# (pound sign), 260
2G, 409
2nd Thought, 137
3DES (Triple DES), 219
3G, 409
4G, 409
56-bit cipher key (DES), 217
60 Minutes, 351
abelian groups, 221
Absolute Keylogger, 135
Abvast, 142
acceptance of risk, 6
AccessData Forensic Toolkit, 388–391, 396
active IDSs (intrusion detection systems), 255
active scanning
active code scanning, 247
MBSA (Microsoft Baseline Security Analyzer), 321–323
OWASP (Open Web Application Security Project), 326–327
vulnerability assessment, 158–159
activities, IDS, 256
Address Resolution Protocol (ARP), 54–55
addresses
IPv4
CIDR (classless interdomain routing), 44
loopback addresses, 42
public versus private, 43
MAC (Media Access Control), 35, 57
AddRoundKey step (AES), 220
Adleman, Len, 224
Advanced Encryption Standard (AES), 38, 220–222
advanced persistent threats (APTs), 139–140, 344–345
Advanced Research Projects Agency (ARPA), 48
adware, 137
AES (Advanced Encryption Standard), 38, 220–222
AFCC (Air Force Cyber Command), 343
Agent.btz, 344
AHs (authentication headers), 270
Air Force Cyber Command (AFCC), 343
Airbus, 357
ALE (Annualized Loss Expectancy), 6
alerts, IDS, 256
algorithms
Diffie-Hellman, 227
ElGamal, 227
Elliptic Curve, 228
MD5, 231
MQV, 227
RIPEMD, 231
SHA, 231
Allen, James, 76
Amazon, 12
The Amnesiac Incognito Live System (TAILS), 175
amplifiers, 35
analyzers, IDS, 256
AND operation, 214
Android, forensics fr, 410–411
Annualized Loss Expectancy (ALE), 6
ANT+38
antispyware software, 194, 253–254
antivirus software, 140–143, 248
Apple Inc., industrial espionage at, 183
Apple Viruses, 128
application gateways, 250
Application log, 398
application proxies, 250
apport.log file, 399
APTs (advanced persistent threats), 139–140, 344–345
armored viruses, 122
ARP (Address Resolution Protocol), 54–55
ARPA (Advanced Research Projects Agency), 48
ARPANET, 48
ASs (authentication servers), 264
assessment, system security
probes, 314
protective software and devices, 311–312
asymmetric algorithms
Diffie-Hellman, 227
ElGamal, 227
Elliptic Curve, 228
MQV, 227
asymmetric encryption. See public key encryption
Asynchronous Transfer Mode (ATM), 269
Atbash cipher, 211
Atlanta, ransomware attack in, 125
ATM (Asynchronous Transfer Mode), 269
attachments, security policies for, 283–284
attacks. See threats
auction fraud
audit trails, 394
auditing, 19
auditpol, 398
authentication headers (AHs), 270
authentication servers (ASs), 264
autostart locations, 407
AVG, 129
AVG AntiVirus, 248
AVG antivirus, 142
avoidance of risk, 6
Barriss, Tyler, 78
BCPs (business continuity plans), 295–296
Bellaso, Giovan Battista, 212
Berners-Lee, Tim, 49
BIA (business impact assessment), 296
bid shielding, 71
.bin files, 416
binary numbers, converting, 41
binary operations, 214
BitLocker, 195
black hat hackers, 17, 152–153
black holes, 112
blackmail, DoS (denial of service) attacks, 111
block ciphers
Blowfish, 222
defined, 217
Serpent, 222
Skipjack, 222
Twofish, 220
Blowfish, 222
blue jacking, 166
blue teams, 153
bluebugging, 166
bluesnarfing, 166
Bluetooth, 38
boot sector viruses, 123
Bosselaers, Antoon, 231
Boston Globe attack, 109
botnets, 109
breaches, defined, 7
Bring Your Own Device (BYOD), 285
Broadband Guide, 311
brute force, 210
brute force techniques, 235
Budapest Convention on Cybercrime, 394–395
buffer-overflow attacks
Bureau of Federal Prisons, 378
business continuity
BCPs (business continuity plans), 295–296
standards, 296
business continuity plans (BCPs), 295–296
business continuity standards, 296
business impact assessment (BIA), 296
BYOD (Bring Your Own Device), 285
CAB (change approval board) process, 289
Cain and Abel, 159
CAPTCHA, 108
carriers, 233
CAs (certificate authorities), 265–266
CASP (CompTIA Advanced Security Practitioner), 6, 331
CBC (cipher block chaining) mode, 223
CBI (Central Bureau of Investigation), 344
CCB (change control board) process, 289
CCMP (Cipher Block Chaining Message Authentication Code Protocol), 38, 271
cell phones
attacks on, 166
cellular networks, 409
general principles, 412
ICCID (Integrated Circuit Card Identification), 408
IMSI (International Mobile Subscriber Identity), 408
iOS, 410
SIM (Subscriber Identity Module), 408
Windows, 411
Cellebrite, 397
cellular networks, 409
CENTCOM, 344
Center for Internet Security, 315
Center for Strategic and International Studies, 3, 357
Central Bureau of Investigation (CBI), 344
Cerf, Vince, 48
CERT (Computer Emergency Response Team), 23, 128
certificate authorities (CAs), 265–266
certificate revocation lists (CRLs), 266
certificates, digital, 265–266
certifications, 6, 152, 330–332, 413–414
Certified Advanced Security Practitioner (CASP), 331
Certified Ethical Hacker, 331
Certified Forensic Computer Examiner (CFCE), 413
Certified Information Systems Auditor (CISA), 6
Certified Information Systems Security Professional (CISSP), 6, 331
CGNPC (China General Nuclear Power Company), 188
chain of custody, 392
Challenge Handshake Authentication Protocol (CHAP), 262, 269
change approval board (CAB) process, 289
change control board (CCB) process, 289
channels, 233
CHAP (Challenge Handshake Authentication Protocol), 262, 269
Chen, Jizhong, 183
CHFI (Computer Hacking Forensic Investigator), 413
children, crimes against, 80–81
China
APTs (advanced persistent threats), 344–345
China General Nuclear Power Company (CGNPC), 188
Chinese Eagle Union, 344
Choose Your Own Device (CYOD), 285
chosen plain text, 236
Chrome security settings, 87
CIA triangle, 20
CIDR (classless interdomain routing), 44
cipher block chaining (CBC) mode, 223
Cipher Block Chaining Message Authentication Code Protocol (CCMP), 38, 271
ciphers
Atbash, 211
Blowfish, 222
cipher text-only attacks, 236
multi-alphabet substitution, 211–212
Rijndael, 220
Serpent, 222
Skipjack, 222
Twofish, 220
Vigenère, 212
CISA (Certified Information Systems Auditor), 6
CISSP (Certified Information Systems Security Professional), 6, 331
Citrix, 312
CIW Security Analyst, 331
classless interdomain routing (CIDR), 44
clearance levels (DoD), 294–295
client errors, 46
commands
fc, 403
net sessions, 402
nslookup, 53
openfiles, 403
DoS (denial of service) attacks, 97–99, 107–108
ping scans, 156
snort, 260
tracert, 52
commutative groups, 221
CommView, 415
Comodo, 266
company-owned and provided equipment (COPE), 285
Computer Crimes Acts, 23
Computer Emergency Response Team (CERT), 23, 128
Computer Fraud and Abuse Act (1986), 128
Computer Hacking Forensic Investigator (CHFI), 413
Computer Security Act, 22
confidential information, 294
configuration, desktop, 285
/.config/VirtualBox file, 416
connect scans, 156
content length, POST messages, 108
continuity, business
BCPs (business continuity plans), 295–296
standards, 296
cookies, 83
RST, 104
COPE (company-owned and provided equipment), 285
co-prime numbers, 224
Council of Europe Convention on Cybercrime, 394–395
Council of Europe’s Electronic Evidence Guide, 394–395
Counterexploitation website, 135
credibility, online threats, 78
Creeper, 128
CRLs (certificate revocation lists), 266
cross-site request forgery, 165
cross-site scripting, 12–13, 73, 165
Cruz, Kassandra, 75
cryptanalysis
birthday attacks
differential cryptanalysis, 236
linear cryptanalysis, 236
brute force, 235
chosen plain text, 236
cipher text only, 236
frequency analysis, 235
goals of, 235
known plain text, 236
related-key attacks, 236
cryptologic bomb, 213
custody, chain of, 392
cyber espionage. See espionage
cyber investigation. See investigation techniques
cyber stalking
crimes against children, 80–81
defined, 74
protecting against, 88
swatting, 78
cyber terrorism and cyber warfare
APTs (advanced persistent threats), 139–140, 344–345
defense against, 362
disinformation, 355
hacktivists, 356
information warfare, 352
malware
BlackEnergy, 347
FinFisher, 347
Flame, 346
NSA ANT catalog, 347
StopGeorgia.ru, 346
military operations attacks, 350
real-world examples, 343–344, 355–359
Chinese Eagle Union, 344
India/Pakistan, 345
Russian hackers, 345
SCADA (Supervisory Control and Data Acquisitions), 351–352
terrorist recruiting and communication, 362–363
cybercrime. See Internet fraud; threats
cybersecurity engineering. See systems engineering
Cybersecurity Research and Education Act (2002), 359
Cyberterrorism Preparedness Act (2002), 359
cyclic groups, 221
CYOD (Choose Your Own Device), 285
Daemen, John, 220
DAM (database activity monitoring), 261
DAMP (database activity monitoring and prevention), 261
DARPA (Defense Advanced Research Projects Agency), 363
Das, Mittesh, 139
Data Encryption Standard (DES), 216–219
data integrity, 394
data interface diagrams, 438–439
data sources, IDS, 256
data transmission
ports, 40
database activity monitoring and prevention (DAMP), 261
database activity monitoring (DAM), 261
Daubert standard, 414
DCC (Defence Cyber Command), 360
DDoS (distributed denial of service) attacks, 10, 99, 109
decryption, 207
cryptanalysis
brute force, 235
chosen plain text, 236
cipher text only, 236
differential cryptanalysis, 236
frequency analysis, 235
goals of, 235
known plain text, 236
linear cryptanalysis, 236
related-key attacks, 236
steganography, 234
dedicated parity, striped disks with, 297
Defence Cyber Command (DCC), 360
Defense Advanced Research Projects Agency (DARPA), 363
deleted files, recovering, 399–402
demilitarized zone (DMZ), 320
denial of service. See DoS (denial of service) attacks
departing employees, security policies for, 287–288
Department of Defense clearance levels, 294–295
DES (Data Encryption Standard), 216–219
desktop configuration, security policies for, 285
detective investigation. See investigation techniques
developmental policies, 293
DHCP (Dynamic Host Control Protocol) starvation, 108
diagrams
security block, 439
use-case, 428
DIDs (data interface diagrams), 438–439
differential cryptanalysis, 236
Diffie, Whitfield, 227
Diffie-Hellman, 227
DigiCert, 266
Digital Signature Algorithm (DSA), 228
digital signatures, 230
directory traversal, 165
disaster, defined, 295
disaster recovery
BCPs (business continuity plans), 295–296
business continuity standards, 296
DRPs (disaster recovery plans), 295, 312
impact analysis, 296
disinformation, 355
distributed denial of service (DDoS) attacks, 10, 99, 109
distributed parity, striped disks with, 298
DMZ (demilitarized zone), 320
DNS (Domain Name System), 39
DNS (Domain Name System) poisoning, 8, 14–15
Dobbertin, Hans, 231
documentation, forensics, 391–393
Domain Name System (DNS), 39
DoS (denial of service) attacks
DDoS (distributed denial of service), 10, 99, 109
DHCP starvation, 108
Fraggle attacks, 106
HTTP POST DoS attacks, 108
ICMP (Internet Control Message Protocol) flood attacks, 107
land attacks, 109
login DoS attacks, 108
PDoS (permanent denial of service), 108
registration DoS attacks, 108
scope of problem, 97
security policies for, 291
TCP (Transmission Control Protocol) SYN flood attacks
micro blocks, 103
RST cookies, 104
SPI firewalls, 105
stack tweaking, 104
teardrop attacks, 108
tools for
HOIC (High Orbit Ion Cannon), 100
LOIC (Low Orbit Ion Cannon), 99–100
Stacheldraht, 101
TFN (Tribal Flood Network), 101
TFN2K, 101
Trinoo DDoS tool, 101
XOIC, 100
UDP (User Datagram Protocol) flood attacks, 107
DoSHTTP, 346
download scanning, 246
doxxing, 15
DRPs (disaster recovery plans), 295, 312
DS0 connection lines, 36
DSA (Digital Signature Algorithm), 228
dual parity, striped disks with, 298
dual-homed hosts, 251
dumpster diving, 370
Duronio, Roger, 139
Dynamic Host Control Protocol (DHCP) starvation, 108
EAP (Extensible Authentication Protocol), 262, 269
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), 262
eBay, 12
ECB (electronic codebook) mode, 223
ECC (Elliptic Curve Cryptography), 228
EC-Council Certified Ethical Hacker, 152, 331
Economic Espionage Act (1996), 183
EDGE (Enhanced Data Rates for GSM Evolution), 409
Edge browser, 84
Edwards, John, 359
EffeTech HTTP Sniffer, 415
EFS (Encrypted File System), 195–196
electronic codebook (ECB) mode, 223
Electronic Evidence Guide, 394–395
Elgamal, Taher, 227
Elliptic Curve, 228
Ellison, Larry, 189
attachments, security policies for, 283–284
scanning, 246
spam, 139
employees, security policies for
new employees, 287
nondisclosure and noncompete agreements, 184
Encapsulating Security Payload (ESP), 270
EnCase, 396
Encrypted File System, 195–196
encryption, 194
binary operations, 214
decryption, 207
cryptanalysis, 235
steganography, 234
digital signatures, 230
Encrypted File System, 195–196
fraudulent encryption claims, identifying, 229–230
history of
Atbash cipher, 211
multi-alphabet substitution, 211–212
Vigenère, 212
legitimate versus fraudulent encryption methods, 229–230
PGP (Pretty Good Privacy), 228–229
public key
Diffie-Hellman, 227
ElGamal, 227
Elliptic Curve, 228
MQV (Menezes-Qu-Vanstone), 227
PGP (Pretty Good Privacy), 228–229
quantum cryptography, 237
single-key (symmetric), 207
3DES (Triple DES), 219
AES (Advanced Encryption Standard), 220–222
Blowfish, 222
defined, 216
DES (Data Encryption Standard), 216–219
modification of, 223
Serpent, 222
Skipjack, 222
Twofish, 220
Energy Technology International, 188
engineering. See systems engineering
Enhanced Data Rates for GSM Evolution (EDGE), 409
errors, client/server, 46
ESP (Encapsulating Security Payload), 270
espionage. See industrial espionage
ethical hacking, 18
ETSI (European Telecommunications Standards Institute), 409
Euler’s totient, 225
events, IDS, 256
evidence
cell phone, 408
cellular networks, 409
ICCID (Integrated Circuit Card Identification), 408
IMSI (International Mobile Subscriber Identity), 408
SIM (Subscriber Identity Module), 408
chain of custody, 392
deleted files, recovering, 399–402
iOS, 410
operating system utilities, 402–404
fc, 403
net sessions, 402
netstat, 404
openfiles, 403
system log
Linux logs, 399
Windows logs, 398
evil twin attack, 166
expert witnesses, 414
expulsion, 286
Extensible Authentication Protocol (EAP), 262, 269
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), 262
faillog file, 399
FakeAV, 125
false positives/negatives, 247
Fannie Mae, 139
FastMail, 111
FBAR (thin-film bulk acoustic resonator) technology, 188
FBI (Federal Bureau of Investigation) forensics guidelines, 392–393
fc command, 403
FDISK utility, 170
federal prison records, 378
fields, AES (Advanced Encryption Standard), 222
file scanning, 246
File Transfer Protocol (FTP), 39
filtering, packet, 249
FinFisher, 347
Firefox security settings, 85–87
firewalls
benefits and limitations of, 248–249
firewall logs, 253
SPI, 105
Windows 10 Windows Defender, 252–253
ZoneAlarm, 252
flooding
TCP (Transmission Control Protocol) SYN flood attacks
micro blocks, 103
RST cookies, 104
SPI firewalls, 105
stack tweaking, 104
UDP (User Datagram Protocol) flood attacks, 107
footprinting, 348
foreign economic espionage, 188–189
Forensic Toolkit, 388–391, 396
forensics. See also evidence
expert witnesses, 414
Locard’s principle of transference, 395
mobile devices
cell phone components, 408
cellular networks, 409
general principles, 412
iOS, 410
Windows, 411
network, 415
principles for
chain of custody, 392
Council of Europe’s Electronic Evidence Guide, 394–395
FBI (Federal Bureau of Investigation) forensics guidelines, 392–393
SWGDE (Scientific Working Group on Digital Evidence) guidelines, 395
U.S. Secret Service guidelines, 393–394
tools
AccessData Forensic Toolkit, 388–391, 396
cell phone components, 408
Cellebrite, 397
EnCase, 396
Oxygen, 396
Sleuth Kit, 396
virtual
VMs (virtual machines), 415–416
Forwarded Events log, 398
Fraggle attacks, 106
framework-specific modeling languages (FSMLs), 431
fraud. See Internet fraud
frequency, online threats, 79
frequency analysis, 235
F-Secure, 24
FSMLs (framework-specific modeling languages), 431
FTP (File Transfer Protocol), 39
MD5, 231
RIPEMD (RACE Integrity Primitives Evaluation Message Digest), 231
SHA (Secure Hash Algorithm), 231
Gameover ZeuS, 124
gateways, 250
GCFA (GIAC Certified Forensic Analyst), 332, 414
GCFE (GIAC Certified Forensic Examiner), 332, 414
general cyber attacks, 350–351
GhostNet, 356
Gigabit Ethernet, 34
GitHub, DoS (denial of service) attacks against, 99, 109
Global System for Mobile Communications (GSM), 409
The Gobbler, 108
GoDaddy, 266
Gonzalez, Amy, 77
Google Chrome security settings, 87
GPEN certification, 332
grooming, 80
groups, AES (Advanced Encryption Standard), 221
GSEC certification, 332
GSM (Global System for Mobile Communications), 409
Guidance Software, EnCase, 396
guidelines, defined, 294
hacking. See also malware
active scanning
MBSA (Microsoft Baseline Security Analyzer), 321–323
OWASP (Open Web Application Security Project), 326–327
vulnerability assessment, 158–159
black hat hackers, 17, 152–153
cell phone attacks, 166
cross-site request forgery, 165
cross-site scripting, 12–13, 73, 165
defined, 9
directory traversal, 165
hacktivists, 356
of medical devices, 15
penetration testing
defined, 171
NSA information assessment methodology, 171–172
PCI DSS (Payment Card Industry Data Security Standard), 172–173
red/blue teams, 153
reconnaissance phase, 153
Russian hackers, 345
security policies SANS Institute, 291–292
URL hijacking, 166
white hat hackers, 17, 152–153
Windows hacking techniques
login as system, 170
wireless attacks, 166
hacktivists, 356
harassment. See cyber stalking
hash functions
MD5, 231
RIPEMD, 231
SHA, 231
hashing message authentication code (HMAC), 231–232
Health Insurance Portability and Accountability Act (HIPAA), 23, 298
High Orbit Ion Cannon (HOIC), 100
high-speed connections, 36
hijacking
URL, 166
HIPAA (Health Insurance Portability and Accountability Act), 23, 298
HMAC (hashing message authentication code), 231–232
HMI (human-machine interface), 351
Ho, Allen, 188
HOIC (High Orbit Ion Cannon), 100
Home PC Firewall Guide, 311
hosts, 251
Houston Astros, 187
HTML (Hypertext Markup Language), 49
HTTP (Hypertext Transfer Protocol), 39
development of, 49
HTTPS, 40
POST DoS attacks, 108
hubs, 35
human-machine interface (HMI), 351
Hutchins, Marcus, 124
hybrid security approach, 21
Hypertext Markup Language (HTML), 49
Hypertext Transfer Protocol. See HTTP (Hypertext Transfer Protocol)
IBM DES (Data Encryption Standard), 216–219
ICCID (Integrated Circuit Card Identification), 408
ICMP (Internet Control Message Protocol)
ICMP flood attacks, 107
ICMP packets, blocking, 112
iDEN (Integrated Digitally Enhanced Network), 405–409
identity theft
cross-site scripting, 73
Identity Theft and Assumption Deterrence Act (1998), 81
IDSs (intrusion detection systems), 19, 155, 261
active, 255
attack identification methods, 255
defined, 254
elements of, 256
passive, 255
IEEE (Institute of Electrical and Electronics Engineers), 36–37
IETF (Internet Engineering Task Force), 48–49
IIN (Issuer Identification Number), 408
IKE (Internet Key Exchange), 270
IM (instant messaging), security policies for, 284
image searches, 374
IMAP (Internet Message Access Protocol), 39
IMAPS (Internet Message Access Protocol Secure), 40
The Imitation Game, 214
impact analysis, 296
IMSI (International Mobile Subscriber Identity), 408
India, cyber terrorism in, 345
industrial espionage
employee nondisclosure and noncompete agreements, 184
Industrial Espionage Act (1996), 197
phishing, 198
scope of problem, 182–183, 189
trends in, 189
Industrial Espionage Act (1996), 197
Information Systems Security Architecture Professional (ISSAP), 331
Information Systems Security Engineering Professional (ISSEP), 331
Information Systems Security Management Professional (ISSMP), 331
information warfare, 352
initialization vector (IV), 37, 271
InPrivate Browsing option (Microsoft Edge), 84–85
input validation, 164
installation, security policies for, 284
instant messaging (IM), security policies, 284
Institute of Electrical and Electronics Engineers (IEEE), 36–37
Integrated Circuit Card Identification (ICCID), 408
Integrated Digitally Enhanced Network (iDEN), 405–409
intensity, online threats, 79
International Council on Systems Engineering (INCOSE), 424
International Mobile Subscriber Identity (IMSI), 408
Internet. See also Internet fraud
basic communications, 47
connections, 36
Internet transactions, growth of, 2–4
IoT (Internet of Things), 2–3, 16
IP addresses
ISPs ( Internet service providers), 40–41
packets
filtering, 249
URLs (uniform resource locators), 46
Internet Black Tigers, 356
Internet Control Message Protocol (ICMP)
ICMP flood attacks, 107
ICMP packets, blocking, 112
Internet Engineering Task Force (IETF), 48–49
Internet fraud
auction fraud
cyber stalking
crimes against children, 80–81
defined, 74
protecting against, 88
swatting, 78
fraudulent encryption, 229–230
how it works, 67
identity theft
investment fraud
protecting against, 82
Internet Key Exchange (IKE), 270
Internet Message Access Protocol (IMAP), 39
Internet Message Access Protocol Secure (IMAPS), 40
Internet Protocol. See IP (Internet Protocol)
Internet Protocol Security (IPsec), 270
Internet Relay Chat (IRC), 39
Internet Security Association and Key Management Protocol (ISAKMP), 270
intrusion detection systems. See IDSs (intrusion detection systems)
intrusion deterrence, 261
intrusion prevention systems (IPSs), 112
investigation techniques, 370–371
mistaken identity, 377
online resources, 378
sex offender registries, 375–377
Usenet, 379
investment fraud
protecting against, 82
iOS forensics, 410
IoT (Internet of Things), 2–3, 16
IP (Internet Protocol)
IPsec (Internet Protocol Security), 270
IPv4 addresses
CIDR (classless interdomain routing), 44
loopback addresses, 42
public versus private, 43
ipchains, 312
IPsec (Internet Protocol Security), 270
IPSs (intrusion prevention systems), 112
iptables, 312
IRC (Internet Relay Chat), 39
Irish Republican Army (IRA), 352
ISAKMP (Internet Security Association and Key Management Protocol), 270
ISDN connection lines, 36
ISPs (Internet service providers), 40–41
ISSAP (Information Systems Security Architecture Professional), 331
ISSEP (Information Systems Security Engineering Professional), 331
ISSMP (Information Systems Security Management Professional), 331
Issuer Identification Number (IIN), 408
IV (initialization vector), 37, 271
Jacob, Richard, 188
Jeep, attacks targeting, 16
KDCs (key distribution centers), 264
Kedi RAT (Remote Access Trojan), 125
Kerckhoffs, Auguste, 229
Kerckhoffs’s principle, 229
kern.log file, 399
key distribution centers (KDCs), 264
key space, 210
KillDisk, 347
known plain text, 236
Koblitz, Neal, 228
Kosovo conflict, 356
L2TP (Layer 2 Tunneling Protocol), 269
land attacks, 109
last visited sites, viewing, 407
Latigo, Heriberto, 75
Layer 2 Tunneling Protocol (L2TP), 269
layered security approach, 21
LEAP (Lightweight Extensible Authentication Protocol), 262
least privileges, 21, 170, 194
least significant bit (lsb), 233
Computer Fraud and Abuse Act (1986), 128
Computer Security Act, 22
Cybersecurity Research and Education Act (2002), 359
Cyberterrorism Preparedness Act (2002), 359
Economic Espionage Act (1996), 183
HIPAA (Health Insurance Portability and Accountability Act), 298
Identity Theft and Assumption Deterrence Act (1998), 81
Industrial Espionage Act (1996), 197
SOX (Sarbanes-Oxley), 299
Levandowsky, Anthony, 188
life cycle, system development, 427
Lightweight Extensible Authentication Protocol (LEAP), 262
Lin, Ryan, 75
linear cryptanalysis, 236
Linksys, 311
Linux
firewalls, 312
system logs, 399
local network connections
hubs, 35
repeaters, 35
switches, 35
Locard, Edmond, 395
Locard’s principle of transference, 395
log files, 416
Linux logs, 399
Windows logs, 398
login as system attacks, 170
login DoS (denial of service) attacks, 108
logs, 398
firewall, 253
Linux logs, 399
Windows logs, 398
LOIC (Low Orbit Ion Cannon), 10, 99–100
Long Term Evolution (LTE), 409
loopback addresses, 42
Low Orbit Ion Cannon (LOIC), 10, 99–100
low-tech industrial espionage, 189–192
lpr.log file, 399
lsb (least significant bit), 233
LTE (Long Term Evolution), 409
Luhnow, Jeff, 187
MAC (Media Access Control) addresses, 35, 57
MAC (message authentication code), 231–232
MacDefender, 125
machine learning, 247
macro viruses, 122
mail.* file, 399
Makwana, Rajendrainh, 139
malicious web-based code, 138
malware
Agent.btz, 344
APTs (advanced persistent threats), 139–140
BlackEnergy, 347
buffer-overflow attacks
defined, 7
dynamic nature of, 121
FinFisher, 347
Flame, 346
key loggers, 9
malicious web-based code, 138
NSA ANT catalog, 347
remediation steps, 144
spam, 139
spyware
antispyware software, 194, 253–254
defined, 9
delivery of, 135
legal uses of, 135
StopGeorgia.ru, 346
viruses, 110. See also virus scanners
avoiding, 129
impact of, 129
security policies for, 290–291
worms, 110
MATLAB, 428
Matusiewicz, David, 77
Matusiewicz, Lenore, 77
maximum tolerable downtime (MTD), 296
MBSA (Microsoft Baseline Security Analyzer), 321–323
McAfee, 129, 141, 248, 308, 312
MCC (mobile country code), 408
McCullum, Juan R.77
MCDs (misuse case diagrams), 432–436
MD5, 231
mean percentage error (MPE), 429
mean squared deviation (MSD), 429
mean time between failures (MTBF), 429–430
mean time to repair (MTTR), 296, 430
Media Access Control (MAC) addresses, 35, 57
medical devices, hacking of, 15
Medico, Joseph, 76
memcache attacks, 109
memory-resident viruses, 122
Menezes-Qu-Vanstone (MQV), 227
message authentication code (MAC), 231–232
metamorphic viruses, 123
micro blocks, 103
Microsoft Baseline Security Analyzer (MBSA), 321–323
Microsoft Edge security settings, 84
Microsoft Outlook, virus spread in, 121–122
Microsoft Point-to-Point Encryption (MPPE), 269
Microsoft Security Advisor, 24
military operations attacks, 350
Miller, Victor, 228
Mimail, 127
MIMO (multiple-input multiple-output), 37
minors, cyber stalking incidents involving, 80–81
Mirai, 111
mirroring disks, 297
mistaken identity, 377
mitigation of risk, 7
MixColumns step (AES), 221
mobile country code (MCC), 408
mobile devices, forensics for
cell phone components, 408
cellular networks, 409
general principles, 412
ICCID (Integrated Circuit Card Identification), 408
IMSI (International Mobile Subscriber Identity), 408
iOS, 410
SIM (Subscriber Identity Module), 408
Windows, 411
mobile subscription identifier number (MSIN), 408
modeling and simulation, 431
need for, 428
SecML (Security Modeling Language)
data interface diagrams, 438–439
security block diagrams, 439
security sequence diagrams, 436–438
UML (Unified Modeling Language), 428, 439
Modern Cryptography (Easttom), 230
modulus, 225
mono-alphabet substitution, 210
Morris, Robert Tappan, Jr.13, 128
Morris attack, 13
MP3Stego, 234
MPE (mean percentage error), 429
MPPE (Microsoft Point-to-Point Encryption), 269
MQV (Menezes-Qu-Vanstone), 227
MSD (mean squared deviation), 429
MSIN (mobile subscription identifier number), 408
MTBF (mean time between failures), 429–430
MTD (maximum tolerable downtime), 296
MTTR (mean time to repair), 296, 430
multi-alphabet substitution, 211–212
multi-partite viruses, 122
multiple-input multiple-output (MIMO), 37
Murphy, Robert James, 76
mysql.* file, 399
NACLC (National Agency Check with Law and Credit), 294
NAPs (network access points), 40–41
NAT (network address translation), 43
National Agency Check with Law and Credit (NACLC), 294
National Center for State Courts, 378
National Counterintelligence and Security Center (NCSC), 188
National Institute of Standards and Technology (NIST), 171, 237
National Security Agency (NSA), 171–172, 315, 347
NCSC (National Counterintelligence and Security Center), 188
negatives, false, 247
net sessions command, 402
NetBIOS, 39
network address translation (NAT), 43
network host-based firewalls, 250
network interface cards (NICs), 33
Network News Transfer Protocol (NNTP), 39
networks, 40–41. See also firewalls
concept of, 33
data transmission
ports, 40
forensics, 415
high-speed connections, 36
Internet
basic communications, 47
URLs (uniform resource locators), 46
MAC (Media Access Control) addresses, 35, 57
NICs (network interface cards), 33
OSI (Open Systems Interconnection) model, 56–57
hubs, 35
repeaters, 35
switches, 35
professional consultants, 330–332
scanning
MBSA (Microsoft Baseline Security Analyzer), 321–323
OWASP (Open Web Application Security Project), 326–327
security approaches
hybrid, 21
industrial espionage protection, 194–197
layered, 21
perimeter, 21
utilities
FDISK, 170
netstat, 53
nslookup, 53
tracert, 52
VPNs (virtual private networks), 268–270
wireless
ANT+38
Bluetooth, 38
ZigBee, 38
Z-Wave, 38
new employees, security policies for, 287
New York Stock Exchange, DoS attacks on, 358
NGFWs (next-generation firewalls), 105
ngrep, 415
NICs (network interface cards), 33
NIST (National Institute of Standards and Technology), 171, 237
NNTP (Network News Transfer Protocol), 39
nonces, 223
noncompete agreements, 184
nondisclosure agreements, 184
nonrepudiation, 230
Norton, 129
Personal Firewall, 312
notifications, IDS, 256
NSA (National Security Agency), 171–172, 315, 347
nslookup command, 53
nuclear secrets, industrial espionage incidents, 188
numbers, binary, 41
Object Management Group (OMG), 430–431
OC3 connection lines, 36
OC12 connection lines, 36
OC48 connection lines, 36
octets, 41
Offender Locator, 377
OMB Circular A-130, 23
OMG (Object Management Group), 430–431
on-demand virus scanners, 246
ongoing virus scanners, 246
The Onion Router (TOR) project, 363–364
online harassment. See cyber stalking
Open Systems Interconnection (OSI) model, 56–57
Open Web Application Security Project (OWASP), 326–327
openfiles command, 403
Operation Ababil, 358
operators, IDS, 256
Oracle Box, 144
Oracle Corporation, 189
OR operation, 215
OSI (Open Systems Interconnection) model, 56–57
Outlook, virus spread in, 121–122
OWASP (Open Web Application Security Project), 326–327
Oxley, Michael, 299
Oxygen, 396
Pacer, 378
packets
Pakistan, cyber terrorism by, 345
PAP (Password Authentication Protocol), 262
pass the hash attacks, 169–170
passive IDSs (intrusion detection systems), 255
PassMark Software OSForensics, 396
Password Authentication Protocol (PAP), 262
passwords
policies, 313
security policies for, 281
Patel, Nimesh, 139
payloads, 233
PCI DSS (Payment Card Industry Data Security Standard), 172–173, 299
PDoS (permanent denial of service), 108
PEAP (Protected Extensible Authentication Protocol), 263
penetration testing, 18, 152, 153
defined, 171
NSA information assessment methodology, 171–172
PCI DSS (Payment Card Industry Data Security Standard), 172–173
red/blue teams, 153
Penetration Testing Fundamentals (Easttom), 173, 176
People’s Drug Store, 175
perimeter security approach, 21
permanent denial of service (PDoS) attacks, 108
personal health information (PHI), 2–3
personal identification number (PIN), 408
personal unblocking code (PUK), 408
personally identifiable information (PII), 2–3
Petya, 124
PGP (Pretty Good Privacy), 228–229, 266
PHI (personal health information), 2–3
phlashing, 108
phone taps and bugs, 194
PII (personally identifiable information), 2–3
PIN (personal identification number), 408
DoS (denial of service) attacks, 97–99, 107–108
ping scans, 156
plain text attacks, 236
plans
BCPs (business continuity plans), 295–296
DRPs (disaster recovery plans), 295, 312
Plaskett, Stacey, 77
PLC (programmable logic controller), 345
pod slurping, 166
Point-to-Point Protocol (PPP), 269
Point-to-Point Tunneling Protocol (PPTP), 269
policies
disaster recovery
BCPs (business continuity plans), 295–296
business continuity standards, 296
DRPs (disaster recovery plans), 295
impact analysis, 296
guidelines, 294
procedures, 294
purpose of, 279
standards, 294
system administration policies
developmental policies, 293
need for, 287
new employees, 287
user policies
BYOD (Bring Your Own Device), 285
consequences for violating, 286–287
CYOD (Choose Your Own Device), 285
defining, 280
desktop configuration, 285
instant messaging, 284
passwords, 281
software installation and removal, 284
termination or expulsion and, 286
polymorphic viruses, 123
POP3 (Post Office Protocol version 3), 39
POP3S (Post Office Protocol version 3 Secure), 40
positives, false, 247
POST DoS attacks, 108
Post Office Protocol version 3 (POP3), 39
Post Office Protocol version 3 Secure (POP3S), 40
pound sign (#), 260
PPP (Point-to-Point Protocol), 269
PPTP (Point-to-Point Tunneling Protocol), 269
Preneel, Bart, 231
Pretty Good Privacy (PGP), 228–229, 266
prime numbers, 224
principals, Kerberos, 264
prison searches, 378
privacy
Privacy Act, 22
private information, 294
private IP addresses, 43
Privacy Act, 22
private keys, 223
probes, assessment of, 314
procedures, defined, 294
professional consultants, 330–332
programmable logic controller (PLC), 345
Protected Extensible Authentication Protocol (PEAP), 263
protective software and devices, assessment of, 311–312
proxies
application proxies, 250
public information, 294
public IP addresses, 43
public key encryption, 207
Diffie-Hellman, 227
ElGamal, 227
Elliptic Curve, 228
MQV (Menezes-Qu-Vanstone), 227
PGP (Pretty Good Privacy), 228–229
public keys, 223
public records, 378
PUK (personal unblocking code), 408
quantum computing, 237
quantum cryptography, 237
qubits, 237
RACE Integrity Primitives Evaluation Message Digest (RIPEMD), 231
RAID (redundant array of independent disks), 297–298
Ramos, Jeron, 77
Ranum, Marcus, 355
RAs (registration authorities), 266
readability analysis, 428
Reaper, 128
recent documents, viewing, 407
reconnaissance, 153
recovery. See disaster recovery
red teams, 153
redundant array of independent disks (RAID), 297–298
registration authorities (RAs), 266
registration DoS (denial of service) attacks, 108
Rejewski,Marian, 213
related-key attacks, 236
remediation steps (malware), 144
remote terminal units (RTUs), 351
removing software
security policies for, 284
uninstalled software, finding, 407
repeaters, 35
requirements engineering, 424–426
Richardson, Edward, 77
Rijmen, Vincent, 220
Rijndael cipher, 220
rings, AES (Advanced Encryption Standard), 222
RIPEMD (RACE Integrity Primitives Evaluation Message Digest), 231
RJ-11 jacks, 33
RJ-45 jacks, 33
Romanian cybercrime law, 82
Rombertik, 124
router-based firewalls, 251
Rozycki, Jerzy, 213
RTUs (remote terminal units), 351
Rule 702, 414
Russian hackers, 345
sandboxes, 247
Sandworm, 357
SANS Institute, 24, 112, 152, 293, 315, 414
Santa Cruz Operations (SCO), 110
Sarbanes, Paul, 299
Sarbanes-Oxley (SOX), 299
SAs (security associations), 270
SCADA (Supervisory Control and Data Acquisitions), 351–352
scanning
active
active code scanning, 247
MBSA (Microsoft Baseline Security Analyzer), 321–323
OWASP (Open Web Application Security Project), 326–327
vulnerability assessment, 158–159
Scherbius, Arthur, 213
Schneier, Bruce, 222
SCI (sensitive compartmented information), 294
Scientific Working Group on Digital Evidence (SWGDE), 395
SCO (Santa Cruz Operations), 110
screened hosts, 251
searches
mistaken identity, 377
online resources, 378
sex offender registries, 375–377
Usenet, 379
SEC (Securities and Exchange Commission), 672
SecML (Security Modeling Language)
data interface diagrams, 438–439
security block diagrams, 439
security sequence diagrams, 436–438
secret information, 294
Secret Service forensics guidelines, 393–394
Secure Hash Algorithm (SHA), 231
Secure Shell (SSH), 39
Secure Sockets Layer (SSL), 266–268
Securities and Exchange Commission (SEC), 672
security activities, 19
security associations (SAs), 270
security audits, 394
security block diagrams, 439
security breaches, 290. See also hacking; industrial espionage; threats
cracking, 9
defined, 7
war-dialing, 10
war-driving, 10
war-flying, 10
security devices, 19
security information event management (SIEM), 436
Security log, 398
Security Modeling Language. See SecML (Security Modeling Language)
security policies
disaster recovery
BCPs (business continuity plans), 295–296
business continuity standards, 296
DRPs (disaster recovery plans), 295
impact analysis, 296
guidelines, 294
procedures, 294
purpose of, 279
standards, 294
system administration policies
developmental policies, 293
need for, 287
new employees, 287
user policies
BYOD (Bring Your Own Device), 285
consequences for violating, 286–287
CYOD (Choose Your Own Device), 285
defining, 280
desktop configuration, 285
instant messaging, 284
passwords, 281
software installation and removal, 284
termination or expulsion and, 286
security sequence diagrams, 436–438
security technology
antispyware software, 194, 253–254
antivirus software, 140–143, 248
DAM (database activity monitoring), 261
DAMP (database activity monitoring and prevention), 261
firewalls
benefits and limitations of, 248–249
firewall logs, 253
SPI, 105
Windows 10 Windows Defender, 252–253
ZoneAlarm, 252
IDSs (intrusion detection systems)
active, 255
attack identification methods, 255
defined, 254
elements of, 256
passive, 255
intrusion deflection, 261
intrusion deterrence, 261
SSL (Secure Sockets Layer), 266–268
TLS (Transport Layer Security), 266–268
virus scanners
defined, 245
VPNs (virtual private networks), 268–270
Security+ certification, 331
sensitive compartmented information (SCI), 294
sensors, IDS, 256
Serpent, 222
Server Message Block (SMB), 40
servers
ASs (authentication servers), 264
errors, 46
TGSs (ticket-granting servers), 264
services, shutting down, 309–310
Services log, 398
sex offender registries, 81, 375–377
SHA (Secure Hash Algorithm), 231
Shamir, Adi, 224
Shannon, Claude, 229
Shannon’s maxim, 229
“sheep dip” machines, 247
shielded twisted-pair (STP) cable, 34
ShiftRows step (AES), 221
shill bidding, 71
Shiva Password Authentication Protocol (SPAP), 262
SIEM (security information event management), 436
Siemens Step7 software, 345
signals, 35
signatures, digital, 230
Silk Road, 364
SillyFDC worm, 344
SIM (Subscriber Identity Module), 408
Simple Mail Transfer Protocol Secure (SMTPS), 40
Simple Mail Transfer Protocol (SMTP), 39
Simple Network Management Protocol (SNMP), 156
Single Loss Expectancy (SLE), 6
Single Scope Background Investigation (SSBI), 295
single-key (symmetric) encryption, 207
3DES (Triple DES), 219
AES (Advanced Encryption Standard), 220–222
Blowfish, 222
defined, 216
DES (Data Encryption Standard), 216–219
modification of, 223
Skipjack, 222
Twofish, 220
sinkholes, 112
Sinn Féin, 352
Skipjack, 222
SLE (Single Loss Expectancy), 6
Sleuth Kit, 396
SMB (Server Message Block), 40
SMTP (Simple Mail Transfer Protocol), 39
SMTPS (Simple Mail Transfer Protocol Secure), 40
Sneakers, 18
SNMP (Simple Network Management Protocol), 156
Snow, 234
Snowden, Edward, 14
Sobig virus, 126
sockets, 40
SoftPerfect Network Protocol Analyzer, 415
software installation, security policies for, 284
SOX (Sarbanes-Oxley), 299
spam, 139
SPAP (Shiva Password Authentication Protocol), 262
sparse infector viruses, 123
spear phishing, 198
specialist support, 394
specificity, online threats, 79
SPI (stateful packet inspection), 105, 249
spyware
antispyware software, 194, 253–254
defined, 9
delivery of, 135
FinFisher, 347
in industrial espionage, 193–194
legal uses of, 135
SQL (Structured Query Language) injection, 11–12, 162–164
SSBI (Single Scope Background Investigation), 295
SSDs (security sequence diagrams), 436–438
SSH (Secure Shell), 39
SSL (Secure Sockets Layer), 266–268
Stacheldraht, 101
stack tweaking, 104
standards, defined, 294
stateful packet inspection (SPI), 105, 249
StegVideo, 234
StopGeorgia.ru, 346
STP (shielded twisted-pair) cable, 34
stream ciphers, 217
striped disks, 297
striped disks with dedicated parity, 297
striped disks with distributed parity, 298
striped disks with dual parity, 298
Structured Query Language (SQL) injection, 11–12
SubBytpes step (AES), 221
Subscriber Identity Module (SIM), 408
substitution alphabet, 210
substitution ciphers
multi-alphabet substitution, 211–212
Vigenère, 212
Super Wi-Fi, 37
Supervisory Control and Data Acquisitions (SCADA), 351–352
swatting, 78
SWGDE (Scientific Working Group on Digital Evidence), 395
SWGDE Model Standard Operation Procedures for Computer Forensics, 395
switches, 35
Symantec, 266
symmetric encryption. See single-key (symmetric) encryption
SYN (synchronize) requests
SYN flood attacks
micro blocks, 103
RST cookies, 104
SPI firewalls, 105
stack tweaking, 104
SYN scans, 156
SYN_RECEIVED state, 112
SysML (or Systems Modeling Language) SysML (Systems Modeling Language), 428
system administration policies
developmental policies, 293
need for, 287
new employees, 287
security breaches, 290
DoS (denial of service), 291
system assessment
probes, 314
protective software and devices, 311–312
system development life cycle, 427
system logs, 398
firewall, 253
Linux logs, 399
Windows logs, 398
system security
templates, 315
systems engineering
cybersecurity and, 424
readability analysis, 428
requirements engineering, 424–426
SecML (Security Modeling Language)
data interface diagrams, 438–439
security block diagrams, 439
security sequence diagrams, 436–438
system development life cycle, 427
use-case diagrams, 428
WBS (Work Breakdown Structure), 426–427
Systems Modeling Language (SysML), 428
T1 connection lines, 36
T3 connection lines, 36
TAILS (The Amnesiac Incognito Live System), 175
Taiwan Semiconductor Manufacturing Company, 129
TCP (Transmission Control Protocol) SYN flood attacks
micro blocks, 103
RST cookies, 104
SPI firewalls, 105
stack tweaking, 104
teardrop attacks, 108
Telnet, 39
templates, system security, 315
Temporal Key Integrity Protocol (TKIP), 37, 271
terminate and stay resident (TSR), 245
termination, security policies and, 286
terminators, 33
terrorism. See cyber terrorism and cyber warfare
TFN (Tribal Flood Network), 101
TFN2K, 101
TFTP (Trivial File Transfer Protocol), 39
TGSs (ticket-granting servers), 264
Thawte, 266
thin-film bulk acoustic resonator (FBAR) technology, 188
Thomas, Bob, 128
threats. See also hacking; industrial espionage; security policies; security technology
cyber stalking
crimes against children, 80–81
defined, 74
cyber terrorism
disinformation, 355
information warfare, 352
military operations attacks, 350
real-world examples, 343–347, 355–359
SCADA (Supervisory Control and Data Acquisitions), 351–352
DoS (denial of service) attacks, 291
DDoS (distributed denial of service) attacks, 10, 99, 109
DHCP starvation, 108
Fraggle attacks, 106
HTTP POST DoS attacks, 108
ICMP (Internet Control Message Protocol) flood attacks, 107
land attacks, 109
login DoS attacks, 108
PDoS (permanent denial of service), 108
registration DoS attacks, 108
scope of problem, 97
security policies for, 291
TCP (Transmission Control Protocol) SYN flood attacks, 102–105
teardrop attacks, 108
UDP (User Datagram Protocol) flood attacks, 107
doxxing, 15
dumpster diving, 370
identity theft
cross-site scripting, 73
Internet fraud
how it works, 67
key loggers, 9
logic bombs, 9
malware
Agent.btz, 344
APTs (advanced persistent threats), 139–140
BlackEnergy, 347
buffer-overflow attacks, 132–133
defined, 7
dynamic nature of, 121
FinFisher, 347
Flame, 346
logic bombs, 139
malicious web-based code, 138
NSA ANT catalog, 347
remediation steps, 144
spam, 139
StopGeorgia.ru, 346
viruses, 8, 110, 121–129, 290–291. See also virus scanners
worms, 110
scope of problem, 3
security activities, 19
security breaches. See also hacking
cracking, 9
defined, 7
war-dialing, 10
war-driving, 10
war-flying, 10
security devices, 19
security policies for, 290
web attacks
cell phone attacks, 166
cross-site request forgery, 165
cross-site scripting, 12–13, 165
defined, 7
directory traversal, 165
URL hijacking, 166
wireless, 166
Tiajin University, 188
ticket-granting servers (TGSs), 264
Tiny Keylogger, 135
TKIP (Temporal Key Integrity Protocol), 37, 271
TLS (Transport Layer Security), 266–268
tool certifications, 413
top secret information, 294
top secret SCI (sensitive compartmented information), 294
totient, 225
traceability matrix, 426
tracert command, 52
transference
= risk, 6
Locard’s principle of, 395
Transmission Control Protocol. See TCP (Transmission Control Protocol) SYN flood attacks
Transport Layer Security (TLS), 266–268
Tribal Flood Network (TFN), 101
Trinoo DDoS tool, 101
Triple DES (3DES), 219
Trithemius, Johannes, 234
Trivial File Transfer Protocol (TFTP), 39
Turing, Alan, 214
Twofish, 220
TypO, 135
Uber Technologies Inc.188
UDP (User Datagram Protocol) flood attacks, 107
Ulbricht, Ross, 364
UML (Unified Modeling Language), 428, 431, 439
UMTS (Universal Mobile Telecommunications System), 409
Unified Modeling Language (UML), 428, 431, 439
uniform resource locators (URLs), 46, 166
uninstalled software, finding, 407
Universal Mobile Telecommunications System (UMTS), 409
University of Dayton School of Law, 82
university trade secrets, industrial espionage incidents involving, 188
unshielded twisted-pair (UTP) cable, 34
URLs (uniform resource locators), 46, 166
U.S. Cyber Command (USCYBERCOM), 360
U.S. Department of Defense clearance levels, 294–295
U.S. Office of Personnel Management, breach of, 358
U.S. Secret Service forensics guidelines, 393–394
USBSTOR key, 406
use-case diagrams, 428
Usenet, 379
User Datagram Protocol (UDP) flood attacks, 107
user policies
BYOD (Bring Your Own Device), 285
consequences for violating, 286–287
CYOD (Choose Your Own Device), 285
defining, 280
desktop configuration, 285
instant messaging, 284
passwords, 281
purpose of, 279
software installation and removal, 284
termination or expulsion and, 286
user.log file, 399
utilities, network
FDISK, 170
netstat, 53
nslookup, 53
DoS (denial of service) attacks, 97–99, 107–108
ping scans, 156
tracert, 52
UTP (unshielded twisted-pair) cable, 34
/var/log/apache2/*399
/var/log/apport.log, 399
/var/log/faillog, 399
/var/log/kern.log, 399
/var/log/lighttpd/*399
/var/log/lpr.log, 399
/var/log/mail.*399
/var/log/mysql.*399
/var/log/user.log, 399
VBA (Visual Basic for Applications), 122
.vbox file, 416
.vdi file, 416
vehicles, attacks targeting, 16
Verisign, 266
.vhx file, 416
Vigenère, Blaise de, 212
virtual forensics
VMs (virtual machines), 415–416
virtual machines (VMs), 144, 415–416
virtual private networks (VPNs), 268–270
virtualization, 415
virus scanners
defined, 245
viruses, 110. See also virus scanners
avoiding, 129
impact of, 129
Atlanta’s ransomware attack, 125
Bagle, 127
earliest viruses, 128
FakeAV, 125
Flame, 128
Gameover ZeuS, 124
Kedi RAT (Remote Access Trojan), 125
MacDefender, 125
Mimail, 127
Petya, 124
Rombertik, 124
Shamoon, 124
Sobig, 126
security policies for, 290–291
Serpent, 222
virulence of, 126
Visual Basic for Applications (VBA), 122
visual inspection, 395
.vmdk file, 416
.vmem file, 416
VMs (virtual machines), 144, 415–416
.vmsd file, 416
.vmsn file, 416
VMware, 144
VPNs (virtual private networks), 268–270
vulnerability assessment, 158–159
MBSA (Microsoft Baseline Security Analyzer), 321–323
OWASP (Open Web Application Security Project), 326–327
professional consultants, 330–332
Wabbit, 128
WAPs (wireless access points), 166, 271
war-dialing, 10
war-driving, 10
warfare. See cyber terrorism and cyber warfare
war-flying, 10
Waymo, 188
WBS (Work Breakdown Structure), 426–427
web attacks
cell phone attacks, 166
cross-site request forgery, 165
cross-site scripting, 12–13, 165
defined, 7
directory traversal, 165
URL hijacking, 166
wireless, 166
web-based mobile code, 138
WEP (Wired Equivalent Privacy), 37, 271
whaling, 198
white hat hackers, 17, 152–153
White-Fi, 37
Whois, 39
WPA (Wi-Fi Protected Access), 37–38, 271
WPS (Wi-Fi Protected Setup), 166
Williamson, Malcolm J.227
Windows 10 Windows Defender, 252–253
Windows configuration
commands
fc, 403
net sessions, 402
netstat, 404
openfiles, 403
services, shutting down, 309–310
system logs, 398
Windows Defender, 143, 252–253
Windows EFS (Encrypted File System), 195–196
Windows forensics, 411
Windows hacking techniques
login as system, 170
WinZapper, 398
Wired Equivalent Privacy (WEP), 37, 271
wireless access points (WAPs), 166, 271
wireless attacks, 166
wireless networks
ANT+38
Bluetooth, 38
ZigBee, 38
Z-Wave, 38
Wireshark, 415
Work Breakdown Structure (WBS), 426–427
WPA (Wi-Fi Protected Access), 37–38, 271
WPS (Wi-Fi Protected Setup), 166
Writing Snort Rules website, 260
X.25 networks, 269
.xml files, 416
XOIC, 100
Yung, Ho Ka Terence, 77
Zenmap, 156
Zhang, Hao, 188
ZigBee, 38
Zimmermann, Phil, 228
zone transfers, 57
ZoneAlarm, 252
Z-Wave, 38
Zygalski, Henryk, 213