Description

Book Synopsis

Dr. Chuck Easttom is the author of 37 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 25 computer science patents. He holds a doctor of science degree in cybersecurity (dissertation topic: a study of lattice-based algorithms for post quantum cryptography), a Ph.D. in Computer Science (dissertation topic: A Systematic Framework for Network Forensics Using Graph Theory), and a Ph.D. in Nanotechnology (dissertation topic: The Effects of Complexity on Carbon Nanotube Failures) and three master's degrees (one in applied computer science, one in education, and one in systems engineering). He also holds more than 70 industry certifications (CISSP, CEH, etc.). He is a frequent speaker at cybersecurity, computer science, and engineering conferences. He is a Distinguished Speaker and senior member of the ACM and

Table of Contents

Introduction xxix

Chapter 1: Introduction to Computer Security 2

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

How Seriously Should You Take Threats to Network Security?. . . . . . . . . . 4

Identifying Types of Threats.. . . . . . . . . . . . . . . . . . . . . . . . 7

Assessing the Likelihood of an Attack on Your Network.. . . . . . . . . . . . 17

Basic Security Terminology. . . . . . . . . . . . . . . . . . . . . . . . 18

Concepts and Approaches.. . . . . . . . . . . . . . . . . . . . . . . . 21

How Do Legal Issues Impact Network Security?.. . . . . . . . . . . . . . . 24

Online Security Resources.. . . . . . . . . . . . . . . . . . . . . . . . 25

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Chapter 2: Networks and the Internet 34

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Network Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

How the Internet Works. . . . . . . . . . . . . . . . . . . . . . . . . 43

History of the Internet.. . . . . . . . . . . . . . . . . . . . . . . . . . 50

Basic Network Utilities.. . . . . . . . . . . . . . . . . . . . . . . . . 52

Other Network Devices.. . . . . . . . . . . . . . . . . . . . . . . . . 59

Advanced Network Communications Topics.. . . . . . . . . . . . . . . . 60

Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Chapter 3: Cyber Stalking, Fraud, and Abuse 74

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

How Internet Fraud Works.. . . . . . . . . . . . . . . . . . . . . . . . 75

Identity Theft.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Cyber Stalking.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Protecting Yourself Against Cybercrime.. . . . . . . . . . . . . . . . . . 91

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Chapter 4: Denial of Service Attacks 106

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

DoS Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Illustrating an Attack.. . . . . . . . . . . . . . . . . . . . . . . . . . 107

Common Tools Used for DoS Attacks.. . . . . . . . . . . . . . . . . . . 109

DoS Weaknesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Specific DoS Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . 112

Real-World Examples of DoS Attacks.. . . . . . . . . . . . . . . . . . . 120

How to Defend Against DoS Attacks.. . . . . . . . . . . . . . . . . . . 121

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Chapter 5: Malware 130

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Viruses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Trojan Horses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

The Buffer-Overflow Attack. . . . . . . . . . . . . . . . . . . . . . . 145

Spyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Other Forms of Malware.. . . . . . . . . . . . . . . . . . . . . . . . 149

Detecting and Eliminating Viruses and Spyware. . . . . . . . . . . . . . . 153

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Chapter 6: Techniques Used by Hackers 166

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Basic Terminology.. . . . . . . . . . . . . . . . . . . . . . . . . . . 167

The Reconnaissance Phase.. . . . . . . . . . . . . . . . . . . . . . . 167

Actual Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Malware Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Penetration Testing.. . . . . . . . . . . . . . . . . . . . . . . . . . 187

The Dark Web. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Chapter 7: Industrial Espionage in Cyberspace 200

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

What Is Industrial Espionage?.. . . . . . . . . . . . . . . . . . . . . . 202

Information as an Asset. . . . . . . . . . . . . . . . . . . . . . . . . 203

Real-World Examples of Industrial Espionage.. . . . . . . . . . . . . . . 205

How Does Espionage Occur?. . . . . . . . . . . . . . . . . . . . . . 207

Protecting Against Industrial Espionage.. . . . . . . . . . . . . . . . . . 212

Trade Secrets.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

The Industrial Espionage Act.. . . . . . . . . . . . . . . . . . . . . . 218

Spear Phishing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Chapter 8: Encryption 226

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Cryptography Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . 227

History of Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . 228

Modern Cryptography Methods.. . . . . . . . . . . . . . . . . . . . . 236

Public Key (Asymmetric) Encryption.. . . . . . . . . . . . . . . . . . . 245

PGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Legitimate Versus Fraudulent Encryption Methods.. . . . . . . . . . . . . 251

Digital Signatures. . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Hashing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

MAC and HMAC.. . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Steganography. . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Cryptanalysis.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Cryptography Used on the Internet.. . . . . . . . . . . . . . . . . . . . 259

Quantum Computing Cryptography. . . . . . . . . . . . . . . . . . . . 259

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Chapter 9: Computer Security Technology 268

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Virus Scanners.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Antispyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

IDSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Digital Certificates.. . . . . . . . . . . . . . . . . . . . . . . . . . . 292

SSL/TLS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Virtual Private Networks.. . . . . . . . . . . . . . . . . . . . . . . . 296

Wi-Fi Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Chapter 10: Security Policies 304

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

What Is a Policy?.. . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Important Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . 305

Defining User Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 308

Defining System Administration Policies.. . . . . . . . . . . . . . . . . . 316

Security Breaches.. . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Defining Access Control.. . . . . . . . . . . . . . . . . . . . . . . . 321

Development Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 322

Standards, Guidelines, and Procedures.. . . . . . . . . . . . . . . . . . 323

Disaster Recovery.. . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Zero Trust.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Important Laws.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Chapter 11: Network Scanning and Vulnerability Scanning 336

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

Basics of Assessing a System.. . . . . . . . . . . . . . . . . . . . . . 337

Securing Computer Systems.. . . . . . . . . . . . . . . . . . . . . . 346

Scanning Your Network. . . . . . . . . . . . . . . . . . . . . . . . . 352

Testing and Scanning Standards.. . . . . . . . . . . . . . . . . . . . . 363

Getting Professional Help.. . . . . . . . . . . . . . . . . . . . . . . . 366

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Chapter 12: Cyber Terrorism and Information Warfare 378

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 379

Weapons of Cyber Warfare.. . . . . . . . . . . . . . . . . . . . . . . 382

Economic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Military Operations Attacks. . . . . . . . . . . . . . . . . . . . . . . 386

General Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Supervisory Control and Data Acquisitions (SCADA).. . . . . . . . . . . . . 387

Information Warfare.. . . . . . . . . . . . . . . . . . . . . . . . . . 388

Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 391

Future Trends.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Defense Against Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 399

Terrorist Recruiting and Communication.. . . . . . . . . . . . . . . . . . 399

TOR and the Dark Web.. . . . . . . . . . . . . . . . . . . . . . . . . 400

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

Chapter 13: Cyber Detective 408

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

General Searches. . . . . . . . . . . . . . . . . . . . . . . . . . . 410

Company Searches.. . . . . . . . . . . . . . . . . . . . . . . . . . 413

Court Records and Criminal Checks.. . . . . . . . . . . . . . . . . . . 413

Usenet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Google.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Maltego. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Chapter 14: Introduction to Forensics 426

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

General Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . 427

Finding Evidence on a PC. . . . . . . . . . . . . . . . . . . . . . . . 440

Finding Evidence in System Logs.. . . . . . . . . . . . . . . . . . . . 441

Getting Back Deleted Files.. . . . . . . . . . . . . . . . . . . . . . . 442

Operating System Utilities. . . . . . . . . . . . . . . . . . . . . . . . 445

The Windows Registry. . . . . . . . . . . . . . . . . . . . . . . . . 447

Mobile Forensics: Cell Phone Concepts.. . . . . . . . . . . . . . . . . . 452

The Need for Forensic Certification.. . . . . . . . . . . . . . . . . . . . 457

Expert Witnesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 458

Additional Types of Forensics.. . . . . . . . . . . . . . . . . . . . . . 459

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Chapter 15: Cybersecurity Engineering 466

Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466

Defining Cybersecurity Engineering.. . . . . . . . . . . . . . . . . . . . 467

Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

SecML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

Glossary 494

Appendix A: Resources 500

Appendix B: Answers to the Multiple Choice Questions 502

9780137984787, TOC, 12/6/2022

Computer Security Fundamentals

    Product form

    £60.29

    Includes FREE delivery

    RRP £66.99 – you save £6.70 (10%)

    Order before 4pm tomorrow for delivery by Tue 7 Jul 2026.

    A Paperback / softback by William Easttom, II

    1 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Computer Security Fundamentals by William Easttom, II

      Publisher: Pearson Education (US)
      Publication Date: 19/01/2023
      ISBN13: 9780137984787, 978-0137984787
      ISBN10: 0137984782

      Description

      Book Synopsis

      Dr. Chuck Easttom is the author of 37 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 25 computer science patents. He holds a doctor of science degree in cybersecurity (dissertation topic: a study of lattice-based algorithms for post quantum cryptography), a Ph.D. in Computer Science (dissertation topic: A Systematic Framework for Network Forensics Using Graph Theory), and a Ph.D. in Nanotechnology (dissertation topic: The Effects of Complexity on Carbon Nanotube Failures) and three master's degrees (one in applied computer science, one in education, and one in systems engineering). He also holds more than 70 industry certifications (CISSP, CEH, etc.). He is a frequent speaker at cybersecurity, computer science, and engineering conferences. He is a Distinguished Speaker and senior member of the ACM and

      Table of Contents

      Introduction xxix

      Chapter 1: Introduction to Computer Security 2

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

      How Seriously Should You Take Threats to Network Security?. . . . . . . . . . 4

      Identifying Types of Threats.. . . . . . . . . . . . . . . . . . . . . . . . 7

      Assessing the Likelihood of an Attack on Your Network.. . . . . . . . . . . . 17

      Basic Security Terminology. . . . . . . . . . . . . . . . . . . . . . . . 18

      Concepts and Approaches.. . . . . . . . . . . . . . . . . . . . . . . . 21

      How Do Legal Issues Impact Network Security?.. . . . . . . . . . . . . . . 24

      Online Security Resources.. . . . . . . . . . . . . . . . . . . . . . . . 25

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

      Chapter 2: Networks and the Internet 34

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

      Network Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

      How the Internet Works. . . . . . . . . . . . . . . . . . . . . . . . . 43

      History of the Internet.. . . . . . . . . . . . . . . . . . . . . . . . . . 50

      Basic Network Utilities.. . . . . . . . . . . . . . . . . . . . . . . . . 52

      Other Network Devices.. . . . . . . . . . . . . . . . . . . . . . . . . 59

      Advanced Network Communications Topics.. . . . . . . . . . . . . . . . 60

      Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

      Chapter 3: Cyber Stalking, Fraud, and Abuse 74

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

      How Internet Fraud Works.. . . . . . . . . . . . . . . . . . . . . . . . 75

      Identity Theft.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

      Cyber Stalking.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

      Protecting Yourself Against Cybercrime.. . . . . . . . . . . . . . . . . . 91

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

      Chapter 4: Denial of Service Attacks 106

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

      DoS Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

      Illustrating an Attack.. . . . . . . . . . . . . . . . . . . . . . . . . . 107

      Common Tools Used for DoS Attacks.. . . . . . . . . . . . . . . . . . . 109

      DoS Weaknesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 112

      Specific DoS Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . 112

      Real-World Examples of DoS Attacks.. . . . . . . . . . . . . . . . . . . 120

      How to Defend Against DoS Attacks.. . . . . . . . . . . . . . . . . . . 121

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

      Chapter 5: Malware 130

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

      Viruses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

      Trojan Horses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

      The Buffer-Overflow Attack. . . . . . . . . . . . . . . . . . . . . . . 145

      Spyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

      Other Forms of Malware.. . . . . . . . . . . . . . . . . . . . . . . . 149

      Detecting and Eliminating Viruses and Spyware. . . . . . . . . . . . . . . 153

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

      Chapter 6: Techniques Used by Hackers 166

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

      Basic Terminology.. . . . . . . . . . . . . . . . . . . . . . . . . . . 167

      The Reconnaissance Phase.. . . . . . . . . . . . . . . . . . . . . . . 167

      Actual Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

      Malware Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . 184

      Penetration Testing.. . . . . . . . . . . . . . . . . . . . . . . . . . 187

      The Dark Web. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

      Chapter 7: Industrial Espionage in Cyberspace 200

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

      What Is Industrial Espionage?.. . . . . . . . . . . . . . . . . . . . . . 202

      Information as an Asset. . . . . . . . . . . . . . . . . . . . . . . . . 203

      Real-World Examples of Industrial Espionage.. . . . . . . . . . . . . . . 205

      How Does Espionage Occur?. . . . . . . . . . . . . . . . . . . . . . 207

      Protecting Against Industrial Espionage.. . . . . . . . . . . . . . . . . . 212

      Trade Secrets.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

      The Industrial Espionage Act.. . . . . . . . . . . . . . . . . . . . . . 218

      Spear Phishing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

      Chapter 8: Encryption 226

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

      Cryptography Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . 227

      History of Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . 228

      Modern Cryptography Methods.. . . . . . . . . . . . . . . . . . . . . 236

      Public Key (Asymmetric) Encryption.. . . . . . . . . . . . . . . . . . . 245

      PGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

      Legitimate Versus Fraudulent Encryption Methods.. . . . . . . . . . . . . 251

      Digital Signatures. . . . . . . . . . . . . . . . . . . . . . . . . . . 252

      Hashing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

      MAC and HMAC.. . . . . . . . . . . . . . . . . . . . . . . . . . . 254

      Steganography. . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

      Cryptanalysis.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

      Cryptography Used on the Internet.. . . . . . . . . . . . . . . . . . . . 259

      Quantum Computing Cryptography. . . . . . . . . . . . . . . . . . . . 259

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

      Chapter 9: Computer Security Technology 268

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

      Virus Scanners.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

      Firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

      Antispyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

      IDSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

      Digital Certificates.. . . . . . . . . . . . . . . . . . . . . . . . . . . 292

      SSL/TLS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

      Virtual Private Networks.. . . . . . . . . . . . . . . . . . . . . . . . 296

      Wi-Fi Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

      Chapter 10: Security Policies 304

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

      What Is a Policy?.. . . . . . . . . . . . . . . . . . . . . . . . . . . 305

      Important Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . 305

      Defining User Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 308

      Defining System Administration Policies.. . . . . . . . . . . . . . . . . . 316

      Security Breaches.. . . . . . . . . . . . . . . . . . . . . . . . . . . 319

      Defining Access Control.. . . . . . . . . . . . . . . . . . . . . . . . 321

      Development Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 322

      Standards, Guidelines, and Procedures.. . . . . . . . . . . . . . . . . . 323

      Disaster Recovery.. . . . . . . . . . . . . . . . . . . . . . . . . . . 324

      Zero Trust.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

      Important Laws.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

      Chapter 11: Network Scanning and Vulnerability Scanning 336

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

      Basics of Assessing a System.. . . . . . . . . . . . . . . . . . . . . . 337

      Securing Computer Systems.. . . . . . . . . . . . . . . . . . . . . . 346

      Scanning Your Network. . . . . . . . . . . . . . . . . . . . . . . . . 352

      Testing and Scanning Standards.. . . . . . . . . . . . . . . . . . . . . 363

      Getting Professional Help.. . . . . . . . . . . . . . . . . . . . . . . . 366

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

      Chapter 12: Cyber Terrorism and Information Warfare 378

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

      Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 379

      Weapons of Cyber Warfare.. . . . . . . . . . . . . . . . . . . . . . . 382

      Economic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . 384

      Military Operations Attacks. . . . . . . . . . . . . . . . . . . . . . . 386

      General Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

      Supervisory Control and Data Acquisitions (SCADA).. . . . . . . . . . . . . 387

      Information Warfare.. . . . . . . . . . . . . . . . . . . . . . . . . . 388

      Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 391

      Future Trends.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

      Defense Against Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 399

      Terrorist Recruiting and Communication.. . . . . . . . . . . . . . . . . . 399

      TOR and the Dark Web.. . . . . . . . . . . . . . . . . . . . . . . . . 400

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

      Chapter 13: Cyber Detective 408

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

      General Searches. . . . . . . . . . . . . . . . . . . . . . . . . . . 410

      Company Searches.. . . . . . . . . . . . . . . . . . . . . . . . . . 413

      Court Records and Criminal Checks.. . . . . . . . . . . . . . . . . . . 413

      Usenet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

      Google.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

      Maltego. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

      Chapter 14: Introduction to Forensics 426

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

      General Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . 427

      Finding Evidence on a PC. . . . . . . . . . . . . . . . . . . . . . . . 440

      Finding Evidence in System Logs.. . . . . . . . . . . . . . . . . . . . 441

      Getting Back Deleted Files.. . . . . . . . . . . . . . . . . . . . . . . 442

      Operating System Utilities. . . . . . . . . . . . . . . . . . . . . . . . 445

      The Windows Registry. . . . . . . . . . . . . . . . . . . . . . . . . 447

      Mobile Forensics: Cell Phone Concepts.. . . . . . . . . . . . . . . . . . 452

      The Need for Forensic Certification.. . . . . . . . . . . . . . . . . . . . 457

      Expert Witnesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 458

      Additional Types of Forensics.. . . . . . . . . . . . . . . . . . . . . . 459

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

      Chapter 15: Cybersecurity Engineering 466

      Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466

      Defining Cybersecurity Engineering.. . . . . . . . . . . . . . . . . . . . 467

      Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

      SecML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

      Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

      Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

      Glossary 494

      Appendix A: Resources 500

      Appendix B: Answers to the Multiple Choice Questions 502

      9780137984787, TOC, 12/6/2022

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account