Mark Stamp - Information Security

263 263

264 265

265 266

266 267

267 268

268 269

269 270

270 271

271 273

272 274

273 276

274 280

275 281

276 282

277 283

278 284

279 285

280 286

281 287

282 288

283 289

284 290

285 291

286 292

287 293

288 294

289 295

290 296

291 298

292 299

293 300

294 301

295 302

296 303

297 304

298 305

299 306

300 307

301 308

302 309

303 310

304 311

305 314

306 315

307 316

308 319

309 320

310 321

311 322

312 323

313 324

314 325

315 326

316 328

317 329

318 330

319 331

320 332

321 333

322 334

323 335

324 336

325 337

326 338

327 339

328 341

329 342

330 343

331 344

332 345

333 346

334 347

335 348

336 349

337 350

338 351

339 352

340 353

341 354

342 355

343 356

344 357

345 358

346 359

347 360

348 361

349 362

350 363

351 364

352 365

353 366

354 367

355 368

356 369

357 370

358 371

359 372

360 373

361 374

362 375

363 376

364 377

365 378

366 379

367 380

368 381

369 382

370 383

371 384

372 385

373 386

374 387

375 388

376 389

377 390

378 391

379 392

380 393

381 394

382 395

383 396

384 397

385 398

386 399

387 400

388 401

389 402

390 403

391 404

392 405

393 406

394 407

395 408

396 409

397 410

398 411

399 412

400 413

401 414

402 415

403 416

404 417

405 419

406 420

407 421

408 422

409 423

410 424

411 425

412 426

413 427

414 428

415 429

416 430

417 431

Third Edition

Mark Stamp

San Jose State University San Joe, California

This edition first published 2022

©2022 by John Wiley & Sons, Inc.

Edition History

1e 2006 Wiley; 2e 2011 Wiley

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Mark Stamp to be identified as the author of this work has been asserted in accordance with law.

Registered Office

John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA

Editorial Office

111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print‐o‐-demand. Some content that appears in standard print versions of this book may not be available in other formats.

Limit of Liability/Disclaimer of Warranty

The contents of this work are intended to further general scientific research, understanding, and discussion only and are not intended and should not be relied upon as recommending or promoting scientific method, diagnosis, or treatment by physicians for any particular patient. In view of ongoing research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of medicines, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each medicine, equipment, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging‐in‐Publication Data Applied for:

ISBN: 9781119505907

Cover Design: Wiley

Cover Image: © loops7/Getty Images

To Miles, Austin, and Melody.

Please sir or madam won't you read my book?

It took me years to write, won't you take a look?

— Lennon and McCartney

I hate black boxes. My primary goal in writing this book was to illuminate some of those black boxes that are popular in information security books today. On the other hand, I don't want to bore you to death with trivial details—if that's what you want, your can read RFCs. As a result, I'll often ignore details that I deem irrelevant to the point that I'm trying to make. You can judge whether I've struck the proper balance between these two competing goals.

I've strived to keep the presentation moving along so as to cover a broad selection of topics. My objective is to cover each item in just enough detail so that you can appreciate the security issue, while not getting too bogged down in details. I've also attempted to regularly emphasize and reiterate the main points so that crucial information doesn't slip by below the radar screen.

Another goal is to present the topic in a reasonably lively and interesting way. If any computing subject should be exciting and fun, it's information security. Security is happening now, and it's in the news—it's clearly alive and kicking.

I've also tried to inject a little humor. They say that humor is derived from pain, and judging by the quality of the jokes, I'd say that I've definitely led a charmed life. In any case, most of the bad jokes are in footnotes so they shouldn't be too distracting.

Some security textbooks offer a large dollop of dry theory. Reading one of those books is about as exciting as reading a calculus textbook. Other books offer a seemingly random collection of apparently unrelated facts, giving the impression that security is not really a coherent subject at all. Then there are books that present the topic as a bunch of high‐level managerial platitudes. Finally, some texts focus on the human factors in security. While all of these approaches have their place, my bias is that, first and foremost, a security engineer must have a solid understanding of the inherent strengths and weaknesses of the underlying technology.