PDF Principles of Computer Security Comptia Security and Beyond Conklin Ebook Full Chapter

Principles of Computer Security:
CompTIA Security+ and Beyond

Conklin
Visit to download the full and correct content document:
https://textbookfull.com/product/principles-of-computer-security-comptia-security-and-
beyond-conklin/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
CompTIA Security+ All-in-One Exam Guide (Exam SY0-501)

Wm. Arthur Conklin
https://textbookfull.com/product/comptia-security-all-in-one-
exam-guide-exam-sy0-501-wm-arthur-conklin/
CompTIA security all in one exam guide Exam SY0 501

Fifth Edition Conklin
exam-guide-exam-sy0-501-fifth-edition-conklin/
Computer Security: Principles and Practice 4th Edition

William Stallings
https://textbookfull.com/product/computer-security-principles-
and-practice-4th-edition-william-stallings/
Comptia Security Guide to Network Security Fundamentals

Mark Ciampa
https://textbookfull.com/product/comptia-security-guide-to-
network-security-fundamentals-mark-ciampa/
CompTIA Security 3rd Edition Anonymous
https://textbookfull.com/product/comptia-security-3rd-edition-
anonymous/
CompTIA Security All in One Exam Guide Sixth Edition

Exam SY0 601 Wm Arthur Conklin Greg White Dwayne
Williams Roger Davis Chuck Cothren
exam-guide-sixth-edition-exam-sy0-601-wm-arthur-conklin-greg-
white-dwayne-williams-roger-davis-chuck-cothren/
Principles of Security and Trust Lujo Bauer
https://textbookfull.com/product/principles-of-security-and-
trust-lujo-bauer/
Computer Security Javier Lopez
https://textbookfull.com/product/computer-security-javier-lopez/
Principles of Information Security 6th Edition Whitman
https://textbookfull.com/product/principles-of-information-
security-6th-edition-whitman/
Color profile: Disabled
BaseTech
Composite Default screen / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
A Objectives Map:
CompTIA Security+
Topic Chapter(s)
1.0 Systems Security
1.1 Differentiate among various systems security threats.
Privilege escalation 15
Virus 15, 16
Worm 15, 16
Trojan 15, 16
Spyware 15, 16
Spam 15, 16
Adware 15, 16
Rootkits 15
Botnets 15
Logic bomb 15
1.2 Explain the security risks pertaining to system hardware and peripherals.
BIOS 10
USB devices 10
Cell phones 10
Removable storage 10
Network attached storage 10
1.3 Implement OS hardening practices and procedures to achieve workstation and server security.
Hotfixes 10, 14
Service packs 10, 14
Patches 10, 14
Patch management 10, 14
Group policies 14
Security templates 14
Configuration baselines 14
1.4 Carry out the appropriate procedures to establish application security.
ActiveX 17
Java 17
Scripting 17
Browser 17
Buffer overflows 17, 18
640
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
Cookies 17
SMTP open relays 17, 18
Instant messaging 16, 17
P2P 17
Input validation 17, 18
Cross-site scripting (XSS) 17
1.5 Implement security applications.
HIDS 13
Personal software firewalls 10, 13
Antivirus 10, 13
Anti-spam 10, 13
Popup blockers 10, 13
1.6 Explain the purpose and application of virtualization technology.
10
2.0 Network Infrastructure
2.1 Differentiate between the different ports & protocols, their respective threats and mitigation techniques.
Antiquated protocols 11
TCP/IP hijacking 11, 15
Null sessions 15
Spoofing 15
Man-in-the-middle 15
Replay 15
DOS 15
DDOS 15
Domain Name Kiting 15
DNS poisoning 15
ARP poisoning 15
2.2 Distinguish between network design elements and components.
DMZ 9
VLAN 9
NAT 9
Network interconnections 9
NAC 10
Subnetting 9
Telephony 3, 10
2.3 Determine the appropriate use of network security tools to facilitate network security.
NIDS 10, 13
NIPS 10, 13
Firewalls 10, 13
641
Appendix A: Objectives Map: CompTIA Security+
Topic Chapter(s)
Proxy servers 10, 13
Honeypot 10, 13
Internet content filters 13
Protocol analyzers 10, 13
2.4 Apply the appropriate network tools to facilitate network security.
NIDS 10, 13
Firewalls 10, 13
Proxy servers 10, 13
Internet content filters 13
Protocol analyzers 10, 13
2.5 Explain the vulnerabilities and mitigations associated with network devices.
Privilege escalation 10
Weak passwords 10
Back doors 10
Default accounts 10
DOS 10
2.6 Explain the vulnerabilities and mitigations associated with various transmission media.
Vampire taps 10
2.7 Explain the vulnerabilities and implement mitigations associated with wireless networking.
Data emanation 3, 12
War driving 12
SSID broadcast 12
Blue jacking 12
Bluesnarfing 12
Rogue access points 12
Weak encryption 12
3.0 Access Control
3.1 Identify and apply industry best practices for access control methods.
Implicit deny 1
Least privilege 1, 18, 19
Separation of duties 1, 19
Job rotation 1
3.2 Explain common access control models and the differences between each.
MAC 1, 11, 22
DAC 1, 11, 22
Role & Rule based access control 1, 11, 22
3.3 Organize users and computers into appropriate security groups and roles while distinguishing between appropriate
rights and privileges.
2, 11, 22
642
Principles of Computer Security: CompTIA Security+ and Beyond
Topic Chapter(s)
3.4 Apply appropriate security controls to file and print resources.
2, 22
3.5 Compare and implement logical access control methods.
ACL 2, 11, 22
Group policies 2, 11, 22
Password policy 2, 4, 22
Domain password policy 2, 11, 22
User names and passwords 2, 4, 22
Time of day restrictions 2, 22
Account expiration 2, 4, 22
Logical tokens 2, 11, 22
3.6 Summarize the various authentication models and identify the components of each.
One, two and three-factor authentication 11
Single sign-on 11, 22
3.7 Deploy various authentication models and identify the components of each.
Biometric reader 3, 11
RADIUS 11
RAS 11
LDAP 11
Remote access policies 11
Remote authentication 11
VPN 11
Kerberos 11
CHAP 11
PAP 11
Mutual 11
802.1x 11
TACACS 11
3.8 Explain the difference between identification and authentication (identity proofing).
11
3.9 Explain and apply physical access security methods.
Physical access logs/lists 8
Hardware locks 8
Physical access control – ID badges 8
Door access systems 8
Man-trap 8
Physical tokens 8
Video surveillance – camera types and positioning 8
4.0 Assessments & Audits
4.1 Conduct risk assessments and implement risk mitigation.
14
643
Topic Chapter(s)
4.2 Carry out vulnerability assessments using common tools.
Port scanners 14
Vulnerability scanners 14
Protocol analyzers 14
OVAL 17
Password crackers 15
Network mappers 14
4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability
scanning.
14
4.4 Use monitoring tools on systems and networks and detect security-related anomalies.
Performance monitor 14
Systems monitor 14
Performance baseline 14
Protocol analyzers 14
4.5 Compare and contrast various types of monitoring methodologies.
Behavior-based 13
Signature-based 13
Anomaly-based 13
4.6 Execute proper logging procedures and evaluate the results.
Security application 14
DNS 14
System 14
Performance 14
Access 14
Firewall 13
Antivirus 14
4.7 Conduct periodic audits of system security settings.
User access and rights review 2, 19
Storage and retention policies 19
Group policies 19
5.0 Cryptography
5.1 Explain general cryptography concepts.
Key management 5, 6, 7
Steganography 5
Symmetric key 5
Asymmetric key 5
Confidentiality 5
Integrity and availability 5
644
Topic Chapter(s)
Non-repudiation 5
Comparative strength of algorithms 5
Digital signatures 5
Whole disk encryption 5
Trusted Platform Module (TPM) 5
Single vs. Dual sided certificates 5, 6
Use of proven technologies 5
5.2 Explain basic hashing concepts and map various algorithms to appropriate applications.
SHA 5, 23
MD5 5, 23
LANMAN 5
NTLM 5
5.3 Explain basic encryption concepts and map various algorithms to appropriate applications.
DES 5
3DES 5
RSA 5
PGP 5
Elliptic curve 5
AES 5
AES256 5
One time pad 5
Transmission encryption (WEP TKIP, etc.) 5, 7
5.4 Explain and implement protocols.
SSL/TLS 5,
S/MIME 5, 7, 16
PPTP 5, 7, 11
HTTP vs. HTTPS vs. SHTTP 5, 7
L2TP 5, 11
IPSEC 5, 7, 11
SSH 5, 11
5.5 Explain core concepts of public key cryptography.
Public Key Infrastructure (PKI) 6, 16
Recovery agent 6
Public key 6
Private keys 6
Certificate Authority (CA) 6
Registration 6
Key escrow 6
Certificate Revocation List (CRL) 6
Trust models 6
645
Topic Chapter(s)
5.6 Implement PKI and certificate management.
Public Key Infrastructure (PKI) 6, 16
Recovery agent 6
Public key 6
Private keys 6
Certificate Authority (CA) 6
Registration 6
Key escrow 6
Certificate Revocation List (CRL) 6
6.0 Organizational Security
6.1 Explain redundancy planning and its components.
Hot site 19
Cold site 19
Warm site 19
Backup generator 19
Single point of failure 19
RAID 19
Spare parts 19
Redundant servers 19
Redundant ISP 19
UPS 19
Redundant connections 19
6.2 Implement disaster recovery procedures.
Planning 19
Disaster recovery exercises 19
Backup techniques and practices – storage 19
Schemes 19
Restoration 19
6.3 Differentiate between and execute appropriate incident response procedures.
Forensics 19, 23
Chain of custody 19, 23
First responders 19, 23
Damage and loss control 19, 23
Reporting – disclosure of 19, 23
6.4 Identify and explain applicable legislation and organizational policies.
Secure disposal of computers 2
Acceptable use policies 2, 19
Password complexity 2, 4
Change management 2, 19
Classification of information 2, 19
646
Topic Chapter(s)
Mandatory vacations 2, 4, 19
Personally Identifiable Information (PII) 2, 25
Due care 2, 19
Due diligence 2, 19
Due process 2, 19
SLA 2, 19
Security-related HR policy 2, 4
User education and awareness training 2, 4
6.5 Explain the importance of environmental controls.
Fire suppression 3, 8
HVAC 3, 8
Shielding 3, 8
6.6 Explain the concept of and how to reduce the risks of social engineering.
Phishing 2, 4
Hoaxes 2, 4
Shoulder surfing 2, 4
Dumpster diving 2, 4
User education and awareness training 2, 4
647
B About the CD
T he CD-ROM included with this book comes complete with MasterExam, the electronic version of the book, and
Session #1 of LearnKey’s online training. The software is easy to install on any Windows 2000/XP/Vista computer
and must be installed to access the MasterExam feature. You may, however, browse the electronic book directly from the
CD without installing the software. To register for LearnKey’s online training or the bonus MasterExam, simply click the
Bonus MasterExam link on the main launch page and follow the directions to the free online registration.
System Requirements
Software requires Windows 2000 or higher and Internet Explorer 6.0 or above and 20MB of hard disk space for full
installation. The electronic book requires Adobe Reader. To access the online training from LearnKey, you must
have Windows Media Player 9 or higher and Adobe Flash Player 9 or higher.
■ LearnKey Online Training

Clicking the LearnKey Online Training link will allow you to access online training from Osborne.OnlineExpert.com.
The first session of this course is provided at no charge. Additional session for this course and other courses may be
purchased directly from www.LearnKey.com or by calling 800-865-0165.
The first time that you click the LearnKey Online Training link, you will be required to complete a free online
registration. Follow the instructions for a first-time user. Please make sure to use a valid e-mail address.
■ Installing and Running MasterExam

If your computer CD-ROM drive is configured to autorun, the CD-ROM will automatically start up when you in-
sert the disc. From the opening screen, you may install MasterExam by clicking the MasterExam link. This will be-
gin the installation process and create a program group named LearnKey. To run MasterExam, select Start | All
Programs | LearnKey | MasterExam. If the autorun feature did not launch your CD, browse to the CD drive and
click the LaunchTraining.exe icon.
MasterExam
MasterExam provides you with a simulation of the actual exam. The number of questions, the type of questions,
and the time allowed are intended to be an accurate representation of the exam environment. You have the option
to take an open-book exam, including hints, references, and answers, a closed-book exam, or the timed
MasterExam simulation.
When you launch MasterExam, a digital clock display will appear in the bottom-right corner of your screen.
The clock will continue to count down to zero unless you choose to end the exam before the time expires.
648
P:\010Comp\BaseTech\375-8\AppB.vp
Thursday, November 12, 2009 3:21:25 PM
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter B
■ Electronic Book
The entire contents of the textbook are provided as a PDF. Adobe Reader
has been included on the CD.
■ Help
A help file is provided through the Help button on the main page in the
lower-left corner. Individual help features are also available through
MasterExam and LearnKey’s online training.
■ Removing Installation(s)
MasterExam is installed to your hard drive. For best results removing the
program, select the Start | All Programs | LearnKey | Uninstall option to
remove MasterExam.
■ Technical Support
For questions regarding the content of the electronic book or MasterExam,
please visit www.mhprofessional.com or e-mail customer.service@mcgraw-
hill.com. For customers outside the 50 United States, e-mail international_
cs@mcgraw-hill.com.
LearnKey Technical Support

For technical problems with the software (installation, operation, installa-
tion removal) and for questions regarding LearnKey online training con-
tent, please visit www.learnkey.com, e-mail techsupport@learnkey.com, or
call toll free 800-482-8244.
649
Appendix B: About the CD
P:\010Comp\BaseTech\375-8\AppB.vp
Thursday, November 12, 2009 3:21:26 PM
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
1 Introduction and
Security Trends
Security is mostly a superstition.
It does not exist in nature, nor
do the children of men as a whole
experience it. Avoiding danger is
no safer in the long run than
outright exposure. Life is either a
daring adventure or nothing.
—HELEN KELLER
In this chapter, you will learn

how to
■ List and discuss recent trends in
W hy should we be concerned about computer and network security? All
you have to do is turn on the television or read the newspaper to find
out about a variety of security problems that affect our nation and the world
computer security
today. The danger to computers and networks may seem to pale in comparison
■ Describe simple steps to take to
minimize the possibility of an to the threat of terrorist strikes, but in fact the average citizen is much more
attack on a system likely to be the target of an attack on their own personal computer, or a
■ Describe various types of threats computer they use at their place of work, than they are to be the direct victim of
that exist for computers and
networks a terrorist attack. This chapter will introduce you to a number of issues involved
■ Discuss recent computer crimes in securing your computers and networks from a variety of threats that may
that have been committed utilize any of a number of different attacks.
P:\010Comp\BaseTech\375-8\ch01.vp
Tuesday, November 17, 2009 2:54:22 PM
■ The Security Problem Tech Tip

Fifty years ago, few people had access to a computer system or network, so Historical Security
securing them was a relatively easy matter. If you could secure the building Computer security is an
that these early, very large systems were housed in, you could secure the ever-changing issue. Fifty years
data and information they stored and processed. Now, personal computers ago, computer security was
are ubiquitous and portable, making them much more difficult to secure mainly concerned with the physi-
physically, and are often connected to the Internet, putting the data they cal devices that made up the com-
puter. At the time, these were the
contain at much greater risk of attack or theft. Similarly, the typical com-
high-value items that organiza-
puter user today is not as technically sophisticated as the typical computer
tions could not afford to lose.
user 50 years ago. No longer are computers reserved for use by scientists Today, computer equipment is in-
and engineers; now, even children who are barely able to read can be taught expensive compared to the value
to boot a computer and gain access to their own favorite games or educa- of the data processed by the com-
tional software. puter. Now the high-value item is
Fifty years ago companies did not conduct business across the Internet. not the machine, but the informa-
Online banking and shopping were only dreams in science fiction stories. tion that it stores and processes.
Today, however, millions of people perform online transactions every day. This has fundamentally changed
Companies rely on the Internet to operate and conduct business. Vast the focus of computer security
amounts of money are transferred via networks, in the form of either bank from what it was in the early
transactions or simple credit card purchases. Wherever there are vast years. Today the data stored and
processed by computers is almost
amounts of money, there are those who will try to take advantage of the en-
always more valuable than the
vironment to conduct fraud or theft. There are many different ways to attack
hardware.
computers and networks to take advantage of what has made shopping,
banking, investment, and leisure pursuits a simple matter of “dragging and
clicking” for many people. Identity theft is so common today that most ev-
eryone knows somebody who’s been a victim of such a crime, if they haven’t
been a victim themselves. This is just one type of criminal activity that can be
conducted using the Internet. There are many others and all are on the rise.
Security Incidents
By examining some of the computer-related crimes that have been commit-
ted over the last 20 or so years, we can better understand the threats and se-
curity issues that surround our computer systems and networks. Electronic
crime can take a number of different forms but the ones we will examine
here fall into two basic categories: crimes in which the computer was the tar-
get, and incidents in which a computer was used to perpetrate the act (for
example, there are many different ways to conduct bank fraud, one of which
uses computers to access the records that banks process and maintain).
We will start our tour of computer crimes with the 1988 Internet worm
(Morris worm), one of the first real Internet crime cases. Prior to 1988 crimi-
nal activity was chiefly centered on unauthorized access to computer sys-
tems and networks owned by the telephone company and companies which
provided dial-up access for authorized users. Virus activity also existed
prior to 1988, having started in the early 1980s.
The Morris Worm (November 1988)

Robert Morris, then a graduate student at Cornell University, released what
has become known as the Internet worm (or the Morris worm). This was the
first large-scale attack on the Internet, though it appears doubtful that
1
Chapter 1: Introduction and Security Trends
Saturday, November 07, 2009 9:50:57 AM
Morris actually intended that his creation cause the impact that it did at the
time. The worm infected roughly 10 percent of the machines then connected
to the Internet (which amounted to approximately 6000 infected machines)
and caused an estimated $100 million in damage, though this number has
been the subject of wide debate. The worm carried no malicious payload,
the program being obviously a “work in progress,” but it did wreak havoc
because it continually reinfected computer systems until they could no lon-
ger run any programs. The worm took advantage of known vulnerabilities
in several programs to gain access to new hosts and then copied itself over.
Morris was eventually convicted under Title 10 United States Code Section
1030 for releasing the worm and was sentenced to three years’ probation, a
$10,000 fine, and 400 hours of community service.
Citibank and Vladimir Levin (June–October 1994)

Starting about June of 1994 and continuing until at least October of the
same year, a number of bank transfers were made by Vladimir Levin of
St. Petersburg, Russia. By the time he and his accomplices were caught, they
had transferred an estimated $10 million. Eventually all but about $400,000
was recovered. Levin reportedly accomplished the break-ins by dialing into
Citibank’s cash management system. This system allowed clients to initiate
their own fund transfers to other banks. An estimated $500 billion was
transferred daily during this period, so the amounts transferred by Levin
were very small in comparison to the overall total on any given day. To
avoid detection, he also conducted the transactions at night in Russia so that
they coincided with normal business hours in New York. Levin was ar-
rested in London in 1995 and, after fighting extradition for 30 months, even-
tually was turned over to U.S. authorities, was tried, and was sentenced to
three years in jail. Four accomplices of Levin plead guilty to conspiracy to
commit bank fraud and received lesser sentences.
Kevin Mitnick (February 1995)

Kevin Mitnick’s computer activities occurred over a number of years during
the 1980s and 1990s. He was arrested in February 1995 (not his first arrest on
computer criminal charges) for federal offenses related to what the FBI de-
scribed as a 2½-year computer hacking spree. He eventually pled guilty to
four counts of wire fraud, two counts of computer fraud, and one count of il-
legally intercepting a wire communication and was sentenced to 46 months
in jail. In the plea agreement, Mitnick admitted to having gained unautho-
rized access to a number of different computer systems belonging to compa-
nies such as Motorola, Novell, Fujitsu, and Sun Microsystems. He described
using a number of different “tools” and techniques, including social engi-
neering, sniffers, and cloned cellular telephones. Mitnick also admitted to
having used stolen accounts at the University of Southern California to store
proprietary software he had taken from various companies. He also admit-
ted to stealing e-mails and impersonating employees of targeted companies
in order to gain access to the software he was seeking.
Omega Engineering and Timothy Lloyd (July 1996)

On July 30, 1996, a software “time bomb” went off at Omega Engineering, a
New Jersey–based manufacturer of high-tech measurement and control
2
instruments. Twenty days earlier, Timothy Lloyd, a computer network pro-

gram designer, had been dismissed from the company after a period of
growing tension between Lloyd and management at Omega. The program
that ran on July 30 deleted all of the design and production programs for the
company, severely damaging the small firm and forcing the layoff of 80 em-
ployees. The program was eventually traced back to Lloyd, who had left it
in retaliation for his dismissal. In May of 2000, a federal judge sentenced
Lloyd to 41 months in prison and ordered him to pay more than $2 million
in restitution.
Worcester Airport and “Jester” (March 1997)

In March of 1997, airport services to the FAA control tower as well as the Tech Tip
emergency services at the Worcester Airport and the community of Rut- Intellectual Curiosity
land, Massachusetts, were cut off for a period of six hours. This disruption In the early days of computer
occurred as a result of a series of commands sent by a teenage computer crime, much of the criminal activ-
“hacker” who went by the name “Jester.” The individual had gained unau- ity centered on gaining unautho-
thorized access to the “loop carrier system” operated by NYNEX, a New rized access to computer systems.
England telephone company. Loop carrier systems are programmable re- In many early cases, the perpetra-
mote computer systems used to integrate voice and data communications. tor of the crime did not intend to
Jester was eventually caught and ordered to pay restitution to the telephone cause any damage to the com-
company, as well as complete 250 hours of community service. puter but was instead on a quest
of “intellectual curiosity”—
trying to learn more about com-
Solar Sunrise (February 1998) puters and networks. Today the
In January of 1998, relations between Iraq and the United States again took a ubiquitous nature of computers
turn for the worse and it appeared as if the United States might take military and networks has eliminated the
action against Iraq. During this period of increased tension and military perceived need for individuals to
preparation, a series of computer intrusions occurred at a number of U.S. break into computers to learn
military installations. At first the military thought that this might be the start more about them. While there are
still those who dabble in hacking
of an information warfare attack—a possibility the military had been dis-
for the intellectual challenge, it is
cussing since the early 1990s. Over 500 domain name servers were compro-
more common today for the intel-
mised during the course of the attacks. Making it harder to track the actual
lectual curiosity to be replaced by
origin of the attacks was the fact that the attackers made a number of “hops” malicious intent. Whatever the
between different systems, averaging eight different systems before arriv- reason, today it is considered un-
ing at the target. The attackers eventually turned out to be two teenagers acceptable (and illegal) to gain
from California and their mentor in Israel. The attacks, as it turned out, had unauthorized access to computer
nothing to do with the potential conflict in Iraq. systems and networks.
The Melissa Virus (March 1999)

Melissa is the best known of the early macro-type viruses that attach them-
selves to documents for programs that have limited macro programming capa-
bility. The virus, written and released by David Smith, infected about a million
computers and caused an estimated $80 million in damages. Melissa, which
clogged networks with the traffic it generated and caused problems for e-mail
servers worldwide, was attached to Microsoft Word 97 and Word 2000 docu-
ments. If the user opened the file, the macro ran, infecting the current host and
also sending itself to the first 50 addresses in the individual’s e-mail address
book. The e-mail sent contained a subject line stating “Important Message
From” and then included the name of the individual who was infected. The
body of the e-mail message contained the text “Here is that document you
asked for … don’t show anyone else ;-).” The nature of both the subject line and
3
the body of the message usually generated enough user curiosity that many
people opened the document and thus infected their system, which in turn sent
the same message to 50 of their acquaintances. As a final action, if the minute of
the current hour when the macro was run matched the day of the month, the
macro inserted “Twenty-two points, plus triple-word-score, plus fifty points
for using all my letters. Game’s over. I’m outta here.” into the current docu-
ment. Smith, who plead guilty, was ultimately fined $5000 and sentenced to
20 months in jail for the incident. Because the macro code is easy to modify,
there have been many variations of the Melissa virus. Recipients could avoid
infection by Melissa simply by not opening the attached file.
The Love Letter Virus (May 2000)

Also known as the “ILOVEYOU” worm and the “Love Bug,” the Love Let-
ter virus was written and released by a Philippine student named Onel de
Guzman. The virus was spread via e-mail with the subject line of
“ILOVEYOU.” Estimates of the number of infected machines worldwide
have been as high as 45 million, accompanied by a possible $10 billion in
damages (it should be noted that figures like these are extremely hard to
verify or calculate). Similar to the Melissa virus, the Love Letter virus spread
via an e-mail attachment, but in this case, instead of utilizing macros, the at-
tachments were VBScript programs. When the receiver ran the attachment,
it searched the system for files with specific extensions in order to replace
them with copies of itself. It also sent itself to everyone in the user’s address
book. Again, since the receiver generally knew the sender, most individuals
opened the attachment without questioning it. de Guzman ultimately was
not convicted for releasing the worm because the Philippines, at the time,
did not have any laws denoting the activity as a crime. Again, recipients
avoided infection from the virus simply by not opening the attachments.
The Code Red Worm (2001)

On July 19, 2001, over 350,000 computers connected to the Internet were in-
fected by the Code Red worm. This infection took only 14 hours to occur.
The cost estimate for how much damage the worm caused (including varia-
tions of the worm released on later dates) exceeded $2.5 billion. The vulner-
ability exploited by the Code Red worm had been known for a month. The
worm took advantage of a buffer-overflow condition in Microsoft’s IIS web
servers. Microsoft released a patch for this vulnerability and made an offi-
cial announcement of the problem on June 18, 2001. The worm itself was
“memory resident,” so simply turning off an infected machine eliminated it.
Unfortunately, unless the system was patched before being reconnected to
the Internet, chances were good that it would soon become reinfected.
Though the worm didn’t carry a malicious payload designed to destroy data
on the infected system, on some systems, the message “Hacked by Chinese”
was added to the top-level page for the infected host’s web site. If the date
on the infected system was between the 1st and the 19th of the month, the
worm would attempt to infect a random list of IP addresses it generated. If
the date was between the 20th and the 28th of the month, the worm stopped
trying to infect other systems and instead attempted to launch a denial-of-
service (DoS) attack against a web site owned by the White House. After the
28th, the worm would lay dormant until the 1st of the next month. This date
4
scheme actually ended up helping to eliminate the worm, because soon after
it was released on the 19th, the worm stopped trying to infect systems. This
provided a period of time when systems could be rebooted and patched be-
fore they were infected again.
Adil Yahya Zakaria Shakour (August 2001–May 2002)

On March 13, 2003, 19-year-old Adil Yahya Zakaria Shakour plead guilty to a
variety of crimes, including unauthorized access to computer systems and
credit card fraud. Shakour admitted to having accessed several computers
without authorization, including a server at Eglin Air Force Base (where he
defaced the web site), computers at Accenture (a Chicago-based management
consulting and technology services company), a computer system at Sandia
National Laboratories (a Department of Energy facility), and a computer at
Cheaptaxforms.com. Shakour admitted to having obtained credit card and
personal information during the break-in of Cheaptaxforms.com and having
used it to purchase items worth over $7000 for his own use. Shakour was sen-
tenced to one year and one day in federal prison and a three-year term of su-
pervised release, and was ordered to pay $88,000 in restitution.
The Slammer Worm (2003)

On Saturday, January 25, 2003, the Slammer worm (also sometimes referred
to as the Slammer virus) was released. It exploited a buffer-overflow vulnera-
bility in computers running Microsoft’s SQL Server or Microsoft SQL Server Tech Tip
Desktop Engine. Like the vulnerability in Code Red, this weakness was not
new and, in fact, had been discovered in July of 2002; Microsoft issued a patch Speed of Virus
for the vulnerability before it was even announced. Within the first 24 hours Proliferation
of Slammer’s release, the worm had infected at least 120,000 hosts and caused The speed at which the Slammer
network outages and the disruption of airline flights, elections, and ATMs. At virus spread served as a wakeup
call to security professionals. It
its peak, Slammer-infected hosts were generating a reported 1TB of worm-
drove home the point that the
related traffic every second. The worm doubled its number of infected hosts ev-
Internet could be adversely im-
ery 8 seconds. It is estimated that it took less than ten minutes to reach global
pacted in a matter of minutes.
proportions and infect 90 percent of the possible hosts it could infect. Once a This in turn caused a number of
machine was infected, the host would start randomly selecting targets and professionals to rethink how pre-
sending packets to them to attempt infection at a rate of 25,000 packets per pared they needed to be in order
second. Slammer did not contain a malicious payload. The problems it caused to respond to virus outbreaks in
were a result of the massively overloaded networks, which could not sustain the future. A good first step is to
the traffic being generated by the thousands of infected hosts. The worm sent apply patches to systems and soft-
its single packet to a specific UDP port, 1434, which provided an immediate ware as soon as possible. This will
fix to prevent further network access. Thus, the response of administrators often eliminate the vulnerabilities
was to quickly block all traffic to UDP port 1434, effectively curbing the that the worms and viruses are
designed to target.
spread of the worm to new machines.
U.S. Electric Power Grid (1997–2009)

In April 2009, Homeland Security Secretary Janet Napolitano told reporters
that the United States was aware of attempts by both Russia and China to break
into the U.S. electric power grid, map it out, and plant destructive programs
that could be activated at a later date. She indicated that these attacks were not
new and had in fact been going on for years. One article in the Kansas City Star,
for example, reported that in 1997 the local power company, Kansas City
5
Power and Light, saw perhaps

Try This 10,000 attacks for the entire year. In
Software Patches contrast, in 2009 the company has
been experiencing 10 to 20 attacks
One of the most effective measures security professionals can take to
every second. While none of these
address attacks on their computer systems and networks is to ensure
attacks is credited with causing any
that all software is up-to-date in terms of vendor-released patches.
significant loss of power, the attacks
Many of the outbreaks of viruses and worms would have been much
nonetheless highlight the fact that
less severe if everybody had applied security updates and patches
the nation’s critical infrastructures
when they were released. For the operating system that you use, use
are viewed as potential targets by
your favorite web browser to find what patches exist for the operating
other nations. In the event of some
system and what vulnerabilities or issues they were created to address.
future conflict, the United States
could expect to experience a cyber
attack on the cyber infrastructures
that operate its critical systems.
Conficker (2008–2009)
In late 2008 and early 2009, security experts became alarmed when it was
discovered that millions of systems attached to the Internet were infected
with the Downadup worm. Also known as Conficker, the worm was first
detected in November 2008 and was believed to have originated in Ukraine.
Infected systems were not initially damaged beyond having their antivirus
solution updates blocked. What alarmed experts was the fact that infected
systems could be used in a secondary attack on other systems or networks.
Each of these infected systems was part of what is known as a bot network
and could be used to cause a DoS attack on a target or be used for the for-
warding of spam e-mail to millions of users. It was widely believed that this
network of subverted systems would be activated on April 1, 2009, and
would result in the widespread loss of data and system connectivity. As it
turned out, very little damage was done on that date, though millions of dol-
lars were spent in responding to the millions of infected systems.
Fiber Cable Cut (2009)

On April 9, 2009, a widespread phone and Internet outage hit the San Jose
area in California. This outage was not the result of a group of determined
hackers gaining unauthorized access to the computers that operate these
networks, but instead occurred as a result of several cuts in the physical ca-
bles that carry the signals. A cable being cut is not an unusual occurrence;
backhoes have been responsible for many temporary interruptions in tele-
phone service in the past decade. What was unusual, and significant, about
this incident was that the cuts were deliberate. A manhole cover had been
removed to allow the attacker(s) to gain access to the cables underground.
The cuts resulted in a loss of all telephone, cell phone, and Internet service
for thousands of users in the San Jose area. Emergency services such as 911
were also affected, which could have had severe consequences. What is im-
portant to take away from this incident is the fact that the infrastructures
that our communities, states, and the nation rely on can also be easily at-
tacked using fairly simple physical techniques and without a lot of technical
expertise.
6
Threats to Security
The incidents described in the previous section provide a glimpse into the
many different threats that face administrators as they attempt to protect
their computer systems and networks. There are, of course, the normal natu-
ral disasters that organizations have faced for years. In today’s highly net-
worked world, however, new threats have developed that we did not have
to worry about 50 years ago.
There are a number of ways that we can break down the various threats.
One way to categorize them is to separate threats that come from outside of
the organization from those that are internal. Another is to look at the vari-
ous levels of sophistication of the attacks, from those by “script kiddies” to
those by “elite hackers.” A third is to examine the level of organization of the
various threats, from unstructured threats to highly structured threats. All
of these are valid approaches, and they in fact overlap each other. The fol-
lowing sections examine threats from the perspective of where the attack
comes from.
Viruses and Worms

While your organization may be exposed to viruses and worms as a result of
employees not following certain practices or procedures, generally you will
not have to worry about your employees writing or releasing viruses and
worms. It is important to draw a distinction between the writers of malware
and those who release them. Debates over the ethics of writing viruses per-
meate the industry, but currently, simply writing them is not considered a
criminal activity. A virus is like a baseball bat; the bat itself is not evil, but the
inappropriate use of the bat (such as to smash a car’s window) falls into the Tech Tip
category of criminal activity. (Some may argue that this is not a very good Malware
analogy since a baseball bat has a useful purpose—to play ball—but viruses Viruses and worms are just two
have no useful purpose. In general, this is true but in some limited environ- types of threats that fall under the
ments, such as in specialized computer science courses, the study and cre- general heading of malware. The
ation of viruses can be considered a useful learning experience.) term malware comes from “mali-
By far, viruses and worms are the most common problem that an organi- cious software,” which describes
zation faces because literally thousands of them have been created and re- the overall purpose of code that
leased. Fortunately, antivirus software and system patching can eliminate falls into this category of threat.
the largest portion of this threat. Viruses and worms generally are also non- Malware is software that has a ne-
farious purpose, designed to cause
discriminating threats; they are released on the Internet in a general fashion
problems to you as an individual
and aren’t targeted at a specific organization. They typically are also highly
(for example, identity theft) or
visible once released, so they aren’t the best tool to use in highly structured
your system. More information on
attacks where secrecy is vital. This is not to say that the technology used in the different types of malware is
virus and worm propagation won’t be used by highly organized criminal provided in Chapter 15.
groups, but its use for what these individuals are normally interested in ac-
complishing is limited. The same cannot be said for terrorist organizations,
which generally want to create a large impact and have it be highly visible.
Intruders
The act of deliberately accessing computer systems and networks without
authorization is generally referred to as hacking, with individuals who con-
duct this activity being referred to as hackers. The term hacking also applies
to the act of exceeding one’s authority in a system. This would include
7
authorized users who attempt to gain access to files they aren’t permitted to
access or who attempt to obtain permissions that they have not been
granted. While the act of breaking into computer systems and networks has
been glorified in the media and movies, the physical act does not live up to
the Hollywood hype. Intruders are, if nothing else, extremely patient, since
the process to gain access to a system takes persistence and dogged determi-
nation. The attacker will conduct many preattack activities in order to ob-
tain the information needed to determine which attack will most likely be
successful. Generally, by the time an attack is launched, the attacker will
have gathered enough information to be very confident that the attack will
succeed. If it doesn’t, the attacker will gather additional information and
take a different approach (though launching the first attack may alert secu-
rity personnel). Generally, attacks by an individual or even a small group of
attackers fall into the unstructured threat category. Attacks at this level gen-
erally are conducted over short periods of time (lasting at most a few
months), do not involve a large number of individuals, have little financial
backing, and are accomplished by insiders or outsiders who do not seek col-
lusion with insiders.
Intruders, or those who are attempting to conduct an intrusion, defi-
nitely come in many different varieties and have varying degrees of sophis-
tication (see Figure 1.1). At the low end technically are what are generally
referred to as script kiddies, individuals who do not have the technical exper-
tise to develop scripts or discover new vulnerabilities in software but who
have just enough understanding of computer systems to be able to down-
load and run scripts that others have developed. These individuals gener-
ally are not interested in attacking specific targets, but instead simply want
to find any organization that may not have patched a newly discovered vul-
nerability for which the script kiddie has located a script to
exploit the vulnerability. It is hard to estimate how many of
the individuals performing activities such as probing net-
works or scanning individual systems are part of this
group, but it is undoubtedly the fastest growing group and
the vast majority of the “unfriendly” activity occurring on
the Internet is probably carried out by these individuals.
At the next level are those people who are capable of
writing scripts to exploit known vulnerabilities. These indi-
viduals are much more technically competent than script
kiddies and account for an estimated 8 to 12 percent of ma-
licious Internet activity. At the top end of this spectrum are
those highly technical individuals, often referred to as elite
hackers, who not only have the ability to write scripts that
exploit vulnerabilities but also are capable of discovering
new vulnerabilities. This group is the smallest of the lot,
• Figure 1.1 Distribution of attacker skill levels however, and is responsible for, at most, only 1 to 2 percent
of intrusive activity.
Insiders
It is generally acknowledged by security professionals that insiders are
more dangerous in many respects than outside intruders. The reason for
this is simple—insiders have the access and knowledge necessary to cause
immediate damage to an organization. Most security is designed to protect
8
against outside intruders and thus lies at the boundary between the organi-
zation and the rest of the world. Insiders may actually already have all the Tech Tip
access they need to perpetrate criminal activity such as fraud. In addition to The Inside Threat
unprecedented access, insiders also frequently have knowledge of the secu- One of the hardest threats that se-
rity systems in place and are better able to avoid detection. Attacks by insid- curity professionals will have to
ers are often the result of employees who have become disgruntled with address is that of the insider.
their organization and are looking for ways to disrupt operations. It is also Since employees already have ac-
possible that an “attack” by an insider may be an accident and not intended cess to the organization and its
as an attack at all. An example of this might be an employee who deletes a assets, additional mechanisms
critical file without understanding its critical nature. need to be in place to detect at-
Employees are not the only insiders that organizations need to be con- tacks by insiders and to lessen the
cerned about. Often, numerous other individuals have physical access to ability of these attacks to succeed.
company facilities. Custodial crews frequently have unescorted access
throughout the facility, often when nobody else is around. Other individu-
als, such as contractors or partners, may have not only physical access to the
organization’s facilities but also access to computer systems and networks.
Criminal Organizations
As businesses became increasingly reliant upon computer systems and net-
works, and as the amount of financial transactions conducted via the
Internet increased, it was inevitable that criminal organizations would
eventually turn to the electronic world as a new target to exploit. Criminal
activity on the Internet at its most basic is no different from criminal activity
in the physical world. Fraud, extortion, theft, embezzlement, and forgery all
take place in the electronic environment.
One difference between criminal groups and the “average” hacker is the
level of organization that criminal elements employ in their attack. Criminal
groups typically have more money to spend on accomplishing the criminal
activity and are willing to spend extra time accomplishing the task provided
the level of reward at the conclusion is great enough. With the tremendous
amount of money that is exchanged via the Internet on a daily basis, the
level of reward for a successful attack is high enough to interest criminal ele-
ments. Attacks by criminal organizations usually fall into the structured
threat category, which is characterized by a greater amount of planning, a
longer period of time to conduct the activity, more financial backing to ac-
complish it, and possibly corruption of, or collusion with, insiders.
Terrorists and Information Warfare

As nations have increasingly become dependent on computer systems and
networks, the possibility that these essential elements of society might be
targeted by organizations or nations determined to adversely affect another
nation has become a reality. Many nations today have developed to some
extent the capability to conduct information warfare. There are several defi-
nitions for information warfare, but a simple one is that it is warfare con-
ducted against the information and information processing equipment used
by an adversary. In practice, this is a much more complicated subject, be-
cause information not only may be the target of an adversary, but also may
be used as a weapon. Whatever definition you use, information warfare falls
into the highly structured threat category. This type of threat is characterized
by a much longer period of preparation (years is not uncommon),
9
tremendous financial backing, and a large and organized group of attackers.

The threat may include attempts not only to subvert insiders but also to
plant individuals inside of a potential target in advance of a planned attack.
An interesting aspect of information warfare is the list of possible targets
Tech Tip available. We have grown accustomed to the idea that, during war, military
forces will target opposing military forces but will generally attempt to de-
Information Warfare stroy as little civilian infrastructure as possible. In information warfare, mil-
Once only the concern of govern- itary forces are certainly still a key target, but much has been written about
ments and the military, informa- other targets, such as the various infrastructures that a nation relies on for its
tion warfare today can involve daily existence. Water, electricity, oil and gas refineries and distribution,
many other individuals. With the
banking and finance, telecommunications—all fall into the category of
potential to attack the various
critical infrastructures for a nation. Critical infrastructures are those whose
civilian-controlled critical infra-
structures, security professionals
loss would have severe repercussions on the nation. With countries relying
in nongovernmental sectors today so heavily on these infrastructures, it is inevitable that they will be viewed as
must also be concerned about de- valid targets during conflict. Given how dependent these infrastructures are
fending their systems against at- on computer systems and networks, it is also inevitable that these same
tacks by agents of foreign computer systems and networks will be targeted for a cyber attack in an in-
governments. formation war.
Another interesting aspect of information warfare is the potential list of
attackers. As mentioned, several countries are currently capable of conduct-
ing this type of warfare. Nations, however, are not the only ones that can
conduct information, or cyber, warfare. Terrorist organizations can also ac-
complish this. Such groups fall into the category of highly structured threats
since they too are willing to conduct long-term operations, have (in some
cases) tremendous financial support, and often have a large following. Re-
ports out of Afghanistan related stories of soldiers and intelligence officers
finding laptop computers formerly owned by members of al-Qaeda that
contained information about various critical infrastructures in the United
States. This showed that terrorist organizations not only were targeting such
infrastructures, but were doing so at an unexpected level of sophistication.
Security Trends
The biggest change that has occurred in security over the last 30 years has
been the change in the computing environment from large mainframes to a
highly interconnected network of much smaller systems (smaller is a rela-
tive term here because the computing power of desktop computers exceeds
the power of many large mainframes of 30 years ago). What this has meant
for security is a switch from an environment in which everything was fairly
contained and people operated in a closed environment to one in which ac-
cess to a computer can occur from almost anywhere on the planet. This has,
for obvious reasons, greatly complicated the job of the security professional.
The type of individual who attacks a computer system or network has
also evolved over the last 30 years. There was, of course, the traditional in-
telligence service operator paid by a particular country to obtain secrets
from other government computer systems. These people still exist. What
has increased dramatically is the number of nonaffiliated intruders. As dis-
cussed earlier, the rise of the “script kiddie” has greatly multiplied the num-
ber of individuals who probe organizations looking for vulnerabilities to
exploit. This is actually the result of another recent trend: as the level of so-
phistication of attacks has increased, the level of knowledge necessary to
10
exploit vulnerabilities has decreased. This is due to the number of auto-

mated tools that have been created that allow even novice attackers to ex-
ploit highly technical and complex vulnerabilities. The resulting increase in
network attacks has been reflected in a number of different studies con-
ducted by various organizations in the industry.
One of the best-known security surveys is the joint survey conducted an-
nually by the Computer Security Institute (CSI) and the FBI (this survey, CSI
Computer Crime and Security Survey, can be obtained from www.gocsi.com).
The respondents, who normally number over 500 individuals, come from
all walks of life: government, academia, and industry. Over the last several
years, the percentage of organizations that have experienced security inci-
dents has slowly declined (from 46 percent in 2007 to 43 percent in 2008).
This decline has been seen in the most frequent type of incidents experi-
enced (viruses, insider abuse, laptop theft, and unauthorized access) which
have remained the same for the last four years. Only four types of attacks
showed any increase from 2007 to 2008 (unauthorized access, theft/loss of
proprietary information, misuse of web applications, and DNS attacks).
One of the most interesting and oft-repeated statistics from the survey is
the average loss experienced by organizations due to specific types of secu-
rity incidents. The average loss as a result of theft of proprietary informa-
tion, for example, hit a high of $6.57 million in 2002 but was only
$2.70 million in 2003 before rising to $6.03 million in 2006 and then dropping
again to $5.69 million in 2007. Financial fraud plunged from $4.63 million in
2002 to $328,000 in 2003 before rising to $2.56 million in 2006 and then sky-
rocketing to $21.12 million in 2007. While it is tempting to assume that this
means we, as a community, are becoming more secure (and there is indeed
some indication that organizations are doing a better job of securing their
systems), the reality is that these figures reflect the difficulty in quantifying
the actual state of Internet security and of producing accurate results. While
we all like to use figures such as those from the CSI/FBI survey, the truth of
the matter is that these numbers likely don’t accurately portray the state of
current security. They are, however, the most reliable ones we have.
■ Avenues of Attack
There are two general reasons a particular computer system is attacked: ei-
ther it is specifically targeted by the attacker, or it is an opportunistic target.
In the first case, the attacker has chosen the target not because of the hard-
ware or software the organization is running but for another reason, per-
haps a political reason. An example of this type of attack would be an
individual in one country attacking a government system in another. Alter-
natively, the attacker may be targeting the organization as part of a
hacktivist attack. An example, in this case, might be an attacker who defaces
the web site of a company that sells fur coats because the attacker feels that
using animals in this way is unethical. Perpetrating some sort of electronic
fraud is another reason a specific system might be targeted. Whatever the
reason, an attack of this nature is decided upon before the attacker knows
what hardware and software the organization has.
11
The second type of attack, an attack against a target of opportunity, is con-

ducted against a site that has software that is vulnerable to a specific exploit.
The attackers, in this case, are not targeting the organization; instead, they
have learned of a vulnerability and are simply looking for an organization
with this vulnerability that they can exploit. This is not to say that an attacker
might not be targeting a given sector and looking for a target of opportunity
in that sector, however. For example, an attacker may desire to obtain credit
card or other personal information and may search for any exploitable com-
pany with credit card information in order to carry out the attack.
Targeted attacks are more difficult and take more time than attacks on a
target of opportunity. The latter simply relies on the fact that with any piece of
widely distributed software, there will almost always be somebody who has
not patched the system (or has not patched it properly) as they should have.
The Steps in an Attack

The steps an attacker takes in attempting to penetrate a targeted network are
similar to the ones that a security consultant performing a penetration test
would take.
First, the attacker gathers as much information about the organization as
possible. There are numerous ways to do this, including studying the orga-
nization’s own web site, looking for postings on newsgroups, or consulting
resources such as the U.S. Securities and Exchange Commission’s (SEC)
EDGAR web site (www.sec.gov/edgar.shtml). A number of different finan-
cial reports are available through the EDGAR web site that can provide in-
formation about an organization that is useful for an attack—particularly a
social engineering attack. The type of information that the attacker wants in-
cludes IP addresses, phone numbers, names of individuals, and what net-
works the organization maintains. This step is known as “profiling” or
“reconnaissance.” Commands such as whois are useful in this step for ob-
taining information on IP blocks and DNS server addresses. An even more
common tool that is useful in gathering data is a traditional web search en-
gine such as Google.
Typically, the next step, which is the first step in the technical part of an
attack, is to determine what target systems are available and active. This
step moves us from profiling to actual scanning and is accomplished with
methods such as a ping sweep,
which simply sends a “ping” (an
Try This ICMP echo request) to the target
Security Tools machine. If the machine responds,
Numerous tools are available on the Internet to conduct the initial re- it is reachable. The next step is of-
connaissance activity described in this chapter. Examples include Nmap ten to perform a port scan. This
and superscan. Most security professionals recommend that security ad- will help identify which ports are
ministrators run these tools against their own systems in order to see open, thus giving an indication of
what attackers will see when they inevitably run the same, or similar, which services may be running on
tools against the network. Using your favorite search engine, see what the target machine. Determining
open source security tools you can find. Do the same for commercial se- the operating system (known as
curity tools. If you have access to a closed network that you can play OS fingerprinting) that is running
with, you may want to download some of the tools and try them to see on the target machine, as well as
how they work and what information they supply. specific application programs, fol-
lows, along with determining the
12
services that are available (which can be accomplished by banner grabbing).

Various techniques can be used to send specifically formatted packets to the
ports on a target system to view the response. Often this response provides
clues as to which operating system and specific applications are running on
the target system. Once this is done, the attacker would have a list of possible
target machines, the operating system running on them, and some specific
applications or services to target.
Up until this point, the attacker has simply been gathering the informa-
tion needed to discover potential vulnerabilities that may be exploited. Fur-
ther research is conducted to find possible vulnerabilities and once a list
of these is developed, the attacker is ready to take the next step: an actual at-
tack on the target. Knowing the operating system and services on the target
helps the attacker decide which tools to use in the attack.
Numerous web sites provide information on the vulnerabilities of spe-
cific application programs and operating systems. This information is valu-
able to administrators, since they need to know what problems exist and
how to patch them. In addition to information about specific vulnerabilities,
some sites may also provide tools that can be used to exploit the vulnerabili-
ties. An attacker can search for known vulnerabilities and tools that exploit
them, download the information and tools, and then use them against a site.
If the administrator for the targeted system has not installed the correct
patch, the attack may be successful; if the patch has been installed, the at-
tacker will move on to the next possible vulnerability. If the administrator
has installed all of the appropriate patches so that all known vulnerabilities
have been addressed, the attacker may have to resort to a brute-force attack,
which involves guessing a user ID and password combination. Unfortu-
nately, this type of attack, which could be easily prevented, sometimes
proves successful.
This discussion of the steps in an attack is by no means complete. There
are many different ways a system can be attacked. This, however, is the gen-
eral process: gathering as much information about the target as possible (us-
ing both electronic and nonelectronic means), gathering information about
possible exploits based on the information about the system, and then sys-
tematically attempting to use each exploit. If the exploits don’t work, other,
less system-specific attacks may be attempted.
Minimizing Possible Avenues of Attack

Understanding the steps an attacker will take enables you to limit the expo-
sure of your system and minimize those avenues an attacker might possibly
exploit.
The first step an administrator can take to reduce possible attacks is to
ensure that all patches for the operating system and applications are in-
stalled. Many security problems that we read about, such as viruses and
worms, exploit known vulnerabilities for which patches exist. The reason
such malware caused so much damage in the past was that administrators
did not take the appropriate actions to protect their systems.
The second step an administrator can take is system hardening, which
involves limiting the services that are running on the system. Only using
those services that are absolutely needed does two things: it limits the possi-
ble avenues of attack (those services with vulnerabilities that can be
13
exploited), and it reduces the number of services the administrator has to

worry about patching in the first place. This is one of the important first
steps any administrator should take to secure a computer system.
Another strategy to minimize possible avenues of attack is to provide as
little information as possible about your organization and its computing re-
sources on publicly available places (such as web sites). Since the attacker is
after information, don’t make it easy to obtain. For example, at one time it
was not uncommon for organizations to list the type of OS or browser used
on login banners but, as has been discussed, this gives a potential attacker
information that can be used to select possible attacks. In addition, consider
what contact information is absolutely necessary to have displayed on pub-
licly available sites.
Types of Attacks
There are a number of ways that a computer system or network can be at-
tacked (this topic will be covered in greater detail in Chapter 15). If success-
ful, the attack may produce one of the following: a loss of confidentiality, if
information is disclosed to individuals not authorized to see it; a loss of in-
tegrity, if information is modified by individuals not authorized to change
it; or a loss of availability, if information or the systems processing it are not
available for use by authorized users when they need the information.
14
Chapter 1 Review
■ Chapter Summary
After reading this chapter and completing the quizzes, ■ Numerous web sites exist that provide information
you should understand the following regarding on vulnerabilities in specific application programs
security trends. and operating systems.
■ The first step an administrator can take to
List and Discuss Recent Trends in Computer Security minimize possible attacks is to ensure that all
■ Fifty years ago, few people had access to a patches for the operating system and applications
computer system or network, so securing them are installed.
was a relatively easy matter.
■ There are many different ways to attack computers Describe Various Types of Threats That Exist for
and networks to take advantage of what has made Computers and Networks
shopping, banking, investment, and leisure ■ There are a number of different threats to security,
pursuits a simple matter of “dragging and including viruses and worms, intruders, insiders,
clicking” for many people. criminal organizations, terrorists, and information
■ The biggest change that has occurred in security warfare conducted by foreign countries.
over the last 30 years has been the change in the ■ There are two general reasons a particular
computing environment from large mainframes to computer system is attacked: it is specifically
a highly interconnected network of much smaller targeted by the attacker, or it is a target of
systems. opportunity.
■ Targeted attacks are more difficult and take more
Describe Simple Steps to Take to Minimize the time than attacks on a target of opportunity
Possibility of an Attack on a System
■ The steps an attacker takes in attempting to Discuss Recent Computer Crimes That Have Been
penetrate a targeted network are similar to the ones Committed
that a security consultant performing a penetration ■ The different types of electronic crime fall into two
test would take. main categories: crimes in which the computer was
■ A ping sweep simply sends a “ping” (an ICMP the target of the attack, and incidents in which the
echo request) to the target machine. computer was a means of perpetrating a criminal
■ A port scan will help identify which ports are act.
open, thus giving an indication of which services ■ One significant trend observed over the last several
may be running on the targeted machine. years has been the increase in the number of
computer attacks.
15
■ Key Terms
critical infrastructures (10) information warfare (9)
elite hackers (8) ping sweep (12)
hacker (7) port scan (12)
hacking (7) script kiddies (8)
hacktivist (11) structured threat (9)
highly structured threat (9) unstructured threat (8)
■ Key Terms Quiz

Use terms from the Key Terms list to complete the 7. _______________ are the most technically
sentences that follow. Don’t use the same term more competent individuals conducting intrusive
than once. Not all terms will be used. activity on the Internet. They not only can exploit
known vulnerabilities but are usually the ones
1. A(n) _______________ is a threat characterized responsible for finding those vulnerabilities.
by a greater amount of planning, a longer period
8. A _______________ helps identify which ports
of time to conduct the activity, more financial
are open, thus giving an indication of which
backing to accomplish it, and the possible
services may be running on the targeted
corruption of, or collusion with, insiders.
machine.
2. A hacker whose activities are motivated by
9. _______________ are individuals who do not
a personal cause or position is known as a
have the technical expertise to develop scripts or
_______________.
discover new vulnerabilities in software but who
3. Infrastructures whose loss would have a severe have just enough understanding of computer
detrimental impact on the nation are called systems to be able to download and run scripts
_______________. that others have developed.
4. _______________ is warfare conducted against 10. A(n) _______________ is a threat characterized
the information and information processing by attacks that are conducted over short periods
equipment used by an adversary. of time (lasting at most a few months), that do
5. A _______________ simply sends a “ping” (an not involve a large number of individuals, that
ICMP echo request) to the target machine. have little financial backing, and are accomplished
6. A(n) _______________ is a threat that generally is by insiders or outsiders who do not seek collusion
short-term in nature, does not involve a large with insiders.
group of individuals, does not have large
financial backing, and does not include collusion
with insiders.
16
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
■ Multiple-Choice Quiz
1. Which threats are characterized by possibly long 5. Which of the following is generally viewed as the
periods of preparation (years is not uncommon), first Internet worm to have caused significant
tremendous financial backing, a large and damage and to have “brought the Internet
organized group of attackers, and attempts to down”?
subvert insiders or to plant individuals inside a A. Melissa
potential target in advance of a planned attack?
B. The “Love Bug”
A. Unstructured threats
C. The Morris worm
B. Structured threats
D. Code Red
C. Highly structured threats
6. Which of the following individuals was
D. Nation-state information warfare threats convicted of various computer crimes and was
2. Which of the following is an attempt to find and known for his ability to conduct successful social
attack a site that has hardware or software that is engineering attacks?
vulnerable to a specific exploit? A. Kevin Mitnick
A. Target of opportunity attack B. Vladimir Levin
B. Targeted attack C. Timothy Lloyd
C. Vulnerability scan attack D. David Smith
D. Information warfare attack 7. According to the CSI/FBI survey, which of the
3. Which of the following threats has not grown following statistics decreased in 2003?
over the last decade as a result of increasing A. The number of organizations reporting the
numbers of Internet users? Internet as a point of attack
A. Viruses B. The number of organizations that have
B. Hackers reported unauthorized use of their systems
C. Denial-of-service attacks C. The average loss as a result of theft of
D. All of these have seen an increase over the proprietary information
last decade. D. Both B and C
4. The rise of which of the following has greatly 8. Which virus/worm was credited with reaching
increased the number of individuals who probe global proportions in less than ten minutes?
organizations looking for vulnerabilities to A. Code Red
exploit?
B. The Morris worm
A. Virus writers
C. Melissa
B. Script kiddies
D. Slammer
C. Hackers
D. Elite hackers
17
Another random document with
no related content on Scribd:
some measurements making it more, and some less than the 100
feet here given.
When things were in their natural state, undisturbed by man, the
Birket el Keiroon was a lake, as it is now. In those days, as in our
own, it was supplied with water, just as the pool within the enclosure
of Karnak, and other pools, and all the wells in Egypt, by natural
infiltration; for the water of the river percolates readily through the
porous strata, and flows into any sufficiently deep depressions, or
excavations. The existence of the oases also in the desert must be
accounted for in this way.
The Bahr Jusuf Canal had, at some unrecorded date, been
brought along the foot of the Libyan range. Starting from Diospolis
Parva, by the air-line forty miles below Thebes, it had traversed the
whole of the rest of the valley; then, passing through the Delta, it had
reached the sea, somewhere in the neighbourhood of modern
Alexandria; a distance, again, in the air-line of 400 miles; though, of
course, this falls very far short of giving the measure of its ceaseless
sinuosities. This Grand Canal of old Egypt now carries off about a
twenty-eighth part of the water that passes over the cataract of
Philæ. In its course it flows along the depressed range that forms the
eastern boundary of the Faioum. In this depressed range there is a
ravine through which in early days, at the season of the inundation,
some of the overflow of the Bahr Jusuf found its way to the top level
of the Faioum. It is not easy now, to decide whether it got through
naturally at first, or whether the ravine was canalized to enable it to
pass through. At all events it is evident that, if there had originally
been a natural passage, it was levelled and enlarged by man
availing himself of natural fissures and depressions. But however
this might have been, the inundation having found its way on to the
upper level of the Faioum, appears to have formed there an
immense morass.
The first condition, then, of the district had been a dry desert,
precisely resembling any other part of the desert, except that it
slanted from what may be spoken of as the rim of its mussel-shell-
like depression down to the spring-fed Birket el Keiroon. Its second
condition, that now before us, is what was brought about by the
water of the inundation, that had in some way or other been let into
the district: it formed wherever it was retained, and chiefly on the
upper plateau, a vast extent of morasses. We have the evidence of
geology for the former—for we see that the original surface of the
district consisted of thin layers of limestone, alternating with layers of
clay—and of tradition for the latter.
We now come to the third, which is the historical, stage. By a
series of enormous dykes, some of them several miles in length, the
enclosed space having a breadth also of some miles, the inflowing
water was confined to certain portions of the upper plateau; perhaps
the whole of the upper plateau was by these means formed into a
lake. The water thus retained and secured, was amply sufficient for
the perennial irrigation of the whole of the descent reaching from the
upper southern plateau down to the Birket el Keiroon, and for a
district to the west and south, and, when the effects of the inundation
began to be exhausted in the valley of Egypt, for the contiguous
departments of Memphis and Heracleopolis. In this way the creation
of the Faioum, the most fertile province in Egypt, was far from being
the whole of the benefit derived from these vast waterworks.
The lake, or series of connected lakes, formed on the summit of
the plateau may have been twenty miles long, and two or three wide.
This was the famous Lake Mœris. The water was made to enter the
lake by a channel, which probably commenced at the modern
Howarah, and was drawn off for irrigation outside the Faioum by a
channel which appears to have passed out at Illahoun. In each of
these a sluice was constructed. The extreme costliness of opening
and shutting these sluices shows that they must have been
enormous structures: but this was only in proportion to the vast
volume of water that passed through them. To fill such lakes during
the time of the high water of the inundation nothing less than a
considerable river would have sufficed. We can only think it very
much to the credit of these primæval engineers that they managed
such sluices at all. Nothing like either the slatts, or the locks, on
some of our rivers for holding back the water, would have answered
their purpose. They wisely made the channel for letting out the water
quite distinct from that for letting it in; for, if one of the sluices got out
of order, then the other might be used while the damages of the
injured one were being repaired. In a matter of life and death to so
many it would not have done at all to have had only one string to
their bow.
But to revert to the gains of these vast hydraulic constructions. An
entirely new department had been added to Egypt. It was called the
Arsinoite, or Crocodilopolite nome, from Arsinöe or Crocodilopolis, its
capital; and turned out, from its more thorough exposure to air than
was possible in the valley of Egypt, the richest and most productive
part of the kingdom. Its produce was better and more varied. For the
six low-water months also during which the stored-up treasure of its
great lake flowed back into the valley, it maintained the irrigation of
the contiguous river-side departments. Some of the canals of India
may have done as much, but no work of man was ever grander in its
conception, more completely successful in all it aimed at achieving,
or of greater and more undoubted utility. It must have brought into
being, and kept in existence, more than 500,000 souls in the
department it created, and in those whose productiveness it
increased; for we are speaking of land which, we must remember,
was not cultivated as our farms, or even as our gardens are, and
which produced never less than two crops a year; and which not
being inundated, as the land in the valley, but irrigated, and warped,
regularly, and at will, all the year round, was capable of yielding three
crops annually. Every square foot of ground in the Faioum, all the
conditions of warmth, fertility, and moisture being always present,
was kept working, at the highest power, through every hour of the
twelve months.
In Lake Mœris the crocodile abounded, having come in with the
water. It thus became to the inhabitants of the nome the symbol of
the life-giving water; and, having become to their minds the
representative of that upon which everything depended, as had been
the case with other symbols, it was held sacred, and eventually
worshipped. Just so in the lower departments outside, where they
had once had too much water, and which had not become
inhabitable till the water had been drained, and dyked off, and
regulated, not the crocodile, but the ichneumon, the enemy of the
crocodile, had, by an analogous process, become an object of
worship. They had suffered from water, and could only with difficulty
keep it from overwhelming their lowlands; and so they made a
symbol, for the idea of regulating water that encroached and was
destructive, of that which was supposed to destroy what their
neighbours had made a symbol of water itself. Here was a symbol
upon a symbol. But these were people who thought in hieroglyphics;
and to get to an understanding of what they meant we must translate
their hieroglyphical modes of thought and expression into our own
direct modes.
This lake so abounded in fish—more than twenty species were
found in it—that the daily take, during the six months the water was
flowing out, was sold for a talent of silver, about two hundred pounds
of our money. During the time the water was flowing in the average
of the amounts of the daily sales was the third of a talent. The king
gave these proceeds of the lake fisheries to the queen for pin-
money. The quantity of fish taken was so great that there was at
times a difficulty in pickling and drying it.
Herodotus describes Lake Mœris as 450 miles in circumference.
These figures are probably not those of an ignorant copyist, but what
the historian himself set down in his original manuscript, for he gives
the measurement in schœni as well as in stadia. The statement, of
course, is an impossibility, for the true Lake Mœris could not have
been more than twenty miles in length, or more than four in width.
No one can suppose that Herodotus is here drawing a long bow to
astonish his countrymen with a traveller’s tale. If he had been at all
capable of doing anything of this kind, he never could have written a
book of such value as all competent judges have ever assigned to
his great work; and whatever he might have written would soon have
fallen into deserved contempt. It has occurred to me that we may
explain his figures by supposing that he meant them to give the
circumference of the whole water-system of the Faioum. On the
southern ridge of the mussel-shell he saw the great Lake Mœris;
along its northern side he saw what we distinguish by the name of
Birket el Keiroon; he saw the eastern extremities of the two
connected by a broad canal, and in like manner their western
extremities; and throughout the intervening descent he found a
complete network of irrigating canals. As he makes no separate
mention of the Birket el Keiroon, the probability is that he considered
it to be a part of Lake Mœris. Regarding, then, the two lakes as part
of the same plan, and as equally the work of man, and finding them
so intimately connected with canals, he looked upon the whole as
one lake enclosing the cultivated Faioum, and so he speaks of the
whole under a single name, and gives a measurement of the
circumference of the whole as that of Lake Mœris. What he says of
the difficulty he had in understanding what had become of the earth
raised in excavating the lake would apply to Birket el Keiroon,
supposing it to have been artificially formed. This is almost a
demonstration of his having regarded it as a part of Lake Mœris. Of
course there could have been no difficulty of this kind with respect to
the true Lake Mœris, for that had not been formed at all by
excavation, but by dykes: it was a great dam, or series of dams, and
the earth required for the construction of the dykes was all the earth
that had been moved. The difficulty, therefore, here must have been
just the very opposite to that which occurred to Herodotus, because,
before the water of the inundation had deposited any or much mud in
the district, the problem the engineer had to solve was, where he
was to get sufficient earth from to make the dykes.
Some travellers have spoken of the broad belt of shingly gravel on
the south side of Birket el Keiroon, as a phenomenon that needs
explanation. They ask—Where is the fertile soil that ought to be
there? The answer, I suppose, is—That it may be found precisely
where it ought to be, that is, at the bottom of the Birket el Keiroon. At
times a great deal of water has passed through the canals, as
formerly from Lake Mœris itself, into the Birket el Keiroon. This must
have been very great on the occasion of such a mishap as a break in
the dykes, which doubtless occurred at times, especially when things
were going out of order. The beach, therefore, of the Birket el
Keiroon has been very variable, having often been very considerably
advanced. To whatever point the water rose, so far the wash of the
waves, breaking on the beach, would float off the light particles of
soil, and transport them to the quiet bottom of deep water. What
there would be a difficulty in explaining would be, not the absence of,
but the finding of Nile-mud soil in this belt that margins the Birket el
Keiroon.
In some parts of the old bed of the now dry Lake Mœris we find
deposits of Nile-mud sixty feet thick. Again, this is what might have
been expected. The water of the inundation flowed into the lake
heavily charged with mud. The lake was still water. The sediment,
therefore, was speedily deposited at the bottom. This process was
repeated every year. Say that a film of the fourth of an inch was
deposited each year from Amenemha to Strabo, the whole of the
sixty feet will be accounted for. But this deposition of mud must also
have been going on during the antecedent unrecorded centuries of
the morass-period.
This will also account for something more, that is, for the disuse
and obliteration of the lake. The mud had at last taken the place of
the water. The dykes had not been made of any great height at first,
but, as the soil rose both within and on the outside, they had, in the
course of two thousand years, been frequently raised
correspondingly. Of course, the bed of the Nile, like that of the Po,
gradually rises, but the amount of this rise is not great, and would
bear but a small proportion to the rise of the bottom of the lake. Lake
Mœris, therefore, contained in itself, as so many natural lakes have
done, a suicidal element. What made it a lake was destined to make
it one day, what it has long been, dry land. This was, from the first,
only a question of time. Water could, of course, again at this day be
dammed up upon the site of the old lake, but only by taking it from
the river at a higher point than of old; higher, that is to say, than the
inlet of the Bahr Jusuf Canal at the old Diospolis Parva; for instance,
it might be necessary to take it now from above the Cataract of
Philæ, though, indeed, if that could be engineered, we cannot
suppose that it would pay, for the Faioum, including the bed of the
old lake, is pretty well irrigated now, though, of course, it has no
storage of water for the needs of the adjacent river-side lands.
It is obvious that we must connect with these vast and
scientifically-carried-out hydraulic works of the Faioum, the
registration of the height of the annual inundation Herodotus
mentions, and of which we have still existing evidence in the rock-cut
records at Semnéh, we referred to in our first chapter. He says this
registration was commenced in the time of Mœris. Now Mœris was
that Amenemha III., who constructed these great reservoirs of the
Faioum, and after whom they were ever afterwards called. The
connexion between the yearly marking of the height of the rising at
Semnéh, in Nubia, and the reservoirs of the Faioum might have
been that the register at Semnéh was a detective apparatus for
showing how much water ought each year to have been brought into
the reservoirs; it would also indicate what was the need for irrigation
in the contiguous departments outside the Faioum; and thus be a
guide for the regulation of the amount of water that ought to be let
out each year.
In the waterworks of the Faioum there was a grand utility with
which our thought is more than satisfied: in the Labyrinth was seen
the architectural glory of the newly-created province; it was the
greatest construction of the old Monarchy: the Pyramids had been a
rude introduction to it; and it suggested to the younger monarchy the
chief structures of Karnak. If we could now behold it, as it stood at
the time when the Hyksos broke into Egypt to become its masters for
between four and five centuries, we should regard it as one of the
most historically interesting and instructive buildings ever erected in
the world.
Its primary conception had been that of a place of assembly for the
Parliaments of old Egypt. At that time one court, to which were
attached 250 chambers, half being above, and half below ground,
appears to have been assigned to each of the twenty-seven
departments of the kingdom. Each of these chambers was roofed
with a single stone slab. No material but stone had been used
throughout the structure. Its pillars were monoliths of red granite, and
of a limestone so white as to have been mistaken for Parian marble,
and of so compact a texture as to receive a good polish. The
sculptures of the courts and chambers were singularly bold and
good. Those of each court, and its connected chambers, had
reference to the history, the peculiarities, and the religion of the
department to which it had been assigned. Besides the chambers
were numerous halls, porticoes, and passages. The area of the roof,
composed of the enormous slabs just mentioned, may have formed
the actual place of assembly for the collected deputies of the
departments. On the north side stood the Pyramid in which was
buried Amenemha III., who, if he had not originally designed the
Labyrinth, had, at all events, been its chief constructor, for his
scutcheon is frequently found in the existing remains. This Pyramid
was cased with the white limestone used in the Labyrinth itself. The
dimensions of the figures sculptured upon it were unusually large.
This form having been incorporated into the general design, for it
was placed in front of the north, which was the open side, must have
gone some way towards breaking the monotony of the horizontal
and perpendicular lines of the Labyrinth itself.
Herodotus saw it after its partial restoration by the Dodecarchs.
They had restored twelve of its courts, one for each of themselves.
Those were days of decadence, when what would contribute to the
greatness, not of the kingdom, but of the individual ruler, was the
governing idea in royal minds. It had first fallen into decay, because
into disuse, during the long period of Hyksos occupation; and on the
rise of the new monarchy the place of assembly had been removed
to Thebes, where Sethos had constructed his grand hypostyle hall
for that very purpose. It had, therefore, at the time when the twelve
kings took it in hand, been disused and dilapidated for a period of
between fifteen and twenty centuries, probably for as long a time as
has elapsed from the days of Augustus to our own day. In that long
period we can imagine to what an extent it had been resorted to as a
quarry for limestone, and building materials. This will account for the
restorations of the twelve kings having been so considerable, that
Herodotus speaks of them as having been the builders of the
structure he saw.
Above two thousand years more have since elapsed, the whole of
which have been years of neglect, and wilful dilapidation; and sad,
indeed, is now the state of the grand building, once the grandest in
all the world, upon which men had bestowed so much labour and
thought, and of which those, to whom it belonged, had been so
proud. An Arab canal has been carried through the centre of it. What
remains is buried in the rubbish-heaps formed by its own overthrow
and destruction. Still, there must be much within and beneath those
heaps that might be disinterred. The whole ought to be carefully and
critically examined. It is evident that these remains, from their extent
and their connexion with the old monarchy, of which the original
structure was the chief and most historical monument, are the most
promising of all fields for Egyptological investigation.
CHAPTER XV.
HELIOPOLIS.
A sense of our connexion with the past vastly enlarges our sympathies, and
supplies additional worlds for their exercise.—Edinburgh Review.
In going to Heliopolis I turned out of the way a few steps to look at

the old sycamore many a pilgrim visits in the belief that Joseph and
Mary, and the young Child, during their flight into Egypt, rested in its
shade. There is no intimation that the Holy Family went beyond
Pelusium, or Bubastis. To have gone so far would satisfy the
requirements of the sacred narrative. As they were poor, probably
they did not go far into the land, except that it might have been in the
exercise of Joseph’s trade: though indeed I cannot imagine any one
in Egypt, except a Jew, employing a Jewish carpenter. Of course, of
the Jews who went down into Egypt there would be some who would
be desirous of visiting Heliopolis, the On of Genesis, which was very
interestingly connected with Jewish history; and, therefore, it is just
possible the Holy Family may have gone so far.
But as to this tree. If one of its kind could possibly have lived so
many centuries in Egypt, which is highly improbable, even under all
the circumstances most favourable for the supply of water and
protection from the wind, it would have required an oft-repeated
miracle to have saved it from the axe during the many long periods
of disorder Egypt has passed through since Joseph’s sojourn. The
wood of a large tree is, in Egypt, too tempting at such times to be
long spared.
I do not know the date of the first mention of this tree, but I think
two hundred and fifty years would amply satisfy all the appearance
of age it presents. Pococke, from whom I may observe in passing,
that a great deal of the information, and many of the learned
references contained in several modern works on Egypt, have been
borrowed without acknowledgment, and in some cases taken
verbatim, tells us that at the date of his visit, which was in 1737, a
tree, I conclude the one still standing, was shown by the Copts as
the one that afforded shelter to the Holy Family; but that the Latins
denied its genuineness, affirming that they had cut down the true
tree, that is to say, the one that had previously done duty in
supplying a visible object for the legend, and had carried it to
Jerusalem. This was probably false. Supposing it, however, to be
true, it was a discreditable act, such as you might have expected
from such monks.
But we have arrived at the tree. It at once appears that the feelings
of some of the party are too deep for utterance. On these occasions
knowledge and reason have to fight, against something or other, a
battle that is lost often before it is begun. Belief is so much more
natural and pleasant than iconoclasm. If you would but let yourself
alone—of course you say nothing that would disillusion other people
—their devout and heart-contenting imaginations would be reflected
in yourself. As it is, you cannot help feeling the contagion. The
upshot of the matter is, you are not altogether satisfied with your own
unbelief, nor at all benefited by your half disposition to participate in
the belief of your friends. As to the believer, his emotions are every
way pleasant and satisfactory to himself.
But what took me to On was not to see the tree, but that I might
stand before the Obelisk of Osirtasen, the oldest obelisk in Egypt,
which has been pointing to the sky now for more than four thousand
years—from the days of the old monarchy, previous to the invasion
of the Hyksos. To them we may feel thankful for having allowed it to
stand; and there was no International in those days. It had been
erected for some centuries, when Abraham came down into Egypt.
Joseph and Moses, who had both been admitted to the Priest Caste,
and were learned in all the wisdom of the Egyptians, stood before it,
and read the inscription, word for word, as the erudite Egyptologer
reads it this day. Thales, Solon, Pythagoras, and Plato all studied
here. Heliopolis was then the most celebrated university in the world
for philosophy and science. Strabo was shown the house in which
Plato had resided. Herodotus found the priests here in better repute
for their learning than any elsewhere in Egypt. All these, and a host
of other well-known Greeks, Romans, and Jews resided and studied
here, during the many centuries of its renown. They all visited again
and again, and walked round and deciphered, or had deciphered to
them, the inscription on each side of this spit of granite. In those
days it seemed to them a wonderful monument of hoar antiquity—far
beyond anything that could be seen in their own countries.
Everything they then saw at Heliopolis has been reduced to mounds
of rubbish now, excepting this single stone. What a halo of interest
invests it! Who would not wish to see it? Who can be unmoved as he
looks upon it? Fifty centuries of history, and all the wisdom of Egypt
are buried in the dust under his feet. You shift your position, and then
smile at yourself—a sort of feeling had come upon you that you were
obstructing the view of Joseph, or of Herodotus; that you were
standing in the way of Plato, or of Moses.
But though the carking tooth of time has in no way set its mark on
the monument of Osirtasen, a small fly has for the present
obliterated, on three sides of it, the record he placed upon them. It
has done this by filling up the incised hieroglyphics with its mud-
cells. Whether it be a mason-wasp, or a bee, I was unable to
discover, the cells being out of reach. I saw the same temporary
eclipse of the sculptures and hieroglyphics going on at Dendera and
elsewhere. The venom of this little insect is, I was told, equal to what
I saw of its impudence.
The drive to Heliopolis is well worth taking on its own account. I
found by the wayside a greater variety of culture, and of plants, than
elsewhere in Egypt; oranges, lemons, ricinus, (which, with its spikes
of red flowers and broad leaves, is, here, a handsome plant,)
cactuses, vineyards, olive-trees, Australian eucalyptuses, and many
other trees and plants.
Before I went to Heliopolis I asked a Scotchman I found myself
seated next to at dinner one day at the table d’hôte, whether it was
worth one’s while to go? ‘I will tell you just how it is,’ he replied. ‘I
have been there. There is nothing to see; but it will give you a
pleasant afternoon. It is like going out a fishing. The day is fine. The
country looks well. You have a pleasant friend, and a good luncheon,
with cigars and whisky. You come home without having seen a fish;
but you are not dissatisfied with yourself for having gone.’ Having
again met this gentleman after I had been there, he asked me how I
had liked Heliopolis? He seemed so thoroughly satisfied with his own
matter-of-fact, and very intelligible, way of regarding the world, and
all it contains, that I refrained from telling him what I had thought. In
his presence I almost doubted whether any pearls, excepting his,
were not counterfeits: at all events, I was sure they would appear so
to him. This, however, was but a momentary misgiving. There are
some other sorts which, though not so common, are quite as
genuine as his; perhaps, too, (but when one writes in English this
must not be said without expressions of humility, and of readiness to
receive correction,) they may have been formed by animals, the
ingredients of whose food were somewhat more varied than is the
case with the ordinary mollusk. But, be this as it may, those that are
of the rarer sort have the advantage that, while they do not in the
least interfere with the enjoyment of the sunshine, the pleasant
scene, the friend, the good cigar, and the old whisky (perhaps rather
giving depth to the enjoyment, because refining it), they are in
themselves, and even without these agreeable adjuncts, a source of
never-failing enjoyment. They are, as was said of such things long
ago, as good for the night as for the day. They go with us into the
country, and accompany us on our travels. It may, however, be
objected to them that, in this country, they generally make their
possessor unpractical, and leave him poorer, except in ideas, than
they found him. There is no denying that it is so here, very often. Is
the reason of this that our governing class, whether we interpret
those words to mean the class from which our legislators, and
administrators, have hitherto very generally been taken, or the class
that put them in their places, that is, the shopocracy (can we hope
anything better from our new governing class, that of the British
artizan?) have cared but little for these things? Influences of this kind
have made us a money-worshipping people—not that we have loved
money more than other people, but that money has had too much
power amongst us—so that too many of us, like my Scotch
acquaintance, have learnt to pooh-pooh everything which does not
fetch money—that is to say, nature and history, which are the
materials out of which truth is constructed; and art, poetry,
philosophy, and science, which are the construction itself: everything
but money, and what will bring money in the market. And so, too, it
came about that our highest education was merely a form of
classicism accommodated to a narrow and shortsighted theology:
what both nature and history might have taught would have been
inconvenient, or, be that as it may, was not needed.
We know that in certain exceptional cases (they ought not to be so
very exceptional) a man may possess the world that is to come, as
well as the world my Scotch acquaintance had so tight a grip of. This
is a difficult thing to do: on our system, and with our ideas, a very
difficult thing; still one that may be done. The difficulty, however,
appears to be very considerably increased, when the attempt is
made to add to these two the possession of the world that has been.
It is hard to keep two balls up in the air, and going, at the same time;
but, to add a third, and to attend to all three properly, to give each its
own due space and time, and to get them all to work harmoniously
together, is a feat that reveals a very un-English mind, but still it is
the master-mind. What were the performances of Egyptian Proteus
to this? By turns he was many things, but here is a man who, at one
and the same time, has three souls, and lives three lives. It is so,
however, only in appearance: the interpretation of the Parable is that
the man has passed mentally out of the flat-fish stage of being, in
which sight is possible only in one direction; and has reached the
higher stage in which it is possible to look in every direction; and so
to connect all that is seen all around, as that the different objects
shall not reciprocally obscure, but illumine each other.
CHAPTER XVI.
THEBES—LUXOR AND KARNAK.
For all Egyptian Thebes displays of wealth,

Whose palaces its greatest store contain:
That hundred-gated city that sends forth
Through every gate an hundred cars of war,
Well horsed, well manned.—Homer’s Iliad.
Luxor, Karnak, and Thebes, are three fragments of the hundred-

gated city of Homer. The landing, to which you moor your boat, is
about two hundred yards from the great temple of Luxor. The open
space, between the landing and the temple, is a slight acclivity, and
is completely covered with sand. To the right and left of the open
space are the mean buildings of the modern town. Those on the right
cluster round and conceal the greater part of the temple, leaving only
a grand colonnade visible from the water, at the further side of the
open sandy acclivity. As you enter this colonnade, and stand in the
roofed hall among the mighty pillars that support the roof, a feeling
comes over you that you have shrunk to the dimensions and
feebleness of a fly. The oldest sanctuary, of which there are any
remains still standing here, was built by Amenophis III., who
belonged to the dynasty that expelled the Hyksos. It was now seen
that Thebes would be a safer capital than Memphis, which was too
near the Semitic border. The close connexion also that had now
been formed with Ethiopia, sometimes being that of its complete
subjection, made a more southern capital desirable. The erection of
the splendid temple of Amenophis indicates the complete triumph of
the new policy. This took place about four thousand years ago.
Rameses the Great, the most magnificent and prolific architect the
world has ever seen, was not satisfied with the original structure.
Following the example of his father, Sethos, he conceived a plan for
investing Thebes with a grandeur and a glory that none of the
Empires, that have grown to greatness during the thousands of
years that have passed since his day, have done anything to rival, or
approach. And this plan he carried out to a successful completion.
Part of it was the architectural connexion of Luxor and Karnak. For
this purpose it was necessary to give additional height and
massiveness to Luxor. This he did by attaching to the extremity of
the temple of Amenophis, nearest to Karnak, a grand court, enriched
externally with colossal statues of himself and two obelisks; one of
which is now standing where he placed it; the other is in the Place de
la Concorde at Paris. Having made the Temples of Luxor and
Karnak, by their height and massiveness, their lofty courts, propylæa
and obelisks, reciprocally conspicuous and imposing from each
other, the direct connexion was effected by a broad straight road, or
street, nearly two miles in length, guarded on either side by a row of
sphinxes. Some of these, at the Karnak end of the connecting street,
still remain; they are ram-headed. Fragments of others are found in
the débris nearer Luxor.
Along the line of this old street, which, however, except at its
northern end, is quite obliterated by rubbish mounds, cultivation, and
palm-groves, you ride to Karnak. As you pass no houses by the way
the distance seems great. Here was for many centuries the splendid
centre of the most splendid city in the world. On nothing like it did the
sun shine. The dwelling-houses, many of them Diodorus tells us four,
some even five, stories high, were, we may be sure, not allowed to
approach so near as to interfere with the solemnizing effect of the
long dromos of sphinxes. This effect was the very object of these
avenues of sphinxes and colossi, which were prefixed to the
temples. They shut out the world as the worshipper approached the
temple, and prepared his mind for the services and the influences of
the house of God.
The area of the sacred enclosure at Karnak was a square of about
2,000 feet each way. The enclosing wall is still everywhere traceable.
In some parts it is but little injured by time. There were twenty-six
temples within the enclosure. It was a city of temples. The axis of the
main series points across the river to the gorge of the valley, in the
Libyan hills, at the head of which were placed the tombs of the kings.
Another series of temples reached down to the south-west entrance
of the enclosure, where was the termination of the Luxor-Karnak
street. These two series of temples may be roughly described as
close and parallel to the north-eastern and north-western sides of the
enclosure. The rest of the space was filled with more or less
detached structures.
Here was, if not the sublimest—for the mass and simplicity of the
Great Pyramid may contest that—yet certainly the most magnificent
architectural effort ever made by man. What prompted it? At what did
it aim? Of course it was the embodiment of an idea, and that idea
was, in its simplest expression, the same as the idea contained in
the Greek temple, and the Christian cathedral. It was the glorification
of the builders conception of the Deity. The difference in the
structures, in their fashion and effect, arose out of the differences in
the conceptions these people had respectively formed of the Deity.
In the conception of the Egyptian awe was the predominant feature.
Whatever else Deity might be, awfulness was its first attribute.
Beauty, if at all, came in a comparatively low degree. With the
Greeks and the Christians it was very different. The gods of the
Greeks were connected with and took delight in Nature. The God of
the Christians was the author of Nature. With them, therefore, the
recognition, the creation, and the exhibition of what was beautiful,
formed a part of the service of God. They felt that in religion a sense
of, and the sight of, the beautiful dispose to love. The Egyptian
beholder and worshipper was not to be attracted and charmed, but
overwhelmed. His own nothingness, and the terribleness of the
power and will of God, was what he was to feel. The soul of the
Greek, and of the Christian, was to be elevated, not crushed; to be
calmed, to be harmonized. One was the work of minds in which the
instinct of freedom was operative; the other of minds which felt the
powerlessness, the helplessness of man in the face of an
unchangeable iron order alike of Nature and of society.
Moreover, as we have already seen, in Egypt Nature herself did
not originate and nurture the thought of beauty. In Egypt were no
rocky, moss-margined streams, no hanging woods, no shady groves,
no lovely valleys. The two paramount objects in Nature, as they
presented themselves to the eye and the thought of the Egyptian,
suggested to him absolute power on the part of Nature, and absolute
dependence on the part of man. These two objects were a singularly
dull and monotonous river, but without which the Egyptian world
would be a desert, and the scorching sun, but without which all
would be darkness and death. They did everything. Without them
everything was nothing.
These stupendous structures, then, expressed the feebleness of
the worshipper by magnifying the power of the object of his worship.
They awed him, as was intended, into a sense of personal
nothingness, while they called into being and fed a sense of
irresistible power, external to man, the idea of which the peculiarities
of everything Egyptian gave rise to. Moral ideas, engendered by the
structure and working of Egyptian society, and ideas of the physical
forces which were ever before them, and to which they felt their
subjection, were entangled in their minds in an inextricable knot, and
that knot was their religion.
On the walls of these stupendous structures is written and
sculptured the history, as well as the religion, of Egypt, from
Osirtasen I., who reigned four thousand five hundred years ago,
down to the Roman Augustus: these are the earliest and the latest
names inscribed on the lithotomes of Karnak. The included space of
time embraces the two last dynasties of the primæval monarchy; the
Hyksos period; the whole of the new monarchy, when Egypt rose to
its zenith of power, glory, art, wealth, and wisdom; the domination of
Persia; the Ptolemaic sovereignty; and a part of the Roman rule.
None inscribed so much history on these walls as the two mightiest
of Egyptian conquerors and builders, Sethos, and the stronger son of
a strong father, his successor, Rameses the Great. These two
Pharaohs themselves made more history than all who had gone
before them; and none who followed them attained to their
eminence. The buildings they erected are history, as much as their
conquests.
The Coliseum is a part of Roman history. Its magnitude and its
purpose are history. It tells us that Cæsar could issue a decree that
all the world should be taxed; that Cæsar found it necessary to
dazzle and amuse the populace; that the amusements of the
populace were brutal; that amusement, not religion, was the order of
the day. So in the stones of Karnak we see the plunder and the
tribute of Asia and Ethiopia. Many a city had been made a desolate
heap, and many a fair region had been ravaged, and the silver and
the gold collected, and the surviving inhabitants swept into the
Egyptian net, and carried away captive into Egypt, to assist in
building the grand hypostyle Court of Karnak, the grandest hall ever
constructed by man. In the direction of the axis of the connected
series of temples this hall is 170 ft. long. Its width is 329 ft. It is
supported by one hundred and thirty-four columns. The central
twelve are 62 ft. high in the shaft, and 36 ft. in circumference. The
remaining one hundred and twenty-two columns are 42 ft. in height,
and 28 ft. in circumference. The lintel stone of the great doorway is
within 2 in. of 41 ft. in length. Every part of the walls, the pillars, and
the roof is covered with coloured sculptures cut by the chisel of
history, and of religion, which, however, as far as we are concerned,
belongs to history. The purpose of this hall was to provide a fitting
place for the great religious diets of the nation. It must have
appeared to the thoughts of those times that the gods had assisted
the king—who was already becoming their associate—in designing
and erecting such a structure. We, however, are aware that no
people can imagine, or undertake such structures, unless they are
inspired with the sentiment that they are the greatest among the
nations, and at the head of the world. Great things—it is more true of
literature than of architecture, but it is true of everything—are not
done by imitation but by inspiration, and nothing inspires great things
but greatness itself.
To the north-west of this stupendous and overpowering hall is an
hypæthral court 100 ft. longer, and of the same width of 329 ft. A
double row of columns traverses its central avenue. It has corridors
on each side. It was left incomplete. This is plain from the enormous
pyramidal propylons, by which it is entered, never having been
sculptured. None who came after the Great Rameses were able to
rise to the height of his conceptions. In the unsculptured walls of
these propylons are the sockets, drilled, horizontally, through their
whole thickness, for holding the beams which supported the lofty
staffs for the flags which were used on great occasions. These lofty
towers and these far-seen flags connected the temples of Karnak
with the temples on the western bank of the river, and with the
funeral processions to the catacombs of the kings in the opposite
valley of the Libyan range, just as the south-western propylons, and
the dromos of sphinxes, connected them with Luxor.
Though the name of Sesortosen, or Ositarsen I., is the first that
appears on this series of temples, it would be a mistake to suppose
that the date of the greatness of the city must be taken from his
reign. This is impossible, for he was the founder of the dynasty which
came from Thebes. Thebes, therefore, in his time—4,500 years ago
—had become sufficiently powerful to give a dynasty to Egypt. And
when we look at its site, the island in the river, the great extent of
fertile land on the east bank, with no inconsiderable extent also on
the west, and the convenient approach of the Libyan Hills to the river
side, we see that this was a spot designed by nature for one of the
great cities of old Egypt. It was great under the old monarchy, and
gave to the country the two last dynasties of that first monumentally-
known period of its history. During the succeeding 400 years of the
Hyksos domination, a cloud of almost impenetrable darkness settled
down upon it, as upon everything else Egyptian. It rose under, and
with the new monarchy. The disadvantages of the site of Memphis,
and the conveniences of that of Thebes, had been discovered. It,
therefore, now became unreservedly the repository of all the glories,
and the chief shrine of the religion of the country. The spoils of war,
the tribute of subject nations, the rent of the royal demesne, which
comprised one-third of the land of Egypt, were spent here. Next to
the court came the numerous and wealthy body of the priests; and
they, too, were chiefly—though they had also other sources of
income—supported by the rents of their estates. Besides these there
was the official class, which again we know was numerous and
wealthy. Trade also must have largely contributed to the wealth of
Thebes; for it was the emporium for the camel-borne produce of the
interior of the continent, and for the water-borne commerce with
Egypt of the East Coast of Africa, of Arabia, and of India. We may
form an estimate of the extent of this trade from the magnificence of
the Temples, which, of old times, in the East was generally
proportionate to the amount and value of the commerce carried on

PDF Principles of Computer Security Comptia Security and Beyond Conklin Ebook Full Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF Principles of Computer Security Comptia Security and Beyond Conklin Ebook Full Chapter

Uploaded by

Copyright:

Available Formats

Principles of Computer Security:

CompTIA Security+ and Beyond

CompTIA Security+ All-in-One Exam Guide (Exam SY0-501)

CompTIA security all in one exam guide Exam SY0 501

Computer Security: Principles and Practice 4th Edition

Comptia Security Guide to Network Security Fundamentals

CompTIA Security All in One Exam Guide Sixth Edition

Principles of Security and Trust Lujo Bauer

Computer Security Javier Lopez

Principles of Information Security 6th Edition Whitman

■ LearnKey Online Training

■ Installing and Running MasterExam

LearnKey Technical Support

In this chapter, you will learn

■ The Security Problem Tech Tip

The Morris Worm (November 1988)

Citibank and Vladimir Levin (June–October 1994)

Kevin Mitnick (February 1995)

Omega Engineering and Timothy Lloyd (July 1996)

instruments. Twenty days earlier, Timothy Lloyd, a computer network pro-

Worcester Airport and “Jester” (March 1997)

The Melissa Virus (March 1999)

The Love Letter Virus (May 2000)

The Code Red Worm (2001)

Adil Yahya Zakaria Shakour (August 2001–May 2002)

The Slammer Worm (2003)

U.S. Electric Power Grid (1997–2009)

Power and Light, saw perhaps

Fiber Cable Cut (2009)

Viruses and Worms

Terrorists and Information Warfare

tremendous financial backing, and a large and organized group of attackers.

exploit vulnerabilities has decreased. This is due to the number of auto-

The second type of attack, an attack against a target of opportunity, is con-

The Steps in an Attack

services that are available (which can be accomplished by banner grabbing).

Minimizing Possible Avenues of Attack

exploited), and it reduces the number of services the administrator has to

■ Key Terms Quiz

In going to Heliopolis I turned out of the way a few steps to look at

For all Egyptian Thebes displays of wealth,

Luxor, Karnak, and Thebes, are three fragments of the hundred-

You might also like