COMPUTER SECURITY HANDBOOK (Volume 1) -- CONTENTS -- PREFACE -- ACKNOWLEDGMENTS -- ABOUT THE EDITORS -- ABOUT THE CONTRIBUTORS -- A NOTE TO THE INSTRUCTOR -- INTRODUCTION TO PART I: FOUNDATIONS OF COMPUTER SECURITY -- CHAPTER 1 BRIEF HISTORY AND MISSION OF INFORMATION SYSTEM SECURITY -- 1.1 INTRODUCTION TO INFORMATION SYSTEM SECURITY -- 1.2 EVOLUTION OF INFORMATION SYSTEMS -- 1.2.1 1950s: Punched-Card Systems -- 1.2.2 Large-Scale Computers -- 1.2.3 Medium-Size Computers -- 1.2.4 1960s: Small-Scale Computers -- 1.2.5 Transistors and Core Memory -- 1.2.6 Time Sharing -- 1.2.7 Real-Time, Online Systems -- 1.2.8 A Family of Computers -- 1.2.9 1970s: Microprocessors -- 1.2.10 The First Personal Computers -- 1.2.11 The First Network -- 1.2.12 Further Security Considerations -- 1.2.13 The First "Worm" -- 1.2.14 1980s: Productivity Enhancements -- 1.2.15 1980s: The Personal Computer -- 1.2.16 Local Area Networks -- 1.2.17 1990s: Interconnection -- 1.2.18 1990s: Total Interconnection -- 1.2.19 Telecommuting -- 1.2.20 Internet and the World Wide Web -- 1.2.21 Virtualization and the Cloud -- 1.2.22 Supervisory Control and Data Acquisition -- 1.3 GOVERNMENT RECOGNITION OF INFORMATION ASSURANCE -- 1.3.1 IA Standards -- 1.3.2 Computers at Risk -- 1.3.3 InfraGard -- 1.4 RECENT DEVELOPMENTS -- 1.5 ONGOING MISSION FOR INFORMATION SYSTEM SECURITY -- 1.6 NOTES -- CHAPTER 2 HISTORY OF COMPUTER CRIME -- 2.1 WHY STUDY HISTORICAL RECORDS? -- 2.2 OVERVIEW -- 2.3 1960S AND 1970S: SABOTAGE -- 2.3.1 Direct Damage to Computer Centers -- 2.3.2 1970-1972: Albert the Saboteur -- 2.4 IMPERSONATION -- 2.4.1 1970: Jerry Neal Schneider -- 2.4.2 1980-2003: Kevin Mitnick -- 2.4.3 Credit Card Fraud -- 2.4.4 Identity Theft Rises -- 2.5 PHONE PHREAKING -- 2.5.1 2600 Hz -- 2.5.2 1982-1991: Kevin Poulsen -- 2.6 DATA DIDDLING -- 2.6.1 Equity Funding Fraud (1964-1973).

2.6.2 1994: Vladimir Levin and the Citibank Heist -- 2.7 SALAMI FRAUD -- 2.8 LOGIC BOMBS -- 2.9 EXTORTION -- 2.10 TROJAN HORSES -- 2.10.1 1988 Flu-Shot Hoax -- 2.10.2 Scrambler, 12-Tricks, and PC Cyborg -- 2.10.3 1994: Datacomp Hardware Trojan -- 2.10.4 Keylogger Trojans -- 2.10.5 Haephrati Trojan -- 2.10.6 Hardware Trojans and Information Warfare -- 2.11 NOTORIOUS WORMS AND VIRUSES -- 2.11.1 1970-1990: Early Malware Outbreaks -- 2.11.2 December 1987: Christmas Tree Worm -- 2.11.3 November 2, 1988: Morris Worm -- 2.11.4 Malware in the 1990s -- 2.11.5 March 1999: Melissa -- 2.11.6 May 2000: I Love You -- 2.11.7 July 2010 Stuxnet -- 2.12 SPAM 2 -- 2.12.1 1994: Green Card Lottery Spam -- 2.12.2 Spam Goes Global -- 2.13 DENIAL OF SERVICE -- 2.13.1 1996: Unamailer -- 2.13.2 2000: MafiaBoy -- 2.14 HACKER UNDERGROUND -- 2.14.1 1981: Chaos Computer Club -- 2.14.2 1982: The 414s -- 2.14.3 1984: Cult of the Dead Cow -- 2.14.4 1984: 2600: The Hacker Quarterly -- 2.14.5 1984: Legion of Doom -- 2.14.6 1985: Phrack -- 2.14.7 1989: Masters of Deception -- 2.14.8 1990: Operation Sundevil -- 2.14.9 1990: Steve Jackson Games -- 2.14.10 1992: L0pht Heavy Industries -- 2.14.11 2004: Shadowcrew -- 2.14.12 Late 2000s: Russian Business Network (RBN) -- 2.14.13 Anonymous -- 2.14.14 2013: Unlimited Operations -- 2.15 INDUSTRIAL ESPIONAGE -- 2.16 CONCLUDING REMARKS -- 2.17 FURTHER READING -- 2.18 NOTES -- CHAPTER 3 TOWARD A NEW FRAMEWORK FOR INFORMATION SECURITY -- 3.1 PROPOSAL FOR A NEW INFORMATION SECURITY FRAMEWORK -- 3.2 SIX ESSENTIAL SECURITY ELEMENTS -- 3.2.1 Loss Scenario 1: Availability -- 3.2.2 Loss Scenario 2: Utility -- 3.2.3 Loss Scenario 3: Integrity -- 3.2.4 Loss Scenario 4: Authenticity -- 3.2.5 Loss Scenario 5: Confidentiality -- 3.2.6 Loss Scenario 6: Possession -- 3.2.7 Conclusions about the Six Elements.

3.3 WHAT THE DICTIONARIES SAY ABOUT THE WORDS WE USE -- 3.4 COMPREHENSIVE LISTS OF SOURCES AND ACTS CAUSING INFORMATION LOSSES -- 3.4.1 Complete List of Information Loss Acts -- 3.4.2 Examples of Acts and Suggested Controls -- 3.4.3 Physical Information and Systems Losses -- 3.4.4 Challenge of Complete Lists -- 3.5 FUNCTIONS OF INFORMATION SECURITY -- 3.6 SELECTING SAFEGUARDS USING A STANDARD OF DUE DILIGENCE -- 3.7 THREATS, ASSETS, VULNERABILITIES MODEL -- 3.8 CONCLUSION -- 3.9 FURTHER READING -- CHAPTER 4 HARDWARE ELEMENTS OF SECURITY -- 4.1 INTRODUCTION -- 4.2 BINARY DESIGN -- 4.2.1 Pulse Characteristics -- 4.2.2 Circuitry -- 4.2.3 Coding -- 4.3 PARITY -- 4.3.1 Vertical Redundancy Checks -- 4.3.2 Longitudinal Redundancy Checks -- 4.3.3 Cyclical Redundancy Checks -- 4.3.4 Self-Checking Codes -- 4.4 HARDWARE OPERATIONS -- 4.5 INTERRUPTS -- 4.5.1 Types of Interrupts -- 4.5.2 Trapping -- 4.6 MEMORY AND DATA STORAGE -- 4.6.1 Main Memory -- 4.6.2 Read-Only Memory -- 4.6.3 Secondary Storage -- 4.7 TIME -- 4.7.1 Synchronous -- 4.7.2 Asynchronous -- 4.8 NATURAL DANGERS -- 4.8.1 Power Failure -- 4.8.2 Heat -- 4.8.3 Humidity -- 4.8.4 Water -- 4.8.5 Dirt and Dust -- 4.8.6 Radiation -- 4.8.7 Downtime -- 4.9 DATA COMMUNICATIONS -- 4.9.1 Terminals -- 4.9.2 Wired Facilities -- 4.9.3 Wireless Communications -- 4.10 CRYPTOGRAPHY -- 4.11 BACKUP -- 4.11.1 Personnel -- 4.11.2 Hardware -- 4.11.3 Power -- 4.11.4 Testing -- 4.12 RECOVERY PROCEDURES -- 4.13 MICROCOMPUTER CONSIDERATIONS -- 4.13.1 Accessibility -- 4.13.2 Knowledge -- 4.13.3 Motivation -- 4.13.4 Opportunity -- 4.13.5 Threats to Microcomputers -- 4.13.6 Maintenance and Repair -- 4.14 CONCLUSION -- 4.15 HARDWARE SECURITY CHECKLIST -- 4.16 FURTHER READING -- CHAPTER 5 DATA COMMUNICATIONS AND INFORMATION SECURITY -- 5.1 INTRODUCTION -- 5.2 SAMPLING OF NETWORKS -- 5.2.1 Simple Home Network -- 5.2.2 Building LAN.

5.2.3 Firms' Wide Area Networks (WANs) -- 5.2.4 Internet -- 5.2.5 Applications -- 5.3 NETWORK PROTOCOLS AND VULNERABILITIES -- 5.4 STANDARDS -- 5.4.1 Core Layers -- 5.4.2 Layered Standards Architectures -- 5.4.3 Single-Network Standards -- 5.4.4 Internetworking Standards -- 5.5 INTERNET PROTOCOL (IP) -- 5.5.1 IP Version 4 Packet -- 5.5.2 IP Version 6 -- 5.5.3 IPsec -- 5.6 TRANSMISSION CONTROL PROTOCOL (TCP) -- 5.6.1 Connection-Oriented and Reliable Protocol -- 5.6.2 Reliability -- 5.6.3 Flag Fields -- 5.6.4 Octets and Sequence Number -- 5.6.5 Acknowledgment Numbers -- 5.6.6 Window Field -- 5.6.7 Options -- 5.6.8 Port Numbers -- 5.6.9 TCP Security -- 5.7 USER DATAGRAM PROTOCOL -- 5.8 TCP/IP SUPERVISORY STANDARDS -- 5.8.1 Internet Control Message Protocol (ICMP) -- 5.8.2 Domain Name System (DNS) -- 5.8.3 Dynamic Host Configuration Protocol (DHCP) -- 5.8.4 Dynamic Routing Protocols -- 5.8.5 Simple Network Management Protocol (SNMP) -- 5.9 APPLICATION STANDARDS -- 5.9.1 HTTP and HTML -- 5.9.2 E-Mail -- 5.9.3 Telnet, FTP, and SSH -- 5.9.4 Other Application Standards -- 5.10 CONCLUDING REMARKS -- 5.11 FURTHER READING -- 5.12 NOTES -- CHAPTER 6 LOCAL AREA NETWORK TOPOLOGIES, PROTOCOLS, AND DESIGN -- 6.1 OVERVIEW -- 6.1.1 LAN Characteristics -- 6.1.2 LAN Components -- 6.1.3 LAN Technology Parameters -- 6.1.4 Summary -- 6.2 LAN TOPOLOGY -- 6.2.1 Network Control -- 6.2.2 Star Topology -- 6.2.3 Ring Topology -- 6.2.4 Bus Topology -- 6.2.5 Physical versus Logical Topology -- 6.3 MEDIA -- 6.3.1 Coaxial Cable -- 6.3.2 Twisted Pair -- 6.3.3 Optical Fiber -- 6.3.4 Wireless Media -- 6.3.5 Summary -- 6.4 MEDIA ACCESS CONTROL -- 6.4.1 Contention -- 6.4.2 Distributed Polling -- 6.5 LAN PROTOCOLS AND STANDARDS -- 6.5.1 OSI Model versus LAN Model Architectures -- 6.5.2 IEEE 802 Standards -- 6.5.3 IEEE 802.3 CSMA/CD Standard -- 6.5.4 Ethernet II.

6.5.5 IEEE 802.5 Token-Ring Standard -- 6.5.6 IEEE 802.2 LLC Standard -- 6.5.7 Summary -- 6.6 INTERCONNECTION DEVICES -- 6.6.1 Hubs -- 6.6.2 Switches -- 6.6.3 Bridges -- 6.6.4 Routers -- 6.6.5 Summary -- 6.7 NETWORK OPERATING SYSTEMS -- 6.8 SUMMARY -- 6.9 FURTHER READING -- 6.10 NOTES -- CHAPTER 7 ENCRYPTION -- 7.1 INTRODUCTION TO CRYPTOGRAPHY -- 7.1.1 Terminology -- 7.1.2 Role of Cryptography -- 7.1.3 Limitations -- 7.2 BASIC CRYPTOGRAPHY -- 7.2.1 Early Ciphers -- 7.2.2 More Cryptic Terminology -- 7.2.3 Basic Cryptanalysis -- 7.2.4 Brute Force Cryptanalysis -- 7.2.5 Monoalphabetical Substitution Ciphers -- 7.2.6 Polyalphabetical Substitution Ciphers -- 7.2.7 The Vigenère Cipher -- 7.2.8 Early-Twentieth-Century Cryptanalysis -- 7.2.9 Adding up XOR -- 7.3 DES AND MODERN ENCRYPTION -- 7.3.1 Real Constraints -- 7.3.2 One-Time Pad -- 7.3.3 Transposition, Rotors, Products, and Blocks -- 7.3.4 Data Encryption Standard -- 7.3.5 DES Strength -- 7.3.6 DES Weakness -- 7.4 PUBLIC KEY ENCRYPTION -- 7.4.1 Key-Exchange Problem -- 7.4.2 Public Key Systems -- 7.4.3 Authenticity and Trust -- 7.4.4 Limitations and Combinations -- 7.5 PRACTICAL ENCRYPTION -- 7.5.1 Communications and Storage -- 7.5.2 Securing the Transport Layer -- 7.5.3 X.509v3 Certificate Format -- 7.6 BEYOND RSA AND DES -- 7.6.1 Elliptic Curve Cryptography -- 7.6.2 RSA Patent Expires -- 7.6.3 DES Superseded -- 7.6.4 Quantum Cryptography -- 7.6.5 Snake Oil Factor -- 7.7 STEGANOGRAPHY -- 7.8 FURTHER READING -- 7.9 NOTES -- CHAPTER 8 USING A COMMON LANGUAGE FOR COMPUTER SECURITY INCIDENT INFORMATION -- 8.1 INTRODUCTION -- 8.2 WHY A COMMON LANGUAGE IS NEEDED -- 8.3 DEVELOPMENT OF THE COMMON LANGUAGE -- 8.4 COMPUTER SECURITY INCIDENT INFORMATION TAXONOMY -- 8.4.1 Events -- 8.4.2 Attacks -- 8.4.3 Full Incident Information Taxonomy -- 8.5 ADDITIONAL INCIDENT INFORMATION TERMS -- 8.5.1 Success and Failure.

8.5.2 Site and Site Name.