HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
Register your product to gain access to bonus material or receive a coupon.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.
Download the errata (44 KB .doc)
Clearly explains core concepts, terminology, challenges, technologies, and skills
Covers today’s latest attacks and countermeasures
The perfect beginner’s guide for anyone interested in a computer security career
Dr. Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started.
Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.
This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples reflect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you’ve learned.
Whether you’re a student, a professional, or a manager, this guide will help you protect your assets—and expand your career options.
LEARN HOW TO
Download the sample pages (includes Chapter 1)
Introduction xxvi
Chapter 1: Introduction to Computer Security 2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How Seriously Should You Take Threats to Network Security? . . . . . . . . . 4
Identifying Types of Threats . . . . . . . . . . . . . . . . . . . . . . . . 7
Assessing the Likelihood of an Attack on Your Network . . . . . . . . . . . . 16
Basic Security Terminology . . . . . . . . . . . . . . . . . . . . . . . 16
Concepts and Approaches . . . . . . . . . . . . . . . . . . . . . . . . 19
How Do Legal Issues Impact Network Security? . . . . . . . . . . . . . . . 22
Online Security Resources . . . . . . . . . . . . . . . . . . . . . . . . 23
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Networks and the Internet 32
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Network Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
How the Internet Works . . . . . . . . . . . . . . . . . . . . . . . . . 40
History of the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . 49
Other Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 55
Advanced Network Communications Topics . . . . . . . . . . . . . . . . 56
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Chapter 3: Cyber Stalking, Fraud, and Abuse 66
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
How Internet Fraud Works . . . . . . . . . . . . . . . . . . . . . . . . 67
Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Cyber Stalking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 4: Denial of Service Attacks 96
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Illustrating an Attack . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Common Tools Used for DoS Attacks . . . . . . . . . . . . . . . . . . . 99
DoS Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Specific DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 102
Real-World Examples of DoS Attacks . . . . . . . . . . . . . . . . . . . 109
How to Defend Against DoS Attacks . . . . . . . . . . . . . . . . . . . 111
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Chapter 5: Malware 120
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
The Buffer-Overflow Attack . . . . . . . . . . . . . . . . . . . . . . . 132
Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Other Forms of Malware . . . . . . . . . . . . . . . . . . . . . . . . 137
Detecting and Eliminating Viruses and Spyware . . . . . . . . . . . . . . 140
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Chapter 6: Techniques Used by Hackers 152
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Basic Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
The Reconnaissance Phase . . . . . . . . . . . . . . . . . . . . . . . 153
Actual Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Malware Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 171
The Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Chapter 7: Industrial Espionage in Cyberspace 182
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
What Is Industrial Espionage? . . . . . . . . . . . . . . . . . . . . . . 183
Information as an Asset . . . . . . . . . . . . . . . . . . . . . . . . 184
Real-World Examples of Industrial Espionage . . . . . . . . . . . . . . . 187
How Does Espionage Occur? . . . . . . . . . . . . . . . . . . . . . . 189
Low-Tech Industrial Espionage . . . . . . . . . . . . . . . . 189
Spyware Used in Industrial Espionage . . . . . . . . . . . . . 193
Steganography Used in Industrial Espionage . . . . . . . . . . . 193
Phone Taps and Bugs . . . . . . . . . . . . . . . . . . . . 194
Protecting Against Industrial Espionage . . . . . . . . . . . . . . . . . . 194
The Industrial Espionage Act . . . . . . . . . . . . . . . . . . . . . . 197
Spear Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Chapter 8: Encryption 206
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Cryptography Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 207
History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Modern Cryptography Methods . . . . . . . . . . . . . . . . . . . . . 216
Public Key (Asymmetric) Encryption . . . . . . . . . . . . . . . . . . . 223
PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Legitimate Versus Fraudulent Encryption Methods . . . . . . . . . . . . . 229
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
MAC and HMAC . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Cryptography Used on the Internet . . . . . . . . . . . . . . . . . . . . 236
Quantum Computing Cryptography . . . . . . . . . . . . . . . . . . . 237
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Chapter 9: Computer Security Technology 244
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Antispyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
SSL/TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . 268
Wi-Fi Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Chapter 10: Security Policies 278
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
What Is a Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . 280
Defining System Administration Policies . . . . . . . . . . . . . . . . . . 287
New Employees . . . . . . . . . . . . . . . . . . . . . . . 287
Departing Employees . . . . . . . . . . . . . . . . . . . . 287
Change Requests . . . . . . . . . . . . . . . . . . . . . . 288
Security Breaches . . . . . . . . . . . . . . . . . . . . . . 290
Virus Infection . . . . . . . . . . . . . . . . . . . . . . . 290
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . 291
Intrusion by a Hacker . . . . . . . . . . . . . . . . . . . . 291
Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . 292
Development Policies . . . . . . . . . . . . . . . . . . . . . . . . . 293
Standards, Guidelines, and Procedures . . . . . . . . . . . . . . . . . . 294
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Important Laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Chapter 11: Network Scanning and Vulnerability Scanning 306
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Basics of Assessing a System . . . . . . . . . . . . . . . . . . . . . . 307
Securing Computer Systems . . . . . . . . . . . . . . . . . . . . . . 315
Scanning Your Network . . . . . . . . . . . . . . . . . . . . . . . . 321
Getting Professional Help . . . . . . . . . . . . . . . . . . . . . . . . 330
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Chapter 12: Cyber Terrorism and Information Warfare 342
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Actual Cases of Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 343
Weapons of Cyber Warfare . . . . . . . . . . . . . . . . . . . . . . . 345
Economic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Military Operations Attacks . . . . . . . . . . . . . . . . . . . . . . . 350
General Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Supervisory Control and Data Acquisitions (SCADA) . . . . . . . . . . . . . 351
Information Warfare . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Actual Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Future Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Defense Against Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 362
Terrorist Recruiting and Communication . . . . . . . . . . . . . . . . . . 362
TOR and the Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . 363
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Chapter 13: Cyber Detective 370
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
General Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Court Records and Criminal Checks . . . . . . . . . . . . . . . . . . . 375
Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Chapter 14: Introduction to Forensics 386
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
General Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . 397
Finding Evidence in System Logs . . . . . . . . . . . . . . . . . . . . 398
Getting Back Deleted Files . . . . . . . . . . . . . . . . . . . . . . . 399
Operating System Utilities . . . . . . . . . . . . . . . . . . . . . . . 402
The Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . 404
Mobile Forensics: Cell Phone Concepts . . . . . . . . . . . . . . . . . . 408
The Need for Forensic Certification . . . . . . . . . . . . . . . . . . . . 413
Expert Witnesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Additional Types of Forensics . . . . . . . . . . . . . . . . . . . . . . 415
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Chapter 15: Cybersecurity Engineering 422
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Defining Cybersecurity Engineering . . . . . . . . . . . . . . . . . . . . 423
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Glossary 442
Appendix A: Resources 448
Appendix B: Answers to the Multiple Choice Questions 450
9780135774779, TOC, 8/15/19