdi
National Digital Certification Agency, Tunisia
Noureddine Boudriga
National Digital Certification Agency, Tunisia
Mohammad S. Obaidat
Monmouth University
201. The Asset-Security Goals Continuum: A Process for Security
Margarita Maria Lenk
Colorado State University
202. Multilevel Security
Richard E. Smith
University of St. Thomas
203. Multilevel Security Models
Mark Stamp
San Jose State University
Ali Hushyar
San Jose State University
204. Security Architectures
Nicole Graf
University of Cooperative Education, Germany
Dominic Kneeshaw
Independent Consultant, Germany
205. Quality of Security Service: Adaptive Security
Timothy E. Levin
Naval Postgraduate School
Cynthia E. Irvine
Naval Postgraduate School
Evdoxia Spyropoulou
Technical Vocational Educational School of Computer Science of Halandri, Greece
206. Security Policy Enforcement
Cynthia E. Irvine
Naval Postgraduate School
207. Guidelines for a Comprehensive Security System
Hossein Bidgoli
California State University, Bakersfield