Professional Documents
Culture Documents
(Ebook PDF) Principles of Computer Security Fourth Edition - Ebook PDF All Chapter
(Ebook PDF) Principles of Computer Security Fourth Edition - Ebook PDF All Chapter
(Ebook PDF) Principles of Computer Security Fourth Edition - Ebook PDF All Chapter
http://ebooksecure.com/product/ebook-pdf-computer-security-
principles-practice-3rd-global-edition/
http://ebooksecure.com/product/computer-security-principles-and-
practice-4th-edition-ebook-pdf/
http://ebooksecure.com/product/ebook-pdf-computer-security-
principles-and-practice-4th-edition/
https://ebooksecure.com/download/principles-of-computer-security-
comptia-security-and-beyond-exam-sy0-601-6th-edition-ebook-pdf/
Principles of Computer Security: CompTIA Security+ and
Beyond Lab Manual (Exam SY0-601) 1st Edition - eBook
PDF
https://ebooksecure.com/download/principles-of-computer-security-
comptia-security-and-beyond-lab-manual-exam-sy0-601-ebook-pdf/
https://ebooksecure.com/download/foundations-of-computer-science-
ebook-pdf-2/
http://ebooksecure.com/product/ebook-pdf-computer-security-
fundamentals-4th-edition/
https://ebooksecure.com/download/computer-and-information-
security-handbook-ebook-pdf/
http://ebooksecure.com/product/ebook-pdf-principles-of-
information-security-5th-edition/
Copyright © 2016 by McGraw-Hill Education. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of this
publication may be reproduced or distributed in any form or by any means, or
stored in a data base or retrieval system, without the prior written permission of
the publisher, with the exception that the program listings may be entered,
stored, and executed in a computer system, but they may not be reproduced for
publication.
ISBN: 978-0-07-183597-8
MHID: 0-07-183597-0
The material in this eBook also appears in the print version of this title: ISBN:
978-0-07-183601-2, MHID: 0-07-183601-2.
All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use names
in an editorial fashion only, and to the benefit of the trademark owner, with no
intention of infringement of the trademark. Where such designations appear in
this book, they have been printed with initial caps.
TERMS OF USE
This is a copyrighted work and McGraw-Hill Education and its licensors reserve
all rights in and to the work. Use of this work is subject to these terms. Except as
permitted under the Copyright Act of 1976 and the right to store and retrieve one
copy of the work, you may not decompile, disassemble, reverse engineer,
reproduce, modify, create derivative works based upon, transmit, distribute,
disseminate, sell, publish or sublicense the work or any part of it without
McGraw-Hill Education’s prior consent. You may use the work for your own
noncommercial and personal use; any other use of the work is strictly prohibited.
Your right to use the work may be terminated if you fail to comply with these
terms.
Dr. Gregory White has been involved in computer and network security since
1986. He spent 19 years on active duty with the U.S. Air Force and is currently
in the Air Force Reserves assigned to the Pentagon. He obtained his Ph.D. in
Computer Science from Texas A&M University in 1995. His dissertation topic
was in the area of computer network intrusion detection, and he continues to
conduct research in this area today. He is currently the Director for the Center
for Infrastructure Assurance and Security and is an associate professor of
computer science at The University of Texas at San Antonio. Dr. White has
written and presented numerous articles and conference papers on security. He is
also the coauthor for five textbooks on computer and network security and has
written chapters for two other security books. Dr. White continues to be active in
security research. His current research initiatives include efforts in high-speed
intrusion detection, community infrastructure protection, and visualization of
community and organization security postures.
Dwayne Williams is Associate Director, Special Projects for the Center for
Infrastructure Assurance and Security (CIAS) at the University of Texas at San
Antonio and has more than 22 years of experience in information systems and
network security. Mr. Williams’s experience includes six years of commissioned
military service as a Communications-Computer Information Systems Officer in
the U.S. Air Force, specializing in network security, corporate information
protection, intrusion detection systems, incident response, and VPN technology.
Prior to joining the CIAS, he served as Director of Consulting for SecureLogix
Corporation, where he directed and provided security assessment and integration
services to Fortune 100, government, public utility, oil and gas, financial, and
technology clients. Mr. Williams graduated in 1993 from Baylor University with
a Bachelor of Arts in Computer Science. Mr. Williams is a Certified Information
Systems Security Professional (CISSP), CompTIA Advanced Security
Practitioner (CASP), and coauthor of McGraw-Hill’s Voice and Data Security,
CompTIA Security+ All-in-One Exam Guide, and CASP CompTIA Advanced
Security Practitioner Certification Study Guide.
We, the authors of Principles of Computer Security, Fourth Edition, have many
individuals who we need to acknowledge—individuals without whom this effort
would not have been successful. This edition would not have been possible
without Tim Green, whose support and faith in the authors made this edition
possible. He brought together an all-star production team that made this book
more than just a new edition, but a complete learning system.
The list needs to start with those folks at McGraw-Hill Education who worked
tirelessly with the project’s multiple authors and contributors and led us
successfully through the minefield that is a book schedule and who took our
rough chapters and drawings and turned them into a final, professional product
we can be proud of. We thank all the good people from the Acquisitions team,
Tim Green and Amy Stonebraker; from the Editorial Services team, Jody
McKenzie and Howie Severson; from the Illustration and Production teams,
James Kussow and Amarjeet Kumar and the composition team at Cenveo
Publisher Services. We also thank the technical editor, Bobby Rogers; the copy
editor, Bill McManus; the proofreader, Paul Tyler; and the indexer, Jack Lewis;
for all their attention to detail that made this a finer work after they finished with
it.
We also need to acknowledge our current employers who, to our great delight,
have seen fit to pay us to work in a career field that we all find exciting and
rewarding. There is never a dull moment in security, because it is constantly
changing.
We would like to thank Art Conklin for herding the cats on this one.
Finally, we would each like to individually thank those people who—on a
personal basis—have provided the core support for us individually. Without
these special people in our lives, none of us could have put this work together.
—The Author Team
To Susan, your love and support is what enables me to do all the things I do.
—Art Conklin, Ph.D.
I would like to thank my wife, Charlan, for the tremendous support she has
I would like to thank my wife, Charlan, for the tremendous support she has
always given me. It doesn’t matter how many times I have sworn that I’ll never
get involved with another book project only to return within months to yet
another one; through it all, she has remained supportive.
I would also like to publicly thank the United States Air Force, which
provided me numerous opportunities since 1986 to learn more about security
than I ever knew existed.
To whoever it was who decided to send me as a young captain—fresh from
completing my master’s degree in artificial intelligence—to my first assignment
in computer security: thank you, it has been a great adventure!
—Gregory B. White, Ph.D.
Josie, thank you for all the love and support. Macon, John, this is for you.
—Chuck Cothren
Geena, thanks for being my best friend and my greatest support. Anything I am
is because of you. Love to my kids and grandkids!
—Roger L. Davis
To my wife and best friend, Leah, for your love, energy, and support—thank you
for always being there. Here’s to many more years together.
—Dwayne Williams
ABOUT THIS BOOK
CAQC Disclaimer
The logo of the CompTIA Approved Quality Content (CAQC) program and the
status of this or other training material as “Approved” under the CompTIA
Approved Quality Content program signifies that, in CompTIA’s opinion, such
training material covers the content of CompTIA’s related certification exam.
The contents of this training material were created for the CompTIA
Security+ exam covering CompTIA certification objectives that were current as
of the date of publication.
CompTIA has not reviewed or approved the accuracy of the contents of this
training material and specifically disclaims any warranties of merchantability or
fitness for a particular purpose. CompTIA makes no guarantee concerning the
success of persons using any such “Approved” or other training material in order
to prepare for any CompTIA certification exam.
CONTENTS AT A GLANCE
Chapter 5 Cryptography
Chapter 25 Privacy
Glossary
Index
CONTENTS
Foreword
Preface
Introduction
Instructor Web Site
Chapter 1
Introduction and Security Trends
The Computer Security Problem
Definition of Computer Security
Historical Security Incidents
The Current Threat Environment
Threats to Security
Security Trends
Targets and Attacks
Specific Target
Opportunistic Target
Minimizing Possible Avenues of Attack
Approaches to Computer Security
Ethics
Additional References
Chapter 1 Review
Chapter 2
General Security Concepts
Basic Security Terminology
Security Basics
Security Tenets
Security Approaches
Security Principles
Access Control
Authentication Mechanisms
Authentication and Access Control Policies
Security Models
Confidentiality Models
Integrity Models
Chapter 2 Review
Chapter 3
Operational and Organizational Security
Policies, Procedures, Standards, and Guidelines
Security Policies
Change Management Policy
Data Policies
Human Resources Policies
Due Care and Due Diligence
Due Process
Incident Response Policies and Procedures
Security Awareness and Training
Security Policy Training and Procedures
Role-Based Training
Compliance with Laws, Best Practices, and Standards
User Habits
New Threats and Security Trends/Alerts
Training Metrics and Compliance
Interoperability Agreements
Service Level Agreements
Business Partnership Agreement
Memorandum of Understanding
Interconnection Security Agreement
The Security Perimeter
Physical Security
Physical Access Controls
Physical Barriers
Environmental Issues
Fire Suppression
Wireless
Electromagnetic Eavesdropping
Modern Eavesdropping
Chapter 3 Review
Chapter 4
The Role of People in Security
People—A Security Problem
Social Engineering
Poor Security Practices
People as a Security Tool
Security Awareness
Security Policy Training and Procedures
Chapter 4 Review
Chapter 5
Cryptography
Cryptography in Practice
Fundamental Methods
Comparative Strengths and Performance of Algorithms
Historical Perspectives
Substitution Ciphers
One-Time Pads
Algorithms
Key Management
Random Numbers
Hashing Functions
SHA
RIPEMD
Message Digest
Hashing Summary
Symmetric Encryption
DES
3DES
AES
CAST
RC
Blowfish
Twofish
IDEA
Block vs. Stream
Symmetric Encryption Summary
Asymmetric Encryption
Diffie-Hellman
RSA
ElGamal
ECC
Asymmetric Encryption Summary
Symmetric vs. Asymmetric
Quantum Cryptography
Steganography
Cryptography Algorithm Use
Confidentiality
Integrity
Authentication
Nonrepudiation
Cipher Suites
Key Exchange
Key Escrow
Session Keys
Ephemeral Keys
Key Stretching
Secrecy Principles
Transport Encryption
Digital Signatures
Digital Rights Management
Cryptographic Applications
Use of Proven Technologies
Chapter 5 Review
Chapter 6
Public Key Infrastructure
The Basics of Public Key Infrastructures
Certificate Authorities
Registration Authorities
Local Registration Authorities
Digital Certificates
Certificate Extensions
Certificate Attributes
Certificate Lifecycles
Registration and Generation
CSR
Renewal
Suspension
Revocation
Key Destruction
Certificate Repositories
Trust and Certificate Verification
Centralized and Decentralized Infrastructures
Hardware Security Modules
Private Key Protection
Key Recovery
Key Escrow
Public Certificate Authorities
In-House Certificate Authorities
Choosing Between a Public CA and an In-House CA
Outsourced Certificate Authorities
Tying Different PKIs Together
Trust Models
Certificate-Based Threats
Stolen Certificates
Chapter 6 Review
Chapter 7
PKI Standards and Protocols
PKIX and PKCS
PKIX Standards
PKCS
Why You Need to Know the PKIX and PKCS Standards
X.509
SSL/TLS
Cipher Suites
ISAKMP
CMP
XKMS
S/MIME
IETF S/MIME History
IETF S/MIME v3 Specifications
PGP
How PGP Works
HTTPS
IPsec
CEP
Other Standards
FIPS
Common Criteria
WTLS
ISO/IEC 27002 (Formerly ISO 17799)
SAML
Chapter 7 Review
Chapter 8
Physical Security
The Security Problem
Physical Security Safeguards
Walls and Guards
Physical Access Controls and Monitoring
Convergence
Policies and Procedures
Environmental Controls
Fire Suppression
Water-Based Fire Suppression Systems
Halon-Based Fire Suppression Systems
Clean-Agent Fire Suppression Systems
Handheld Fire Extinguishers
Fire Detection Devices
Power Protection
UPS
Backup Power and Cable Shielding
Electromagnetic Interference
Electronic Access Control Systems
Access Tokens
Chapter 8 Review
Chapter 9
Network Fundamentals
Network Architectures
Network Topology
Network Protocols
Protocols
Packets
Internet Protocol
IP Packets
TCP vs. UDP
ICMP
IPv4 vs. IPv6
Packet Delivery
Ethernet
Local Packet Delivery
Remote Packet Delivery
IP Addresses and Subnetting
Network Address Translation
Security Zones
DMZ
Internet
Intranet
Extranet
Flat Networks
Enclaves
VLANs
Zones and Conduits
Tunneling
Storage Area Networks
iSCSI
Fibre Channel
FCoE
Chapter 9 Review
Chapter 10
Infrastructure Security
Devices
Workstations
Servers
Virtualization
Mobile Devices
Device Security, Common Concerns
Network Attached Storage
Removable Storage
Networking
Network Interface Cards
Hubs
Bridges
Switches
Routers
Firewalls
How Do Firewalls Work?
Next-Generation Firewalls
Web Application Firewalls vs. Network Firewalls
Concentrators
Wireless Devices
Modems
Telephony
VPN Concentrator
Security Devices
Intrusion Detection Systems
Network Access Control
Network Monitoring/Diagnostic
Load Balancers
Proxies
Web Security Gateways
Internet Content Filters
Data Loss Prevention
Unified Threat Management
Media
Coaxial Cable
UTP/STP
Fiber
Unguided Media
Removable Media
Magnetic Media
Optical Media
Electronic Media
Security Concerns for Transmission Media
Physical Security Concerns
Cloud Computing
Private
Public
Hybrid
Community
Software as a Service
Platform as a Service
Infrastructure as a Service
Chapter 10 Review
Chapter 11
Authentication and Remote Access
User, Group, and Role Management
User
Group
Role
Password Policies
Domain Password Policy
Single Sign-On
Time of Day Restrictions
Tokens
Account and Password Expiration
Security Controls and Permissions
Access Control Lists
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control
Attribute Based Access Control (ABAC)
Account Expiration
Preventing Data Loss or Theft
The Remote Access Process
Identification
Authentication
Authorization
Access Control
Remote Access Methods
IEEE 802.1X
RADIUS
TACACS+
Authentication Protocols
FTP/FTPS/SFTP
VPNs
IPsec
Vulnerabilities of Remote Access Methods
Connection Summary
Chapter 11 Review
Chapter 12
Wireless Security and Mobile Devices
Introduction to Wireless Networking
Mobile Phones
Wireless Application Protocol
3G Mobile Networks
4G Mobile Networks
Bluetooth
Bluetooth Attacks
Near Field Communication
IEEE 802.11 Series
802.11: Individual Standards
Attacking 802.11
Current Security Methods
Wireless Systems Configuration
Antenna Types
Antenna Placement
Power Level Controls
Site Surveys
Captive Portals
Securing Public Wi-Fi
Mobile Devices
Mobile Device Security
BYOD Concerns
Location Services
Mobile Application Security
Chapter 12 Review
Chapter 13
Intrusion Detection Systems and Network Security
History of Intrusion Detection Systems
IDS Overview
IDS Models
Signatures
False Positives and False Negatives
Network-Based IDSs
Advantages of a NIDS
Disadvantages of a NIDS
Active vs. Passive NIDSs
NIDS Tools
Host-Based IDSs
Advantages of HIDSs
Disadvantages of HIDSs
Active vs. Passive HIDSs
Resurgence and Advancement of HIDSs
Intrusion Prevention Systems
Honeypots and Honeynets
Tools
Protocol Analyzer
Switched Port Analyzer
Port Scanner
Passive vs. Active Tools
Banner Grabbing
Chapter 13 Review
Chapter 14
System Hardening and Baselines
Overview of Baselines
Operating System and Network Operating System Hardening
OS Security
Host Security
Machine Hardening
Operating System Security and Settings
OS Hardening
Hardening Microsoft Operating Systems
Hardening UNIX-or Linux-Based Operating Systems
Updates (a.k.a. Hotfixes, Service Packs, and Patches)
Antimalware
White Listing vs. Black Listing Applications
Trusted OS
Host-based Firewalls
Hardware Security
Host Software Baselining
Host-Based Security Controls
Hardware-Based Encryption Devices
Data Encryption
Data Security
Handling Big Data
Cloud Storage
Storage Area Network
Permissions/ACL
Network Hardening
Software Updates
Device Configuration
Securing Management Interfaces
VLAN Management
IPv4 vs. IPv6
Application Hardening
Application Configuration Baseline
Application Patches
Patch Management
Host Software Baselining
Group Policies
Security Templates
Alternative Environments
SCADA
Embedded Systems
Phones and Mobile Devices
Mainframe
Game Consoles
In-Vehicle Computing Systems
Alternative Environment Methods
Network Segmentation
Security Layers
Application Firewalls
Manual Updates
Firmware Version Control
Wrappers
Control Redundancy and Diversity
Chapter 14 Review
Chapter 15
Types of Attacks and Malicious Software
Avenues of Attack
Minimizing Possible Avenues of Attack
Malicious Code
Viruses
Worms
Polymorphic Malware
Trojan Horses
Rootkits
Logic Bombs
Spyware
Adware
Botnets
Backdoors and Trapdoors
Ransomware
Malware Defenses
Attacking Computer Systems and Networks
Denial-of-Service Attacks
Social Engineering
Null Sessions
Sniffing
Spoofing
TCP/IP Hijacking
Man-in-the-Middle Attacks
Replay Attacks
Transitive Access
Spam
Spim
Phishing
Spear Phishing
Vishing
Pharming
Scanning Attacks
Attacks on Encryption
Address System Attacks
Cache Poisoning
Password Guessing
Pass-the-Hash Attacks
Software Exploitation
Client-Side Attacks
Advanced Persistent Threat
Remote Access Trojans
Tools
Metasploit
BackTrack/Kali
Social-Engineering Toolkit
Cobalt Strike
Core Impact
Burp Suite
Auditing
Perform Routine Audits
Chapter 15 Review
Chapter 16
E-Mail and Instant Messaging
How E-Mail Works
E-Mail Structure
MIME
Security of E-Mail
Malicious Code
Hoax E-Mails
Unsolicited Commercial E-Mail (Spam)
Sender ID Framework
DomainKeys Identified Mail
Mail Encryption
S/MIME
PGP
Instant Messaging
Modern Instant Messaging Systems
Chapter 16 Review
Chapter 17
Web Components
Current Web Components and Concerns
Web Protocols
Encryption (SSL and TLS)
The Web (HTTP and HTTPS)
HTTPS Everywhere
HTTP Strict Transport Security
Directory Services (DAP and LDAP)
File Transfer (FTP and SFTP)
Vulnerabilities
Code-Based Vulnerabilities
Buffer Overflows
Java
JavaScript
ActiveX
Securing the Browser
CGI
Server-Side Scripts
Cookies
Browser Plug-ins
Malicious Add-ons
Signed Applets
Application-Based Weaknesses
Session Hijacking
Client-Side Attacks
Web 2.0 and Security
Chapter 17 Review
Chapter 18
Secure Software Development
The Software Engineering Process
Process Models
Secure Development Lifecycle
Secure Coding Concepts
Error and Exception Handling
Input and Output Validation
Fuzzing
Bug Tracking
Application Attacks
Cross-Site Scripting
Injections
Directory Traversal/Command Injection
Buffer Overflow
Integer Overflow
Cross-Site Request Forgery
Zero-Day
Attachments
Locally Shared Objects
Client-Side Attacks
Arbitrary/Remote Code Execution
Open Vulnerability and Assessment Language
Application Hardening
Application Configuration Baseline
Application Patch Management
NoSQL Databases vs. SQL Databases
Server-Side vs. Client-Side Validation
Chapter 18 Review
Chapter 19
Business Continuity and Disaster Recovery, and Organizational Policies
Business Continuity
Business Continuity Plans
Business Impact Analysis
Identification of Critical Systems and Components
Removing Single Points of Failure
Risk Assessment
Succession Planning
Continuity of Operations
Disaster Recovery
Disaster Recovery Plans/Process
Categories of Business Functions
IT Contingency Planning
Test, Exercise, and Rehearse
Recovery Time Objective and Recovery Point Objective
Backups
Alternative Sites
Utilities
Secure Recovery
Cloud Computing
High Availability and Fault Tolerance
Failure and Recovery Timing
Chapter 19 Review
Chapter 20
Risk Management
An Overview of Risk Management
Example of Risk Management at the International Banking Level
Risk Management Vocabulary
What Is Risk Management?
Risk Management Culture
Business Risks
Examples of Business Risks
Examples of Technology Risks
Risk Mitigation Strategies
Change Management
Incident Management
User Rights and Permissions Reviews
Data Loss or Theft
Risk Management Models
General Risk Management Model
Software Engineering Institute Model
NIST Risk Models
Model Application
Qualitatively Assessing Risk
Quantitatively Assessing Risk
Adding Objectivity to a Qualitative Assessment
Risk Calculation
Qualitative vs. Quantitative Risk Assessment
Tools
Cost-Effectiveness Modeling
Risk Management Best Practices
System Vulnerabilities
Threat Vectors
Probability/Threat Likelihood
Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
Risks Associated with Cloud Computing and Virtualization
Chapter 20 Review
Chapter 21
Change Management
Why Change Management?
The Key Concept: Separation of Duties
Elements of Change Management
Implementing Change Management
Back-out Plan
The Purpose of a Change Control Board
Code Integrity
The Capability Maturity Model Integration
Chapter 21 Review
Chapter 22
Incident Response
Foundations of Incident Response
Incident Management
Anatomy of an Attack
Goals of Incident Response
Incident Response Process
Preparation
Security Measure Implementation
Incident Identification/Detection
Initial Response
Incident Isolation
Strategy Formulation
Investigation
Recovery/Reconstitution Procedures
Reporting
Follow-up/Lessons Learned
Standards and Best Practices
State of Compromise
NIST
Department of Justice
Indicators of Compromise
Cyber Kill Chain
Making Security Measurable
Chapter 22 Review
Chapter 23
Computer Forensics
Evidence
Types of Evidence
Standards for Evidence
Three Rules Regarding Evidence
Forensic Process
Acquiring Evidence
Identifying Evidence
Protecting Evidence
Transporting Evidence
Storing Evidence
Conducting the Investigation
Analysis
Chain of Custody
Message Digest and Hash
Host Forensics
File Systems
Windows Metadata
Linux Metadata
Device Forensics
Network Forensics
E-Discovery
Reference Model
Big Data
Cloud
Chapter 23 Review
Chapter 24
Legal Issues and Ethics
Cybercrime
Common Internet Crime Schemes
Sources of Laws
Computer Trespass
Significant U.S. Laws
Payment Card Industry Data Security Standard (PCI DSS)
Import/Export Encryption Restrictions
Non-U.S. Laws
Digital Signature Laws
Digital Rights Management
Ethics
Chapter 24 Review
Chapter 25
Privacy
Personally Identifiable Information (PII)
Sensitive PII
Notice, Choice, and Consent
U.S. Privacy Laws
Privacy Act of 1974
Freedom of Information Act (FOIA)
Family Education Records and Privacy Act (FERPA)
U.S. Computer Fraud and Abuse Act (CFAA)
U.S. Children’s Online Privacy Protection Act (COPPA)
Video Privacy Protection Act (VPPA)
Health Insurance Portability & Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
California Senate Bill 1386 (SB 1386)
U.S. Banking Rules and Regulations
Payment Card Industry Data Security Standard (PCI DSS)
Fair Credit Reporting Act (FCRA)
Fair and Accurate Credit Transactions Act (FACTA)
Non-Federal Privacy Concerns in the United States
International Privacy Laws
OECD Fair Information Practices
European Laws
Canadian Laws
Asian Laws
Privacy-Enhancing Technologies
Privacy Policies
Privacy Impact Assessment
Web Privacy Issues
Cookies
Privacy in Practice
User Actions
Data Breaches
Chapter 25 Review
Appendix A
CompTIA Security+ Exam Objectives: SY0-401
Appendix B
Another random document with
no related content on Scribd:
III. Idaea (127 chapters, 238 pages) discusses under the sophistic
topics (sex, occupation, moral habit, fortune, endowments, etc.) the
personae of the poet’s creation; sets forth the four poetic virtues
(prudentia, efficacia, varietas, figura); and adds precepts for the several
poetic forms.
IV. Parasceve (49 chapters, 98 pages) discusses the qualities of style,
with additions on figures.
V. Criticus (17 chapters, 227 pages) is mainly a series of comparative
parallels (comparationes), first by authors (Homer with Vergil, Vergil with
Theocritus, etc.), then by topics (691-717).
VI. Hypercriticus (7 chapters, 134 pages) is a review of Latin poetry
from the sixteenth century back.
VII. Epinomis (11 chapters, 47 pages) is an appendix.
“The true aim of a lyric poet is to celebrate to the extreme him whom he
undertakes to praise ... his race ... his native place” ... (29). Enhancing his
diction above common speech (41-44), he will amplify, even dilate.
The terms invention and disposition, transferred conventionally from
rhetoric, do not open anything specific on composition.
Ronsard refers early to the relation of lyric to music. Except for a few
such references, he has been content to gather commonplaces on
style. The only importance of the treatise is in showing one of the
foremost sixteenth-century poets driven, when asked for theory, as it
were inevitably to rhetoric.
Tasso’s poetic, on the other hand, is the most serious, concise,
and penetrative of the Renaissance. Composed in 1568 and 1570 to
be read before the Ferrara Academy, the Discorsi dell’arte poetica
ed in particolare sopra il poema eroico were later amplified, in
Poema eroico c. 1590 and Discorsi dell’arte poetica, 1587, for
Tasso’s theory was no less studious than his practice. Though he too
uses the headings of rhetoric inventio and dispositio, he applies
them to distinctively poetic conception and poetic movement. For he
discusses poetic specifically and consistently as movement and as
poetic movement. The inspiration is the Poetic of Aristotle. Working
independently, Tasso grasped Aristotle’s animating ideas at about
the same time as Castelvetro in his illuminating commentary (1570).
[58] The following references are to Solerti’s edition of the Discorsi
(1901).
The epic poet should move in his own Christian faith and history, not
among pagan deities and rites (12). His field must not be too large (23-
25); his narrative scheme (favola), as Aristotle says, must be entire, of
manageable scope, and single (28). For unity (33), in spite of critical
disputes, in spite of Ariosto’s success without it and of Trissino’s failure
with it, is vital. Ariosto prevails (46) not through lack of unity, but because
of his excellence in other directions. Variety (47) is desirable only if it does
not risk confusion; and, properly considered, it is compatible with unity. [A
clear and just rebuttal; there is no value in variety unless there is
something from which to vary.]
Part III (Style), opening with the rhetorical tradition of the “three styles,”
finds the third, magnifico (the Latin grande), appropriate to epic (52).
[Tasso’s own practice of magnifico is neither florid nor dilated.] Ariosto’s
style is medium; Trissino’s, tenue. Tragedy (53), relying oftener on specific
words (proprio), is less magnifico; lyric is more flowered and adorned;
epic, though ranging between the two, is normally magnifico.
Adding (55-60) a summary of the rhetoric of style, including figures,
Tasso finds Boccaccio’s prose over-rhythmical. His appreciation of the
force of exact words in Dante is refreshing after the earlier disparagement.
He closes with an illuminating comparison (63) of epic style in Vergil with
lyric in Petrarch.
11. SIDNEY
Sidney’s Defense of Poesy (about 1583; edited by Albert S. Cook,
Boston, 1890) exhibits its moral function from mere moralizing,
through winsome teaching, to incitement toward higher living.
What shoulde be the cause that our English speeche ... hath neuer
attained to anie sufficient ripeness, nay not ful auoided the reproch of
barbarousness in poetry? (227) ... What credite they might winne to theyr
natiue speeche, what enormities they might wipe out of English Poetry ... if
English Poetrie were truely reformed (229).
“How the wilde and sauage people vsed a naturall poesie in versicle
and rime as our vulgar is” (chapter v); and “How the riming poesie came
first to the Grecians and Latins, and had altered and almost spilt their
maner of poesie” (chapter vi). Classification into heroic, lyric, etc., and
then into comedy, tragedy, ode, elegy, etc., is followed (chapter xxxi) by a
review of English poetry as meager for a roll of honor as it is
undiscriminating in criticism.
Book II, Proportion Poeticall, is a misguided prosody. “Proportion” is
exhibited (chapter ii) in “staff” (i.e., stave or stanza); (iii) in “measure” (i.e.,
feet) estimated by the number of syllables without assigning a distinct
function to “accent”; (v) in caesura ranged with “comma, colon, periodus,”
terms transferred from rhetoric to serve as aspects of rhythm; (vi and
following) in “concord,” which includes rime, accent, time, “stir,” and
“cadence”; (xi) in “position”; and finally in “figure,” square stanzas,
triangles, ovals, suitable to emblems and other devices. Through this
confusion and deviation the typical English stress habit glimmers so faintly
as never to be distinct. “How Greek and Latin feet might be applied in
English” (xiii) leads in the closing chapters to “a more particular
declaration of the metrical feet of the ancient poets.”
Book III, Ornament, is a long and elaborate classification of figures of
speech.[60] It ends conventionally with typical faults, with decorum, and, in
tardy caution, with Horace’s ars celare artem.
13. PATRIZZI
Patrizzi’s poetic (Della poetica di Francesco Patrici la deca
disputata ... Ferrara, 1586) renews the quarrel with Aristotle begun in
his rhetoric.
14. DENORES
Jason Denores, on the contrary, made his Poetica a digest of
Aristotle with a tabular view at the end of each section (Poetica di
Iason Denores, nella qual per via di definitione & divisione si tratta
secondo l’opinion d’Aristotele della tragedia, del poema heroico, &
della comedia ... Padua, 1588). The book has no critical grasp.
15. VAUQUELIN
The poetic of the Sieur Vauquelin de la Fresnaye is important
mainly for confirmation at the end of the century (L’Art poétique de
Vauquelin de la Fresnaye, ou l’on peut remarquer la perfection et le
défaut des anciennes et des modernes poésies; text of 1605 edited
by Georges Pellissier,[65] Paris, 1885). Conceived in 1574 and
embracing the ideas of the Pléiade, it was still unfinished in 1585
and finally published at Caen only two years before the gentleman
poet’s death. The latter part of the sub-title refers to the addition of a
sort of catalogue raisonné of poets. Seventeen hundred and sixty
Alexandrine couplets survey poetry in three books as style and
metric; for composition enters rarely and in terms of rhetoric. Though
Aristotle is cited, the base is once more the “Ars poetica” of Horace.
Once more poetry is “speaking pictures” (I. 226); once more the
Pléiade repudiates balades and rondeaux (I. 546). The doctrine of
appropriateness (bienséance, il decoro) indicates characterization by
type (II. 330; III. 499); and the ideal poetic combination is of
instruction with delight (III. 609, utile-dulce). Instead of saying that
Vauquelin outlived his age,[66] we may rather reflect that change in
doctrine had been slow and was not yet recognized generally.
16. SUMMARY
In the variety of these poetics appear certain habits and
tendencies significant of the period. First, the Renaissance
gentleman scholar finds it becoming not only to write verse,
especially Latin verse, but to discuss poetic. Sound taste and
informed judgment in poetry, as in painting and sculpture, give him
rank as accomplished. The people assembled by Castiglione to
discuss the ideal courtier agree on this; and indeed several of them
might have written the dialogues examined above. Modern readers
impatient at the willingness to talk from the book without independent
thinking should beware of disparaging the value of a general
obligation to be informed about poetry. But even the Renaissance
gentlemen who were in the stricter sense scholars seem content with
learning for itself. Instead of interpreting and advancing, they exhibit.
The confusion about imitation is too general to be attributed to the
stupidity of individuals. It reflects the clash of two conceptions:
Aristotle’s idea of imitating human life[67] by focusing its actions and
speech in such continuity as shall reveal its significance, an idea of
composition; and the humanist idea of imitating classical style. As
ideas, the two have nothing to do with each other; but they tripped
each other in fact. For the first was new, not yet understood either
exactly or generally; and the second was a widespread habit of
thought. Imitation suggested classicism. Aristotle, being an ancient,
must in some way be reconciled to this. Meantime it is evident,
especially from the more commonplace discussions, that though the
theory might not be clear, the practice inclined toward dilation and
borrowing. Ciceronianism, even while it waned, had spread far
beyond Cicero. Bembo’s imitation of Petrarch was not a reproach; it
was an added virtue.
The cult of the great period does not preclude citation of Claudian,
Statius, Silius Italicus; and Scaliger adds Ausonius and Sidonius.
Even Apuleius is not excluded; and space is occasionally found for
the dullness of Aulus Gellius and Macrobius. The “Greek Romances”
of Achilles Tatius, Apollonius or Heliodorus find place not only with
Cinthio, Scaliger, and Vauquelin, but also with Ronsard and Sidney.
Indeed, those poetic habits summed up in the term Alexandrianism
and corresponding to the decadent rhetoric called sophistic, crop out
often enough to suggest a considerable vogue. The sophistic recipe
for encomium is accepted by Ronsard; and there is common
approval, in doctrine as in practice, of parenthetical dilation by
descriptive show-pieces. So the rhetoric of Hermogenes, embraced
by Camillo and Partenio for poetic, is mentioned elsewhere with
respect. Alexandrianism is at least an inclination of the Renaissance.
But the commonest sign of the times is the unabated vogue of
Horace’s “Ars poetica”. It is gospel as much to the Renaissance as it
had been to the Middle Age. The cynical explanation would be its
very shallowness and conventionality; but probably the deeper
reason is that Renaissance thinking on poetic, as Horace’s, was
essentially rhetorical. Here, at any rate, is the main significance of
these poetics. Various as they may be otherwise, they have this in
common. Tasso stands out as an exception, in theory as in practice,
by his clear view of poetic as a distinct art of composition; and he is
supported by Castelvetro’s penetrative interpretation of the Poetic of
Aristotle. But Vauquelin has not heard them; and even Sidney,
though he sees the distinction, still falls back on rhetoric. Even to the
end of the sixteenth century, Renaissance poetic was largely
rhetoric.[68]
Chapter VIII
PROSE NARRATIVE
1. TALES
Nothing is more characteristic of the Renaissance than the
abundance of tales. Printed in large collections, they evidently
answered a steady demand; and they furnished many plots for the
Elizabethan stage. Often significant of Renaissance taste in stories,
they are generally less interesting in narrative art.
(a) Bandello
Running generally from three pages to ten, the tales, even the few that
run to fourteen, remain scenario. II. ii. recounts in fourteen pages a
Persian tale of Oronte and Orbecche. V. x. tells at the same length how
the virtuous wife of Filogamo, shipwrecked, resisted the Prince of Satalia,
and that he was thereupon expelled. In X. viii two quarreling nobles come
to blows, are imprisoned by King Louis, and subsequently reconciled by
the courtesy of one. Even the tale of the Moorish captain, which has
hardly more than eight pages, is not developed narratively. Looking back
to it from Othello, one distinguishes the motivation discerned by
Shakspere; but in Giraldi’s tale this is either generalized or merely hinted;
it does not conduct the narrative.
There might be seene also a certain sharpe and rude situation of craggy
and vnfruictful rocks, which notwithstanding yelded some pleasure to the
Eyes to see theym tapissed with a pale moasie greene, which disposed
into a frizeled guise made the place pleasaunt and the rock soft according
to the fashion of a couerture. There was also a very fayre and wide Caue,
which liked him well, compassed round about with Firre trees, Pine
apples, Cipres, and Trees distilling a certayne Rosen or Gumme, towards
the bottom whereof, in the way downe to the valley, a man might haue
viewed a passing company of Ewe trees, Poplers of all sortes, and Maple
trees, the Leaues whereof fell into a Lake or Pond, which came by
certaune smal gutters into a fresh and very cleare fountayne right agaynst
that Caue. The knight viewing the auncientry and excellency of the place,
deliberated by and by to plant there the siege of his abode for performing
of his penaunce and life (Vol. III, p. 222, of the 1890 reprint).
Description for itself, without function, and even more plainly the
other habitual means of decoration, show not only the general habit
of dilation, but also the general carelessness of narrative values. So
is smothered even the Spanish tale of Don Diego and Ginevra,[72]
which Bandello had the wit, or the luck, to repeat in its original
sequence. Evidently these versions were looking not to composition,
not to the conduct of the story, but only to style.
one Nisus, who had to daughter a damsel named Scilla, a proper sweet
wench, in goodliness a goddess, in shape Venus herself, in shew a saint,
in perfection of person peerless, but in deeds a dainty dame, in manners a
merciless maid, and in works a wilful wench.... But to paint her out more
plainly, she was more coy than comely, more fine than well-favoured, more
lofty than lovely, more proud than proper, more precise than pure.
If there be any place for such style, surely it is not in story. The story
is hardly told; it is decorated, moralized, generalized without
narrative salience. The decoration thus abused by Pettie became a
vogue through John Lyly (1553?-1606). His Euphues, the Anatomy
of Wit (1578) and Euphues and His England (1580) made the
schemata of sophistic, especially isocolon, parison, and paromoion,
[73] a main item in the curious style called euphuism.
Come therefore to me, all ye lovers that have been deceived by fancy, the
glass of pestilence, or deluded by women, the gate to perdition; be as
earnest to seek a medicine as you were eager to run into a mischief. The
earth bringeth forth as well endive to delight the people as hemlock to
endanger the patient, as well the rose to distil as the nettle to sting, as well
the bee to give honey as the spider to yield poison (Croll’s ed., p. 93).