personal internet self defense 2004

CIA XXIIICIA XXIIICopyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.

Personal Internet Self-Defense 2003: Personal Internet Self-Defense 2003: Security and Privacy for the New MillenniumSecurity and Privacy for the New Millennium

Robert C. Jones, M.D.Robert C. Jones, M.D.

LtCol, USAF, Medical CorpsLtCol, USAF, Medical Corps

Staff Anesthesiologist Staff Anesthesiologist

Andrews Air Force Base, MarylandAndrews Air Force Base, Maryland

E-mail: [email protected]: [email protected]

Web site: http://notbob.comWeb site: http://notbob.com


Disclaimer/Disclosure

This talk represents my own views, not those of the USAF, the DoD, or anyone else.

I am a Microsoft shareholder. I am a Palm shareholder.

Far from a controlling interest in either! Nobody paid me anything to write or present this. The opinions/content on external URLs belong to

the authors, not myself, the USAF, or the DoD.

CIA CIA XXIIIIIXXIIIII

Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.

Do you feel like this?



The Dirty Truth:

““Internet technologies are not designed to be secure. Internet technologies are not designed to be secure. They're designed to be interactive... They're designed to be interactive...

...we as consumers are not taking the ...we as consumers are not taking the responsibility...to learn basics about using this stuff” responsibility...to learn basics about using this stuff”

Russ Cooper, editor of the NT Bugtraq mailing list (www.securityadvice.com), inRuss Cooper, editor of the NT Bugtraq mailing list (www.securityadvice.com), in http://cnn.com/TECH/computing/9909/28/ms.security.idg/index.htmlhttp://cnn.com/TECH/computing/9909/28/ms.security.idg/index.html

You can’t afford perfect security

““The only secure computer is one that is The only secure computer is one that is unplugged, locked in a secure vault that unplugged, locked in a secure vault that only one person knows the combination only one person knows the combination to, and that person died last year.”to, and that person died last year.”

Eckel, G and Steen, W., Eckel, G and Steen, W., Intranet WorkingIntranet Working, New Riders, 1996, p. 419, New Riders, 1996, p. 419CIA XXIIICIA XXIIICopyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.

...but can you really afford this?



What this talk is about

Basic Internet self-defense for average users

How to protect your privacy on the internet

Where to learn more about Net security

My own personal opinions (not the USAF)


What this talk is NOT about

Advanced intrusion detection and response

How to hide nuclear secrets behind photocopiers

Advanced TCP/IP networking and protocols

Anyone else’s opinions (especially the USAF)


What is Internet Security?

For that matter, what is the Internet?

Mail2News

http logon to web e-mail service

newsreader

web2mail



“Information protection is not a technology issue. It is a people issue and therefore the people need to be educated.”

Geza Szenes CISSP, Geza Szenes CISSP, Computer Security Awareness: A Case StudyComputer Security Awareness: A Case Study, SANS 99, SANS 99http://www.sans.org/newlook/misc/Final_szenes.pdf

Personal Internet Self-Defense 2003Personal Internet Self-Defense 2003


What do people need?

Maslow’s Hierarchy of NeedsMaslow’s Hierarchy of Needs

Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIIICIA XXIII

Basic Security NeedsBasic Security Needs

Workstation NeedsWorkstation Needs

Privacy NeedsPrivacy Needs

ConfidenceConfidence

GuruGuru

The Security PyramidThe Security Pyramid



Physical Security 2003

Theft (especially portables)



Theft (especially portables)locks, vigilance in airport X-ray lines/queues




Electrical problemsUPS protects against brownouts & surges




Electrical problems

Lack of reliable current backupBackup regularly to reliable media; net backup




Electrical problems

Lack of reliable current backup

C & C: Coffee and CatsDon’t drink and compute; keep fans clean


Passwords 2003

Pick Good Passwords

Avoid Bad Passwords

Protect Passwords

Change Passwords


Passwords 2003

Good PasswordsAt least 8 characters (more if possible)Mix of capital and small lettersMix of letters and numbersAt least one special character ($#@!*^*)Based on complex passphrase

– tB0ntB?t1stFq!


Passwords 2003

Bad PasswordsAnything having to do with you

– Any part of your social security number– Your birthday– Your kids’ birthdays– Relating to your hobbies

Less than 8 charactersAnything in a dictionaryFictional characters (Gandalf, Frodo, Bilbo)


Passwords 2003

Pick Good Passwords

Avoid Bad Passwords

Protect PasswordsDon’t share them, don’t write them down


Passwords 2003

Pick Good Passwords

Avoid Bad Passwords

Protect Passwords

Change PasswordsChange is good; automatic change is better?

Too frequent change = bad passwordsToo frequent change = bad passwords


Antivirus Defense 2003

Install antivirus software FIRST

Update antivirus software regularly

Check for Operating System (OS) patches monthly (more frequently if serious security holes arise)

Scan all downloaded files and attachmentsBeware of viruses, trojans, spyware…


Terms of Endangerment

Virus: Self-replicating computer code with variable adverse effect (“payload”) [Example: Melissa macro virus]

Trojan: Sneaky program which, once activated by user, causes harm to computer, privacy, or both [Example: Back Orifice 2000 (BO2K)]

Spyware: Programs that connect to internet and report personal data regarding user [Example: RealNetworks Jukebox]





Check for Operating System (OS) patches monthly (more frequently if serious security holes arise)

Scan all downloaded files and attachmentsBeware of viruses, trojans, spyware…


Blaster Worm (2003)

Blaster-B variant exploits hole in MS Windows XP and 2000 (DCOM RPC)

Patch had been available for weeks…people just never bother to patch their systems!

ALL Operating Systems (OSes) need to be patched frequently to plug security holes (yes, even Linux!)

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.htm l l

Jeffrey Lee Parsons, alleged Blaster Jeffrey Lee Parsons, alleged Blaster Variant B creatorVariant B creator

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.htm





Patch your OS at least monthly

Scan all downloaded files and attachments

(Radical) Disable M$ Outlook/Outlook Express


MS Outlook = Danger!

““I'm on record as saying that Outlook is I'm on record as saying that Outlook is a security hole that also happens to be a security hole that also happens to be an e-mail client.” an e-mail client.”

Steven J. Vaughan-NicholsSteven J. Vaughan-NicholsZDNet NewsZDNet NewsMay 4, 2000May 4, 2000

http://www.zdnet.com/sp/stories/column/0,4712,2562098,00.html

http://www.zdnet.com/sp/stories/column/0,4712,2562098,00.html


The Melissa VirusThe Melissa Virus

E-mailProductivity Suite integration exploit

Yet another...Yet another...


Browser Security 2003

Disable routine ActiveX and Java/Javascript


How Secure is ActiveX?How Secure is ActiveX?

“The problem with ActiveX security, The problem with ActiveX security, according to analysts, developers, and according to analysts, developers, and IS managers alike, is that IS managers alike, is that there is no there is no security with ActiveX.security with ActiveX.””

--Paul Festa, CNET News.com, 18 Feb 98http://news.cnet.com/news/0-1003-201-326605-0.html

http://news.cnet.com/news/0-1003-201-326605-0.html



Disable ActiveX and Java/Javascript

Use the maximum security setting you can stand

MSIE 4.72.xMSIE 4.72.x

CIA XXIIICIA XXIII

(note: Fixed in MSIE versions 5.x)(note: Fixed in MSIE versions 5.x)Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.

How to tell when your browser settings are correct...How to tell when your browser settings are correct...






Upgrade encryption to 128 bits minimum40 bits is standard…and insecure.


How to check your encryption strength





Upgrade encryption to 128 bits minimum

Update browser regularly to get bug fixes But beware of version X.0 of anything


Don’t be an unpaid beta tester!

“Time to market and functionality always beat out security. Always. Always.”

--David Bradley, UC Berkeley, 25 August 99


Privacy 2003: Endangered Species

“You have zero privacy now. Get over it.”

-- SUN CEO Scott McNealy, February 99, when asked by a reporter about Jini’s tracking of users across networks


Privacy 2003: Endangered Species

“Like murder, privacy invasion is most frequently committed by those close to us.”

--Rob Jones, M.D., Dec 1999


Privacy 2003: Basic

Assume workplace internet use is monitored


Privacy 2003: Basic

Assume workplace internet use is monitoredE-mail, surfing should be boss/CEO-acceptable


Privacy 2003: Basic


Beware of prying eyes“Shoulder-surfing” on airplanes, ATM machines


Privacy 2003: Basic


Beware of prying eyes

Lock your workstation when you are away Password-protected screen saver or log off


Privacy 2003: Basic


Beware of prying eyes

Lock your workstation when you are away

Password-protect sensitive documentsNot cracker-proof, but will deter average snoop


Privacy 2003: Advanced

Use strong encryption for sensitive information PGP, RSA, IDEA, Blowfish (DES is cracked)

fromfrom Introduction to Cryptography Introduction to Cryptography, Network Associates, 1999, Network Associates, 1999Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIIICIA XXIII

“The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely.”

Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIIICIA XXIIIfromfrom Introduction to Cryptography Introduction to Cryptography, Network Associates, 1999, Network Associates, 1999



Use strong encryption for sensitive information

Con your OS (GUID, ComputerName,Workgroup)Pleased to meet you. Hope you guess my name.

Office 97 and the Personal ID/Global User ID...Office 97 and the Personal ID/Global User ID...

get the fix here: get the fix here: http://officeupdate.microsoft.com/Articles/privacy.htm

Unique number derived, in part, from network card MAC addressUnique number derived, in part, from network card MAC address




Con your OS (GUID, ComputerName,Workgroup)

Nuke intrusive information on your hard driveCookies and History and Cache, oh my!


Cookies are bad for your wealth




Con your OS (GUID, ComputerName,Workgroup)

Nuke intrusive information on your hard drive

Use anon proxies for private web browsing ZKS Freedom, Anonymizer, etc.


How anon proxy servers work

Web Server XWeb Server XAnon Proxy ServerAnon Proxy ServerYour computerYour computer

““this is this is joeschmoe@[email protected]”joesisp.com”

““this is this is nobody@ nobody@ anonproxy.anonproxy.net”net”

Web page Web page

+ cookies+ cookies

Web page Web page

- cookies- cookies


Turn off file and print sharing

•unless you want the Internet to be your LANunless you want the Internet to be your LAN

•Especially important with cable modem or xDSLEspecially important with cable modem or xDSL

oh, one more thing...oh, one more thing...


What is spam?

Not the Hormel® Luncheon Meat (SPAM™)

Unsolicited Bulk e-mail

Junk Usenet posts

(New) Instant Messaging spam


Why spam is bad.

"Spamming is the scourge of electronic-mail and newsgroups on the Internet. ... Spammers are, in effect, taking resources away from users and service suppliers without compensation and without authorization."

-- Vint Cerf, Senior Vice President, MCIand (unlike Al Gore) acknowleged "Father of the Internet”, as quoted on http://www.cauce.org/problem.html


This is your Inbox


This is your Inbox with e-mail


This is your Inbox with spam

Job OfferJob Offer

Love letter from Love letter from Salma Hayek Salma Hayek


Spam = Theft!

Key aspect is unauthorized theft of servicesbandwidth, hard dive space, per-minute costs, time


Spam = Theft!

Key aspect is unauthorized theft of services

Costs shifted to recipients, not sendersUnlike junk snail mail; 47 USC 227: no junk faxes


Spam = Theft!

Key aspect is unauthorized theft of services

Costs shifted to recipients, not senders

Content neutral…not a freedom of speech issue!Violation of Acceptable Use Policies/TOSesViolation of U.S. state laws (WA, VA…)Violation of Austrian federal law

– http://www.pcwelt.de/ausgabe/99_07/n090799011.HTM


Anti-Spam 2003

[email protected]


Anti-Spam 2003

Munge

FilterE-mail filter rules; Usenet killfiles; IRC #ignore


Anti-Spam 2003

Munge

Filter

Use throwawaysGet free e-mail accounts for net registrations


Anti-Spam 2003

Munge

Filter

Use throwaways

ComplainE-mail spammers’ ISPs; be polite to sysops


What is a firewall?


Beaumaris CastleBeaumaris Castle

Ynys MônYnys Môn

Cymru Cymru


What is a firewall?

Firewalls are like medieval moats:

Restrict people to entering at one controlled pointPrevent attackers from getting close to your other defensesRestrict people to leaving at one controlled point

--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, p 17--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, p 17

port 25 (smtp)

port 8080 (http)

port 119 (nntp)

port 6667 (IRC)

port 23 (telnet)

TCP/IPHi, I’m 102.74.145.234 Hello, I’m 214.90.1.43

Everyday computer conversations use many “ports”CIA XXIIICIA XXIIICopyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.

port 8080 (http)

FirewallFirewall Your computerYour computer

port 6667 (IRC)

Firewalls implement your security decisionsFirewalls implement your security decisions

port 25 (smtp)port 25 (smtp)



What a Firewall Can Do

Serves as focus for security decisions

Enforces security policy

Logs internet activity efficiently

Limits damage to your network

--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20


What a Firewall Can’t Do

Can’t protect against insiders

Can’t protect you against connections that don’t pass through it

Can’t protect against completely new threats

Can’t protect you from viruses/trojans--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20--Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20

CIA XXIIICIA XXIII

Firewalls can’t protect you from SE!Firewalls can’t protect you from SE!((SSocial ocial EEngineering)ngineering)

Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.


Do you need a firewall?

Home user vs. Business user




Dynamic internet IP address vs. Static IP address





Unix/Linux OS vs. any flavor of Windows





Unix/Linux OS vs. any flavor of Windows

Dialup modem vs. always-on Broadband

CIA XXIIICIA XXIII

Fat pipes make juicy targets!Fat pipes make juicy targets!

Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.


Types of Firewalls

Software

Hardware


Types of Firewalls

SoftwareNetworkICE BlackICE DefenderZonelabs ZoneAlarm (free for personal use)Norton Internet Security 200xOthers…

Hardware

BlackICE Defender attack list (against my dialup sessions)BlackICE Defender attack list (against my dialup sessions)


Automatic reverse IP address lookup on attacker reveals...Automatic reverse IP address lookup on attacker reveals...


Zonelabs ZoneAlarm (freeware for personal use)Zonelabs ZoneAlarm (freeware for personal use)


Zonelabs ZoneAlarm Alert ExampleZonelabs ZoneAlarm Alert Example



NOTE:NOTE:

As of January, 2002, ZoneAlarm (not Black ICE) is the only As of January, 2002, ZoneAlarm (not Black ICE) is the only leading software firewall that looks at OUTGOING packets leading software firewall that looks at OUTGOING packets from your machine (thus catching Trojans, spyware, and from your machine (thus catching Trojans, spyware, and backdoors installed by your ISP’s software)backdoors installed by your ISP’s software)

On the other hand, BlackICE tracks attackers back through On the other hand, BlackICE tracks attackers back through the Net…freeware ZoneAlarm doesn’t (although the upgrade, the Net…freeware ZoneAlarm doesn’t (although the upgrade, ZA Pro, does)ZA Pro, does)

Updated 10 Jan 02Updated 10 Jan 02


Types of Firewalls

Software

HardwareSonicWall Watchguard SOHOYour own Linux box with custom ipchains…etc.


Remember…

A poorly-administered firewall is worse than none at all!

From comp.security.firewalls newsgroup:"JArelXXXX" <[email protected]> wrote in message

news:[email protected]...

> The company I work for is evaluating the possibility of outsourcing the

> administration of the Firewall\VPN…

> I have just been appointed responsability (sic) of administering their firewall,

> however they do not want to send me to any type of training. They feel

> that once I get the training I will leave.


Continuing Security Education 2003

Friends?



Friends?The worst source. Virus hoaxes and urban

legends galore



Friends?

3-Space Mass Media?



Friends?

3-Space Mass Media?24 hours to 3 months behind; Generally

clueless with regard to non-web Net events



Friends?

3-Space Mass Media?

Books?Excellent source for fundamentals; usually 1-5 years behind


The Tao of Network Security

1994-1999:1994-1999:

Information Information AccessAccess


The Tao of Network Security

1994-1999:1994-1999:

Information Information AccessAccess

2000-2005:2000-2005:

Information Information DenialDenial


Security 2004 Preview


Online Resources

Physical Security•Targus (notebook locks, alarms): http://www.targus.com/

•American Power Conversion (UPS): http://www.apc.com/

•TrippLite (UPS) : http://www.tripplite.com/

•Iomega (backup hardware, software): http://www.iomega.com/

•Castlewood (backup hardware, software): http://www.castlewood.com/

•Xdrive (online backup): http://www.xdrive.com/

•iBackup (online backup): http://www.ibackup.com/


Online Resources

Password Security•Picking good passwords

http://www.itis.gatech.edu/doc/passwd.html

http://www.alw.nih.gov/Security/Docs/passwd.html

Top 10 Bad passwords

http://www.knowledgeclicks.com/security/articles/11999/top10badpasswords.htm


Online Resources

Antivirus Security

•Symantec Antivirus Research Center: http://www.sarc.com/

•McAfee Antivirus Center: http://www.mcafee.com/centers/anti-virus/

•Aladdin E-safe Antivirus/Firewall: http://www.aladdin.co.il/

•Qualcomm Eudora E-mail: http://www.eudora.com/


Online Resources

Browser Security

•Microsoft IE: http://www.microsoft.com/windows/ie/default.htm

•Microsoft Security Advisor: http://www.microsoft.com/security/default.asp

•Netscape Communicator: http://www.netscape.com/download/index.html

•Opera: http://www.opera.com/

•Sam Spade for Windows: http://samspade.org/ssw/

•Check your security with Shields Up! http://grc.com/default.htm


Online Resources

Privacy Protection•The Electronic Frontier Foundation: http://www.eff.org/

•EPIC: http://www.epic.org/privacy/tools.html

•PGP: http://www.pgp.com/

NSClean/IEClean: http://www.nsclean.com/

Microsoft Hotmail (for throwaways): http://www.hotmail.com/

Anonymizer: http:/www.anonymizer.com/

Zero Knowledge Systems Freedom: http://www.freedom.net/

Hushmail: http://www.hushmail.com/


Online Resources

Anti-Spam Activism

•Junkbusters: http://www.junkbusters.com/

•Spam.abuse.net: http://spam.abuse.net/

•Coalition Against Unsolicited Commercial E-mail: http://www.cauce.org/

•F.R.E.E.: http://www.spamfree.org/

The Spam-L FAQ: http://oasis.ot.com/~dmuth/spam-l/

The E-mail Spam FAQ: http://ddi.digital.net/~gandalf/spamfaq.html

The Munging FAQ: http://members.aol.com/emailfaq/mungfaq.html


Online Resources

Learning the Lingo (Usenet, IRC, IM)

•news.announce.newusers: http://www.netannounce.org/news.announce.newusers

•The Net-Abuse FAQ: http://www.cybernothing.org/faqs/net-abuse-faq.html

•mIRC IRC FAQ: http://www.mirc.com/ircintro.html

•NewIRCusers.com: http://www.newircusers.com/

•ICQ IM Security: http://www.icq.com/features/security/

•IM Security: http://www.pcmag.com/article2/0,4149,1217889,00.asp


Online Resources

Firewalls

•Symantec Norton Internet Security: http://www.symantec.com/

•ZoneLabs ZoneAlarm: http://www.zonelabs.com/

•Internet Firewalls FAQ: http://www.interhack.net/pubs/fwfaq/

•Keeping your site comfortably secure: an introduction to internet firewalls: http://cs-www.ncsl.nist.gov/publications/nistpubs/800-10/

•Some Hardware Firewall Vendors: http://www.thegild.com/firewall/

•Linux Firewall HOWTO: http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html


Online Resources

Continuing Security Education

•The SANS Institute: http://www.sans.org/

•Internet Storm Center: http://isc.sans.org/

•C|Net News.com: http://news.com.com/ (follow security tab)

•AntiOnline: http://www.antionline.com/index.php

•ISTS: http://news.ists.dartmouth.edu/

•ISS X-Force: http://xforce.iss.net/

•2600: http://www.2600.com/


Offline Resources

Books/Articles

Cheswick, WR, Bellovin, SM, Firewalls and Internet Security: Repelling the Wily Hacker, New York: Addison-Wesley Publishing Company 1994. ISBN 0-201-63357-4

Gilster, Paul, Finding it on the Internet, New York: John Wiley & Sons, Inc., 1994. ISBN 0-471-03857-1

Wolff , Michael (ed.), Your Personal Netspy: How You Can Access the Facts and Cover Your Tracks Using the Internet and Online Services, New York: Wolff New Media LLC, 1996. ISBN 0-679-77029-1


Offline Resources

Books/Articles Knightmare, The, Secrets of a Super Hacker, Port Townsend, WA: Loompanics Unlimited, 1994. ISBN 1-55950-106-5

Zimmerman, Philip R., The Official PGP User's Guide, Cambridge, Mass: M.I.T. Press, 1996. ISBN 0-262-74017-6

Wayner, Peter, Disappearing Cryptography: Being and Nothingness on the Net, Boston: Academic Press Professional, 1996. ISBN 0-12-738671-8

O'Malley, Chris, Snoops: Welcome to a small town called the internet, where everyone knows your business, Popular Science, Jan 97, p. 56


Offline Resources

Books/Articles

Schwartz, Alan and Garfinkel, Simson, Stopping Spam, Cambridge: O’Reilly, 1998. ISBN 1-56592-388-X

Communications of the ACM 42(7), July 1999, various authors: Defensive Information Warfare

Communications of the ACM 42(2), Feb. 1999, various authors: Internet Privacy: the Quest for Anonymity

Honeycutt, Jerry; Pike,Mary Ann, et al., Special Edition: Using the Internet, 3rd Edition, Indianapolis, IN: Que® Corporation, 1996. ISBN 0-7897-0846-9


Offline Resources

Books/Articles

Weiss, Aaron, The Complete Idiot's Guide to Protecting Yourself on the Internet, Indianapolis, IN: Que® Corporation, 1995. ISBN 1-56761-593-7

Griffith, Samuel B.(trans), Sun Tzu: The Art of War, New York: Oxford University Press, 1963 ISBN 0-19-501476-6

Lane, Carole A, Naked in Cyberspace: How to Find Personal Information Online, Wilton, CT: Pemberton Press c/o Online Inc., 1997 ISBN 0-910965-17-X


Offline Resources

Books/Articles

Chapman, D. Brent and Zwicky, Elizabeth D., Building Internet Firewalls, Sebastopol, CA: O'Reilly & Associates, 1995. ISBN 1-156592-124-0

Icove, David, Seger, Karl, and VonStorch, William, Computer Crime: A Crimefighter's Handbook, Sebastopol, CA: O'Reilly & Associates, 1995. ISBN 1-56592-086-4

Anonymous, Maximum Security, Second Edition, Indianapolis: Sams, 1998. ISBN 0-672-31341-3

personal internet self defense 2004

Business

cia xxiiiii copyright

security pyramid cia

new millennium robert

internet security

physical security

bad passwords

computer security awareness

social security number