Index
A
access
control
Bell-LaPadula model, 353
defined, 25
lists (ACLs), 129
Unix, Grey/Silver Book, 350
Violet Book, 351
bypassing passwords, 388
tech support, tricking, 389
remote attacks
cross-site scripting, 391
AccessData1 FTK, 408
ACLs (Access Control Lists), 129
Active Ports, 325
enumerating, 379
FreeNetEnumerator, 385
aggressiveness levels, 381
enumeration capabilities, 383-384
network scanner, 381
Remote Explorer, 382
scan types, selecting, 381
website, 380
ports, 379
ShareEnum, 384
types, 379
vulnerability assessments, 379
addresses (IP)
hiding, 87
scanning, 313
spoofing, 441
Adleman, Len, 152
AES (Advanced Encryption Standard), 150
A flag (iptables command), 101
AH (Authentication Header) protocol, 179
algorithms
hash, 157
symmetric
Blowfish, 150
IDEA, 151
Rijndael, 150
analysis
forensics
documentation, 398
evidence, securing, 398
touching suspect drives, 397-398
steganography, 161
AND operations, 146
anomaly detection, 125
anti-spyware
2011 Trojan horse, 261
Microsoft, 274
researching, 274
active code, blocking, 249
infections, responding, 249
removing viruses, 250
source, finding, 250
spread, stopping, 249
policies/procedures, 248
scanning
active code, 238
downloads, 237
e-mail and attachments, 237
files, 237
heuristic, 238
instant message, 238
software, 239
AVG, 246
Kapersky, 246
Panda, 247
subnetworks, segregating, 249
user accounts, securing, 249
application gateways, 78
circuit level, compared, 79
defined, 77
disadvantages, 78
flooding attacks, 78
application layer (OSI model), 11
application logs, 400
Applications and Services logs, 401
A protection category, 347
Aqua Book (Rainbow series), 349
Archive.com, 378
assessing
system security
data protection, 310
Microsoft Security Baseline Analyzer, 326-328
numerical grading system, 305
ports, 308
vulnerability scanners. See scanning, vulnerabilities
laissez faire approaches, 12
realistic views, 14
vulnerabilities, 379
Active Ports, 325
Cerberus Internet Scanner, 317-320
documentation, 330
Fport, 325
Microsoft Security Baseline Analyzer, 326-328
Nessus, 322
SuperScan, 326
TCPView, 325
Atbash cipher, 145
attachments
scanning for viruses, 237
buffer overflow
executing, 56
overview, 55
website, 442
cyber terrorism, 427
actual attacks, 432
China Eagle Union, 427
general, 425
DDoS, 43
Distributed Reflection Denial of Service, 48
popularity, 43
DoS, 19
Distributed Reflection, 48
distributed. See DDoS
FakeAV virus, 52
Flame, 52
ICMP floods, 48
Ping of Death (PoD), 47
policies/procedures against, 291
UDP floods, 47
website, 442
Zafi worm, 231
espionage, 415
actual attacks, 432
motivations, 415
hacker preparations, 377
information warfare, 429
disinformation, 431
propaganda, 429
stealth marketing, 431
Macintosh, 53
man-in-the-middle, 58
bypassing passwords, 388
tech support, tricking, 389
session hacking, 58
simulating, 49
social engineering, 18
viruses. See viruses
war-driving, 19
auditing
documentation, 324
sneakers, 26
Tan Book model, 349
authentication
defined, 25
Light Blue Book, 350
Authentication Header (AH) protocol, 179
AVG antivirus software, 246
B
backing up data, 371
Back Orifice Trojan horse, 261
Barracuda website, 78
bastion hosts, 84
battle drills, 49
BCPs (business continuity plans), 370
Bellaso, Giovan Battista, 146
BIA (business impact analysis), 370
Biba Integrity model, 354
Bitlocker, 417
black hat hackers, 23
blocking
active code, 249
ciphers
AES, 150
Blowfish, 150
defined, 150
IDEA, 151
selecting, 151
incoming traffic, 54
ports, 309
Blowfish, 150
Blue Book (Rainbow series), 350-351
books (Rainbow series)
Aqua, 349
Bright Blue, 349
Brown, 350
Burgundy, 349
Forest Green, 350
Grey/Silver, 350
Hot Peach, 350
Lavender, 349
Lavender/Purple, 350
Light Blue, 350
Light Pink, 351
Orange. See Orange Book
Pink, 349
Purple, 350
Red, 349
Tan, 349
Turquoise, 350
Venice Blue, 349
Violet, 351
Yellow, 350
Yellow-Green, 350
B protection category
mandatory, 342
Bright Blue Book (Rainbow series), 349
Broadband Guide website, 73
Bropla worm, 233
Brown Book (Rainbow series), 350
browsers
configuring, 221
Firefox, 221
forensic evidence, gathering, 400
Internet Explorer, 219
buffer overflow attacks
executing, 56
overview, 55
website, 442
building access, securing, 367-368
bulletin board worm, 233
Burgundy Book (Rainbow series), 349
business continuity plans (BCPs), 370
business impact analysis (BIA), 370
bypassing passwords, 388
C
Caesar Cipher, 144
Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), 351
CAs (Certificate Authorities), 156
CCIE (Cisco Certified Internetworking Engineer), 112
cell phone evidence retrieval, 407-408
Cerberus Internet Scanner, 317-320
Android download website, 320
main screen, 317
NT Registry report, 320
reports, viewing, 318
URL/IP address selection, 318
website, 317
CERT (Computer Emergency Response Team), 29, 440
Certificate Authorities (CAs), 156
certificate revocation lists (CRLs), 156
certificates (digital), 155-156
Certified Information Systems Security Professional (CISSP), 353
chain of custody, 398
change request system administration policies, 289-290
channels
communication, 351
steganography, 160
CHAP (Challenge Handshake Authentication Protocol), 175-176
CheckPoint, 417
Check Point Firewall-1 firewalls, 110-111
China Eagle Union cyber terrorist attack, 427
Chinese Wall model, 355
CIA (confidentiality, integrity, and availability), 25, 293, 443
ciphers
Atbash cipher, 145
Caesar, 144
multi-alphabet substitution, 145-146
ROT 13, 145
stream, 150
Cisco
Certified Internetworking Engineer (CCIE), 112
VPN solutions, 180
website, 76
CISSP (Certified Information Systems Security Professional), 353
Clark-Wilson model, 355
classifying threats, 15
CNN.com credit card hack website, 440
commands
Fc, 405
ipconfig, 7
iptables, 101
net sessions, 404
netstat, 406
Openfiles, 405
telnet, 386
traceroute, 105
communication
channels, 351
decryption, 158
encryption
algorithms website, 442
amateurs, 143
Atbash cipher, 145
Caesar Cipher, 144
IPSec, 179
multi-alphabet substitution, 145-146
quantum, 162
ROT 13, 145
software to avoid website, 442
strength, 148
websites, 148
OSI model
layers, 11
websites, 174
compulsory tunneling, 174
computer-based espionage. See espionage
computer crimes by state website, 28
Computer Emergency Response Team (CERT), 29, 440
Computer Security Act of 1987, 28, 440
Computer Security Institute Cyber Crime Bleeds U.S. Corporations article website, 440
Confidentiality, Integrity, and Availability (CIA), 25, 293
configuration files, changing, 40
configuring
browsers, 221
Firefox, 221
Internet Explorer, 219
fake password files, 132
firewalls
dual-homed hosts, 82
router-based, 83
packet filter firewalls, 75
Snort, 127
Specter, 131
VPNs, 181
finishing, 183
routing and remote access, 181
VPN access, 182
Windows
account lockout policies, 200
guidelines, 201
organizational policies, 201
conflicts of interest security model (Chinese Wall), 355
connect scans, 379
Consumer Search Anti spyware reviews website, 274
cookies
RST, 45
SYN, 44
C protection category
2 – controlled access, 341-342
discretionary, 339
crackers, 23
cracking, 18
credit card hack website, 440
CRLs (certificate revocation lists), 156
cross-site scripting, 391
cryptography, 148
CTCPEC (Canadian Trusted Computer Product Evaluation Criteria), 351
--ctstate flag (iptables command), 102
Curtin, Matt, 155
cyber terrorism, 414
attacks
actual, 432
China Eagle Union, 427
defined, 421
national harm, 422
websites, 443
D
Daemen, Joan, 150
data
backing up, 371
decryption, 158
encryption
algorithms website, 442
amateurs, 143
Atbash cipher, 145
Caesar Cipher, 144
IPSec, 179
multi-alphabet substitution, 145-146
quantum, 162
ROT 13, 145
software to avoid website, 442
strength, 148
websites, 148
protection, assessing, 310
salt, 157
storage, 350
database security requirements, 350
Data Encryption Standard (DES), 149-150, 442
data link layer (OSI model), 11
DDoS (Distributed Denial of Service) attacks, 43
Distributed Reflection Denial of Service, 48
popularity, 43
Decoy Server, 133
decryption, 158
DefConII Wardriving Statistics website, 440
deleted files, retrieving, 402-404
demilitarized zones (DMZs), 73, 81
Denial of Service. See DoS attacks
Department of Defense. See DoD Rainbow series
dependencies (Windows services), 209
DES (Data Encryption Standard), 149-150, 442
DES3 (Triple DES), 149
“Description and Analysis of a Potent, Increasingly Prevalent, and Worrisome Internet Attack” website, 441
desktop configurations, 286
detecting intrusions. See IDS
-d flag (iptables command), 102
differential backups, 371
Diffie-Hellman encryption algorithm, 154
Digital Signature Algorithm (DSA), 154
disaster recovery, 369
business continuity plans/impact analysis, 370
plans, 369
disinformation, 431
Disk Investigator, 409
Distributed Denial of Service. See DDoS attacks
Distributed Reflection Denial of Service attacks, 48
distributed systems Lavender Book model, 349
D-Link
DFL-300 Office firewalls, 109-110
product data website, 442
D - minimal protection category, 339
DMZs (demilitarized zones), 73, 81
DNS (Domain Name Service), 6
documentation
auditing, 324
Burgundy Book model, 349
forensics, 398
network protections, 330
physical security, 330
policies, 330
vulnerability assessments, 330
DoD (Department of Defense) Rainbow series, 348
Aqua Book, 349
Bright Blue Book, 349
Brown Book, 350
Burgundy Book, 349
Forest Green Book, 350
Grey/Silver Book, 350
Hot Peach Book, 350
Lavender Book, 349
Lavender/Purple Book, 350
Light Blue Book, 350
Light Pink Book, 351
Orange Book. See Orange Book
Pink Book, 349
Purple Book, 350
Red Book, 349
Tan Book, 349
Turquoise Book, 350
Venice Blue Book, 349
Violet Book, 351
Yellow Book, 350
Yellow-Green Book, 350
Domain Name Service (DNS), 6
DoS (Denial of Service) attacks, 19
Distributed Reflection, 48
distributed. See DDoS attacks
ICMP floods, 48
Ping of Death (PoD), 47
policies/procedures against, 291
real-world examples
FakeAV virus, 52
Flame, 52
simulating
flooding target machine, 42
methods, 42
Web servers, 41
overview, 45
preventing, 46
website, 441
SYN floods, 43
micro blocks defense, 44
overview, 43
popularity, 44
RST cookies defense, 45
SPI firewalls defense, 44
stack tweaking defense, 45
SYN cookies defense, 44
tools, 49
Tribal Flood Network, 49
UDP floods, 47
website, 442
Zafi worm, 231
downloads, scanning for viruses, 237
--dport flag (iptables command), 102
DRPs (disaster recovery plans), 369
DSA (Digital Signature Algorithm), 154
dual-homed host firewalls, 82
E
EALs (Evaluation Assurance Levels), 352
EAP (Extensible Authentication Protocol), 175
ease of use versus security, 230
economic attacks (cyber terrorism), 422-424
Elliptic Curve algorithm, 154
importance, 284
viruses
Mabutu, 232
scanning, 237
Encapsulated Security Protocol (ESP) protocol, 179
encryption
algorithms website, 442
amateurs, 143
Atbash cipher, 145
Caesar Cipher, 144
multi-alphabet substitution, 145-146
ROT 13, 145
IPSec, 179
quantum, 162
software to avoid website, 442
steganography, 159
advantages, 160
analyzing, 161
history, 160
least significant bits, 160
terminology, 160
tools, 161
strength, 148
symmetric
AES, 150
Blowfish, 150
defined, 149
IDEA, 151
selecting, 151
VPNs
websites, 148
English alphabet letter frequency distributions website, 442
enterprise network firewalls, 112-114
FreeNetEnumerator, 385
ShareEnum, 384
ePolicy Orchestrator, 307
equipment security, 367
ESP (Encapsulated Security Payload) protocol, 179
espionage, 415. See also cyber terrorism
actual attacks, 432
motivations, 415
packet sniffers, 417
EtherDetect, 419
Ethereal, 420
EtherDetect, 419
Ethereal, 420
ethical hackers, 23
evaluating
hardware/software, 349
operating systems, 350
technologies, 349
laissez faire approaches, 12
realistic views, 14
Evaluation Assurance Levels (EALs), 352
evidence (forensic)
gathering
browsers, 400
deleted file retrieval, 402-404
operating system utilities, 404-406
Windows registry, 407
securing, 398
tools
AccessData1, 408
Disk Investigator, 409
Fc, 405
Net Sessions, 404
Netstat, 406
Openfiles, 405
Sleuth Kit, 408
executable profiling, 126
Extensible Authentication Protocol (EAP), 175
F
facility management, 350
FakeAV virus, 52
fake password files, configuring, 132
Farmer, Dan, 321
FBI
Computer Forensics website, 396
Fc command, 405
federal jurisdiction websites, 396
files
configuration, changing, 40
index.dat, retrieving, 400
scanning for viruses, 237
File Transfer Protocol (FTP), 6
filtering routers, 58
finding. See retrieving
FIN scans, 380
Firestarter packet filter firewall, 74
Firewall-1 data sheet website, 442
firewalls
application gateways, 78
circuit level, compared, 79
defined, 77
disadvantages, 78
flooding attacks, 78
configuring
dual-homed hosts, 82
router-based, 83
DMZs, 81
logs, 86
medium-sized networks, 110
Check Point Firewall-1, 110-111
minimum function, 73
multiple, 85
NAT, 88
router-based, 73
single machine, 97
extra features, 106
solutions, 73
Firewalls.com, 78
Flame virus, 52
flooding attacks, 78
forensics
documentation, 398
evidence, gathering
browsers, 400
deleted file retrieval, 402-404
operating system utilities, 404-406
Windows registry, 407
evidence, securing, 398
federal jurisdictions, 396
tools
AccessData1, 408
Disk Investigator, 409
Fc, 405
Net Sessions, 404
Netstat, 406
Openfiles, 405
Sleuth Kit, 408
touching suspect drives, 397-398
Forensic Tool Kits (FTKs), 408-409
Forest Green Book (Rainbow series), 350
Fortigate 3600 firewalls, 113-114
ForwardedEvents logs, 401
Fport, 325
FreeNetEnumerator, 385
Free S/WAN VPN solutions, 181
F-Secure
corporation website, 29
virus descriptions website, 440
FTKs (Forensic Tool Kits), 408-409
FTP (File Transfer Protocol), 6
full backups, 371
future
viruses, 233
G
general cyber terrorism attacks, 425-427
Gimp website, 127
gray hat hackers, 23
Grey/Silver Book (Rainbow series), 350
group work profiles, 126
H
hackers
access attacks
cross-site scripting, 391
attack methods, 389
black hat, 23
crackers, 23
defined, 22
dictionary website, 440
gray hat, 23
intrusions, 292
phreaking, 24
preparations, 377
script kiddies, 23
skilled versus unskilled, 13
sneakers, 23
techniques, 283
white hat, 23
hacktivism, 427
hardening operating systems, 80
hardware
Cisco Catalyst 6500 IDS, 129
evaluating, 349
key loggers, 18
hashing, 156
hash function, 175
MD5, 157
passwords, 283
properties, 156
salt data, 157
SHA, 157
storage, 157
Health Information Technology for Economic and Clinical Health Act (HITECH), 356
heuristic scanning, 238
HFNetChkPro, 307
hiding IP addresses, 87
HIPAA (Health Insurance Portability & Accountability Act of 1996), 356
history
Atbash cipher, 145
Caesar Cipher, 144
multi-alphabet substitution, 145-146
ROT 13, 145
websites, 148
MyDoom virus, 53
steganography, 160
HITECH (Health Information Technology for Economic and Clinical Health Act), 356
hoaxes, 233
jdbgmgr.exe, 234
listings website, 443
w32.torch, 235
holiday greeting virus (Zafi worm), 231-232, 441-443
Home PC Firewall Guide website, 73
honey pots
Decoy Server, 133
defined, 130
intrusion deflection, 134
configuring, 131
costs, 133
fake password files, 132
modes, 132
services, simulating, 131
website, 130
hosts
bastion, 84
dual-homed, 82
Hot Peach Book (Rainbow series), 350
HTTP (Hypertext Transfer Protocol), 6
HTTPS (Hyper Text Transfer Protocol Secure), 7
I
ICMP (Internet Control Message Protocol), 7, 48
IDEA (International Data Encryption Algorithm), 151
IDS (Intrusion-Detection Systems), 122
anomaly detection, 125
defined, 122
executable profiling, 126
honey pots
Decoy Server, 133
defined, 130
intrusion deflection, 134
intrusion deflection, 134
intrusion deterrence, 134
resource profiling, 125
threshold monitoring, 125
user/group work profiling, 126
IEEE anti spyware comparison products website, 274
-i flag (iptables command), 102
IKE (Internet Key Exchange) protocol, 179
illicit groups, infiltrating, 124
“Improving the Security of Your Site by Breaking Into It” website, 321
incoming traffic, blocking, 54
incremental backups, 371
index.dat files, retrieving, 400
information
Technology Security Evaluation Criteria (ITSEC), 351
warfare, 429
disinformation, 431
propaganda, 429
stealth marketing, 431
installing
Norton AntiVirus, 242
software, 286
instant message scanning, 238
instant messaging user policies, 286
integrity verification, 355
International Data Encryption Algorithm (IDEA), 151
International PGP website, 442
Internet
Control Message Protocol (ICMP), 7, 48
Key Exchange protocol (IKE), 179
Protocol Security (IPSec), 178-179
Relay Chat (IRC), 6
Internet Explorer
security settings, 219
intrusions
deflection, 134
detection systems. See IDS
deterrence, 134
IP addresses
hiding, 87
scanning, 313
spoofing website, 441
IPComp (IP payload compression) protocol, 179
IPSec (Internet Protocol Security), 178-179
IP spoofing, 57
executing, 57
susceptibility, 58
theoretical level, 57
iptables command, 101
iptables firewalls
IRC (Internet Relay Chat), 6
ITSEC (Information Technology Security Evaluation Criteria), 351
J
jdbgmgr.exe virus, 234, 441-443
John the Ripper password cracker, 158-159
K
Kapersky Antivirus, 246
key loggers, 18
keystreams, 150
Koblitz, Neil, 154
L
L2TP (Layer 2 tunneling protocol), 176
overview, 176
PPTP, compared, 178
websites, 178
labs
DoS attack simulation, 41
flooding target machine, 42
methods, 42
Web server verification, 41
safety, 41
simulating attacks, 49
Lavender Book (Rainbow series), 349
Lavender/Purple Book (Rainbow series), 350
lax security, 13
Layer 2 tunneling protocol. See L2TP
layered approaches, 27
least privileges, 25
least significant bits (LSB), 160
leaving employee system administration policies, 288-289
letter frequency, 144
-L flag (iptables command), 101
licensing, open source, 127
Light Blue Book (Rainbow series), 350
Light Pink Book (Rainbow series), 351
--limit flag (iptables command), 102
Linksys website, 73
Linux
firewalls
logs, retrieving, 401
Trojan horses, 263
website, 127
--log-level flag (iptables command), 102
logons, 78
--log-prefix flag (iptables command), 102
logs
firewalls, 86
forensic evidence gathering, 400-401
LSB (least significant bits), 160
Lumenison, 307
M
Macintosh viruses, 53
main-in-the-middle attacks, 58
maintenance, 349
man traps, 367
manuals, writing, 350
McAfee
main screen, 239
options, 240
ePolicy Orchestrator, 307
Personal Firewall, 75, 104-105
SuperScan, 326
virus hoax listings website, 443
McCune, Tom, pretty good privacy website, 442
MD5 hash, 157
medium sized network firewalls, 110
Check Point Firewall-1, 110-111
Microsoft
anti-spyware, 274
Outlook script virus, 56
Security Advisor, 29
Security Baseline Analyzer, 326-328
interface, 327
results, 328
scan selection, 327
specific CHAP (MS-CHAP), 176
Miller, Victor, 154
Mitnick, Kevin, 18
“Mitnick Teaches Social Engineering” website, 440
models (security), 352
Biba Integrity model, 354
Chinese Wall model, 355
CISSP, 353
Clark-Wilson model, 355
Orange Book. See Orange Book
Rainbow series, 351
State Machine model, 356
MS-CHAP (Microsoft-specific CHAP), 176
multi-alphabet substitution, 145-146
MyDoom.BB virus, 17
“MyDoom Targets Linux Antagonist” website, 441
alert website, 442
description website, 441
history, 53
monetary damages, 53
overview, 52
N
NAT (network address translation), 88
national defense attacks (cyber terrorism), 424-425
Nessus, 322
NetBIOS, 6
NetBus Trojan horse, 262
Netcraft.com website, 378
Netscape Navigator security settings, 220-221
Net Sessions utility, 404
Netstat utility, 406
network layer (OSI model), 11
networks
address translation (NAT), 88
News Transfer Protocol (NNTP), 6
protections
documenting, 330
VPNs
Cisco, 180
Free S/WAN, 181
service solutions, 181
SSL, 180
TLS, 180
user logins, configuring, 184-185
new employee system administration policies, 288
NNTP (Network News Transfer Protocol), 6
non-repudiation, 25
Norton
installing, 242
main screen, 242
reports, 243
scanning for viruses, 243
scan results, 243
aggressiveness levels, 381
enumeration capabilities, 383-384
network scanner, 381
Remote Explorer, 382
scan types, selecting, 381
website, 380
numerical security grading system, 305
O
-o flag (iptables command), 102
OMB Circular A-130, 28
Online Certificate Status Protocol (OSCP), 156
online forum worm, 233
Openfiles utility, 405
Open Office, 127
open source, 127
operating systems
A1-certified, 347
B1 – labeled security protection, 344
evaluating, 350
hardening, 80
Orange Book (Rainbow series), 338, 349
A – verified protection, 347
A1 – verified protection, 347
B – mandatory protection, 342
B1 – labeled security protection, 343-344
B2 – structured protection, 344-345
B3 – security domains, 346-347
C - discretionary protection, 339
C1 – discretionary security protection, 340-341
C2 – controlled access protection, 341-342
D - minimal protection, 339
servers, 348
websites, 339
organizational policies, 201
OR operations, 146
OSCP (Online Certificate Status Protocol), 156
OSI model
layers, 11
websites, 174
Outlook script virus, 56
Outpost Firewall, 75
P
packet filter firewalls, 74-76
packets, tracing, 105
packet sniffers, 417
EtherDetect, 419
Ethereal, 420
Panda antivirus software, 247
PAP (Password Authentication Protocol), 177
passwords
bypassing, 388
complexity requirements, 282
fake password files, configuring, 132
hashing, 283
patches
applying, 306
assessing, 306
PatchLink, 307
payloads, 160
PCI DSS (Payment Card Industry Data Security Standard), 357-358
PC Magazine anti-spyware website, 274
perimeter approaches, 26
-p flag (iptables command), 101
PFSense, 79
phpBB software worm, 233
phreaking, 24
physical access attacks, 387-389
bypassing passwords, 388
tech support, tricking, 389
physical layer (OSI model), 11
physical security
bypassing passwords, 388
tech support, tricking, 389
documentation, 330
equipment, 367
video monitoring, 368
ping scans, 379
Ping utility, 9
Pink Book (Rainbow series), 349
PKIs (public key infrastructures), 156
PoD (Ping of Death) attacks, 47
antivirus, 248
documentation, 330
system administration
new employees, 288
Trojan horse prevention, 268
users
desktop configuration, 286
effective, 281
instant messaging, 286
potential misuses, 281
software installation/removal, 286
POP3 (Post Office Protocol Version 3), 6
Portal of Doom Trojan horse, 263-264
ports
assessing, 308
blocking, 309
Active Ports, 325
Fport, 325
SuperScan, 326
TCPView, 325
Post Office Protocol Version 3 (POP3), 6
PPTP (point-to-point protocol), 174
L2TP, compared, 178
tunneling types, 174
presentation layer (OSI model), 11
pretty good privacy website, 442
prevention
buffer overflow attacks, 56-57
espionage attacks, 416-417, 428-429
PoD attacks, 47
scanning
Smurf attacks, 46
Trin00 attacks, 51
viruses. See antivirus measures
privacy settings
Firefox, 221
probing networks. See scanning, vulnerabilities
profiling
executable, 126
resources, 125
user/group work, 126
antivirus, 239
AVG, 246
Kapersky, 246
Panda, 247
Bitlocker, 417
CheckPoint, 417
DoS attacks, 49
Tribal Flood Network, 49
enumerating
FreeNetEnumerator, 385
ShareEnum, 384
evaluating, 349
forensic evidence, gathering, 404
AccessData1, 408
Disk Investigator, 409
Fc, 405
Net Sessions, 404
Netstat, 406
Openfiles, 405
Sleuth Kit, 408
IDS
Decoy Server, 133
packet sniffers, 417
EtherDetect, 419
Ethereal, 420
Ping, 9
Active Ports, 325
Fport, 325
Nessus, 322
SuperScan, 326
TCPView, 325
steganography, 161
Trojan horses
Anti-Spyware 2011, 261
Back Orifice, 261
creating with EliteWrapper, 265-266
Internet Explorer, 261
Linux, 263
NetBus, 262
Shamoon, 262
symptoms, 264
TrueCrypt, 416
TSR (Terminate and Stay Resident), 236
propaganda, 429
protection, assessing
data, 310
protocols
DNS, 6
EAP, 175
FTP, 6
HTTP, 6
HTTPS, 7
ICMP, 7
IRC, 6
monitor (NetStat Live), 322-324
MS-CHAP, 176
NetBIOS, 6
NNTP, 6
OSCP, 156
PAP, 177
POP3, 6
PPTP, 174
L2TP, compared, 178
tunneling types, 174
SMB, 7
SMTP, 6
SPAP, 177
SSL, 180
TCP/IP, 7
Telnet, 6
tFTP, 6
TLS, 180
WhoIS, 6
proxy servers
defined, 25
firewalls, 87
public key encryption, 152-154
Diffie-Hellman, 154
DSA, 154
Elliptic Curve, 154
public key infrastructures (PKIs), 156
Purple Book (Rainbow series), 350
Q – R
quantum encryption, 162
RAID (redundant array of independent disks), 372
The Rainbow series, 348
books
Aqua, 349
Bright Blue, 349
Brown, 350
Burgundy, 349
Forest Green, 350
Grey/Silver, 350
Hot Peach, 350
Lavender, 349
Lavender/Purple, 350
Light Blue, 350
Light Pink, 351
Orange. See Orange Book
Pink, 349
Purple, 350
Red, 349
Tan, 349
Turquoise, 350
Venice Blue, 349
Violet, 351
Yellow, 350
Yellow-Green, 350
RAs (Registration Authorities), 156
recovery, 369
business continuity plans/impact analysis, 370
plans, 369
Yellow Book, 350
Red Book (Rainbow series), 349
redundant array of independent disks (RAID), 372
registry (Windows), 407
remote access attacks, 390-391
Remote Explorer (NSAudit), 382
removing
Back Orifice Trojan horse, 261
NetBus Trojan horse, 262
Portal of Doom Trojan horse, 264
software, 286
viruses, 250
reported cyber terrorism incidents, 425-426
reports
Cerberus Internet Scanner, 318
Norton AntiVirus, 243
evidence
Fc, 405
Net Sessions, 404
Netstat, 406
Openfiles, 405
operating system utilities, 404
Windows registry, 407
index.dat files, 400
virus infection sources, 250
Rijndael algorithm, 150
risks. See vulnerabilities
Rivest, Ron, 152
ROT 13 cipher, 145
router-based firewalls
configuring, 83
SOHOs, 73
routers, filtering, 58
Routing and Remote Access Server Setup Wizard, 181
RSA (Rivest, Shamir, Adleman) encryption algorithm, 152-153
RST cookies, 45
“Russians Arrest CIA Hacker” website, 443
S
SAINT (Security Administrator’s Integrated Network Tool), 321-322
salt data, 157
SAM (Security Accounts Manager), 157
SANS Institute website, 29
Santy worm, 233
SATAN (Security Administrator Tool for Analyzing Networks), 320-321
ports, 379
types, 379
vulnerability assessments, 379
IP addresses, 313
Active Ports, 325
Fport, 325
SuperScan, 326
TCPView, 325
viruses
active code, 238
downloads, 237
e-mail and attachments, 237
files, 237
heuristic, 238
instant message, 238
Active Ports, 325
Cerberus Internet Scanner, 317-320
Fport, 325
Nessus, 322
SuperScan, 326
TCPView, 325
Schneier, Bruce, 150
SCO’s case against IBM website, 441
screened hosts (firewalls), 83-84
script kiddies, 23
Secunia Personal Software Inspector, 261
Secure Hash Algorithm (SHA), 157
Secure Shell (SSH) protocol, 6
Secure Sockets Layer (SSL), 180
security
documentation
auditing, 324
Burgundy Book model, 349
forensics, 398
network protections, 330
physical security, 330
policies, 330
vulnerability assessments, 330
ease of use, compared, 230
glossary (Aqua Book), 349
logs, 400
models, 352
Biba Integrity model, 354
Chinese Wall model, 355
CISSP, 353
Clark-Wilson model, 355
State Machine model, 356
policies. See policies/procedures
resources, 29
settings
Firefox, 221
Internet Explorer, 219
Security Accounts Manager (SAM), 157
Security Administrator’s Integrated Network Tool (SAINT), 321-322
Security Administrator Tool for Analyzing Networks (SATAN), 320-321
sensors, 128
Server Message Block (SMB), 7
servers
Orange Book protection, 348
proxy
defined, 25
firewalls, 87
Web, 41
services
VPN solutions, 181
Services dialog box (Windows), 208
session hacking, 58
session layer (OSI model), 11
-s flag (iptables command), 102
Shamir, Adi, 152
Shamoon Trojan horse, 262
ShareEnum, 384
SHA (Secure Hash Algorithm), 157
Shiva Password Authentication Protocol (SPAP), 177
Simple Mail Transfer Protocol (SMTP), 6
single machine networks
firewalls, 97
extra features, 106
honey pots
Decoy Server, 133
defined, 130
intrusion deflection, 134
skilled hackers, 13
Sleuth Kit, 408
Small Offices and Home Offices. See SOHOs
SMB (Server Message Block), 7
SMTP (Simple Mail Transfer Protocol), 6
overview, 45
preventing, 46
website, 441
“Snake Oil Warning Signs” website, 155
Social Compare website, 274
social engineering, 18
software. See also programs
installation/removal policies, 286
open source, 127
key loggers, 18
SOHOs (Small Offices and Home Offices) firewalls, 73, 107
SPAP (Shiva Password Authentication Protocol), 177
configuring, 131
costs, 133
fake password files, 132
modes, 132
services, simulating, 131
website, 130
SPI (stateful packet inspection) firewalls, 44, 76
spoofing, 441
spyware
defined, 17
key loggers, 18
SSH (Secure Shell) protocol, 6
SSL (Secure Sockets Layer), 180
stack tweaking, 45
standards
Orange Book, 338
A – verified protection, 347
A1 – verified protection, 347
B – mandatory protection, 342
B1 – labeled security protection, 343-344
B2 – structured protection, 344-345
B3 – security domains, 346-347
C - discretionary protection, 339
C1 – discretionary security protection, 340-341
C2 – controlled access protection, 341-342
D - minimal protection, 339
servers, 348
websites, 339
Rainbow series, 348
Aqua Book, 349
Bright Blue Book, 349
Brown Book, 350
Burgundy Book, 349
Forest Green Book, 350
Grey/Silver Book, 350
Hot Peach Book, 350
Lavender Book, 349
Lavender/Purple Book, 350
Light Blue Book, 350
Light Pink Book, 351
Orange Book. See Orange Book
Pink Book, 349
Purple Book, 350
Red Book, 349
Tan Book, 349
Turquoise Book, 350
Venice Blue Book, 349
Violet Book, 351
Yellow Book, 350
Yellow-Green Book, 350
U.S. federal regulations/guidelines
HIPAA, 356
HITECH, 356
Sarbanes-Oxley, 357
Standards for Privacy of Individually Identifiable Health Information, 356
stateful packet inspection (SPI) firewalls, 44, 76
state legislation, 28
State Machine model, 356
stealth marketing, 431
steganography, 159
advantages, 160
analyzing, 161
history, 160
least significant bits, 160
terminology, 160
tools, 161
stream ciphers, 150
subject-object model
Biba Integrity model, 354
Clark-Wilson model, 355
subnetworks, segregating, 249
substitution ciphers
Atbash cipher, 145
Caesar ciphers, 144
ROT 13, 145
SuperScan, 326
suspect drive forensics, 397-398
Symantec
Decoy Server, 133
Norton
symmetric encryption
AES, 150
Blowfish, 150
defined, 149
IDEA, 151
selecting, 151
SYN
cookies, 44
scans, 380
systems
administration policies
new employees, 288
attacking, 49
logs, forensic evidence gathering, 400-401
security assessment
data protection, 310
Microsoft Security Baseline Analyzer, 326-328
numerical grading system, 305
ports, 308
vulnerability scanners. See scanning, vulnerabilities
security officer responsibilities (Turquoise Book), 350
T
Tan Book (Rainbow series), 349
target systems
ports, 379
types, 379
vulnerability assessments, 379
TCBs (trusted computing bases)
B1 – labeled security protection, 343-344
B3 – security domains category, 346
C – discretionary protection, 339
C1 – discretionary security protection, 340
C2 – controlled access protection, 341-342
defined, 340
TCP/IP (Transmission Control Protocol/Internet Protocol), 7
TCP session hijacking, 58
TCPView, 325
technologies, evaluating, 349
tech support, tricking, 389
Terminate and Stay Resident (TSR) programs, 236
terminology
steganography, 160
websites, 26
TFN2K, 49
TFN (Tribal Flood Network), 49
tFTP (Trivial File Transfer Protocol), 6
threats. See also attacks
laissez faire approaches, 12
realistic views, 14
classifications, 15
flooding attacks, 78
threshold monitoring, 125
TLS (Transport Layer Security), 180
tools. See programs
traceroute command, 105
tracing packets, 105
traffic, blocking, 54
Transmission Control Protocol/Internet Protocol (TCP/IP), 7
transport layer (OSI model), 11
Tribal Flood Network (TFN), 49
Triple DES (DES3), 149
Trivial File Transfer Protocol (tFTP), 6
Trojan horses
Anti-Spyware 2011, 261
Back Orifice, 261
creating with EliteWrapper, 265-266
defined, 17
Linux, 263
NetBus, 262
actions, 263
removing, 264
preventing, 266
technological measures, 266-267
user policies, 268
Shamoon, 262
symptoms, 264
TrueCrypt, 416
trusted computing bases. See TCBs
TSR (Terminate and Stay Resident) programs, 236
tunneling protocols
L2TP
overview, 176
PPTP, compared, 178
websites, 178
PPTP, 178
L2TP, compared, 178
tunneling types, 174
Turquoise Book (Rainbow series), 350
U
UAC (user account control), 99
UDP floods, 47
unique logons, 78
United States Secret Service website, 396
Unix
access control list options (Grey/Silver Book), 350
unskilled hackers, 13
users
access control policies, 292-293
accounts, securing, 249
least privileges, 25
logons
unique, 78
polices
desktop configuration, 286
effective, 281
instant messaging, 286
potential misuse, 281
software installation/removal, 286
work profiles, 126
U.S. federal regulations/guidelines
HIPAA, 356
HITECH, 356
Sarbanes-Oxley, 357
utilities. See programs
V
vendors (Bright Blue Book model), 349
Venema, Wietse, 321
Venice Blue Book (Rainbow series), 349
verification
digital certificates, 156
integrity, 355
Purple Book, 350
Web server, 41
-v flag (iptables command), 102
video monitoring, 368
Vigenère cipher, 146
Violet Book (Rainbow series), 351
antivirus measures
active code, blocking, 249
policies/procedures, 248
subnetworks, segregating, 249
user accounts, securing, 249
antivirus software, 239
AVG, 246
Kapersky, 246
Panda, 247
defined, 16
FakeAV, 52
Flame, 52
future, 233
hoaxes, 233
jdbgmgr.exe, 234
listings website, 443
w32.torch, 235
infections
policies, 291
Macintosh, 53
alert website, 442
history, 53
monetary damages, 53
overview, 52
MyDoom.BB, 17
Outlook script, 56
removing, 250
scanning
active code, 238
downloads, 237
e-mail and attachments, 237
files, 237
heuristic, 238
instant message, 238
Virus List website, 441
worms
Bropla, 233
defined, 229
Santy, 233
viruses, compared, 51
W32.Mimail.A@mm, 441
Virus List website, 441
voluntary tunneling, 174
VPNs
configuring, 181
finishing, 183
routing and remote access, 181
VPN access, 182
protocols
SSL, 180
TLS, 180
solutions
Cisco, 180
Free S/WAN, 181
service, 181
user logins, configuring, 184-185
website, 443
data protection, 310
documentation, 330
Microsoft Security Baseline Analyzer, 326-328
numerical grading system, 305
ports, 308
Active Ports, 325
Cerberus Internet Scanner, 317-320
Fport, 325
Nessus, 322
SuperScan, 326
TCPView, 325
W
W32.Mimail.A@mm worm website, 441
w32.torch hoax, 235
war-dialing, 19
war-driving, 19
Watchguard Technologies website, 78
Web server verification, 41
websites
Active ports, 325
anti-spyware reviews, 274
Archive.com, 378
Avast!, 245
Barracuda, 78
Bitlocker, 417
Broadband Guide, 73
buffer overflow attacks, 442
Cerberus Internet Scanner, 317
CERT, 29
CERT DoS attacks, 440
CheckPoint, 417
China Eagle Union, 427
Cisco, 76
Cisco VPN solutions, 180
CommView, 417
computer crimes by state listing, 28
Computer Security Act of 1987, 440
Computer Security Institute Cyber Crime Bleeds U.S. Corporations, 440
credit card hack, 440
Cryptography, 148
cyber terrorism, 443
DefCon II Wardriving Statistics, 440
“Description and Analysis of a Potent, Increasingly Prevalent, and Worrisome Internet Attack,” 441
Disk Investigator, 409
D-Link product data, 442
DoS, 442
encryption
algorithms, 442
fraudulent claims, 155
software to avoid, 442
English alphabet letter frequency distributions, 442
Ethereal, 420
FBI Computer Forensics, 396
federal jurisdictions, 396
Firestarter, 74
Firewall-1 data sheet, 442
Firewalls.com, 78
F-Secure
corporation, 29
virus descriptions, 440
Gimp, 127
hacker dictionary, 440
hash functions, 175
HFNetChkPro, 307
Home PC Firewall Guide, 73
“Improving the Security of Your Site by Breaking Into It,” 321
index.dat file retrieval tools, 400
International PGP, 442
IPSec, 179
IP spoofing, 441
ITSEC, 351
John the Ripper password cracker, 158
L2TP, 178
Linksys, 73
Linux, 127
Lumenison, 307
Mabutu virus, 443
McAfee
ePolicy Orchestrator, 307
Personal Firewall, 75
virus hoax listings, 443
Microsoft
anti-spyware, 274
Security Advisor, 29
Security Baseline Analyzer, 326
“Mitnick Teaches Social Engineering,” 440
Nessus, 322
NetBrute, 315
NetCop, 313
NetCraft.com, 378
NetStat Live, 322
Norton Personal Firewall, 75
NSAudit, 380
Open Office, 127
open source software, 127
OphCrack, 388
Orange Book, 339
OSI model, 174
Outpost Firewall, 75
Panda software, 247
password crackers, 159
PCI DSS, 357
PFSense, 79
pretty good privacy, 442
quantum encryption, 162
quantum physics, 162
rainbow tables, 283
Rijndael algorithm, 151
router-based firewalls, 73
RSA encryption algorithm, 153
“Russians Arrest CIA Hacker,” 443
SANS Institute, 29
SATAN scanner download, 321
SCO’s case against IBM, 441
Secunia Personal Software Inspector, 261
Slammer worm, 441
Sleuth Kit Autopsy, 409
smurfing, 441
Snort, 126
SOX, 29
Specter, 130
SuperScan, 326
Symantec Decoy Server, 133
terminology, 26
Tribal Flood Network, 50
Trin00, 50
Triple DES, 150
Trojan horse Internet Explorer hijack, 443
TrueCrypt, 416
U.S. Secret Service, 396
Virus List, 441
VPN, 443
W32.Mimail.A@mm worm, 441
“War Driving by the Bay,” 441
Watchguard Technologies, 78
What Is a Virus?, 440
Windows security, configuring, 201
WinGate, 87
Zen Works Patch Management, 307
Zimmerman, Philip, 442
What Is a Virus? website, 440
white hat hackers, 23
WhoIS protocol, 6
Windows
2008 VPN server configuration, 181
finishing, 183
routing and remote access, 181
VPN access, 182
registry, forensic evidence gathering, 407
scanners
Active Ports, 325
TCPView, 325
security policies, 201
account lockout, 200
organizational, 201
services
dependencies, 209
Update, 307
word frequency, 144
work profiles (users/groups), 126
worms
Bropla, 233
defined, 229
MyDoom, 53
alert website, 442
description website, 441
history, 53
monetary damages, 53
overview, 52
Santy, 233
viruses, compared, 51
W32.Mimail.A@mm, 441
X
X.509 certificates, 156
XOR operations, 147
Y
Yellow Book (Rainbow series), 350
Yellow-Green Book (Rainbow series), 350
Z
Zen Works Patch Management, 307
Zimmerman, Philip website, 442