GlOBal
ediTiOn
Corporate
Computer Security
FOURTH ediTiOn
Randall J. Boyle | Raymond R. Panko
, Fourth Edition
Corporate Computer
Security
Global Edition
Randall J. Boyle
Longwood University
Raymond R. Panko
-
University of Hawai`i at Manoa
Boston Columbus Indianapolis New York San Francisco Upper Saddle River
Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto
Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
, To Courtney Boyle, thank you for your patience, kindness,
and perspective on what’s most important in life.
—Randy Boyle
To Julia Panko, my long-time networking and security editor
and one of the best technology minds I’ve ever encountered.
—Ray Panko
Editor in Chief: Stephanie Wall Head of Learning Asset Acquisition, Global Edition:
Executive Editor: Bob Horan Laura Dent
Program Manager Team Lead: Ashley Santora Assistant Acquisitions Editor, Global Edition: Debapriya Mukherjee
Program Manager: Denise Vaughn Project Editor, Global Edition: Amrita Naskar
Director of Marketing: Maggie Moylan Media Producer, Global Edition: Vikram Kumar
Executive Marketing Manager: Anne Fahlgren Senior Manufacturing Controller, Production, Global Edition:
Project Manager Team Lead: Judy Leale Trudy Kimber
Project Manager: Tom Benfatti Cover Designer: PreMediaGlobal
Operations Specialist: Michelle Klein Cover Image: Devis Da Fre’/Shutterstock
Creative Director: Jayne Conte Digital Production Project Manager: Lisa Rinaldi
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on the appropriate page
within text.
Pearson Education Limited
Edinburgh Gate
Harlow
Essex CM20 2JE
England
and Associated Companies throughout the world
Visit us on the World Wide Web at: www.pearsonglobaleditions.com
© Pearson Education Limited 2015
The rights of Randall J. Boyle and Raymond R. Panko to be identified as the authors of this work have been asserted by them in accordance
with the Copyright, Designs and Patents Act 1988.
Authorized adaptation from the United States edition, entitled Corporate Computer Security, 4/e, ISBN 978-0-13-354519-7, by Randall J.
Boyle and Raymond R. Panko, published by Pearson Education © 2015.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording or otherwise, without either the prior written permission of the publisher or a license permit-
ting restricted copying in the United Kingdom issued by the Copyright Licensing Agency Ltd, Saffron House, 6–10 Kirby Street, London EC
1N 8TS.
All trademarks used herein are the property of their respective owners.The use of any trademark in this text does not vest in the author or
publisher any trademark ownership rights in such trademarks, nor does the use of such trademarks imply any affiliation with or endorsement
of this book by such owners.
Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in the documents and
related graphics published as part of the services for any purpose. All such documents and related graphics are provided “as is” without
warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information,
including all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular purpose, title and non-
infringement. In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any
damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out
of or in connection with the use or performance of information available from the services.
The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changes are periodically
added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the
program(s) described herein at any time. Partial screen shots may be viewed in full within the software version specified.
Microsoft® and Windows® are registered trademarks of the Microsoft Corporation in the U.S.A. and other countries. This book is not
sponsored or endorsed by or affiliated with the Microsoft Corporation.
Many of the designations by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations
appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps.
ISBN 10: 1-292-06045-X
ISBN 13: 978-1-292-06045-3 (Print)
ISBN 13: 978-1-292-06659-2 (PDF)
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
10 9 8 7 6 5 4 3 2 1
14 13 12 11 10
Typeset in Times, 10/12 by Integra Software Services Pvt. Ltd
Printed and bound by Courier Westford in the United States of America
, ContEntS
Preface 19
About the Authors 25
Chapter 1 The Threat Environment 27 Social Engineering in Malware 49
1.1 Introduction 28 Spam 50
phiShinG 50
Basic Security Terminology 28
Spear phiShinG 52
The ThreaT environmenT 28
SecuriTy GoalS 29 hoaxeS 53
compromiSeS 29 1.4 Hackers And Attacks 53
counTermeaSureS 29 Traditional Motives 53
1.2 Employee And Ex-Employee Anatomy of a Hack 54
Threats 35 TarGeT SelecTion 54
Why Employees Are Dangerous 35 reconnaiSSance probeS 55
Employee Sabotage 37 The exploiT 56
Employee Hacking 38 SpoofinG 56
Employee Financial Theft and Theft of Social Engineering in an Attack 57
Intellectual Property 38 Denial-of-Service Attacks 59
Employee Extortion 39 Skill Levels 61
Employee Sexual or Racial 1.5 The Criminal Era 62
Harassment 40
Dominance by Career Criminals 62
Employee Computer and Internet cybercrime 62
Abuse 40 inTernaTional GanGS 63
inTerneT abuSe 40
black markeTS anD markeT
non-inTerneT compuTer abuSe 41 SpecializaTion 64
Data Loss 41 Fraud, Theft, and Extortion 67
Other “Internal” Attackers 42 frauD 67
1.3 Malware 42 financial anD inTellecTual properTy
Malware Writers 42 ThefT 67
exTorTion aGainST corporaTionS 68
Viruses 42
Worms 44 Stealing Sensitive Data about
Customers and Employees 69
Blended Threats 46
carDinG 69
Payloads 46
bank accounT ThefT 69
Trojan Horses and Rootkits 46 online STock accounT ThefT 69
nonmobile malware 46 iDenTiTy ThefT 69
Trojan horSeS 47
The corporaTe connecTion 70
remoTe acceSS TrojanS 47
corporaTe iDenTiTy ThefT 70
DownloaDerS 48
Spyware 48 1.6 Competitor Threats 71
rooTkiTS 49 Commercial Espionage 71
Mobile Code 49 Denial-of-Service Attacks 72
3
ediTiOn
Corporate
Computer Security
FOURTH ediTiOn
Randall J. Boyle | Raymond R. Panko
, Fourth Edition
Corporate Computer
Security
Global Edition
Randall J. Boyle
Longwood University
Raymond R. Panko
-
University of Hawai`i at Manoa
Boston Columbus Indianapolis New York San Francisco Upper Saddle River
Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto
Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
, To Courtney Boyle, thank you for your patience, kindness,
and perspective on what’s most important in life.
—Randy Boyle
To Julia Panko, my long-time networking and security editor
and one of the best technology minds I’ve ever encountered.
—Ray Panko
Editor in Chief: Stephanie Wall Head of Learning Asset Acquisition, Global Edition:
Executive Editor: Bob Horan Laura Dent
Program Manager Team Lead: Ashley Santora Assistant Acquisitions Editor, Global Edition: Debapriya Mukherjee
Program Manager: Denise Vaughn Project Editor, Global Edition: Amrita Naskar
Director of Marketing: Maggie Moylan Media Producer, Global Edition: Vikram Kumar
Executive Marketing Manager: Anne Fahlgren Senior Manufacturing Controller, Production, Global Edition:
Project Manager Team Lead: Judy Leale Trudy Kimber
Project Manager: Tom Benfatti Cover Designer: PreMediaGlobal
Operations Specialist: Michelle Klein Cover Image: Devis Da Fre’/Shutterstock
Creative Director: Jayne Conte Digital Production Project Manager: Lisa Rinaldi
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on the appropriate page
within text.
Pearson Education Limited
Edinburgh Gate
Harlow
Essex CM20 2JE
England
and Associated Companies throughout the world
Visit us on the World Wide Web at: www.pearsonglobaleditions.com
© Pearson Education Limited 2015
The rights of Randall J. Boyle and Raymond R. Panko to be identified as the authors of this work have been asserted by them in accordance
with the Copyright, Designs and Patents Act 1988.
Authorized adaptation from the United States edition, entitled Corporate Computer Security, 4/e, ISBN 978-0-13-354519-7, by Randall J.
Boyle and Raymond R. Panko, published by Pearson Education © 2015.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording or otherwise, without either the prior written permission of the publisher or a license permit-
ting restricted copying in the United Kingdom issued by the Copyright Licensing Agency Ltd, Saffron House, 6–10 Kirby Street, London EC
1N 8TS.
All trademarks used herein are the property of their respective owners.The use of any trademark in this text does not vest in the author or
publisher any trademark ownership rights in such trademarks, nor does the use of such trademarks imply any affiliation with or endorsement
of this book by such owners.
Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in the documents and
related graphics published as part of the services for any purpose. All such documents and related graphics are provided “as is” without
warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information,
including all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular purpose, title and non-
infringement. In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any
damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out
of or in connection with the use or performance of information available from the services.
The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changes are periodically
added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the
program(s) described herein at any time. Partial screen shots may be viewed in full within the software version specified.
Microsoft® and Windows® are registered trademarks of the Microsoft Corporation in the U.S.A. and other countries. This book is not
sponsored or endorsed by or affiliated with the Microsoft Corporation.
Many of the designations by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations
appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps.
ISBN 10: 1-292-06045-X
ISBN 13: 978-1-292-06045-3 (Print)
ISBN 13: 978-1-292-06659-2 (PDF)
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
10 9 8 7 6 5 4 3 2 1
14 13 12 11 10
Typeset in Times, 10/12 by Integra Software Services Pvt. Ltd
Printed and bound by Courier Westford in the United States of America
, ContEntS
Preface 19
About the Authors 25
Chapter 1 The Threat Environment 27 Social Engineering in Malware 49
1.1 Introduction 28 Spam 50
phiShinG 50
Basic Security Terminology 28
Spear phiShinG 52
The ThreaT environmenT 28
SecuriTy GoalS 29 hoaxeS 53
compromiSeS 29 1.4 Hackers And Attacks 53
counTermeaSureS 29 Traditional Motives 53
1.2 Employee And Ex-Employee Anatomy of a Hack 54
Threats 35 TarGeT SelecTion 54
Why Employees Are Dangerous 35 reconnaiSSance probeS 55
Employee Sabotage 37 The exploiT 56
Employee Hacking 38 SpoofinG 56
Employee Financial Theft and Theft of Social Engineering in an Attack 57
Intellectual Property 38 Denial-of-Service Attacks 59
Employee Extortion 39 Skill Levels 61
Employee Sexual or Racial 1.5 The Criminal Era 62
Harassment 40
Dominance by Career Criminals 62
Employee Computer and Internet cybercrime 62
Abuse 40 inTernaTional GanGS 63
inTerneT abuSe 40
black markeTS anD markeT
non-inTerneT compuTer abuSe 41 SpecializaTion 64
Data Loss 41 Fraud, Theft, and Extortion 67
Other “Internal” Attackers 42 frauD 67
1.3 Malware 42 financial anD inTellecTual properTy
Malware Writers 42 ThefT 67
exTorTion aGainST corporaTionS 68
Viruses 42
Worms 44 Stealing Sensitive Data about
Customers and Employees 69
Blended Threats 46
carDinG 69
Payloads 46
bank accounT ThefT 69
Trojan Horses and Rootkits 46 online STock accounT ThefT 69
nonmobile malware 46 iDenTiTy ThefT 69
Trojan horSeS 47
The corporaTe connecTion 70
remoTe acceSS TrojanS 47
corporaTe iDenTiTy ThefT 70
DownloaDerS 48
Spyware 48 1.6 Competitor Threats 71
rooTkiTS 49 Commercial Espionage 71
Mobile Code 49 Denial-of-Service Attacks 72
3
