O'Reilly logo

Enemy at the Water Cooler by Brian T Contos

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

258 Index
logs, security, 108–110, 116,
118–119, 125, 141–142, 182,
214–220
Long, Johnny, 41
Loverspy (Perez-Melara), 17
M
Magic Lantern surveillance tool, 25
malware, 17
Managed Security Services
Providers (MSSPs), 90, 93–96
management assessment of internal
controls (Sarbanes-Oxley),
182
managing
incident management programs,
192–197
incidents, 66–67
incidents by ESM, 80–81,
188–198
security. See Enterprise Security
Management
mantraps, 103
markets, black, 11–13
medical records, malicious use of,
162–163
Meeks, Frank, 80
merging organizations, ESM issues
with, 130–135
metrics of incident management,
197
Microsoft
and Code Red, 5
Windows 98 vulnerability, 45
Mitnick, Kevin, 122
mobile devices
attacks on, 38
protecting, 207
monitoring
and disclosure of incidents,
172–173
interaction with financial
processes (Sarbanes-Oxley),
183
Morris, Robert, 3
motivations
of cyber criminals, 7–10
of insiders, 50–56
MSSPs (Managed Security
Services Providers), 90, 93–96
N
Napoleon, 101
National Institute of Standards and
Technology documents. See
NIST
nation-state threats, 26–30
Network Time Protocol (NTP),
111
networks
air gapped, 32
botnets, 35–36
Nielsen, Jakob, 69
Nimda worm, 5–6
NIST 800-50 security awareness
training program, 203, 206
NIST 800-53 technical controls,
227, 229, 231–234
424_Wtr_Clr_index.qxd 7/28/06 1:40 PM Page 258
Index 259
NIST 800-92, on computer log
management, 217–219
normalization and ESM, 72, 219
NTP (Network Time Protocol),
111
O
Oechslin, Dr. Philippe, 38
on-line auctions, 165–166
operating system logs, 216
Orange Book,The, least privileges
principle, 65
organizations
asset inventories, 211–213
insider writing code for another
company, 166
internal vs. external threats to, 34
managing risk, 63
merging, and ESM issues,
130–135
reducing security risks, 105–106
organized crime, attacks by, 17–19
outsourcing
insiders, 167
security, 93–96
P
Painter, Christopher M.E., 121
password cracking, 36
passwords
keeping secure, 138–140
strong authentication, 65–66
patches, problems with, 44–45
pattern discovery and ESM,
79–80, 119–121
Pen Register Track and Trace
statutes, 172–173
penetration testing, 42–43
Perez-Melara, Carlos Enrique, 17
Persian Gulf War, 79–80
Philadelphia Mint, 168
physical and logical security
convergence, 222–227
phishing, 39–41
pirated software, hosting, 163–164
pod-slurping, 164–165
policies and insider threats, 60–62,
205
political motivations of cyber
criminals, 9
pre-employment checks, 201–202
preventing
identity theft, 20–23
insider threats and attacks, 64–67,
210–211, 233–235
prioritization, and ESM, 77–78
process, defining for incident
management, 193–194
profiles of insiders, cyber criminals,
7–10, 51–56
Project ECHELON, 25
protecting
mobile computers, devices, 207
protocols
See also specific protocol
and common services, 148
provider protection, interception
of information, 173
424_Wtr_Clr_index.qxd 7/28/06 1:40 PM Page 259
260 Index
proxy servers, anonymous, 12
Puzzle Palace,The (Bamford), 61
R
Rainbow Tables, 38
ransomware, 37
Recommended Security Controls for
Federal Information Systems
(NIST 800-53), 203, 206
records
and incident management, 196
malicious use of medical,
162–163
remediation
ESM feature requirements, 84–85
and incident management, 196
university example of, 146–153
reporting
corporate responsibility for
financial reports (Sarbanes-
Oxley), 182
ESM feature requirements, 83–84
in incident management
programs, 197
vulnerabilities, 44
response
to incidents, 234–235
time reduction for events, 78
return on investment (ROI),
ESM’s, 85–90
return on security investment
(ROSI), ESM’s, 85–90
Revlon cosmetics, 24
Revson, Charles, 24
Rickover, H.G., 91
risk
defining for incident
management, 192–193
managing, 63, 189
reducing, 105–106
and ROSI, 86
robot networks, 35–36
Rogers, Marcus K., 10
ROI (return on investment),
ESM’s, 85–90
role-based-access-controls
(RBAC), 64
rootkits described, 41–42
ROSI (return on security
investment), ESM’s, 85–90
Russia
and cyber threats, 28
eavesdropping incidents, 61,
157–158
S
SANS.org, on security policies,
206
Sarbanes-Oxley legislation
and asset inventories, 212–213
introduction to provisions of,
181–183
and other laws, 180–181, 185
real-time issuer disclosures, 184
SCADA (Supervisory Control and
Data Acquisition), 139, 142
scalability of ESM systems, 92
Schneier, Bruce, 29, 145, 199
script kiddies, 14–15
Secrets & Lies (Schneier), 29
424_Wtr_Clr_index.qxd 7/28/06 1:40 PM Page 260
Index 261
security
logs, 108–119, 125, 141–142,
214–220
outsourcing, co-sourcing, 93–96
passwords. See passwords
physical and logical, convergence
of, 222–227
protecting sensitive information,
206–210
awareness training programs, 203
return on security investment
(ROSI), 85–90
Security Event Management
(SEM), 69
Security Information Management
(SIM), 69
security policies and insider
threats, 60–62
SEM (Security Event
Management), 69
separation of duties principle, 65
services, anonymous, 12
SIM (Security Information
Management), 69
Slammer Worm, 6, 79
social engineering, 42–43, 53
Social Learning Theory and Moral
Disengagement Analysis of
Criminal Computer Behavior, A
(Rogers), 10
software, hosting pirated, 163–164
Spafford, Gene, 49, 50
spam, SPIT (SPam over Internet
Telephone), 43
Spies Among Us (Winkler), 8
SPIT (SPam over Internet
Telephone), 43
spoofing IP addresses, 37
SQL Slammer worm, 6, 79
stakeholder involvement in
incident management,
195–196
standards for security policies,
205–206
strong authentication, 65–66
Sumitomo Mitsui Bank
keylogging incident, 43
Sun Tzu, 161
Supervised Release and Probation
Restrictions in Hacker Cases
(Painter), 121
Supervisory Control and Data
Acquisition (SCADA), 139,
142
Sutton, Willie, 18
T
terrorist threats described, 30–32
threats
See also specific threat
Blended Threats, 5
collaborative with
telecommunications
company, 123–128
insiders. See insiders
nation-state, 26–30
threatscape, 4
tools used by cyber criminals,
34–45
424_Wtr_Clr_index.qxd 7/28/06 1:40 PM Page 261
262 Index
Tor Onion servers, 12
training
and ESM, 93
for incident management
programs, 195
U
UBS PaineWebber, 57
United Kingdom and cyber
threats, 28
United States and cyber threats, 28
universities, identity theft at,
146–153
University of Washington’s
Medical Center hack,
162–163
URLs (Universal Resource
Locators), phishing and, 40
V
vendor patches, problems with,
44–45
Verton, Dan, 24
visualization, ESM feature
requirement, 81–83
Voice over IP (VoIP) attacks, 43
vulnerabilities, and asset
information, 73
vulnerability threat window, 5
W
Wachovia Corp., 58
wallets and identity theft, 19
war games, 188
Warhol Worms (Weaver), 6
watch lists, 75
Weaver, Nicholas, 6
Web server logs, 216
Windows 98 vulnerability, 45
Winkler, Ira, 8
wireless
attacks on, 38
insider attack example, 157
Voice over IP (VoIP) attacks, 43
Wiretap Act, 172, 173
Witty Worm, 7
worms
See also specific worm
Nimda, 5–6
and pattern discovery, 79–80
Y
Yahoo!, and John Doe suits, 13
Z
zero-day exploits, 44–45
zoning and global positioning
system data, 73–75
Zotob Worm, 7, 16
424_Wtr_Clr_index.qxd 7/28/06 1:40 PM Page 262

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required