INTRODUCTION TO PART II

THREATS AND VULNERABILITIES

What are the practical, technical problems faced by security practitioners? Readers are introduced to what is known about the psychological profiles of computer criminals and employees who commit insider crime. The focus is then widened to look at national security issues involving information assurance—critical infrastructure protection in particular. After a systematic review of how criminals penetrate security perimeters—essential for developing proper defensive mechanisms—readers can study a variety of programmatic attacks (widely used by criminals) and methods of deception, such as social engineering. The section ends with a review of widespread problems such as spam, phishing, Trojans, Web-server security problems, and physical facility vulnerabilities (an important concern for security specialists, but one that is often overlooked by computer-oriented personnel).

The chapter titles and topics in Part II include:

• 12. The Psychology of Computer Criminals. Psychological insights into motivations and behavioral disorders of criminal hackers and virus writers
• 13. The Dangerous Technology Insider: Psychological Characteristics and Career Patterns. Identifying potential risks among employees and other authorized personnel
• 14. Information Warfare. Cyberconflict and protection of national infrastructures
• 15. Penetrating Computer Systems and Networks. Widely used penetration techniques for breaching security perimeters
• 16. Malicious Code. Dangerous computer programs, including viruses and worms
• 17. Mobile Code. Analysis of applets, controls, scripts and other small programs, including those written in activeX, Java, and Javascript
• 18. Denial-of-Service Attacks. Resource saturation and outright sabotage that brings down availability of systems
• 19. Social Engineering and Low-Tech Attacks. Lying, cheating, impersonation, intimidation—and countermeasures to strengthen organizations against such attacks
• 20. Spam, Phishing, and Trojans: Attacks Meant to Fool. Fighting spam, phishing, and Trojans
• 21. Web-Based Vulnerabilities. Web servers, and how to strengthen their defenses
• 22. Physical Threats to the Information Infrastructure. Attacks against the information infrastructure, including buildings and network media