3DES (3 Data Encryption Standard), 240

5G (Fifth Generation Wireless Systems), 454

6LoWPAN wireless protocol, 41

802.11a wireless connections, 39

802.11a Wireless Gigabyte Alliance wireless connections, 39

802.11ac wireless connections, 39

802.11af wireless connections, 39

802.11ah wireless connections, 39

802.11aj wireless connections, 39

802.11ax wireless connections, 39

802.11b wireless connections, 39

802.11be wireless connections, 39

802.11g wireless connections, 39

802.11n wireless connections, 39

802.11n-2009 wireless connections, 39

2014 Data Breach Investigation Report (Verizon), 18

abelian (commutative) groups, 242

acceptance, risk assessments, 7

access control, 321–322

ACK, SYN.ACK communications, 50

active code scanning, 271

active IDS (Intrusion Detection Systems), 280

active scanning techniques, 169

1. connect scans, 170

2. enumeration, 174–175

3. FIN probes, 173

4. FIN scans, 171

5. FTP bounce scans, 173

6. ping scans, 170

7. port scanning, 169–173

8. Shodan, 175–176

9. SNMP scans, 173

10. SYN scans, 171

11. vulnerability assessments, 173

active state, cell phones, 452

activities, security

1. auditing, 21

2. authentication, 21

administration policies, 316

1. breaches, 319–321

2. change requests, 317–319

3. departing employee policies, 316–317

4. DoS attacks, 320

5. hacker intrusions, 320–321

6. new employee policies, 316

7. viruses, 319–320

advertised relay nodes, The Dark Web, 193

AES (Advanced Encryption Standard), 240–242

age of passwords, 344

AI (Artificial Intelligence) and information warfare, 395–396

ALE (Annualized Loss Expectancy), 6

algorithms

1. encryption, 237

2. hashing

   1. HMAC, 254

   2. MAC, 254

   3. MD5, 253

   4. RIPEMD, 254

   5. SHA, 253–254

alphabet substitution

1. Atbash cipher, 230–231

2. Caesar cipher, 229–230

3. mono-alphabet substitution, 230

4. multi-alphabet substitution, 231

5. Vigenere cipher, 231

analysis

1. cryptanalysis, 257–258

2. frequency analysis, 258

AND operations, 235

Android, cyber forensics, 455–456

ANT+ wireless protocol, 41

anti-malware, 157

antispyware, 278–279

antivirus software, 153–156, 272

Apple viruses 1, 2, and 3, 140

application gateways, 274

Application layer (OSI network model), 60

Application layer (TCP/IP network model), 61

application-layer firewalls, 276

applications, patches, 338

approaches, security

1. hybrid security approaches, 23–24

2. layered security approaches, 23

3. passive security approaches, 23

4. perimeter security approaches, 23

APT (Advanced Persistent Threats), 152, 381

armored viruses, 133

ARO (Annual Rate of Occurrence), 6–7

ARP (Address Resolution Protocol), 56–57

arp command, 56–57

ASCLD (American Society of Crime Laboratory Directors), 437

assessing

1. risk, 7, 17–18

   1. acceptance, 7

   2. ALE, 6

   3. ARO, 6

   4. avoidance, 7

   5. mitigation, 7

   6. SLE, 6

   7. system vulnerabilities, 5–6

   8. threat inventories, 5–6

   9. transference, 7

2. system security

   1. overview, 337

   2. patches, 337–338

   3. physical security, 345–346

   4. ports, 338–341

   5. probes, 344–345

   6. protection phase, 341–342

   7. security checklists, 344

   8. security policies, 343–344

Assessing and Managing Security Risk in IT Systems: A Structured Methodology, 21–22

assets

1. identifying, 203–205

2. information as an asset, 203–205

asymmetric (public-key) encryption, 227, 245

1. Diffie-Hellman key exchange, 250

2. elliptic curve cryptography, 250

3. PGP, 250–251

4. RSA encryption, 246–249

Atbash cipher, 230–231

Atlanta ransomware attack, 136

attachments

1. security policies, 312

2. virus scanners, 270

attacks. See threats

auction fraud, 78–79

1. bid shielding, 79

2. bid siphoning, 79, 80

3. CHAP, 289

4. security settings, 97–98

5. shill bidding, 79

audits, 21

1. audit monitors, 462

2. risk assessments, 5–6

3. system vulnerabilities, 6

authentication, 21

1. deauthentication attacks, 181

2. EAP, 289

3. EAP-TLS, 289

4. HMAC, 254

5. Kerberos, 289–292

6. LEAP, 289

7. MAC, 254

8. PAP, 288

9. PEAP, 289

10. SPAP, 289

autostart locations, cyber forensics, 450

avoidance, risk assessments, 7

AWS (Amazon Web Services), DoS attacks, 120

backups

1. differential backups, 326

2. full backups, 326

3. incremental backups, 326

4. old backup media, 349

bandwidth

1. Bluetooth connectivity, 40–41

2. cabling, 36–37

BASHLITE attack, 135–136

BCP (Business Continuity Plans), 325

Beard, Andrew, harassment, 85

BIA (Business Impact Analysis), 325

bids, auction fraud

1. bid shielding, 79

2. bid siphoning, 79, 80

3. shill bidding, 79

binary number conversions, 44

binary operations, ciphers, 235

1. AND operations, 235

2. OR operations, 235

3. XOR operations, 235–236

Black Basta virus, 134

black hat hackers, 19, 167

BlackEnergy, 383

blackholing, 122

blacklists/whitelists, 276–277

Black’s Law Dictionary, 84

block ciphers, 237

Blowfish, 243

Blue jacking, 181

blue teams, 167

Bluebugging, 181

Bluesnarfing, 181

Bluetooth connectivity, 40–41

bombs, logic, 9

boot sector viruses, 132

Boston Globe, 121

botnets, 119

breaches

1. 2014 Data Breach Investigation Report (Verizon), 18

2. defined, 8

3. security policies, 319–321

bridge nodes, The Dark Web, 193

browsers

1. security settings, 92–97

2. TOR browser, 190–191, 400–401

3. Windows browsers, finding evidence in, 440–441

brute-force attacks, 182, 230

Brutus password cracking tool, 183

buffer-overflow attacks, 145–146

bugs/phone taps, industrial espionage, 211

Burkett, Alyssa, harassment, 85

BYOD (Bring Your Own Device), 314

cabling

1. bandwidth, 36–37

2. crossover cabling, 37

3. local networks, 35–37

4. speeds, 36–37

5. STP cabling, 36

6. types of, 35–36

7. uses of, 35–36

8. UTP cabling, 36

Caesar cipher, 229–230

CAPTCHA, login attacks, 119

cars, hacking, 17

Castillo, Andy, harassment, 85

CBC (Cipher Block Chaining) mode, 244

CC (Challenge Collapsar) attacks, 120

cell phones

1. active state, 452

2. attacks, 181

3. cellular networks, 453–454

4. cyber forensics

   1. Android, 455–456

   2. information to look for, 456–457

   3. iOS, 454

   4. states, 452

5. ICCID, 453

6. IMEI, 453

7. IMSI, 453

8. nascent state/factory default state, 452

9. quiescent state, 452

10. semi-active state, 452

11. SIM, 452

Cellebrite forensics tool, 440

cellular networks, 453–454

CERT (Computer Emergency Response Teams), 25, 204

certificates, digital, 292–293

certifications, 6

1. cyber forensics, 457–458

2. professional help, 366–368

Certified Ethical Hackers, 367

CFB (Cipher Feedback) mode, 244

chain of custody, 433

Chandler, James, identity theft, 81

change requests, 317–319

CHAP (Challenge Handshake Authentication Protocol), 289

chat rooms, 49

Chavarri, Johao, cyber stalking, 83

checklists, security, 344

children, crimes against, 88–90

China, cyber terrorism, 381

chosen plain text attacks, 258

Chrome (Google), security settings, 96

CIA triangle, 21–22

CIDR (Classless Interdomain Routing), 47

cipher text encryption, 237

cipher text only attacks, 259

ciphers

1. Atbash cipher, 230–231

2. block ciphers, 237

3. Caesar cipher, 229–230

4. Feistel ciphers, 237

5. Polybius cipher, 233

6. rail fence cipher, 232

7. Rijndael block cipher. See AES

8. Scytale cipher, 233

9. stream ciphers, 237, 243

10. transposition ciphers, 232

11. Vigenere cipher, 231

circuit-level gateways, 276

CISSP (Certified Information Systems Security Professionals), 367

civil court records, cyber detectives, 415–416

classes, IPv4 addresses, 44–45

classification policies, data, 323

CLD 6.3.1, 63

CLD 8.1.5, 63

CLD 9.5.1, 63

CLD 9.5.2, 63

CLD 12.1.5, 63

CLD 12.4.5, 63

CLD 13.1.4, 63

CLDAP reflection, 119–120

client errors, 48

Clop virus, 136

cloud computing, 61–64

1. audit monitors, 462

2. community clouds, 461

3. hypervisors, 462

4. logical network perimeters, 462

5. private clouds, 461

6. public clouds, 461

7. virtual forensics, 461–462

8. virtual storage, 462

COBO (Company-Owned/Business Only), 314

coding, malicious web-based, 150–151

command injection attacks, 181

commercial antivirus software, 272

community clouds, 62, 461

commutative (abelian) groups, 242

company searches, 413

company versus company, industrial espionage, 206

compromising system security

1. cracking attacks, 9

2. social engineering attacks, 10

3. war flying, 10

4. war-dialing, 10

5. war-driving, 10

Computer Security Act of 1987, 24

computer system security, 336–337

1. assessing

   1. overview, 337

   2. patches, 337–338

   3. physical security, 345–346

   4. ports, 338–341

   5. probes, 344–345

   6. protection phase, 341–342

   7. security checklists, 344

   8. security policies, 343–344

2. firewalls, 342

3. networks, 350–352

   1. scanning techniques, 352–363

   2. testing/scanning standards, 360–365

4. old backup media, 349

5. online resources, 346

6. professional help, 366–368

7. servers, 348–350

8. shutting down services in Windows, 339–340

9. workstations, 345, 346–348

concepts, security

1. CIA triangle, 21–22

2. McCumber cube, 21–22

3. privileges, 22

configuring

1. desktops, security policies, 313–314

2. firewalls, 272–275

connect scans, 170

connectivity

1. 802.11a wireless connections, 39

2. 802.11a Wireless Gigabyte Alliance wireless connections, 39

3. 802.11ac wireless connections, 39

4. 802.11af wireless connections, 39

5. 802.11ah wireless connections, 39

6. 802.11aj wireless connections, 39

7. 802.11ax wireless connections, 39

8. 802.11b wireless connections, 39

9. 802.11be wireless connections, 39

10. 802.11g wireless connections, 39

11. 802.11n wireless connections, 39

12. 802.11n-2009 wireless connections, 39

13. Bluetooth connectivity, 40–41

14. DSo connections, 38

15. Internet connection types, 38

16. ISDN connections, 38

17. local networks

    1. cabling, 35–37

    2. connection speeds, 38

    3. hubs, 37

    4. repeaters, 37

    5. RJ-45 connectors, 35

    6. routers, 38

    7. switches, 37

    8. terminators, 35

18. OC3 connections, 38

19. OC12 connections, 38

20. OC48 connections, 38

21. T1 connections, 38

22. T3 connections, 38

controlling information, 389–390

converting binary numbers, 44

cookies

1. poisoning, 180

2. TCP SYN flood attacks

   1. RST cookies, 114

   2. SYN cookies, 114

COPE (Company-Owned/Personally-Enabled), 314

court records, cyber detectives, 413, 415–416

COVID-19, Internet fraud, 75

Crack Station password cracking tool, 184

crackers, 167

cracking attacks, 9

1. password cracking, 182

   1. brute-force attacks, 182

   2. Brutus password cracking tool, 183

   3. Crack Station password cracking tool, 184

   4. dictionary attacks, 182

   5. hybrid attacks, 182

   6. John the Ripper password cracking tool, 183

   7. ophcrack, 182–183

   8. rainbow tables, 182

   9. THC-Hydra password cracking tool, 184

   10. WebCracker password cracking tool, 183

2. WebCracker password cracking tool, 183

credibility, evaluating cyber stalking threats, 87

Creeper virus, 140

crimes against children, 88–90

criminal checks, cyber detectives, 413

crossover cabling, 37

cross-site request forgeries, 180

Cross-Site Scripting (XSS) attacks, 13, 81–82, 179–180

cryptanalysis, 257–258

1. chosen plain text attacks, 258

2. cipher text only attacks, 259

3. known plain text attacks, 258

4. related-key attacks, 259

cryptography, 226–227

1. 3DES, 240

2. AES, 240–242

3. algorithms, 237

4. asymmetric encryption, 227

5. Atbash cipher, 230–231

6. binary operations, 235

   1. AND operations, 235

   2. OR operations, 235

   3. XOR operations, 235–236

7. block ciphers, 237

8. Blowfish, 243

9. Caesar cipher, 229–230

10. cipher text, 237

11. cryptanalysis, 257–258

    1. chosen plain text attacks, 258

    2. cipher text only attacks, 259

    3. known plain text attacks, 258

    4. related-key attacks, 259

12. decryption, 227

13. DES, 237–240

14. Diffie-Hellman key exchange, 250

15. digital signatures, 252

16. elliptic curve cryptography, 250

17. Enigma machine, 234–235

18. Feistel ciphers, 237

19. frequency analysis, 258

20. hashing, 253

    1. HMAC, 254

    2. MAC, 254

    3. MD5, 253

    4. RIPEMD, 254

    5. SHA, 253–254

21. history of, 228–229

22. key schedules, 238

23. keys, 237

24. legitimate versus fraudulent encryption methods, 251–252

25. mono-alphabet substitution, 230

26. “old” encryption, 251

27. online resources, 228–229

28. PGP, 250–251

29. plain text, 237

30. Polybius cipher, 233

31. public-key (asymmetric) encryption, 245

    1. Diffie-Hellman key exchange, 250

    2. elliptic curve cryptography, 250

    3. PGP, 250–251

    4. RSA encryption, 246–249

32. quantum computing cryptography, 259–260

33. rail fence cipher, 232

34. rainbow tables, 254–255

35. Rijndael block cipher. See AES

36. RSA encryption, 246–249

37. Scytale cipher, 233

38. Serpent, 243

39. single-key (symmetric) encryption, 236, 237

    1. 3DES, 240

    2. AES, 240–242

    3. Blowfish, 243

    4. CBC mode, 244

    5. CFB mode, 244

    6. DES, 237–240

    7. ECB mode, 244

    8. GCM, 245

    9. PCBC mode, 244

    10. RC4 stream ciphers, 243

    11. Serpent, 243

    12. Skipjack, 243

40. Skipjack, 243

41. steganography, 255–256

    1. history of, 256–257

    2. methods/tools, 257

42. stream ciphers, 237

43. substitution alphabets, 230

44. symmetric encryption, 227

45. transposition ciphers, 232

46. Vigenere cipher, 231

CryptoLocker virus, 135

CryptoWall virus, 135

custody, chain of, 433

cyber detectives, 408–409

1. civil court records, 415–416

2. company searches, 413

3. court records/criminal checks, 413

4. email searches, 412

5. general searches, 410

   1. online resources, 411

   2. privacy, 412

   3. Yahoo! People Search, 410–411

6. Google searches, 418

7. image searches, 411

8. Maltego, 418–420

9. mistaken identity, 415

10. online resources, 416–417

11. privacy, 412

12. sex offender databases, 413–415

13. Usenet, 417–418

cyber forensics, 426, 427

1. ASCLD, 437

2. cell phones, finding on

   1. Android, 455–456

   2. information to look for, 456–457

   3. iOS, 454

   4. states, 452

3. Cellebrite, 440

4. certifications, 457–458

5. chain of custody, 433

6. Daubert standard, 459

7. defined, 427

8. document trails, 432

9. EnCase, 439

10. EU evidence gathering, 435–436

11. expert witnesses, 458–459

12. falsifiability, 437

13. FBI forensics guidelines, 433–434

14. Federal Rule 702, 459

15. Forensics Toolkit, 428–431

16. FTK Imager, 428–431, 439

17. goal of, 427

18. handling suspect drives, 427–428

19. industry standards, 437

20. ISO/IEC 27037:2012, 437

21. ISO/IEC 27041, 437

22. ISO/IEC 27042, 437

23. ISO/IEC 27043, 437

24. ISO/IEC 27050, 437

25. live machines, 432

26. Locard’s Principle of Transference, 436

27. Magnet Forensics, 439

28. network forensics, 460

29. OSForensics, 439

30. Oxygen, 439

31. PC, finding evidence on

    1. autostart locations, 450

    2. browsers, 440–441

    3. Last Visited, 450

    4. Linux logs, 442

    5. logs, 441

    6. operating system utilities, 445–447

    7. Prefetch, 451

    8. recent documents, 450

    9. recovering deleted files, 442–444

    10. ShellBags, 451

    11. uninstalled software, 451

    12. USB information, 449–450

    13. UserAssist, 450

    14. Windows Date/Time Stamps, 451

    15. Windows Registry, 447–448

32. reports, 438

33. RFC 3227, 437

34. scientific method, 437

35. securing evidence, 432–433

36. Sleuth Kits, 439

37. SWGDE, 436, 437

38. U.S. Secret Service forensics guidelines, 434–435

39. virtual forensics, 460

    1. cloud computing, 461–462

    2. VM, 460–461

cyber stalking, 75, 82–83

1. cases, 83–86

2. crimes against children, 88–90

3. evaluating, 87–88

4. grooming, 88–89

5. harassment, 84, 98

6. sex offender databases, 90

7. swatting, 86

cyber terrorism, 378–379. See also information warfare

1. actual cases of, 379–380

2. BlackEnergy, 383

3. Cybersecurity Research and Education Act of 2002, 396–397

4. Cyberterrorism Preparedness Act of 2002, 396

5. Dark Web, The, 400–401

6. defending against, 399

7. economic espionage, 384–386

8. FinFisher, 383

9. Flame virus, 382–383

10. footprinting, 385

11. general attacks, 387

12. India, 381

13. Iran, 381–382

14. military operations, 386–387

15. negative trends, 398

16. NSA ANT catalog, 384

17. Pakistan, 381

18. positive trends, 396–398

19. recruiting/communications, 399–400

20. Russian hackers, 381

21. Saudi Arabia, 381–382

22. SCADA systems, 387–388

23. StopGeorgia.ru malware, 383

24. Stuxnet, 382

25. TOR browser, 400–401

26. U.S. PATRIOT Act, 396–397

Cybercrime Magazine, 3

cybersecurity engineering, 466–467, 475–476

1. defined, 467–468

2. IEEE 830–1993, 468–469

3. IEEE 15288, 472

4. ISO 27001, 477–478

5. ISO 27004, 478

6. MATLAB, 473

7. modeling/simulation, 473

8. MPE formula, 474

9. MSD formula, 474

10. MTBF formula, 474–475

11. MTTR formula, 475

12. NIST SP 800–63B, 478–480

13. quantifiable data, 474–475

14. reliability engineering, 471–472, 473

15. requirements, 469–471, 472

16. RMF, 476

17. SecML, 480–481

    1. concepts, 481

    2. DID, 488

    3. MCD, 484–486

    4. security block diagrams, 489

    5. security sequence diagrams, 486–488

18. SMART acronym, 469

19. systems engineering, 468

20. threat modeling, 489–490

21. WBS, 471

Cybersecurity Research and Education Act of 2002, 396–397

Cyberterrorism Preparedness Act of 2002, 396

cyclic groups, 242

CYOD (Choose Your Own Device), 314

Dallas, TX police department, insider threats, 14

DAM (Database Activity Monitoring), 287

Dark Web, The

1. advertised relay nodes, 193

2. bridge nodes, 193

3. cyber terrorism, 400–401

4. entry node, 192

5. exit node, 192

6. exploits, 192

7. onion routing, 189–190

8. online resources, 193

9. People’s Drug Store, The, 191

10. relay node, 192

11. TOR browser, 190–191

DASH7 wireless protocol, 41

data breaches

1. 2014 Data Breach Investigation Report (Verizon), 18

2. defined, 8

data classification policies, 323

Data Link layer (OSI network model), 60

data packets

1. contents of, 49–50

2. filtering, 273–274

3. headers, 49–50

4. ICMP packets, blocking, 122

5. SPI, 274

data transmission, 41

1. ports, 43

2. protocols, 42–43

databases

1. National Vulnerability Database, 365

2. sex offender databases, 413–415

Daubert standard, 459

DDoS (Distributed DoS) attacks, 11, 119, 121

deauthentication attacks, 181

decryption, 227

deep fakes, 152–153

degradation of service attacks, 120

deleted files, recovering, 442–444

departing employee policies, 316–317

DES (Data Encryption Standard), 237–240

desktop configurations, security policies, 313–314

detecting

1. IDS, 21, 23, 279

   1. active IDS, 280

   2. elements of, 281

   3. identifying intrusions, 280

   4. passive IDS, 280

   5. Snort, 281–286

2. viruses and spyware

   1. antivirus software, 153–156

   2. machine learning and malware, 157

   3. remediation steps, 157–158

detectives, cyber, 408–409

1. civil court records, 415–416

2. company searches, 413

3. court records/criminal checks, 413

4. email searches, 412

5. general searches, 410

   1. online resources, 411

   2. privacy, 412

   3. Yahoo! People Search, 410–411

6. Google searches, 418

7. image searches, 411

8. Maltego, 418–420

9. mistaken identity, 415

10. online resources, 416–417

11. privacy, 412

12. sex offender databases, 413–415

13. Usenet, 417–418

development policies, 322–323

DHCP starvation, 118

dictionary attacks, 182

DID (Data Interface Diagrams), 488

differential backups, 326

Diffie-Hellman key exchange, 250

digital certificates, 292–293

digital signatures, 252

directory traversals, 180

disaster recovery, 324

1. BCP, 325

2. BIA, 325

3. differential backups, 326

4. DRP, 324

5. fault tolerance, 326–327

6. full backups, 326

7. impact analysis, 325

8. incremental backups, 326

9. ISO 27035, 325

10. NIST 800–61, 325

11. RAID, 327

disinformation, 391

DiskCryptor, 214

distributed reflection DoS attacks, 109

DMZ (Demilitarized Zones), 350–351

DNS (Domain Name System) protocol, 42

DNS poisoning, 8, 15–16

documentation

1. cyber forensics, 432

   1. document trails, 432

   2. recent documents, 450

2. forensics reports, 438

DoD clearances, 323–324

DOJ (Department of Justice)

1. Gameover ZeuS virus, 135

2. identity theft, 80

DoS (Denial of Service) attacks, 5, 10–11, 106–107

1. AWS attack, 120

2. blackholing, 122

3. blocking ICMP packets, 122

4. Boston Globe, 121

5. CC attacks, 120

6. CLDAP reflection, 119–120

7. DDoS attacks, 11, 119, 121

8. defending against, 121–122

9. defined, 8

10. degradation of service attacks, 120

11. DHCP starvation, 118

12. distributed reflection DoS attacks, 109

13. EDoS attacks, 120

14. example of, 106–107

15. FastMail DDoS blackmail attack, 121

16. Fraggles, 116

17. Google attack, 120

18. HTTP POST DoS attacks, 118

19. ICMP flood attacks, 117

20. land attacks, 118–119

21. login attacks, 119

22. login DoS attacks, 118

23. LOIC, 109–110

24. memcache attack, 121

25. Mirai attack, 121, 135–136

26. PDoS attacks, 118

27. phlashing, 118

28. ping command, 107–108

29. PoD, 117

30. real-world examples, 120–121

31. registration DoS attacks, 118

32. security policies, 320

33. sinkholing, 122

34. Smurf IP attacks, 115–116

35. Stacheldraht, 111–112

36. TCP SYN flood attacks, 112–113

    1. hashing, 114

    2. micro blocks, 113

    3. RST cookies, 114

    4. SPI firewalls, 115

    5. SYN cookies, 114

37. teardrop attacks, 118

38. TFN, 111

39. TFN2K, 111

40. UDP flood attacks, 116–117

41. weaknesses, 112

42. XOIC, 110

43. Yo-Yo attacks, 119

downloads, virus scanners, 270

doxing, 16–17

DREAD threat modeling, 490

drives

1. handling suspect drives, 427–428

2. imaging drives with Forensic Toolkit, 428–431

DRP (Disaster Recovery Plans), 324

DSo connections, 38

dual-homed host firewalls, 275

EAP (Extensible Authentication Protocol), 289

EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), 289

ECB (Electronic Codebook) mode, 244

economic espionage, 206, 384–386

EDGE (Enhanced Data Rates for GSM Evolution), 454

Edge security settings, Microsoft, 92–94

EDoS (Economic Denial of Sustainability) attacks, 120

EFS (Encrypted File System), Windows, 214, 215

Eisenberger, Keith, harassment, 85

eliminating viruses/spyware

1. antivirus software, 153–156

2. machine learning and malware, 157

3. remediation steps, 157–158

eLiTeWrap tool, 143–144

elliptic curve cryptography, 250

email

1. protocols, 49

2. searches, 412

3. usage policies, 311–312

4. virus scanners, 270

employee policies

1. departing employee policies, 316–317

2. new employee policies, 316

EnCase forensics tool, 439

encryption, 226–227

1. 3DES, 240

2. AES, 240–242

3. algorithms, 237

4. asymmetric (public-key) encryption, 227

5. Atbash cipher, 230–231

6. binary operations, 235

   1. AND operations, 235

   2. OR operations, 235

   3. XOR operations, 235–236

7. block ciphers, 237

8. Blowfish, 243

9. Caesar cipher, 229–230

10. cipher text, 237

11. cryptanalysis, 257–258

    1. chosen plain text attacks, 258

    2. cipher text only attacks, 259

    3. known plain text attacks, 258

    4. related-key attacks, 259

12. decryption, 227

13. DES, 237–240

14. Diffie-Hellman key exchange, 250

15. digital signatures, 252

16. elliptic curve cryptography, 250

17. Enigma machine, 234–235

18. Feistel ciphers, 237

19. frequency analysis, 258

20. hashing, 253

    1. HMAC, 254

    2. MAC, 254

    3. MD5, 253

    4. RIPEMD, 254

    5. SHA, 253–254

21. history of, 228–229

22. key schedules, 238

23. keys, 237

24. legitimate versus fraudulent encryption methods, 251–252

25. mono-alphabet substitution, 230

26. “old” encryption, 251

27. online resources, 228–229

28. PGP, 250–251

29. plain text, 237

30. Polybius cipher, 233

31. public-key (asymmetric) encryption, 245

    1. Diffie-Hellman key exchange, 250

    2. elliptic curve cryptography, 250

    3. PGP, 250–251

    4. RSA encryption, 246–249

32. quantum computing cryptography, 259–260

33. rail fence cipher, 232

34. rainbow tables, 254–255

35. Rijndael block cipher. See AES

36. RSA encryption, 246–249

37. Scytale cipher, 233

38. Serpent, 243

39. single-key (symmetric) encryption, 236, 237

    1. 3DES, 240

    2. AES, 240–242

    3. Blowfish, 243

    4. CBC mode, 244

    5. CFB mode, 244

    6. DES, 237–240

    7. ECB mode, 244

    8. GCM, 245

    9. PCBC mode, 244

    10. RC4 stream ciphers, 243

    11. Serpent, 243

    12. Skipjack, 243

40. steganography, 255–256

    1. history of, 256–257

    2. methods/tools, 257

41. stream ciphers, 237

42. substitution alphabets, 230

43. symmetric (single-key) encryption, 227

44. transposition ciphers, 232

45. Vigenere cipher, 231

46. Windows EFS, 214, 215

engineering, cybersecurity, 466–467, 475–476

1. defined, 467–468

2. IEEE 830–1993, 468–469

3. IEEE 15288, 472

4. ISO 27001, 477–478

5. ISO 27004, 478

6. MATLAB, 473

7. modeling/simulation, 473

8. MPE formula, 474

9. MSD formula, 474

10. MTBF formula, 474–475

11. MTTR formula, 475

12. NIST SP 800–63B, 478–480

13. quantifiable data, 474–475

14. reliability engineering, 471–472, 473

15. requirements, 469–471, 472

16. RMF, 476

17. SecML, 480–481

    1. concepts, 481

    2. DID, 488

    3. MCD, 484–486

    4. security block diagrams, 489

    5. security sequence diagrams, 486–488

18. SMART acronym, 469

19. systems engineering, 468

20. threat modeling, 489–490

21. WBS, 471

Enigma machine, 234–235

entry node, The Dark Web, 192

enumeration, 174–175

errors

1. client errors, 48

2. Error 404: File Not Found messages, 48

3. server errors, 48

espionage, 200–202, 207–208

1. assets

   1. identifying, 203–205

   2. information as an asset, 203–205

2. defined, 202

3. DiskCryptor, 214

4. economic espionage, 206, 384–386

5. examples of, 206–207

6. hacking, 206

7. Industrial Espionage Act of 1996, 218

8. low-tech industrial espionage, 208–210

9. phishing, 219

10. phone taps/bugs, 211

11. protection against, 212–215

12. sensitive data, 202

13. spear phishing, 219

14. spies for hire, 212

15. spyware, 210–211

16. steganography, 211

17. trade secrets, 215–218

18. trends in, 207

19. VeraCrypt, 213–214

20. whaling, 219

21. Windows EFS, 214, 215

Ethernet headers, 50

ethical hacking, penetration testing, 19–20

EU evidence gathering, 435–436

Euler’s Totient, 246

evidence

1. cell phones, finding on

   1. Android, 455–456

   2. information to look for, 456–457

   3. iOS, 454

   4. states, 452

2. EU evidence gathering, 435–436

3. PC, finding on

   1. autostart locations, 450

   2. browsers, 440–441

   3. Last Visited, 450

   4. Linux logs, 442

   5. operating system utilities, 445–447

   6. Prefetch, 451

   7. recent documents, 450

   8. recovering deleted files, 442–444

   9. ShellBags, 451

   10. system logs, 441

   11. uninstalled software, 451

   12. USB information, 449–450

   13. UserAssist, 450

   14. Windows Date/Time Stamps, 451

   15. Windows Registry, 447–448

4. securing, 432–433

5. SWGDE, 436, 437

evil twin attacks, 181

exit node, The Dark Web, 192

expert witnesses, cyber forensics, 458–459

expulsion/termination policies, 315

factory default state/nascent state, cell phones, 452

FakeAV virus, 137

false negatives/positives, virus scanners, 271

falsifiability, 437

faster connection speeds, local networks, 38

FastMail DDoS blackmail attack, 121

fault tolerance, 326–327

FBI forensics guidelines, 433–434

Federal Rule 702, 459

FedRAMP (Federal Risk and Authorization Management Protocol), 63

Feistel ciphers, 237

“Felony Lane Gang, The,” 81

fields, 242

files

1. deleted files, recovering, 442–444

2. virus scanners, 270

filtering packets, 273–274

FIN probes, 173

FIN scans, 171

finding

1. evidence

   1. Android, 455–456

   2. cell phones, 452–457

   3. iOS, 454–455

   4. PC, 440–451

2. firewalls, 342

FinFisher, 383

Firefox, security settings, 94–96

firewalls, 20–21, 59, 272–273

1. application gateways, 274

2. application-layer firewalls, 276

3. benefits of, 273

4. blacklists/whitelists, 276–277

5. circuit-level gateways, 276

6. configuring, 272–275

7. dual-homed host firewalls, 275

8. finding, 342

9. limitations of, 273

10. logs, 278

11. network host-based firewalls, 275

12. NGFW, 276

13. packet filtering, 273–274

14. router-based firewalls, 275

15. screened hosts, 275

16. SPI, 274

17. SPI firewalls, 115

18. types of, 276–278

19. WAF, 276

20. Windows Defender Firewall, 277–278

21. ZoneAlarm, 277

Flame virus, 140, 382–383

fog computing, 62–63

footprinting, 385

foreign governments, economic espionage, 206

forensics, cyber, 426, 427

1. ASCLD, 437

2. cell phones, finding on

   1. Android, 455–456

   2. information to look for, 456–457

   3. iOS, 454

   4. states, 452

3. Cellebrite, 440

4. certifications, 457–458

5. chain of custody, 433

6. Daubert standard, 459

7. defined, 427

8. document trails, 432

9. EnCase, 439

10. EU evidence gathering, 435–436

11. expert witnesses, 458–459

12. falsifiability, 437

13. FBI forensics guidelines, 433–434

14. Federal Rule 702, 459

15. Forensics Toolkit, 428–431

16. FTK Imager, 428–431, 439

17. goal of, 427

18. handling suspect drives, 427–428

19. imaging drives with Forensic Toolkit, 428–431

20. industry standards, 437

21. ISO/IEC 27037:2012, 437

22. ISO/IEC 27041, 437

23. ISO/IEC 27042, 437

24. ISO/IEC 27043, 437

25. ISO/IEC 27050, 437

26. live machines, 432

27. Locard’s Principle of Transference, 436

28. Magnet Forensics, 439

29. network forensics, 460

30. OSForensics, 439

31. Oxygen, 439

32. PC, finding evidence on

    1. autostart locations, 450

    2. browsers, 440–441

    3. Last Visited, 450

    4. Linux logs, 442

    5. logs, 441

    6. operating system utilities, 445–447

    7. Prefetch, 451

    8. recent documents, 450

    9. recovering deleted files, 442–444

    10. ShellBags, 451

    11. uninstalled software, 451

    12. USB information, 449–450

    13. UserAssist, 450

    14. Windows Date/Time Stamps, 451

    15. Windows Registry, 447–448

33. reports, 438

34. RFC 3227, 437

35. scientific method, 437

36. securing evidence, 432–433

37. Sleuth Kits, 439

38. SWGDE, 436, 437

39. U.S. Secret Service forensics guidelines, 434–435

40. virtual forensics, 460

    1. cloud computing, 461–462

    2. VM, 460–461

Fraggles, 116

fraud, 74–75

1. auction fraud, 78–79

   1. bid shielding, 79

   2. bid siphoning, 79, 80

   3. security settings, 97–98

   4. shill bidding, 79

2. COVID-19, 75

3. identity theft, 80–81

   1. phishing, 81–82

   2. protection against, 91–92

   3. XSS attacks, 81–82

4. investment offers, 75–76

   1. common schemes, 76

   2. protection against, 91

   3. pump and dump scams, 77

5. laws/legislation, 90–91

6. legitimate versus fraudulent encryption methods, 251–252

7. Leszczymski, Alexander, 75

8. SEC, 75

frequency analysis, 258

frequency, evaluating cyber stalking threats, 87

F-Secure, 26

FTC (Federal Trade Commission), auction fraud, 78–79

FTK Imager forensics tool, 428–431, 439

FTP (File Transfer Protocol), 42

FTP bounce scans, 173

full backups, 326

Galois group, 242

Gameover ZeuS virus, 135

GCM (Galois Counter Mode), 245

general searches, 410

1. image searches, 411

2. online resources, 411

3. privacy, 412

4. Yahoo! People Search, 410–411

Georgia Medical Center, South, insider threats, 14–15

1. Georgia (Republic of), StopGeorgia.ru malware, 383

GIAC, system security, 368

Goldberg, Barry, cyber stalking, 83

Golden Eye, 134

good passwords, 343

Google

1. Chrome, security settings, 96

2. cyber detectives, 418

3. DoS attacks, 120

gray hat hackers, 19, 167

grooming, 88–89

GSM (Global System for Mobile Communication), 453

guidelines, security, 323

hacking, 19

1. active scanning techniques, 169

   1. connect scans, 170

   2. enumeration, 174–175

   3. FIN probes, 173

   4. FIN scans, 171

   5. FTP bounce scans, 173

   6. ping scans, 170

   7. port scanning, 169–173

   8. Shodan, 175–176

   9. SNMP scans, 173

   10. SYN scans, 171

   11. vulnerability assessments, 173

2. black hat hackers, 19, 167

3. Blue jacking, 181

4. blue teams, 167

5. Bluebugging, 181

6. Bluesnarfing, 181

7. brute-force attacks, 182, 230

8. cars, 17

9. cell phone attacks, 181

10. Certified Ethical Hackers, 367

11. command injection attacks, 181

12. cookie poisoning, 180

13. crackers, 167

14. cross-site request forgeries, 180

15. Dark Web, The

    1. advertised relay nodes, 193

    2. bridge nodes, 193

    3. entry node, 192

    4. exit node, 192

    5. exploits, 192

    6. onion routing, 189–190

    7. online resources, 193

    8. People’s Drug Store, The, 191

    9. relay node, 192

    10. TOR browser, 190–191

16. deauthentication attacks, 181

17. defined, 18

18. dictionary attacks, 182

19. directory traversals, 180

20. ethical hacking, 19–20

21. evil twin attacks, 181

22. gray hat hackers, 19, 167

23. hybrid attacks, 182

24. industrial espionage, 206

25. IoT, 17

26. Jeep vehicles, 17

27. login as system attacks, 186–187

28. malware

    1. creating, 184–185

    2. TeraBIT Virus Maker, 184–185

29. medical devices, 17

30. net user script attacks, 186

31. New Hackers Dictionary, 20

32. online resources, 168–169

33. ophcrack, 182–183

34. pass the hash attacks, 185

35. passive scanning techniques, 167–169

36. password cracking attacks, 182

    1. brute-force attacks, 182

    2. Brutus password cracking tool, 183

    3. Crack Station password cracking tool, 184

    4. dictionary attacks, 182

    5. hybrid attacks, 182

    6. John the Ripper password cracking tool, 183

    7. ophcrack, 182–183

    8. rainbow tables, 182

    9. THC-Hydra password cracking tool, 184

    10. WebCracker password cracking tool, 183

37. penetration testing, 19–20, 166–167, 187

    1. NIST 800–115, 187

    2. NSA assessment methodology, 188

    3. PCI DSS, 189

38. phreaking, 20, 167

39. Pod slurping, 181

40. rainbow tables, 182, 254–255

41. reconnaissance phase, 167

42. red teams, 167

43. Russian hackers, 381

44. script kiddies, 19, 167

45. security policies, 320–321

46. SQL script injection attacks, 177–179

47. TeraBIT Virus Maker, 184–185

48. URL hijacking, 180

49. white hat hackers, 18–19, 167

50. Windows computers, 185

    1. login as system attacks, 186–187

    2. net user script attacks, 186

    3. pass the hash attacks, 185

51. wireless attacks, 181

52. WPS attacks, 181

53. XSS attacks, 179–180

hard drives

1. handling suspect drives, 427–428

2. imaging drives with Forensic Toolkit, 428–431

Hardy, Matthew, cyber stalking, 84

harassment, cyber stalking, 84, 98

hashing, 114, 253

1. HMAC, 254

2. MAC, 254

3. MD5, 253

4. pass the hash attacks, 185

5. RIPEMD, 254

6. SHA, 253–254

headers, packets, 49–50

Hern, U.S. Representative Kevin, harassment, 85

Herring, Mark, swatting, 86

heuristic scanning, 271

hijacking

1. sessions, 8, 13–14

2. URL, 180

HIPAA (Health Insurance Portability and Accountability Act of 1996), 25, 328–329

HMAC (Hashing Message Authentication Code), 254

HOIC (High Orbit Ion Cannons), 110

honey pots, 286

HTTP (Hypertext Transfer Protocol), 42

HTTP POST DoS attacks, 118

HTTPS (HTTP Secure), 42

hubs, 37

hybrid attacks, 182

hybrid clouds, 62

hybrid security approaches, 23–24

hypervisors, 462

ICCID (Integrated Circuit Card Identification), 453

ICMP flood attacks, 117

ICMP packets, blocking, 122

iDEN (Integrated Digital Enhanced Networks), 454

identifying

1. assets, 203–205

2. threats, 7–8

identity

1. mistaken identity, 415

2. theft, 80–81

   1. Identity Theft and Assumption Deterrence Act of 1998 (U.S.C.1028), 90

   2. phishing, 81–82

   3. protection against, 91–92

   4. XSS attacks, 81–82

IDS (Intrusion Detection Systems), 21, 23, 279

1. active IDS, 280

2. elements of, 281

3. identifying intrusions, 280

4. passive IDS, 280

5. Snort, 281–286

IEEE (Institute of Electrical and Electronics Engineers)

1. 802.11a wireless connections, 39

2. 802.11a Wireless Gigabyte Alliance wireless connections, 39

3. 802.11ac wireless connections, 39

4. 802.11af wireless connections, 39

5. 802.11ah wireless connections, 39

6. 802.11aj wireless connections, 39

7. 802.11ax wireless connections, 39

8. 802.11b wireless connections, 39

9. 802.11be wireless connections, 39

10. 802.11g wireless connections, 39

11. 802.11n wireless connections, 39

12. 802.11n-2009 wireless connections, 39

13. 830–1993, 468–469

14. 15288, 472

IM (Instant Messaging), security policies, 313

image searches, 411

imaging drives with Forensic Toolkit, 428–431

IMAP (Internet Message Access Protocol), 42

IMAPS (IMAP Secure), 42

IMEI (International Mobile Equipment Identity), 453

impact analysis, 325

IMSI (International Mobile Subscriber Identity), 453

incremental backups, 326

India, cyber terrorism, 381

individual workstations, securing, 346–348

industrial espionage, 200, 207–208

1. assets

   1. identifying, 203–205

   2. information as an asset, 203–205

2. defined, 202

3. DiskCryptor, 214

4. economic espionage, 206

5. examples of, 206–207

6. hacking, 206

7. Industrial Espionage Act of 1996, 218

8. low-tech industrial espionage, 208–210

9. phishing, 219

10. phone taps/bugs, 211

11. protection against, 212–215

12. sensitive data, 202

13. spear phishing, 219

14. spies for hire, 212

15. spyware, 210–211

16. steganography, 211

17. trade secrets, 215–218

18. trends in, 207

19. VeraCrypt, 213–214

20. whaling, 219

21. Windows EFS, 214, 215

industry certifications/standards, 6, 437

information as an asset, 203–205

information warfare, 388. See also cyber terrorism

1. actual cases of, 391–395

2. AI, 395–396

3. Cybersecurity Research and Education Act of 2002, 396–397

4. Cyberterrorism Preparedness Act of 2002, 396

5. disinformation, 391

6. future trends, 395

7. information control, 389–390

8. machine learning, 395–396

9. negative trends, 398

10. positive trends, 396–398

11. propaganda, 388–389

12. U.S. PATRIOT Act, 396–397

13. Yahoo!390

insider threats, 14

1. common scenarios, 15

2. Dallas, TX police department, 14

3. defined, 8, 15

4. Snowden, Edward, 14

5. South Georgia Medical Center, 14–15

installing software, security policies, 312

intensity, evaluating cyber stalking threats, 88

Internet

1. arp command, 56–57

2. chat rooms, 49

3. cloud computing, 61–64

4. connection types, 38

5. development of, 2–4

6. email protocols, 49

7. fraud, 74–75

   1. auction fraud, 78–80, 97–98

   2. COVID-19, 75

   3. identity theft, 80–81, 91–92

   4. investment offers, 75–78, 91

   5. laws/legislation, 90–91

   6. Leszczymski, Alexander, 75

   7. phishing, 81–82

   8. SEC, 75

   9. XSS attacks, 81–82

8. growth of, 2–4

9. history of, 50–52

10. IoT, hacking, 17

11. IPConfig command, 52–54

12. IPv4 addresses, 44–47

13. IPv6 addresses, 47–48

14. ISP, 43

15. NAP, 43

16. Netstat command, 56

17. nslookup command, 56–57

18. packets

    1. contents of, 49–50

    2. headers, 49–50

    3. SYN/ACK communications, 50

19. PathPing command, 58–59

20. ping command, 48, 53–55

21. route command, 57–58

22. traceroute command, 48, 55

23. URL, 48–49

24. usage policies, 310–311

Internet layer (TCP/IP network model), 61

intrusions

1. deflection, 288

2. deterrence, 288

3. IDS, 279

   1. active IDS, 280

   2. elements of, 281

   3. identifying intrusions, 280

   4. passive IDS, 280

   5. Snort, 281–286

inventories, threat, 5–6

investigations/cyber detectives, 408–409

1. civil court records, 415–416

2. company searches, 413

3. court records/criminal checks, 413

4. email searches, 412

5. general searches, 410

   1. online resources, 411

   2. privacy, 412

   3. Yahoo! People Search, 410–411

6. Google searches, 418

7. image searches, 411

8. Maltego, 418–420

9. mistaken identity, 415

10. online resources, 416–417

11. privacy, 412

12. sex offender databases, 413–415

13. Usenet, 417–418

investment offers, Internet fraud, 75–76

1. common schemes, 76

2. investment advice, 76

3. protection against, 91

4. pump and dump scams, 77

iOS, cyber forensics, 454

IoT (Internet of Things)

1. hacking, 17

2. malware, 135–136

IP (Internet Protocol) addresses, 43

1. IPv4, 44

   1. binary number conversions, 44

   2. CIDR, 47

   3. classes, 44–45

   4. private IP addresses, 44, 45–46

   5. public IP addresses, 44, 45–46

   6. ranges, 45

   7. subnetting, 46

2. IPv6, 47

   1. CIDR, 47

   2. link-local addresses, 47

   3. loopback addresses, 47

   4. M flags, 48

   5. machine-local addresses, 47

   6. network-local addresses, 47–48

   7. O flags, 48

   8. ping command, 48

   9. site-local addresses, 47–48

   10. traceroute command, 48

3. NAT, 46

4. private IP addresses, 44, 45–46

5. public IP addresses, 44, 45–46

IP headers, 49

IPConfig command, 52–54

IPsec (Internet Protocol Security), 297

Iran, cyber terrorism, 381–382

IRC (Internet Relay Chat) protocol, 42

ISDN connections, 38

ISO 17799, 307–308

ISO 17999, 305–306

ISO 27001, 306–307, 477–478

ISO 27002, 307

ISO 27004, 478

ISO 27017, 63

ISO 27018, 63

ISO 27035, 325

ISO/IEC 27037:2012, 437

ISO/IEC 27041, 437

ISO/IEC 27042, 437

ISO/IEC 27043, 437

ISO/IEC 27050, 437

ISP (Internet Service Providers), 43

Jeep vehicles, hacking, 17

John the Ripper password cracking tool, 183

Kali Linux, 359–362

Kedi RAT (Remote Access Trojan), 137

Kerberos authentication, 289–292

key loggers, 9

key schedules, 238

keys, encryption, 237

known plain text attacks, 258

Kurzynski, Joel, cyber stalking, 84

L2TP (Layer 2 Tunneling Protocol), 296–297

land attacks, 118–119

Last Visited, cyber forensics, 450

Latigo, Heriberto, cyber stalking, 83–84

laws/legislation, 328

1. Computer Security Act of 1987, 24

2. court records/criminal checks, cyber detectives, 413

3. Cybersecurity Research and Education Act of 2002, 396–397

4. Cyberterrorism Preparedness Act of 2002, 396

5. Federal Rule 702, 459

6. HIPAA, 25, 328–329

7. Industrial Espionage Act of 1996, 218

8. Internet fraud, 90–91

9. OMB Circular A-130, 25

10. PCI DSS, 329

11. privacy laws, 25

12. Sarbanes-Oxley Act, 329

13. “sensitive information,” 24–25

14. state-specific computer security laws/legislation, 25

15. United States Code (the Privacy Act), 24

16. U.S. PATRIOT Act, 396–397

layered security approaches, 23

LEAP (Lightweight Extensible Authentication Protocol), 289

least privileges, 22

legal issues, impact on network security, 24–25

legitimate versus fraudulent encryption methods, 251–252

Leszczymski, Alexander, Internet fraud, 75

link-local addresses, 47

Linux

1. Kali Linux, 359–362

2. logs, cyber forensics, 442

live machines, cyber forensics, 432

local networks

1. cabling, 35–37

2. connection speeds, 38

3. hubs, 37

4. repeaters, 37

5. RJ-45 connectors, 35

6. routers, 38

7. switches, 37

8. terminators, 35

Locard’s Principle of Transference, 436

locks, physical security, 345–346

loggers, key, 9

logic bombs, 9, 151–152

logical network perimeters, 462

login attacks, 119

1. DoS attacks, 118

2. Linux logs, 442

3. login as system attacks, 186–187

logs

1. firewalls, 278

2. networks, 351

3. Windows logs, cyber forensics, 441

LOIC (Low Orbit Ion Cannons), 10, 19, 109–110

loopback addresses, 47

loss

1. ALE, 6

2. ARO, 6–7

3. SLE, 6

low-tech industrial espionage, 208–210

LTE (Long Term Evolution), 454

Lynsis, 359

M flags, 48

MAC (Media Access Control) addresses, 61

MAC (Message Authentication Code), 254

MacDefender virus, 137

machine learning

1. information warfare, 395–396

2. malware, 140–141, 157

3. virus scanners, 271

machine-local addresses, 47

macro viruses, 132

Magnet Forensics, 439

malicious web-based code, 150–151

Maltego, 418–420

malware, 5, 8, 130–131

1. anti-malware, 157

2. APT, 152

3. BlackEnergy, 383

4. buffer-overflow attacks, 145–146

5. characteristics of, 9

6. creating, 184–185

7. deep fakes, 152–153

8. defined, 8

9. IoT malware, 135–136

10. key loggers, 9

11. logic bombs, 9, 151–152

12. machine learning and malware, 140–141, 157

13. malicious web-based code, 150–151

14. rootkits, 149–150

15. spam, 152

16. spyware, 9, 146–147

    1. antispyware, 278–279

    2. delivery to target systems, 147

    3. detecting/eliminating, 153–158

    4. FinFisher, 383

    5. industrial espionage, 210–211

    6. legal uses of, 147

    7. obtaining, 148–149

    8. Pegasus spyware, 147

17. StopGeorgia.ru malware, 383

18. Stuxnet, 382

19. Trojan horses, 9, 116, 142–143

    1. eLiTeWrap tool, 143–144

    2. Kedi RAT, 137

20. viruses

    1. Apple viruses 1, 2, and 3, 140

    2. armored viruses, 133

    3. Atlanta ransomware attack, 136

    4. BASHLITE attack, 135–136

    5. Black Basta virus, 134

    6. boot sector viruses, 132

    7. Clop virus, 136

    8. Creeper virus, 140

    9. CryptoLocker virus, 135

    10. CryptoWall virus, 135

    11. defined, 131

    12. detecting/eliminating, 153–158

    13. early viruses, 140

    14. examples of, 133–140

    15. FakeAV virus, 137

    16. Flame virus, 140, 382–383

    17. Gameover ZeuS virus, 135

    18. impact of, 140

    19. IoT malware, 135–136

    20. MacDefender virus, 137

    21. macro viruses, 132

    22. memory-resident viruses, 133

    23. metamorphic viruses, 133

    24. Mimail virus, 138–139

    25. Mindware virus, 136

    26. Morris Internet worm, 139

    27. multi-partite viruses, 133

    28. nonvirus viruses, 139

    29. online resources, 133–134

    30. Petya virus, 134

    31. polymorphic viruses, 133

    32. Rombertik virus, 135

    33. rules for avoiding, 141

    34. Sasser virus, 145–146

    35. scanners, 269–271

    36. security policies, 319–320

    37. Shamoon virus, 135, 382

    38. Shlayer virus, 138

    39. SoBig virus, 137–138

    40. sparse infector viruses, 133

    41. spread of, 131–132

    42. TeraBIT Virus Maker, 184–185

    43. Thanatos ransomware, 136

    44. Titanium virus, 134

    45. types of, 132–133

    46. virulancy, 137

    47. Wabbit virus, 140

    48. WannaCry virus, 134

    49. worms versus, 142

    50. worms, 142

MATLAB, cybersecurity engineering, 473

McCullum, Juan R., harassment, 85

McCumber cube, 21–22

MCD (Misuse-Case Diagrams), 484–486

MD5, 253

medical devices, hacking, 17

Medico, Joseph, harassment, 85

memcache, DoS attacks, 121

memory-resident viruses, 133

metamorphic viruses, 133

micro blocks, TCP SYN flood attacks, 113

Microsoft Edge, security settings, 92–94

Microsoft Security Advisor, 26

military operations, cyber terrorism, 386–387

Mimail virus, 138–139

Mindware virus, 136

Mirai attack, 121, 135–136

mistaken identity, 415

mitigation, risk assessments, 7

mobile phones

1. active state, 452

2. attacks, 181

3. cellular networks, 453–454

4. cyber forensics

   1. Android, 455–456

   2. information to look for, 456–457

   3. iOS, 454

   4. states, 452

5. ICCID, 453

6. IMEI, 453

7. IMSI, 453

8. nascent state/factory default state, 452

9. quiescent state, 452

10. semi-active state, 452

11. SIM, 452

modeling/simulation

1. cybersecurity engineering, 473

2. SecML, 480–481

   1. concepts, 481

   2. DID, 488

   3. MCD, 484–486

   4. security block diagrams, 489

   5. security sequence diagrams, 486–488

3. threat modeling, 489–490

monitoring, DAM, 287

mono-alphabet substitution, 230

Morris, Robert T.

1. session hijacking, 13

2. “Weakness in the 4.2BSD Unix TCP/IP Software, A,” 13

Morris Internet worm, 139

MPE (Mean Percentage Error) formula, 474

MSD (Mean Squared Deviation) formula, 474

MTBF (Mean Time Between Failures) formula, 474–475

MTTR (Mean Time To Repair) formula, 475

multi-alphabet substitution, 231

multi-partite viruses, 133

Murphy, Robert James, cyber stalking, 84

NAP (Network Access Points), 43

nascent state/factory default state, cell phones, 452

NAT (Network Address Translation), 46

National Vulnerability Database, 365

NESSUS, 352–355

net user script attacks, 186

NetBIOS protocol, 42

Netstat command, 56

Network Access layer (TCP/IP network model), 61

network host-based firewalls, 275

Network layer (OSI network model), 60

network-local addresses, 47–48

networks, 34–35

1. basics, 35

2. cellular networks, 453–454

3. cloud computing, 61–64

4. data transmission, 41

   1. ports, 43

   2. protocols, 42–43

5. DMZ, 350–351

6. firewalls, 59

7. forensics, 460

8. iDEN, 454

9. legal issues, impact on network security, 24–25

10. local networks

    1. cabling, 35–37

    2. connection speeds, 38

    3. hubs, 37

    4. repeaters, 37

    5. RJ-45 connectors, 35

    6. routers, 38

    7. switches, 37

    8. terminators, 35

11. logical network perimeters, 462

12. MAC addresses, 61

13. NAP, 43

14. NAT, 46

15. NIC, 35

16. OSI model, 60–61

17. proxy servers, 59

18. scanning techniques

    1. Kali Linux, 359–362

    2. Lynsis, 359

    3. National Vulnerability Database, 365

    4. NESSUS, 352–355

    5. Nikto, 359–360

    6. NIST 800–15, 363–364

    7. NSA-IAM, 364–365

    8. OpenVAS, 363

    9. OWASP ZAP, 355–357

    10. PCI DSS, 365

    11. Shodan, 357–359

    12. Sparta, 360–362

    13. Vega, 362

19. system security, 350–352

20. TCP/IP model, 61

21. VPN, 296

22. wireless networks

    1. 6LoWPAN wireless protocol, 41

    2. ANT+ wireless protocol, 41

    3. Bluetooth connectivity, 40–41

    4. connection speeds, 39–40

    5. DASH7 wireless protocol, 41

    6. RC4 stream ciphers, 40

    7. Thread wireless protocol, 41

    8. WEP, 40, 298

    9. WirelessHART wireless protocol, 41

    10. WPA, 40, 298

    11. WPA2, 40, 298

    12. WPA3, 40, 298

    13. Zigbee wireless protocol, 41

    14. Z-Wave wireless protocol, 41

new employee policies, 316

New Hackers Dictionary, 20

NGFW (Next-Generation Firewalls), 276

NIC (Network Interface Cards), 35, 61

Nikto, 359–360

NIST (National Institute of Standards and Technology)

1. 800–61, 325

2. 800–115, 187, 363–364

3. 800–144, 63

4. insider threats, 15

5. NIST800–53, 15

6. SP 800–53, 306

7. SP 800–63B, 478–480

Nmap, 170–173

NNTP (Network News Transfer Protocol), 42

nodes, The Dark Web, 192–193

nonvirus viruses, 139

NSA (National Security Agency)

1. assessment methodology, 188

2. NSA-IAM, 364–365

NSA ANT catalog, 384

nslookup command, 56–57

nuclear secrets, industrial espionage, 206

O flags, 48

OC3 connections, 38

OC12 connections, 38

OC48 connections, 38

Offensive Security, 367

old backup media, 349

“old” encryption, 251

old passwords, 344

OMB Circular A-130, 25

onion routing, 189–190

online resources, 25

1. CERT, 25

2. company searches, 413

3. cryptography, 228–229

4. cyber detectives, 416–417

5. email searches, 412

6. encryption, 228–229

7. F-Secure, 26

8. general searches, 411

9. hacking, 168–169

10. image searches, 411

11. Microsoft Security Advisor, 26

12. nodes, The Dark Web, 193

13. professional help, 366–368

14. SANS Institute website, 26

15. sex offender databases, 90, 413–415

16. system security, 346, 366–368

17. viruses, 133–134

OpenVAS, 363

operating system utilities, cyber forensics, 445–447

OR operations, 235

ophcrack, 182–183

OSForensics forensics tool, 439

OSI network model, 60–61

OWASP (Open Web Application Security Project)

1. SQL injection attacks, 12–13

2. ZAP, 355–357

Oxygen forensics tool, 439

packets

1. contents of, 49–50

2. filtering, 273–274

3. headers, 49–50

4. ICMP packets, blocking, 122

5. SPI, 274

6. SYN/ACK communications, 50

Pakistan, cyber terrorism, 381

Panda Security, machine learning and malware, 141

PAP (Password Authentication Protocol), 288

pass the hash attacks, 185

passive IDS (Intrusion Detection Systems), 280

passive scanning techniques, 167–169

passive security approaches, 23

passwords

1. age of, 344

2. cracking attacks, 182

   1. brute-force attacks, 182

   2. Brutus password cracking tool, 183

   3. Crack Station password cracking tool, 184

   4. dictionary attacks, 182

   5. hybrid attacks, 182

   6. John the Ripper password cracking tool, 183

   7. ophcrack, 182–183

   8. rainbow tables, 182

   9. THC-Hydra password cracking tool, 184

3. good passwords, 343

4. login attacks, 119

5. network security, 351

6. old passwords, 344

7. PAP, 288

8. policies, 309–310

9. SPAP, 289

PASTA threat modeling, 490

patches, system security, 337–338

PathPing command, 58–59

PATRIOT Act, 396–397

PC, finding evidence (cyber forensics)

1. autostart locations, 450

2. browsers, 440–441

3. Last Visited, 450

4. Linux logs, 442

5. logs, 441

6. operating system utilities, 445–447

7. Prefetch, 451

8. recent documents, 450

9. recovering deleted files, 442–444

10. ShellBags, 451

11. uninstalled software, 451

12. USB information, 449–450

13. UserAssist, 450

14. Windows Date/Time Stamps, 451

15. Windows Registry, 447–448

PCBC (Propagating Cipher-Block Chaining) mode, 244

PCI DSS (Payment Card Industry Data Security Standard), 189, 329, 365

PDoS attacks, 118

PEAP (Protected Extensible Application Protocol), 289

Pegasus spyware, 147

penetration testing, 19–20, 187

1. certifications, 166–167

2. defined, 166

3. National Vulnerability Database, 365

4. NIST 800–15, 363–364

5. NIST 800–115, 187

6. NSA assessment methodology, 188

7. NSA-IAM, 364–365

8. PCI DSS, 189, 365

People’s Drug Store, The, 191

perimeter security approaches, 23

Petya virus, 134

PGP (Pretty Good Privacy), 250–251

phishing, 81–82, 219

phlashing, 118

phone taps/bugs, industrial espionage, 211

phreaking, 20, 167

Physical layer (OSI network model), 60

physical security

1. locks, 345–346

2. old backup media, 349

3. server rooms, 345

4. servers, 348–350

5. system security, 345–346

6. workstations, 345, 346–348

ping command, 48, 53–55

1. DoS attacks, 107–108

2. PoD, 117

3. scans, 170

plain text, encryption, 237

Plaskett, Stacey, harassment, 85

PoD (Ping of Death), 117

Pod slurping, 181

poisoning

1. cookies, 180

2. DNS, 8, 15–16

policies, security, 304–305, 323

1. access control, 321–322

2. attachments, 312

3. BYOD, 314

4. data classification policies, 323

5. defined, 305

6. desktop configurations, 313–314

7. development policies, 322–323

8. disaster recovery, 324

   1. BCP, 325

   2. BIA, 325

   3. DRP, 324

   4. fault tolerance, 326–327

   5. impact analysis, 325

   6. ISO 27035, 325

   7. NIST 800–61, 325

9. DoD clearances, 323–324

10. email usage, 311–312

11. IM, 313

12. Internet usage, 310–311

13. ISO 17799, 307–308

14. ISO 17999, 305–306

15. ISO 27001, 306–307

16. ISO 27002, 307

17. laws/legislation

    1. HIPAA, 328–329

    2. PCI DSS, 329

    3. Sarbanes-Oxley Act, 329

18. NIST SP 800–53, 306

19. passwords, 309–310

20. software installations, 312

21. system administration policies, 316

    1. breaches, 319–321

    2. change requests, 317–319

    3. departing employee policies, 316–317

    4. DoS attacks, 320

    5. hacker intrusions, 320–321

    6. new employee policies, 316

    7. viruses, 319–320

22. system security assessments, 343–344

23. termination/expulsion policies, 315

24. user policies, 308–309, 314–316

25. Zero Trust, 327–328

Polybius cipher, 233

polymorphic viruses, 133

POP3 (Post Office Protocol 3), 42

POP3S (POP3 Secure), 42

ports

1. data transmission, 43

2. routers, 338

3. scanning, 169–173

4. system security, 338–341

PPTP (Point-to-Point Tunneling Protocol), 296

Prefetch, cyber forensics, 451

Presentation layer (OSI network model), 60

Principle of Transference, Locard’s, 436

privacy

1. laws, 25

2. Privacy Act (United States Code), the, 24

3. searches, 412

private clouds, 62, 461

private IP addresses, 44, 45–46

privileges, least, 22

probes, system security, 344–345

procedures, security, 323

propaganda, information warfare, 388–389

protection phase, system security assessments, 341–342

protocols

1. data transmission, 42–43

2. DNS, 42

3. FTP, 42

4. HTTP, 42

5. HTTPS, 42

6. IMAP, 42

7. IMAPS, 42

8. IRC, 42

9. NetBIOS, 42

10. NNTP, 42

11. POP3, 42

12. POP3S, 42

13. SMB, 42

14. SMTP, 42

15. SMTPS, 42

16. SSH, 42

17. Telnet, 42

18. TFTP, 42

19. Whois, 42

20. wireless protocols

    1. 6LoWPAN wireless protocol, 41

    2. ANT+ wireless protocol, 41

    3. DASH7 wireless protocol, 41

    4. Thread wireless protocol, 41

    5. WirelessHART wireless protocol, 41

    6. Zigbee wireless protocol, 41

    7. Z-Wave wireless protocol, 41

proxy servers, 20–21, 59

public clouds, 62, 461

public IP addresses, 44, 45–46

public-key (asymmetric) encryption, 245

1. Diffie-Hellman key exchange, 250

2. elliptic curve cryptography, 250

3. PGP, 250–251

4. RSA encryption, 246–249

pump and dump scams, 77

quantifiable data, cybersecurity engineering, 474–475

quantifying risk, 6–7

quantum computing cryptography, 259–260

quiescent state, cell phones, 452

RAID, 327

rail fence cipher, 232

rainbow tables, 182, 254–255

Ramos, Jeron, harassment, 85

ranges, IPv4 addresses, 45

ransomware

1. Atlanta ransomware attack, 136

2. Cybercrime Magazine, 3

3. Thanatos ransomware, 136

RC4 stream ciphers, 40, 243

recent documents, cyber forensics, 450

reconnaissance phase, hacking, 167

recovering deleted files, 442–444

recruiting, cyber terrorism, 399–400

red teams, 167

registration DoS attacks, 118

related-key attacks, 259

relay node, The Dark Web, 192

reliability engineering, 471–472, 473

repeaters, local networks, 37

reports, forensics, 438

1. Republic of Georgia, StopGeorgia.ru malware, 383

request forgeries, cross-site, 180

resources, online, 25

1. CERT, 25

2. company searches, 413

3. cryptography, 228–229

4. cyber detectives, 416–417

5. email searches, 412

6. encryption, 228–229

7. F-Secure, 26

8. general searches, 411

9. hacking, 168–169

10. image searches, 411

11. Microsoft Security Advisor, 26

12. nodes, The Dark Web, 193

13. professional help, 366–368

14. SANS Institute website, 26

15. sex offender databases, 90, 413–415

16. system security, 346, 366–368

17. viruses, 133–134

RFC 3227, 437

Rijndael block cipher. See AES

rings, 242

RIPEMD (RACE Integrity Primitives Evaluation Message Digest), 254

risk

1. assessments, 7, 17–18

   1. acceptance, 7

   2. ALE, 6

   3. ARO, 6

   4. avoidance, 7

   5. mitigation, 7

   6. SLE, 6

   7. system vulnerabilities, 5–6

   8. threat inventories, 5–6

   9. transference, 7

2. quantifying, 6–7

3. RMF, 476

RJ-45 connectors, 35

RMF (Risk Management Framework), 476

Romania, cybercrime laws/legislation, 90–91

Rombertik virus, 135

rootkits, 149–150

route command, 57–58

router-based firewalls, 275

routers

1. local networks, 38

2. ports, 338

3. security, 352

routing, onion, 189–190

RSA encryption, 246–249

RST cookies, TCP SYN flood attacks, 114

Russia

1. hacking, 381

2. StopGeorgia.ru malware, 383

sandboxes, virus scanners, 271

SANS Institute website, 26

Sarbanes-Oxley Act, 329

Sasser virus, 145–146

Saudi Arabia, cyber terrorism, 381–382

SCADA (Supervisory Control and Data Acquisitions)

1. components of, 388

2. cyber terrorism, 387–388

scanners, virus, 269

1. active code scanning, 271

2. attachments, 270

3. downloads, 270

4. email, 270

5. false negatives/positives, 271

6. files, 270

7. heuristic scanning, 271

8. machine learning, 271

9. operation of, 269–270, 271

10. sandboxes, 271

11. scanning techniques, 270–271

12. “sheep dip” machines, 271

scanning techniques

1. active, 169

   1. connect scans, 170

   2. enumeration, 174–175

   3. FIN probes, 173

   4. FIN scans, 171

   5. FTP bounce scans, 173

   6. ping scans, 170

   7. port scanning, 169–173

   8. Shodan, 175–176

   9. SNMP scans, 173

   10. SYN scans, 171

   11. vulnerability assessments, 173

2. National Vulnerability Database, 365

3. networks

   1. Kali Linux, 359–362

   2. Lynsis, 359

   3. NESSUS, 352–355

   4. Nikto, 359–360

   5. OpenVAS, 363

   6. OWASP ZAP, 355–357

   7. Shodan, 357–359

   8. Sparta, 360–362

   9. Vega, 362

4. NIST 800–15, 363–364

5. NSA-IAM, 364–365

6. passive, 167–169

7. PCI DSS, 365

scientific method, cyber forensics, 437

screened hosts, 275

script kiddies, 19, 167

Scytale cipher, 233

searches

1. company searches, 413

2. email searches, 412

3. general searches, 410

   1. online resources, 411

   2. privacy, 412

   3. Yahoo! People Search, 410–411

4. Google searches, 418

5. image searches, 411

6. privacy, 412

SEC (Securities and Exchange Commission), Internet fraud, 75, 77

SecML (Security Modeling Language), 480–481

1. concepts, 481

2. DID, 488

3. MCD, 484–486

4. security block diagrams, 489

5. security sequence diagrams, 486–488

secrets (trade), industrial espionage, 215–218

securing evidence, 432–433

security activities

1. auditing, 21

2. authentication, 21

Security Advisor, Microsoft, 26

security approaches

1. hybrid security approaches, 23–24

2. layered security approaches, 23

3. passive security approaches, 23

4. perimeter security approaches, 23

security block diagrams, 489

security checklists, 344

security concepts

1. CIA triangle, 21–22

2. least privileges, 22

3. McCumber cube, 21–22

security devices

1. firewalls, 20–21

2. IDS, 21, 23

3. proxy servers, 20–21

security policies, 304–305, 323

1. access control, 321–322

2. attachments, 312

3. BYOD, 314

4. data classification policies, 323

5. defined, 305

6. desktop configurations, 313–314

7. development policies, 322–323

8. disaster recovery, 324

   1. BCP, 325

   2. BIA, 325

   3. DRP, 324

   4. fault tolerance, 326–327

   5. impact analysis, 325

   6. ISO 27035, 325

   7. NIST 800–61, 325

9. DoD clearances, 323–324

10. email usage, 311–312

11. IM, 313

12. Internet usage, 310–311

13. ISO 17799, 307–308

14. ISO 17999, 305–306

15. ISO 27001, 306–307

16. ISO 27002, 307

17. laws/legislation

    1. HIPAA, 328–329

    2. PCI DSS, 329

    3. Sarbanes-Oxley Act, 329

18. NIST SP 800–53, 306

19. passwords, 309–310

20. software installations, 312

21. system administration policies, 316

    1. breaches, 319–321

    2. change requests, 317–319

    3. departing employee policies, 316–317

    4. DoS attacks, 320

    5. hacker intrusions, 320–321

    6. new employee policies, 316

    7. viruses, 319–320

22. system security assessments, 343–344

23. termination/expulsion policies, 315

24. user policies, 308–309, 314–316

25. Zero Trust, 327–328