Computer and Information Security

Handbook 3rd Edition John R. Vacca

(Editor)
Visit to download the full and correct content document:
https://textbookfull.com/product/computer-and-information-security-handbook-3rd-edit
ion-john-r-vacca-editor/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Network and System Security John R. Vacca

https://textbookfull.com/product/network-and-system-security-
john-r-vacca/

Nanoscale Networking and Communications Handbook 1st

Edition John R. Vacca (Editor)

https://textbookfull.com/product/nanoscale-networking-and-
communications-handbook-1st-edition-john-r-vacca-editor/

Advances in Information and Computer Security 9th

International Workshop on Security IWSEC 2014 Hirosaki
Japan August 27 29 2014 Proceedings 1st Edition Maki
Yoshida
https://textbookfull.com/product/advances-in-information-and-
computer-security-9th-international-workshop-on-security-
iwsec-2014-hirosaki-japan-august-27-29-2014-proceedings-1st-
edition-maki-yoshida/

Security in Computer and Information Sciences Erol

Gelenbe

https://textbookfull.com/product/security-in-computer-and-
information-sciences-erol-gelenbe/
Fundamentals of information systems security 3rd
Edition Kim

https://textbookfull.com/product/fundamentals-of-information-
systems-security-3rd-edition-kim/

New Oxford Textbook of Psychiatry, 3rd Ed 3rd Edition

John R. Geddes

https://textbookfull.com/product/new-oxford-textbook-of-
psychiatry-3rd-ed-3rd-edition-john-r-geddes/

Handbook of Multimedia Information Security Techniques

and Applications Amit Kumar Singh

https://textbookfull.com/product/handbook-of-multimedia-
information-security-techniques-and-applications-amit-kumar-
singh/

Handbook of Fod Engineering 3rd Edition Dennis R.

Heldman

https://textbookfull.com/product/handbook-of-fod-engineering-3rd-
edition-dennis-r-heldman/

The Handbook of Groundwater Engineering 3rd Edition

John H. Cushman

https://textbookfull.com/product/the-handbook-of-groundwater-
engineering-3rd-edition-john-h-cushman/
Computer and Information Security Handbook
Computer and Information
Security Handbook
Third Edition

Edited by
John R. Vacca
Morgan Kaufmann is an imprint of Elsevier
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright © 2017 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher.
Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with
organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website:
www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be
noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding,
changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information,
methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their
own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury
and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of
any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
ISBN: 978-0-12-803843-7

For information on all Morgan Kaufmann publications

visit our website at https://www.elsevier.com/books-and-journals

Publisher: Todd Green

Acquisition Editor: Brian Romer
Editorial Project Manager: Charlie Kent
Production Project Manager: Priya Kumaraguruparan
Designer: Maria Inês Cruz

Typeset by TNQ Books and Journals

This book is dedicated to my wife, Bee.
This page intentionally left blank
Contents

Contributors xxvii 3. A Cryptography Primer 35

About the Editor xxxi
Foreword xxxiii Scott R. Ellis
Preface xxxv 1. What Is Cryptography? What Is
Acknowledgments xli Encryption? 36
2. Famous Cryptographic Devices 36
3. Ciphers 37
Part I 4. Modern Cryptography 44
Overview of System and Network 5. The Computer Age 49
Security: A Comprehensive 6. How Advanced Encryption Standard
Works 52
Introduction 1 7. Selecting Cryptography: the Process 55
8. Summary 56
1. Information Security in the Modern Chapter Review Questions/Exercises 57
Enterprise 3 Exercise 57
James Pooley
1. Introduction 3 4. Verifying User and Host Identity 59
2. Challenges Facing Information Keith Lewis
Security 4
3. Assessment and Planning 5 1. Introduction: Verifying the User 59
4. Policies and Procedures 8 2. Identity Access Management:
5. Training 9 Authentication and Authorization 59
6. Summary 10 3. Synthetic or Real User Logging 61
Chapter Review Questions/Exercises 10 4. Verifying a User in Cloud
Exercise 11 Environments 62
5. Verifying Hosts 63
6. Verifying Host Domain Name System and
2. Building a Secure Organization 13
Internet Protocol Information 63
John R. Mallery 7. Summary 64
8. Chapter Review Questions/Exercises 64
1. Obstacles to Security 13
Exercise 65
2. Computers Are Powerful and
References 65
Complex 13
3. Current Trend Is to Share, Not
Protect 14 5. Detecting System Intrusions 67
4. Security Is Not About Hardware and
Scott R. Ellis
Software 16
5. Ten Steps to Building a Secure 1. Introduction 67
Organization 18 2. Developing Threat Models 69
6. Preparing for the Building of Security 3. Securing Communications 70
Control Assessments 31 4. Network Security Monitoring and
7. Summary 31 Intrusion Detection Systems 74
Chapter Review Questions/Exercises 33 5. Installing Security Onion to a
Exercise 33 Bare-Metal Server 83

vii
viii Contents

6. Putting It All Together 86 4. Motives 134

7. Securing Your Installation 87 5. The Crackers’ Tools of the Trade 134
8. Managing an Intrusion Detection System 6. Bots 136
in a Network Security Monitoring 7. Symptoms of Intrusions 136
Framework 87 8. What Can You Do? 137
9. Setting the Stage 93 9. Security Policies 139
10. Alerts and Events 93 10. Risk Analysis 140
11. Sguil: Tuning Graphics Processing Unit 11. Tools of Your Trade 141
Rules, Alerts, and Responses 95 12. Controlling User Access 143
12. Developing Process 99 13. Intrusion Prevention Capabilities 145
13. Understanding, Exploring, and Managing 14. Summary 145
Alerts 100 Chapter Review Questions/Exercises 146
14. Summary 106 Exercise 146
Chapter Review Questions/Exercises 107
Exercise 107 8. Guarding Against Network
Intrusions 149
6. Intrusion Detection in Contemporary
Environments 109 Thomas M. Chen

Tarfa Hamed, Rozita Dara, Stefan C. Kremer 1. Introduction 149

2. Traditional Reconnaissance and
1. Introduction 109 Attacks 149
2. Mobile Operating Systems 110 3. Malicious Software 152
3. Mobile Device Malware Risks 111 4. Defense in Depth 154
4. Cloud Computing Models 112 5. Preventive Measures 155
5. Cloud Computing Attack Risks 112 6. Intrusion Monitoring and Detection 159
6. Source of Attacks on Mobile 7. Reactive Measures 160
Devices 113 8. Network-Based Intrusion Protection 161
7. Source or Origin of Intrusions in Cloud 9. Summary 162
Computing 113 Chapter Review Questions/Exercises 162
8. Classes of Mobile Malware 114 Exercise 163
9. Types of Cloud Computing Attacks 114
10. Malware Techniques in Android 115
11. Cloud Computing Intrusions 9. Fault Tolerance and Resilience
Techniques 117 in Cloud Computing
12. Examples of Smartphone Malware 118 Environments 165
13. Examples of Cloud Attacks 119
Ravi Jhawar, Vincenzo Piuri
14. Types of Intrusion Detection Systems for
Mobile Devices 121 1. Introduction 165
15. Types of Intrusion Detection Systems for 2. Cloud Computing Fault
Cloud Computing 123 Model 166
16. Intrusion Detection System Performance 3. Basic Concepts of Fault Tolerance 168
Metrics 126 4. Different Levels of Fault Tolerance in
17. Summary 127 Cloud Computing 170
Chapter Review Questions/Exercises 128 5. Fault Tolerance Against Crash Failures in
Exercise 128 Cloud Computing 171
References 128 6. Fault Tolerance Against Byzantine Failures
in Cloud Computing 173
7. Preventing System Intrusions 131 7. Fault Tolerance as a Service in Cloud
Computing 175
Michael A. West 8. Summary 179
1. So, What Is an Intrusion? 132 Chapter Review Questions/Exercises 180
2. Sobering Numbers 133 Exercise 180
3. Know Your Enemy: Hackers Versus Acknowledgments 180
Crackers 133 References 180
 Contents ix

10. Securing Web Applications, 13. Internet Security 239

Services, and Servers 183 Jesse Walker
Gerald Beuchelt
1. Internet Protocol Architecture 239
1. Setting the Stage 183 2. An Internet Threat Model 246
2. Basic Security for HTTP Applications and 3. Defending Against Attacks on the
Services 184 Internet 251
3. Basic Security for SOAP Services 187 4. Internet Security Checklist 262
4. Identity Management and Web 5. Summary 262
Services 189 Chapter Review Questions/Exercises 263
5. Authorization Patterns 195 Exercise 263
6. Security Considerations 196
7. Challenges 201 14. The Botnet Problem 265
8. Summary 202
Nailah Mims
Chapter Review Questions/Exercises 202
Exercise 203 1. Introduction 265
Resources 203 2. What Is a Botnet? 265
3. Building a Botnet 265
11. UNIX and Linux Security 205 4. The Problem With Botnets 268
5. Botnet Case Studies and Known
Gerald Beuchelt
Botnets 270
1. Introduction 205 6. Summary 272
2. UNIX and Security 205 Chapter Review Questions/Exercises 272
3. Basic UNIX Security Overview 206 Exercise 273
4. Achieving UNIX Security 209 References 274
5. Protecting User Accounts and
Strengthening Authentication 211 15. Intranet Security 275
6. Limiting Superuser Privileges 215
7. Securing Local and Network File Bill Mansoor
Systems 217 1. Smartphones and Tablets in the
8. Network Configuration 219 Intranet 277
9. Improving the Security of Linux and 2. Security Considerations 281
UNIX Systems 221 3. Plugging the Gaps: Network Access
10. Additional Resources 222 Control and Access Control 283
11. Summary 223 4. Measuring Risk: Audits 284
Chapter Review Questions/Exercises 223 5. Guardian at the Gate: Authentication
Exercise 224 and Encryption 286
6. Wireless Network Security 286
12. Eliminating the Security Weakness 7. Shielding the Wire: Network
of Linux and UNIX Operating Protection 287
Systems 225 8. Weakest Link in Security: User
Training 289
Mario Santana
9. Documenting the Network: Change
1. Introduction to Linux and UNIX 225 Management 289
2. Hardening Linux and UNIX 229 10. Rehearse the Inevitable: Disaster
3. Proactive Defense for Linux and Recovery 290
UNIX 236 11. Controlling Hazards: Physical and
4. Summary 237 Environmental Protection 292
Chapter Review Questions/Exercises 238 12. Know Your Users: Personnel
Exercise 238 Security 293
x Contents

13. Protecting Data Flow: Information and Chapter Review Questions/Exercises 334
System Integrity 293 Exercise 335
14. Security Assessments 294 References 335
15. Risk Assessments 294
16. Intranet Security Implementation 19. Security for the Internet of
Process Checklist 295 Things 339
17. Summary 295
Chapter Review Questions/Exercises 296 William Stallings
Exercise 296 1. Introduction 339
2. ITU-T Internet of Things (IoT) Reference
Model 340
16. Local Area Network Security
3. Internet of Things (IoT) Security 344
(online chapter) 299 4. Summary 347
Pramod Pandya Chapter Review Questions/Exercises 347
Exercise 348
17. Wireless Network Security 301 References 348

Chunming Rong, Gansen Zhao, 20. Cellular Network Security 349

Liang Yan, Erdal Cayirci,
Hongbing Cheng Peng Liu, Thomas F. LaPorta,
Kameswari Kotapati
1. Cellular Networks 301
2. Wireless Ad Hoc Networks 303 1. Introduction 349
3. Security Protocols 304 2. Overview of Cellular Networks 349
4. Wired Equivalent Privacy 305 3. The State of the Art of Cellular Network
5. Secure Routing 307 Security 352
6. Authenticated Routing for Ad Hoc 4. Cellular Network Attack
Networks 309 Taxonomy 354
7. Secure Link State Routing 5. Cellular Network Vulnerability
Protocol 309 Analysis 359
8. Key Establishment 310 6. Summary 366
9. Ingemarsson, Tang, and Wong 311 Chapter Review Questions/Exercises 367
10. Management Countermeasures 313 Exercise 367
11. Summary 314 References 368
Chapter Review Questions/Exercises 314
Exercise 315 21. Radio Frequency Identification
References 315 Security 369
Chunming Rong, Gansen Zhao, Liang Yan,
18. Wireless Sensor Network Security: Erdal Cayirci, Hongbing Cheng
The Internet of Things 317
1. Radio Frequency Identification
Harsh Kupwade Patil, Thomas M. Chen Introduction 369
2. Radio Frequency Identification
1. Introduction to Wireless Sensor
Challenges 372
Networks 317
3. Radio Frequency Identification
2. Threats to Privacy 319
Protections 376
3. Cryptographic Security in Wireless
4. Summary 382
Sensor Networks 323
Chapter Review Questions/Exercises 383
4. Secure Routing in Wireless Sensor
Exercise 383
Networks 329
References 384
5. Routing Protocols in Wireless Sensor
Networks 330
22. Optical Network Security
6. Wireless Sensor Networks and Internet
(online chapter) 387
of Things 332
7. Summary 334 Lauren Collins
 Contents xi

23. Optical Wireless Security 26. Policy-Driven System

(online chapter) 389 Management 427
Scott R. Ellis Henrik Plate, Cataldo Basile,
Stefano Paraboschi
1. Introduction 427
Part II 2. Security and Policy-Based
Managing Information Security 391 Management 427
3. Classification and Languages 439
24. Information Security Essentials for 4. Controls for Enforcing Security Policies
Information Technology Managers: in Distributed Systems 442
Protecting Mission-Critical 5. Products and Technologies 447
6. Research Projects 452
Systems 393
7. Summary 457
Albert Caballero Chapter Review Questions/Exercises 458
Exercise 458
1. Introduction 393
Acknowledgments 458
2. Protecting Mission-Critical
References 459
Systems 394
3. Information Security Essentials for
Information Technology 27. Information Technology Security
Managers 396 Management (online chapter) 461
4. Systems and Network Security 399
Rahul Bhaskar, Bhushan Kapoor
5. Application Security 402
6. Cloud Security 404
7. Data Protection 407 28. The Enemy (The Intruder’s
8. Wireless and Mobile Security 408 Genesis) (online chapter) 463
9. Identity and Access Management 409
Pramod Pandya
10. Security Operations 410
11. Policies, Plans, and Programs 413
12. Summary 417 29. Social Engineering Deceptions
Chapter Review Questions/Exercises 417 and Defenses 465
Exercise 418 Scott R. Ellis
References 418
1. Introduction 465
25. Security Management Systems 421 2. Counter-Social Engineering 465
3. Vulnerabilities 466
Jim Harmening 4. Using a Layered Defense
1. Security Management System Approach 467
Standards 421 5. Attack Scenarios 469
2. Training Requirements 422 6. Suspect Everyone: Network Vector 469
3. Principles of Information Security 422 7. Policy and Training 471
4. Roles and Responsibilities of 8. Physical Access 472
Personnel 422 9. Summary 472
5. Security Policies 422 Chapter Review Questions/Exercises 473
6. Security Controls 423 Exercise 473
7. Network Access 423
8. Risk Assessment 424 30. Ethical Hacking 475
9. Incident Response 425
Scott R. Ellis
10. Summary 425
Chapter Review Questions/Exercises 426 1. Introduction 475
Exercise 426 2. Hacker’s Toolbox 476
xii Contents

3. Attack Vectors 478 33. Security Education, Training, and

4. Physical Penetrations 480 Awareness 497
5. Summary 481
Chapter Review Questions/Exercises 481 Albert Caballero
Exercise 481 1. Security Education, Training, and
Awareness (SETA) Programs 497
31. What Is Vulnerability 2. Users, Behavior, and Roles 499
Assessment? 483 3. Security Education, Training, and
Awareness (SETA) Program Design 500
Almantas Kakareka
4. Security Education, Training, and
1. Introduction 483 Awareness (SETA) Program
2. Reporting 483 Development 501
3. The “It Will Not Happen to Us” 5. Implementation and Delivery 501
Factor 484 6. Technologies and Platforms 502
4. Why Vulnerability Assessment? 484 7. Summary 503
5. Penetration Testing Versus Vulnerability Chapter Review Questions/Exercises 504
Assessment 484 Exercise 505
6. Vulnerability Assessment Goal 485 References 505
7. Mapping the Network 485
8. Selecting the Right Scanners 485 34. Risk Management 507
9. Central Scans Versus Local Scans 487
10. Defense in Depth Strategy 488 Sokratis K. Katsikas
11. Vulnerability Assessment Tools 488 1. The Concept of Risk 508
12. Security Auditor’s Research 2. Expressing and Measuring Risk 508
Assistant 489 3. The Risk Management
13. Security Administrator’s Integrated Methodology 510
Network Tool 489 4. Risk Management Laws and
14. Microsoft Baseline Security Regulations 522
Analyzer 489 5. Risk Management Standards 524
15. Scanner Performance 489 6. Summary 526
16. Scan Verification 490 Chapter Review Questions/Exercises 526
17. Scanning Cornerstones 490 Exercise 527
18. Network Scanning
Countermeasures 490 35. Insider Threat 529
19. Vulnerability Disclosure
Date 490 William F. Gross
20. Proactive Security Versus Reactive 1. Introduction 529
Security 491 2. Defining Insider Threat 529
21. Vulnerability Causes 492 3. Motivations of the Insider Threat
22. Do It Yourself Vulnerability Actors 530
Assessment 493 4. Insider Threat Indicators 531
23. Summary 493 5. Examples of Insider Threats 531
Chapter Review Questions/Exercises 493 6. Impacts 532
Exercise 494 7. Analysis: Relevance 532
8. Manage and Mitigate the Insider
32. Security Metrics: An Introduction Threat 532
and Literature Review 9. Summary 534
(online chapter) 495 Chapter Review Questions/Exercises 535
Exercise 535
George O.M. Yee
References 535
 Contents xiii

Part III 39. Security Policies and Plans

Disaster Recovery Security 537 Development 565
Keith Lewis
36. Disaster Recovery 539
1. Introduction: Policies and Planning:
Scott R. Ellis, Lauren Collins Security Framework Foundation 565
1. Introduction 539 2. CIA: Not the Central Intelligence
2. Measuring Risk and Avoiding Agency 567
Disaster 539 3. Security Policy Structure 567
3. The Business Impact Assessment 541 4. Security Policy: Sign Off Approval 569
4. Summary 546 5. Summary 569
Chapter Review Questions/Exercises 546 Chapter Review Questions/Exercises 569
Exercise 547 Exercise 570
References 570
37. Disaster Recovery Plans for
Small and Medium Businesses
(SMBs) 549 Part V
Cyber, Network, and Systems
William F. Gross, Jr.
Forensics Security and
1. Introduction 549 Assurance 571
2. Identifying the Need for a Disaster
Recovery Plan 549
40. Cyber Forensics 573
3. Recovery 549
4. Threat Analysis 550 Scott R. Ellis
5. Methodology 550
1. What Is Cyber Forensics? 573
6. Train and Test the Plan 551
2. Analysis of Data 574
7. Communication 551
3. Cyber Forensics in the Court
8. Recovery 552
System 576
9. Summary 552
4. Understanding Internet History 577
Chapter Review Questions/Exercises 552
5. Temporary Restraining Orders and
Exercise 553
Labor Disputes 578
References 553
6. First Principles 589
7. Hacking a Windows XP Password 589
8. Network Analysis 592
Part IV 9. Cyber Forensics Applied 593
Security Standards and Policies 555 10. Tracking, Inventory, Location of Files,
Paperwork, Backups, and So on 593
38. Security Certification and Standards 11. Testifying as an Expert 595
Implementation 557 12. Beginning to End in Court 598
13. Summary 601
Keith Lewis Chapter Review Questions/Exercises 601
1. Introduction: The Security Compliance Exercise 602
Puzzle 557
2. The Age of Digital Regulations 557 41. Cyber Forensics and Incidence
3. Security Regulations and Laws: Response 603
Technology Challenges 558
Cem Gurkok
4. Implementation: The Compliance
Foundation 560 1. Introduction to Cyber Forensics 603
5. Summary 562 2. Handling Preliminary
Chapter Review Questions/Exercises 562 Investigations 604
Exercise 563 3. Controlling an Investigation 606
References 563 4. Conducting Disc-Based Analysis 607
xiv Contents

5. Investigating Information-Hiding Part VI

Techniques 610
6. Scrutinizing Email 614
Encryption Technology 673
7. Validating Email Header
Information 615
46. Data Encryption
8. Tracing Internet Access 616 (online chapter) 675
9. Searching Memory in Real Time 619 Bhushan Kapoor, Pramod Pandya
10. Summary 625
Chapter Review Questions/Exercises 627
Exercise 627 47. Satellite Encryption 677
References 628 Daniel S. Soper

42. Securing e-Discovery 629 1. Introduction 677

2. The Need for Satellite Encryption 678
Scott R. Ellis 3. Implementing Satellite Encryption 679
1. Information Management 631 4. Pirate Decryption of Satellite
2. Legal and Regulatory Obligation 631 Transmissions 683
3. Summary 654 5. Satellite Encryption Policy 685
Chapter Review Questions/Exercises 654 6. Satellite Encryption Service (SES) 686
Exercise 655 7. The Future of Satellite Encryption 686
8. Summary 686
Chapter Review Questions/Exercises 688
43. Network Forensics
Exercise 688
(online chapter) 657
Yong Guan 48. Public Key Infrastructure 691
Terence Spies
44. Microsoft Office and Metadata 1. Cryptographic Background 691
Forensics: A Deeper Dive 659 2. Overview of Public Key
Rich Hoffman Infrastructure 693
3. The X.509 Model 694
1. Introduction 659
4. X.509 Implementation
2. In a Perfect World 659
Architectures 695
3. Microsoft Excel 660
5. X.509 Certificate Validation 695
4. Exams! 661
6. X.509 Certificate Revocation 698
5. Items Outside of Office
7. Server-Based Certificate Validity
Metadata 663
Protocol 699
6. Summary 666
8. X.509 Bridge Certification
Chapter Review Questions/Exercises 666
Systems 700
Exercise 667
9. X.509 Certificate Format 702
10. Public Key Infrastructure Policy
45. Hard Drive Imaging 669 Description 704
John Benjamin Khan 11. Public Key Infrastructure Standards
Organizations 705
1. Introduction 669 12. Pretty Good Privacy Certificate
2. Hard Disc Drives 669 Formats 706
3. Solid State Drives 669 13. Pretty Good Privacy Public Key
4. Hardware Tools 670 Infrastructure Implementations 706
5. Software Tools 670 14. World Wide Web Consortium 707
6. Techniques 670 15. Is Public Key Infrastructure
7. Summary 671 Secure? 707
Chapter Review Questions/Exercises 671 16. Alternative Public Key Infrastructure
Exercise 672 Architectures 707
References 672 17. Modified X.509 Architectures 708
 Contents xv

18. Alternative Key Management Part VII

Models 708
19. Summary 709
Privacy and Access
Chapter Review Questions/Exercises 710 Management 741
Exercise 710
References 710 52. Online Privacy 743
Chiara Braghin, Marco Cremonini
49. Password-Based Authenticated
Key Establishment Protocols 1. The Quest for Privacy 743
2. Trading Personal Data 746
(online chapter) 713
3. Control of Personal Data 747
Jean Lancrenon, Dalia Khader, 4. Privacy and Technologies 749
Peter Y.A. Ryan, Feng Hao 5. Summary 755
Chapter Review Questions/Exercises 755
Exercise 756
50. Context-Aware Multifactor References 756
Authentication Survey 715
Emin Huseynov, Jean-Marc Seigneur 53. Privacy-Enhancing
1. Introduction 715
Technologies 759
2. Classic Approach to Multifactor Simone Fischer-Hbner, Stefan Berthold
Authentication 715
1. The Concept of Privacy 759
3. Modern Approaches to Multifactor
2. Legal Privacy Principles 759
Authentication 718
3. Classification of Privacy-Enhancing
4. Comparative Summary 722
Technologies (PETs) 761
5. Summary 723
4. Traditional Privacy Goals of
Chapter Review Questions/Exercises 724
Privacy-Enhancing Technologies
Exercise 726
(PETs) 761
References 726
5. Privacy Metrics 762
6. Data Minimization Technologies 764
51. Instant-Messaging Security 727 7. Transparency-Enhancing
Samuel J.J. Curry Tools 772
8. Summary 775
1. Why Should I Care About Instant
Chapter Review Questions/Exercises 775
Messaging? 727
Exercise 776
2. What Is Instant Messaging? 727
References 776
3. The Evolution of Networking
Technologies 728
4. Game Theory and Instant
54. Personal Privacy Policies
Messaging 728 (online chapter) 779
5. The Nature of the Threat 731 George O.M. Yee, Larry Korba
6. Common Instant Messaging
Applications 734
7. Defensive Strategies 735 55. Detection of Conflicts in Security
8. Instant-Messaging Security Maturity Policies 781
and Solutions 736 Cataldo Basile, Matteo Maria Casalino,
9. Processes 737 Simone Mutti, Stefano Paraboschi
10. Summary 738
Chapter Review Questions/Exercises 740 1. Introduction 781
Exercise 740 2. Conflicts in Security Policies 781
xvi Contents

3. Conflicts in Executable Security 58. Virtual Private Networks 843

Policies 785
4. Conflicts in Network Security James T. Harmening
Policies 788 1. History 844
5. Query-Based Conflict 2. Who Is in Charge? 847
Detection 789 3. Virtual Private Network Types 848
6. Semantic Web Technology for Conflict 4. Authentication Methods 851
Detection 795 5. Symmetric Encryption 851
7. Summary 798 6. Asymmetric Cryptography 852
Chapter Review Questions/Exercises 798 7. Edge Devices 852
Exercise 799 8. Passwords 852
Acknowledgments 799 9. Hackers and Crackers 853
References 799 10. Mobile Virtual Private Network 853
11. Virtual Private Network
56. Supporting User Privacy Deployments 854
Preferences in Digital 12. Summary 854
Interactions 801 Chapter Review Questions/Exercises 854
Exercise 855
Sara Foresti, Pierangela Samarati References 856
1. Introduction 801 Resources 856
2. Basic Concepts and Desiderata 802
3. Cost-Sensitive Trust Negotiation 805 59. Identity Theft (online chapter) 857
4. Point-Based Trust Management 808 Markus Jakobsson, Alex Tsow
5. Logical-Based Minimal Credential
Disclosure 810
6. Privacy Preferences in Credential-Based 60. VoIP Security 859
Interactions 812 Harsh Kupwade Patil, Dan Wing,
7. Fine-Grained Disclosure of Sensitive Thomas M. Chen
Access Policies 817
8. Open Issues 819 1. Introduction 859
9. Summary 819 2. Overview of Threats 861
Chapter Review Questions/Exercises 820 3. Security in Voice Over Internet
Exercise 820 Protocol 866
Acknowledgments 820 4. Future Trends 868
References 821 5. Summary 871
Chapter Review Questions/Exercises 872
Exercise 873
57. Privacy and Security in
Environmental Monitoring
Systems: Issues and Solutions 823 Part VIII
Sabrina De Capitani di Vimercati, Storage Security 875
Angelo Genovese, Giovanni Livraga,
Vincenzo Piuri, Fabio Scotti 61. SAN Security (online chapter) 877
1. Introduction 823 John McGowan, Jeffrey S. Bardin,
2. System Architectures 824 John McDonald
3. Environmental Data 826
4. Security and Privacy Issues in 62. Storage Area Networking Security
Environmental Monitoring 827 Devices 879
5. Countermeasures 829
Robert Rounsavall
6. Summary 838
Chapter Review Questions/Exercises 838 1. What Is Storage Area Networking
Exercise 838 (SAN)? 879
Acknowledgments 839 2. Storage Area Networking (SAN)
References 839 Deployment Justifications 879
 Contents xvii

3. The Critical Reasons for Storage Area 65. Private Cloud Security 931
Networking (SAN) Security 880
4. Storage Area Networking (SAN) Keith Lewis
Architecture and Components 880 1. Introduction: Private Cloud System
5. Storage Area Networking (SAN) General Management 931
Threats and Issues 882 2. From Physical to Network Security Base
6. Summary 893 Focus 931
Chapter Review Questions/Exercises 893 3. Benefits of Private Cloud Security
Exercise 894 Infrastructures 933
4. Private Cloud Security Standards and
Best Practices 933
Part IX 5. “As-a-Service” Universe: Service
Cloud Security 895 Models 934
6. Private Cloud Service Model: Layer
Considerations 935
63. Securing Cloud Computing
7. Privacy or Public: The Cloud Security
Systems 897 Challenges 935
Cem Gurkok 8. Summary 935
Chapter Review Questions/Exercises 936
1. Cloud Computing Essentials: Examining
Exercise 936
the Cloud Layers 897
References 936
2. Software as a Service: Managing Risks in
the Cloud 903
3. Platform as a Service: Securing the
66. Virtual Private Cloud Security 937
Platform 904 Keith Lewis
4. Infrastructure as a Service 907
1. Introduction: Virtual Networking in a
5. Leveraging Provider-Specific Security
Private Cloud 937
Options 911
2. Security Console: Centralized Control
6. Achieving Security in a Private
Dashboard Management 937
Cloud 912
3. Security Designs: Virtual Private Cloud
7. Meeting Compliance
Setups 938
Requirements 916
4. Security Object Group Allocations:
8. Preparing for Disaster Recovery 919
Functional Control Management
9. Summary 921
Practices 939
Chapter Review Questions/Exercises 921
5. Virtual Private Cloud Performance
Exercise 922
Versus Security 940
References 922
6. Summary 941
Chapter Review Questions/Exercises 941
64. Cloud Security 923 Exercise 942
Edward G. Amoroso References 942
1. Cloud Overview: Public, Private,
Hybrid 923
2. Cloud Security Threats 924 Part X
3. Internet Service Provider Cloud Virtual Virtual Security 943
Private Network Peering Services 924
4. Cloud Access Security Brokers 925 67. Protecting Virtual
5. Cloud Encryption 925 Infrastructure 945
6. Cloud Security Microsegmentation 926
7. Cloud Security Compliance 927 Edward G. Amoroso
8. Summary 929 1. Virtualization in Computing 945
Chapter Review Questions/Exercises 929 2. Virtual Data Center Security 946
Exercise 929 3. Hypervisor Security 947
References 930 4. Enterprise Segmentation 947
xviii Contents

5. Active Containerized Security 948 5. Threat Assessment, Planning, and Plan

6. Virtual Absorption of Volume Implementation 971
Attacks 948 6. Example: A Corporate Physical Security
7. Open Source Versus Proprietary Policy 972
Security Capabilities 949 7. Integration of Physical and Logical
8. Summary 950 Security 973
Chapter Review Questions/Exercises 950 8. Physical Security Checklist 976
Exercise 951 9. Summary 976
Reference 951 Chapter Review Questions/Exercises 977
Exercise 979
References 979
68. Software-Defined Networking and
Network Function Virtualization
70. Biometrics (online chapter) 981
Security 953
Luther Martin
Edward G. Amoroso
1. Introduction to Software-Defined
Networking 953
2. Software-Defined Networking and Part XII
Network Function Virtualization Practical Security 983
Overview 954
3. Software-Defined Networking and 71. Online Identity and User
Network Function Virtualization for Management Services 985
Internet Service Providers 956
Tewfiq El Maliki, Jean-Marc Seigneur
4. Software-Defined Networking
Controller Security 956 1. Introduction 985
5. Improved Patching With 2. Evolution of Identity Management
Software-Defined Networking 957 Requirements 985
6. Dynamic Security Service Chaining in 3. The Requirements Fulfilled by Identity
Software-Defined Networking 957 Management Technologies 989
7. Future Virtualized Management Security 4. Identity Management 1.0 989
Support in Software-Defined 5. Social Login and User
Networking 959 Management 1001
8. Summary 959 6. Identity 2.0 for Mobile Users 1002
Chapter Review Questions/Exercises 960 7. Summary 1007
Exercise 961 Chapter Review Questions/Exercises 1007
References 961 Exercise 1008
References 1008

Part XI 72. Intrusion Prevention and Detection

Systems 1011
Cyber Physical Security 963
Christopher Day
69. Physical Security Essentials 965 1. What Is an “Intrusion” Anyway? 1011
William Stallings 2. Physical Theft 1011
3. Abuse of Privileges (the Insider
1. Overview 965 Threat) 1011
2. Physical Security Threats 966 4. Unauthorized Access by
3. Physical Security Prevention and Outsider 1012
Mitigation Measures 970 5. Malicious Software Infection 1012
4. Recovery From Physical Security 6. Role of the “Zero-Day” 1013
Breaches 971
 Contents xix

7. The Rogue’s Gallery: Attackers and 76. System Security

Motives 1014 (online chapter) 1039
8. A Brief Introduction to Transmission
Control Protocol/Internet Lauren Collins
Protocol 1014
9. Transmission Control Protocol/ 77. Access Controls 1041
Internet Protocol Data Architecture
and Data Encapsulation 1015 Lauren Collins
10. Survey of Intrusion Detection and 1. Infrastructure Weaknesses:
Prevention Technologies 1019 Discretionary Access Control (DAC),
11. Antimalicious Software 1019 Mandatory Access Control (MAC),
12. Network-Based Intrusion Detection and Role-Based Access Control
Systems 1019 (RBAC) 1041
13. Network-Based Intrusion Prevention 2. Strengthening the Infrastructure:
Systems 1021 Authentication Systems 1044
14. Host-Based Intrusion Prevention 3. Summary 1046
Systems 1021 Chapter Review Questions/Exercises 1047
15. Security Information Management Exercise 1047
Systems 1021
16. Network Session Analysis 1022
17. Digital Forensics 1023 78. Endpoint Security 1049
18. System Integrity Validation 1023 Keith Lewis
19. Summary 1023
Chapter Review Questions/Exercises 1023 1. Introduction: Endpoint Security
Exercise 1024 Defined 1049
References 1024 2. Endpoint Solution: Options 1049
3. Standard Requirements: Security
73. Transmission Control Protocol/ Decisions 1049
Internet Protocol Packet Analysis 4. Endpoint Architecture: Functional
Challenges 1050
(online chapter) 1027
5. Endpoint Intrusion Security:
Pramod Pandya Management Systems 1052
6. Intrusion Prevention System (IPS)
74. Firewalls (online chapter) 1029 Network Logging Tools: Seek and Target
(the Offender) 1053
Errin W. Fulp 7. Endpoint Unification: Network
Access Control (NAC) Design
75. Penetration Testing 1031 Approach (From the Ground-Up) 1053
Roman Zabicki, Scott R. Ellis 8. Software-as-a-Service (SaaS) Endpoint
Security 1053
1. What Is Penetration Testing? 1031 9. Summary 1054
2. Why Would You Do It? 1031 Chapter Review Questions/Exercises 1054
3. How Do You Do It? 1032 Exercise 1055
4. Examples of Penetration Test References 1055
Scenarios 1035
5. Summary 1037
79. Assessments and Audits
Chapter Review Questions/Exercises 1037
Exercise 1038
(online chapter) 1057
References 1038 Lauren Collins
xx Contents

80. Fundamentals of 7. Advanced Persistent Threat 1113

Cryptography 1059 8. Additional Considerations 1114
9. Summary 1114
Scott R. Ellis Chapter Review Questions/Exercises 1115
1. Assuring Privacy With Encryption 1059 Exercise 1115
2. Summary 1065 References 1116
Chapter Review Questions/Exercises 1065
Exercise 1066
Part XIV
Advanced Security 1117
Part XIII
Critical Infrastructure Security 1067 85. Security Through Diversity 1119
Kevin Noble
81. Securing the Infrastructure 1069
1. Ubiquity 1120
Lauren Collins 2. Example Attacks Against
1. Communication Security Goals 1069 Uniformity 1121
2. Attacks and Countermeasures 1076 3. Attacking Ubiquity With Antivirus
3. Summary 1080 Tools 1122
Chapter Review Questions/Exercises 1081 4. The Threat of Worms 1122
Exercise 1081 5. Automated Network Defense 1124
6. Diversity and the Browser 1125
7. Sandboxing and Virtualization 1126
82. Homeland Security 8. Domain Name Server Example of
(online chapter) 1083 Diversity Through Security 1126
Rahul Bhaskar, Bhushan Kapoor 9. Recovery From Disaster Is
Survival 1127
10. Summary 1127
83. Cyber Warfare 1085 Chapter Review Questions/Exercises 1128
Anna Granova, Marco Slaviero Exercise 1129

1. Cyber Warfare Model 1085 86. e-Reputation and Online

2. Cyber Warfare Defined 1086
Reputation Management
3. Cyber Warfare: Myth or Reality? 1086
4. Participants, Roles, Attribution, and
Survey 1131
Asymmetry 1088 Jean-Marc Seigneur
5. Making Cyber Warfare Possible 1092
1. Introduction 1131
6. Legal Aspects of Cyber Warfare 1099
2. The Human Notion of Reputation 1132
7. Holistic View of Cyber Warfare 1103
3. Reputation Applied to the Computing
8. Summary 1103
World 1134
Chapter Review Questions/Exercises 1103
4. State of the Art of Attack-Resistant
Exercise 1104
Reputation Computation 1137
5. Overview of Past and Current Online
84. Cyber-Attack Process 1105 Reputation Services 1141
Nailah Mims 6. Summary 1149
Chapter Review Questions/Exercises 1150
1. What Is a Cyber-Attack? 1105
Exercise 1150
2. Cyber-Attack Adversaries 1106
References 1150
3. Cyber-Attack Targets 1106
4. Cyber-Attack Process 1106
5. Tools and Tactics of a
87. Content Filtering
Cyber-Attack 1107 (online chapter) 1153
6. Cyber-Attack Case Studies 1110 Pete F. Nicoletti
 Contents xxi

88. Data Loss Protection 1155 Chapter Review Questions/Exercises 1180

Exercise 1181
Ken Perkins References 1181
1. Precursors of DLP 1156
2. What Is Data Loss Protection 90. Verifiable Voting Systems
(DLP)? 1157 (online chapter) 1183
3. Where to Begin? 1162
Thea Peacock, Peter Y.A. Ryan,
4. Data Is Like Water 1162
Steve Schneider, Zhe Xia
5. You Don’t Know What You Don’t
Know 1164
6. How Do Data Loss Protection (DLP) 91. Advanced Data Encryption 1185
Applications Work? 1165
7. Eat Your Vegetables 1166 Pramod Pandya
8. IT’s a Family Affair, Not Just IT 1. Mathematical Concepts
Security’s Problem 1169 Reviewed 1185
9. Vendors, Vendors Everywhere! 2. The Rivest, Shamir, and Adelman
Who Do You Believe? 1169 Cryptosystem 1189
10. Summary 1170 3. Summary 1194
Chapter Review Questions/Exercises 1171 Chapter Review Questions/Exercises 1195
Exercise 1171 Exercise 1195
References 1195
89. Satellite Cyber Attack Search and
Destroy 1173 Index 1197
Jeffrey Bardin
1. Hacks, Interference, and
Jamming 1173
2. Summary 1180

Online Chapters and Appendices 13. Dynamic Network Address Translation

Configuration e11
14. The Perimeter e11
16. Local Area Network Security e1 15. Access List Details e13
Pramod Pandya 16. Types of Firewalls e14
17. Packet Filtering: Internet Protocol
1. Identify Network Threats e1 Filtering Routers e14
2. Establish Network Access 18. Application-Layer Firewalls: Proxy
Controls e2 Servers e14
3. Risk Assessment e3 19. Stateful Inspection Firewalls e14
4. Listing Network Resources e3 20. Network Intrusion Detection System
5. Threats e3 Complements Firewalls e14
6. Security Policies e4 21. Monitor and Analyze System
7. The Incident-Handling Process e4 Activities e15
8. Secure Design Through Network 22. Signature Analysis e15
Access Controls e4 23. Statistical Analysis e15
9. Intrusion Detection System 24. Signature Algorithms e16
Defined e5 25. Local Area Network Security
10. Network Intrusion Detection System: Countermeasures Implementation
Scope and Limitations e5 Checklist e19
11. A Practical Illustration of Network 26. Summary e19
Intrusion Detection System e5 Chapter Review Questions/Exercises e19
12. Firewalls e7 Exercise e20
xxii Contents

22. Optical Network Security e21 32. Security Metrics: An Introduction

Lauren Collins
and Literature Review e57
George O.M. Yee
1. Optical Networks e21
2. Securing Optical Networks e23 1. Introduction e57
3. Identifying Vulnerabilities e25 2. Why Security Metrics? e58
4. Corrective Actions e26 3. The Nature of Security Metrics e59
5. Summary e26 4. Getting Started With Security
Chapter Review Questions/Exercises e27 Metrics e62
Exercise e27 5. Metrics in Action: Toward an Intelligent
References e27 Security Dashboard e63
6. Security Metrics in the Literature e63
23. Optical Wireless Security e29 7. Summary e68
Chapter Review Questions/Exercises e69
Scott R. Ellis
Exercise e69
1. Optical Wireless Systems Overview e29 References e69
2. Deployment Architectures e30
3. High Bandwidth e31 43. Network Forensics e71
4. Low Cost e31
Yong Guan
5. Implementation e31
6. Surface Area e31 1. Scientific Overview e71
7. Summary e33 2. The Principles of Network
Chapter Review Questions/Exercises e33 Forensics e71
Exercise e34 3. Attack Trace-Back and Attribution e72
4. Critical Needs Analysis e78
27. Information Technology Security 5. Research Directions e78
Management e35 6. Summary e79
Chapter Review Questions/Exercises e81
Rahul Bhaskar, Bhushan Kapoor
Exercise e82
1. Information Security Management
Standards e35 46. Data Encryption e83
2. Other Organizations Involved in
Bhushan Kapoor, Pramod Pandya
Standards e36
3. Information Technology Security 1. Need for Cryptography e83
Aspects e36 2. Mathematical Prelude to
4. Summary e43 Cryptography e84
Chapter Review Questions/Exercises e43 3. Classical Cryptography e84
Exercise e44 4. Modern Symmetric Ciphers e87
5. Algebraic Structure e89
28. The Enemy (The Intruder’s 6. The Internal Functions of Rijndael in
Genesis) e45 Advanced Encryption Standard
Implementation e93
Pramod Pandya 7. Use of Modern Block Ciphers e97
1. Introduction e45 8. Public-Key Cryptography e98
2. Active Reconnaissance e46 9. Cryptanalysis of
3. Enumeration e50 RivesteShamireAdleman e101
4. Penetration and Gain Access e51 10. DiffieeHellman Algorithm e102
5. Maintain Access e53 11. Elliptic Curve Cryptosystems e102
6. Defend Network Against Unauthorized 12. Message Integrity and
Access e54 Authentication e104
7. Summary e55 13. Triple Data Encryption Algorithm Block
Chapter Review Questions/Exercises e55 Cipher e105
Exercise e56 14. Summary e106
 Contents xxiii

Chapter Review Questions/Exercises e106 4. Change Management e168

Exercise e107 5. Password Policies e168
References e107 6. Defense-in-Depth e169
7. Vendor Security Review e169
49. Password-Based Authenticated Key 8. Data Classification e169
Establishment Protocols e109 9. Security Management e169
10. Auditing e169
Jean Lancrenon, Dalia Khader, Peter Y.A. Ryan, 11. Security Maintenance e170
Feng Hao 12. Host Access: Partitioning e171
1. Introduction to Key Exchange e109 13. Data Protection: Replicas e172
2. Password-Authenticated Key 14. Encryption in Storage e174
Exchange e112 15. Application of Encryption e177
3. Concrete Protocols e114 16. Summary e185
4. Summary e121 Chapter Review Questions/Exercises e185
Chapter Review Questions/Exercises e121 Exercise e187
Exercise e122 Reference e187
References e122
70. Biometrics e189
54. Personal Privacy Policies e125 Luther Martin
George O.M. Yee, Larry Korba 1. Relevant Standards e190
1. Introduction e125 2. Biometric System Architecture e191
2. Content of Personal Privacy 3. Using Biometric Systems e197
Policies e126 4. Security Considerations e199
3. Semiautomated Derivation of Personal 5. Summary e203
Privacy Policies e127 Chapter Review Questions/Exercises e203
4. Specifying Well-Formed Personal Exercise e204
Privacy Policies e131
5. Preventing Unexpected Negative 73. Transmission Control Protocol/
Outcomes e134 Internet Protocol Packet
6. The Privacy Management Model e135 Analysis e205
7. Discussion and Related Work e140
Pramod Pandya
8. Summary e142
Chapter Review Questions/Exercises e143 1. The Internet Model e205
Exercise e143 2. Summary e218
Chapter Review Questions/Exercises e218
59. Identity Theft e145 Exercise e218
Markus Jakobsson, Alex Tsow
74. Firewalls e219
1. Experimental Design e145
Errin W. Fulp
2. Results and Analysis e152
3. Implications for Crimeware e160 1. Introduction e219
Chapter Review Questions/Exercises e162 2. Network Firewalls e219
Exercise e163 3. Firewall Security Policies e220
References e163 4. A Simple Mathematical Model for
Policies, Rules, and Packets e221
61. SAN Security e165 5. First-Match Firewall Policy
Anomalies e222
John McGowan, Jeffrey S. Bardin,
6. Policy Optimization e222
John McDonald
7. Firewall Types e223
1. Organizational Structure e165 8. Host and Network Firewalls e225
2. Access Control Lists and Policies e167 9. Software and Hardware Firewall
3. Physical Access e168 Implementations e225
xxiv Contents

10. Choosing the Correct Firewall e225 87. Content Filtering e271
11. Firewall Placement and Network
Topology e226 Pete F. Nicoletti
12. Firewall Installation and 1. Defining the Problem e271
Configuration e228 2. Why Content Filtering Is
13. Supporting Outgoing Services Through Important e272
Firewall Configuration e228 3. Content Categorization
14. Secure External Services Technologies e274
Provisioning e230 4. Perimeter Hardware and Software
15. Network Firewalls for Voice and Video Solutions e276
Applications e230 5. Categories e279
16. Firewalls and Important Administrative 6. Legal Issues e280
Service Protocols e231 7. Circumventing Content Filtering e284
17. Internal IP Services Protection e232 8. Additional Items to Consider:
18. Firewall Remote Access Overblocking and
Configuration e233 Underblocking e286
19. Load Balancing and Firewall 9. Related Products e289
Arrays e234 10. Summary e289
20. Highly Available Firewalls e235 Chapter Review Questions/Exercises e291
21. Firewall Management e236 Exercise e291
22. Summary e236
Chapter Review Questions/Exercises e237 90. Verifiable Voting Systems e293
Exercise e237
Thea Peacock, Peter Y.A. Ryan,
76. System Security e239 Steve Schneider, Zhe Xia

Lauren Collins 1. Introduction e293

2. Security Requirements e293
1. Foundations of Security e239 3. Verifiable Voting Schemes e295
2. Basic Countermeasures e243 4. Building Blocks e296
3. Summary e245 5. Survey of Noteworthy Schemes e304
Chapter Review Questions/Exercises e246 6. Threats to Verifiable Voting
Exercise e246 Systems e311
7. Summary e312
79. Assessments and Audits e247 Chapter Review Questions/Exercises e312
Exercise e313
Lauren Collins
References e313
1. Assessing Vulnerabilities and Risk:
Penetration Testing and Vulnerability
Assessments e247 Part XV
2. Risk Management: Quantitative Risk
Measurements e251
Appendices e317
3. Summary e252
Chapter Review Questions/Exercises e254 Appendix A Configuring Authentication Service
Exercise e254 On Microsoft
Windows 10 e319
82. Homeland Security e255 Appendix B Security Management and
Resiliency e323
Rahul Bhaskar, Bhushan Kapoor
Appendix C List of Top Information
1. Statutory Authorities e255 and Network Security
2. Homeland Security Presidential Implementation and Deployment
Directives e261 Companies e325
3. Organizational Actions e262 Appendix D List of Security Products e329
4. Summary e267 Appendix E List of Security Standards e343
Chapter Review Questions/Exercises e268 Appendix F List of Miscellaneous
Exercise e269 Security Resources e345

Appendix G Ensuring Built-in,
Frequency-Hopping Spread-
Spectrum, Wireless Network
Security e355
Appendix H Configuring Wireless Security
Remote Access e357
Appendix I Frequently Asked
Questions e363
Contents xxv
Appendix J Case Studies e365
Appendix K Answers to Review
Questions/Exercises, Hands-on
Projects, Case Projects and
Optional Team Case Project by
Chapter e381
Appendix L Glossary e471
This page intentionally left blank
Contributors
Edward G. Amoroso (Chapters 64, 67, 68), Senior Vice
President, Chief Security Officer, TAG Cyber LLC
Jeffrey S. Bardin (Chapters 61, 89), Chief Intelligence
Strategist, Treadstone 71 LLC, 515 Oakham Road,
Barre, MA 01005
Cataldo Basile (Chapters 26, 55), Professor, Universita
degli studi di Bergamo, Via Salvecchio 19, 24129
Bergamo Italy
Stefan Berthold (Chapter 53), Tek. Lic., Karlstad Univer-
sity, Universitetsgatan 2 S-65469, Karlstad/Sweden
Gerald Beuchelt (Chapters 10, 11), Principal Software
Systems Engineer, Demandware, Inc., Burlington, MA
Rahul Bhaskar (Chapters 27, 82), Professor, Depart-
ment of Information Systems and Decision Sciences,
California State University, LH 564, Fullerton, California
92834
Chiara Braghin (Chapter 52), Professor, Dept. of Infor-
mation Technology, University of Milan, via Bramante
65 e 26013, Crema, Italy
Albert Caballero (Chapters 24, 33), Chief Technology
Officer - CTO, Digital Era Group, LLC, 9357 Abbot
Ave., Surfside, Fl. 33154
Matteo Maria Casalino (Chapter 55), Professor, Universita
degli studi di Bergamo, Via Salvecchio 19, 24129
Bergamo Italy
Erdal Cayirci (Chapters 17, 21), Professor, University of
Stavanger, N-4036 Stavanger, Norway
Thomas M. Chen (Chapters 8, 18, 60), Professor, Swansea
University, Singleton Park, SA2 8PP, Wales, United
Kingdom
Hongbing Cheng (Chapters 17, 21), Professor, University
of Stavanger, N-4036, Stavanger, Norway
Lauren Collins (Chapters 22, 36, 76, 77, 79, 81), Founder
and Chief Strategy Officer, Managing Director, Win-
ning Edge Communications, 8151 West Eagle Lake
Road, Peotone, IL 60468
Marco Cremonini (Chapter 52), Professor, Dept. of In-
formation Technology, University of Milan, via Bra-
mante 65 e 26013, Crema, Italy
Samuel J.J. Curry (Chapter 51), Chief Technology and
Security Officer, Arbor Networks, 76 Blanchard Road,
Burlington MA 01803
Rozita Dara (Chapter 6), Professor, University of Guelph,
School of Computer Science Guelph, ON, Canada
Christopher Day, CISSP, NSA:IEM (Chapter 72), Senior
Vice President, Secure Information Systems, Terremark
Worldwide, Inc., One Biscayne Tower 2 South Biscayne
Blvd, Suite 2900, Miami, Florida 33131
Sabrina De Capitani di Vimercati (Chapter 57), Pro-
fessor, Università degli Studi di Milano, DTI -
Dipartimento di Tecnologie dell’Informazione, S207,
Università degli Studi di Milano, Via Bramante 65,
26013 Crema e Italy
Tewfiq El Maliki (Chapter 71), Professor, University of
Geneva, Switzerland, 2850 route nationale, 74120
Megève, France; Telecommunications labs, University
of Applied Sciences of Geneva, Geneva, Switzerland
Scott R. Ellis (Chapters 3, 5, 23, 29, 30, 36, 40, 42, 75,
80), Manager, Infrastructure Engineering Team, kCura,
175 West Jackson Blvd., Suite 1000, Chicago, IL 60604
Michael Erbschloe (Foreword), Teaches Information Se-
curity courses at Webster University, St. Louis, Missouri
63119
Simone Fischer-Hbner (Chapter 53), Professor, Karlstad
University, Department of Computer Science, Room
no: 5A 435, Universitetsgatan 1, S 651 88, Karlstad/
Sweden
Sara Foresti (Chapter 56), Professor, Università degli
Studi di Milano, Information Technology Department,
Università degli Studi di Milano, via Bramante,
6526013 Crema (CR) Italy
Errin W. Fulp (Chapter 74), Professor, Department of
Computer Science, 239, Manchester Hall, P.O.
Box 7311, Wake Forest University, Winston-Salem,
North Carolina 27109
Angelo Genovese (Chapter 57), Professor, Università
degli Studi di Milano, DTI - Dipartimento di Tecnolo-
gie dell’Informazione, S207, Università degli Studi di
Milano, Via Bramante 65, 26013 Crema e Italy
xxvii
xxviii Contributors
Anna Granova (Chapter 83), Advocate of the High Court
of South Africa, University of Pretoria, Computer
Science Department, Information Technology Building,
49 Algernon Road, Norwood, Johannesburg, 2192,
Republic of South Africa
William F. Gross (Chapters 35, 37), Private Investigator,
Gross Security, LLC, 146 Main Street, Spencer, WV
25276
Yong Guan (Chapter 43), Litton Assistant Professor,
Department of Electrical and Computer Engineering,
Iowa State University, 3216 Coover Hall, Ames, Iowa
50011
Cem Gurkok (Chapters 41, 63), Threat Intelligence
Development Manager, Terremark Worldwide, Inc.,
One Biscayne Tower, 2S. Biscayne Blvd., Suite 2800,
Miami, Florida 33131
Feng Hao (Chapter 49), Professor, Newcastle University,
School of Computing Science, Newcastle University,
Newcastle Upon Tyne NE1 7RU
Tarfa Hamed (Chapter 6), Professor, University of Guelph,
School of Computer Science Guelph, ON, Canada
James T. Harmening (Chapters 25, 58), President, Computer
Bits, Inc., 123 W. Madison St. Suite 1005, Chicago,
Illinois 60602
Rich Hoffman (Chapter 44), Assistant Vice President of
Forensics and the Lead Examiner, UnitedLex, 6130
Sprint 5 Parkway, Suite 300, Overland Park, Kansas
66211
Emin Huseynov (Chapter 50), Professor, University of
Geneva, Switzerland, CUI, Bureau, Battelle batiment A 7
route de Drize, c11-1227, 74120 Carouge, Switzerland
Markus Jakobsson (Chapter 59), Associate Professor of
Informatics at IUB and Associate Director of CACR,
Indiana University, 5631 E Kerr Creek Rd., Bloo-
mington, IN 47408
Ravi Jhawar (Chapter 9), Professor, Universita’ degli
Studi di Milano, Department of Information Technol-
ogy, Universita’ degli Studi di Milano, via Bramante
65, 26013 Crema (CR) ITALY
Almantas Kakareka CISSP, GSNA, GSEC, CEH
(Chapter 31), CTO, Demyo, Inc., 351 189th street,
Sunny Isles Beach, FL 33160
Bhushan Kapoor (Chapters 27, 46, 82), Chair, Depart-
ment of Information Systems and Decision Sciences,
California State University, LH 564, Fullerton, California
92834
Sokratis K. Katsikas (Chapter 34), Department of
Technology Education & Digital Systems, University of
Piraeus, Piraeus 18532, Greece
Dalia Khader (Chapter 49), Collaborateur scientifique,
University of Luxemburg, Campus Kirchberg,
F 006, 6, rue Richard Coudenhove-Kalergi, L-1359
Luxembourg
John Benjamin Khan (Chapter 45), Former UNIX Oper-
ator, University of Massachusetts, Infragard Member 6
Stella Rd, Boston, MA 02131
Larry Korba (Chapter 54), Ottawa, Ontario, Canada K1G
5N7
Kameswari Kotapati (Chapter 20), Department of
Computer Science and Engineering, The Pennsylvania
State University, University Park, Pennsylvania 16802
Stefan C. Kremer (Chapter 6), Professor, University of
Guelph, School of Computer Science, Guelph, ON,
Canada
Thomas F. LaPorta (Chapter 20), Professor, Department
of Computer Science and Engineering, The Pennsylvania
State University, University Park, Pennsylvania 16802
Jean Lencrenon (Chapter 49), Professor, Interdisciplinary
Centre for Security, Reliability and Trust, 6 rue Richard
Coudenhove-Kalergi, L-1359 Luxembourg-Kirchberg,
Luxembourg
Keith Lewis (Chapters 4, 38, 39, 65, 66, 78), IT Security
Infrastructure Specialist, Keller Graduate School of
Management, Naperville, Illinois
Peng Liu (Chapter 20), Director, Cyber Security Lab,
College of Information Sciences and Technology,
Pennsylvania State University, University Park,
Pennsylvania 16802
Giovanni Livraga (Chapter 57), Professor, Università
degli Studi di Milano, DTI - Dipartimento di Tecnolo-
gie dell’Informazione, S207, Università degli Studi di
Milano, Via Bramante 65, 26013 Crema e Italy
John R. Mallery (Chapter 2), President, Mallery Tech-
nical Training and Consulting, Inc., 9393 West 110th
St., Suite 500, Overland Park, Kansas, 66210
Bill Mansoor (Chapter 15), Information Security Analyst
III, Information Security Office County of Riverside,
24711 Via Alvorado Mission Viejo, California 92692
Luther Martin (Chapter 70), Chief Security Architect,
Voltage Security, 20400 Stevens Creek, Blvd STE 500
Cupertino, CA 95014
John McDonald (Chapter 61), EMC Corporation, Hop-
kinton, Massachusetts 01748
John McGowan (Chapter 61), EMC Corporation, Hop-
kinton, Massachusetts 01748
Nailah Mims (Chapters 14, 84), Information Systems Se-
curity Analyst, Bright Horizons, 2 Seven Springs Lane
H, Burlington, MA 01803

Simone Mutti (Chapter 55), Professor, Universita degli
studi di Bergamo, Via Salvecchio 19, 24129 Bergamo
Italy
Peter F. Nicoletti (Chapter 87), Consultant, 110 Gumbo
Limbo Lane Po Box 448Miami, Florida, Tavernier, FL
33070
Kevin Noble, CISSP GSEC (Chapter 85), Director, Secure
Information Services, Terremark Worldwide Inc., 50
N.E. 9 Street, Miami, Florida 33132
Pramod Pandya (Chapters 16, 28, 46, 73, 91), Professor,
Department of Information Systems and Decision Sci-
ences, California State University, Fullerton, California
92834
Harsh Kupwade Patil (Chapters 18, 60), Professor,
Southern Methodist University, Department of Com-
puter Science and Engineering, Lyle School of Engi-
neering, Caruth Hall 3145 Dyer Street, Suite 445
Dallas, Texas
Stefano Paraboschi (Chapters 26, 55), Professor, Uni-
versita degli studi di Bergamo, Via Salvecchio 19,
24129 Bergamo Italy
Thea Peacock (Chapter 90), Professor, University of
Luxemburg, Faculte des Sciences, De la Technologie et
de la Communication 6, Rue Richard Coudenhove-
Kalergi L-1359 Luxembourg
Ken Perkins (Chapter 88), CIPP (Certified Information
Privacy Professional), Sr. Systems Engineer, Blazent
Incorporated, 3650 E. 1st Ave., Denver, Colorado
80206
Vincenzo Piuri (Chapters 9, 57), Professor, Universita’
degli Studi di Milano, Department of Information
Technology, Universita’ degli Studi di Milano, via
Bramante 65 26013 Crema (CR), ITALY
Henrik Plate (Chapter 26), Senior Researcher, CISSP,
SAP Research Security & Trust, 805, avenue du docteur
Maurice Donat 06250 Mougins, France
James Pooley (Chapter 1), Attorney, Orrick, Herrington
& Sutcliffe LLP, 1000 Marsh Road, Menlo Park, CA
94025-1015
Chunming Rong (Chapters 17, 21), Professor, Ph.D.,
Chair of Computer Science Section, Faculty of Science
and Technology, University of Stavanger, N-4036 Sta-
vanger, Norway
Robert Rounsavall (Chapter 62), Co-founder, Trapezoid,
Inc., 4931 SW 75th Ave., Miami, Florida 33155
Peter Y.A. Ryan (Chapters 49, 90), Professor of Informa-
tion Security and Head of Applied Security and Infor-
mation Assurance (APSIA) Group, GCWN, University
of Luxemburg, Campus Kirchberg 6, rue Richard,
Coudenhove-Kalergi, L-1359 Luxembourg
Contributors xxix
Pierangela Samarati (Chapter 56), Professor, Università
degli Studi di Milano, Information Technology
Department, Università degli Studi di Milano, via Bra-
mante, 6526013 Crema (CR), Italy
Marco Santambrogio (Chapter 7), Professor, Politecnico
di Milano, Milano, ITALY
Mario Santana (Chapter 12), Consultant, Terremark
Worldwide, Inc., One Biscayne Tower, 2S., Biscayne
Blvd., Suite 2800, Miami, Florida 33131
Steve Schneider (Chapter 90), Professor, University of
Surrey, Department of Computing, Guildford, Surrey,
GU2 7XH
Fabio Scotti (Chapter 57), Professor, Universita’ degli
Studi di Milano, Department of Information Technol-
ogy, Universita’ degli Studi di Milano, via Bramante
65, 26013 Crema (CR), ITALY
Jean-Marc Seigneur (Chapters 50, 71, 86), Professor,
Advanced Systems Group, University of Geneva,
Switzerland, Centre Universitaire d’Informatique, Office
234, Battelle batiment A 7 route de Drize, c11-1227,
74120 Carouge, Switzerland
Marco Slaviero (Chapter 83), Security Analyst, Sense-
Post Pty Ltd, Lakeview 2, 138 Middel street, Nieuw
Muckleneuk, Pretoria, South Africa
Daniel S. Soper (Chapter 47), Professor, Information and
Decision Sciences Department, Mihaylo College of
Business and Economics, California State University,
Fullerton, California 92834-6848
Terence Spies (Chapter 48), Chief Technology Officer/
Vice President of Engineering, Hewlett Packard Enter-
prise, 20400 Stevens Creek Blvd, Suite 500, Cupertino,
CA 95014
William Stallings (Chapters 19, 69), Consultant and Writer,
No affiliation, 845 Satucket Road P. O. Box 2405,
Brewster, MA 02631
Alex Tsow (Chapter 59), Professor, Indiana University,
7514 Ambergate Pl., Mclean, Virginia 22102
Jesse Walker (Chapter 13), Principal Engineer, Intel
Corporation, JF2-55 2111 N.E. 25th Avenue, Hillsboro,
OR 97124
Michael A. West (Chapter 7), Senior Technical Writer,
Truestone Maritime Operations Martinez, California
94553
Dan Wing (Chapter 60), Distinguished Engineer, Cisco
Systems, Inc., 222 Coffeeberry Drive, San Jose, CA
95123
George O.M. Yee (Chapters 32, 54), Adjunct Research
Professor, Carleton University, 17 Sai Crescent,
Ottawa, ON, Canada K1G 5N7
Another random document with
no related content on Scribd:
Susan felt inclined to say, “And were you?” but her courage failed
her. Bella could never see a joke! She had no recollection of Bella’s
beauty—Bella’s complexion, as long as she could remember it, had
been the colour of mutton fat—but Bella was twenty-five years her
senior—and no doubt her bloom had withered early.
“The girl looks to me—as if—as if——”
“Bertie Woolcock had proposed!” supplemented Bella. “Yes, I
shouldn’t wonder.”
“No—not that.”
“Then what?” snapped her sister. “As if—and you stop; it’s a dreadful
habit not to be able to finish a sentence—it shows a weak intellect.”
“Well, since you must have it, Bella—as if she were in love.”
“So she is—with young Woolcock.”
“Nonsense,” repeated Susan, with unusual decision.
“Susan, don’t you dare to say ‘nonsense’ when I say a thing is so;
you forget yourself. Aurea will be married to Herbert Woolcock
before Christmas—that is pretty well settled. And now you may lock
up the silver; I am going to bed.”

As Miss Morven was proceeding homewards, and, as usual,

unattended (in spite of her Aunt Bella’s repeated remonstrances),
she passed the Drum, and noticed a motor in waiting, and also a
light in a conspicuous part of the premises—the little, bulging, front
sitting-room. Here two figures were sharply outlined on the yellow
blind. As Aurea looked, she saw a man and woman standing face to
face; the man put his hands on the woman’s shoulders and stooped
and kissed her. She recognised his profile in that instant—it was the
profile of Owen Wynyard!
Although brother and sister had taken leave of one another, when
they reached the car Wynyard looked up at the sky and said—
“It’s a splendid night; I believe I’ll go on with you to Brodfield, and
walk back.”
The motor overtook Miss Morven as she reached the Rectory gate;
here she stood for a moment in the shadow of the beech trees, and
as the car and its occupants swung into the full light of the last lamp
(oil) in Ottinge, she had a view of the back of the woman’s head—a
woman talking eagerly to her companion, who faced her in an easy
attitude, cigar in hand. The man was her aunts’ chauffeur. As the car
glided by, he laughed an involuntary, appreciative, and familiar laugh
that spoke of years of intimacy—a laugh that pierced the heart of its
unseen listener with the force and agony of a two-edged sword.
For a moment the girl felt stunned; then she began to experience the
shock of wounded pride, of insulted love, of intolerable humiliation.
So the dark-haired lady was “the Obstacle!” That impassioned
declaration on Yampton Hill had been—what? Mr. Wynyard was
merely experimenting on her credulity; he wished to discover how far
he might go, how much she would believe? A gay Hussar, who had
got into such trouble that he was compelled to hide his whereabouts
and name, until he could return to the world after a decent interval of
obscurity and repentance! Meanwhile, he played the mysterious
adorer, and amused himself with “a country heart,” pour passer le
temps.
And yet—and yet—when she recalled his steadfast eyes, the
tremulous ardour of his bearing in the garden, and, on the hillside, he
had looked in desperate earnest.
“Yes,” jeered another voice, “and in deadly earnest in the Drum
window!”
And she? She had actually believed that he was hopelessly in love;
and she, who had been ready to stand by him against all her
kindred, who had blushed and trembled before his eyes and voice,
had kissed her own glove where his lips had pressed it! As these
memories raced through her brain an awful sensation of sinking
down into the solid earth possessed her. Aurea groped blindly for the
gate and rested her head upon it. It seemed to her as if, under the
shade of those beeches, a something not of this world, some terrible
and relentless force, had fought and wrested from her, her
unacknowledged hopes, and her happy youth.
Half an hour later she toiled up the drive with dragging, unsteady
steps. Prayers were over when she entered the library—a white
ghost of herself, and, with a mumbled apology, she went over and
bade her father good-night, and touched his cheek with lips that
were dry and feverish. He, simple, blind man, absorbed in proofs,
barely lifted his head, and said—
“Good-night, my child, sleep well!”
And his child, evading Norris with a gesture of dismissal, hurried to
the seclusion of her own apartment, and locked the door.
Three days later, Miss Morven left home somewhat unexpectedly;
but it was conceded even by her Aunt Bella that the shock of Captain
Ramsay’s death had upset the girl. She wanted a change, and a
lively place and lively society would divert her mind.
Wynyard had not once seen her since their never-to-be-forgotten
walk, and the news of her departure came as a shock—although his
outward composure was admirable—when he was informed that
Miss Morven had left home, to be followed by her father. The Rector
would return in three weeks, but Ottinge was not likely to see his
daughter for a considerable time. Miss Davis had taken over the
surplices, Miss Jones the girls’ sewing-class, and Miss Norris the
altar flowers.
Wynyard put artful and carefully guarded inquiries, respecting her
niece, to his friend, Miss Susan, who was never reticent, and talked
as long as she found a sympathetic and intelligent listener.
“Well, indeed, Owen, I must confess Miss Morven’s going was a
great surprise,” she volunteered, in a burst of confidence, as she
swiftly snipped off dead leaves. “I’d no idea of it till she came to me
on Wednesday, and asked me to help her pack, and take over some
of her parish accounts. She looked pale and not a bit like herself;
though she said she was all right, I didn’t believe her. It struck me
she had had some sort of shock, she looked as if she hadn’t slept,
but she wouldn’t see the doctor, and was quite vexed at the idea. Dr.
Boas told me it was really the reaction of the dreadful tragedy that
she and I witnessed. So I’m glad she’s gone, though I miss her
terribly!”
And what was her loss to his? Wynyard had believed he was on the
point of establishing a firm if inarticulate understanding—at least he
had shown his colours, and she had said “Perhaps.” This morsel of
comfort was all that remained to him; and oh, the many, many things
that he could and should have said during that memorable walk!
These unspoken sentences tormented him with cruel persistency.
Had he wasted the opportunity of a lifetime?
 CHAPTER XXVII
SCANDAL ABOUT MISS SUSAN

Before Aurea had departed—and her departure was, as we know,

in the nature of a flight—she had paid the necessary visit of
ceremony to her Aunt Bella, who imagined herself to be busy making
plum jam, but was really obstructing the operations and straining the
forbearance of the new cook to a dangerous limit. The old lady
trotted into the drawing-room with sticky outstretched fingers, and
announced—
“Susan is out laying the croquet ground—the old bowling-green; you
may go and find her.”
“If you don’t mind sending for her, Aunt Bella.”
“Oh, I know you like giving your orders! Then ring the bell. Well, and
so you are off to-morrow?”
“Yes, father will come up later; he has a good deal of work in hand,
and he wants to go over to Hillminster once or twice.”
“I know; I’m lending him my car on Friday.”
“Aunt Bella, I do wish you’d sell it!” said Aurea, speaking on an
irrepressible impulse; “do get rid of it.”
“Rid of it! you silly, excitable girl, certainly not. I’m more likely to get
rid of the chauffeur; he does not know his place, and he does other
people’s jobs, too, in my time. He exercised Katie’s dogs, and
attended the Hanns’ sick pony, and, when the carrier lost his horse, I
believe he doctored it and probably killed it—and they sent round for
subscriptions for another, I gave ten shillings—handsome, I call it!—
and what do you think I saw in the list afterwards? ‘J. O., One
Guinea.’ My own servant giving double—such unheard of
impertinence! But Susan has spoiled him; I blame her. She talks to
him as if he were an equal; I declare, if she were a girl, I’d be in a
fine fright.”
Aurea maintained a pale silence.
“Yes; and Mrs. Riggs and others have remarked to me that they
really thought it was dangerous to have such a good-looking young
man about the place, though I don’t think him good-looking—a
conceited, dressed-up puppy. Oh, here’s Susan. Susan,”—raising
her voice—“you see, Aurea sends for you now!”
“And welcome! Now, my dear child, come along; I want to show you
my—I mean—the new croquet ground; it’s going to be splendid!
Won’t you come out and have a look at it?”
“No, thank you, Susan. It will be something to see when I come
back. Let me get your hat, and we will stroll up together to the
Rectory.”
“Oh, very well, my dear; but I’d like you to see the croquet lawn.
Owen has made it. He really is worth half a dozen of Tom Hogben—
and it’s as level as a billiard-table.”
But nothing would induce Aurea to change her mind.

Miss Susan accompanied her brother-in-law over to Hillminster,

where he was due at a Diocesan meeting; it was thirty miles off, and
he had suggested the train, but Miss Susan assured him, with
eloquence, that “it was ten times better to motor, and to go through
nice, out-of-the-way parts of the country, and see dear old villages
and churches, instead of kicking your heels in odd little waiting-
rooms, trying to catch one’s cross-country slow coach, and catching
a cold instead.” It happened that Mr. Morven had arranged to spend
the night with friends in the Cathedral Close, but Susan Parrett was
bound to be home before sunset; only on these conditions was she
suffered to undertake this unusually long expedition with the
precious car.
“Yes, Bella, I’ll be back without fail,” she declared; “though I’d like to
stay for the three o’clock service in the Cathedral,” and she gazed at
her tyrant appealingly.
“Not to be thought of,” was the inflexible reply; “you will be here at
six.—Remember the motor must be washed and put away, and the
evenings are already shortening.”
The run was made without any mishap, and accomplished under
three hours. It happened to be market day in Hillminster, the main
street was crowded with vehicles, and Miss Susan could not but
admire the neat and ready manner in which their driver steered
amongst carts, wagons, gigs, and carriages, with practised dexterity.
Presently they drove into the yard of the Rose Inn, and there
alighted. Mr. Morven and his sister-in-law were lunching with the
Dean in the Close, and Miss Susan notified to Owen, ere she left
him, that she proposed to start at half-past two sharp, adding—
“For, if we are late, Miss Parrett is so nervous, you know.”
The drive home began propitiously; but after a while, and in the
mean way so peculiar to motors, the car, when they were about ten
miles out of Hillminster, and a long distance from any little village or
even farmhouse, began to exhibit signs of fatigue. For some time
Wynyard coaxed and petted her; he got out of the machine several
times and crawled underneath, and they staggered along for yet
another mile, when there was a dead halt of over an hour. Here Miss
Susan sat on the bank, talking with the fluency of a perennial
fountain, and offering encouragement and advice.
Once more they set out, and, before they had gone far, met a boy on
a bicycle, and asked him the way to the nearest forge?
With surprising volubility and civility, this boy told them to go ahead
till they came to a certain finger-post, not to mind the finger-post, but
to turn down a lane, and in a quarter of a mile they would come to
the finest forge in the country! The misguided pair duly arrived at the
finger-post, turned to the left as directed, and descended a steep
lane—so narrow that the motor brushed the branches on either side,
and Miss Susan wondered what would become of them if they met a
cart? They crept on and on till they found themselves in some
woods, with long grass drives or rides diverging on either side—
undoubtedly they were now on the borders of some large property!
The lane continued to get worse and worse—in fact, it became like
the stony bed of a river, and the motor, which had long been crawling
like some sick insect, finally collapsed, and, so to speak, gave up the
ghost! The axle had broken; there it lay upon its side with an air of
aggravating helplessness! and it was after six o’clock by Miss
Susan’s watch!
“Now,” she inquired, with wide-open eyes, “what is to be done?”
“We must go and look for some farmhouse; I’m afraid you will have
to pass the night there, Miss Susan, unless they can raise a trap of
some sort!”
“Oh, but I’m bound to get home,” she protested, “if I have to walk the
whole way. How far should you say we were from Ottinge?”
“Well, I’m not very sure—I don’t know this part of the country—but I
should think about fifteen miles. You might manage to send a
telegram to Miss Parrett,—in fact, I wouldn’t mind walking there
myself, but of course I must stick by the car.”
“See!” she exclaimed, “there are chimneys in the hollow—red
chimneys—among those trees.” And she was right.
As they descended the hill, in a cosy nook at the foot they
discovered, hiding itself after the manner of old houses, an ancient
dwelling with imposing chimney-stacks, and immense black out-
buildings. Here Miss Susan volubly told her story to a respectable
elderly woman, who, judging by her pail and hands, had evidently
just been feeding the calves.
“I don’t know as how I can help you much,” she said; “this is Lord
Lambourne’s property as you’ve got into somehow. Whatever
brought you down off the high road, ma’am?”
“We were told to come this way by a boy on a bicycle. We asked him
to direct us to a forge.”
“The young limb was just a-making game of you, he was! There ain’t
a forge nearer than five miles, and my master took the horses in
there this afternoon; he’s not back yet.”
“I suppose,” said Miss Susan, “that you have no way of sending me
in to Ottinge—no cart or pony you could hire me?”
“I’m afraid not, ma’am. Where be Ottinge?”
Here was ignorance, or was it envy?
“Then I don’t know what I’m to do,” said Miss Susan helplessly. “My
sister will be terribly anxious, and I’m sure the motor won’t be fit to
travel for quite a long time. What do you think, Owen?”
“I think that the motor is about done!” he answered, with emphatic
decision. “To-morrow morning I must get a couple of horses
somewhere, and cart her home. I wonder if this good woman could
put you up for the night? This lady and I,” he explained, “went to
Hillminster from Ottinge to-day, and were on our way home when the
motor broke down; and I don’t think there’s any chance of our getting
to Ottinge to-night.”
“Oh yes, I can put the two of you up,” she said, addressing Miss
Susan, “both you and your son.”
Miss Susan became crimson.
“I am Miss Parrett of Ottinge,” she announced, with tremulous
dignity; “that is to say, Miss Susan Parrett.”
“I’m sure I beg your pardon, Miss Parrett; I can find you a bed for the
night. This is a rare big house—it were once a Manor—and we have
several empty bedrooms—our family being large, and some of the
boys out in the world. Mayhap you’d like something to eat?”
“I should—very much,” replied Miss Susan, whose face had cooled,
“tea or milk or anything!”
At this moment a respectable-looking, elderly man rode up, leading
another horse.
“Hullo, Hetty,” he said to his wife, “I see you ha’ company, and
there’s a sort of motor thing all smashed up, a-lyin’ there in the Blue
Gate Lane.”
“It’s my motor,” explained Miss Susan, “and we have walked down
here just to see what you and your wife could do for us.”
“Our best, you may be sure, ma’am,” rejoined the farmer, and
descended heavily from his horse, then led the pair towards the
stables, where he was followed by Wynyard, who gave him a hand
with them and borrowed their services for the morrow.
A meal was served in the very tidy little sitting-room, where Miss
Susan found that places had been laid for Owen and herself; it was
evident that the farmer’s wife considered him—if not her son—her
equal! To this arrangement she assented, and, in spite of his
apologies, Miss Susan and her chauffeur for once had supper
together without any mutual embarrassment.
Afterwards, he went out to a neighbouring farm to see if he could
hire a pony-trap for the following day, and although Miss Susan was
painfully nervous about her sister, she was secretly delighted with a
sense of freedom and adventure, and slept soundly in the middle of
a high feather-bed—in a big four-poster—into which it was
necessary to ascend by steps.
Owing to vexatious delays in securing a trap, driver, and harness, it
was tea-time the next afternoon when Miss Susan drove sedately up
to the hall door at the Manor.
Miss Parrett was prostrate, and in the hands of the doctor! The
telegram, dispatched at an early hour from the nearest office to
Moppington, was—on a principle that occasionally prevails in out-of-
the-way places—delivered hours after Miss Susan had set the minds
of her little world at rest! There had been an exciting rumour in the
village—emanating from the Drum—that “Miss Susan had eloped
with the good-looking shover,” at any rate no one could deny that
they had gone to Hillminster the day before, had probably been
married at the registry office, and subsequently fled! The Drum was
crowded with impassioned talkers, Mrs. Hogben was besieged, and
the whole of Ottinge was pervaded by a general air of pleasurable
anticipation. One fact was certain, that, up till three o’clock of this,
the following afternoon, neither of the runaways had returned!
However, just as it had gone four, here was Miss Susan—bringing to
some a distinct feeling of disappointment—seated erect in a little
basket carriage, drawn by an immense cart-horse, driven at a foot
pace by a boy; and a couple of hours later she was followed by the
motor, this time on a lorry, and, undoubtedly, also, on what is called
“its last legs.”
When everything had been exhaustively explained to Miss Parrett,
she, having solemnly inspected the remains of her beautiful green
car and heard what its repairs were likely to cost, heard also the
price which she would be offered for it—fifteen pounds—broke into a
furious passion and declared, with much vehemence and in her
shrillest pipe, that never, never more would she again own a motor!
And, since the motor had ceased to be required, there was no further
use for a chauffeur, and once more Owen Wynyard was looking for a
situation.
 CHAPTER XXVIII
A NEW SITUATION

The venerable green motor, whose value by an expert had been so

brutally assessed, was not considered worth repair, yet Miss Bella
Parrett could not endure to part with a possession which had cost
five hundred pounds, for fifteen sovereigns; so it was thrust into a
coach-house, shut in the dark with cobwebs and rats, and
abandoned to its fate.
Miss Susan, who enjoyed motoring and liked the chauffeur, was
exceedingly anxious that Bella should purchase another car, but of
course she was powerless, being next to penniless herself; indeed,
at the outside, her income amounted to one hundred a year—less
income tax. The mere word motor seemed now to operate upon her
wealthy sister as a red rag to a bull; for the loss of five hundred
pounds rankled in her heart like a poisoned arrow.
The old lady had decided for a brougham, a middle-aged driver, and
a steady horse. (It may here be added that the animal, which was
coal-black and had a flowing tail, came out of the stables of an
undertaker, and was as sedate and slow as any funeral procession
could desire.)
As for Wynyard, his fate was sealed! A chauffeur without a car is as
a swan upon a turnpike road. He had had visions of proposing
himself as coachman—for he did not wish to leave the village, and
the vicinity of Aurea Morven—but Miss Parrett had other plans. In
her opinion Owen, the chauffeur, was too good-looking to remain
about the place—on account of the maids—and indeed her sister
Susan treated him with most shocking familiarity, and spoke to him
almost as if he were her equal. Her quick little eyes had also noticed
in church that, during her brother-in-law’s most eloquent sermon, the
chauffeur’s attention was concentrated upon her niece Aurea; and
so, without any preamble, she called him into the library and handed
him his pay, a month in advance, promised a first-rate reference, and
waved him from her presence.
And Wynyard’s occupation was gone! There would be no more
expeditions in the ramshackle old motor, no more potting of
geraniums for Miss Susan, no more clipping of hedges, or singing in
the choir. He must depart.
Departures, to be effective, should be abrupt; possibly Wynyard was
unconscious of this, but the following day he left for London; his
yellow tin box went over in a cart to Catsfield, whilst he walked to the
station across the fields by the same road as he had come. His
absence caused an unexpected blank in the little community; the
Hogbens regretted him sorely, he was such a cheery inmate, and
gave no trouble. His absence was deplored at the Drum; the village
dogs looked for him in vain; his voice was missed in the choir; other
people missed him who shall be nameless; and Joss howled for a
week.
Wynyard had written to his sister to inform her that, owing to the
breakdown of the dilapidated old car, he was once more out of a job,
and found, in reply, that she was on the eve of sailing for America.
He went round to see her in Mount Street, two days before she
started.
“You are looking remarkably fit, Owen,” she said, “and the Parretts
can’t say too much for you; indeed, in Susan’s letter I observe a tone
of actual distress! Six months of the time have passed. I suppose
you have saved a little money?”
“I have twenty pounds in the bank, and a couple of sovereigns to go
on with. Of course I must look out for another billet at once.”
“And on this occasion you will take with you a really well-earned
character. You have no debts and no matrimonial entanglements—
eh? What about Miss Morven?”
“I’ve never laid eyes on her since I saw you.”
“How is that?”
“She’s been in London.”
“And now you are here—ah!”
“I didn’t follow her, as you seem to suppose. I wasn’t likely to get
another billet in Ottinge, and anyway, I was a bit tired of having Miss
Parrett’s heel on my neck.”
“Tired of ‘ordering yourself humbly and lowly to all your betters,’ poor
boy! But to return to the young lady; are you still thinking of her?”
Was he not always thinking of her? But he merely nodded.
“You haven’t written?”
“No; I’m not such a sweep as all that!”
“But, Owen, didn’t you wring a sort of half promise from the
unfortunate girl? I know it was only ‘perhaps,’ but château qui parle
—femme qui écoute.”
“I think it will be all right.”
“And that her ‘perhaps’ is as good as another’s solemn vow! I must
say you show extraordinary confidence in yourself and in her, and
yet you scarcely know one another.”
“No, not in the usual dancing, dining-out, race-going style; I give in to
that, or, indeed, in the ordinary way at all. She only saw me driving or
washing the motor, or doing a bit of gardening.”
“And you think you were so admirable in these occupations that you
captured her heart! Owen, I’m seeing you in quite a new light, and I
think you are deceiving yourself. I expect the young woman has
forgotten you by this time. London has—attractions.”
“Time will tell; anyhow, she’s refused the great Bertie Woolcock.”
“No!” incredulously, “who told you? When did you hear it?”
“It was all over Ottinge a week ago, and I heard it at the Drum. I was
also given to understand that Miss Parrett was fit to be tied!”
“If she had an inkling of her late chauffeur’s pretensions, a strait
waistcoat would hardly meet the occasion. How I wish we could take
you with us to America; but it’s not in the bond. Martin has a great
deal of capital invested out there; he is not very strong, and after we
have put all his business through, we are going to spend the winter
in Florida. We shall not be back before April, and then I will keep my
promise. I am so sorry, dear old boy, that I shall be out of the country
while you are ‘dreeing your weird’ and not able to help you; but of
course Uncle Dick’s great object is for you to learn absolute
independence. I will give you my permanent address and a code-
book, and if anything happens for good or bad, you must cable. We
have let this house for six months—to friends. We may as well have
it aired, and have the good rent! Every one lets now—even dukes
and duchesses! I wonder what your next billet will be? You had
better advertise.”
“What shall I say?” he asked.
“Let me think.” After a moment she rose and went to her writing-
table, scribbled for a few moments, and brought him the following:
‘As chauffeur, smart young man, experienced, aged 26, steady, well
recommended, wants situation. Apply—— Office of this paper.’ “Just
send this to the Car, the Morning Post, the Field, Country Life; it will
cost you altogether about twenty-five shillings, and I’ll pay for it.”
“No, no, Sis,” he protested, “that’s not in the bond. And, as it is, you
are keeping up my club subscription.”
“Pooh!” she exclaimed, “what’s that? I hope this time you will get into
a nice rich family who have a good car, and that you will be able to
have a little more variety than in your last place, and no young
ladies. You will be sure and write to me every week?”
At this moment the door opened and Sir Martin Kesters entered, and
paused in the doorway.
“Hullo, Owen, glad to see you,” holding out his hand; “so you are
back?”
“Only temporarily—for a day or two.”
“You’ve done six months, and the worst is over.”
“Well, I hope so; but one never can tell.”
“Upon my word, I don’t know how you stood it. Leila described the
place. I’m not a gay young fellow of six-and-twenty, and a week
would have seen me out of it; but six months——” and he gazed at
him in blank astonishment.
“Oh, well,” apologetically, “I’ve learnt all sorts of things. I’m quite a
fair gardener, and can clip a hedge too; I know how to physic dogs,
and fasten up the back of a blouse.”
“Owen!” exclaimed his sister, “I am present!”
“It was only Mrs. Hogben; she had no woman in the house, and
Tom’s hands were generally dirty, and she said she looked upon me
as her other son. She is a rare good old soul, and I’d do more for her
than that.”
“You must feel as if you’d been underground, and come up for a
breather,” said his brother-in-law.
“My breather must be short; but I’m not going to take any situation
with ladies.”
“Why so proud and particular? They won’t all be Miss Parretts!”
“Oh, you women are so irregular, unpunctual, and undecided—yes,
and nervous. Even Miss Susan clawed me by the arm when we took
a sharp turn.”
“I hope the next year will fly,” said Sir Martin; “I tried my hand on your
uncle, you know—did Leila tell you? I have got him to make it
eighteen months hard labour—and eighteen months it is.”
“No! I say—that is splendid news! How awfully good of you!”
“I fancy he’s a little bit indulgent now; he finds that you can stick it,
and have brought such a magnificent character.”
“Profound regrets,” supplemented Leila, “if not tears. Ah, here is
dinner! I don’t suppose you’ve dined since you were here in April;
come along, Owen, we are quite alone, and let us drink your health.”
Two days later Wynyard saw his sister and her husband off from
Euston by the White Star Express, and felt that his holiday—his
breathing time, was over. He must get into harness at once. His one
hope, as he wandered about the streets, was that he might catch
sight of Aurea. By all accounts, she was staying in Eaton Place;
more than once he walked over there, and strolled up and down on
the opposite side, and gazed at No. 303 as if he would see through
the walls. But it was no use—telepathy sometimes fails; Aurea never
appeared, and, had she done so—though he was not aware of the
sad fact—she would not have vouchsafed the smallest notice of her
aunts’ former employé.
The daily post brought several replies to Owen’s advertisements.
When he had looked through and sorted them, he found that, after
all, the most tempting was from a woman—a certain Mrs. Cavendish
Foote, whose address was Rockingham Mansions, S.W.
The lady announced that she required a really smart, experienced
chauffeur for town—she had a new Renault car; he would have to
live out, and she offered him four guineas a week, and to find himself
in clothes and minor repairs. She wrote from Manchester. He replied,
forwarding his references, and she engaged him by telegram, saying
she would be back in London the following day, when he was to
enter her service, and call to interview her.
It seemed to him that this was good enough! He would rather like a
job in town for a change—the more particularly as Aurea and her
father were staying with General Morven in Eaton Place, and now
and then he might obtain a glimpse of her! He glanced through the
other letters before finally making up his mind; one was from a
nobleman in the north of Scotland, who lived thirty miles from a
railway station. He thought of the bitter Scotch winters, and how he
would be cut off from all society but that of the servants’ hall; no, that
was no good. Another was from a lady who was going on tour to the
south of France and Italy. The terms she offered were low, and she
preferred as chauffeur, a married man. There were several others,
but on the whole the situation in London seemed to be the best. He
debated as to whether he should put on his chauffeur clothes or not,
but decided against it, and, hailing a taxi-cab, found himself at
Rockingham Mansions in ten minutes.
These were a fine set of flats, with carpeted stairs, imposing hall,
and gorgeously liveried attendants. He asked to be shown to Mrs.
Cavendish Foote’s address. It was No. 20 on the third floor. The door
was opened by a smart maid with a very small cap, an immensely
frizzled head, and sallow cheeks.
“To see Mrs. Cavendish Foote on business?” she repeated, and
ushered him into the tiny hall, which was decorated with a curious
assortment of pictures, stuffed heads, arms, and looking-glasses.
“Oh, bring him in here,” commanded a shrill treble voice, and
Wynyard found himself entering a large sitting-room, where he was
saluted by an overwhelming perfume of scent, and the angry barking
of a tiny black Pom. with a pink bow in his hair.
The apartment had been recently decorated; the prevailing colours
were white and pink—white walls, into which large mirrors had been
introduced—pink curtains, pink carpets, pink and white chintz. Two
or three half-dead bouquets stood in vases, an opera cloak and a
feather boa encumbered one chair, a motor coat another, several
papers and letters were strewn upon the floor, and on a long lounge
under the windows, a lady—white and pink to match her room—lay
extended at full length, her shapely legs crossed, and a cigarette in
her mouth. She wore a loose pink negligé—the wide sleeves
exhibiting her arms bare to the shoulder.
“Hullo!” she exclaimed, when she caught sight of Wynyard, as he
emerged from behind the screen.
“Mrs. Cavendish Foote, I presume?” he inquired.
“Right-o!” she answered, suddenly assuming a sitting posture; “and
who may you be?”
“I’ve come about the situation as chauffeur.”
“The chauffeur!” she screamed. “Good Lord! why, I’m blessed if you
ain’t a toff!”
“Is that a drawback?” he asked gravely.
“Well, no—I suppose, rather an advantage! I thought you were my
manager, or I wouldn’t have let you in,” and she pulled down her
sleeves, and threw the stump of her cigarette into the fireplace. “You
see, though I’m Mrs. Cavendish Foote, my professional name is
Tottie Toye. I dare say, you have seen me on the boards?”
“Yes, I have had the pleasure,” he answered politely.
“Oh my!” she ejaculated. “Well, anyhow, you’ve got pretty manners.
Can you drive?”
“Yes.”
“I mean in London traffic. I don’t want to get smashed up, you know;
if I break a leg, where am I? How long were you in your last place?”
“Six months.”
“And your reason for leaving?”
“They gave up keeping a motor.”
“Idiots!” she exclaimed. “I couldn’t live without mine! Your job will be
to take me to the shop, and fetch me back at night, and to run me
about London in the daytime, and out into the country on Sundays—
home on Monday night. Do you think you can manage all that?”
“I think so.”
“The car is in the garage close to this. I dare say you would like to
take her out for a run and try her? I shall want you this evening at
seven o’clock.”
“Very well,” he agreed.
“I suppose you’re one of these gentlemen that have come down in
the world, and, of course, a chauffeur has a ripping good time. I like
your looks. By the way, what’s your name?”
“Owen.”
“And I suspect you are at this game, because you are owing money
—eh?” and she burst into a shriek of laughter at her own joke. “Well,
life has its ups and downs! If it was all just flat, I should be bored stiff.
I’ve had some queer old turns myself.”
At this moment the door opened, and a stout, prosperous-looking
gentleman made his appearance—red-faced, blue-chinned,
wonderfully got up, with shining hair, and shining boots.
“Hullo, Tottie!” he exclaimed; “who have we got here?” glancing
suspiciously at Owen. “A new Johnny—eh—you naughty girl?”
“No, no, dear old man,” she protested; “and do you know, that you
are twenty minutes late? so I have given him your precious time.
This”—waving her hand at Owen—“is Mr. Cloake, my manager. Mr.
Cloake, let me present you to my new chauffeur.”