What are the practical, technical problems faced by security practitioners? Readers are introduced to what is known about the psychological profiles of computer criminals and employees who commit insider crime. The focus is then widened to look at national security issues involving information assurance—critical infrastructure protection in particular. After a systematic review of how criminals penetrate security perimeters—essential for developing proper defensive mechanisms—readers can study a variety of programmatic attacks (widely used by criminals) and methods of deception, such as social engineering. The section ends with a review of widespread problems such as spam, phishing, Trojans, Web-server security problems, and physical facility vulnerabilities (an important concern for security specialists, but one that is often overlooked by computer-oriented personnel).
12. The Psychology of Computer Criminals. Psychological insights into motivations and behavioral disorders of criminal hackers and virus writers
13. The Dangerous Technology Insider: Psychological Characteristics and Career Patterns. Identifying potential risks among employees and other authorized personnel
14. Information Warfare. Cyberconflict and protection of national infrastructures
15. Penetrating Computer Systems and Networks. Widely used penetration techniques for breaching security perimeters
16. Malicious Code. Dangerous computer programs, including viruses and worms
17. Mobile Code. Analysis of applets, controls, scripts and other small programs, including those written in activeX, Java, and Javascript
18. Denial-of-Service Attacks. Resource saturation and outright sabotage that brings down availability of systems
19. Social Engineering and Low-Tech Attacks. Lying, cheating, impersonation, intimidation—and countermeasures to strengthen organizations against such attacks
20. Spam, Phishing, and Trojans: Attacks Meant to Fool. Fighting spam, phishing, and Trojans
21. Web-Based Vulnerabilities. Web servers, and how to strengthen their defenses
22. Physical Threats to the Information Infrastructure. Attacks against the information infrastructure, including buildings and network media