 |
|
||||||||||
Applied Information Security - A Hands-on Approach
Zurich Information Security Center
We are affiliated with the Zurich Information Security Center (ZISC)
The ZISC workshop on Securing Future Communication Networks against Emerging Threats will take place on 16-17 October 2013 at ETH Zurich and is announced here.
Events & News
- Our book Applied Information Security - A Hands-on Approach is an editor's pick and the current highlight of ACM's Computing Reviews.
- David Basin, Torsten Lodderstedt, and Juergen Doser, received the "Ten Year Most Influential Paper Award" at the MODELS 2012 conference for the paper SecureUML: A UML-Based Modeling Language for Model-Driven Security.
This book explores fundamental principles for securing IT systems and illustrates them with hands-on experiments that may be carried out by the reader using accompanying software. The experiments highlight key information security problems that arise in modern operating systems, networks, and web applications.
The Book
|
The authors explain how to identify and exploit such problems and they show different countermeasures and their implementation. The reader thus gains a detailed understanding of how vulnerabilities arise and practical experience tackling them. After presenting the basics of security principles, virtual environments, and network services, the authors explain the core security principles of authentication and access control, logging and log analysis, web application security, certificates and public-key cryptography, and risk management. The book concludes with appendices on the design of related courses, report templates, and the basics of Linux as needed for the assignments. The authors have successfully taught IT security to students and professionals using the content of this book and the laboratory setting it describes. The book can be used in undergraduate or graduate laboratory courses, complementing more theoretically oriented courses, and it can also be used for self-study by IT professionals who want hands-on experience in applied information security. The authors' supporting software is freely available online and the text is supported throughout with exercises. Table of ContentsChap. 1, Security Principles.- Chap. 2, The Virtual Environment.- Chap. 3, Network Services.- Chap. 4, Authentication and Access Control.- Chap. 5, Logging and Log Analysis.- Chap. 6, Web Application Security.- Chap. 7, Certificates and Public-Key Cryptography.- Chap. 8, Risk Management.- App. A, Using This Book in a Lab Course.- App. B, Report Template.- App. C, Linux Basics and Tools.- App. D, Answers to Questions.- References.- Index. |
Reviews
8 November 2012: The book is an editor's pick and the current highlight of ACM's Computing Reviews:
"This book is a good way for newcomers to the security field, or those who want an overview of a goodly sampling of security issues, to start understanding both the issues and possible defenses. It is very much a workbook, with numerous in-line problems to work on and a nice set of questions and exercises for each chapter; answers appear in an appendix. Many of the exercises involve using specific software to look at events as they occur. ... It is very readable and well organized, and the questions and exercises are generally very good. It is an excellent introduction to the subject and would make a good upper-level undergraduate text. It would also be quite useful as a self-study text for someone new to the field." (Jeffrey Putnam, ACM Computing Reviews, August 2012)
The full review is available here: Review
Get the Book
Errata and Improvements:
- Errata v2 for the 2011 edition (10 December 2012) [pdf]
Virtual Machines Download
With the new versions of VirtualBox it is now possible to export all necessary configurations. For your convenience, first try to simply import the appliances below. If this fails, you may follow the installation and configuration instructions using the virtual disks as described in the book.
VirtualBox:
- Virtualbox.org [www]
VirtualBox Appliances (v1.1, 14 March 2012):
* After extracting the zip-file, choose "File->Import Appliance..." to install the virtual machine (ova-file). Do not reassign new hardware MAC-addresses!
- All virtual machines [zip, ~2 GB]
- Alice [zip, ~880 MB]
- Bob [zip, ~450 MB]
- Mallet [zip, ~880 MB]
Virtual Machine Disks (v1.1, 14 March 2012):
* If the import of the above appliances fails, please follow the instructions in the book to install and configure the virtual machines!
- All virtual machines [zip, ~2 GB]
- Alice [zip, ~850 MB]
- Bob [zip, ~400 MB]
- Mallet [zip, ~800 MB]
Resources
Project Files:
- MySQL Dump File for the users table [dump]
Templates:
Lab Extensions
In this section we provide some links to extensions of the lab environment and the book in different topics. We would like to thank the authors of these extensions to share them here. If you would like to be listed here, please contact Michael Schläpfer.
Computer Forensics
This chapter extends the book by introducing Computer Forensics and was developed by Lukas Limacher as part of his Bachelor thesis (v1.0, 17 September 2012):
- Chapter Computer Forensics [pdf]
- Virtual machine Charlie and all needed material [zip, ~3 GB]
Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne
graphische Elemente dargestellt. Die Funktionalität der
Website ist aber trotzdem gewährleistet. Wenn Sie diese
Website regelmässig benutzen, empfehlen wir Ihnen, auf
Ihrem Computer einen aktuellen Browser zu installieren. Weitere
Informationen finden Sie auf
folgender
Seite.
Important Note:
The content in this site is accessible to any browser or
Internet device, however, some graphics will display correctly
only in the newer versions of Netscape. To get the most out of
our site we suggest you upgrade to a newer browser.
More
information
