Contents (Translated by Gürol CANBEK) < ICS
CONTENTS
ABOUT THE
AUTHORS
CONTENTS
PRESENTATION
PREFACE
INFORMATION
and INFORMATION ASSETS
1.1
DATA
1.2
INFORMATION
1.3
KNOWLEDGE
1.4
WISDOM
1.5
INFORMATION TECHNOLOGIES AND INTELLECTUAL PROPERTY
HISTORY
OF INFORMATION SECURITY
2.1
CRYPTOGRAPHY and CRYPTOGRAPHY TECHNIQUES
2.2
HISTORY OF CRYPTOGRAPHY
2.2.1
Rosetta Stone
2.2.2
Steganography
2.2.3
Null Cipher
2.2.4
Cryptography Approaches
in Religious and in Mystics
2.2.5
Atbash Cipher
2.2.6
The Bible Code
2.2.7
The Number of the Beast
(666)
2.2.8
Pigpen Cipher
2.2.9
Scytale Cipher
2.2.10
Caesar Cipher
2.2.11
2.2.12
Cryptography in
2.2.13
El–Kindi – Frequency
Analysis in Cryptanalysis
2.2.14
Ebcet Calculations
2.2.15
Voynich Manuscripts
2.2.16
Polyalphabetic Cipher
2.2.17
American Cryptography
2.2.18
Enigma’s enigma
2.2.19
Modern Cryptography:
NSA, ECHELON, ENFOPOL, PROMIS
2.2.20
Public Key Cryptography
2.2.21
RSA
2.2.22
DES (Data Encryption
Standard)
2.2.23
Cryptographically
Hashing Functions
2.2.24
PGP (Pretty Good
Privacy)
2.3
CRYPTOGRAPHY HISTORY IN
2.4
MODERN CRYPTOGRAPHY IN
2.5
A GLANCE TO TODAY’S
CRYPTOGRAPHY APPROACHES
2.6
EVALUATION AND RESULTS
INFORMATION
and COMPUTER SYSTEMS’ SECURITY
3.1
THE IMPORTANCE OF
INFORMATION AND COMPUTER SECURITY
3.2
AREAS WHICH NEEDS
SECURITY
3.3
WHAT KIND OF
INFORMATION SECURITY?
3.4
EXPOSED SECURITY
VULNERABILITIES
3.4.1
Computers
3.4.2
Computer Networks
COMPUTER
ELEMENTS AND SECURITY MANAGEMENT
4.1
SECURITY LIMITS
4.2
SECURITY RISK MANAGEMENT
AND SECURITY PROCESSES
4.2.1
Prevention
4.2.2
Detection
4.2.3
Response
HACKING
IN CYBERSPACE, HACKER CULTURE and INFORMATION WARS
5.1
CYBERSPACE
5.2
HACKING AND HACKER
CULTURE
5.2.1
Old School Hackers
5.2.2
New School Hackers
5.2.3
Hacking in Industry:
Intel, Altair, Apple, Microsoft, ... 140
5.2.4
War Games
5.3
REAL PERSONALITIES IN
VIRTUAL SPACE
5.3.1
White-hat Hacker
5.3.2
Black-hat Hacker
5.3.3
Script Kiddy
5.3.4
Click Kiddy
5.3.5
Cracker
5.3.6
Web Site Defacer
5.4
HACKING AND WEB
DEFACEMENT IN
5.5
HACTIVISM
5.6
CYBER-TERROR AND
CYBERWAR
ATTACKS
AGAINST COMPUTER SYSTEMS AND ATTACK TYPES
6.1
ATTACKS
6.2
CLASSIFICATION OF
ATTACKS
6.2.1
Code Exploits
6.2.2
Eavesdropping
6.2.3
Denial of Service, DoS
6.2.4
Backdoors
6.2.5
Social Engineering
6.2.6
Indirect Attacks
6.2.7
Direct Access Attacks
6.2.8
Cryptographic Attacks
MALWARE,
TYPES, CLASSIFICATIONS AND CURRENT MALWARE
7.1
MALICIOUS SOFTWARE:
MALWARE
7.2
MAIN MALWARE TYPES
7.2.1
Computer Viruses
7.2.2
Computer
7.2.3
Trojan Horses
7.2.4
Spyware
7.2.5
Backdoors
7.2.6
Spams
7.2.7
Keyloggers
7.2.8
Browser Hijacking
7.2.9
Dialers
7.2.10
Rootkit
7.2.11
Exploits
7.3
MALWARE SUBTYPES
7.3.1
Adware
7.3.2
Parasiteware
7.3.3
Thiefware
7.3.4
Pestware
7.3.5
Browser Helper Object,
BHO
7.3.6
Remote Administration
Tool, RAT
7.3.7
Commercial RAT
7.3.8
Botnet
7.3.9
Flooder
7.3.10
Hostile ActiveX
7.3.11
Hostile Java
7.3.12
Hostile Script
7.3.13
IRC Takeover War
7.3.14
Nuker
7.3.15
Packer
7.3.16
Binder
7.3.17
Password Capture,
Password Hijacker
7.3.18
Password Cracker
7.3.19
Key Generator
7.3.20
Mail Bomber
7.3.21
Mass Mailer
7.3.22
E-mail Harvester
7.3.23
Web Bugs
7.3.24
Hoax
7.3.25
Urban Legend
7.3.26
Phishing
7.3.27
Web Scam and Fraud
7.3.28
Phreaking, Phone
Breaking
7.3.29
Port Scanner
7.3.30
Probe Tool
7.3.31
Search Hijacker
7.3.32
Sniffer
7.3.33
Spoofer
7.3.34
Spyware Cookie
7.3.35
Tracking Cookie
7.3.36
PIE
7.3.37
Trickler
7.3.38
War Dialer
7.3.39
Wabbit
7.4
TRIANGLE OF MALWARE
THREAT
7.5
EVALUATION AND RESULTS
HOW DO
SPYWARE ARISE?
WIDESPREAD
SPYWARE
KEYLOGGERS
and KEYLOGGING METHODS
10.1
KEYBOARDS AND WORKING
PRINCIPLES
10.2
TYPES OF KEYLOGGERS
10.2.1
Hardware Keyloggers
10.2.2
Software Keyloggers
10.3
METHODS USED IN
SOFTWARE KEYLOGGERS
10.3.1
10.3.2
Windows Keyboard Hooks
10.3.3
Kernel Based Keyboard
Filter Drivers
10.4
SOFTWARE KEYLOGGERS IN
POSIX (LINUX/BSD/UNIX) AND LINUX
10.5
FUNDAMENTAL OPERATION
PRINCIPLES OF KEYLOGGERS
10.5.1
Setup and Automatic
Startup
10.5.2
Monitoring Activities
Surreptitiously
10.5.3
Recording Data
10.5.4
Transfer of Data
10.5.5
Removing from Host System
10.6
EXISTING KEYLOGGERS
ANTI-KEYLOGGERS
11.1
SYMPTOMS OF A KEYLOGGER
11.2
PREVENTIVE MEASURES
AGAINST HARDWARE KEYLOGGERS
11.2.1
Wireless, Infrared,
Bluetooth and Laser Keyboards
11.2.2
Virtual Keyboards
11.3
SECURE INFORMATION
ENTRY IN PUBLIC PLACES
IMPORTANT
EVENTS RELATED TO MALWARE AND SPYWARE
12.1
INTERNATIONAL EVENTS
12.1.1
Sony BMG
12.1.2
Microsoft WMF
Vulnerability
12.1.3
12.1.4
H&R Block
12.1.5
Ford Motor
12.1.6
Japanese Bank Robbery
12.1.7
Sam’s Club
12.1.8
Guidance Software
12.1.9
12.1.10
Google
12.1.11
English Rogue Dialers
12.1.12
Israeli Trojan Horse
Scandal
12.2
EVENTS IN
12.2.1
AB Representative Karen
Fogg’s E-mail, February 2002
12.2.2
“Neþe’s ‘hacker’
problem”, January 2003
12.2.3
Hacker Gangs Arrested,
August 2004 325
12.2.4
The Virtual Bank
Wronged, 2005
12.2.5
“Hacker Robbery in Bank
Branch”, February 2006
12.2.6
White-hat hackers win
versus Black-hat hackers, March 2006
12.2.7
Credit Card Cloning of
a big Supermarket Chains, May 2006
12.2.8
‘Hacker Hacko’ fails by
Cyber police, June 2006
12.2.9
Laptop Thefts,
May–August 2006
SIGNS
OF SPYWARE EXISTING IN COMPUTERS
INFECTION
AND PROPAGATION METHODS OF SPYWARE AND MALWARE
14.1
CLIENT (VICTIM)
ATTRACTING METHODS
14.2
END-USER LICENSE
AGREEMENTS (EULA)
14.3
DRIVE-BY DOWNLOAD
14.4
UNINSTALL MECHANISM
PREVENTING
FROM SPYWARE
15.1
FIRST 10 THINGS TO DO
WITH YOUR NEW COMPUTER BEFORE SURFING IN THE INTERNET
15.2
WHAT YOU MUST BEFORE
BUYING, BEFORE INSTALLING AND WHILE USING PROGRAMS
15.3
GENERAL PRECAUTIONS
TAKEN BY SYSTEM AND NETWORK ADMINISTRATORS
15.4
SECURITY IN WINDOWS
2000 PROFESSIONAL OR SERVER SETUPS
15.5
LAPTOP/NOTEBOOK
SECURITY
AUTOMATIC
STARTUP METHODS OF SPYWARE
16.1
AUTOEXEC.BAT
16.2
WINSTART.BAT
16.3
STARTUP FOLDER
16.4
WIN.INI FILE
16.5
SYSTEM.INI
16.6
WININIT.INI
16.7
REGISTRY SHELL OPEN
COMMAND KEY
16.8
ALTERNATE REGISTRY KEYS
16.9
REGISTRY
TECHNIQUES
TO PREVENT MALWARE AND SPYWARE
17.1
KILL BIT ActiveX
BLOCKING
17.2
INTERNET EXPLORER
CONFIGURATION
17.3
BLOCKING HOST SERVERS
WITH SPYWARE
17.4
ANTIVIRUS
17.5
FIREWALLS
17.6
ANTISPYWARE
ANTISPYWARE
AND OTHER PROTECTING SOFTWARE
18.1
SPYWARE ELIMINATOR
18.2
COUNTERSPY
18.3
SPY SWEEPER
18.4
SPYSUBTRACT
18.5
SPYWARE DOCTOR
18.6
PESTPATROL
18.7
AD-AWARE SE PRO
18.8
SPYBOT – SEARCH &
DESTROY
18.9
MICROSOFT ANTISPYWARE
(BETA 1)
18.10
Microsoft Malware
Removal Tool
18.11
MICROSOFT PHISHING
FILTER
18.12
WINDOWS DEFENDER (BETA
2)
18.13
WINDOWS LIVE
18.14
WINDOWS LIVE ONECARE
18.15
MICROSOFT PRIVATE
FOLDER
NEW
SECURITY TECHNOLOGIES IN OPERATING SYSTEMS
19.1
THE NEW SECURITY
TECHNOLOGIES IN WINDOWS
19.1.1
User Account
Authentication
19.1.2
Code Integrity, CI
19.1.3
Data Encryption and
BitLocker
19.1.4
Application Isolation
19.1.5
Data Redirection
19.1.6
Cryptography
19.1.7
Credential Providers
19.1.8
Service Hardening
19.1.9
Windows Internet
Explorer 7
COMPUTER
AND INTERNET SECURITY OF CHILDREN AND TEENAGERS
20.1
ONLINE ACTIVITIES OF
CHILDREN AND TEENAGERS
20.2
RISKS AND THREATS
AWAITING CHILDREN
20.3
MEASURES BY PARENTS AND
AUTHORITIES
WORKPLACE
SECURITY AND ELECTRONIC SURVEILLANCE
21.1
SECURITY WEAKNESSES IN
WORKPLACES
21.2
COMPUTER AND INTERNET
USAGE IN WORKPLACE
21.3
WORKPLACE SURVEILLANCE
21.4
CONCLUSIONS
PRIVACY
AND CYBERCRIMES
22.1
PRIVACY AND CYBERCRIME
22.2
LEGAL REGULATIONS
AGAINST CYBERCRIMES IN
22.3
PROTECTING PRIVACY IN INTERNET:
ANONYMOUS SURFING
22.4
RESULTS
APPENDIX-A DICTIONARY
OF TERMS
ENGLISH–TURKISH
SECURITY DICTIONARY
TURKISH–ENGLISH
SECURITY DICTIONARY
APPENDIX-B INTERNET
DOMAIN NAMES
Generic
Top-Level Domains, gTLS
Turkish
Domain Names
Country-Code
Top-Level Domains (ccTLDs)
INDEX