Professional Documents
Culture Documents
PDF Principles of Computer Security Comptia Security and Beyond Conklin Ebook Full Chapter
PDF Principles of Computer Security Comptia Security and Beyond Conklin Ebook Full Chapter
https://textbookfull.com/product/comptia-security-all-in-one-
exam-guide-exam-sy0-501-wm-arthur-conklin/
https://textbookfull.com/product/comptia-security-all-in-one-
exam-guide-exam-sy0-501-fifth-edition-conklin/
https://textbookfull.com/product/computer-security-principles-
and-practice-4th-edition-william-stallings/
https://textbookfull.com/product/comptia-security-guide-to-
network-security-fundamentals-mark-ciampa/
CompTIA Security 3rd Edition Anonymous
https://textbookfull.com/product/comptia-security-3rd-edition-
anonymous/
https://textbookfull.com/product/comptia-security-all-in-one-
exam-guide-sixth-edition-exam-sy0-601-wm-arthur-conklin-greg-
white-dwayne-williams-roger-davis-chuck-cothren/
https://textbookfull.com/product/principles-of-security-and-
trust-lujo-bauer/
https://textbookfull.com/product/computer-security-javier-lopez/
https://textbookfull.com/product/principles-of-information-
security-6th-edition-whitman/
Color profile: Disabled
BaseTech
Composite Default screen / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
A Objectives Map:
CompTIA Security+
Topic Chapter(s)
1.0 Systems Security
1.1 Differentiate among various systems security threats.
Privilege escalation 15
Virus 15, 16
Worm 15, 16
Trojan 15, 16
Spyware 15, 16
Spam 15, 16
Adware 15, 16
Rootkits 15
Botnets 15
Logic bomb 15
1.2 Explain the security risks pertaining to system hardware and peripherals.
BIOS 10
USB devices 10
Cell phones 10
Removable storage 10
Network attached storage 10
1.3 Implement OS hardening practices and procedures to achieve workstation and server security.
Hotfixes 10, 14
Service packs 10, 14
Patches 10, 14
Patch management 10, 14
Group policies 14
Security templates 14
Configuration baselines 14
1.4 Carry out the appropriate procedures to establish application security.
ActiveX 17
Java 17
Scripting 17
Browser 17
Buffer overflows 17, 18
640
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
Cookies 17
SMTP open relays 17, 18
Instant messaging 16, 17
P2P 17
Input validation 17, 18
Cross-site scripting (XSS) 17
1.5 Implement security applications.
HIDS 13
Personal software firewalls 10, 13
Antivirus 10, 13
Anti-spam 10, 13
Popup blockers 10, 13
1.6 Explain the purpose and application of virtualization technology.
10
2.0 Network Infrastructure
2.1 Differentiate between the different ports & protocols, their respective threats and mitigation techniques.
Antiquated protocols 11
TCP/IP hijacking 11, 15
Null sessions 15
Spoofing 15
Man-in-the-middle 15
Replay 15
DOS 15
DDOS 15
Domain Name Kiting 15
DNS poisoning 15
ARP poisoning 15
2.2 Distinguish between network design elements and components.
DMZ 9
VLAN 9
NAT 9
Network interconnections 9
NAC 10
Subnetting 9
Telephony 3, 10
2.3 Determine the appropriate use of network security tools to facilitate network security.
NIDS 10, 13
NIPS 10, 13
Firewalls 10, 13
641
Appendix A: Objectives Map: CompTIA Security+
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
Proxy servers 10, 13
Honeypot 10, 13
Internet content filters 13
Protocol analyzers 10, 13
2.4 Apply the appropriate network tools to facilitate network security.
NIDS 10, 13
Firewalls 10, 13
Proxy servers 10, 13
Internet content filters 13
Protocol analyzers 10, 13
2.5 Explain the vulnerabilities and mitigations associated with network devices.
Privilege escalation 10
Weak passwords 10
Back doors 10
Default accounts 10
DOS 10
2.6 Explain the vulnerabilities and mitigations associated with various transmission media.
Vampire taps 10
2.7 Explain the vulnerabilities and implement mitigations associated with wireless networking.
Data emanation 3, 12
War driving 12
SSID broadcast 12
Blue jacking 12
Bluesnarfing 12
Rogue access points 12
Weak encryption 12
3.0 Access Control
3.1 Identify and apply industry best practices for access control methods.
Implicit deny 1
Least privilege 1, 18, 19
Separation of duties 1, 19
Job rotation 1
3.2 Explain common access control models and the differences between each.
MAC 1, 11, 22
DAC 1, 11, 22
Role & Rule based access control 1, 11, 22
3.3 Organize users and computers into appropriate security groups and roles while distinguishing between appropriate
rights and privileges.
2, 11, 22
642
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
3.4 Apply appropriate security controls to file and print resources.
2, 22
3.5 Compare and implement logical access control methods.
ACL 2, 11, 22
Group policies 2, 11, 22
Password policy 2, 4, 22
Domain password policy 2, 11, 22
User names and passwords 2, 4, 22
Time of day restrictions 2, 22
Account expiration 2, 4, 22
Logical tokens 2, 11, 22
3.6 Summarize the various authentication models and identify the components of each.
One, two and three-factor authentication 11
Single sign-on 11, 22
3.7 Deploy various authentication models and identify the components of each.
Biometric reader 3, 11
RADIUS 11
RAS 11
LDAP 11
Remote access policies 11
Remote authentication 11
VPN 11
Kerberos 11
CHAP 11
PAP 11
Mutual 11
802.1x 11
TACACS 11
3.8 Explain the difference between identification and authentication (identity proofing).
11
3.9 Explain and apply physical access security methods.
Physical access logs/lists 8
Hardware locks 8
Physical access control – ID badges 8
Door access systems 8
Man-trap 8
Physical tokens 8
Video surveillance – camera types and positioning 8
4.0 Assessments & Audits
4.1 Conduct risk assessments and implement risk mitigation.
14
643
Appendix A: Objectives Map: CompTIA Security+
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
4.2 Carry out vulnerability assessments using common tools.
Port scanners 14
Vulnerability scanners 14
Protocol analyzers 14
OVAL 17
Password crackers 15
Network mappers 14
4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability
scanning.
14
4.4 Use monitoring tools on systems and networks and detect security-related anomalies.
Performance monitor 14
Systems monitor 14
Performance baseline 14
Protocol analyzers 14
4.5 Compare and contrast various types of monitoring methodologies.
Behavior-based 13
Signature-based 13
Anomaly-based 13
4.6 Execute proper logging procedures and evaluate the results.
Security application 14
DNS 14
System 14
Performance 14
Access 14
Firewall 13
Antivirus 14
4.7 Conduct periodic audits of system security settings.
User access and rights review 2, 19
Storage and retention policies 19
Group policies 19
5.0 Cryptography
5.1 Explain general cryptography concepts.
Key management 5, 6, 7
Steganography 5
Symmetric key 5
Asymmetric key 5
Confidentiality 5
Integrity and availability 5
644
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
Non-repudiation 5
Comparative strength of algorithms 5
Digital signatures 5
Whole disk encryption 5
Trusted Platform Module (TPM) 5
Single vs. Dual sided certificates 5, 6
Use of proven technologies 5
5.2 Explain basic hashing concepts and map various algorithms to appropriate applications.
SHA 5, 23
MD5 5, 23
LANMAN 5
NTLM 5
5.3 Explain basic encryption concepts and map various algorithms to appropriate applications.
DES 5
3DES 5
RSA 5
PGP 5
Elliptic curve 5
AES 5
AES256 5
One time pad 5
Transmission encryption (WEP TKIP, etc.) 5, 7
5.4 Explain and implement protocols.
SSL/TLS 5,
S/MIME 5, 7, 16
PPTP 5, 7, 11
HTTP vs. HTTPS vs. SHTTP 5, 7
L2TP 5, 11
IPSEC 5, 7, 11
SSH 5, 11
5.5 Explain core concepts of public key cryptography.
Public Key Infrastructure (PKI) 6, 16
Recovery agent 6
Public key 6
Private keys 6
Certificate Authority (CA) 6
Registration 6
Key escrow 6
Certificate Revocation List (CRL) 6
Trust models 6
645
Appendix A: Objectives Map: CompTIA Security+
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
5.6 Implement PKI and certificate management.
Public Key Infrastructure (PKI) 6, 16
Recovery agent 6
Public key 6
Private keys 6
Certificate Authority (CA) 6
Registration 6
Key escrow 6
Certificate Revocation List (CRL) 6
6.0 Organizational Security
6.1 Explain redundancy planning and its components.
Hot site 19
Cold site 19
Warm site 19
Backup generator 19
Single point of failure 19
RAID 19
Spare parts 19
Redundant servers 19
Redundant ISP 19
UPS 19
Redundant connections 19
6.2 Implement disaster recovery procedures.
Planning 19
Disaster recovery exercises 19
Backup techniques and practices – storage 19
Schemes 19
Restoration 19
6.3 Differentiate between and execute appropriate incident response procedures.
Forensics 19, 23
Chain of custody 19, 23
First responders 19, 23
Damage and loss control 19, 23
Reporting – disclosure of 19, 23
6.4 Identify and explain applicable legislation and organizational policies.
Secure disposal of computers 2
Acceptable use policies 2, 19
Password complexity 2, 4
Change management 2, 19
Classification of information 2, 19
646
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
Topic Chapter(s)
Mandatory vacations 2, 4, 19
Personally Identifiable Information (PII) 2, 25
Due care 2, 19
Due diligence 2, 19
Due process 2, 19
SLA 2, 19
Security-related HR policy 2, 4
User education and awareness training 2, 4
6.5 Explain the importance of environmental controls.
Fire suppression 3, 8
HVAC 3, 8
Shielding 3, 8
6.6 Explain the concept of and how to reduce the risks of social engineering.
Phishing 2, 4
Hoaxes 2, 4
Shoulder surfing 2, 4
Dumpster diving 2, 4
User education and awareness training 2, 4
647
Appendix A: Objectives Map: CompTIA Security+
P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix
B About the CD
T he CD-ROM included with this book comes complete with MasterExam, the electronic version of the book, and
Session #1 of LearnKey’s online training. The software is easy to install on any Windows 2000/XP/Vista computer
and must be installed to access the MasterExam feature. You may, however, browse the electronic book directly from the
CD without installing the software. To register for LearnKey’s online training or the bonus MasterExam, simply click the
Bonus MasterExam link on the main launch page and follow the directions to the free online registration.
System Requirements
Software requires Windows 2000 or higher and Internet Explorer 6.0 or above and 20MB of hard disk space for full
installation. The electronic book requires Adobe Reader. To access the online training from LearnKey, you must
have Windows Media Player 9 or higher and Adobe Flash Player 9 or higher.
MasterExam
MasterExam provides you with a simulation of the actual exam. The number of questions, the type of questions,
and the time allowed are intended to be an accurate representation of the exam environment. You have the option
to take an open-book exam, including hints, references, and answers, a closed-book exam, or the timed
MasterExam simulation.
When you launch MasterExam, a digital clock display will appear in the bottom-right corner of your screen.
The clock will continue to count down to zero unless you choose to end the exam before the time expires.
648
P:\010Comp\BaseTech\375-8\AppB.vp
Thursday, November 12, 2009 3:21:25 PM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter B
■ Electronic Book
The entire contents of the textbook are provided as a PDF. Adobe Reader
has been included on the CD.
■ Help
A help file is provided through the Help button on the main page in the
lower-left corner. Individual help features are also available through
MasterExam and LearnKey’s online training.
■ Removing Installation(s)
MasterExam is installed to your hard drive. For best results removing the
program, select the Start | All Programs | LearnKey | Uninstall option to
remove MasterExam.
■ Technical Support
For questions regarding the content of the electronic book or MasterExam,
please visit www.mhprofessional.com or e-mail customer.service@mcgraw-
hill.com. For customers outside the 50 United States, e-mail international_
cs@mcgraw-hill.com.
649
Appendix B: About the CD
P:\010Comp\BaseTech\375-8\AppB.vp
Thursday, November 12, 2009 3:21:26 PM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
1 Introduction and
Security Trends
Security is mostly a superstition.
It does not exist in nature, nor
do the children of men as a whole
experience it. Avoiding danger is
no safer in the long run than
outright exposure. Life is either a
daring adventure or nothing.
—HELEN KELLER
P:\010Comp\BaseTech\375-8\ch01.vp
Tuesday, November 17, 2009 2:54:22 PM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
Security Incidents
By examining some of the computer-related crimes that have been commit-
ted over the last 20 or so years, we can better understand the threats and se-
curity issues that surround our computer systems and networks. Electronic
crime can take a number of different forms but the ones we will examine
here fall into two basic categories: crimes in which the computer was the tar-
get, and incidents in which a computer was used to perpetrate the act (for
example, there are many different ways to conduct bank fraud, one of which
uses computers to access the records that banks process and maintain).
We will start our tour of computer crimes with the 1988 Internet worm
(Morris worm), one of the first real Internet crime cases. Prior to 1988 crimi-
nal activity was chiefly centered on unauthorized access to computer sys-
tems and networks owned by the telephone company and companies which
provided dial-up access for authorized users. Virus activity also existed
prior to 1988, having started in the early 1980s.
1
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:57 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
Morris actually intended that his creation cause the impact that it did at the
time. The worm infected roughly 10 percent of the machines then connected
to the Internet (which amounted to approximately 6000 infected machines)
and caused an estimated $100 million in damage, though this number has
been the subject of wide debate. The worm carried no malicious payload,
the program being obviously a “work in progress,” but it did wreak havoc
because it continually reinfected computer systems until they could no lon-
ger run any programs. The worm took advantage of known vulnerabilities
in several programs to gain access to new hosts and then copied itself over.
Morris was eventually convicted under Title 10 United States Code Section
1030 for releasing the worm and was sentenced to three years’ probation, a
$10,000 fine, and 400 hours of community service.
2
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:58 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
3
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:58 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
the body of the message usually generated enough user curiosity that many
people opened the document and thus infected their system, which in turn sent
the same message to 50 of their acquaintances. As a final action, if the minute of
the current hour when the macro was run matched the day of the month, the
macro inserted “Twenty-two points, plus triple-word-score, plus fifty points
for using all my letters. Game’s over. I’m outta here.” into the current docu-
ment. Smith, who plead guilty, was ultimately fined $5000 and sentenced to
20 months in jail for the incident. Because the macro code is easy to modify,
there have been many variations of the Melissa virus. Recipients could avoid
infection by Melissa simply by not opening the attached file.
4
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:58 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
scheme actually ended up helping to eliminate the worm, because soon after
it was released on the 19th, the worm stopped trying to infect systems. This
provided a period of time when systems could be rebooted and patched be-
fore they were infected again.
5
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:58 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
Conficker (2008–2009)
In late 2008 and early 2009, security experts became alarmed when it was
discovered that millions of systems attached to the Internet were infected
with the Downadup worm. Also known as Conficker, the worm was first
detected in November 2008 and was believed to have originated in Ukraine.
Infected systems were not initially damaged beyond having their antivirus
solution updates blocked. What alarmed experts was the fact that infected
systems could be used in a secondary attack on other systems or networks.
Each of these infected systems was part of what is known as a bot network
and could be used to cause a DoS attack on a target or be used for the for-
warding of spam e-mail to millions of users. It was widely believed that this
network of subverted systems would be activated on April 1, 2009, and
would result in the widespread loss of data and system connectivity. As it
turned out, very little damage was done on that date, though millions of dol-
lars were spent in responding to the millions of infected systems.
6
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:59 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
Threats to Security
The incidents described in the previous section provide a glimpse into the
many different threats that face administrators as they attempt to protect
their computer systems and networks. There are, of course, the normal natu-
ral disasters that organizations have faced for years. In today’s highly net-
worked world, however, new threats have developed that we did not have
to worry about 50 years ago.
There are a number of ways that we can break down the various threats.
One way to categorize them is to separate threats that come from outside of
the organization from those that are internal. Another is to look at the vari-
ous levels of sophistication of the attacks, from those by “script kiddies” to
those by “elite hackers.” A third is to examine the level of organization of the
various threats, from unstructured threats to highly structured threats. All
of these are valid approaches, and they in fact overlap each other. The fol-
lowing sections examine threats from the perspective of where the attack
comes from.
Intruders
The act of deliberately accessing computer systems and networks without
authorization is generally referred to as hacking, with individuals who con-
duct this activity being referred to as hackers. The term hacking also applies
to the act of exceeding one’s authority in a system. This would include
7
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:59 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
authorized users who attempt to gain access to files they aren’t permitted to
access or who attempt to obtain permissions that they have not been
granted. While the act of breaking into computer systems and networks has
been glorified in the media and movies, the physical act does not live up to
the Hollywood hype. Intruders are, if nothing else, extremely patient, since
the process to gain access to a system takes persistence and dogged determi-
nation. The attacker will conduct many preattack activities in order to ob-
tain the information needed to determine which attack will most likely be
successful. Generally, by the time an attack is launched, the attacker will
have gathered enough information to be very confident that the attack will
succeed. If it doesn’t, the attacker will gather additional information and
take a different approach (though launching the first attack may alert secu-
rity personnel). Generally, attacks by an individual or even a small group of
attackers fall into the unstructured threat category. Attacks at this level gen-
erally are conducted over short periods of time (lasting at most a few
months), do not involve a large number of individuals, have little financial
backing, and are accomplished by insiders or outsiders who do not seek col-
lusion with insiders.
Intruders, or those who are attempting to conduct an intrusion, defi-
nitely come in many different varieties and have varying degrees of sophis-
tication (see Figure 1.1). At the low end technically are what are generally
referred to as script kiddies, individuals who do not have the technical exper-
tise to develop scripts or discover new vulnerabilities in software but who
have just enough understanding of computer systems to be able to down-
load and run scripts that others have developed. These individuals gener-
ally are not interested in attacking specific targets, but instead simply want
to find any organization that may not have patched a newly discovered vul-
nerability for which the script kiddie has located a script to
exploit the vulnerability. It is hard to estimate how many of
the individuals performing activities such as probing net-
works or scanning individual systems are part of this
group, but it is undoubtedly the fastest growing group and
the vast majority of the “unfriendly” activity occurring on
the Internet is probably carried out by these individuals.
At the next level are those people who are capable of
writing scripts to exploit known vulnerabilities. These indi-
viduals are much more technically competent than script
kiddies and account for an estimated 8 to 12 percent of ma-
licious Internet activity. At the top end of this spectrum are
those highly technical individuals, often referred to as elite
hackers, who not only have the ability to write scripts that
exploit vulnerabilities but also are capable of discovering
new vulnerabilities. This group is the smallest of the lot,
• Figure 1.1 Distribution of attacker skill levels however, and is responsible for, at most, only 1 to 2 percent
of intrusive activity.
Insiders
It is generally acknowledged by security professionals that insiders are
more dangerous in many respects than outside intruders. The reason for
this is simple—insiders have the access and knowledge necessary to cause
immediate damage to an organization. Most security is designed to protect
8
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:00 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
against outside intruders and thus lies at the boundary between the organi-
zation and the rest of the world. Insiders may actually already have all the Tech Tip
access they need to perpetrate criminal activity such as fraud. In addition to The Inside Threat
unprecedented access, insiders also frequently have knowledge of the secu- One of the hardest threats that se-
rity systems in place and are better able to avoid detection. Attacks by insid- curity professionals will have to
ers are often the result of employees who have become disgruntled with address is that of the insider.
their organization and are looking for ways to disrupt operations. It is also Since employees already have ac-
possible that an “attack” by an insider may be an accident and not intended cess to the organization and its
as an attack at all. An example of this might be an employee who deletes a assets, additional mechanisms
critical file without understanding its critical nature. need to be in place to detect at-
Employees are not the only insiders that organizations need to be con- tacks by insiders and to lessen the
cerned about. Often, numerous other individuals have physical access to ability of these attacks to succeed.
company facilities. Custodial crews frequently have unescorted access
throughout the facility, often when nobody else is around. Other individu-
als, such as contractors or partners, may have not only physical access to the
organization’s facilities but also access to computer systems and networks.
Criminal Organizations
As businesses became increasingly reliant upon computer systems and net-
works, and as the amount of financial transactions conducted via the
Internet increased, it was inevitable that criminal organizations would
eventually turn to the electronic world as a new target to exploit. Criminal
activity on the Internet at its most basic is no different from criminal activity
in the physical world. Fraud, extortion, theft, embezzlement, and forgery all
take place in the electronic environment.
One difference between criminal groups and the “average” hacker is the
level of organization that criminal elements employ in their attack. Criminal
groups typically have more money to spend on accomplishing the criminal
activity and are willing to spend extra time accomplishing the task provided
the level of reward at the conclusion is great enough. With the tremendous
amount of money that is exchanged via the Internet on a daily basis, the
level of reward for a successful attack is high enough to interest criminal ele-
ments. Attacks by criminal organizations usually fall into the structured
threat category, which is characterized by a greater amount of planning, a
longer period of time to conduct the activity, more financial backing to ac-
complish it, and possibly corruption of, or collusion with, insiders.
9
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:00 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
Security Trends
The biggest change that has occurred in security over the last 30 years has
been the change in the computing environment from large mainframes to a
highly interconnected network of much smaller systems (smaller is a rela-
tive term here because the computing power of desktop computers exceeds
the power of many large mainframes of 30 years ago). What this has meant
for security is a switch from an environment in which everything was fairly
contained and people operated in a closed environment to one in which ac-
cess to a computer can occur from almost anywhere on the planet. This has,
for obvious reasons, greatly complicated the job of the security professional.
The type of individual who attacks a computer system or network has
also evolved over the last 30 years. There was, of course, the traditional in-
telligence service operator paid by a particular country to obtain secrets
from other government computer systems. These people still exist. What
has increased dramatically is the number of nonaffiliated intruders. As dis-
cussed earlier, the rise of the “script kiddie” has greatly multiplied the num-
ber of individuals who probe organizations looking for vulnerabilities to
exploit. This is actually the result of another recent trend: as the level of so-
phistication of attacks has increased, the level of knowledge necessary to
10
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:00 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
■ Avenues of Attack
There are two general reasons a particular computer system is attacked: ei-
ther it is specifically targeted by the attacker, or it is an opportunistic target.
In the first case, the attacker has chosen the target not because of the hard-
ware or software the organization is running but for another reason, per-
haps a political reason. An example of this type of attack would be an
individual in one country attacking a government system in another. Alter-
natively, the attacker may be targeting the organization as part of a
hacktivist attack. An example, in this case, might be an attacker who defaces
the web site of a company that sells fur coats because the attacker feels that
using animals in this way is unethical. Perpetrating some sort of electronic
fraud is another reason a specific system might be targeted. Whatever the
reason, an attack of this nature is decided upon before the attacker knows
what hardware and software the organization has.
11
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:01 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
12
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:01 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
13
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:01 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
Types of Attacks
There are a number of ways that a computer system or network can be at-
tacked (this topic will be covered in greater detail in Chapter 15). If success-
ful, the attack may produce one of the following: a loss of confidentiality, if
information is disclosed to individuals not authorized to see it; a loss of in-
tegrity, if information is modified by individuals not authorized to change
it; or a loss of availability, if information or the systems processing it are not
available for use by authorized users when they need the information.
14
Principles of Computer Security: CompTIA Security+ and Beyond
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:01 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
Chapter 1 Review
■ Chapter Summary
After reading this chapter and completing the quizzes, ■ Numerous web sites exist that provide information
you should understand the following regarding on vulnerabilities in specific application programs
security trends. and operating systems.
■ The first step an administrator can take to
List and Discuss Recent Trends in Computer Security minimize possible attacks is to ensure that all
■ Fifty years ago, few people had access to a patches for the operating system and applications
computer system or network, so securing them are installed.
was a relatively easy matter.
■ There are many different ways to attack computers Describe Various Types of Threats That Exist for
and networks to take advantage of what has made Computers and Networks
shopping, banking, investment, and leisure ■ There are a number of different threats to security,
pursuits a simple matter of “dragging and including viruses and worms, intruders, insiders,
clicking” for many people. criminal organizations, terrorists, and information
■ The biggest change that has occurred in security warfare conducted by foreign countries.
over the last 30 years has been the change in the ■ There are two general reasons a particular
computing environment from large mainframes to computer system is attacked: it is specifically
a highly interconnected network of much smaller targeted by the attacker, or it is a target of
systems. opportunity.
■ Targeted attacks are more difficult and take more
Describe Simple Steps to Take to Minimize the time than attacks on a target of opportunity
Possibility of an Attack on a System
■ The steps an attacker takes in attempting to Discuss Recent Computer Crimes That Have Been
penetrate a targeted network are similar to the ones Committed
that a security consultant performing a penetration ■ The different types of electronic crime fall into two
test would take. main categories: crimes in which the computer was
■ A ping sweep simply sends a “ping” (an ICMP the target of the attack, and incidents in which the
echo request) to the target machine. computer was a means of perpetrating a criminal
■ A port scan will help identify which ports are act.
open, thus giving an indication of which services ■ One significant trend observed over the last several
may be running on the targeted machine. years has been the increase in the number of
computer attacks.
15
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:02 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
■ Key Terms
critical infrastructures (10) information warfare (9)
elite hackers (8) ping sweep (12)
hacker (7) port scan (12)
hacking (7) script kiddies (8)
hacktivist (11) structured threat (9)
highly structured threat (9) unstructured threat (8)
16
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:02 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1
■ Multiple-Choice Quiz
1. Which threats are characterized by possibly long 5. Which of the following is generally viewed as the
periods of preparation (years is not uncommon), first Internet worm to have caused significant
tremendous financial backing, a large and damage and to have “brought the Internet
organized group of attackers, and attempts to down”?
subvert insiders or to plant individuals inside a A. Melissa
potential target in advance of a planned attack?
B. The “Love Bug”
A. Unstructured threats
C. The Morris worm
B. Structured threats
D. Code Red
C. Highly structured threats
6. Which of the following individuals was
D. Nation-state information warfare threats convicted of various computer crimes and was
2. Which of the following is an attempt to find and known for his ability to conduct successful social
attack a site that has hardware or software that is engineering attacks?
vulnerable to a specific exploit? A. Kevin Mitnick
A. Target of opportunity attack B. Vladimir Levin
B. Targeted attack C. Timothy Lloyd
C. Vulnerability scan attack D. David Smith
D. Information warfare attack 7. According to the CSI/FBI survey, which of the
3. Which of the following threats has not grown following statistics decreased in 2003?
over the last decade as a result of increasing A. The number of organizations reporting the
numbers of Internet users? Internet as a point of attack
A. Viruses B. The number of organizations that have
B. Hackers reported unauthorized use of their systems
C. Denial-of-service attacks C. The average loss as a result of theft of
D. All of these have seen an increase over the proprietary information
last decade. D. Both B and C
4. The rise of which of the following has greatly 8. Which virus/worm was credited with reaching
increased the number of individuals who probe global proportions in less than ten minutes?
organizations looking for vulnerabilities to A. Code Red
exploit?
B. The Morris worm
A. Virus writers
C. Melissa
B. Script kiddies
D. Slammer
C. Hackers
D. Elite hackers
17
Chapter 1: Introduction and Security Trends
P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:02 AM
Another random document with
no related content on Scribd:
some measurements making it more, and some less than the 100
feet here given.
When things were in their natural state, undisturbed by man, the
Birket el Keiroon was a lake, as it is now. In those days, as in our
own, it was supplied with water, just as the pool within the enclosure
of Karnak, and other pools, and all the wells in Egypt, by natural
infiltration; for the water of the river percolates readily through the
porous strata, and flows into any sufficiently deep depressions, or
excavations. The existence of the oases also in the desert must be
accounted for in this way.
The Bahr Jusuf Canal had, at some unrecorded date, been
brought along the foot of the Libyan range. Starting from Diospolis
Parva, by the air-line forty miles below Thebes, it had traversed the
whole of the rest of the valley; then, passing through the Delta, it had
reached the sea, somewhere in the neighbourhood of modern
Alexandria; a distance, again, in the air-line of 400 miles; though, of
course, this falls very far short of giving the measure of its ceaseless
sinuosities. This Grand Canal of old Egypt now carries off about a
twenty-eighth part of the water that passes over the cataract of
Philæ. In its course it flows along the depressed range that forms the
eastern boundary of the Faioum. In this depressed range there is a
ravine through which in early days, at the season of the inundation,
some of the overflow of the Bahr Jusuf found its way to the top level
of the Faioum. It is not easy now, to decide whether it got through
naturally at first, or whether the ravine was canalized to enable it to
pass through. At all events it is evident that, if there had originally
been a natural passage, it was levelled and enlarged by man
availing himself of natural fissures and depressions. But however
this might have been, the inundation having found its way on to the
upper level of the Faioum, appears to have formed there an
immense morass.
The first condition, then, of the district had been a dry desert,
precisely resembling any other part of the desert, except that it
slanted from what may be spoken of as the rim of its mussel-shell-
like depression down to the spring-fed Birket el Keiroon. Its second
condition, that now before us, is what was brought about by the
water of the inundation, that had in some way or other been let into
the district: it formed wherever it was retained, and chiefly on the
upper plateau, a vast extent of morasses. We have the evidence of
geology for the former—for we see that the original surface of the
district consisted of thin layers of limestone, alternating with layers of
clay—and of tradition for the latter.
We now come to the third, which is the historical, stage. By a
series of enormous dykes, some of them several miles in length, the
enclosed space having a breadth also of some miles, the inflowing
water was confined to certain portions of the upper plateau; perhaps
the whole of the upper plateau was by these means formed into a
lake. The water thus retained and secured, was amply sufficient for
the perennial irrigation of the whole of the descent reaching from the
upper southern plateau down to the Birket el Keiroon, and for a
district to the west and south, and, when the effects of the inundation
began to be exhausted in the valley of Egypt, for the contiguous
departments of Memphis and Heracleopolis. In this way the creation
of the Faioum, the most fertile province in Egypt, was far from being
the whole of the benefit derived from these vast waterworks.
The lake, or series of connected lakes, formed on the summit of
the plateau may have been twenty miles long, and two or three wide.
This was the famous Lake Mœris. The water was made to enter the
lake by a channel, which probably commenced at the modern
Howarah, and was drawn off for irrigation outside the Faioum by a
channel which appears to have passed out at Illahoun. In each of
these a sluice was constructed. The extreme costliness of opening
and shutting these sluices shows that they must have been
enormous structures: but this was only in proportion to the vast
volume of water that passed through them. To fill such lakes during
the time of the high water of the inundation nothing less than a
considerable river would have sufficed. We can only think it very
much to the credit of these primæval engineers that they managed
such sluices at all. Nothing like either the slatts, or the locks, on
some of our rivers for holding back the water, would have answered
their purpose. They wisely made the channel for letting out the water
quite distinct from that for letting it in; for, if one of the sluices got out
of order, then the other might be used while the damages of the
injured one were being repaired. In a matter of life and death to so
many it would not have done at all to have had only one string to
their bow.
But to revert to the gains of these vast hydraulic constructions. An
entirely new department had been added to Egypt. It was called the
Arsinoite, or Crocodilopolite nome, from Arsinöe or Crocodilopolis, its
capital; and turned out, from its more thorough exposure to air than
was possible in the valley of Egypt, the richest and most productive
part of the kingdom. Its produce was better and more varied. For the
six low-water months also during which the stored-up treasure of its
great lake flowed back into the valley, it maintained the irrigation of
the contiguous river-side departments. Some of the canals of India
may have done as much, but no work of man was ever grander in its
conception, more completely successful in all it aimed at achieving,
or of greater and more undoubted utility. It must have brought into
being, and kept in existence, more than 500,000 souls in the
department it created, and in those whose productiveness it
increased; for we are speaking of land which, we must remember,
was not cultivated as our farms, or even as our gardens are, and
which produced never less than two crops a year; and which not
being inundated, as the land in the valley, but irrigated, and warped,
regularly, and at will, all the year round, was capable of yielding three
crops annually. Every square foot of ground in the Faioum, all the
conditions of warmth, fertility, and moisture being always present,
was kept working, at the highest power, through every hour of the
twelve months.
In Lake Mœris the crocodile abounded, having come in with the
water. It thus became to the inhabitants of the nome the symbol of
the life-giving water; and, having become to their minds the
representative of that upon which everything depended, as had been
the case with other symbols, it was held sacred, and eventually
worshipped. Just so in the lower departments outside, where they
had once had too much water, and which had not become
inhabitable till the water had been drained, and dyked off, and
regulated, not the crocodile, but the ichneumon, the enemy of the
crocodile, had, by an analogous process, become an object of
worship. They had suffered from water, and could only with difficulty
keep it from overwhelming their lowlands; and so they made a
symbol, for the idea of regulating water that encroached and was
destructive, of that which was supposed to destroy what their
neighbours had made a symbol of water itself. Here was a symbol
upon a symbol. But these were people who thought in hieroglyphics;
and to get to an understanding of what they meant we must translate
their hieroglyphical modes of thought and expression into our own
direct modes.
This lake so abounded in fish—more than twenty species were
found in it—that the daily take, during the six months the water was
flowing out, was sold for a talent of silver, about two hundred pounds
of our money. During the time the water was flowing in the average
of the amounts of the daily sales was the third of a talent. The king
gave these proceeds of the lake fisheries to the queen for pin-
money. The quantity of fish taken was so great that there was at
times a difficulty in pickling and drying it.
Herodotus describes Lake Mœris as 450 miles in circumference.
These figures are probably not those of an ignorant copyist, but what
the historian himself set down in his original manuscript, for he gives
the measurement in schœni as well as in stadia. The statement, of
course, is an impossibility, for the true Lake Mœris could not have
been more than twenty miles in length, or more than four in width.
No one can suppose that Herodotus is here drawing a long bow to
astonish his countrymen with a traveller’s tale. If he had been at all
capable of doing anything of this kind, he never could have written a
book of such value as all competent judges have ever assigned to
his great work; and whatever he might have written would soon have
fallen into deserved contempt. It has occurred to me that we may
explain his figures by supposing that he meant them to give the
circumference of the whole water-system of the Faioum. On the
southern ridge of the mussel-shell he saw the great Lake Mœris;
along its northern side he saw what we distinguish by the name of
Birket el Keiroon; he saw the eastern extremities of the two
connected by a broad canal, and in like manner their western
extremities; and throughout the intervening descent he found a
complete network of irrigating canals. As he makes no separate
mention of the Birket el Keiroon, the probability is that he considered
it to be a part of Lake Mœris. Regarding, then, the two lakes as part
of the same plan, and as equally the work of man, and finding them
so intimately connected with canals, he looked upon the whole as
one lake enclosing the cultivated Faioum, and so he speaks of the
whole under a single name, and gives a measurement of the
circumference of the whole as that of Lake Mœris. What he says of
the difficulty he had in understanding what had become of the earth
raised in excavating the lake would apply to Birket el Keiroon,
supposing it to have been artificially formed. This is almost a
demonstration of his having regarded it as a part of Lake Mœris. Of
course there could have been no difficulty of this kind with respect to
the true Lake Mœris, for that had not been formed at all by
excavation, but by dykes: it was a great dam, or series of dams, and
the earth required for the construction of the dykes was all the earth
that had been moved. The difficulty, therefore, here must have been
just the very opposite to that which occurred to Herodotus, because,
before the water of the inundation had deposited any or much mud in
the district, the problem the engineer had to solve was, where he
was to get sufficient earth from to make the dykes.
Some travellers have spoken of the broad belt of shingly gravel on
the south side of Birket el Keiroon, as a phenomenon that needs
explanation. They ask—Where is the fertile soil that ought to be
there? The answer, I suppose, is—That it may be found precisely
where it ought to be, that is, at the bottom of the Birket el Keiroon. At
times a great deal of water has passed through the canals, as
formerly from Lake Mœris itself, into the Birket el Keiroon. This must
have been very great on the occasion of such a mishap as a break in
the dykes, which doubtless occurred at times, especially when things
were going out of order. The beach, therefore, of the Birket el
Keiroon has been very variable, having often been very considerably
advanced. To whatever point the water rose, so far the wash of the
waves, breaking on the beach, would float off the light particles of
soil, and transport them to the quiet bottom of deep water. What
there would be a difficulty in explaining would be, not the absence of,
but the finding of Nile-mud soil in this belt that margins the Birket el
Keiroon.
In some parts of the old bed of the now dry Lake Mœris we find
deposits of Nile-mud sixty feet thick. Again, this is what might have
been expected. The water of the inundation flowed into the lake
heavily charged with mud. The lake was still water. The sediment,
therefore, was speedily deposited at the bottom. This process was
repeated every year. Say that a film of the fourth of an inch was
deposited each year from Amenemha to Strabo, the whole of the
sixty feet will be accounted for. But this deposition of mud must also
have been going on during the antecedent unrecorded centuries of
the morass-period.
This will also account for something more, that is, for the disuse
and obliteration of the lake. The mud had at last taken the place of
the water. The dykes had not been made of any great height at first,
but, as the soil rose both within and on the outside, they had, in the
course of two thousand years, been frequently raised
correspondingly. Of course, the bed of the Nile, like that of the Po,
gradually rises, but the amount of this rise is not great, and would
bear but a small proportion to the rise of the bottom of the lake. Lake
Mœris, therefore, contained in itself, as so many natural lakes have
done, a suicidal element. What made it a lake was destined to make
it one day, what it has long been, dry land. This was, from the first,
only a question of time. Water could, of course, again at this day be
dammed up upon the site of the old lake, but only by taking it from
the river at a higher point than of old; higher, that is to say, than the
inlet of the Bahr Jusuf Canal at the old Diospolis Parva; for instance,
it might be necessary to take it now from above the Cataract of
Philæ, though, indeed, if that could be engineered, we cannot
suppose that it would pay, for the Faioum, including the bed of the
old lake, is pretty well irrigated now, though, of course, it has no
storage of water for the needs of the adjacent river-side lands.
It is obvious that we must connect with these vast and
scientifically-carried-out hydraulic works of the Faioum, the
registration of the height of the annual inundation Herodotus
mentions, and of which we have still existing evidence in the rock-cut
records at Semnéh, we referred to in our first chapter. He says this
registration was commenced in the time of Mœris. Now Mœris was
that Amenemha III., who constructed these great reservoirs of the
Faioum, and after whom they were ever afterwards called. The
connexion between the yearly marking of the height of the rising at
Semnéh, in Nubia, and the reservoirs of the Faioum might have
been that the register at Semnéh was a detective apparatus for
showing how much water ought each year to have been brought into
the reservoirs; it would also indicate what was the need for irrigation
in the contiguous departments outside the Faioum; and thus be a
guide for the regulation of the amount of water that ought to be let
out each year.
In the waterworks of the Faioum there was a grand utility with
which our thought is more than satisfied: in the Labyrinth was seen
the architectural glory of the newly-created province; it was the
greatest construction of the old Monarchy: the Pyramids had been a
rude introduction to it; and it suggested to the younger monarchy the
chief structures of Karnak. If we could now behold it, as it stood at
the time when the Hyksos broke into Egypt to become its masters for
between four and five centuries, we should regard it as one of the
most historically interesting and instructive buildings ever erected in
the world.
Its primary conception had been that of a place of assembly for the
Parliaments of old Egypt. At that time one court, to which were
attached 250 chambers, half being above, and half below ground,
appears to have been assigned to each of the twenty-seven
departments of the kingdom. Each of these chambers was roofed
with a single stone slab. No material but stone had been used
throughout the structure. Its pillars were monoliths of red granite, and
of a limestone so white as to have been mistaken for Parian marble,
and of so compact a texture as to receive a good polish. The
sculptures of the courts and chambers were singularly bold and
good. Those of each court, and its connected chambers, had
reference to the history, the peculiarities, and the religion of the
department to which it had been assigned. Besides the chambers
were numerous halls, porticoes, and passages. The area of the roof,
composed of the enormous slabs just mentioned, may have formed
the actual place of assembly for the collected deputies of the
departments. On the north side stood the Pyramid in which was
buried Amenemha III., who, if he had not originally designed the
Labyrinth, had, at all events, been its chief constructor, for his
scutcheon is frequently found in the existing remains. This Pyramid
was cased with the white limestone used in the Labyrinth itself. The
dimensions of the figures sculptured upon it were unusually large.
This form having been incorporated into the general design, for it
was placed in front of the north, which was the open side, must have
gone some way towards breaking the monotony of the horizontal
and perpendicular lines of the Labyrinth itself.
Herodotus saw it after its partial restoration by the Dodecarchs.
They had restored twelve of its courts, one for each of themselves.
Those were days of decadence, when what would contribute to the
greatness, not of the kingdom, but of the individual ruler, was the
governing idea in royal minds. It had first fallen into decay, because
into disuse, during the long period of Hyksos occupation; and on the
rise of the new monarchy the place of assembly had been removed
to Thebes, where Sethos had constructed his grand hypostyle hall
for that very purpose. It had, therefore, at the time when the twelve
kings took it in hand, been disused and dilapidated for a period of
between fifteen and twenty centuries, probably for as long a time as
has elapsed from the days of Augustus to our own day. In that long
period we can imagine to what an extent it had been resorted to as a
quarry for limestone, and building materials. This will account for the
restorations of the twelve kings having been so considerable, that
Herodotus speaks of them as having been the builders of the
structure he saw.
Above two thousand years more have since elapsed, the whole of
which have been years of neglect, and wilful dilapidation; and sad,
indeed, is now the state of the grand building, once the grandest in
all the world, upon which men had bestowed so much labour and
thought, and of which those, to whom it belonged, had been so
proud. An Arab canal has been carried through the centre of it. What
remains is buried in the rubbish-heaps formed by its own overthrow
and destruction. Still, there must be much within and beneath those
heaps that might be disinterred. The whole ought to be carefully and
critically examined. It is evident that these remains, from their extent
and their connexion with the old monarchy, of which the original
structure was the chief and most historical monument, are the most
promising of all fields for Egyptological investigation.
CHAPTER XV.
HELIOPOLIS.
A sense of our connexion with the past vastly enlarges our sympathies, and
supplies additional worlds for their exercise.—Edinburgh Review.