SECOND EDITION
Chuck Easttom
 |
| Computer Security Fundamentals.2nd Edition |
About the Author
Chuck Easttom has been in the IT industry for many years working in all aspects including network
administration, software engineering, and IT management. For the past 10 years he has been parttime
teaching at colleges and doing corporate training. For the past 7 years, he has also been an independent consultant working with a variety of companies and serving as an expert consultant/witness in various computer cases. Chuck holds more than 28 different IT industry certifications, including the CISSP, ISSAP, Certified Ethical Hacker, Certified Hacking Forensics Investigator, EC Council Certified Security Administrator, and EC Council Certified Instructor. He has served as a subject matter expert for the Computer Technology Industry Association (CompTIA) in the development or revision of four of their certification tests, including the initial creation of their Security+ certification. Most recently he worked with the EC Council to develop their new advanced cryptography course, which he is teaching around the world.
In addition to this book, Chuck has authored 12 other titles on topics such as computer security,
web development, programming, Linux, and computer crime. Chuck also is a frequent guest
speaker for computer groups, discussing computer security. You can reach Chuck at his website
www.chuckeasttom.com or by email at chuck@chuckeasttom.com
About the Technical Reviewer
Dr. Louay Karadsheh has a Doctorate of Management in information technology from Lawrence
Technological University, Southfield, MI. He teaches information assurance, operating system, and
networking classes. His research interest includes cloud computing, information assurance, knowledge management, and risk management. Dr. Karadsheh has published nine articles in refereed journals and international conference proceedings. He has 21 years of experience in planning, installation, troubleshooting, and designing local area networks and operating systems for small to medium-size sites. Dr. Karadsheh has provided technical edits/reviews for several major publishing companies, including Pearson Education and Cengage Learning, and evaluates the research proposals. He holds A+ and Security Certified Network professional certifications.
Acknowledgments
The creation of a book is not a simple process and requires the talents and dedication from many people to make it happen. With this in mind, I would like to thank the folks at Pearson for their commitment to this project. Specifically, I would like to say thanks to Betsy Brown for overseeing the project and keeping things
moving. A special thanks to Dayna Isley for outstanding editing and focus. Also, thanks to Dr.
Karadsheh, who worked tirelessly technically editing this book and fact checking it.
PEARSON
800 East 96th Street, Indianapolis, Indiana 46240 USA
Contents at a Glance
Introduction . . . . . . . 1
1 Introduction to Computer Security . 2
2 Networks and the Internet. . . . . . . 22
3 Cyber Stalking, Fraud, and Abuse. . . . 48
4 Denial of Service Attacks. . . . . 72
5 Malware . . . . . . . . . . 92
6 Techniques Used by Hackers . . . . . . . 116
7 Industrial Espionage in Cyberspace. . . 132
8 Encryption . . . . . . . . 154
9 Computer Security Software . . . . . . . .178
10 Security Policies. . . .200
11 Network Scanning and Vulnerability Scanning . . . . 220
12 Cyber Terrorism and Information Warfare. . . . . 254
13 Cyber Detective . . . . . . . . . . . . 276
14 Introduction to Forensics . .... . . 292
A Glossary . . . . . . . . . . . 306
B Resources.. . . . . .. . . . . 312
Index . . ............. . . . . . . . 316
Table of Contents
Introduction
Chapter 1: Introduction to Computer Security
Introduction
How Seriously Should You Take Threats to Network Security?
Identifying Types of Threats
Malware
Compromising System Security
Denial of Service Attacks
Web Attacks
Session Hijacking
DNS Poisoning
Assessing the Likelihood of an Attack on Your Network
Basic Security Terminology
Hacker Slang
Professional Terms
Concepts and Approaches
How Do Legal Issues Impact Network Security?
Online Security Resources
CERT
Microsoft Security Advisor
F-Secure
SANS Institute
Summary
Test Your Skills
Chapter 2: Networks and the Internet
Introduction
Network Basics
The Physical Connection: Local Networks
Faster Connection Speeds
Data Transmission
How the Internet Works
IP Addresses
CIDR
Uniform Resource Locators
History of the Internet
Basic Network Utilities
IPConfig
Ping
Tracert
Other Network Devices
Advanced Network Communications Topics
The OSI Model
Media Access Control (MAC) Addresses
Summary
Test Your Skills
Chapter 3: Cyber Stalking, Fraud, and Abuse
Introduction
How Internet Fraud Works
Investment Offers
Auction Frauds
Identity Theft
Cyber Stalking
Laws about Internet Fraud
Protecting Yourself against Cyber Crime
Protecting against Investment Fraud
Protecting against Identity Theft
Secure Browser Settings
Summary
Test Your Skills
Chapter Footnotes
Chapter 4: Denial of Service Attacks
Introduction
Denial of Service
Illustrating an Attack
Common Tools Used for DoS
DoS Weaknesses
Specific DoS attacks
Land Attack
Distributed Denial of Service (DDoS)
Summary
Test Your Skills
Chapter 5: Malware
Introduction
How a Virus Spreads
Recent Virus Examples
W32/Netsky-P
Troj/Invo-Zip
MacDefender
The Sobig Virus
The Mimail Virus
The Bagle Virus
A Nonvirus Virus
Rules for Avoiding Viruses
Trojan Horses
The Buffer-Overflow Attack
The Sasser Virus/Buffer Overflow
Spyware
Legal Uses of Spyware
How Is Spyware Delivered to a Target System?
Obtaining Spyware Software
Other Forms of Malware
Rootkit
Malicious Web-Based Code
Logic Bombs
Spam
Detecting and Eliminating Viruses and Spyware
Antivirus Software
Antispyware Software
Summary
Test Your Skills
Chapter 6: Techniques Used by Hackers
Introduction
Basic Terminology
The Reconnaissance Phase
Passive Scanning Techniques
Active Scanning Techniques
Actual Attacks
SQL Script Injection
Cross-Site Scripting
Password Cracking
Summary
Test Your Skills
Chapter 7: Industrial Espionage in Cyberspace
Introduction
What Is Industrial Espionage?
Information as an Asset
Real-World Examples of Industrial Espionage
Example 1: VIA Technology
Example 2: General Motors
Example 3: Interactive Television Technologies, Inc
Example 4: Bloomberg, Inc
Example 5: Avant Software
Industrial Espionage and You
How Does Espionage Occur?
Low-Tech Industrial Espionage
Spyware Used in Industrial Espionage
Steganography Used in Industrial Espionage
Phone Taps and Bugs
Protecting against Industrial Espionage
Industrial Espionage Act
Spear Phishing
Summary
Test Your Skills
Chapter 8: Encryption
Introduction
Cryptography Basics
History of Encryption
The Caesar Cipher
Multi-Alphabet Substitution
Binary Operations
Modern Methods
Single-Key (Symmetric) Encryption
Public Key (Asymmetric) Encryption
Legitimate Versus Fraudulent Encryption Methods
Digital Signatures
Hashing
Authentication
Encryptions Used in Internet
Virtual Private Networks
PPTP
L2TP
IPsec
Summary
Test Your Skills
Chapter 9: Computer Security Software
Introduction
Virus Scanners
How Does a Virus Scanner Work?
Virus-Scanning Techniques
Commercial Antivirus Software
Firewalls
Benefits and Limitation of Firewalls
Firewall Types and Components
How Firewalls Examine Packets
Firewall Configurations
Commercial and Free Firewall Products
Firewall Logs
Antispyware
Intrusion-Detection Software
IDS Categorization
IDS Approaches
Honey Pots
Other Preemptive Techniques
Summary
Test Your Skills
Chapter 10: Security Policies
Introduction
What Is a Policy
Defining User Policies
Passwords
Internet Use
Email Usage
Installing/Uninstalling Software
Instant Messaging
Desktop Configuration
Final Thoughts on User Policies
Defining System Administration Policies
New Employees
Departing Employees
Change Requests
Security Breaches
Virus Infection
Denial of Service Attacks
Intrusion by a Hacker
Defining Access Control
Developmental Policies
Standards, Guidelines, and Procedure
Summary
Test Your Skills
Chapter 11: Network Scanning and Vulnerability Scanning
Introduction
Basics of Assessing a System
Patch
Ports
Protect
Policies
Probe
Physical
Securing Computer Systems
Securing an Individual Workstation
Securing a Server
Scanning Your Network
MBSA
NESSUS
Getting Professional Help
Summary
Test Your Skills
Chapter 12: Cyber Terrorism and Information Warfare
Introduction
Actual Cases of Cyber Terrorism
China Eagle Union
Economic Attacks
Military Operations Attacks
General Attacks
Supervisory Control and Data Acquisitions
Information Warfare
Propaganda
Information Control
Disinformation
Actual Cases
Future Trends
Positive Trends
Negative Trends
Defense against Cyber Terrorism
Summary
Test Your Skills
Chapter 13: Cyber Detective
Introduction
General Searches
Court Records and Criminal Checks
Sex Offender Registries
Civil Court Records
Other Resources
Usenet
Summary
Test Your Skills
Chapter 14: Introduction to Forensics
Introduction
General Guidelines
Don’t Touch the Suspect Drive
Document Trail
Secure the Evidence
FBI Forensics Guidelines
Finding Evidence on the PC
Finding Evidence in the Browser
Finding Evidence in System Logs
Windows Logs
Linux Logs
Getting Back Deleted Files
Operating System Utilities
Net Sessions
Openfiles
Fc
Netstat
The Windows Registry
Summary
Test Your Skills
Appendix A: Glossary
Appendix B: Resources
General Computer Crime and Cyber Terrorism
General Knowledge
Cyber Stalking
Identity Theft
Port Scanners and Sniffers
Password Crackers
Countermeasures
Spyware
Counter Spyware
Cyber Investigation Tools
General Tools
Virus Research
● Screenshot ●
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 5,868 KB |
Pages
|
350 p |
File Type
|
PDF format |
ISBN-13
ISBN-10 | 978-0-7897-4890-4 0-7897-4890-8 |
Copyright
|
2012 by Pearson
|
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
