Further Reading

A representative list of cyber crime cases pursued by the U.S. Department of Justice with background details can be found at their website http://www.usdoj.gov/criminal/cybercrime/cccases.html. Specific news reports are too numerous to be listed individually. You can retrieve most of them (and many more) by entering such keywords as “security breach”, “cyber crime”, “cyber attack” and so on at the search engine http://www.google.com. 2002 CSI/FBI Computer Crime and Security Survey gives a good view of the current state of computer crime and security.

A good introduction to security concepts, especially from the perspective of securing the IT infrastructure of a large organization, can be found in the NIST Security Handbook titled An Introduction to Computer Security: The NIST Handbook. This handbook is available online at http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf.

A number of different types of attacks have been unearthed over time. References to some of them are: An insightful paper on protocol-related vulnerabilities titled Security Problems in the TCP/IP Protocol Suite by S. M. Bellovyn, available online at http://www.deter.com/unix/papers/tcpip_problems_bellovin.pdf, outlines security problems in the TCP/IP Protocol Suite, though most of these have now been addressed. Building Secure Software: How to Avoid the Security Problems the Right Way, by John Viega and Gary McGraw, has a detailed discussion on attacks exploiting buffer overflow and stack smashing.

The top 20 known vulnerabilities in widely used software programs can be found in The Twenty Most Critical Internet Security Vulnerabilities—The Experts' Consensus. The most current version of this document can be found at http://www.sans.org/top20.

Enabling technologies for secure systems such as cryptography, PKI, SSL, Access Control, Authentication Servers, and Java APIs for developing secure systems are the main topics discussed in the book.