Index

Symbols

# (pound sign), 260

2G, 409

2nd Thought, 137

3DES (Triple DES), 219

3G, 409

4G, 409

56-bit cipher key (DES), 217

60 Minutes, 351

802.11 standard, 3637

A

abelian groups, 221

Absolute Keylogger, 135

Abvast, 142

acceptance of risk, 6

access control, 292293

AccessData Forensic Toolkit, 388391, 396

active IDSs (intrusion detection systems), 255

active scanning

active code scanning, 247

enumeration, 159160

MBSA (Microsoft Baseline Security Analyzer), 321323

Nessus, 324326

OWASP (Open Web Application Security Project), 326327

port scanning, 155158

Shodan, 160162, 328329

vulnerability assessment, 158159

activities, IDS, 256

Address Resolution Protocol (ARP), 5455

addresses

IPv4

CIDR (classless interdomain routing), 44

loopback addresses, 42

network classes, 4143

public versus private, 43

subnetting, 4344

IPv6, 4445

MAC (Media Access Control), 35, 57

AddRoundKey step (AES), 220

Adleman, Len, 224

Advanced Encryption Standard (AES), 38, 220222

advanced persistent threats (APTs), 139140, 344345

Advanced Research Projects Agency (ARPA), 48

adware, 137

AES (Advanced Encryption Standard), 38, 220222

AFCC (Air Force Cyber Command), 343

Agent.btz, 344

AHs (authentication headers), 270

Air Force Cyber Command (AFCC), 343

Airbus, 357

ALE (Annualized Loss Expectancy), 6

alerts, IDS, 256

algorithms

Diffie-Hellman, 227

ElGamal, 227

Elliptic Curve, 228

HMAC, 231232

MAC, 231232

MD5, 231

MQV, 227

RIPEMD, 231

RSA, 224227

SHA, 231

Allen, James, 76

Amazon, 12

The Amnesiac Incognito Live System (TAILS), 175

amplifiers, 35

analyzers, IDS, 256

AND operation, 214

Android, forensics fr, 410411

Annualized Loss Expectancy (ALE), 6

ANT+38

antispyware software, 194, 253254

antivirus software, 140143, 248

Apple Inc., industrial espionage at, 183

Apple Viruses, 128

application gateways, 250

Application log, 398

application proxies, 250

apport.log file, 399

APTs (advanced persistent threats), 139140, 344345

armored viruses, 122

ARP (Address Resolution Protocol), 5455

ARPA (Advanced Research Projects Agency), 48

ARPANET, 48

ASs (authentication servers), 264

assessment, system security

patches, 307308

physical security, 314315

policies, 312314

ports, 308311

probes, 314

protective software and devices, 311312

asset identification, 184187

asymmetric algorithms

Diffie-Hellman, 227

ElGamal, 227

Elliptic Curve, 228

MQV, 227

RSA, 224227

asymmetric encryption. See public key encryption

Asynchronous Transfer Mode (ATM), 269

Atbash cipher, 211

Atlanta, ransomware attack in, 125

ATM (Asynchronous Transfer Mode), 269

attachments, security policies for, 283284

attacks. See threats

auction fraud

protecting against, 8788

types of, 7072

audit trails, 394

auditing, 19

auditpol, 398

authentication, 19, 262265

authentication headers (AHs), 270

authentication servers (ASs), 264

autostart locations, 407

AVG, 129

AVG AntiVirus, 248

AVG antivirus, 142

avoidance of risk, 6

B

backups, 296297

bandwidth, 3435

Barriss, Tyler, 78

BCPs (business continuity plans), 295296

Bellaso, Giovan Battista, 212

Berners-Lee, Tim, 49

BIA (business impact assessment), 296

bid shielding, 71

bid siphoning, 7172

.bin files, 416

binary numbers, converting, 41

binary operations, 214

BitLocker, 195

bits, 3435, 3839

black hat hackers, 17, 152153

black holes, 112

BlackEnergy, 347, 357

blackmail, DoS (denial of service) attacks, 111

block ciphers

Blowfish, 222

defined, 217

Serpent, 222

Skipjack, 222

Twofish, 220

Blowfish, 222

blue jacking, 166

blue teams, 153

bluebugging, 166

bluesnarfing, 166

Bluetooth, 38

boot sector viruses, 123

Bosselaers, Antoon, 231

Boston Globe attack, 109

botnets, 109

breaches, defined, 7

Bring Your Own Device (BYOD), 285

Broadband Guide, 311

browser forensics, 397398

browser security, 8487

brute force, 210

brute force techniques, 235

Budapest Convention on Cybercrime, 394395

buffer-overflow attacks

explained, 132133

Sasser, 133134

buffers, 132133

Bureau of Federal Prisons, 378

business continuity

BCPs (business continuity plans), 295296

standards, 296

business continuity plans (BCPs), 295296

business continuity standards, 296

business impact assessment (BIA), 296

BYOD (Bring Your Own Device), 285

bytes, 3839

C

CAB (change approval board) process, 289

cables, 3335

Caesar cipher, 209210

Cain and Abel, 159

CAPTCHA, 108

carriers, 233

CAs (certificate authorities), 265266

CASP (CompTIA Advanced Security Practitioner), 6, 331

CBC (cipher block chaining) mode, 223

CBI (Central Bureau of Investigation), 344

CCB (change control board) process, 289

CCMP (Cipher Block Chaining Message Authentication Code Protocol), 38, 271

cell phones

Android, 410411

attacks on, 166

cellular networks, 409

general principles, 412

ICCID (Integrated Circuit Card Identification), 408

IMSI (International Mobile Subscriber Identity), 408

iOS, 410

SIM (Subscriber Identity Module), 408

Windows, 411

Cellebrite, 397

cellular networks, 409

CENTCOM, 344

Center for Internet Security, 315

Center for Strategic and International Studies, 3, 357

Central Bureau of Investigation (CBI), 344

Cerf, Vince, 48

CERT (Computer Emergency Response Team), 23, 128

certificate authorities (CAs), 265266

certificate revocation lists (CRLs), 266

certificates, digital, 265266

certifications, 6, 152, 330332, 413414

Certified Advanced Security Practitioner (CASP), 331

Certified Ethical Hacker, 331

Certified Forensic Computer Examiner (CFCE), 413

Certified Information Systems Auditor (CISA), 6

Certified Information Systems Security Professional (CISSP), 6, 331

CGNPC (China General Nuclear Power Company), 188

chain of custody, 392

Challenge Handshake Authentication Protocol (CHAP), 262, 269

change approval board (CAB) process, 289

change control board (CCB) process, 289

change requests, 288290

channels, 233

CHAP (Challenge Handshake Authentication Protocol), 262, 269

Chen, Jizhong, 183

CHFI (Computer Hacking Forensic Investigator), 413

children, crimes against, 8081

China

APTs (advanced persistent threats), 344345

China General Nuclear Power Company (CGNPC), 188

Chinese Eagle Union, 344

Choose Your Own Device (CYOD), 285

chosen plain text, 236

Chrome security settings, 87

CIA triangle, 20

CIDR (classless interdomain routing), 44

cipher block chaining (CBC) mode, 223

Cipher Block Chaining Message Authentication Code Protocol (CCMP), 38, 271

ciphers

Atbash, 211

Blowfish, 222

Caesar, 209210

cipher text-only attacks, 236

Enigma, 213214

Feistel, 216217

multi-alphabet substitution, 211212

rail fence, 212213

Rijndael, 220

Serpent, 222

Skipjack, 222

Twofish, 220

Vigenère, 212

CISA (Certified Information Systems Auditor), 6

CISSP (Certified Information Systems Security Professional), 6, 331

Citrix, 312

CIW Security Analyst, 331

classification, data, 294295

classless interdomain routing (CIDR), 44

clearance levels (DoD), 294295

client errors, 46

cloud forensics, 416417

commands

arp, 5455

fc, 403

ipconfig, 4951

net sessions, 402

netstat, 53, 404

nslookup, 53

openfiles, 403

ping, 5152

DoS (denial of service) attacks, 9799, 107108

ping of death (PoD), 107108

ping scans, 156

route, 5455

snort, 260

tracert, 52

commutative groups, 221

CommView, 415

Comodo, 266

company-owned and provided equipment (COPE), 285

CompTIA, 6, 331

Computer Crimes Acts, 23

Computer Emergency Response Team (CERT), 23, 128

Computer Fraud and Abuse Act (1986), 128

Computer Hacking Forensic Investigator (CHFI), 413

Computer Security Act, 22

confidential information, 294

configuration, desktop, 285

/.config/VirtualBox file, 416

connect scans, 156

content length, POST messages, 108

continuity, business

BCPs (business continuity plans), 295296

standards, 296

cookies, 83

cookie poisoning, 165166

RST, 104

SYN, 103104

COPE (company-owned and provided equipment), 285

co-prime numbers, 224

copying drives, 387391

Council of Europe Convention on Cybercrime, 394395

Council of Europe’s Electronic Evidence Guide, 394395

Counterexploitation website, 135

cracking, 9, 152153

credibility, online threats, 78

Creeper, 128

CRLs (certificate revocation lists), 266

cross-site request forgery, 165

cross-site scripting, 1213, 73, 165

Cruz, Kassandra, 75

cryptanalysis

birthday attacks

differential cryptanalysis, 236

linear cryptanalysis, 236

brute force, 235

chosen plain text, 236

cipher text only, 236

frequency analysis, 235

goals of, 235

known plain text, 236

related-key attacks, 236

CryptoLocker, 124125

cryptologic bomb, 213

CryptoWall, 124125

custody, chain of, 392

cyber espionage. See espionage

cyber investigation. See investigation techniques

cyber stalking

assessment of, 7879

crimes against children, 8081

defined, 74

protecting against, 88

real-world examples, 7578

swatting, 78

cyber terrorism and cyber warfare

APTs (advanced persistent threats), 139140, 344345

defense against, 362

disinformation, 355

economic attacks, 347349

future trends, 359361

general attacks, 350351

hacktivists, 356

information control, 353355

information warfare, 352

malware

BlackEnergy, 347

FinFisher, 347

Flame, 346

NSA ANT catalog, 347

StopGeorgia.ru, 346

Stuxnet, 345346

military operations attacks, 350

propaganda, 352353

real-world examples, 343344, 355359

Chinese Eagle Union, 344

India/Pakistan, 345

Russian hackers, 345

SCADA (Supervisory Control and Data Acquisitions), 351352

scope of problem, 342343

terrorist recruiting and communication, 362363

TOR and dark web, 363364

cybercrime. See Internet fraud; threats

cybersecurity engineering. See systems engineering

Cybersecurity Research and Education Act (2002), 359

Cyberterrorism Preparedness Act (2002), 359

cyclic groups, 221

CYOD (Choose Your Own Device), 285

D

Daemen, John, 220

DAM (database activity monitoring), 261

DAMP (database activity monitoring and prevention), 261

Dark Web, 173175, 363364

DARPA (Defense Advanced Research Projects Agency), 363

Das, Mittesh, 139

data classification, 294295

Data Encryption Standard (DES), 216219

data integrity, 394

data interface diagrams, 438439

data sources, IDS, 256

data transmission

overview of, 3839

ports, 40

TCP/IP protocols, 3940

database activity monitoring and prevention (DAMP), 261

database activity monitoring (DAM), 261

Daubert standard, 414

DCC (Defence Cyber Command), 360

DDoS (distributed denial of service) attacks, 10, 99, 109

decryption, 207

cryptanalysis

brute force, 235

chosen plain text, 236

cipher text only, 236

differential cryptanalysis, 236

frequency analysis, 235

goals of, 235

known plain text, 236

linear cryptanalysis, 236

related-key attacks, 236

steganography, 234

dedicated parity, striped disks with, 297

Defence Cyber Command (DCC), 360

Defense Advanced Research Projects Agency (DARPA), 363

deleted files, recovering, 399402

demilitarized zone (DMZ), 320

denial of service. See DoS (denial of service) attacks

departing employees, security policies for, 287288

Department of Defense clearance levels, 294295

DES (Data Encryption Standard), 216219

desktop configuration, security policies for, 285

detective investigation. See investigation techniques

developmental policies, 293

DHCP (Dynamic Host Control Protocol) starvation, 108

diagrams

data interface, 438439

misuse case, 432436

security block, 439

security sequence, 436438

use-case, 428

DIDs (data interface diagrams), 438439

differential backups, 296297

differential cryptanalysis, 236

Diffie, Whitfield, 227

Diffie-Hellman, 227

DigiCert, 266

digital certificates, 265266

Digital Signature Algorithm (DSA), 228

digital signatures, 230

directory traversal, 165

disabled services, 309310

disaster, defined, 295

disaster recovery

BCPs (business continuity plans), 295296

business continuity standards, 296

DRPs (disaster recovery plans), 295, 312

impact analysis, 296

disinformation, 355

DiskDigger, 399402

distributed denial of service (DDoS) attacks, 10, 99, 109

distributed parity, striped disks with, 298

DMZ (demilitarized zone), 320

DNS (Domain Name System), 39

DNS (Domain Name System) poisoning, 8, 1415

Dobbertin, Hans, 231

documentation, forensics, 391393

Domain Name System (DNS), 39

DoS (denial of service) attacks

DDoS (distributed denial of service), 10, 99, 109

defending against, 111112

defined, 7, 10

DHCP starvation, 108

Fraggle attacks, 106

HTTP POST DoS attacks, 108

ICMP (Internet Control Message Protocol) flood attacks, 107

illustration of, 9799

land attacks, 109

login DoS attacks, 108

PDoS (permanent denial of service), 108

PoD (ping of death), 107108

real-world examples, 109111

registration DoS attacks, 108

scope of problem, 97

security policies for, 291

Smurf IP attacks, 105106

TCP (Transmission Control Protocol) SYN flood attacks

micro blocks, 103

overview of, 102103

RST cookies, 104

SPI firewalls, 105

stack tweaking, 104

SYN cookies, 103104

teardrop attacks, 108

tools for

HOIC (High Orbit Ion Cannon), 100

LOIC (Low Orbit Ion Cannon), 99100

Stacheldraht, 101

TFN (Tribal Flood Network), 101

TFN2K, 101

Trinoo DDoS tool, 101

XOIC, 100

UDP (User Datagram Protocol) flood attacks, 107

DoSHTTP, 346

download scanning, 246

doxxing, 15

drive imaging, 387391

DRPs (disaster recovery plans), 295, 312

DS0 connection lines, 36

DSA (Digital Signature Algorithm), 228

dual parity, striped disks with, 298

dual-homed hosts, 251

dumpster diving, 370

Duronio, Roger, 139

Dynamic Host Control Protocol (DHCP) starvation, 108

E

EAP (Extensible Authentication Protocol), 262, 269

EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), 262

eBay, 12

ECB (electronic codebook) mode, 223

ECC (Elliptic Curve Cryptography), 228

EC-Council Certified Ethical Hacker, 152, 331

economic attacks, 347349

economic espionage, 188189

Economic Espionage Act (1996), 183

EDGE (Enhanced Data Rates for GSM Evolution), 409

Edge browser, 84

Edwards, John, 359

EffeTech HTTP Sniffer, 415

EFS (Encrypted File System), 195196

electronic codebook (ECB) mode, 223

Electronic Evidence Guide, 394395

Elgamal, Taher, 227

eLiTeWrap, 131132

Elliptic Curve, 228

Ellison, Larry, 189

email

attachments, security policies for, 283284

phishing, 7374, 139, 198

scanning, 246

spam, 139

employees, security policies for

departing employees, 287288

new employees, 287

nondisclosure and noncompete agreements, 184

Encapsulating Security Payload (ESP), 270

EnCase, 396

Encrypted File System, 195196

encryption, 194

binary operations, 214

decryption, 207

cryptanalysis, 235

steganography, 234

defined, 206207

digital certificates, 265266

digital signatures, 230

Encrypted File System, 195196

fraudulent encryption claims, identifying, 229230

history of

Atbash cipher, 211

Caesar cipher, 209210

Enigma, 213214

multi-alphabet substitution, 211212

online resources, 207209

rail fence, 212213

Vigenère, 212

legitimate versus fraudulent encryption methods, 229230

PGP (Pretty Good Privacy), 228229

public key

defined, 223224

Diffie-Hellman, 227

ElGamal, 227

Elliptic Curve, 228

MQV (Menezes-Qu-Vanstone), 227

PGP (Pretty Good Privacy), 228229

RSA method, 224227

quantum cryptography, 237

single-key (symmetric), 207

3DES (Triple DES), 219

AES (Advanced Encryption Standard), 220222

Blowfish, 222

defined, 216

DES (Data Encryption Standard), 216219

modification of, 223

Serpent, 222

Skipjack, 222

Twofish, 220

Energy Technology International, 188

engineering. See systems engineering

Enhanced Data Rates for GSM Evolution (EDGE), 409

Enigma, 213214

enumeration, 159160

errors, client/server, 46

ESP (Encapsulating Security Payload), 270

espionage. See industrial espionage

ethical hacking, 18

ETSI (European Telecommunications Standards Institute), 409

Euler’s totient, 225

events, IDS, 256

evidence

Android, 410411

browser, 397398

cell phone, 408

cellular networks, 409

ICCID (Integrated Circuit Card Identification), 408

IMSI (International Mobile Subscriber Identity), 408

SIM (Subscriber Identity Module), 408

chain of custody, 392

deleted files, recovering, 399402

iOS, 410

operating system utilities, 402404

fc, 403

net sessions, 402

netstat, 404

openfiles, 403

system log

Linux logs, 399

Windows logs, 398

Windows, 398, 404407, 411

evil twin attack, 166

expert witnesses, 414

expulsion, 286

Extensible Authentication Protocol (EAP), 262, 269

Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), 262

F

Facebook, 374375

faillog file, 399

FakeAV, 125

false positives/negatives, 247

Fannie Mae, 139

FastMail, 111

fault tolerance, 296298

FBAR (thin-film bulk acoustic resonator) technology, 188

FBI (Federal Bureau of Investigation) forensics guidelines, 392393

fc command, 403

FDISK utility, 170

federal prison records, 378

Feistel cipher, 216217

fields, AES (Advanced Encryption Standard), 222

file recovery, 399402

file scanning, 246

File Transfer Protocol (FTP), 39

filtering, packet, 249

FinFisher, 347

Firefox security settings, 8587

firewalls

benefits and limitations of, 248249

configurations, 250251

defined, 19, 5556, 248

firewall logs, 253

selection of, 311312

SPI, 105

types of, 249250

Windows 10 Windows Defender, 252253

ZoneAlarm, 252

Flame, 128, 345346

flooding

TCP (Transmission Control Protocol) SYN flood attacks

micro blocks, 103

overview of, 102103

RST cookies, 104

SPI firewalls, 105

stack tweaking, 104

SYN cookies, 103104

UDP (User Datagram Protocol) flood attacks, 107

footprinting, 348

foreign economic espionage, 188189

Forensic Toolkit, 388391, 396

forensics. See also evidence

certifications, 332, 413414

expert witnesses, 414

goal of, 386387

Locard’s principle of transference, 395

mobile devices

Android, 410411

cell phone components, 408

cellular networks, 409

general principles, 412

iOS, 410

Windows, 411

network, 415

principles for

chain of custody, 392

Council of Europe’s Electronic Evidence Guide, 394395

documentation, 391392

drive imaging, 387391

FBI (Federal Bureau of Investigation) forensics guidelines, 392393

SWGDE (Scientific Working Group on Digital Evidence) guidelines, 395

U.S. Secret Service guidelines, 393394

tools

AccessData Forensic Toolkit, 388391, 396

cell phone components, 408

Cellebrite, 397

EnCase, 396

FTK Imager, 388391

OSForensics, 390391, 396

Oxygen, 396

Sleuth Kit, 396

virtual

cloud, 416417

VMs (virtual machines), 415416

Forwarded Events log, 398

Fraggle attacks, 106

framework-specific modeling languages (FSMLs), 431

fraud. See Internet fraud

frequency, online threats, 79

frequency analysis, 235

F-Secure, 24

FSMLs (framework-specific modeling languages), 431

FTK Imager, 388391

FTP (File Transfer Protocol), 39

full backups, 296297

functions, hash, 230231

HMAC, 231232

MAC, 231232

MD5, 231

rainbow tables, 232233

RIPEMD (RACE Integrity Primitives Evaluation Message Digest), 231

SHA (Secure Hash Algorithm), 231

G

Gameover ZeuS, 124

gateways, 250

GCFA (GIAC Certified Forensic Analyst), 332, 414

GCFE (GIAC Certified Forensic Examiner), 332, 414

general cyber attacks, 350351

general searches, 371374

GhostNet, 356

GIAC certifications, 332, 414

Gigabit Ethernet, 34

GitHub, DoS (denial of service) attacks against, 99, 109

Global System for Mobile Communications (GSM), 409

The Gobbler, 108

GoDaddy, 266

Gonzalez, Amy, 77

Google Chrome security settings, 87

GPEN certification, 332

gray hat hackers, 17, 153

grooming, 80

groups, AES (Advanced Encryption Standard), 221

GSEC certification, 332

GSM (Global System for Mobile Communications), 409

Guidance Software, EnCase, 396

guidelines, defined, 294

H

hacking. See also malware

active scanning

enumeration, 159160

MBSA (Microsoft Baseline Security Analyzer), 321323

Nessus, 324326

OWASP (Open Web Application Security Project), 326327

port scanning, 155158

Shodan, 160162, 328329

vulnerability assessment, 158159

black hat hackers, 17, 152153

cell phone attacks, 166

cookie poisoning, 165166

cross-site request forgery, 165

cross-site scripting, 1213, 73, 165

Dark Web, 173175

defined, 9

directory traversal, 165

gray hat hackers, 17, 153

hacker intrusions, 291292

hacktivists, 356

of medical devices, 15

new vulnerabilities, 1516

passive scanning, 153155

password cracking, 166168

penetration testing

defined, 171

NIST 800–115, 171

NSA information assessment methodology, 171172

overview of, 18, 152

PCI DSS (Payment Card Industry Data Security Standard), 172173

red/blue teams, 153

phreaking, 18, 153

reconnaissance phase, 153

Russian hackers, 345

script kiddies, 1718, 153

security policies SANS Institute, 291292

SQL injection, 1112, 162164

URL hijacking, 166

white hat hackers, 17, 152153

Windows hacking techniques

login as system, 170

net user script, 169170

pass the hash, 169170

wireless attacks, 166

hacktivists, 356

harassment. See cyber stalking

hash functions

HMAC, 231232

MAC, 231232

MD5, 231

overview of, 104, 230231

rainbow tables, 232233

RIPEMD, 231

SHA, 231

hashing message authentication code (HMAC), 231232

Health Insurance Portability and Accountability Act (HIPAA), 23, 298

Hellman, Martin, 227, 232

heuristic scanning, 245246

heuristics, 245246

High Orbit Ion Cannon (HOIC), 100

high-speed connections, 36

hijacking

session, 7, 13

URL, 166

HIPAA (Health Insurance Portability and Accountability Act), 23, 298

HMAC (hashing message authentication code), 231232

HMI (human-machine interface), 351

Ho, Allen, 188

hoax viruses, 127128

HOIC (High Orbit Ion Cannon), 100

Home PC Firewall Guide, 311

honey pots, 260261

hosts, 251

Houston Astros, 187

HTML (Hypertext Markup Language), 49

HTTP (Hypertext Transfer Protocol), 39

development of, 49

HTTPS, 40

POST DoS attacks, 108

hubs, 35

human-machine interface (HMI), 351

Hutchins, Marcus, 124

hybrid security approach, 21

Hypertext Markup Language (HTML), 49

Hypertext Transfer Protocol. See HTTP (Hypertext Transfer Protocol)

I

IBM DES (Data Encryption Standard), 216219

ICCID (Integrated Circuit Card Identification), 408

ICMP (Internet Control Message Protocol)

ICMP flood attacks, 107

ICMP packets, blocking, 112

Smurf IP attacks, 105106

iDEN (Integrated Digitally Enhanced Network), 405409

identity theft

cross-site scripting, 73

phishing, 7374

protecting against, 8387

scope of problem, 7273

Identity Theft and Assumption Deterrence Act (1998), 81

IDSs (intrusion detection systems), 19, 155, 261

active, 255

attack identification methods, 255

defined, 254

elements of, 256

passive, 255

Snort, 256260

IEEE (Institute of Electrical and Electronics Engineers), 3637

IETF (Internet Engineering Task Force), 4849

IIN (Issuer Identification Number), 408

IKE (Internet Key Exchange), 270

IM (instant messaging), security policies for, 284

image searches, 374

imaging drives, 387391

IMAP (Internet Message Access Protocol), 39

IMAPS (Internet Message Access Protocol Secure), 40

The Imitation Game, 214

impact analysis, 296

IMSI (International Mobile Subscriber Identity), 408

incremental backups, 296297

India, cyber terrorism in, 345

industrial espionage

asset identification, 184187

defined, 183184

employee nondisclosure and noncompete agreements, 184

Industrial Espionage Act (1996), 197

low-tech, 189192

phishing, 198

protecting against, 194197

real-world examples, 187189

scope of problem, 182183, 189

spyware used in, 193194

trends in, 189

Industrial Espionage Act (1996), 197

Infobel searches, 373374

information control, 353355

Information Systems Security Architecture Professional (ISSAP), 331

Information Systems Security Engineering Professional (ISSEP), 331

Information Systems Security Management Professional (ISSMP), 331

information warfare, 352

initialization vector (IV), 37, 271

InPrivate Browsing option (Microsoft Edge), 8485

input validation, 164

insider threats, 8, 1314

installation, security policies for, 284

instant messaging (IM), security policies, 284

Institute of Electrical and Electronics Engineers (IEEE), 3637

Integrated Circuit Card Identification (ICCID), 408

Integrated Digitally Enhanced Network (iDEN), 405409

intensity, online threats, 79

International Council on Systems Engineering (INCOSE), 424

International Mobile Subscriber Identity (IMSI), 408

Internet. See also Internet fraud

basic communications, 47

connections, 36

Dark Web, 173175, 363364

history of, 4749

Internet transactions, growth of, 24

IoT (Internet of Things), 23, 16

IP addresses

IPv4, 4145

IPv6, 4445

ISPs ( Internet service providers), 4041

packets

defined, 4647

filtering, 249

structure of, 4041

URLs (uniform resource locators), 46

use policies, 282283

Internet Black Tigers, 356

Internet Control Message Protocol (ICMP)

ICMP flood attacks, 107

ICMP packets, blocking, 112

Smurf IP attacks, 105106

Internet Engineering Task Force (IETF), 4849

Internet fraud

auction fraud

protecting against, 8788

types of, 7072

cyber stalking

assessment of, 7879

crimes against children, 8081

defined, 74

protecting against, 88

real-world examples, 7578

swatting, 78

fraudulent encryption, 229230

how it works, 67

identity theft

phishing, 7374

protecting against, 8387

scope of problem, 7273

investment fraud

common schemes, 6768

protecting against, 82

pump and dump scams, 6869

laws about, 8182

protecting against, 8288

scope of problem, 6667

Internet Key Exchange (IKE), 270

Internet Message Access Protocol (IMAP), 39

Internet Message Access Protocol Secure (IMAPS), 40

Internet of Things (IoT), 23

Internet Protocol. See IP (Internet Protocol)

Internet Protocol Security (IPsec), 270

Internet Relay Chat (IRC), 39

Internet Security Association and Key Management Protocol (ISAKMP), 270

intrusion detection systems. See IDSs (intrusion detection systems)

intrusion deterrence, 261

intrusion prevention systems (IPSs), 112

investigation techniques, 370371

Facebook, 374375

general searches, 371374

mistaken identity, 377

online resources, 378

sex offender registries, 375377

Usenet, 379

investment fraud

common schemes, 6768

protecting against, 82

pump and dump scams, 6869

Invisible Secrets, 193, 234

iOS forensics, 410

IoT (Internet of Things), 23, 16

IP (Internet Protocol)

IPsec (Internet Protocol Security), 270

IPv4 addresses

CIDR (classless interdomain routing), 44

loopback addresses, 42

network classes, 4143

public versus private, 43

subnetting, 4344

IPv6 addresses, 4445

Smurf IP attacks, 105106

ipchains, 312

ipconfig command, 4951

IPsec (Internet Protocol Security), 270

IPSs (intrusion prevention systems), 112

iptables, 312

IRC (Internet Relay Chat), 39

Irish Republican Army (IRA), 352

ISAKMP (Internet Security Association and Key Management Protocol), 270

ISDN connection lines, 36

ISO 17799 standard, 279280

ISPs (Internet service providers), 4041

ISSAP (Information Systems Security Architecture Professional), 331

ISSEP (Information Systems Security Engineering Professional), 331

ISSMP (Information Systems Security Management Professional), 331

Issuer Identification Number (IIN), 408

IV (initialization vector), 37, 271

J-K

Jacob, Richard, 188

Jeep, attacks targeting, 16

Kaspersky, 129, 248, 357

KDCs (key distribution centers), 264

Kedi RAT (Remote Access Trojan), 125

Kerberos, 263265

Kerckhoffs, Auguste, 229

Kerckhoffs’s principle, 229

kern.log file, 399

key distribution centers (KDCs), 264

key loggers, 9, 135136

key schedules, 217218

key space, 210

KillDisk, 347

known plain text, 236

Koblitz, Neal, 228

Kosovo conflict, 356

Kurzynski, Joel, 75, 77

L

L2TP (Layer 2 Tunneling Protocol), 269

land attacks, 109

last visited sites, viewing, 407

Latigo, Heriberto, 75

Layer 2 Tunneling Protocol (L2TP), 269

layered security approach, 21

LEAP (Lightweight Extensible Authentication Protocol), 262

least privileges, 21, 170, 194

least significant bit (lsb), 233

legislation, 2223

Computer Fraud and Abuse Act (1986), 128

Computer Security Act, 22

Cybersecurity Research and Education Act (2002), 359

Cyberterrorism Preparedness Act (2002), 359

Economic Espionage Act (1996), 183

HIPAA (Health Insurance Portability and Accountability Act), 298

Identity Theft and Assumption Deterrence Act (1998), 81

Industrial Espionage Act (1996), 197

Internet fraud laws, 8182

PATRIOT Act, 359360

SOX (Sarbanes-Oxley), 299

Levandowsky, Anthony, 188

life cycle, system development, 427

Lightweight Extensible Authentication Protocol (LEAP), 262

Lin, Ryan, 75

linear cryptanalysis, 236

Linksys, 311

Linux

firewalls, 312

system logs, 399

local network connections

cables, 3335

hubs, 35

repeaters, 35

routers, 3536

switches, 35

Locard, Edmond, 395

Locard’s principle of transference, 395

log files, 416

Linux logs, 399

Windows logs, 398

logic bombs, 9, 139

login as system attacks, 170

login DoS (denial of service) attacks, 108

logs, 398

firewall, 253

Linux logs, 399

Windows logs, 398

LOIC (Low Orbit Ion Cannon), 10, 99100

Long Term Evolution (LTE), 409

loopback addresses, 42

Low Orbit Ion Cannon (LOIC), 10, 99100

low-tech industrial espionage, 189192

lpr.log file, 399

LSASS.EXE, 133134

lsb (least significant bit), 233

LTE (Long Term Evolution), 409

Luhnow, Jeff, 187

M

MAC (Media Access Control) addresses, 35, 57

MAC (message authentication code), 231232

MacDefender, 125

machine learning, 247

macro viruses, 122

mail.* file, 399

Makwana, Rajendrainh, 139

malicious web-based code, 138

malware

Agent.btz, 344

antivirus software, 140143

APTs (advanced persistent threats), 139140

BlackEnergy, 347

buffer-overflow attacks

explained, 132133

Sasser, 133134

creating, 168169

defined, 7

dynamic nature of, 121

FinFisher, 347

Flame, 346

key loggers, 9

logic bombs, 9, 139

malicious web-based code, 138

NSA ANT catalog, 347

remediation steps, 144

rootkits, 137138

spam, 139

spyware

antispyware software, 194, 253254

defined, 9

delivery of, 135

explained, 134135

legal uses of, 135

obtaining, 135137

StopGeorgia.ru, 346

Stuxnet, 345346

Trojan horses, 8, 129132

viruses, 110. See also virus scanners

antivirus software, 140143

avoiding, 129

defined, 8, 121

impact of, 129

MyDoom, 110111

real-world examples, 123128

security policies for, 290291

spread of, 121122

types of, 122123

worms, 110

Malwarebytes, 142143, 248

MATLAB, 428

Matusiewicz, David, 77

Matusiewicz, Lenore, 77

maximum tolerable downtime (MTD), 296

MBSA (Microsoft Baseline Security Analyzer), 321323

McAfee, 129, 141, 248, 308, 312

MCC (mobile country code), 408

McCullum, Juan R.77

McCumber cube, 1920

MCDs (misuse case diagrams), 432436

MD5, 231

mean percentage error (MPE), 429

mean squared deviation (MSD), 429

mean time between failures (MTBF), 429430

mean time to repair (MTTR), 296, 430

Media Access Control (MAC) addresses, 35, 57

medical devices, hacking of, 15

Medico, Joseph, 76

memcache attacks, 109

memory-resident viruses, 122

Menezes-Qu-Vanstone (MQV), 227

message authentication code (MAC), 231232

messages, Kerberos, 264265

metamorphic viruses, 123

metrics, 428430

micro blocks, 103

Microsoft Baseline Security Analyzer (MBSA), 321323

Microsoft Edge security settings, 84

Microsoft Outlook, virus spread in, 121122

Microsoft Point-to-Point Encryption (MPPE), 269

Microsoft Security Advisor, 24

military operations attacks, 350

Miller, Victor, 228

Mimail, 127

MIMO (multiple-input multiple-output), 37

minors, cyber stalking incidents involving, 8081

Mirai, 111

mirroring disks, 297

mistaken identity, 377

misuse case diagrams, 432436

mitigation of risk, 7

MixColumns step (AES), 221

mobile country code (MCC), 408

mobile devices, forensics for

Android, 410411

cell phone components, 408

cellular networks, 409

general principles, 412

ICCID (Integrated Circuit Card Identification), 408

IMSI (International Mobile Subscriber Identity), 408

iOS, 410

SIM (Subscriber Identity Module), 408

Windows, 411

mobile subscription identifier number (MSIN), 408

modeling and simulation, 431

need for, 428

SecML (Security Modeling Language)

data interface diagrams, 438439

misuse case diagrams, 432436

overview of, 428, 430432

security block diagrams, 439

security sequence diagrams, 436438

UML (Unified Modeling Language), 428, 439

Modern Cryptography (Easttom), 230

modulus, 225

mono-alphabet substitution, 210

Morris, Robert Tappan, Jr.13, 128

Morris attack, 13

MP3Stego, 234

MPE (mean percentage error), 429

MPPE (Microsoft Point-to-Point Encryption), 269

MQV (Menezes-Qu-Vanstone), 227

MSD (mean squared deviation), 429

MSIN (mobile subscription identifier number), 408

MTBF (mean time between failures), 429430

MTD (maximum tolerable downtime), 296

MTTR (mean time to repair), 296, 430

multi-alphabet substitution, 211212

multi-partite viruses, 122

multiple-input multiple-output (MIMO), 37

Murphy, Robert James, 76

MyDoom, 110111, 350351

mysql.* file, 399

N

NACLC (National Agency Check with Law and Credit), 294

NAPs (network access points), 4041

NAT (network address translation), 43

National Agency Check with Law and Credit (NACLC), 294

National Center for State Courts, 378

National Counterintelligence and Security Center (NCSC), 188

National Institute of Standards and Technology (NIST), 171, 237

National Security Agency (NSA), 171172, 315, 347

NCSC (National Counterintelligence and Security Center), 188

negatives, false, 247

Nessus, 324326

net sessions command, 402

net user script, 169170

NetBIOS, 39

netstat command, 53, 404

network address translation (NAT), 43

network host-based firewalls, 250

network interface cards (NICs), 33

Network News Transfer Protocol (NNTP), 39

networks, 4041. See also firewalls

certifications, 330332

concept of, 33

data transmission

overview of, 3839

ports, 40

TCP/IP protocols, 3940

forensics, 415

high-speed connections, 36

Internet

basic communications, 47

Dark Web, 173175

dark web, 363364

history of, 4749

IPv4 addresses, 4145

IPv6 addresses, 4445

packets, 4647

structure of, 4041

URLs (uniform resource locators), 46

MAC (Media Access Control) addresses, 35, 57

NICs (network interface cards), 33

OSI (Open Systems Interconnection) model, 5657

physical connections, 3336

cables, 3335

hubs, 35

repeaters, 35

routers, 3536

switches, 35

professional consultants, 330332

scanning

MBSA (Microsoft Baseline Security Analyzer), 321323

Nessus, 324326

OWASP (Open Web Application Security Project), 326327

Shodan, 328329

securing, 319321

security approaches

hybrid, 21

industrial espionage protection, 194197

layered, 21

perimeter, 21

utilities

arp, 5455

FDISK, 170

ipconfig, 4951

netstat, 53

nslookup, 53

ping, 5152

route, 5455

tracert, 52

VPNs (virtual private networks), 268270

wireless

802.11 standard, 3638

ANT+38

Bluetooth, 38

security, 3738

Wi-Fi security, 270271

ZigBee, 38

Z-Wave, 38

new employees, security policies for, 287

New York Stock Exchange, DoS attacks on, 358

NGFWs (next-generation firewalls), 105

ngrep, 415

NICs (network interface cards), 33

Nigerian fraud, 6768

NIST (National Institute of Standards and Technology), 171, 237

Nmap, 156158

NNTP (Network News Transfer Protocol), 39

nonces, 223

noncompete agreements, 184

nondisclosure agreements, 184

nonrepudiation, 230

nonvirus viruses, 127128

Norton, 129

Personal Firewall, 312

Security, 140141, 248

notifications, IDS, 256

NSA (National Security Agency), 171172, 315, 347

nslookup command, 53

nuclear secrets, industrial espionage incidents, 188

numbers, binary, 41

O

Object Management Group (OMG), 430431

OC3 connection lines, 36

OC12 connection lines, 36

OC48 connection lines, 36

octets, 41

Offender Locator, 377

Offensive Security, 152, 331

OMB Circular A-130, 23

OMG (Object Management Group), 430431

on-demand virus scanners, 246

ongoing virus scanners, 246

The Onion Router (TOR) project, 363364

onion routing, 173, 363

online harassment. See cyber stalking

Open Systems Interconnection (OSI) model, 5657

Open Web Application Security Project (OWASP), 326327

openfiles command, 403

Operation Ababil, 358

operators, IDS, 256

OphCrack, 167168

Oracle Box, 144

Oracle Corporation, 189

OR operation, 215

OSForensics, 390391, 396

OSI (Open Systems Interconnection) model, 5657

Outlook, virus spread in, 121122

OWASP (Open Web Application Security Project), 326327

Oxley, Michael, 299

Oxygen, 396

P

Pacer, 378

packets

defined, 4647

filtering, 4647, 249

Pakistan, cyber terrorism by, 345

PAP (Password Authentication Protocol), 262

pass the hash attacks, 169170

passive IDSs (intrusion detection systems), 255

passive scanning, 153155

PassMark Software OSForensics, 396

Password Authentication Protocol (PAP), 262

passwords

cracking, 166168

policies, 313

security policies for, 281

patches, 307308

Patel, Nimesh, 139

PATRIOT Act, 359360

payloads, 233

PCI DSS (Payment Card Industry Data Security Standard), 172173, 299

PDoS (permanent denial of service), 108

PEAP (Protected Extensible Authentication Protocol), 263

penetration testing, 18, 152, 153

defined, 171

NIST 800–115, 171

NSA information assessment methodology, 171172

PCI DSS (Payment Card Industry Data Security Standard), 172173

red/blue teams, 153

Penetration Testing Fundamentals (Easttom), 173, 176

People’s Drug Store, 175

perimeter security approach, 21

permanent denial of service (PDoS) attacks, 108

personal health information (PHI), 23

personal identification number (PIN), 408

personal unblocking code (PUK), 408

personally identifiable information (PII), 23

Petya, 124

PGP (Pretty Good Privacy), 228229, 266

PHI (personal health information), 23

phishing, 7374, 198

phlashing, 108

phone taps and bugs, 194

phreaking, 18, 153

physical security, 314315

PII (personally identifiable information), 23

PIN (personal identification number), 408

ping command, 5152

DoS (denial of service) attacks, 9799, 107108

ping of death (PoD), 107108

ping scans, 156

plain text attacks, 236

plans

BCPs (business continuity plans), 295296

DRPs (disaster recovery plans), 295, 312

Plaskett, Stacey, 77

PLC (programmable logic controller), 345

PoD (ping of death), 107108

pod slurping, 166

Point-to-Point Protocol (PPP), 269

Point-to-Point Tunneling Protocol (PPTP), 269

policies

assessment of, 312314

data classification, 294295

disaster recovery

BCPs (business continuity plans), 295296

business continuity standards, 296

DRPs (disaster recovery plans), 295

impact analysis, 296

fault tolerance, 296298

guidelines, 294

ISO 17799 standard, 279280

laws governing, 298299

procedures, 294

purpose of, 279

standards, 294

system administration policies

access control, 292293

change requests, 288290

departing employees, 287288

developmental policies, 293

need for, 287

new employees, 287

security breaches, 290293

user policies

BYOD (Bring Your Own Device), 285

consequences for violating, 286287

CYOD (Choose Your Own Device), 285

defining, 280

desktop configuration, 285

e-mail attachments, 283284

instant messaging, 284

Internet use, 282283

passwords, 281

software installation and removal, 284

termination or expulsion and, 286

polymorphic viruses, 123

POP3 (Post Office Protocol version 3), 39

POP3S (Post Office Protocol version 3 Secure), 40

ports, 35, 40

assessment of, 308311

port scanning, 155158

positives, false, 247

POST DoS attacks, 108

Post Office Protocol version 3 (POP3), 39

Post Office Protocol version 3 Secure (POP3S), 40

pound sign (#), 260

PPP (Point-to-Point Protocol), 269

PPTP (Point-to-Point Tunneling Protocol), 269

Preneel, Bart, 231

Pretty Good Privacy (PGP), 228229, 266

prime numbers, 224

principals, Kerberos, 264

prison searches, 378

privacy

browser settings, 8488

Privacy Act, 22

private information, 294

private IP addresses, 43

Privacy Act, 22

private keys, 223

probes, assessment of, 314

procedures, defined, 294

professional consultants, 330332

programmable logic controller (PLC), 345

propaganda, 352353

Protected Extensible Authentication Protocol (PEAP), 263

protective software and devices, assessment of, 311312

proxies

application proxies, 250

proxy servers, 19, 56

public information, 294

public IP addresses, 43

public key encryption, 207

defined, 223224

Diffie-Hellman, 227

ElGamal, 227

Elliptic Curve, 228

MQV (Menezes-Qu-Vanstone), 227

PGP (Pretty Good Privacy), 228229

RSA method, 224227

public keys, 223

public records, 378

PUK (personal unblocking code), 408

pump and dump scams, 6869

Q

quantum computing, 237

quantum cryptography, 237

qubits, 237

QuickStego, 193, 234

R

RACE Integrity Primitives Evaluation Message Digest (RIPEMD), 231

RAID (redundant array of independent disks), 297298

rail fence, 212213

rainbow tables, 232233

Ramos, Jeron, 77

Ranum, Marcus, 355

RAs (registration authorities), 266

readability analysis, 428

Reaper, 128

recent documents, viewing, 407

reconnaissance, 153

recovery. See disaster recovery

red teams, 153

redundant array of independent disks (RAID), 297298

registration authorities (RAs), 266

registration DoS (denial of service) attacks, 108

Rejewski,Marian, 213

related-key attacks, 236

remediation steps (malware), 144

remote terminal units (RTUs), 351

removing software

security policies for, 284

uninstalled software, finding, 407

repeaters, 35

requests, change, 288290

requirements engineering, 424426

Richardson, Edward, 77

Rijmen, Vincent, 220

Rijndael cipher, 220

rings, AES (Advanced Encryption Standard), 222

RIPEMD (RACE Integrity Primitives Evaluation Message Digest), 231

risk assessment, 47, 16

Rivest, Ron, 224, 231

RJ-11 jacks, 33

RJ-45 jacks, 33

Romanian cybercrime law, 82

Rombertik, 124

rootkits, 137138

route command, 5455

router-based firewalls, 251

routers, 3536

Rozycki, Jerzy, 213

RSA method, 224227

RTUs (remote terminal units), 351

Rule 702, 414

Russian hackers, 345

S

sandboxes, 247

Sandworm, 357

SANS Institute, 24, 112, 152, 293, 315, 414

Santa Cruz Operations (SCO), 110

Sarbanes, Paul, 299

Sarbanes-Oxley (SOX), 299

SAs (security associations), 270

Sasser, 133134

SCADA (Supervisory Control and Data Acquisitions), 351352

scanning

active

active code scanning, 247

enumeration, 159160

MBSA (Microsoft Baseline Security Analyzer), 321323

Nessus, 324326

OWASP (Open Web Application Security Project), 326327

port scanning, 155158

Shodan, 160162, 328329

vulnerability assessment, 158159

passive, 153155

Scherbius, Arthur, 213

Schneier, Bruce, 222

SCI (sensitive compartmented information), 294

Scientific Working Group on Digital Evidence (SWGDE), 395

SCO (Santa Cruz Operations), 110

screened hosts, 251

script kiddies, 1718, 153

scripting, cross-site, 1213

searches

Facebook, 374375

general, 371374

mistaken identity, 377

online resources, 378

sex offender registries, 375377

Usenet, 379

SEC (Securities and Exchange Commission), 672

SecML (Security Modeling Language)

data interface diagrams, 438439

misuse case diagrams, 432436

overview of, 428, 430432

security block diagrams, 439

security sequence diagrams, 436438

secret information, 294

Secret Service forensics guidelines, 393394

Secure Hash Algorithm (SHA), 231

Secure Shell (SSH), 39

Secure Sockets Layer (SSL), 266268

Securities and Exchange Commission (SEC), 672

security activities, 19

security associations (SAs), 270

security audits, 394

security block diagrams, 439

security breaches, 290. See also hacking; industrial espionage; threats

cracking, 9

defined, 7

insider threats, 1314

social engineering, 9, 191

war-dialing, 10

war-driving, 10

war-flying, 10

security devices, 19

security information event management (SIEM), 436

Security log, 398

Security Modeling Language. See SecML (Security Modeling Language)

security policies

data classification, 294295

disaster recovery

BCPs (business continuity plans), 295296

business continuity standards, 296

DRPs (disaster recovery plans), 295

impact analysis, 296

fault tolerance, 296298

guidelines, 294

ISO 17799 standard, 279280

laws governing, 298299

procedures, 294

purpose of, 279

standards, 294

system administration policies

access control, 292293

change requests, 288290

departing employees, 287288

developmental policies, 293

need for, 287

new employees, 287

security breaches, 290293

user policies

BYOD (Bring Your Own Device), 285

consequences for violating, 286287

CYOD (Choose Your Own Device), 285

defining, 280

desktop configuration, 285

e-mail attachments, 283284

instant messaging, 284

Internet use, 282283

passwords, 281

software installation and removal, 284

termination or expulsion and, 286

security resources, 2324

security sequence diagrams, 436438

security technology

antispyware software, 194, 253254

antivirus software, 140143, 248

authentication, 262265

DAM (database activity monitoring), 261

DAMP (database activity monitoring and prevention), 261

digital certificates, 265266

firewalls

benefits and limitations of, 248249

configurations, 250251

defined, 19, 5556, 248

firewall logs, 253

selection of, 311312

SPI, 105

types of, 249250

Windows 10 Windows Defender, 252253

ZoneAlarm, 252

honey pots, 260261

IDSs (intrusion detection systems)

active, 255

attack identification methods, 255

defined, 254

elements of, 256

passive, 255

Snort, 256260

intrusion deflection, 261

intrusion deterrence, 261

SSL (Secure Sockets Layer), 266268

TLS (Transport Layer Security), 266268

virus scanners

defined, 245

how they work, 245246, 247

scanning techniques, 246247

VPNs (virtual private networks), 268270

Wi-Fi security, 270271

Security+ certification, 331

sensitive compartmented information (SCI), 294

sensors, IDS, 256

Serpent, 222

Server Message Block (SMB), 40

servers

ASs (authentication servers), 264

errors, 46

proxy, 19, 56

securing, 317319

TGSs (ticket-granting servers), 264

services, shutting down, 309310

Services log, 398

session hijacking, 7, 13

sex offender registries, 81, 375377

sexual predators, 8081

SHA (Secure Hash Algorithm), 231

Shamir, Adi, 224

Shamoon, 124, 356

Shannon, Claude, 229

Shannon’s maxim, 229

“sheep dip” machines, 247

shielded twisted-pair (STP) cable, 34

ShiftRows step (AES), 221

shill bidding, 71

Shiva Password Authentication Protocol (SPAP), 262

Shodan, 160162, 328329

SIEM (security information event management), 436

Siemens Step7 software, 345

signals, 35

signatures, digital, 230

Silk Road, 364

SillyFDC worm, 344

SIM (Subscriber Identity Module), 408

Simple Mail Transfer Protocol Secure (SMTPS), 40

Simple Mail Transfer Protocol (SMTP), 39

Simple Network Management Protocol (SNMP), 156

Single Loss Expectancy (SLE), 6

Single Scope Background Investigation (SSBI), 295

single-key (symmetric) encryption, 207

3DES (Triple DES), 219

AES (Advanced Encryption Standard), 220222

Blowfish, 222

defined, 216

DES (Data Encryption Standard), 216219

modification of, 223

Skipjack, 222

Twofish, 220

sinkholes, 112

Sinn Féin, 352

Skipjack, 222

SLE (Single Loss Expectancy), 6

Sleuth Kit, 396

SMB (Server Message Block), 40

SMTP (Simple Mail Transfer Protocol), 39

SMTPS (Simple Mail Transfer Protocol Secure), 40

Smurf IP attacks, 105106

Sneakers, 18

SNMP (Simple Network Management Protocol), 156

Snort, 256260

Snow, 234

Snowden, Edward, 14

Sobig virus, 126

social engineering, 9, 191

social media, 374375

sockets, 40

SoftPerfect Network Protocol Analyzer, 415

software installation, security policies for, 284

SOX (Sarbanes-Oxley), 299

spam, 139

SPAP (Shiva Password Authentication Protocol), 262

sparse infector viruses, 123

spear phishing, 198

specialist support, 394

specificity, online threats, 79

Specter, 260261

SPI (stateful packet inspection), 105, 249

spyware

antispyware software, 194, 253254

defined, 9

delivery of, 135

explained, 134135

FinFisher, 347

in industrial espionage, 193194

legal uses of, 135

obtaining, 135137

SpywareGuide website, 135136

SQL (Structured Query Language) injection, 1112, 162164

SSBI (Single Scope Background Investigation), 295

SSDs (security sequence diagrams), 436438

SSH (Secure Shell), 39

SSL (Secure Sockets Layer), 266268

Stacheldraht, 101

stack tweaking, 104

standards, defined, 294

stateful packet inspection (SPI), 105, 249

Stealth Files 4, 234

steganography, 193, 234

StegVideo, 234

StopGeorgia.ru, 346

STP (shielded twisted-pair) cable, 34

stream ciphers, 217

striped disks, 297

striped disks with dedicated parity, 297

striped disks with distributed parity, 298

striped disks with dual parity, 298

Structured Query Language (SQL) injection, 1112

Stuxnet, 345346

SubBytpes step (AES), 221

subnetting, 4344

Subscriber Identity Module (SIM), 408

substitution alphabet, 210

substitution ciphers

Caesar cipher, 209210

multi-alphabet substitution, 211212

rail fence, 212213

Vigenère, 212

Super Wi-Fi, 37

Supervisory Control and Data Acquisitions (SCADA), 351352

swatting, 78

SWGDE (Scientific Working Group on Digital Evidence), 395

SWGDE Model Standard Operation Procedures for Computer Forensics, 395

switches, 35

Symantec, 266

symmetric encryption. See single-key (symmetric) encryption

SYN (synchronize) requests

SYN flood attacks

micro blocks, 103

overview of, 102103

RST cookies, 104

SPI firewalls, 105

stack tweaking, 104

SYN cookies, 103104

SYN scans, 156

SYN_RECEIVED state, 112

SysML (or Systems Modeling Language) SysML (Systems Modeling Language), 428

system administration policies

access control, 292293

change requests, 288290

departing employees, 287288

developmental policies, 293

need for, 287

new employees, 287

security breaches, 290

DoS (denial of service), 291

hacker intrusions, 291292

viruses, 290291

system assessment

patches, 307308

physical security, 314315

policies, 312314

ports, 308311

probes, 314

protective software and devices, 311312

system development life cycle, 427

system logs, 398

firewall, 253

Linux logs, 399

Windows logs, 398

system security

networks, 319321

servers, 317319

templates, 315

workstations, 316317

systems engineering

cybersecurity and, 424

defined, 423424

metrics, 428430

need for, 422423

readability analysis, 428

requirements engineering, 424426

SecML (Security Modeling Language)

data interface diagrams, 438439

misuse case diagrams, 432436

overview of, 428, 430432

security block diagrams, 439

security sequence diagrams, 436438

system development life cycle, 427

use-case diagrams, 428

WBS (Work Breakdown Structure), 426427

Systems Modeling Language (SysML), 428

T

T1 connection lines, 36

T3 connection lines, 36

tables, rainbow, 232233

TAILS (The Amnesiac Incognito Live System), 175

Taiwan Semiconductor Manufacturing Company, 129

TCP (Transmission Control Protocol) SYN flood attacks

micro blocks, 103

overview of, 102103

RST cookies, 104

SPI firewalls, 105

stack tweaking, 104

SYN cookies, 103104

TCP/IP protocols, 3940

teardrop attacks, 108

Telnet, 39

templates, system security, 315

Temporal Key Integrity Protocol (TKIP), 37, 271

TeraBIT Virus Maker, 168169

terminate and stay resident (TSR), 245

termination, security policies and, 286

terminators, 33

terrorism. See cyber terrorism and cyber warfare

TFN (Tribal Flood Network), 101

TFN2K, 101

TFTP (Trivial File Transfer Protocol), 39

TGSs (ticket-granting servers), 264

Thawte, 266

thin-film bulk acoustic resonator (FBAR) technology, 188

Thomas, Bob, 128

threats. See also hacking; industrial espionage; security policies; security technology

cyber stalking

assessment of, 7879

crimes against children, 8081

defined, 74

real-world examples, 7578

cyber terrorism

disinformation, 355

economic attacks, 347349

future trends, 359361

general attacks, 350351

information control, 353355

information warfare, 352

military operations attacks, 350

propaganda, 352353

real-world examples, 343347, 355359

SCADA (Supervisory Control and Data Acquisitions), 351352

scope of problem, 342343

DNS poisoning, 8, 1415

DoS (denial of service) attacks, 291

DDoS (distributed denial of service) attacks, 10, 99, 109

defending against, 111112

defined, 7, 10

DHCP starvation, 108

Fraggle attacks, 106

HTTP POST DoS attacks, 108

ICMP (Internet Control Message Protocol) flood attacks, 107

illustration of, 9799

land attacks, 109

login DoS attacks, 108

PDoS (permanent denial of service), 108

PoD (ping of death), 107108

real-world examples, 109111

registration DoS attacks, 108

scope of problem, 97

security policies for, 291

Smurf IP attacks, 105106

TCP (Transmission Control Protocol) SYN flood attacks, 102105

teardrop attacks, 108

tools for, 99101

UDP (User Datagram Protocol) flood attacks, 107

doxxing, 15

dumpster diving, 370

identity theft

cross-site scripting, 73

phishing, 7374

scope of problem, 7273

insider, 8, 1314

Internet fraud

auction fraud, 7072

how it works, 67

investment fraud, 6769

scope of problem, 6667

key loggers, 9

logic bombs, 9

malware

Agent.btz, 344

antivirus software, 140143

APTs (advanced persistent threats), 139140

BlackEnergy, 347

buffer-overflow attacks, 132133

creating, 168169

defined, 7

dynamic nature of, 121

FinFisher, 347

Flame, 346

logic bombs, 139

malicious web-based code, 138

NSA ANT catalog, 347

remediation steps, 144

rootkits, 137138

spam, 139

spyware, 9, 134137, 253254

StopGeorgia.ru, 346

Stuxnet, 345346

Trojan horses, 8, 129132

viruses, 8, 110, 121129, 290291. See also virus scanners

worms, 110

risk assessment, 47, 16

scope of problem, 3

security activities, 19

security breaches. See also hacking

cracking, 9

defined, 7

insider threats, 1314

social engineering, 9, 191

war-dialing, 10

war-driving, 10

war-flying, 10

security devices, 19

security policies for, 290

session hijacking, 7, 13

web attacks

cell phone attacks, 166

cookie poisoning, 165166

cross-site request forgery, 165

cross-site scripting, 1213, 165

defined, 7

directory traversal, 165

password cracking, 166168

SQL injection, 1112, 162164

URL hijacking, 166

wireless, 166

Tiajin University, 188

ticket-granting servers (TGSs), 264

Tiny Keylogger, 135

TKIP (Temporal Key Integrity Protocol), 37, 271

TLS (Transport Layer Security), 266268

tool certifications, 413

top secret information, 294

top secret SCI (sensitive compartmented information), 294

TOR network, 173175, 363364

totient, 225

traceability matrix, 426

tracert command, 52

transference

= risk, 6

Locard’s principle of, 395

Transmission Control Protocol. See TCP (Transmission Control Protocol) SYN flood attacks

Transport Layer Security (TLS), 266268

Tribal Flood Network (TFN), 101

Trinoo DDoS tool, 101

Triple DES (3DES), 219

Trithemius, Johannes, 234

Trivial File Transfer Protocol (TFTP), 39

Trojan horses, 8, 129132

Turing, Alan, 214

Twofish, 220

TypO, 135

U

Uber Technologies Inc.188

UDP (User Datagram Protocol) flood attacks, 107

Ulbricht, Ross, 364

UML (Unified Modeling Language), 428, 431, 439

UMTS (Universal Mobile Telecommunications System), 409

Unified Modeling Language (UML), 428, 431, 439

uniform resource locators (URLs), 46, 166

uninstalled software, finding, 407

UNIT 61398 (China), 140, 345

Universal Mobile Telecommunications System (UMTS), 409

University of Dayton School of Law, 82

university trade secrets, industrial espionage incidents involving, 188

unshielded twisted-pair (UTP) cable, 34

URLs (uniform resource locators), 46, 166

U.S. Cyber Command (USCYBERCOM), 360

U.S. Department of Defense clearance levels, 294295

U.S. Office of Personnel Management, breach of, 358

U.S. Secret Service forensics guidelines, 393394

USB information, 406407

USBSTOR key, 406

use-case diagrams, 428

Usenet, 379

User Datagram Protocol (UDP) flood attacks, 107

user policies

BYOD (Bring Your Own Device), 285

consequences for violating, 286287

CYOD (Choose Your Own Device), 285

defining, 280

desktop configuration, 285

e-mail attachments, 283284

instant messaging, 284

Internet use, 282283

ISO 17799 standard, 279280

passwords, 281

purpose of, 279

software installation and removal, 284

termination or expulsion and, 286

user.log file, 399

utilities, network

arp, 5455

FDISK, 170

ipconfig, 4951

netstat, 53

nslookup, 53

ping, 5152, 156

DoS (denial of service) attacks, 9799, 107108

ping of death (PoD), 107108

ping scans, 156

route, 5455

tracert, 52

UTP (unshielded twisted-pair) cable, 34

V

/var/log/apache2/*399

/var/log/apport.log, 399

/var/log/faillog, 399

/var/log/kern.log, 399

/var/log/lighttpd/*399

/var/log/lpr.log, 399

/var/log/mail.*399

/var/log/mysql.*399

/var/log/user.log, 399

VBA (Visual Basic for Applications), 122

.vbox file, 416

.vdi file, 416

vehicles, attacks targeting, 16

VeraCrypt, 195196

Verisign, 266

.vhx file, 416

Vigenère, Blaise de, 212

virtual forensics

cloud, 416417

VMs (virtual machines), 415416

virtual machines (VMs), 144, 415416

virtual private networks (VPNs), 268270

virtualization, 415

virus scanners

defined, 245

how they work, 245246, 247

scanning techniques, 246247

viruses, 110. See also virus scanners

antivirus software, 140143

avoiding, 129

defined, 8, 121

hoaxes, 127128

impact of, 129

MyDoom, 110111

real-world examples, 123128

Atlanta’s ransomware attack, 125

Bagle, 127

CryptoLocker, 124125

CryptoWall, 124125

earliest viruses, 128

FakeAV, 125

Flame, 128

Gameover ZeuS, 124

hoaxes, 127128

Kedi RAT (Remote Access Trojan), 125

MacDefender, 125

Mimail, 127

Petya, 124

Rombertik, 124

Shamoon, 124

Sobig, 126

WannaCry, 123124

security policies for, 290291

Serpent, 222

spread of, 121122

types of, 122123

virulence of, 126

Visual Basic for Applications (VBA), 122

visual inspection, 395

.vmdk file, 416

.vmem file, 416

VMs (virtual machines), 144, 415416

.vmsd file, 416

.vmsn file, 416

VMware, 144

VPNs (virtual private networks), 268270

vulnerability assessment, 158159

MBSA (Microsoft Baseline Security Analyzer), 321323

Nessus, 324326

OWASP (Open Web Application Security Project), 326327

professional consultants, 330332

Shodan, 328329

W

Wabbit, 128

WannaCry, 123124

WAPs (wireless access points), 166, 271

war-dialing, 10

war-driving, 10

warfare. See cyber terrorism and cyber warfare

war-flying, 10

Waymo, 188

WBS (Work Breakdown Structure), 426427

web attacks

cell phone attacks, 166

cookie poisoning, 165166

cross-site request forgery, 165

cross-site scripting, 1213, 165

defined, 7

directory traversal, 165

password cracking, 166168

SQL injection, 1112, 162164

URL hijacking, 166

wireless, 166

web-based mobile code, 138

WEP (Wired Equivalent Privacy), 37, 271

whaling, 198

white hat hackers, 17, 152153

White-Fi, 37

Whois, 39

Wi-Fi, 3638, 270271, 412

WPA (Wi-Fi Protected Access), 3738, 271

WPS (Wi-Fi Protected Setup), 166

Williamson, Malcolm J.227

Windows 10 Windows Defender, 252253

Windows configuration

commands

fc, 403

net sessions, 402

netstat, 404

openfiles, 403

registry settings, 404407

services, shutting down, 309310

system logs, 398

Windows Defender, 143, 252253

Windows EFS (Encrypted File System), 195196

Windows forensics, 411

Windows hacking techniques

login as system, 170

net user script, 169170

pass the hash, 169170

WinZapper, 398

Wired Equivalent Privacy (WEP), 37, 271

wireless access points (WAPs), 166, 271

wireless attacks, 166

wireless networks

802.11 standard, 3638

ANT+38

Bluetooth, 38

security, 3738

Wi-Fi security, 270271

ZigBee, 38

Z-Wave, 38

Wireshark, 415

Work Breakdown Structure (WBS), 426427

workstation security, 316317

worms, 110. See also malware

WPA (Wi-Fi Protected Access), 3738, 271

WPS (Wi-Fi Protected Setup), 166

Writing Snort Rules website, 260

X

X.25 networks, 269

X.509 certificates, 265266

.xml files, 416

XOIC, 100

XOR operation, 215216

Y-Z

Yahoo! People Search, 372373

Yung, Ho Ka Terence, 77

Zenmap, 156

Zhang, Hao, 188

ZigBee, 38

Zimmermann, Phil, 228

zone transfers, 57

ZoneAlarm, 252

Z-Wave, 38

Zygalski, Henryk, 213

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.135.216.160