100% found this document useful (1 vote)

11 views

Principles of Computer Security: CompTIA Security+ and Beyond 2nd edition Edition Conklin download

The document provides links to download various editions of the book 'Principles of Computer Security: CompTIA Security+ and Beyond' along with other related textbooks. It includes an objectives map for CompTIA Security+ covering topics such as systems security, network infrastructure, access control, assessments, audits, and cryptography. The document emphasizes the importance of these resources for individuals preparing for the CompTIA Security+ certification exam.

Uploaded by

mcniffthemy

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

11 views

Principles of Computer Security: CompTIA Security+ and Beyond 2nd edition Edition Conklin download

Uploaded by

mcniffthemy

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 83

Visit https://ebookmass.

com to download the full version and

browse more ebooks or textbooks

Principles of Computer Security: CompTIA Security+

and Beyond 2nd edition Edition Conklin

_ Press the link below to begin your download _

https://ebookmass.com/product/principles-of-computer-
security-comptia-security-and-beyond-2nd-edition-edition-
conklin/

Access ebookmass.com now to download high-quality

ebooks or textbooks
We believe these products will be a great fit for you. Click
the link to download now, or visit ebookmass.com
to discover even more!

Principles of Computer Security: CompTIA Security+ and

Beyond (Exam SY0-601), 6th Edition Greg White

https://ebookmass.com/product/principles-of-computer-security-comptia-
security-and-beyond-exam-sy0-601-6th-edition-greg-white/

Principles of Computer Security: CompTIA Security+ and

Beyond Lab Manual (Exam SY0-601) Jonathan S. Weissman

https://ebookmass.com/product/principles-of-computer-security-comptia-
security-and-beyond-lab-manual-exam-sy0-601-jonathan-s-weissman/

Principles of Computer Security - Wm. Arthur Conklin &

Greg White & Chuck Cothren & Roger L. Davis & Dwayne
Williams
https://ebookmass.com/product/principles-of-computer-security-wm-
arthur-conklin-greg-white-chuck-cothren-roger-l-davis-dwayne-williams/

Computer Security Principles and Practice 5th Edition

William Stallings

https://ebookmass.com/product/computer-security-principles-and-
practice-5th-edition-william-stallings/
CompTIA Security+ All-in-One Exam Guide (Exam SY0-601))
Wm. Arthur Conklin

https://ebookmass.com/product/comptia-security-all-in-one-exam-guide-
exam-sy0-601-wm-arthur-conklin/

CompTIA Security+ All-in-One Exam Guide, Sixth Edition

(Exam SY0-601)) Wm. Arthur Conklin

https://ebookmass.com/product/comptia-security-all-in-one-exam-guide-
sixth-edition-exam-sy0-601-wm-arthur-conklin/

CompTIA Security+ All-in-One Exam Guide (Exam SY0-501) 5th

Edition Wm. Arthur Conklin

https://ebookmass.com/product/comptia-security-all-in-one-exam-guide-
exam-sy0-501-5th-edition-wm-arthur-conklin/

Comptia Security+ Guide to Network Security Fundamentals

7th Edition Mark Ciampa

https://ebookmass.com/product/comptia-security-guide-to-network-
security-fundamentals-7th-edition-mark-ciampa/

Physical Security Principles

https://ebookmass.com/product/physical-security-principles/
Color profile: Disabled
BaseTech
Composite Default screen / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix

A Objectives Map:
CompTIA Security+
Topic Chapter(s)
1.0 Systems Security
1.1 Differentiate among various systems security threats.
Privilege escalation 15
Virus 15, 16
Worm 15, 16
Trojan 15, 16
Spyware 15, 16
Spam 15, 16
Adware 15, 16
Rootkits 15
Botnets 15
Logic bomb 15
1.2 Explain the security risks pertaining to system hardware and peripherals.
BIOS 10
USB devices 10
Cell phones 10
Removable storage 10
Network attached storage 10
1.3 Implement OS hardening practices and procedures to achieve workstation and server security.
Hotfixes 10, 14
Service packs 10, 14
Patches 10, 14
Patch management 10, 14
Group policies 14
Security templates 14
Configuration baselines 14
1.4 Carry out the appropriate procedures to establish application security.
ActiveX 17
Java 17
Scripting 17
Browser 17
Buffer overflows 17, 18

640

P:\010Comp\BaseTech\375-8\App.vp
Monday, November 09, 2009 10:49:45 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Appendix

Topic Chapter(s)
Cookies 17
SMTP open relays 17, 18
Instant messaging 16, 17
P2P 17
Input validation 17, 18
Cross-site scripting (XSS) 17
1.5 Implement security applications.
HIDS 13
Personal software firewalls 10, 13
Antivirus 10, 13
Anti-spam 10, 13
Popup blockers 10, 13
1.6 Explain the purpose and application of virtualization technology.
10
2.0 Network Infrastructure
2.1 Differentiate between the different ports & protocols, their respective threats and mitigation techniques.
Antiquated protocols 11
TCP/IP hijacking 11, 15
Null sessions 15
Spoofing 15
Man-in-the-middle 15
Replay 15
DOS 15
DDOS 15
Domain Name Kiting 15
DNS poisoning 15
ARP poisoning 15
2.2 Distinguish between network design elements and components.
DMZ 9
VLAN 9
NAT 9
Network interconnections 9
NAC 10
Subnetting 9
Telephony 3, 10
2.3 Determine the appropriate use of network security tools to facilitate network security.
NIDS 10, 13
NIPS 10, 13
Firewalls 10, 13

641
Appendix A: Objectives Map: CompTIA Security+

Topic Chapter(s)
Proxy servers 10, 13
Honeypot 10, 13
Internet content filters 13
Protocol analyzers 10, 13
2.4 Apply the appropriate network tools to facilitate network security.
NIDS 10, 13
Firewalls 10, 13
Proxy servers 10, 13
Internet content filters 13
Protocol analyzers 10, 13
2.5 Explain the vulnerabilities and mitigations associated with network devices.
Privilege escalation 10
Weak passwords 10
Back doors 10
Default accounts 10
DOS 10
2.6 Explain the vulnerabilities and mitigations associated with various transmission media.
Vampire taps 10
2.7 Explain the vulnerabilities and implement mitigations associated with wireless networking.
Data emanation 3, 12
War driving 12
SSID broadcast 12
Blue jacking 12
Bluesnarfing 12
Rogue access points 12
Weak encryption 12
3.0 Access Control
3.1 Identify and apply industry best practices for access control methods.
Implicit deny 1
Least privilege 1, 18, 19
Separation of duties 1, 19
Job rotation 1
3.2 Explain common access control models and the differences between each.
MAC 1, 11, 22
DAC 1, 11, 22
Role & Rule based access control 1, 11, 22
3.3 Organize users and computers into appropriate security groups and roles while distinguishing between appropriate
rights and privileges.
2, 11, 22

642
Principles of Computer Security: CompTIA Security+ and Beyond

Topic Chapter(s)
3.4 Apply appropriate security controls to file and print resources.
2, 22
3.5 Compare and implement logical access control methods.
ACL 2, 11, 22
Group policies 2, 11, 22
Password policy 2, 4, 22
Domain password policy 2, 11, 22
User names and passwords 2, 4, 22
Time of day restrictions 2, 22
Account expiration 2, 4, 22
Logical tokens 2, 11, 22
3.6 Summarize the various authentication models and identify the components of each.
One, two and three-factor authentication 11
Single sign-on 11, 22
3.7 Deploy various authentication models and identify the components of each.
Biometric reader 3, 11
RADIUS 11
RAS 11
LDAP 11
Remote access policies 11
Remote authentication 11
VPN 11
Kerberos 11
CHAP 11
PAP 11
Mutual 11
802.1x 11
TACACS 11
3.8 Explain the difference between identification and authentication (identity proofing).
11
3.9 Explain and apply physical access security methods.
Physical access logs/lists 8
Hardware locks 8
Physical access control – ID badges 8
Door access systems 8
Man-trap 8
Physical tokens 8
Video surveillance – camera types and positioning 8
4.0 Assessments & Audits
4.1 Conduct risk assessments and implement risk mitigation.
14

643
Appendix A: Objectives Map: CompTIA Security+

Topic Chapter(s)
4.2 Carry out vulnerability assessments using common tools.
Port scanners 14
Vulnerability scanners 14
Protocol analyzers 14
OVAL 17
Password crackers 15
Network mappers 14
4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability
scanning.
14
4.4 Use monitoring tools on systems and networks and detect security-related anomalies.
Performance monitor 14
Systems monitor 14
Performance baseline 14
Protocol analyzers 14
4.5 Compare and contrast various types of monitoring methodologies.
Behavior-based 13
Signature-based 13
Anomaly-based 13
4.6 Execute proper logging procedures and evaluate the results.
Security application 14
DNS 14
System 14
Performance 14
Access 14
Firewall 13
Antivirus 14
4.7 Conduct periodic audits of system security settings.
User access and rights review 2, 19
Storage and retention policies 19
Group policies 19
5.0 Cryptography
5.1 Explain general cryptography concepts.
Key management 5, 6, 7
Steganography 5
Symmetric key 5
Asymmetric key 5
Confidentiality 5
Integrity and availability 5

644
Principles of Computer Security: CompTIA Security+ and Beyond

Topic Chapter(s)
Non-repudiation 5
Comparative strength of algorithms 5
Digital signatures 5
Whole disk encryption 5
Trusted Platform Module (TPM) 5
Single vs. Dual sided certificates 5, 6
Use of proven technologies 5
5.2 Explain basic hashing concepts and map various algorithms to appropriate applications.
SHA 5, 23
MD5 5, 23
LANMAN 5
NTLM 5
5.3 Explain basic encryption concepts and map various algorithms to appropriate applications.
DES 5
3DES 5
RSA 5
PGP 5
Elliptic curve 5
AES 5
AES256 5
One time pad 5
Transmission encryption (WEP TKIP, etc.) 5, 7
5.4 Explain and implement protocols.
SSL/TLS 5,
S/MIME 5, 7, 16
PPTP 5, 7, 11
HTTP vs. HTTPS vs. SHTTP 5, 7
L2TP 5, 11
IPSEC 5, 7, 11
SSH 5, 11
5.5 Explain core concepts of public key cryptography.
Public Key Infrastructure (PKI) 6, 16
Recovery agent 6
Public key 6
Private keys 6
Certificate Authority (CA) 6
Registration 6
Key escrow 6
Certificate Revocation List (CRL) 6
Trust models 6

645
Appendix A: Objectives Map: CompTIA Security+

Topic Chapter(s)
5.6 Implement PKI and certificate management.
Public Key Infrastructure (PKI) 6, 16
Recovery agent 6
Public key 6
Private keys 6
Certificate Authority (CA) 6
Registration 6
Key escrow 6
Certificate Revocation List (CRL) 6
6.0 Organizational Security
6.1 Explain redundancy planning and its components.
Hot site 19
Cold site 19
Warm site 19
Backup generator 19
Single point of failure 19
RAID 19
Spare parts 19
Redundant servers 19
Redundant ISP 19
UPS 19
Redundant connections 19
6.2 Implement disaster recovery procedures.
Planning 19
Disaster recovery exercises 19
Backup techniques and practices – storage 19
Schemes 19
Restoration 19
6.3 Differentiate between and execute appropriate incident response procedures.
Forensics 19, 23
Chain of custody 19, 23
First responders 19, 23
Damage and loss control 19, 23
Reporting – disclosure of 19, 23
6.4 Identify and explain applicable legislation and organizational policies.
Secure disposal of computers 2
Acceptable use policies 2, 19
Password complexity 2, 4
Change management 2, 19
Classification of information 2, 19

646
Principles of Computer Security: CompTIA Security+ and Beyond

Topic Chapter(s)
Mandatory vacations 2, 4, 19
Personally Identifiable Information (PII) 2, 25
Due care 2, 19
Due diligence 2, 19
Due process 2, 19
SLA 2, 19
Security-related HR policy 2, 4
User education and awareness training 2, 4
6.5 Explain the importance of environmental controls.
Fire suppression 3, 8
HVAC 3, 8
Shielding 3, 8
6.6 Explain the concept of and how to reduce the risks of social engineering.
Phishing 2, 4
Hoaxes 2, 4
Shoulder surfing 2, 4
Dumpster diving 2, 4
User education and awareness training 2, 4

647
Appendix A: Objectives Map: CompTIA Security+

B About the CD

T he CD-ROM included with this book comes complete with MasterExam, the electronic version of the book, and
Session #1 of LearnKey’s online training. The software is easy to install on any Windows 2000/XP/Vista computer
and must be installed to access the MasterExam feature. You may, however, browse the electronic book directly from the
CD without installing the software. To register for LearnKey’s online training or the bonus MasterExam, simply click the
Bonus MasterExam link on the main launch page and follow the directions to the free online registration.

System Requirements
Software requires Windows 2000 or higher and Internet Explorer 6.0 or above and 20MB of hard disk space for full
installation. The electronic book requires Adobe Reader. To access the online training from LearnKey, you must
have Windows Media Player 9 or higher and Adobe Flash Player 9 or higher.

■ LearnKey Online Training

Clicking the LearnKey Online Training link will allow you to access online training from Osborne.OnlineExpert.com.
The first session of this course is provided at no charge. Additional session for this course and other courses may be
purchased directly from www.LearnKey.com or by calling 800-865-0165.
The first time that you click the LearnKey Online Training link, you will be required to complete a free online
registration. Follow the instructions for a first-time user. Please make sure to use a valid e-mail address.

■ Installing and Running MasterExam

If your computer CD-ROM drive is configured to autorun, the CD-ROM will automatically start up when you in-
sert the disc. From the opening screen, you may install MasterExam by clicking the MasterExam link. This will be-
gin the installation process and create a program group named LearnKey. To run MasterExam, select Start | All
Programs | LearnKey | MasterExam. If the autorun feature did not launch your CD, browse to the CD drive and
click the LaunchTraining.exe icon.

MasterExam
MasterExam provides you with a simulation of the actual exam. The number of questions, the type of questions,
and the time allowed are intended to be an accurate representation of the exam environment. You have the option
to take an open-book exam, including hints, references, and answers, a closed-book exam, or the timed
MasterExam simulation.
When you launch MasterExam, a digital clock display will appear in the bottom-right corner of your screen.
The clock will continue to count down to zero unless you choose to end the exam before the time expires.

648

P:\010Comp\BaseTech\375-8\AppB.vp
Thursday, November 12, 2009 3:21:25 PM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter B

■ Electronic Book
The entire contents of the textbook are provided as a PDF. Adobe Reader
has been included on the CD.

■ Help
A help file is provided through the Help button on the main page in the
lower-left corner. Individual help features are also available through
MasterExam and LearnKey’s online training.

■ Removing Installation(s)
MasterExam is installed to your hard drive. For best results removing the
program, select the Start | All Programs | LearnKey | Uninstall option to
remove MasterExam.

■ Technical Support
For questions regarding the content of the electronic book or MasterExam,
please visit www.mhprofessional.com or e-mail customer.service@mcgraw-
hill.com. For customers outside the 50 United States, e-mail international_
cs@mcgraw-hill.com.

LearnKey Technical Support

For technical problems with the software (installation, operation, installa-
tion removal) and for questions regarding LearnKey online training con-
tent, please visit www.learnkey.com, e-mail techsupport@learnkey.com, or
call toll free 800-482-8244.

649
Appendix B: About the CD

P:\010Comp\BaseTech\375-8\AppB.vp
Thursday, November 12, 2009 3:21:26 PM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

1 Introduction and
Security Trends
Security is mostly a superstition.
It does not exist in nature, nor
do the children of men as a whole
experience it. Avoiding danger is
no safer in the long run than
outright exposure. Life is either a
daring adventure or nothing.
—HELEN KELLER

In this chapter, you will learn

how to
■ List and discuss recent trends in
W hy should we be concerned about computer and network security? All
you have to do is turn on the television or read the newspaper to find
out about a variety of security problems that affect our nation and the world
computer security
today. The danger to computers and networks may seem to pale in comparison
■ Describe simple steps to take to
minimize the possibility of an to the threat of terrorist strikes, but in fact the average citizen is much more
attack on a system likely to be the target of an attack on their own personal computer, or a
■ Describe various types of threats computer they use at their place of work, than they are to be the direct victim of
that exist for computers and
networks a terrorist attack. This chapter will introduce you to a number of issues involved
■ Discuss recent computer crimes in securing your computers and networks from a variety of threats that may
that have been committed utilize any of a number of different attacks.

P:\010Comp\BaseTech\375-8\ch01.vp
Tuesday, November 17, 2009 2:54:22 PM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

■ The Security Problem Tech Tip

Fifty years ago, few people had access to a computer system or network, so Historical Security
securing them was a relatively easy matter. If you could secure the building Computer security is an
that these early, very large systems were housed in, you could secure the ever-changing issue. Fifty years
data and information they stored and processed. Now, personal computers ago, computer security was
are ubiquitous and portable, making them much more difficult to secure mainly concerned with the physi-
physically, and are often connected to the Internet, putting the data they cal devices that made up the com-
puter. At the time, these were the
contain at much greater risk of attack or theft. Similarly, the typical com-
high-value items that organiza-
puter user today is not as technically sophisticated as the typical computer
tions could not afford to lose.
user 50 years ago. No longer are computers reserved for use by scientists Today, computer equipment is in-
and engineers; now, even children who are barely able to read can be taught expensive compared to the value
to boot a computer and gain access to their own favorite games or educa- of the data processed by the com-
tional software. puter. Now the high-value item is
Fifty years ago companies did not conduct business across the Internet. not the machine, but the informa-
Online banking and shopping were only dreams in science fiction stories. tion that it stores and processes.
Today, however, millions of people perform online transactions every day. This has fundamentally changed
Companies rely on the Internet to operate and conduct business. Vast the focus of computer security
amounts of money are transferred via networks, in the form of either bank from what it was in the early
transactions or simple credit card purchases. Wherever there are vast years. Today the data stored and
processed by computers is almost
amounts of money, there are those who will try to take advantage of the en-
always more valuable than the
vironment to conduct fraud or theft. There are many different ways to attack
hardware.
computers and networks to take advantage of what has made shopping,
banking, investment, and leisure pursuits a simple matter of “dragging and
clicking” for many people. Identity theft is so common today that most ev-
eryone knows somebody who’s been a victim of such a crime, if they haven’t
been a victim themselves. This is just one type of criminal activity that can be
conducted using the Internet. There are many others and all are on the rise.

Security Incidents
By examining some of the computer-related crimes that have been commit-
ted over the last 20 or so years, we can better understand the threats and se-
curity issues that surround our computer systems and networks. Electronic
crime can take a number of different forms but the ones we will examine
here fall into two basic categories: crimes in which the computer was the tar-
get, and incidents in which a computer was used to perpetrate the act (for
example, there are many different ways to conduct bank fraud, one of which
uses computers to access the records that banks process and maintain).
We will start our tour of computer crimes with the 1988 Internet worm
(Morris worm), one of the first real Internet crime cases. Prior to 1988 crimi-
nal activity was chiefly centered on unauthorized access to computer sys-
tems and networks owned by the telephone company and companies which
provided dial-up access for authorized users. Virus activity also existed
prior to 1988, having started in the early 1980s.

The Morris Worm (November 1988)

Robert Morris, then a graduate student at Cornell University, released what
has become known as the Internet worm (or the Morris worm). This was the
first large-scale attack on the Internet, though it appears doubtful that

1
Chapter 1: Introduction and Security Trends

P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:57 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

Morris actually intended that his creation cause the impact that it did at the
time. The worm infected roughly 10 percent of the machines then connected
to the Internet (which amounted to approximately 6000 infected machines)
and caused an estimated $100 million in damage, though this number has
been the subject of wide debate. The worm carried no malicious payload,
the program being obviously a “work in progress,” but it did wreak havoc
because it continually reinfected computer systems until they could no lon-
ger run any programs. The worm took advantage of known vulnerabilities
in several programs to gain access to new hosts and then copied itself over.
Morris was eventually convicted under Title 10 United States Code Section
1030 for releasing the worm and was sentenced to three years’ probation, a
$10,000 fine, and 400 hours of community service.

Citibank and Vladimir Levin (June–October 1994)

Starting about June of 1994 and continuing until at least October of the
same year, a number of bank transfers were made by Vladimir Levin of
St. Petersburg, Russia. By the time he and his accomplices were caught, they
had transferred an estimated $10 million. Eventually all but about $400,000
was recovered. Levin reportedly accomplished the break-ins by dialing into
Citibank’s cash management system. This system allowed clients to initiate
their own fund transfers to other banks. An estimated $500 billion was
transferred daily during this period, so the amounts transferred by Levin
were very small in comparison to the overall total on any given day. To
avoid detection, he also conducted the transactions at night in Russia so that
they coincided with normal business hours in New York. Levin was ar-
rested in London in 1995 and, after fighting extradition for 30 months, even-
tually was turned over to U.S. authorities, was tried, and was sentenced to
three years in jail. Four accomplices of Levin plead guilty to conspiracy to
commit bank fraud and received lesser sentences.

Kevin Mitnick (February 1995)

Kevin Mitnick’s computer activities occurred over a number of years during
the 1980s and 1990s. He was arrested in February 1995 (not his first arrest on
computer criminal charges) for federal offenses related to what the FBI de-
scribed as a 2½-year computer hacking spree. He eventually pled guilty to
four counts of wire fraud, two counts of computer fraud, and one count of il-
legally intercepting a wire communication and was sentenced to 46 months
in jail. In the plea agreement, Mitnick admitted to having gained unautho-
rized access to a number of different computer systems belonging to compa-
nies such as Motorola, Novell, Fujitsu, and Sun Microsystems. He described
using a number of different “tools” and techniques, including social engi-
neering, sniffers, and cloned cellular telephones. Mitnick also admitted to
having used stolen accounts at the University of Southern California to store
proprietary software he had taken from various companies. He also admit-
ted to stealing e-mails and impersonating employees of targeted companies
in order to gain access to the software he was seeking.

Omega Engineering and Timothy Lloyd (July 1996)

On July 30, 1996, a software “time bomb” went off at Omega Engineering, a
New Jersey–based manufacturer of high-tech measurement and control

2
Principles of Computer Security: CompTIA Security+ and Beyond

P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:58 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

instruments. Twenty days earlier, Timothy Lloyd, a computer network pro-

gram designer, had been dismissed from the company after a period of
growing tension between Lloyd and management at Omega. The program
that ran on July 30 deleted all of the design and production programs for the
company, severely damaging the small firm and forcing the layoff of 80 em-
ployees. The program was eventually traced back to Lloyd, who had left it
in retaliation for his dismissal. In May of 2000, a federal judge sentenced
Lloyd to 41 months in prison and ordered him to pay more than $2 million
in restitution.

Worcester Airport and “Jester” (March 1997)

In March of 1997, airport services to the FAA control tower as well as the Tech Tip
emergency services at the Worcester Airport and the community of Rut- Intellectual Curiosity
land, Massachusetts, were cut off for a period of six hours. This disruption In the early days of computer
occurred as a result of a series of commands sent by a teenage computer crime, much of the criminal activ-
“hacker” who went by the name “Jester.” The individual had gained unau- ity centered on gaining unautho-
thorized access to the “loop carrier system” operated by NYNEX, a New rized access to computer systems.
England telephone company. Loop carrier systems are programmable re- In many early cases, the perpetra-
mote computer systems used to integrate voice and data communications. tor of the crime did not intend to
Jester was eventually caught and ordered to pay restitution to the telephone cause any damage to the com-
company, as well as complete 250 hours of community service. puter but was instead on a quest
of “intellectual curiosity”—
trying to learn more about com-
Solar Sunrise (February 1998) puters and networks. Today the
In January of 1998, relations between Iraq and the United States again took a ubiquitous nature of computers
turn for the worse and it appeared as if the United States might take military and networks has eliminated the
action against Iraq. During this period of increased tension and military perceived need for individuals to
preparation, a series of computer intrusions occurred at a number of U.S. break into computers to learn
military installations. At first the military thought that this might be the start more about them. While there are
still those who dabble in hacking
of an information warfare attack—a possibility the military had been dis-
for the intellectual challenge, it is
cussing since the early 1990s. Over 500 domain name servers were compro-
more common today for the intel-
mised during the course of the attacks. Making it harder to track the actual
lectual curiosity to be replaced by
origin of the attacks was the fact that the attackers made a number of “hops” malicious intent. Whatever the
between different systems, averaging eight different systems before arriv- reason, today it is considered un-
ing at the target. The attackers eventually turned out to be two teenagers acceptable (and illegal) to gain
from California and their mentor in Israel. The attacks, as it turned out, had unauthorized access to computer
nothing to do with the potential conflict in Iraq. systems and networks.

The Melissa Virus (March 1999)

Melissa is the best known of the early macro-type viruses that attach them-
selves to documents for programs that have limited macro programming capa-
bility. The virus, written and released by David Smith, infected about a million
computers and caused an estimated $80 million in damages. Melissa, which
clogged networks with the traffic it generated and caused problems for e-mail
servers worldwide, was attached to Microsoft Word 97 and Word 2000 docu-
ments. If the user opened the file, the macro ran, infecting the current host and
also sending itself to the first 50 addresses in the individual’s e-mail address
book. The e-mail sent contained a subject line stating “Important Message
From” and then included the name of the individual who was infected. The
body of the e-mail message contained the text “Here is that document you
asked for … don’t show anyone else ;-).” The nature of both the subject line and

3
Chapter 1: Introduction and Security Trends

the body of the message usually generated enough user curiosity that many
people opened the document and thus infected their system, which in turn sent
the same message to 50 of their acquaintances. As a final action, if the minute of
the current hour when the macro was run matched the day of the month, the
macro inserted “Twenty-two points, plus triple-word-score, plus fifty points
for using all my letters. Game’s over. I’m outta here.” into the current docu-
ment. Smith, who plead guilty, was ultimately fined $5000 and sentenced to
20 months in jail for the incident. Because the macro code is easy to modify,
there have been many variations of the Melissa virus. Recipients could avoid
infection by Melissa simply by not opening the attached file.

The Love Letter Virus (May 2000)

Also known as the “ILOVEYOU” worm and the “Love Bug,” the Love Let-
ter virus was written and released by a Philippine student named Onel de
Guzman. The virus was spread via e-mail with the subject line of
“ILOVEYOU.” Estimates of the number of infected machines worldwide
have been as high as 45 million, accompanied by a possible $10 billion in
damages (it should be noted that figures like these are extremely hard to
verify or calculate). Similar to the Melissa virus, the Love Letter virus spread
via an e-mail attachment, but in this case, instead of utilizing macros, the at-
tachments were VBScript programs. When the receiver ran the attachment,
it searched the system for files with specific extensions in order to replace
them with copies of itself. It also sent itself to everyone in the user’s address
book. Again, since the receiver generally knew the sender, most individuals
opened the attachment without questioning it. de Guzman ultimately was
not convicted for releasing the worm because the Philippines, at the time,
did not have any laws denoting the activity as a crime. Again, recipients
avoided infection from the virus simply by not opening the attachments.

The Code Red Worm (2001)

On July 19, 2001, over 350,000 computers connected to the Internet were in-
fected by the Code Red worm. This infection took only 14 hours to occur.
The cost estimate for how much damage the worm caused (including varia-
tions of the worm released on later dates) exceeded $2.5 billion. The vulner-
ability exploited by the Code Red worm had been known for a month. The
worm took advantage of a buffer-overflow condition in Microsoft’s IIS web
servers. Microsoft released a patch for this vulnerability and made an offi-
cial announcement of the problem on June 18, 2001. The worm itself was
“memory resident,” so simply turning off an infected machine eliminated it.
Unfortunately, unless the system was patched before being reconnected to
the Internet, chances were good that it would soon become reinfected.
Though the worm didn’t carry a malicious payload designed to destroy data
on the infected system, on some systems, the message “Hacked by Chinese”
was added to the top-level page for the infected host’s web site. If the date
on the infected system was between the 1st and the 19th of the month, the
worm would attempt to infect a random list of IP addresses it generated. If
the date was between the 20th and the 28th of the month, the worm stopped
trying to infect other systems and instead attempted to launch a denial-of-
service (DoS) attack against a web site owned by the White House. After the
28th, the worm would lay dormant until the 1st of the next month. This date

4
Principles of Computer Security: CompTIA Security+ and Beyond

scheme actually ended up helping to eliminate the worm, because soon after
it was released on the 19th, the worm stopped trying to infect systems. This
provided a period of time when systems could be rebooted and patched be-
fore they were infected again.

Adil Yahya Zakaria Shakour (August 2001–May 2002)

On March 13, 2003, 19-year-old Adil Yahya Zakaria Shakour plead guilty to a
variety of crimes, including unauthorized access to computer systems and
credit card fraud. Shakour admitted to having accessed several computers
without authorization, including a server at Eglin Air Force Base (where he
defaced the web site), computers at Accenture (a Chicago-based management
consulting and technology services company), a computer system at Sandia
National Laboratories (a Department of Energy facility), and a computer at
Cheaptaxforms.com. Shakour admitted to having obtained credit card and
personal information during the break-in of Cheaptaxforms.com and having
used it to purchase items worth over $7000 for his own use. Shakour was sen-
tenced to one year and one day in federal prison and a three-year term of su-
pervised release, and was ordered to pay $88,000 in restitution.

The Slammer Worm (2003)

On Saturday, January 25, 2003, the Slammer worm (also sometimes referred
to as the Slammer virus) was released. It exploited a buffer-overflow vulnera-
bility in computers running Microsoft’s SQL Server or Microsoft SQL Server Tech Tip
Desktop Engine. Like the vulnerability in Code Red, this weakness was not
new and, in fact, had been discovered in July of 2002; Microsoft issued a patch Speed of Virus
for the vulnerability before it was even announced. Within the first 24 hours Proliferation
of Slammer’s release, the worm had infected at least 120,000 hosts and caused The speed at which the Slammer
network outages and the disruption of airline flights, elections, and ATMs. At virus spread served as a wakeup
call to security professionals. It
its peak, Slammer-infected hosts were generating a reported 1TB of worm-
drove home the point that the
related traffic every second. The worm doubled its number of infected hosts ev-
Internet could be adversely im-
ery 8 seconds. It is estimated that it took less than ten minutes to reach global
pacted in a matter of minutes.
proportions and infect 90 percent of the possible hosts it could infect. Once a This in turn caused a number of
machine was infected, the host would start randomly selecting targets and professionals to rethink how pre-
sending packets to them to attempt infection at a rate of 25,000 packets per pared they needed to be in order
second. Slammer did not contain a malicious payload. The problems it caused to respond to virus outbreaks in
were a result of the massively overloaded networks, which could not sustain the future. A good first step is to
the traffic being generated by the thousands of infected hosts. The worm sent apply patches to systems and soft-
its single packet to a specific UDP port, 1434, which provided an immediate ware as soon as possible. This will
fix to prevent further network access. Thus, the response of administrators often eliminate the vulnerabilities
was to quickly block all traffic to UDP port 1434, effectively curbing the that the worms and viruses are
designed to target.
spread of the worm to new machines.

U.S. Electric Power Grid (1997–2009)

In April 2009, Homeland Security Secretary Janet Napolitano told reporters
that the United States was aware of attempts by both Russia and China to break
into the U.S. electric power grid, map it out, and plant destructive programs
that could be activated at a later date. She indicated that these attacks were not
new and had in fact been going on for years. One article in the Kansas City Star,
for example, reported that in 1997 the local power company, Kansas City

5
Chapter 1: Introduction and Security Trends

Power and Light, saw perhaps

Try This 10,000 attacks for the entire year. In
Software Patches contrast, in 2009 the company has
been experiencing 10 to 20 attacks
One of the most effective measures security professionals can take to
every second. While none of these
address attacks on their computer systems and networks is to ensure
attacks is credited with causing any
that all software is up-to-date in terms of vendor-released patches.
significant loss of power, the attacks
Many of the outbreaks of viruses and worms would have been much
nonetheless highlight the fact that
less severe if everybody had applied security updates and patches
the nation’s critical infrastructures
when they were released. For the operating system that you use, use
are viewed as potential targets by
your favorite web browser to find what patches exist for the operating
other nations. In the event of some
system and what vulnerabilities or issues they were created to address.
future conflict, the United States
could expect to experience a cyber
attack on the cyber infrastructures
that operate its critical systems.

Conficker (2008–2009)
In late 2008 and early 2009, security experts became alarmed when it was
discovered that millions of systems attached to the Internet were infected
with the Downadup worm. Also known as Conficker, the worm was first
detected in November 2008 and was believed to have originated in Ukraine.
Infected systems were not initially damaged beyond having their antivirus
solution updates blocked. What alarmed experts was the fact that infected
systems could be used in a secondary attack on other systems or networks.
Each of these infected systems was part of what is known as a bot network
and could be used to cause a DoS attack on a target or be used for the for-
warding of spam e-mail to millions of users. It was widely believed that this
network of subverted systems would be activated on April 1, 2009, and
would result in the widespread loss of data and system connectivity. As it
turned out, very little damage was done on that date, though millions of dol-
lars were spent in responding to the millions of infected systems.

Fiber Cable Cut (2009)

On April 9, 2009, a widespread phone and Internet outage hit the San Jose
area in California. This outage was not the result of a group of determined
hackers gaining unauthorized access to the computers that operate these
networks, but instead occurred as a result of several cuts in the physical ca-
bles that carry the signals. A cable being cut is not an unusual occurrence;
backhoes have been responsible for many temporary interruptions in tele-
phone service in the past decade. What was unusual, and significant, about
this incident was that the cuts were deliberate. A manhole cover had been
removed to allow the attacker(s) to gain access to the cables underground.
The cuts resulted in a loss of all telephone, cell phone, and Internet service
for thousands of users in the San Jose area. Emergency services such as 911
were also affected, which could have had severe consequences. What is im-
portant to take away from this incident is the fact that the infrastructures
that our communities, states, and the nation rely on can also be easily at-
tacked using fairly simple physical techniques and without a lot of technical
expertise.

6
Principles of Computer Security: CompTIA Security+ and Beyond

P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:50:59 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

Threats to Security
The incidents described in the previous section provide a glimpse into the
many different threats that face administrators as they attempt to protect
their computer systems and networks. There are, of course, the normal natu-
ral disasters that organizations have faced for years. In today’s highly net-
worked world, however, new threats have developed that we did not have
to worry about 50 years ago.
There are a number of ways that we can break down the various threats.
One way to categorize them is to separate threats that come from outside of
the organization from those that are internal. Another is to look at the vari-
ous levels of sophistication of the attacks, from those by “script kiddies” to
those by “elite hackers.” A third is to examine the level of organization of the
various threats, from unstructured threats to highly structured threats. All
of these are valid approaches, and they in fact overlap each other. The fol-
lowing sections examine threats from the perspective of where the attack
comes from.

Viruses and Worms

While your organization may be exposed to viruses and worms as a result of
employees not following certain practices or procedures, generally you will
not have to worry about your employees writing or releasing viruses and
worms. It is important to draw a distinction between the writers of malware
and those who release them. Debates over the ethics of writing viruses per-
meate the industry, but currently, simply writing them is not considered a
criminal activity. A virus is like a baseball bat; the bat itself is not evil, but the
inappropriate use of the bat (such as to smash a car’s window) falls into the Tech Tip
category of criminal activity. (Some may argue that this is not a very good Malware
analogy since a baseball bat has a useful purpose—to play ball—but viruses Viruses and worms are just two
have no useful purpose. In general, this is true but in some limited environ- types of threats that fall under the
ments, such as in specialized computer science courses, the study and cre- general heading of malware. The
ation of viruses can be considered a useful learning experience.) term malware comes from “mali-
By far, viruses and worms are the most common problem that an organi- cious software,” which describes
zation faces because literally thousands of them have been created and re- the overall purpose of code that
leased. Fortunately, antivirus software and system patching can eliminate falls into this category of threat.
the largest portion of this threat. Viruses and worms generally are also non- Malware is software that has a ne-
farious purpose, designed to cause
discriminating threats; they are released on the Internet in a general fashion
problems to you as an individual
and aren’t targeted at a specific organization. They typically are also highly
(for example, identity theft) or
visible once released, so they aren’t the best tool to use in highly structured
your system. More information on
attacks where secrecy is vital. This is not to say that the technology used in the different types of malware is
virus and worm propagation won’t be used by highly organized criminal provided in Chapter 15.
groups, but its use for what these individuals are normally interested in ac-
complishing is limited. The same cannot be said for terrorist organizations,
which generally want to create a large impact and have it be highly visible.

Intruders
The act of deliberately accessing computer systems and networks without
authorization is generally referred to as hacking, with individuals who con-
duct this activity being referred to as hackers. The term hacking also applies
to the act of exceeding one’s authority in a system. This would include

7
Chapter 1: Introduction and Security Trends

authorized users who attempt to gain access to files they aren’t permitted to
access or who attempt to obtain permissions that they have not been
granted. While the act of breaking into computer systems and networks has
been glorified in the media and movies, the physical act does not live up to
the Hollywood hype. Intruders are, if nothing else, extremely patient, since
the process to gain access to a system takes persistence and dogged determi-
nation. The attacker will conduct many preattack activities in order to ob-
tain the information needed to determine which attack will most likely be
successful. Generally, by the time an attack is launched, the attacker will
have gathered enough information to be very confident that the attack will
succeed. If it doesn’t, the attacker will gather additional information and
take a different approach (though launching the first attack may alert secu-
rity personnel). Generally, attacks by an individual or even a small group of
attackers fall into the unstructured threat category. Attacks at this level gen-
erally are conducted over short periods of time (lasting at most a few
months), do not involve a large number of individuals, have little financial
backing, and are accomplished by insiders or outsiders who do not seek col-
lusion with insiders.
Intruders, or those who are attempting to conduct an intrusion, defi-
nitely come in many different varieties and have varying degrees of sophis-
tication (see Figure 1.1). At the low end technically are what are generally
referred to as script kiddies, individuals who do not have the technical exper-
tise to develop scripts or discover new vulnerabilities in software but who
have just enough understanding of computer systems to be able to down-
load and run scripts that others have developed. These individuals gener-
ally are not interested in attacking specific targets, but instead simply want
to find any organization that may not have patched a newly discovered vul-
nerability for which the script kiddie has located a script to
exploit the vulnerability. It is hard to estimate how many of
the individuals performing activities such as probing net-
works or scanning individual systems are part of this
group, but it is undoubtedly the fastest growing group and
the vast majority of the “unfriendly” activity occurring on
the Internet is probably carried out by these individuals.
At the next level are those people who are capable of
writing scripts to exploit known vulnerabilities. These indi-
viduals are much more technically competent than script
kiddies and account for an estimated 8 to 12 percent of ma-
licious Internet activity. At the top end of this spectrum are
those highly technical individuals, often referred to as elite
hackers, who not only have the ability to write scripts that
exploit vulnerabilities but also are capable of discovering
new vulnerabilities. This group is the smallest of the lot,
• Figure 1.1 Distribution of attacker skill levels however, and is responsible for, at most, only 1 to 2 percent
of intrusive activity.

Insiders
It is generally acknowledged by security professionals that insiders are
more dangerous in many respects than outside intruders. The reason for
this is simple—insiders have the access and knowledge necessary to cause
immediate damage to an organization. Most security is designed to protect

8
Principles of Computer Security: CompTIA Security+ and Beyond

P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:00 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

against outside intruders and thus lies at the boundary between the organi-
zation and the rest of the world. Insiders may actually already have all the Tech Tip
access they need to perpetrate criminal activity such as fraud. In addition to The Inside Threat
unprecedented access, insiders also frequently have knowledge of the secu- One of the hardest threats that se-
rity systems in place and are better able to avoid detection. Attacks by insid- curity professionals will have to
ers are often the result of employees who have become disgruntled with address is that of the insider.
their organization and are looking for ways to disrupt operations. It is also Since employees already have ac-
possible that an “attack” by an insider may be an accident and not intended cess to the organization and its
as an attack at all. An example of this might be an employee who deletes a assets, additional mechanisms
critical file without understanding its critical nature. need to be in place to detect at-
Employees are not the only insiders that organizations need to be con- tacks by insiders and to lessen the
cerned about. Often, numerous other individuals have physical access to ability of these attacks to succeed.
company facilities. Custodial crews frequently have unescorted access
throughout the facility, often when nobody else is around. Other individu-
als, such as contractors or partners, may have not only physical access to the
organization’s facilities but also access to computer systems and networks.

Criminal Organizations
As businesses became increasingly reliant upon computer systems and net-
works, and as the amount of financial transactions conducted via the
Internet increased, it was inevitable that criminal organizations would
eventually turn to the electronic world as a new target to exploit. Criminal
activity on the Internet at its most basic is no different from criminal activity
in the physical world. Fraud, extortion, theft, embezzlement, and forgery all
take place in the electronic environment.
One difference between criminal groups and the “average” hacker is the
level of organization that criminal elements employ in their attack. Criminal
groups typically have more money to spend on accomplishing the criminal
activity and are willing to spend extra time accomplishing the task provided
the level of reward at the conclusion is great enough. With the tremendous
amount of money that is exchanged via the Internet on a daily basis, the
level of reward for a successful attack is high enough to interest criminal ele-
ments. Attacks by criminal organizations usually fall into the structured
threat category, which is characterized by a greater amount of planning, a
longer period of time to conduct the activity, more financial backing to ac-
complish it, and possibly corruption of, or collusion with, insiders.

Terrorists and Information Warfare

As nations have increasingly become dependent on computer systems and
networks, the possibility that these essential elements of society might be
targeted by organizations or nations determined to adversely affect another
nation has become a reality. Many nations today have developed to some
extent the capability to conduct information warfare. There are several defi-
nitions for information warfare, but a simple one is that it is warfare con-
ducted against the information and information processing equipment used
by an adversary. In practice, this is a much more complicated subject, be-
cause information not only may be the target of an adversary, but also may
be used as a weapon. Whatever definition you use, information warfare falls
into the highly structured threat category. This type of threat is characterized
by a much longer period of preparation (years is not uncommon),

9
Chapter 1: Introduction and Security Trends

tremendous financial backing, and a large and organized group of attackers.

The threat may include attempts not only to subvert insiders but also to
plant individuals inside of a potential target in advance of a planned attack.
An interesting aspect of information warfare is the list of possible targets
Tech Tip available. We have grown accustomed to the idea that, during war, military
forces will target opposing military forces but will generally attempt to de-
Information Warfare stroy as little civilian infrastructure as possible. In information warfare, mil-
Once only the concern of govern- itary forces are certainly still a key target, but much has been written about
ments and the military, informa- other targets, such as the various infrastructures that a nation relies on for its
tion warfare today can involve daily existence. Water, electricity, oil and gas refineries and distribution,
many other individuals. With the
banking and finance, telecommunications—all fall into the category of
potential to attack the various
critical infrastructures for a nation. Critical infrastructures are those whose
civilian-controlled critical infra-
structures, security professionals
loss would have severe repercussions on the nation. With countries relying
in nongovernmental sectors today so heavily on these infrastructures, it is inevitable that they will be viewed as
must also be concerned about de- valid targets during conflict. Given how dependent these infrastructures are
fending their systems against at- on computer systems and networks, it is also inevitable that these same
tacks by agents of foreign computer systems and networks will be targeted for a cyber attack in an in-
governments. formation war.
Another interesting aspect of information warfare is the potential list of
attackers. As mentioned, several countries are currently capable of conduct-
ing this type of warfare. Nations, however, are not the only ones that can
conduct information, or cyber, warfare. Terrorist organizations can also ac-
complish this. Such groups fall into the category of highly structured threats
since they too are willing to conduct long-term operations, have (in some
cases) tremendous financial support, and often have a large following. Re-
ports out of Afghanistan related stories of soldiers and intelligence officers
finding laptop computers formerly owned by members of al-Qaeda that
contained information about various critical infrastructures in the United
States. This showed that terrorist organizations not only were targeting such
infrastructures, but were doing so at an unexpected level of sophistication.

Security Trends
The biggest change that has occurred in security over the last 30 years has
been the change in the computing environment from large mainframes to a
highly interconnected network of much smaller systems (smaller is a rela-
tive term here because the computing power of desktop computers exceeds
the power of many large mainframes of 30 years ago). What this has meant
for security is a switch from an environment in which everything was fairly
contained and people operated in a closed environment to one in which ac-
cess to a computer can occur from almost anywhere on the planet. This has,
for obvious reasons, greatly complicated the job of the security professional.
The type of individual who attacks a computer system or network has
also evolved over the last 30 years. There was, of course, the traditional in-
telligence service operator paid by a particular country to obtain secrets
from other government computer systems. These people still exist. What
has increased dramatically is the number of nonaffiliated intruders. As dis-
cussed earlier, the rise of the “script kiddie” has greatly multiplied the num-
ber of individuals who probe organizations looking for vulnerabilities to
exploit. This is actually the result of another recent trend: as the level of so-
phistication of attacks has increased, the level of knowledge necessary to

10
Principles of Computer Security: CompTIA Security+ and Beyond

exploit vulnerabilities has decreased. This is due to the number of auto-

mated tools that have been created that allow even novice attackers to ex-
ploit highly technical and complex vulnerabilities. The resulting increase in
network attacks has been reflected in a number of different studies con-
ducted by various organizations in the industry.
One of the best-known security surveys is the joint survey conducted an-
nually by the Computer Security Institute (CSI) and the FBI (this survey, CSI
Computer Crime and Security Survey, can be obtained from www.gocsi.com).
The respondents, who normally number over 500 individuals, come from
all walks of life: government, academia, and industry. Over the last several
years, the percentage of organizations that have experienced security inci-
dents has slowly declined (from 46 percent in 2007 to 43 percent in 2008).
This decline has been seen in the most frequent type of incidents experi-
enced (viruses, insider abuse, laptop theft, and unauthorized access) which
have remained the same for the last four years. Only four types of attacks
showed any increase from 2007 to 2008 (unauthorized access, theft/loss of
proprietary information, misuse of web applications, and DNS attacks).
One of the most interesting and oft-repeated statistics from the survey is
the average loss experienced by organizations due to specific types of secu-
rity incidents. The average loss as a result of theft of proprietary informa-
tion, for example, hit a high of $6.57 million in 2002 but was only
$2.70 million in 2003 before rising to $6.03 million in 2006 and then dropping
again to $5.69 million in 2007. Financial fraud plunged from $4.63 million in
2002 to $328,000 in 2003 before rising to $2.56 million in 2006 and then sky-
rocketing to $21.12 million in 2007. While it is tempting to assume that this
means we, as a community, are becoming more secure (and there is indeed
some indication that organizations are doing a better job of securing their
systems), the reality is that these figures reflect the difficulty in quantifying
the actual state of Internet security and of producing accurate results. While
we all like to use figures such as those from the CSI/FBI survey, the truth of
the matter is that these numbers likely don’t accurately portray the state of
current security. They are, however, the most reliable ones we have.

■ Avenues of Attack
There are two general reasons a particular computer system is attacked: ei-
ther it is specifically targeted by the attacker, or it is an opportunistic target.
In the first case, the attacker has chosen the target not because of the hard-
ware or software the organization is running but for another reason, per-
haps a political reason. An example of this type of attack would be an
individual in one country attacking a government system in another. Alter-
natively, the attacker may be targeting the organization as part of a
hacktivist attack. An example, in this case, might be an attacker who defaces
the web site of a company that sells fur coats because the attacker feels that
using animals in this way is unethical. Perpetrating some sort of electronic
fraud is another reason a specific system might be targeted. Whatever the
reason, an attack of this nature is decided upon before the attacker knows
what hardware and software the organization has.

11
Chapter 1: Introduction and Security Trends

P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:01 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

The second type of attack, an attack against a target of opportunity, is con-

ducted against a site that has software that is vulnerable to a specific exploit.
The attackers, in this case, are not targeting the organization; instead, they
have learned of a vulnerability and are simply looking for an organization
with this vulnerability that they can exploit. This is not to say that an attacker
might not be targeting a given sector and looking for a target of opportunity
in that sector, however. For example, an attacker may desire to obtain credit
card or other personal information and may search for any exploitable com-
pany with credit card information in order to carry out the attack.
Targeted attacks are more difficult and take more time than attacks on a
target of opportunity. The latter simply relies on the fact that with any piece of
widely distributed software, there will almost always be somebody who has
not patched the system (or has not patched it properly) as they should have.

The Steps in an Attack

The steps an attacker takes in attempting to penetrate a targeted network are
similar to the ones that a security consultant performing a penetration test
would take.
First, the attacker gathers as much information about the organization as
possible. There are numerous ways to do this, including studying the orga-
nization’s own web site, looking for postings on newsgroups, or consulting
resources such as the U.S. Securities and Exchange Commission’s (SEC)
EDGAR web site (www.sec.gov/edgar.shtml). A number of different finan-
cial reports are available through the EDGAR web site that can provide in-
formation about an organization that is useful for an attack—particularly a
social engineering attack. The type of information that the attacker wants in-
cludes IP addresses, phone numbers, names of individuals, and what net-
works the organization maintains. This step is known as “profiling” or
“reconnaissance.” Commands such as whois are useful in this step for ob-
taining information on IP blocks and DNS server addresses. An even more
common tool that is useful in gathering data is a traditional web search en-
gine such as Google.
Typically, the next step, which is the first step in the technical part of an
attack, is to determine what target systems are available and active. This
step moves us from profiling to actual scanning and is accomplished with
methods such as a ping sweep,
which simply sends a “ping” (an
Try This ICMP echo request) to the target
Security Tools machine. If the machine responds,
Numerous tools are available on the Internet to conduct the initial re- it is reachable. The next step is of-
connaissance activity described in this chapter. Examples include Nmap ten to perform a port scan. This
and superscan. Most security professionals recommend that security ad- will help identify which ports are
ministrators run these tools against their own systems in order to see open, thus giving an indication of
what attackers will see when they inevitably run the same, or similar, which services may be running on
tools against the network. Using your favorite search engine, see what the target machine. Determining
open source security tools you can find. Do the same for commercial se- the operating system (known as
curity tools. If you have access to a closed network that you can play OS fingerprinting) that is running
with, you may want to download some of the tools and try them to see on the target machine, as well as
how they work and what information they supply. specific application programs, fol-
lows, along with determining the

12
Principles of Computer Security: CompTIA Security+ and Beyond

services that are available (which can be accomplished by banner grabbing).

Various techniques can be used to send specifically formatted packets to the
ports on a target system to view the response. Often this response provides
clues as to which operating system and specific applications are running on
the target system. Once this is done, the attacker would have a list of possible
target machines, the operating system running on them, and some specific
applications or services to target.
Up until this point, the attacker has simply been gathering the informa-
tion needed to discover potential vulnerabilities that may be exploited. Fur-
ther research is conducted to find possible vulnerabilities and once a list
of these is developed, the attacker is ready to take the next step: an actual at-
tack on the target. Knowing the operating system and services on the target
helps the attacker decide which tools to use in the attack.
Numerous web sites provide information on the vulnerabilities of spe-
cific application programs and operating systems. This information is valu-
able to administrators, since they need to know what problems exist and
how to patch them. In addition to information about specific vulnerabilities,
some sites may also provide tools that can be used to exploit the vulnerabili-
ties. An attacker can search for known vulnerabilities and tools that exploit
them, download the information and tools, and then use them against a site.
If the administrator for the targeted system has not installed the correct
patch, the attack may be successful; if the patch has been installed, the at-
tacker will move on to the next possible vulnerability. If the administrator
has installed all of the appropriate patches so that all known vulnerabilities
have been addressed, the attacker may have to resort to a brute-force attack,
which involves guessing a user ID and password combination. Unfortu-
nately, this type of attack, which could be easily prevented, sometimes
proves successful.
This discussion of the steps in an attack is by no means complete. There
are many different ways a system can be attacked. This, however, is the gen-
eral process: gathering as much information about the target as possible (us-
ing both electronic and nonelectronic means), gathering information about
possible exploits based on the information about the system, and then sys-
tematically attempting to use each exploit. If the exploits don’t work, other,
less system-specific attacks may be attempted.

Minimizing Possible Avenues of Attack

Understanding the steps an attacker will take enables you to limit the expo-
sure of your system and minimize those avenues an attacker might possibly
exploit.
The first step an administrator can take to reduce possible attacks is to
ensure that all patches for the operating system and applications are in-
stalled. Many security problems that we read about, such as viruses and
worms, exploit known vulnerabilities for which patches exist. The reason
such malware caused so much damage in the past was that administrators
did not take the appropriate actions to protect their systems.
The second step an administrator can take is system hardening, which
involves limiting the services that are running on the system. Only using
those services that are absolutely needed does two things: it limits the possi-
ble avenues of attack (those services with vulnerabilities that can be

13
Chapter 1: Introduction and Security Trends

exploited), and it reduces the number of services the administrator has to

worry about patching in the first place. This is one of the important first
steps any administrator should take to secure a computer system.
Another strategy to minimize possible avenues of attack is to provide as
little information as possible about your organization and its computing re-
sources on publicly available places (such as web sites). Since the attacker is
after information, don’t make it easy to obtain. For example, at one time it
was not uncommon for organizations to list the type of OS or browser used
on login banners but, as has been discussed, this gives a potential attacker
information that can be used to select possible attacks. In addition, consider
what contact information is absolutely necessary to have displayed on pub-
licly available sites.

Types of Attacks
There are a number of ways that a computer system or network can be at-
tacked (this topic will be covered in greater detail in Chapter 15). If success-
ful, the attack may produce one of the following: a loss of confidentiality, if
information is disclosed to individuals not authorized to see it; a loss of in-
tegrity, if information is modified by individuals not authorized to change
it; or a loss of availability, if information or the systems processing it are not
available for use by authorized users when they need the information.

14
Principles of Computer Security: CompTIA Security+ and Beyond

Chapter 1 Review
■ Chapter Summary
After reading this chapter and completing the quizzes, ■ Numerous web sites exist that provide information
you should understand the following regarding on vulnerabilities in specific application programs
security trends. and operating systems.
■ The first step an administrator can take to
List and Discuss Recent Trends in Computer Security minimize possible attacks is to ensure that all
■ Fifty years ago, few people had access to a patches for the operating system and applications
computer system or network, so securing them are installed.
was a relatively easy matter.
■ There are many different ways to attack computers Describe Various Types of Threats That Exist for
and networks to take advantage of what has made Computers and Networks
shopping, banking, investment, and leisure ■ There are a number of different threats to security,
pursuits a simple matter of “dragging and including viruses and worms, intruders, insiders,
clicking” for many people. criminal organizations, terrorists, and information
■ The biggest change that has occurred in security warfare conducted by foreign countries.
over the last 30 years has been the change in the ■ There are two general reasons a particular
computing environment from large mainframes to computer system is attacked: it is specifically
a highly interconnected network of much smaller targeted by the attacker, or it is a target of
systems. opportunity.
■ Targeted attacks are more difficult and take more
Describe Simple Steps to Take to Minimize the time than attacks on a target of opportunity
Possibility of an Attack on a System
■ The steps an attacker takes in attempting to Discuss Recent Computer Crimes That Have Been
penetrate a targeted network are similar to the ones Committed
that a security consultant performing a penetration ■ The different types of electronic crime fall into two
test would take. main categories: crimes in which the computer was
■ A ping sweep simply sends a “ping” (an ICMP the target of the attack, and incidents in which the
echo request) to the target machine. computer was a means of perpetrating a criminal
■ A port scan will help identify which ports are act.
open, thus giving an indication of which services ■ One significant trend observed over the last several
may be running on the targeted machine. years has been the increase in the number of
computer attacks.

15
Chapter 1: Introduction and Security Trends

P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:02 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

■ Key Terms
critical infrastructures (10) information warfare (9)
elite hackers (8) ping sweep (12)
hacker (7) port scan (12)
hacking (7) script kiddies (8)
hacktivist (11) structured threat (9)
highly structured threat (9) unstructured threat (8)

■ Key Terms Quiz

Use terms from the Key Terms list to complete the 7. _______________ are the most technically
sentences that follow. Don’t use the same term more competent individuals conducting intrusive
than once. Not all terms will be used. activity on the Internet. They not only can exploit
known vulnerabilities but are usually the ones
1. A(n) _______________ is a threat characterized responsible for finding those vulnerabilities.
by a greater amount of planning, a longer period
8. A _______________ helps identify which ports
of time to conduct the activity, more financial
are open, thus giving an indication of which
backing to accomplish it, and the possible
services may be running on the targeted
corruption of, or collusion with, insiders.
machine.
2. A hacker whose activities are motivated by
9. _______________ are individuals who do not
a personal cause or position is known as a
have the technical expertise to develop scripts or
_______________.
discover new vulnerabilities in software but who
3. Infrastructures whose loss would have a severe have just enough understanding of computer
detrimental impact on the nation are called systems to be able to download and run scripts
_______________. that others have developed.
4. _______________ is warfare conducted against 10. A(n) _______________ is a threat characterized
the information and information processing by attacks that are conducted over short periods
equipment used by an adversary. of time (lasting at most a few months), that do
5. A _______________ simply sends a “ping” (an not involve a large number of individuals, that
ICMP echo request) to the target machine. have little financial backing, and are accomplished
6. A(n) _______________ is a threat that generally is by insiders or outsiders who do not seek collusion
short-term in nature, does not involve a large with insiders.
group of individuals, does not have large
financial backing, and does not include collusion
with insiders.

16
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

■ Multiple-Choice Quiz
1. Which threats are characterized by possibly long 5. Which of the following is generally viewed as the
periods of preparation (years is not uncommon), first Internet worm to have caused significant
tremendous financial backing, a large and damage and to have “brought the Internet
organized group of attackers, and attempts to down”?
subvert insiders or to plant individuals inside a A. Melissa
potential target in advance of a planned attack?
B. The “Love Bug”
A. Unstructured threats
C. The Morris worm
B. Structured threats
D. Code Red
C. Highly structured threats
6. Which of the following individuals was
D. Nation-state information warfare threats convicted of various computer crimes and was
2. Which of the following is an attempt to find and known for his ability to conduct successful social
attack a site that has hardware or software that is engineering attacks?
vulnerable to a specific exploit? A. Kevin Mitnick
A. Target of opportunity attack B. Vladimir Levin
B. Targeted attack C. Timothy Lloyd
C. Vulnerability scan attack D. David Smith
D. Information warfare attack 7. According to the CSI/FBI survey, which of the
3. Which of the following threats has not grown following statistics decreased in 2003?
over the last decade as a result of increasing A. The number of organizations reporting the
numbers of Internet users? Internet as a point of attack
A. Viruses B. The number of organizations that have
B. Hackers reported unauthorized use of their systems
C. Denial-of-service attacks C. The average loss as a result of theft of
D. All of these have seen an increase over the proprietary information
last decade. D. Both B and C
4. The rise of which of the following has greatly 8. Which virus/worm was credited with reaching
increased the number of individuals who probe global proportions in less than ten minutes?
organizations looking for vulnerabilities to A. Code Red
exploit?
B. The Morris worm
A. Virus writers
C. Melissa
B. Script kiddies
D. Slammer
C. Hackers
D. Elite hackers

17
Chapter 1: Introduction and Security Trends

9. The act of deliberately accessing computer B. Hacktivisim

systems and networks without authorization is C. Cyber crusading
generally known as:
D. Elite hacking
A. Computer intrusions
13. Which of the following is not described as a
B. Hacking critical infrastructure?
C. Cracking A. Electricity (power)
D. Probing B. Banking and finance
10. What is the most common problem/threat an C. Telecommunications
organization faces?
D. Retail stores
A. Viruses/worms
14. Criminal organizations would normally be
B. Script kiddies classified as what type of threat?
C. Hackers A. Unstructured
D. Hacktivists B. Unstructured but hostile
11. Warfare conducted against the information and C. Structured
information processing equipment used by an
D. Highly structured
adversary is known as:
15. Elite hackers don’t account for more than what
A. Hacking
percentage of the total number of individuals
B. Cyber terrorism conducting intrusive activity on the Internet?
C. Information warfare A. 1–2 percent
D. Network warfare B. 3–5 percent
12. An attacker who feels that using animals to make C. 7–10 percent
fur coats is unethical and thus defaces the web
D. 15–20 percent
site of a company that sells fur coats is an
example of:
A. Information warfare

■ Essay Quiz
1. Reread the various examples of computer crimes 3. A friend of yours has just been hired by an
at the beginning of this chapter. Categorize each organization as their computer security officer.
as either a crime where the computer was the Your friend is a bit nervous about this new job
target of the criminal activity or a crime in which and has come to you, knowing that you are taking
the computer was a tool in accomplishing the a computer security class, to ask your advice on
criminal activity. measures that can be taken that might help
2. Your boss has just heard about some “nefarious prevent an intrusion. What three things can you
computer activities” called ping sweeps and port suggest that are simple but can tremendously help
scans. He wants to know more about them and limit the possibility of an attack?
what the impact might be of these activities on 4. Discuss why insiders are considered such a
your company. Write a brief description of what threat to organizations?
they are and include your assessment of whether 5. Write a brief essay outlining what you learned
this activity is something to worry about or not. from the CSI Computer Crime and Security Survey
mentioned in the chapter.

18
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

P:\010Comp\BaseTech\375-8\ch01.vp
Saturday, November 07, 2009 9:51:03 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 1

Lab Projects
• Lab Project 1.1
A number of different examples of computer crimes see what other examples you can find. Try and
were discussed in this chapter. Similar activities obtain the most recent examples possible.
seem to happen daily. Do a search on the Internet to

• Lab Project 1.2

References to “script kiddies” were made frequently search of the Internet to see how easy it is to locate
in this chapter. The implication was that it is easy programs that will perform activities such as ping
today to perform certain types of activities because it sweeps and port scans. What other types of security-
is easy to find tools that allow you to perform them. related tools can you find?
If allowed at your school or by your ISP, perform a

19
Chapter 1: Introduction and Security Trends

2 General Security Concepts

“The only real security that a

man can have in this world is a
reserve of knowledge, experience
and ability.”
—HENRY FORD

In this chapter, you will learn

how to
■ Define basic terms associated
I n Chapter 1, you learned about some of the various threats that we, as
security professionals, face on a daily basis. In this chapter, you start
exploring the field of computer security.
with computer and information
security
■ Identify the basic approaches to
computer and information
security
■ Distinguish among various
methods to implement access
controls
■ Describe methods used to verify
the identity and authenticity of
an individual
■ Describe methods used to
conduct social engineering
■ Recognize some of the basic
models used to implement
security in operating systems

P:\010Comp\BaseTech\375-8\ch02.vp
Tuesday, November 17, 2009 2:57:35 PM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 2

■ Basic Security Terminology Exam Tip: The field of

The term hacking has been used frequently in the media. A hacker was once computer security constantly
considered an individual who understood the technical aspects of computer evolves, introducing new terms
frequently, which are often
operating systems and networks. Hackers were individuals you turned to
coined by the media. Make sure
when you had a problem and needed extreme technical expertise. Today, to learn the meaning of terms
primarily as a result of the media, the term is used more often to refer to in- such as hacking, phreaking,
dividuals who attempt to gain unauthorized access to computer systems or vishing, phishing, pharming,
networks. While some would prefer to use the terms cracker and cracking and spear phishing. Some of
these have been around for
when referring to this nefarious type of activity, the terminology generally
many years, such as hacking,
accepted by the public is that of hacker and hacking. A related term that may whereas others have appeared
sometimes be seen is phreaking, which refers to the “hacking” of the systems only in the last few years, such
and computers used by a telephone company to operate its telephone as spear phishing.
network.

Security Basics
Computer security itself is a term that has many meanings and related terms.
Computer security entails the methods used to ensure that a system is se-
cure. Subjects such as authentication and access controls must be addressed
in broad terms of computer security. Seldom in today’s world are comput-
ers not connected to other computers in networks. This then introduces the
term network security to refer to the protection of the multiple computers and
other devices that are connected together. Related to these two terms are
two others: information security and information assurance, which place the fo-
cus of the security process not on the hardware and software being used but
on the data that is processed by them. Assurance also introduces another
concept, that of the availability of the systems and information when we
want them. Still another term that may be heard in the security world is
COMSEC, which stands for communications security and deals with the secu-
rity of telecommunication systems.
Since the late 1990s, much has been reported in the media concerning
computer and network security. Often the news is about a specific lapse in
security that has resulted in the penetration of a network or in the denial of
service for a network. Over the last few years, the general public has become
increasingly aware of its dependence on computers and networks and con-
sequently has also become interested in the security of these same comput-
ers and networks.
As a result of this increased attention by the public, several new terms
have become commonplace in conversations and print. Terms such as hack-
ing, virus, TCP/IP, encryption, and firewalls are now frequently encountered
in mainstream news media and have found their way into casual conversa-
tions. What was once the purview of scientists and engineers is now part of
our everyday life.
With our increased daily dependence on computers and networks to
conduct everything from making purchases at our local grocery store to driv-
ing our children to school (that new car you just bought is probably using a
small computer to obtain peak engine performance), ensuring that comput-
ers and networks are secure has become of paramount importance. Medical
information about each of us is probably stored in a computer somewhere.

21
Chapter 2: General Security Concepts

P:\010Comp\BaseTech\375-8\ch02.vp
Saturday, November 07, 2009 10:41:52 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 2

So is financial information and data relating to the types of purchases we

make and store preferences (assuming you have and use a credit card to make
purchases). Making sure that this information remains private is a growing
concern to the general public, and it is one of the jobs of security to help with
the protection of our privacy. Simply stated, computer and network security
is now essential for us to function effectively and safely in today’s highly au-
tomated environment.

The “CIA” of Security

Almost from its inception, the goal of computer security has been threefold:
confidentiality, integrity, and availability—the “CIA” of security. The pur-
pose of confidentiality is to ensure that only those individuals who have the
authority to view a piece of information may do so. No unauthorized in-
dividual should ever be able to view data they are not entitled to access.
Integrity is a related concept but deals with the generation and modification
of data. Only authorized individuals should ever be able to create or change
(or delete) information. The goal of availability is to ensure that the data, or
the system itself, is available for use when the authorized user wants it.
Tech Tip As a result of the increased use of networks for commerce, two addi-
CIA of Security tional security goals have been added to the original three in the CIA of se-
While there is no universal curity. Authentication attempts to ensure that an individual is who they
agreement on authentication, claim to be. The need for this in an online transaction is obvious. Related to
auditability, and nonrepudiation this is nonrepudiation, which deals with the ability to verify that a message
as additions to the original CIA of has been sent and received and that the sender can be identified and veri-
security, there is little debate over fied. The requirement for this capability in online transactions should also
whether confidentiality, integrity, be readily apparent. Recent emphasis on systems assurance has raised the
and availability are basic security potential inclusion of the term auditability, which refers to whether a control
principles. Understand these can be verified to be functioning properly. In security, it is imperative that
principles, because one or more of
we can track actions to ensure what has or has not been done.
them are the reason for most se-
curity hardware, software, poli-
cies, and procedures. The Operational Model of Computer Security
For many years, the focus of security was on prevention. If we could prevent
somebody from gaining access to our computer systems and networks, then
we assumed that we had achieved security. Protection was thus equated
with prevention. While the basic premise of this is true, it fails to acknowl-
edge the realities of the networked environment our systems are part of. No
matter how well we seem to do in prevention technology, somebody always
seems to find a way around our safeguards. When this happens, our system
is left unprotected. Thus, we need multiple prevention techniques and also
technology to alert us when prevention has failed and to provide ways to
address the problem. This results in a modification to our original security
equation with the addition of two new elements—detection and response.
Our security equation thus becomes:

Protection = Prevention + (Detection + Response)

This is known as the operational model of computer security. Every security

technique and technology falls into at least one of the three elements of the
equation. Examples of the types of technology and techniques that represent
each are depicted in Figure 2.1.

22
Principles of Computer Security: CompTIA Security+ and Beyond

Security Principles
There are three approaches an orga-
nization can take to address the pro-
tection of its networks: ignore
security issues, provide host secu-
rity, or provide network-level secu-
rity. The last two, host and network • Figure 2.1 Sample technologies in the operational model of computer security
security, have prevention as well as
detection and response components.
If an organization decides to ignore security, it has chosen to utilize the
minimal amount of security that is provided with its workstations, servers,
and devices. No additional security measures will be implemented. Each
“out of the box” system has certain security settings that can be configured,
and they should be. To actually protect an entire network, however, re-
quires work in addition to the few protection mechanisms that come with
systems by default.

Host Security Host security takes a granular view of security by focusing

on protecting each computer and device individually instead of addressing
protection of the network as a whole. When host security is used, each com-
puter is relied upon to protect itself. If an organization decides to implement
only host security and does not include network security, there is a high
probability of introducing or overlooking vulnerabilities. Most environ-
ments are filled with different operating systems (Windows, UNIX, Linux,
Mac), different versions of those operating systems, and different types of
installed applications. Each operating system has security configurations
that differ from other systems, and different versions of the same operating
system may in fact have variations between them. Ensuring that every com-
puter is “locked down” to the same degree as every other system in the envi-
ronment can be overwhelming and often results in an unsuccessful and
frustrating effort.
Host security is important and should always be addressed. Security,
however, should not stop there, as host security is a complementary process
to be combined with network security. If individual host computers have
vulnerabilities embodied within them, then network security can provide
another layer of protection that will, hopefully, stop any intruders who have
gotten that far into the environment. Topics covered in this book dealing
with host security include: bastion hosts, host-based intrusion detection sys-
tems (HIDS), antivirus software, and hardening of operating systems.

Network Security In some smaller environments, host security by itself

may be an option, but as systems become connected into networks, security
should include the actual network itself. In network security, an emphasis is
placed on controlling access to internal computers from external entities.
This control can be through devices such as routers, firewalls, authentica-
tion hardware and software, encryption, and intrusion detection systems
(IDSs).
Network environments tend to be unique entities because usually no
two networks have exactly the same number of computers, the same appli-
cations installed, the same number of users, the exact same configurations,
or the same available servers. They will not perform the same functions or

23
Chapter 2: General Security Concepts

P:\010Comp\BaseTech\375-8\ch02.vp
Saturday, November 07, 2009 10:41:53 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 2

have the same overall architecture. Since networks have so many differ-
ences, there are many different ways in which they can be protected and
A longtime discussion has
centered on whether host- or configured. This chapter covers some foundational approaches to network
network-based security is more and host security. Each approach may be implemented in a myriad of ways
important. Most security experts but both network and host security need to be addressed for an effective to-
now generally agree that a com- tal security program.
bination of both is needed to ad-
equately address the wide range
of possible security threats. Cer- Least Privilege
tain attacks are more easily spot- One of the most fundamental approaches to security is least privilege. This
ted and some attacks are more
concept is applicable to many physical environments as well as network and
easily prevented using tools de-
signed for one or the other of host security. Least privilege means that a subject (which may be a user, ap-
these approaches. plication, or process) should have only the necessary rights and privileges to
perform its task with no additional permissions. Limiting an object’s privi-
leges limits the amount of harm that can be caused, thus limiting an organi-
zation’s exposure to damage. Users may have access to the files on their
workstations and a select set of files on a file server, but no access to critical
data that is held within the database. This rule helps an organization protect
its most sensitive resources and helps ensure that whoever is interacting
with these resources has a valid reason to do so.
Different operating systems and applications have different ways of im-
plementing rights, permissions, and privileges. Before an operating system
is actually configured, an overall plan should be devised and standardized
methods should be developed to ensure that a solid security baseline is actu-
ally implemented. For example, a company may want all of the Accounting
employees, but no one else, to be able to access employee payroll and profit
margin spreadsheets held on a server. The easiest way to implement this is
to develop an Accounting group, put all Accounting employees in this
group, and assign rights to the group instead of each individual person.
As another example, there may be a requirement to implement a hierar-
chy of administrators that perform different functions and require specific
types of rights. Two administrators may be tasked with performing backups
of individual workstations and servers; thus they do not need administra-
tive permissions with full access to all resources. Three other administrators
may be in charge of setting up new user accounts and password manage-
ment, which means they do not need full, or perhaps any, access to the com-
pany’s routers and switches. Once these lines are delineated, indicating
what subjects require which rights and permissions, then it is much easier to
configure settings to provide the least privileges for different subjects.
The concept of least privilege
applies to more network security is-
Try This sues than just providing users with
specific rights and permissions.
Examples of the Least Privilege Principle When trust relationships are cre-
The security concept of least privilege is not unique to computer secu- ated, they should not be imple-
rity. It has been practiced by organizations such as financial institutions mented in such a way that
and governments for centuries. Basically it simply means that individu- everyone trusts each other simply
als are given only the absolute minimum of privileges that are required because it is easier. One domain
to accomplish their assigned job. Examine the security policies that your should trust another for very spe-
organization has in place and see if you can identify examples of where cific reasons, and the implementers
the principle of least privilege has been used. should have a full understanding of
what the trust relationship allows

24
Principles of Computer Security: CompTIA Security+ and Beyond

between two domains. If one domain trusts another, do all of the users auto-
matically become trusted, and can they thus easily access any and all re-
sources on the other domain? Is this a good idea? Is there a more secure way
of providing the same functionality? If a trusted relationship is imple-
mented such that users in one group can access a plotter or printer that is
available on only one domain, it might make sense to simply purchase an-
other plotter so that other, more valuable or sensitive resources are not ac-
cessible by the entire group.
Another issue that falls under the least privilege concept is the security
context in which an application runs. All applications, scripts, and batch
files run in the security context of a specific user on an operating system.
They execute with specific permissions as if they were a user. The applica-
tion may be Microsoft Word and run in the space of a regular user, or it may
be a diagnostic program that needs access to more sensitive system files and
so must run under an administrative user account, or it may be a program
that performs backups and so should operate within the security context of
a backup operator. The crux of this issue is that programs should execute
only in the security context that is needed for that program to perform its
duties successfully. In many environments, people do not really understand
how to make programs run under different security contexts, or it may just
seem easier to have them all run
under the administrator account. Try This
If attackers can compromise a pro-
gram or service running under the Control of Resources
administrator account, they have Being able to apply the appropriate security control to file and print re-
effectively elevated their access sources is an important aspect of the least privilege security principle.
level and have much more control How this is implemented varies depending on the operating system
over the system and many more that the computer runs. Check how the operating system that you use
ways to cause damage. provides for the ability to control file and print resources.

Separation of Duties
Another fundamental approach to security is separation of duties. This con-
cept is applicable to physical environments as well as network and host se-
curity. Separation of duties ensures that for any given task, more than one
individual needs to be involved. The task is broken into different duties,
each of which is accomplished by a separate individual. By implementing a
task in this manner, no single individual can abuse the system for his or her
own gain. This principle has been implemented in the business world, espe-
cially financial institutions, for many years. A simple example is a system in
which one individual is required to place an order and a separate person is
needed to authorize the purchase.
While separation of duties provides a certain level of checks and bal-
ances, it is not without its own drawbacks. Chief among these is the cost re-
quired to accomplish the task. This cost is manifested in both time and
money. More than one individual is required when a single person could ac-
complish the task, thus potentially increasing the cost of the task. In addi-
tion, with more than one individual involved, a certain delay can be
expected because the task must proceed through its various steps.

25
Chapter 2: General Security Concepts

Implicit Deny
What has become the Internet was originally designed as a friendly environ-
ment where everybody agreed to abide by the rules implemented in the var-
ious protocols. Today, the Internet is no longer the friendly playground of
researchers that it once was. This has resulted in different approaches that
might at first seem less than friendly but that are required for security pur-
poses. One of these approaches is implicit deny.
Frequently in the network world, administrators make many decisions
concerning network access. Often a series of rules will be used to determine
whether or not to allow access (which is the purpose of a network firewall).
If a particular situation is not covered by any of the other rules, the implicit
deny approach states that access should not be granted. In other words, if no
rule would allow access, then access should not be granted. Implicit deny
applies to situations involving both authorization and access.
The alternative to implicit deny is to allow access unless a specific rule
forbids it. Another example of these two approaches is in programs that
monitor and block access to certain web sites. One approach is to provide a
list of specific sites that a user is not allowed to access. Access to any site not
on the list would be implicitly allowed. The opposite approach (the implicit
Exam Tip: Implicit deny is deny approach) would block all access to sites that are not specifically iden-
another fundamental principle of tified as authorized. As you can imagine, depending on the specific applica-
security and students need to be tion, one or the other approach will be more appropriate. Which approach
sure that they understand this
principle. Similar to least privi-
you choose depends on the security objectives and policies of your
lege, this principle states that organization.
if you haven’t specifically been
allowed access, then it should Job Rotation
be denied.
An interesting approach to enhance security that is gaining increasing atten-
tion is job rotation. Organizations often discuss the benefits of rotating indi-
viduals through various jobs in an organization’s IT department. By
rotating through jobs, individuals gain a better perspective on how the vari-
ous parts of IT can enhance (or hinder) the business. Since security is often a
misunderstood aspect of IT, rotating individuals through security positions
can result in a much wider understanding throughout the organization
about potential security problems. It also can have the side benefit of a com-
pany not having to rely on any one individual too heavily for security exper-
tise. If all security tasks are the domain of one employee, and that individual
leaves suddenly, security at the organization could suffer. On the other
hand, if security tasks are understood by many different individuals, the
loss of any one individual has less of an impact on the organization.
One significant drawback to job rotation is relying on it too heavily. The
IT world is very technical, and expertise in any single aspect often takes
years to develop. This is especially true in the security environment. In addi-
tion, the rapidly changing threat environment, with new vulnerabilities and
exploits routinely being discovered, requires a level of understanding that
takes considerable time to acquire and maintain.

Layered Security
A bank does not protect the money that it stores only by using a vault. It has
one or more security guards as a first defense to watch for suspicious activi-
ties and to secure the facility when the bank is closed. It may have

26
Principles of Computer Security: CompTIA Security+ and Beyond

P:\010Comp\BaseTech\375-8\ch02.vp
Saturday, November 07, 2009 10:41:54 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 2

monitoring systems that watch various activities that take place in the bank,
whether involving customers or employees. The vault is usually located in
the center of the facility, and thus there are layers of rooms or walls before
arriving at the vault. There is access control, which ensures that the people
entering the vault have to be given the authorization beforehand. And the
systems, including manual switches, are connected directly to the police sta-
tion in case a determined bank robber successfully penetrates any one of
these layers of protection.
Networks should utilize the same type of layered security architecture.
There is no 100 percent secure system, and there is nothing that is foolproof,
so a single specific protection mechanism should never be solely relied
upon. Every piece of software and every device can be compromised in
some way, and every encryption algorithm can be broken, given enough
time and resources. The goal of security is to make the effort of actually ac-
complishing a compromise more costly in time and effort than it is worth to
a potential attacker.
As an example, consider the steps an intruder might have to take to ac-
cess critical data held within a company’s back-end database. The intruder
first has to penetrate the firewall and use packets and methods that will not
be identified and detected by the IDS (more information on these devices
can be found in Chapter 13). The
attacker next has to circumvent an
internal router performing packet
filtering, and then possibly pene-
trate another firewall used to sepa-
rate one internal network from
another (see Figure 2.2). From
there, the intruder must break the
access controls that are on the data-
base, which means having to do a
dictionary or brute-force attack to
be able to authenticate to the data-
base software. Once the intruder
has gotten this far, the data still
needs to be located within the da-
tabase. This may in turn be compli-
cated by the use of access control
lists outlining who can actually
view or modify the data. That is a
lot of work.
This example illustrates the
different layers of security many
environments employ. It is impor-
tant to implement several different
layers because if intruders succeed
at one layer, you want to be able to
stop them at the next. The redun-
dancy of different protection lay-
ers assures that there is no one
single point of failure pertaining to
security. If a network used only a • Figure 2.2 Layered security

27
Chapter 2: General Security Concepts

firewall to protect its assets, an attacker successfully able to penetrate this

device would find the rest of the network open and vulnerable.
It is important that every environment have multiple layers of security.
These layers may employ a variety of methods, such as routers, firewalls,
network segments, IDSs, encryption, authentication software, physical se-
curity, and traffic control. The layers need to work together in a coordinated
manner so that one does not impede another’s functionality and introduce a
security hole. Security at each layer can be very complex, and putting differ-
ent layers together can increase the complexity exponentially. Although
having layers of protection in place is very important, it is also important to
understand how these different layers interact either by working together
or, in some cases, by working against each other.
One case of how different security methods can work against each other
is exemplified when firewalls encounter encrypted network traffic. An or-
ganization may utilize encryption so that an outside customer communicat-
ing with a specific web server is assured that sensitive data being exchanged
is protected. If this encrypted data is encapsulated within Secure Sockets
Layer (SSL) packets and then sent through a firewall, the firewall will not be
able to read the payload information in the individual packets. This may en-
able the customer, or an outside attacker, to send malicious code or instruc-
tions through the SSL connection undetected. There are other mechanisms
that can be introduced in these situations, such as designing web pages to
accept information only in certain formats and having the web server parse
through the data for malicious activity. The important point is to under-
stand the level of protection that each layer provides and how each level
of protection can be affected by things that take place in other layers.
The layers usually are depicted starting at the top, with more general
types of protection, and progressing downward through each layer,
with increasing granularity at each layer as you get closer to the actual
resource, as you can see in Figure 2.3. This is because the top-layer pro-
tection mechanism is responsible for looking at an enormous amount of
traffic, and it would be overwhelming and cause too much of a perfor-
mance degradation if each aspect of the packet were inspected. Instead,
each layer usually digs deeper into the packet and looks for specific
items. Layers that are closer to the resource have to deal with only a frac-
tion of the traffic that the top-layer security mechanism does, and thus
looking deeper and at more granular aspects of the traffic will not cause
• Figure 2.3 Various layers of security as much of a performance hit.

Diversity of Defense
Diversity of defense is a concept that complements the idea of various layers
of security. It involves making different layers of security dissimilar so that
even if attackers know how to get through a system that comprises one
layer, they may not know how to get through a different type of layer that
employs a different system for security.
If an environment has two firewalls that form a demilitarized zone
(DMZ), for example, one firewall may be placed at the perimeter of the
Internet and the DMZ. This firewall analyzes the traffic that is entering
through that specific access point and enforces certain types of restrictions.

28
Principles of Computer Security: CompTIA Security+ and Beyond

The other firewall may then be placed between the DMZ and the internal
network. When applying the diversity of defense concept, you should set up
these two firewalls to filter for different types of traffic and provide different
types of restrictions. The first firewall, for example, may make sure that no
FTP, SNMP, or Telnet traffic enters the network but allow SMTP, SSH,
HTTP, and SSL traffic through. The second firewall may not allow SSL or
SSH through and may interrogate SMTP and HTTP traffic to make sure that
certain types of attacks are not part of that traffic.
Another type of diversity of defense is to use products from different
vendors. Every product has its own security vulnerabilities that are usually
known to experienced attackers in the community. A Check Point firewall
has different security issues and settings than the open source Sentry
firewall; thus different exploits can be used against them to crash them or
compromise them in some fashion. Combining this type of diversity with
the preceding example, you might utilize the Check Point firewall as the
first line of defense. If attackers are able to penetrate it, they are less likely to
get through the next firewall if it is one from another vendor, such as a Cisco
PIX firewall or a Sentry firewall.
There is an obvious trade-off that must be considered before implement-
ing diversity of security using different vendor products. Doing so usually
also increases operational complexity, and security and complexity are sel-
dom a good mix. When implementing products from more than one vendor,
the staff has to know how to configure two different systems, the configura-
tion settings will be totally different, the upgrades and patches will come
out at different times and contain different changes, and the overall com-
plexity of maintaining these systems may cause more headaches than secu-
rity itself. This does not mean that you should not implement diversity of
defense by installing products from different vendors; it just means that you
should know the implications of this type of decision.

Security Through Obscurity

Another concept in security that should be discussed is the idea of security
through obscurity. In this case, security is considered effective if the environ-
ment and protection mechanisms are confusing or thought to be not gener-
ally known. Security through obscurity uses the approach of protecting
something by hiding it. Noncomputer examples of this concept include hid-
ing your briefcase or purse if you leave it in the car so that it is not in plain
view, hiding a house key under a doormat or in a planter, or pushing your
favorite ice cream to the back of the freezer so that everyone else thinks it is
all gone. The idea is that if something is out of sight, it is out of mind. This
approach, however, does not provide actual protection of the object. Some-
one can still steal the purse by breaking into the car, lift the doormat and find
the key, or dig through the items in the freezer to find your favorite ice
cream. Security through obscurity may make someone work a little harder
to accomplish a task, but it does not prevent anyone from eventually
succeeding.
Similar approaches are seen in computer and network security when at-
tempting to hide certain objects. A network administrator may, for instance,
move a service from its default port to a different port so that others will not
know how to access it as easily, or a firewall may be configured to hide

29
Chapter 2: General Security Concepts

specific information about the internal network in the hope that potential at-
tackers will not obtain the information for use in an attack on the network.
It often amazes security pro-
fessionals how frequently indi- In most security circles, security through obscurity is considered a poor
viduals rely on security through approach, especially if it is the only approach to security. Security through
obscurity as their main line of obscurity simply attempts to hide an object; it doesn’t implement a security
defense. Relying on some piece control to protect it. An organization can use security through obscurity
of information remaining secret
measures to try to hide critical assets, but other security measures should
is generally not a good idea.
This is especially true in this age
also be employed to provide a higher level of protection. For example, if an
of reverse-engineering, where administrator moves a service from its default port to a more obscure port,
individuals analyze the binaries an attacker can still actually find this service; thus a firewall should be used
for programs to discover em- to restrict access to the service. Most people know that even if you do shove
bedded passwords or crypto-
your ice cream to the back of the freezer, someone may eventually find it.
graphic keys. The biggest
problem with relying on security
through obscurity is that if it Keep It Simple
fails and the secret becomes
The terms security and complexity are often at odds with each other, be-
known, there often is no easy
way to modify the secret to re- cause the more complex something is, the harder it is to understand, and
secure it. you cannot truly secure something if you do not understand it. Another rea-
son complexity is a problem within security is that it usually allows too
many opportunities for something to go wrong. If an application has 4000
lines of code, there are a lot fewer places for buffer overflows, for example,
than in an application of two million lines of code.
As with any other type of technology or problem in life, when some-
thing goes wrong with security mechanisms, a troubleshooting process is
used to identify the actual issue. If the mechanism is overly complex, identi-
fying the root of the problem can be overwhelming if not nearly impossible.
Security is already a very complex issue because there are so many variables
involved, so many types of attacks and vulnerabilities, so many different
types of resources to secure, and so many different ways of securing them.
You want your security processes and tools to be as simple and elegant as
possible. They should be simple to troubleshoot, simple to use, and simple
to administer.
Another application of the principle of keeping things simple concerns
the number of services that you allow your system to run. Default installa-
tions of computer operating systems often leave many services running. The
keep-it-simple principle tells us to eliminate those services that we don’t
need. This is also a good idea from a security standpoint because it results in
fewer applications that can be exploited and fewer services that the admin-
istrator is responsible for securing. The general rule of thumb should be to
always eliminate all nonessential services and protocols. This of course
leads to the question, how do you determine whether a service or protocol is
essential or not? Ideally, you should know what your computer system or
network is being used for, and thus you should be able to identify and acti-
vate only those elements that are essential. For a variety of reasons, this is
not as easy as it sounds. Alternatively, a stringent security approach that
one can take is to assume that no service is necessary (which is obviously ab-
surd) and activate services and ports only as they are requested. Whatever
approach is taken, there is a never-ending struggle to try to strike a balance
between providing functionality and maintaining security.

30
Principles of Computer Security: CompTIA Security+ and Beyond

P:\010Comp\BaseTech\375-8\ch02.vp
Saturday, November 07, 2009 10:41:55 AM
Color profile: Disabled
Composite Default screen
BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Gregory B. White / 375-8 / Chapter 2

Access Control
The term access control has been used to describe a variety of protection
schemes. It sometimes refers to all security features used to prevent unau-
thorized access to a computer system or network. In this sense, it may be
confused with authentication. More properly, access control is the ability to
control whether a subject (such as an individual or a process running on a
computer system) can interact with an object (such as a file or hardware de-
vice). Authentication, on the other hand, deals with verifying the identity of
a subject. To help understand the difference, consider the example of an in-
dividual attempting to log into a computer system or network. Authentica-
tion is the process used to verify to the computer system or network that the
individual is who they claim to be. The most common method to do this is
through the use of a user ID and password. Once the individual has verified
their identity, access controls regulate what the individual can actually do
on the system. Just because a person is granted entry to the system does not
mean that they should have access to all data the system contains.

Authentication
Access controls define what actions a user can perform or what objects a
user can have access to. These controls assume that the identity of the user
has been verified. It is the job of authentication mechanisms to ensure that
only valid users are admitted. Described another way, authentication is us-
ing some mechanism to prove that you are who you claim to be. There are
three general methods used in authentication. In order to verify your iden-
tity, you can provide
■ Something you know
■ Something you have
■ Something about you (something that you are)

The most common authentication mechanism is to provide something

that only you, the valid user, should know. The most frequently used exam-
ple of this is the common user ID (or username) and password. In theory,
since you are not supposed to share your password with anybody else, only
you should know your password, and thus by providing it, you are proving
to the system that you are who you claim to be. Another mechanism for au-
thentication is to provide something that you have in your possession, such
as a magnetic stripe card that contains identifying information. The third
mechanism is to use something about you for identification purposes, such
as your fingerprint or the geometry of your hand. Obviously, for the second
and third mechanisms to work, additional hardware devices need to be
used (to read the card, fingerprint, or hand geometry).

Access Control vs. Authentication

It may seem that access control and authentication are two ways to describe
the same protection mechanism. This, however, is not the case. Authentica-
tion provides a way to verify to the computer who the user is. Once the user
has been authenticated, the access controls decide what operations the user

31
Chapter 2: General Security Concepts

can perform. The two go hand-in-hand but they are not the same thing. An
access control list (ACL) is a mechanism that is used to define whether a user
has certain access privileges for a system. For example, an ACL might be
used to provide a list of individuals and what access they have for a com-
puter system or network device.
No matter what specific mechanism is used to implement access con-
trols in a computer system or network, the controls should be based on a
specific model of access. Several different models are discussed in security
literature, including discretionary access control (DAC), mandatory access
control (MAC), role-based access control (RBAC), and rule-based access
control (also RBAC). Access control is covered in detail in Chapter 11.

Certificates
Certificates are a method to establish authenticity of specific objects such as
an individual’s public key (more on this specific subject in Chapter 6) or
downloaded software. A digital certificate is generally an attachment to a
message and is used to verify that the message did indeed come from the en-
tity it claims to have come from. The digital certificate can also contain a key
that can be used to encrypt further communication. For more information
on this subject, refer to Chapter 11.

Authentication and Access Control Policies

Policies are statements of what the organization wants to accomplish. The
organization needs to identify goals and intentions for many different as-
pects of security. Each aspect will have associated policies and procedures.

Group Policy
Operating systems such as Windows and Linux allow administrators to or-
ganize users into groups, to create categories of users for which similar ac-
cess policies can be established. Using groups saves the administrator time,
as adding a new user will not require the administrator to create a com-
pletely new user profile; instead, the administrator can determine to which
group the new user belongs and then add the user to that group.
A group policy defines for the group things such as the applicable operat-
ing system and application settings and permissions. Examples of groups
commonly found include administrator, user, and guest. Take care when cre-
ating groups and assigning users to them so that you do not provide more ac-
cess than is absolutely required for members of that group. It would be simple
to make everybody an administrator—it would cut down on the number of
requests users make of beleaguered administrators—but this is not a wise
choice, as it also enables users to modify the system in ways that could impact
security. Establishing the rights levels of access for the various groups up
front will save you time and eliminate potential problems that might be en-
countered later on. More on this subject will be covered in Chapter 14.

Password Policy
Since passwords are the most common authentication mechanism, it is im-
perative that organizations have a policy that addresses them. The list of au-
thorized users forms the basis of the ACL for the computer system or

32
Principles of Computer Security: CompTIA Security+ and Beyond

network that the passwords will help control. The password policy should ad-
dress the procedures used for selecting user passwords (specifying what is
considered an acceptable password in the organization in terms of the char-
acter set and length, its complexity), the frequency with which they must be
changed, and how they will be distributed. Procedures for creating new
passwords should an employee forget her old password also need to be ad-
dressed, as well as the acceptable handling of passwords (for example, they
should not be shared with anybody else, they should not be written down,
and so on). It might also be useful to have the policy address the issue of
password cracking by administrators, in order to discover weak passwords
selected by employees.
Note that the developer of the password policy and associated proce-
dures can go overboard and create an environment that negatively impacts Exam Tip: A password pol-
employee productivity and leads to poorer security, not better. If, for exam- icy is one of the most basic poli-
cies that an organization can
ple, the frequency with which passwords are changed is too great, users
have. Make sure you understand
might write them down or forget them. Neither of these is a desirable out- the basics of what constitutes a
come, as the former makes it possible for an intruder to find a password and good password along with the
gain access to the system, and the latter leads to too many people losing pro- other issues that surround pass-
ductivity as they wait for a new password to be created to allow them access word creation, expiration, shar-
again. More information on password policies can be found in Chapter 22. ing, and use.

■ Social Engineering Social engineering has for

Social engineering is the process of convincing an authorized individual to many years been one of the
most successful methods that
provide confidential information or access to an unauthorized individual.
attackers have used to gain un-
Social engineering takes advantage of what continually turns out to be the authorized access to computer
weakest point in our security perimeter—the humans. Kevin Mitnick, a con- systems and networks. The tech-
victed cybercriminal turned security consultant, once stated, “Don’t rely on nique relies on the inherent de-
network safeguards and firewalls to protect your information. Look to your sire in most people to be helpful.
With a plausible background and
most vulnerable spot. You’ll usually find that vulnerability lies in your peo-
a good story, a good social engi-
ple.” In 2000, after being released from jail, Mitnick testified before Congress neer can frequently talk individu-
and spoke on several other occasions about social engineering and how ef- als into divulging information
fective it is. He stated that he “rarely had to resort to a technical attack” be- that they normally would never
cause of how easily information and access could be obtained through social have. Social engineering can
engineering. also take the form of something
simple such as striking up a con-
Individuals who are attempting to social engineer some piece of infor- versation with a person as you
mation generally rely on two aspects of human nature. First, most people approach a locked door so that
generally want to help somebody who is requesting help. Second, people when the individual opens it,
generally want to avoid confrontation. To exploit people’s natural inclina- you walk in with them. For many
tion to provide help, the knowledgeable social engineer might call a help people, if the individual seems
friendly and doesn’t look suspi-
desk and pretend to be a new employee who needs help to log onto the orga- cious, they will give them the
nization’s network. By doing so, the social engineer can obtain valuable in- benefit of the doubt and assume
formation as to the type of system or network that is being employed. After that they belong to the organiza-
making this call, the social engineer might make a second call and use the in- tion and are authorized access.
formation obtained from the first call to provide background so that the next
individual the attacker attempts to obtain information from will not suspect
it is an unauthorized individual asking the questions. This works because
people generally assume that somebody is who they claim to be, especially

33
Chapter 2: General Security Concepts

P:\010Comp\BaseTech\375-8\ch02.vp
Saturday, November 07, 2009 10:41:55 AM
Other documents randomly have
different content
"Hold on; I've got a horse blanket here," and he dived under the
seat. "There!" and he wrapped it around her shoulders.
"Thanks," she said, briefly, and again her bird-like eyes scanned
the road ahead.

"Hot cakes an' syrup!" she exclaimed, in a voice of resigned

distress, "there's the North Marsden lady-board comin'. They must
have 'phoned her. Say, mister, lemme sneak under here. If she holes
you up, you'll have to tell a lie."

The young man grinned delightedly as the little girl slipped

through the blanket and disappeared under the lap-robe. Then he
again went skimming over the snow.

There was a very grand sleigh approaching him, with a befurred

coachman on the seat driving a pair of roan horses, and behind him
a gray-haired lady smothered in handsome robes.
"Please stop!" she called pathetically, to the approaching young
man.
The creamery shark pulled up his mare, and blinked thoughtfully
at her.

"Oh, have you seen a little girl?" she said excitedly; "a poor little
girl, very thin and miserable, and with a lame, brown dog limping
after her? She's wandering somewhere—the unfortunate, misguided
child. We have had such trouble with her at the Middle Marsden
Asylum—the orphan asylum, you know. We have fed her and clothed
her, and now she's run away."
The fat young man became preternaturally solemn, the more so
as he heard a low growl somewhere in the region of his feet.
"Did she have black hair as lanky as an Injun's?" he asked.
"Yes, yes."
"And a kind o' sickly green dress?"

"Oh, yes, and a dark complexion."

"And a sort of steely air as if she'd dare the world?"
"That's it; oh, yes, she wasn't afraid of any one."

"Then I've sighted your game," he said, gravely, very gravely,

considering that the "game" was pinching one of his legs.
"I'll give you the scent," he went on. "Just follow this road till you
come to the three pine-trees at the cross. Then turn toward
Spruceville."
"Oh, thank you, thank you. I'm ever so much obliged. But was she
on foot or driving?"

"Driving like sixty, sitting up on the seat beside a smooth old

farmer with a red wig on, and a face as long as a church."
"A red wig!" exclaimed the lady. "Why, that's Mr. Dabley—he's one
of our advisory committee."
"Dabley or Grabley, he's driving with one of your orphans. I see
her as plain as day sitting beside him—brown face, faded black hat,
sickly green frock, bundle on her lap."
"Farmer Dabley—incredible! How one can be deceived. Drive on,
Matthew. We must try to overtake them. Had he one horse or two?"

"A pair, ma'am—a light-legged team—a bay and a cream. He's a

regular old sport."
"He's a Mephistopheles if he's helping that child to escape," said
the lady, warmly. "I'll give him a piece of my mind."
Her coachman started his horses, and the little girl under the robe
was beginning to breathe freely when a shout from the young man
brought her heart to her mouth.
"Say, ma'am, was that a striped or a plain shawl she had her dog
wrapped in?"
"Striped—she had the impudence to steal it from the matron, and
leave a note saying she did it because her jacket was locked up, and
she was afraid her dog would freeze—I'm under a great obligation to
you, sir."
"No obligation," he said, lifting his hat. "I'm proud to set you on
the chase after such a bad young one. That's your girl, ma'am. Her
shawl was striped. I didn't tell you she had the nerve to ask me to
take her in."
"Not really—did she?" the lady called back; then she added,
wonderingly, "but I thought you met her driving with Farmer
Dabley?"
They had both turned around, and were talking over their
shoulders.

There was a terrible commotion under the lap-robe, and the

young man felt that he must be brief.
"If you bark I'll break your neck," he heard the refugee say in a
menacing whisper, and, to cover a series of protesting growls, he
shouted, lustily, "Yes, ma'am, but first I passed her on foot. Then I
turned back, and she was with the farmer. That young one has got
the face of a government mule, but I'm used to mules, and when
she asked me I said, ''Pears to me, little girl, you favour a runaway,
and I ain't got no room for runaways in this narrow rig, 'specially as
I'm taking a bundle of clothing to my dear old father'—likewise a
young pig," he added, as there was a decided squeal from between
his feet.

"Thank you, thank you," came faintly after him as he started off at
a spanking gait, and, "You're badder than I thought you was," came
reproachfully from the tumbled head peeping above the lap-robe.
"You're grateful!" he said, ironically.
"I'm bad, but I only asked the Lord to forgive the lies I'd got to
tell," said the little girl as she once more established herself on the
seat. "You should 'a' said, 'No, ma'am, I didn't see the little girl'—an'
druv on."

"I guess you're kind of mixed in your opinions," he remarked.

"I ain't mixed in my mind. I see things as straight as that air
road," she replied. "I said, 'This is a bad business, for I've got to run
away, but I'll be as square as I can.'"
She paused suddenly, and her companion asked, "What's up with
you?"

"Nothin'," she said, faintly, "only I feel as if there was a rat inside
o' me. You ain't got any crackers round, have you?"
"No, but I've got something better," and he drew a flask from the
pocket of his big ulster and put it to her mouth.
Her nostrils dilated. "I'm a Loyal Legion girl."
"Loyal Legion—what's that?"
"Beware of bottles, beware of cups,
Evil to him who evil sups."

"Oh! a temperance crank," and he laughed. "Well, here's a hunk of

cake I put in my pocket last night."
The little girl ate with avidity the section of a rich fruit loaf he
handed her.
"How about your dog?" asked the young man.

"Oh, I guess he ain't hungry," she said, putting a morsel against

the brown muzzle thrust from the shawl. "Everythin' was locked up
last night, an' there warn't enough lunch for him an' me—see, he
ain't for it. He knows when hunger stops an' greed begins. That's
poetry they taught us."
"Tell us about that place you've been raised. No, stop—you're kind
of peaked-looking. Settle down an' rest yourself till we pull up for
dinner. I'll gabble on a bit if you'll give me a starter."
"I guess you favour birds an' things, don't you?" she observed,
shrewdly.
"Yaw—do you?"
"Sometimes I think I'm a bird," she said, vehemently, "or a worm
or somethin'. If I could 'a' caught one o' them crows this mornin' I'd
'a' hugged it an' kissed it. Ain't they lovely?"
"Well, I don' know about lovely," said the young man, in a judicial
manner, "but the crow, as I take him, is a kind of long-suffering
orphan among birds. From the minute the farmers turn up these
furrows under the snow, the crow works like fury. Grubs just fly
down his red throat, and grasshoppers ain't nowhere, but because
he now and then lifts a hill o' petetters, and pulls a mite o' corn
when it gets toothsome, and makes way once in so often with a fat
chicken that's a heap better out o' the world than in it, the farmers is
down on him, the Legislature won't protect him, and the crow—
man's good friend—gets shot by everybody and everything!"
"I wish I was a queen," said the little girl, passionately.
"Well, sissy, if you ever get to be one, just unmake a few laws that
are passed to please the men who have a pull. Here in Maine you
might take the bounty off bob-cats, an' let 'em have their few sheep,
an' you might stand between the mink and the spawning trout, and
if you want to put a check on the robins who make war on the
cherries an' strawberries, I guess it would be more sensible than
chasing up the crows."
"I'm remarkin' that you don't beat your horse," said his
companion, abruptly.
"That mare," said the young man, reflectively, "is as smart as I be,
and sometimes I think a thought smarter."

"You wouldn't beat that little dog," she said, holding up her
bundle.
"Bet your striped shawl I wouldn't."
"I like you," she said, emphatically. "I guess you ain't as bad as
you look."
The young man frowned slightly, and fell into another reverie.
CHAPTER II.
EVEN SHARKS HAVE TENDER HEARTS.

The old Moss Glen Inn, elm-shaded and half covered by creeping
vines, is a favourite resort for travellers in the eastern part of Maine,
for there a good dinner can be obtained in a shorter space of time
than in any other country hotel in the length and breadth of the
State.
"And all because there's a smart woman at the head of it,"
explained the young man to the little waif beside him. "There she is
—always on hand."
A round, good-natured face, crowning a rotund, generous figure,
smiled at them from the kitchen window, but while the eyes smiled,
the thick, full lips uttered a somewhat different message to a tall,
thin woman, bending over the stove.
"Ruth Ann, here's that soapy Hank Dillson round again,—takin' in
the farmers, as usual, engagin' them to pay for machinery and
buildings more than are needed, considerin' the number of their
cows, an' he's got a washed-out lookin' young one with him. She'll
make a breach in the victuals, I guess."
Ruth Ann, who was her sister and helper in household affairs,
came and looked over her shoulder, just as Dillson sprang from the
sleigh.
Mrs. Minley stepped to the door, and stood bobbing and smiling as
he turned to her.
"How de do, Mrs. Minley. Give this little girl a place to lie down till
dinner's ready, will you? She's dead beat."
'Tilda Jane walked gravely into the kitchen, and although her head
was heavy, and her feet as light as if they were about to waft her to
regions above, she took time to scrutinise the broad face that would
have been generous but for the deceitful lips, and also to cast a
glance at the hard, composed woman at the window, who looked as
if her head, including the knob of tightly curled hair at the back, had
been carved from flint.
"Step right in this way," said Mrs. Minley, bustling into a small
bedroom on the ground floor.

'Tilda Jane was not used to being waited on, and for one proud
moment she wished that the children in the orphan asylum could
see her. Then a feeling of danger and insecurity overcame her, and
she sank on one of the painted, wooden chairs.
"You're done out," said Mrs. Minley, sympathetically. "Are you a
relation of Mr. Dillson's?"

"No, I ain't."
"You can lie on that bed if you like," said Mrs. Minley, noticing the
longing glance cast at it.
"Well, I guess I will," said 'Tilda Jane, placing her bundle on a
chair, and stooping down to unloose her shoes.
"Stop till I get some newspapers to put on the bed," said the
landlady—"what's in that package? It's moving," and she stared at
the shawl.
"It's a dog."
"Mercy me! I don't allow no dogs in my house."
"All right," said the little girl, patiently putting on her shoes again.
"What you going to do, child?"

"I'm goin' to the wood-shed. Them as won't have my dog won't

have me."
"Land sakes, child, stay where you be! I guess he can't do no
harm if you'll watch him."
"No ma'am, he'll not rampage. He's little, an' he's ole, an' he's
lame, an' he don't care much for walkin'. Sometimes you'll hear
nothin' out o' him all day but a growl or a snap."

The landlady drew away from the bundle, and after she had seen
the tired head laid on the pillow, she softly closed the door of the
room.
In two minutes 'Tilda Jane was asleep. The night before she had
not dared to sleep. To-day, under the protection of the creamery
shark, she could take her rest, her hunger satisfied by the cake he
had given her in the sleigh. The shark crept in once to look at her.
"Ain't she a sight?" he whispered to Mrs. Minley, who accompanied
him, "a half-starved monkey."
She playfully made a thrust at his ribs. "Oh, go 'long with you—
always making your jokes! How can a child look like a monkey?"
He smiled, well pleased at her cajoling tone, then, stretching
himself out in an armchair, he announced that dinner must be
postponed for an hour to let the child have her sleep out.
Mrs. Minley kept a pleasant face before him, but gave vent to
some suppressed grumbling in the kitchen. With fortitude
remarkable in a hungry man, he waited until one o'clock, then,
losing patience, he ate his dinner, and, telling Mrs. Minley that he
had business in the neighbourhood, and would not be back until
supper-time, he drove away in his sleigh.
At six o'clock 'Tilda Jane felt herself gently shaken, and opening
her eyes, she started up in alarm.

"All right—'tain't the police," said Mrs. Minley. "I know all about
you, little girl. You needn't be scared o' me. Get up and have a bite
of supper. Mr. Dillson's going away, and he wants to see you."
'Tilda Jane rose and put on her shoes in silence. Then she
followed the landlady to the next room. For an instant she staggered
back. She had never before seen such a huge, open fireplace, never
had had such a picture presented to her in the steam-heated
orphanage. Fresh from troubled dreams, it seemed as if these logs
were giants' bodies laid crosswise. The red flames were from their
blood that was being licked up against the sooty stones. Then the
ghastliness vanished, and she approvingly took in the picture,—the
fat young creamery shark standing over the white cat and rubbing
her with his toe, the firelight on the wall and snowy table, and the
big lamp on the mantel.

"Hello!" he exclaimed, turning around, "did you make your sleep

out?"
"Yes sir," she said, briefly. "Where shall I put this dog?"
"Don't put him nowhere till we turn this cat out. Scat, pussy!" and
with his foot he gently assisted the small animal kitchenwards.
"Now you can roast your pup here," he said, pointing to the
vacated corner.
"Don't touch him," warned 'Tilda Jane, putting aside his
outstretched hand. "He nips worse'n a lobster."
"Fine dog that," said the young man, ironically. "Come on now,
let's fall to. I guess that rat's rampaging again."
"Yes, he's pretty bad," said 'Tilda Jane, demurely; and she seated
herself in the place indicated.
Mrs. Minley waited on them herself, and, as she passed to and fro
between the dining-room and kitchen, she bestowed many glances
on the lean, lank, little girl with the brown face.
After a time she nudged Hank with her elbow. "Look at her!"
Hank withdrew his attention for a minute from his plate to cast a
glance at the downcast head opposite. Then he dropped his knife
and fork. "Look here! I call this kind of low-down."
'Tilda Jane raised her moist eyes.

"You've got ham and eggs; fried petetters and toast, and two
kinds of preserve, and hot rolls and coffee, and cake and doughnuts,
which is more'n you ever got at the asylum, I'll warrant, and yet
you're crying,—and after all the trouble you've been to me. There's
no satisfying some people."
'Tilda Jane wiped her eyes. "I ain't a-cryin' for the 'sylum," she
said, stolidly.

"Then what are you crying for?"

"I'm cryin' 'cause it's such a long way to Orstralia, an' I don't know
no one. I wish you was a-goin'."
"I wish I was, but I ain't. Come on now, eat your supper."
"I suppose I be a fool," she muttered, picking up her knife and
fork. "I've often heard I was."

"Hi now—I guess you feel better, don't you?" said the young man,
twenty minutes later.
He was in excellent humour himself, and, sitting tilted back in his
chair by the fireplace, played a tune on his big white teeth with a
toothpick.
"Yes, I guess I'm better," said 'Tilda Jane, soberly. "That was a
good supper."

"Hadn't you better feed your pup?" asked the young man. "Seems
to me he must be dead, he's so quiet."
"He's plumb beat out, I guess," said the little girl, and she
carefully removed the dog's queer drapery.
A little, thin, old, brown cur staggered out, with lips viciously rolled
back, and a curious unsteadiness of gait.

"Steady, old boy," said the young man; "my soul and body, he ain't
got but three legs! Whoa—you're running into the table."
"He don't see very well," said 'Tilda Jane, firmly. "His eyes is poor."
"What's the matter with his tail? It don't seem to be hung on
right."
"It wobbles from having tin cans tied to it. Gippie dear, here's a
bone."

"Gippie dear," muttered the young man. "I'd shoot him if he was
my dog."
"If that dog died, I'd die," said the little girl, passionately.
"We've got to keep him alive, then," said the young man, good-
humouredly. "Can't you give him some milk?"
She poured out a saucer full and set it before him. The partially
blind dog snapped at the saucer, snapped at her fingers until he
smelled them and discovered whose they were, then he finally
condescended to lick out the saucer.
"And you like that thing?" said the young man, curiously.
"Like him!—I love him," said 'Tilda Jane, affectionately stroking
the brown, ugly back.
"And when did he give away that leg?"

She shook her head. "It's long to tell. I guess you'd ask me to shut
up afore I got through."
CHAPTER III.
THE STORY OF HER LIFE.

The young man said nothing more at the time, but ten minutes
later, when he was thoughtfully smoking a long brown pipe, and
'Tilda Jane sat in a chair beside him, rocking her dog, he called out
to Mrs. Minley, who was hovering about the room. "Sit down, Mrs.
Minley. P'raps you can get this little girl to talk; I can't."
'Tilda Jane turned sharply to him. "Oh, mister, I'd do anything for
you. I'll talk."
"Well, reel it off then. I've got to start soon."
"What d'ye want to know?" she said, doggedly.
"Everything; tell me where you started from. Was you born in the
asylum?"
"Nobody don't know where I was born. Nobody don't know who I
am, 'cept that a woman come to the poorhouse with me to Middle
Marsden when I was a baby. She died, an' I was left. They give me
the name of 'Tilda Jane Harper, an' put me in the 'sylum. Children
come an' went. Just as soon as I'd get to like 'em they'd be 'dopted;
I never was 'dopted, 'cause I'm so ugly. My eyes ought to 'a' been
blue, an' my hair curly. I might 'a' been a servant, but my habits was
in the way."

"Habits—what habits?" asked Hank.

"Habits of impidence an' pig-headedness. When the men come to
kill the pigs I'd shut myself in my room, an' put my fingers in my
ears, an' I couldn't hear, but I'd always squeal when the pigs
squealed."
"Is that why you wouldn't eat your ham just now?"
"Oh, that ain't ham to me," she said, eloquently. "That bit o' red
meat was a cunnin', teeny white pig runnin' round a pen, cryin'
'cause the butcher's after him. I couldn't eat it, any more'n I'd eat
my brother."
"You're a queer little kite," interjected the young man, and he
exchanged an amused glance with Mrs. Minley, who was swaying
gently back and forth in a rocking-chair.
"So you wasn't very much set up at the asylum?" he went on.
"I guess I'm too bad for a 'sylum. Once our washerwoman took
me home to supper. I guess heaven must be like that. They had a
cat, too. I used to get in most trouble at the 'sylum 'bout cats. When
starvin' ones came rubbin' up agin me in the garden, I couldn't help
sneakin' them a bit o' bread from the pantry. It beats all, how cats
find out people as likes 'em. Then I'd get jerked up."
"Jerked up?" repeated her interlocutor.
"Locked in my room, or have my hands slapped. Once I took a
snake in the house. He was cold, but he got away from me, an' the
matron found him in her bed. She whipped me that time."

"Was that what made you run away?"

"No, I run away on account o' this dog. You call up the cold spell
we had a week ago?"
"You bet—I was out in it."
"Well, there come the coldest night. The matron give us extry
blankets, but I couldn't sleep. I woke up in the middle o' the night,
an' I thought o' that dog out in the stable. 'He'll freeze,' I said, an'
when I said it, it seemed as if icicles were stickin' into me. I was
mos' crazy. I got up an' looked out the window. There was a moon,
an awful bitin', ugly kind of a moon grinnin' at me. I put on some
clo'es, I slipped down-stairs, an' it seemed as if everythin' was yellin'
in the cold. Every board an' every wall I touched went off like a gun,
but no one woke, an' I got out in the stable.

"The horse was warm an' so was the cow, but this little dog was
mos' froze. I tried to warm him, but my fingers got like sticks. Then I
did a scand'lous thing. I says, 'I'll take him in bed with me an' warm
him for a spell, an' no one'll know;' so I lugged him in the house, an'
he cuddled down on my arm just so cunnin'. Then I tried to stay
awake, so I could carry him out early in the mornin', but didn't I fall
to sleep, an' the first thing I knowed there was the matron a-spearin'
me with her eyes, an she put out her hand to ketch the dog, an' he
up an' bit her, an' then there was trouble."
"What kind of trouble?" asked the young man.
"I had bread an' water for two days, an' the dog was shut up in
the stable, an' then I was brought up before the lady-board."
"The lady-board," murmured Mrs. Minley; "what does the child
mean?"
"The board of lady managers," explained Dillson.

"Tell us about it," he said to 'Tilda Jane.

The latter was keeping an eye on the clock. She knew that the
time must soon come for her to part from her new-found friend. It
was not in her nature to be very demonstrative, yet she could not
altogether hide a certain feverishness and anxiety. One thing,
however, she could do, and she subdued her emotion in order to do
it. It amused the young man to hear her talk. She would suppress
her natural inclination to silence and gravity, and try to entertain
him. And the more she talked, possibly the longer he would stay.
Therefore she went on: "There they set round the table as big an'
handsome as so many pies. One lady was at the top, an' she rapped
on the table with a little hammer, an' said, ''Tention, ladies!' Then
she says, 'Here is the 'fortinate object of dissection. What part shall
we tackle fust? Name your wishes, ladies.' Then she stopped an'
another lady begun, 'Mam pressiding, stake the case.'"
The young man took his pipe from his mouth, and Mrs. Minley
ejaculated, "Mercy me!"
"Madam president, I guess," he said, gravely. "Go on, sissy."
'Tilda Jane went on, still with her eye on the clock, and still
speaking feverishly. "The mam pressiding staked me out. Says she,
'Here is a little girl—she come to us like a lily o' the field; no dress
on, no bunnit, no nothin'. We've fed an' clothed the lily, an' guv her
good advice, an' she's lifted up her heel agin us. She deifies us, she
introjuces toads an' snakes into the sacred presings of our
sinningcherry for orphans. She packs a dirty dog in bed. We'll never
levelate her. She's lowering the key of our 'stution. She knows not
the place of reptiles an' quadruples. Ladies, shall we keep this little
disturving lellement in our 'stution? If thy hand 'fend against thee
cut it off. If thy foot straggle, treat it likewise.'

"Then she set down, an' another lady got up. Says she, 'I'm
always for mercy—strained mercy dropping like juice from heaven. If
this little girl is turned inside out, she'll be a bright an' shinin' light. I
prepose that we make the 'speriment. The tastes is in her, but we
can nip off the grati'cations. I remove that instead of disturving her,
we disturve the animiles. Ladies, we has hard work to run this
'stution.'"

"This 'stution?" said the young man.

"Yes, 'stution," repeated 'Tilda Jane, "that's what they call the
'sylum. Well, this lady went on an' says she, 'Let's send away the
cats an' dogs an' all the children's pets—squirrels an' pigeons an'
rabbits, 'cause this little girl's disruptin' every child on the place.
Once when cats come an' other animiles, they was stoned away.
Now they're took in. I come across one little feller jus' now, an'
instead o' learnin' his lesson he was playin' with a beetle. Ticklin' it
with a straw, ladies. Now ain't that awful? We've got 'sponsibilities
toward these foun'lings. I feels like a mother. If we sends 'em foolish
out in the world we'll be blamed. Our faithful matron says it's
unpossible to ketch rats an' mice. This little girl gets at the traps, an'
let's 'em go. She's a born rule-smasher!'
"Then she closed her mouth an' set down, an' the big lady sittin'
at the head o' the table pounded her hammer 'cause they all fell to
jabberin'. Says she, 'Will some lady make a commotion?' Then one
lady got up, an' she says, 'I remove that all animiles be decharged
from this 'stution.'
"'What about the chickings?' called out another lady. 'You must
declude them. This will go on record.' The other lady said, ''Scuse
me, I forgot the chickings. I'll mend my dissolution. I remove that all
quadruples be decharged from this 'stution.'

"That suited some, an' didn't suit t'others, an' there was a kind of
chally-vally. One lady said she's mend the mendment, an' then the
mam pressiding got kind o' mixy-maxy, an' said they'd better start all
over agin, 'cause she'd lose her way 'mong so many mendments.
After a long time, they got their ideas sot, an' they said that I was to
stay, but all the animiles was to go. I didn't snuffle nor nothin', but I
just said, 'Are you plannin' to kill that there dog?'

"The mam pressiding gave a squeal an' said, 'No, that would be
cruel. They would give the dog to some little feller who would be
good to him.' I said, 'Little fellers tie tin cans to dogs' tails'—an' then
they got mad with me an' said I was trespicious. Then I said, 'All
right,' 'cause what could I do agin a whole lot o' lady-boards? But I
made up my mind I'd have to work my way out of it, 'cause it would
kill that little dog to be took from me. So I run away."

Her story was done, and, closing her lips in dogged resolution, she
stared inquiringly at the young man. He was not going to withdraw
his protection from her, she saw that, but what would he direct her
to do next?
He was thoughtfully tapping his pipe against the fireplace, now he
was putting it in his pocket, and now he was going to speak.
"'TILDA JANE SAT LIKE A STATUE."
[Back to LOI]

"Little girl, you've started for Australia, and as I don't believe in

checking a raring, tearing ambition, I won't try to block you, exactly,
but only to sidetrack. You can't go to Australia bang off. It's too far.
And you haven't got the funds. Now I'll make a proposition. I've got
an old father 'most as cranky as that there dog. I guess if you're so
long-suffering with the animal, you'll be long-suffering with the
human. He needs some tidy body to keep his house trigged up, and
to wait on him, 'cause he's lame. He has an everlasting wrastle to
keep a housekeeper on account of this same flash-light temper. But I
guess from what I've seen of you, that you could fix him. And you'd
have a home which you seem to hanker for. And you could save your
money and start for Australia when you've put enough flesh on
those bones to keep you from blowing away into the sea and getting
lost. Starting would be convenient, for my father lives near the big
Canadian railway that is a round the world route. You can step
aboard the cars, go to the Pacific, board a steamer, and go on your
way to Australia. What do you say—is it a bargain?"
'Tilda Jane sat like a statue. The firelight danced behind her little,
grave profile that remained unchanged, save for the big tears rolling
slowly and deliberately down each thin cheek and dropping on the
faded dress. Only the tears and the frantically clasped hands
betrayed emotion.
"I guess it's a go," said the young man, kindly. "Here's my father's
address," and getting up he handed a card to her. "Hobart Dillson,
Ciscasset, Maine. I've got to make tracks now, but Mrs. Minley here
will put you on a train that comes by here in the morning, and all
you've got to do is to sit still in it, till you hear the conductor holler
Ciscasset. Then you hustle out and ask some one where Hobart
Dillson lives. When you get there, don't shake if he throws a crutch
at you. Just tell him you've come to stay, and I'm going to pay extra
for it. That'll cool him, 'cause he's had to pay a housekeeper out of
his own allowance up to this. The old boy and I don't rub along
together very sweet, but he knows the size of a dollar every time."
'Tilda Jane choked back the suffocating lump in her throat, and
gravely rose to her feet. "Sir, I'm as much obleeged to you as—"
Here she broke down.

"As you ought to be," he finished. "Don't mention it. I'm happy to
make your acquaintance. So long," and he politely held out two
fingers.
A vague terror seized the little girl. He had arranged everything for
her, and yet she had never since her escape felt so paralysed with
fear. Her beseeching eyes sought Mrs. Minley's face. The landlady
was smiling graciously at her, but the little girl's heart sunk. Quite
unknown to herself, she was a sharp reader of character. She was
losing her best friend in the fat young man.
"Take me with you," she gasped, suddenly clinging to his hand.
"Can't do that, sissy. I'm going back into the settlements—bad
roads, scattered houses. You'd freeze stiff. Better stay here with Mrs.
Minley. I'll run up to Ciscasset by and by to see you."
'Tilda Jane drew back in sudden, steely composure. She was
ashamed of herself. "I'm crazy," she said, shortly; "you've done
enough for me now. I'll take care of your father if he gets mad fifty
times a day."
Already she felt a sense of responsibility. She drew herself up with
dignity, and in sad, composed silence watched the young man leave
the room and the house. When the last faint sound of his sleigh-bells
had died away, she gave up her listening attitude, and turned
patiently to Mrs. Minley, who was saying with a yawn, "I guess you'd
better go to bed."

'Tilda Jane walked obediently toward her room, and Mrs. Minley,
seating herself on a chair in cold curiosity, watched her undress.
When the little girl knelt down to say her prayers, a feeble smile
illuminated the woman's face. However, she was still listless and
uninterested, until the latter portion of the petition.
"O Lord," 'Tilda Jane was praying earnestly, almost passionately,
"forgive me for all this sin an' 'niquity. I just had to run away. I
couldn't give up that little dog that thou didst send me. I'll live
square as soon as I get takin' care o' that ole man. Bless the matron
an' make her forgive me, an' bless all the lady-boards—Mis' Grannis
'specially, 'cause she'll be maddest with me. Keep me from tellin' any
more lies. Amen."
When 'Tilda Jane rose from her knees, Mrs. Minley's breath was
coming and going quickly, and there was a curious light in her eyes.
"Mrs. Grannis, did you say?" she asked, shortly. "Mrs. Grannis, over
Beaver Dam way?"
"Yes, ma'am."
"What has she got to do with the asylum?"
"She's the fust lady-board. She sits behind the table an' pounds
the hammer."

"And she'll be maddest with you?"

"Yes, ma'am. She says children has too much liberties."
"Hurry into bed," said Mrs. Minley, briefly, and taking up the lamp,
and without a word of farewell, she disappeared from the room.
'Tilda Jane cowered down between the cold sheets. Then she
stretched out a hand to touch the precious bundle on the chair by
her bed. And then she tried to go to sleep, but sleep would not
come.
CHAPTER IV.
UNSTABLE AS WATER.

A vague uneasiness possessed her. Ah, how happy would she be,
could she know that the young creamery man was sleeping under
the same roof! But he was speeding somewhere far away over the
snowy roads. However, she should see him again. He had said so,
and, with the hopefulness of youth, she sighed a happy sigh and,
closing her eyes tightly, listened to the various sounds about the
quiet house.

There must have been another arrival, for she heard doors
opening and shutting, and also the jingle of sleigh-bells. They were
strangely confused in her mind with the ringing of the rising-bell at
the orphan asylum, and she was just sinking into a dreamy
condition, a forerunner of sleep, when she heard a hard voice in her
ear.

"Get up an' dress, little girl."

She raised herself quietly from the pillow. There stood over her
the tall, gaunt woman whom she had heard Mrs. Minley address as
Ruth Ann. To her perturbed mind, there rose a vision of a graven
image from the Bible, as she stared at the woman's stony
countenance. She was standing shading a candle with her hand, and
her deep eyes were fixed in unmistakable compassion on the little
girl.
"Jump up," she repeated, "an' dress like sixty. You've got yourself
into a peck o' trouble."
'Tilda Jane had not a thought of questioning the wisdom of this
command. Something about the hard-faced woman inspired her with
confidence, and without a word she stepped out of bed, and began
rapidly putting on her clothes.
"I'll talk while you dress," said the woman, in a hard, intense
voice, and putting down the candle, "but, Lord, how can I say it all?"
There was a kind of desperation in her tone, although no trace of
emotion appeared on her face. 'Tilda Jane felt a strange kinship with
this reserved woman, and flashed her a sympathetic glance while
buttoning one of her stout and ugly garments.
Ruth Ann made a brief grimace. "Here I am," she said, with a
sudden burst of speech, "a middle-aged woman gettin' old. You're a
young one settin' out on life's journey. I'll never see you agin,
prob'bly. Let me give you a word—be honest, an' if you can't be
honest, be as honest as you can. You'll have no luck otherwise. You
may think you're havin' luck in bein' sly, but it's a kind o' luck that
turns to loss in the long run. There's that sister o' mine. She reminds
me o' Reuben in the Bible—'unstable as water thou shalt not excel.'
She's that deceitful that I should think she'd choke with it so she
couldn't breathe."
'Tilda Jane made no remark, but as she threw her dress over her
head her two black eyes scintillated wonderingly in the woman's
direction.
"Unstable," said Ruth Ann, bitterly. "I'd 'a' loved her if she'd been
honest, but it's always the same,—fair to the face, foul behind the
back. I've slaved for her an' waited on her, an' heard her praised for
work I've done, and seen young men oggle her, an' she oggle back,
an' I've never had an offer an' never will, an' sometimes I think I
hate her."

'Tilda Jane paused for an instant in her rapid dressing. This sisterly
repulsion was something unknown to her childish experience.
"Then when she gets sick from stuffin' herself, I'm feared, an'
think she's goin' to die, but she'll 'tend my funeral, an' cry an' look so
handsome that some ole Jack will pop the question on the way
home. Here, child, eat these while you dress," and she drew some
doughnuts from her pocket.

'Tilda Jane pushed them from her, with an involuntary movement

of dislike.
"You've turned agin me for turnin' agin my sister," said the
woman, bitterly. "Wait till you're treated as I am. An' let me tell you
what she's done to you. You made mention o' Mis' Grannis. Mis'
Grannis has got a mortgage on this house. Mis' Grannis lends her
money, Mis' Grannis is the god my sister bows down to. Do you think
she'd let you stand between her and Mis' Grannis? No—the minute
she heard you say Mis' Grannis would be pleased to git you back,
that minute she made up her mind to fool you and Hank Dillson that
she can't abide 'cause he ain't never asked her to stop bein' a
widow. So she made me help her hitch up, an' she's off on the wings
of the wind to tell her sweet Mis' Grannis to come an' git you; an'
just to fool her who is so cute at foolin' other folks, I made up my
mind to git you off. Now do you take it in?"
'Tilda Jane did take in this alarming bit of news, and for one
instant stood aghast. Then she resolutely fell to lacing on her shoes.
"You're gritty," said the woman, admiringly. "Now I'll tell you what
I've laid out. I'm goin' to guide you through the woods to the Moss
Glen Station. When we git mos' there, I'll skedaddle home an' to
bed, 'cause I don't want sister to find me out. Here's an extry pair o'
stockin's an' shoes to put on before you board the train. You'll git
yours full o' snow water. If all goes as I calc'late, you'll have time to
change 'em in the station. You don't want to git sick so you can't
stand up to that ole man. Here's a little tippet for your shoulders.
Dillson told sister to give you a shawl, but she'll not do it. An' he
paid her, too. Now come, let's start."
'Tilda Jane brushed her hand over her eyes, resolutely picked up
her dog, and followed her guide out to the kitchen.
Ruth Ann caught up a shawl, threw it over her head, and opened
the door. "My—it's black! I guess we'll have to take a lantern."

She turned back, fumbled in a corner of the kitchen, struck a light,

then rejoined 'Tilda Jane.
For some minutes they plodded on in silence. Then Ruth Ann said,
anxiously, "I don' know what I'll do if it don't snow. She'll track us
sure—me, big feet, an' you, smaller ones. Glory, it's snowin' now!"
A sudden wind had sprung up in the black, quiet night, and
whirled a few flakes of snow in their faces. Then the snow began to
fall from above, gently and quietly, flake by flake.
'Tilda Jane struggled along the heavy road in the wake of the tall
woman ahead. The small dog seemed to have grown larger, and lay
a heavy burden in her arms. Yet she uttered no word of complaint.
Her mind was in a whirl, and she gave no thought to physical
fatigue. What was she doing? Had she—a little girl—any right to give
so much trouble to grown people? Her actions were exactly in
opposition to every precept that had been instilled into her mind.
Children should be seen and not heard. Children should wait on
grown people. Children must not lie under any circumstances. They
must be obedient, truthful, honest, and uncomplaining. Perhaps she
ought to go back to the orphan asylum. She could stand punishment
herself—but her dog? They would make her give him up. Some boy
would get him. Boys were all mischievous at times. Could she
endure the thought of that little feeble frame subjected to torture?
She could not, and steeling her heart against the asylum, the
matron, and the lady managers, she walked on more quickly than
ever.
She would never forget that ghostly walk through the woods. The
narrow way wound always between high snow-laden sentinels of
trees. The sickly, slanting gleam of the lantern lighted only a few
steps ahead. Mystery and solemnity were all about her; the pure and
exquisite snow, on which they were putting their black-shod feet,
was to her the trailing robe of an angel who had gone before. The
large, flat snowflakes, showered on her erring head, were missives
from the skies, "Go back, little girl, go back."
"Lord, I can't go back," she repeated, stubbornly, "but I'll repent
some more, by and by. Please take away the sick feeling in the
middle of my stomach. I can't enjoy anythin'."
The sick feeling continued, and she gave Ruth Ann only a feeble
"yes," when she suddenly turned and threw the light of the lantern
on her with a brisk, "Don't you want to know what lie I'm goin' to
tell 'bout your leavin'?
"I'm not goin' to tell any lie," Ruth Ann continued, triumphantly. "If
you've got grace enough to hold your tongue, other folks'll do all
your lyin' for you. Sister'll come home, Mis' Grannis with her,
prob'bly. They'll go ravagin' in the spare room. They'll come ravagin'
out—'Ruth Ann, that young one's run off!' An' I'll be busy with my
pots an' pans, an' all I'll have to say is: 'Do tell!' or, 'Why, how you
talk!' An' sister'll rave an' tear, an' run round like a crazy thing, an'
look at Mis' Grannis out o' the corner of her eye."
Ruth Ann's shoulders shook with enjoyable laughter, but if she had
turned suddenly she would have seen a look of unmistakable disgust
flitting over the face behind her.
She did turn suddenly a few minutes later, but the look was gone.
"Here, give me that dog," she said, peremptorily.
The little girl protested, but the woman took him, and again they
plodded on in silence.
"Here we be," she said, after they had been walking for an hour
longer.
'Tilda Jane raised her head. The narrow road had abruptly
expanded into a circular clearing, and in the midst of the clearing
stood a small wooden building.

Ruth Ann walked up to it, handed 'Tilda Jane the dog and the
lantern, and put her hands on one of the diminutive windows.
It opened easily, and she ejaculated with satisfaction, "Just what I
thought. Come, crawl in here; the station agent's been here all the
evenin', an' the fire ain't quite out. You'll be as snug as a bug in a
rug. He'll be back at daylight agin, an' soon after your train'll come
along for Ciscasset. Don't you breathe a word to him 'bout me. Say
Mis' Minley brought you here, if he asks anythin'. Here's enough
money to buy your ticket. I ain't got much. Sister keeps me short,
an' she's took away with her what Hank Dillson give her for you.
Mind an' keep that card with his father's name pinned inside your
dress. Here's a lunch," and she produced a parcel from her pocket.
"Don't fret, sister can't git home much before breakfast, an' by that
time you'll be in Ciscasset, an' I guess they'll not follow you there.
She don't know the name o' the place, anyway. She didn't take no
'count when Hank mentioned it, an' when she asked me, you'd
better believe I forgot it, too."
'Tilda Jane scrambled through the window, and, upon arriving
inside, turned around and gravely shook hands with her guide. "I
guess I sha'n't forgit this."
"Don't you take no pains to remember it before sister," said the
woman, with a chuckle, "if you don't want me to live an' die in hot
water. Good luck to you. Shut the winder, an' put a stick on the fire,"
and she strode off through the snow.
'Tilda Jane shuddered. She was not a nervous child, yet the
knowledge that she was alone in a forest pressed and bore down
upon her. However, she was out of the increasing storm. She had got
her guilty feet off that angel's trailing robe, and the little letters from
heaven were not dashing in her face, nor was there any danger now
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

ebookmasss.com

As24 PDF
No ratings yet
As24 PDF
935 pages
BurpSuite Bootcamp v1
100% (1)
BurpSuite Bootcamp v1
111 pages
T-Mobile Data Breach Coursera Assignment
100% (1)
T-Mobile Data Breach Coursera Assignment
6 pages
GE IFIX - Understanding IFIX 5.8 SP2
No ratings yet
GE IFIX - Understanding IFIX 5.8 SP2
202 pages
System Audit Report Template
No ratings yet
System Audit Report Template
16 pages
SWIFT Mapping Security Controls
100% (2)
SWIFT Mapping Security Controls
22 pages
[Ebooks PDF] download Principles of Computer Security: CompTIA Security+ and Beyond 2nd edition Edition Conklin full chapters
No ratings yet
[Ebooks PDF] download Principles of Computer Security: CompTIA Security+ and Beyond 2nd edition Edition Conklin full chapters
41 pages
Download Complete Principles of Computer Security: CompTIA Security+ and Beyond Conklin PDF for All Chapters
No ratings yet
Download Complete Principles of Computer Security: CompTIA Security+ and Beyond Conklin PDF for All Chapters
55 pages
Principles of Computer Security: CompTIA Security+ and Beyond Conklin download pdf
100% (3)
Principles of Computer Security: CompTIA Security+ and Beyond Conklin download pdf
55 pages
Principles of Computer Security: CompTIA Security+ and Beyond Conklin All Chapter Instant Download
No ratings yet
Principles of Computer Security: CompTIA Security+ and Beyond Conklin All Chapter Instant Download
53 pages
Get Principles of Computer Security: CompTIA Security+ and Beyond Conklin PDF ebook with Full Chapters Now
100% (1)
Get Principles of Computer Security: CompTIA Security+ and Beyond Conklin PDF ebook with Full Chapters Now
62 pages
Forticlient Ems 7.2.4 Release Notes
100% (1)
Forticlient Ems 7.2.4 Release Notes
22 pages
Forticlient Ems 7.0.9 Release Notes
No ratings yet
Forticlient Ems 7.0.9 Release Notes
22 pages
Forticlient Ems 7.2.0 Release Notes
No ratings yet
Forticlient Ems 7.2.0 Release Notes
25 pages
forticlient-ems-7.2.0-release-notes
No ratings yet
forticlient-ems-7.2.0-release-notes
25 pages
Forticlient Ems 7.0.7 Release Notes
No ratings yet
Forticlient Ems 7.0.7 Release Notes
24 pages
Forticlient Ems 7.0.11 Release Notes
No ratings yet
Forticlient Ems 7.0.11 Release Notes
18 pages
Forticlient Ems 7.2.2 Release Notes
No ratings yet
Forticlient Ems 7.2.2 Release Notes
26 pages
Forticlient Ems 7.2.0 Release Notes
No ratings yet
Forticlient Ems 7.2.0 Release Notes
25 pages
Forticlient 7.2.4 Windows Release Notes
No ratings yet
Forticlient 7.2.4 Windows Release Notes
34 pages
Resources: Common Tool List Memory Acquisition Tools
100% (1)
Resources: Common Tool List Memory Acquisition Tools
12 pages
Setting Up The Environment
100% (1)
Setting Up The Environment
170 pages
TIB Ems 10.3.0 Installation
No ratings yet
TIB Ems 10.3.0 Installation
25 pages
Mic Misp Config Guide
No ratings yet
Mic Misp Config Guide
15 pages
Ontap SMB Vul CVE 2023
No ratings yet
Ontap SMB Vul CVE 2023
8 pages
Python Lab Manual. 16861263287310
No ratings yet
Python Lab Manual. 16861263287310
26 pages
Forticlient 7.0.0 Windows Release Notes
No ratings yet
Forticlient 7.0.0 Windows Release Notes
19 pages
Siemens Cellular Engine: Java User's Guide
No ratings yet
Siemens Cellular Engine: Java User's Guide
6 pages
Antivirus All Plataforms November 2014
No ratings yet
Antivirus All Plataforms November 2014
44 pages
TIA PRO1 00 Register
No ratings yet
TIA PRO1 00 Register
1 page
IPLManualV1 0
No ratings yet
IPLManualV1 0
29 pages
rsa_nw_11.5_endpoint_install_guide
No ratings yet
rsa_nw_11.5_endpoint_install_guide
17 pages
informix
No ratings yet
informix
32 pages
Instant Download Java Network Programming Fourth Edition Harold Elliotte PDF All Chapters
100% (6)
Instant Download Java Network Programming Fourth Edition Harold Elliotte PDF All Chapters
65 pages
Ovation 9 Installation Guide
No ratings yet
Ovation 9 Installation Guide
40 pages
Learning Swift Building Apps for macOS iOS and Beyond 3rd Edition Jonathon Manning instant download
100% (3)
Learning Swift Building Apps for macOS iOS and Beyond 3rd Edition Jonathon Manning instant download
61 pages
Raspberry Pi Analog To Digital Converters
No ratings yet
Raspberry Pi Analog To Digital Converters
21 pages
IBM Universe Intrcall
No ratings yet
IBM Universe Intrcall
208 pages
Cisco_civs_ipc2500
No ratings yet
Cisco_civs_ipc2500
82 pages
Web Application Security
No ratings yet
Web Application Security
40 pages
PCNSE Exam Questions
No ratings yet
PCNSE Exam Questions
6 pages
Where can buy Cloud Foundry the definitive guide develop deploy and scale First Edition Winn ebook with cheap price
No ratings yet
Where can buy Cloud Foundry the definitive guide develop deploy and scale First Edition Winn ebook with cheap price
51 pages
Release Notes: Forticlient Ems 7.0.2
No ratings yet
Release Notes: Forticlient Ems 7.0.2
20 pages
2021-08-31 - Bassterlord (FishEye) Networking Manual (X)
No ratings yet
2021-08-31 - Bassterlord (FishEye) Networking Manual (X)
63 pages
Tutorial Radmin
No ratings yet
Tutorial Radmin
28 pages
forticlient-ems-7.4.1-release-notes
No ratings yet
forticlient-ems-7.4.1-release-notes
19 pages
Manual Rmtools v65 en
No ratings yet
Manual Rmtools v65 en
42 pages
Using Nmap On Windows
No ratings yet
Using Nmap On Windows
7 pages
Top 15 Free Hacking Tools For Ethical Hackers
No ratings yet
Top 15 Free Hacking Tools For Ethical Hackers
11 pages
Simple MIS Documentation: Release 0.0.6
No ratings yet
Simple MIS Documentation: Release 0.0.6
19 pages
How To Install Usbasp Driver in Windows 8.1 and Windows 10
No ratings yet
How To Install Usbasp Driver in Windows 8.1 and Windows 10
12 pages
[FREE PDF sample] Java Network Programming Fourth Edition Elliotte Rusty Harold ebooks
100% (7)
[FREE PDF sample] Java Network Programming Fourth Edition Elliotte Rusty Harold ebooks
60 pages
Forticlient 6.4.0 Macos Release Notes
No ratings yet
Forticlient 6.4.0 Macos Release Notes
17 pages
Adden-B-Installing - OMV5 - On - An R-PI
No ratings yet
Adden-B-Installing - OMV5 - On - An R-PI
19 pages
(Ebook) Java Network Programming by Harold, Elliotte ISBN 9781449357672, 1449357679 All Chapters Instant Download
100% (6)
(Ebook) Java Network Programming by Harold, Elliotte ISBN 9781449357672, 1449357679 All Chapters Instant Download
67 pages
SOC Workflow CE Guide v.3.7.4
No ratings yet
SOC Workflow CE Guide v.3.7.4
20 pages
SPIM Smulator
No ratings yet
SPIM Smulator
27 pages
FortiGate Connector For Cisco ACI
No ratings yet
FortiGate Connector For Cisco ACI
42 pages
Curso Python
No ratings yet
Curso Python
159 pages
PIC Programmer
100% (1)
PIC Programmer
40 pages
TCON300
No ratings yet
TCON300
722 pages
Programming the Raspberry Pi, Second Edition: Getting Started with Python
From Everand
Programming the Raspberry Pi, Second Edition: Getting Started with Python
Simon Monk
No ratings yet
PC Interfacing Pocket Reference
From Everand
PC Interfacing Pocket Reference
Myke Predko
No ratings yet
Spoofing
No ratings yet
Spoofing
21 pages
sy0-701_8
No ratings yet
sy0-701_8
13 pages
Thinking Cap 21 CFR Assessment
No ratings yet
Thinking Cap 21 CFR Assessment
5 pages
IAA202 Lab2 SE140810
No ratings yet
IAA202 Lab2 SE140810
3 pages
3-_0417_s20_ms_11
No ratings yet
3-_0417_s20_ms_11
1 page
TOP 30 Cybersecurity: Companies in Silicon Valley
No ratings yet
TOP 30 Cybersecurity: Companies in Silicon Valley
12 pages
h11561 Data Domain Encryption WP
No ratings yet
h11561 Data Domain Encryption WP
15 pages
Unit 2
No ratings yet
Unit 2
17 pages
Everything Administrators Need To Know About Windows Password Security
100% (3)
Everything Administrators Need To Know About Windows Password Security
19 pages
Kubernetes Final Report
No ratings yet
Kubernetes Final Report
117 pages
Pishing
No ratings yet
Pishing
8 pages
VPN Interview Questions and Answers
No ratings yet
VPN Interview Questions and Answers
7 pages
Amazon CLF c02 Dumps by Mcknight 24-05-2024 5qa Actualtestdumps
No ratings yet
Amazon CLF c02 Dumps by Mcknight 24-05-2024 5qa Actualtestdumps
10 pages
CH 03 Modified
No ratings yet
CH 03 Modified
70 pages
ECCouncil 312-50v11 v2021-10-09 q183
No ratings yet
ECCouncil 312-50v11 v2021-10-09 q183
77 pages
Class 8 Notes
No ratings yet
Class 8 Notes
6 pages
Kali Linux For Learning Hands On Security: The Quieter You Become, The More You Can Hear
No ratings yet
Kali Linux For Learning Hands On Security: The Quieter You Become, The More You Can Hear
21 pages
PrimeKey EJBCA Integration Guide
No ratings yet
PrimeKey EJBCA Integration Guide
34 pages
PQXDH
No ratings yet
PQXDH
16 pages
Biometric Service Provider (BSP) : John "Jack" Callahan Veridium
No ratings yet
Biometric Service Provider (BSP) : John "Jack" Callahan Veridium
20 pages
Cyber Security Course in Kochi – Everything You Need to Know
No ratings yet
Cyber Security Course in Kochi – Everything You Need to Know
10 pages
IPsec Pico 8112 Commissioning Guide
No ratings yet
IPsec Pico 8112 Commissioning Guide
6 pages
1-Network Security
No ratings yet
1-Network Security
10 pages
The Ultimate Guide To Privilege Escalation and Prevention in 2021
No ratings yet
The Ultimate Guide To Privilege Escalation and Prevention in 2021
11 pages
ECC CFA Exam Objectives
No ratings yet
ECC CFA Exam Objectives
1 page
Configure SSL Mastertheboss
No ratings yet
Configure SSL Mastertheboss
12 pages
Module 02 - Cybersecurity For Everyone
No ratings yet
Module 02 - Cybersecurity For Everyone
88 pages