Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Defending Your Digital Assets against Hackers,Crackers,Spies,and Thieves

Defending Your Digital Assets against Hackers,Crackers,Spies,and Thieves

by Randall K. Nichols, William E. Baugh (Foreword by), Julie J. Ryan (Joint Author), Daniel J. Ryan, Julie J. Ryan

See All Formats & Editions

Learn to stop digital espionage-before it happens!

Manage your way to security in an increasingly interconnected world. Network data has become increasingly valuable in today's public and private sectors,as has become painfully clear to those in Fortune 500 companies and to those in top branches of government who store information digitally. But exactly how safe


Learn to stop digital espionage-before it happens!

Manage your way to security in an increasingly interconnected world. Network data has become increasingly valuable in today's public and private sectors,as has become painfully clear to those in Fortune 500 companies and to those in top branches of government who store information digitally. But exactly how safe is the informaton that is accessible from a network?

According to the expert authors of Defending Your Digital Assets Against Hackers,Crackers,Spies & Thieves and RSA Security,the most trusted name in e-security,NO data is safe. In fact,digital espionage,theft and destruction occur every day,and most attacks go undetected until it is too late.

This groundbreaking new work discusses the growing vulnerabilities due to interconnectivity and the importance of protecting digital information. It offers detailed explanations of how and why attacks in progress,and quickly recover business operations. This is the first title from RSA Press,the new publishing group from RSA Security. RSA Security helps organizations build secure,trusted foundations for e-business through its two-factor authentication,encryption and public key management systems.

Learn to stop digital espionage—before it happens!

Network data has become increasingly valuable in today's public and private sectors. But exactly how safe is the information that's accessible from a network? According to the expert authors of Defending Your Digital Assets Against Hackers,Crackers,Spies and Thieves,NO data is safe. In fact,digital espionage,theft and destruction occur every day,and most attacks go undetected until it's too late. Thisgroundbreaking new work discusses the growing vulnerabilities and the importance of protecting digital information. It explains how and why attacks occur and shows you how to prevent and detect future attacks.

Key features include:

  • Real-world case studies that show how attacks have been carried out
  • How to evaluate a network for security holes and how to plug them
  • How to detect and react when a network is under attack
  • Evaluation of commercially available virtual private networks
  • Approach to network security that takes business practices into account

This book offers what no other book can: a guide to defending your digital assets against all manner of threats,whatever their motivation or source. The ideas and strategies contained in this book are essential to anyone managing valuable data on a network.

Editorial Reviews

The Barnes & Noble Review
If you're a manager called upon to exercise due diligence in protecting your organization's data, Defending Your Digital Assets gives you the "big picture" you need to make intelligent judgments regarding your risks, and educated choices about what to do about them.

This isn't an infosec specialist's book: it's a book for the rest of us. It starts with a thoughtful review of the challenges you face in securing corporate data against disclosure, misuse, alteration, or destruction. You'll learn about the tools, processes, and technologies available to help you respond, from firewalls to Virtual Private Networks, biometrics to digital certificates—and how to define a security architecture that makes the most of them all.

There's a full section on enterprise continuity planning: vulnerability assessment, countermeasures, backups, beta sites, training, awareness, auditing, and what to do during and after an attack. In this age of eBusiness, the authors devote special attention to protecting web servers.

Finally, for those interested in military and information warfare issues, there's extensive coverage of cyberwar, infowar weapons and intelligence. Hey, you may think this section doesn't apply to you, but don't be so sure.

bncom editor

Product Details

McGraw-Hill Professional
Publication date:
Product dimensions:
7.33(w) x 9.23(h) x 2.24(d)

Read an Excerpt

Chapter 1: Introduction to Digital Espionage

The Criminal Playground

Computer crimes take several forms including sabotage, revenge, vandalism, theft, eavesdropping, and even "data diddling," or the unauthorized altering of data before, during, or after it is input into a computer system. Computers can be used to commit such crimes as credit card fraud, counterfeiting, bank embezzlement, and theft of secret documents. The physical theft of a disk storing 2.8 MB of intellectual data is considered data theft. Logging into a computer account with restricted access and being caught there or purposely leaving evidence in the form of a message with an explanation of what has been done are examples of data diddling. A traveling employee who leaves his or her computer unattended while on an airplane, only to discover an empty drive slot to the tune of lost billing information, marketing plans, and/or customer data, can be considered inattentive, but this type of incident is steadily increasing.

Another type of computer crime involves electronic funds transfer or embezzlement. The first person convicted under the Computer Fraud and Abuse Act was Robert T. Morris Jr., who, as a Cornell graduate student, introduced a "worm" into the Internet. These "worms" float freely through the computer environment, attacking programs in a manner similar to viruses. Some would consider this an act of vandalism. By multiplying, the worm interfered with approximately 6200 computers. Morris was sentenced to three years' probation, ordered to pay a $10,000 fine, required to perform 40 hours of community service, and required to pay $91 per month to cover his probation supervision.

Computerscan play three different roles in criminal activity. First, computers can be targets of an offense; for example, a hacker tries to steal information from or damage a computer or computer network. Other examples of this behavior include vandalism of Web sites and the introduction of viruses into computers.

Second, computers can be tools in the commission of a traditional offense, for instance, to create and transmit child pornography. COMSEC Solutions composed an interesting list wherein the computer was used a * tool to facilitate the following crimes:"

  • Drug trade
  • Illegal telemarketing
  • Fraud, especially false invoices
  • Intellectual property theft
  • "True face" or ID theft and misrepresentation
  • Espionage, both industrial and national
  • Conventional terrorism and crimes
  • VA Electronic terrorism and crime
  • Electronic stalking
  • Electronic harassment of ex-spouses
  • Inventory of child pornography
  • Bookmaking
  • Contract repudiation on the Internet
  • Cannabis smuggling
  • Date rape
  • Gang crimes, especially weapons violations
  • Organized crime
  • Armed robbery simulation
  • Copycat crimes
  • Pyramid schemes
  • DoS (denial of service) attacks
  • Exposure or blackmail schemes
  • Revenge and solicitation to murder of spouses
  • Hate crimes
  • Web site defacement (automated)

Third, computers can be incidental to the offense, but still significant for law enforcement purposes. For example, many drug dealers now store their records on computers, which raises difficult forensic and evidentiary issues that are different from paper records.

In addition, a single computer could be used in all three ways. For example, a hacker might use his or her computer to gain unauthorized access to an Internet service provider ("target") such as America Online, and then use that access to illegally distribute ("tool") copyrighted software stored on the ISP's computer-server hard drive ("incidental"). COMSEC Solutions composed another interesting list where the computer was an incidental part of computer crime. These included hacking, data theft, diddling, alteration and destruction, especially involving financial or medical records, spreading viruses or malicious code, misuse of credit and business information, theft of services, and finally, denial of service.

Internet service providers (ISPs) and large financial institutions are not the only organizations that should be concerned about computer crime. Hackers can affect individual citizens directly or through the person's ISP by compromising the confidentiality and integrity of personal and financial information. In one case, a hacker from Germany gained complete control of an ISP server in Miami and captured all the credit card information maintained about the service's subscribers. The hacker then threatened to destroy the system and distribute all the credit card numbers unless the ISP paid a ransom. German authorities arrested the hacker when he tried to collect the money. Had he been quiet, he could have used the stolen credit card numbers to defraud thousands of consumers.

Government records, like any other records, can be susceptible to a network attack if they are stored on a networked computer system without proper protections. In Seattle, two hackers pleaded guilty to penetrating the U.S. District Court system, an intrusion that gave them access to confidential and even sealed information. In carrying out their attack, they used supercomputers at the Seattle-based Boeing Computer Center to crack the courthouse system's password file. If Boeing had not reported the intrusion to law enforcement, the district court system administrator would not have known the system was compromised.

The computer can also be a powerful tool for consumer fraud. The Internet can provide a con artist with an unprecedented ability to reach millions of potential victims. As far back as December 1994, the Justice Department indicted two individuals for fraud on the Internet. Among other things, these persons had placed advertisements on the Internet promising victims valuable goods upon payment of money. But the defendants never had access to the goods and never intended to deliver them to their victims. Both pleaded guilty to wire fraud.

Personal computers can be used to engage in new and unique kinds of consumer fraud never before possible. In one interesting case, two hackers in Los Angeles pleaded guilty to computer crimes committed to ensure they would win prizes given away by local radio stations. When the stations announced that they would award prizes to a particular caller-for example, the ninth caller-the hackers manipulated the local telephone switching network to ensure that the winning call was the own. Their prizes included two Porsche automobiles and $30,000 in cash. Both miscreants received substantial jail terms.

In another interesting case that raises novel issues, a federal court in New York granted the Federal Trade Commission's request for a temporary restraining order to shut down an alleged scam on the World Wide Web. According to the FTC's complaint, people who visited pornographic Web sites were told they had to download a special computer program to view the sites. Unknown to them, the program secretly rerouted their phone calls from their own local Internet provider to a phone number in Moldova, a former Soviet republic, for which a charge of more than $2 a minute could be billed. According to the FTC, more than 800,000 minutes of calling time were billed to U.S. customers."

Internet crimes can be addressed proactively and reactively. Fraudulent activity over the Internet, like other kinds of crimes, can be prevented to some extent by increased consumer education. People must bring the same common sense to bear on their decisions in cyberspace as they do in the physical world. They should realize that a World Wide Web site can be created at relatively low cost and can look completely reputable even if it is not. The user should invest time and energy to investigate the legitimacy of parties with whom they interact over the Web, Just as with other consumer transactions, we should be careful about where and to whom we provide our credit card numbers. The legal maxim caveat emptor ("let the buyer beware"), which dates back to the early sixteenth century, applies with full force in the computer age.

The public can also be protected by vigorous law enforcement. Many consumer-oriented Internet crimes, such as fraud or harassment, can be prosecuted using traditional statutory tools, such as wire fraud. Congress substantially strengthened the laws against computer crime in the National Information Infrastructure Protection Act of 1996. The law contains 11 separate provisions designed to protect the confidentiality, integrity, and availability of data and systems.

Novel Challenges: Jurisdiction and Identity

The Internet presents novel challenges for law enforcement. Two particularly difficult issues for law enforcement are identification and jurisdiction...

Meet the Author

Randall K. Nichols (Carlisle, PA) formed COMSEC Solutions, LLC in 1997 [www.comsec-solutions.com]. He has 35 years of experience in a variety of leadership roles in cryptography and computer applications in the engineering, consulting, construction, and chemicals industries. In addition to CEO duties for COMSEC Solutions, Nichols teaches graduate level courses in Cryptography and Systems Applications Management and Policy at the George Washington University in Washington, DC and has also taught cryptography at the FBI National Academy in Quantico, VA. Mr. Nichols is a professional speaker and regularly presents material at professional conferences, national technology meetings, schools and client in-house locations on INFOCRIME/INFOSEC/ INFOWAR. Defending Your Digital Assets is Randall's fourth book on cryptography and INFOSEC countermeasures.

Daniel J. Ryan (Washington, DC) is a lawyer, businessman and educator. Prior to entering private practice, Ryan served as Corporate VP of Science Applications International Corporation (SAIC), and was responsible for strategic planning and development of the company's business and information security for government and commercial clients. Daniel has also held positions in information security for the CIA, the Secretary of Defense, and private consulting firms.

Julie J. C. H. Ryan (Washington, DC) is President of the Wyndrose Technical Group, Inc, which provides information technology and security consulting services. Prior to Wyndrose, Julie's experience includes security and systems positions with the Defense Intelligence Agency, Booz Allen & Hamilton, and TRW.

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews