Computers are among the three best things there are. Advances in computing technologies have helped slash the cost of processing business orders by well over 90 percent. Using a computer to do banking on the Internet for instance, costs the banking industry less per transaction instead of millions of dollars by traditional methods. IT is now integral to most organizational operations and transactions as corporate assets relocates from brick and mortar to bits and byte.
A vast majority of corporate intellectual properties, sensitive client information and valuable trade secrets are now stored in digital format thus making network security a top priority against economically motivated efforts to infiltrate an organization’s network.
However, very few individuals and organizations bother to look at the security implications of using computer language to transact on the Internet. As we know, the Internet is a fragile ecosystem, or if you like, a shapeless community. Unfortunately, there is a lot to fear, as the number of predators on the Internet is fast outweighing innocent users.
These people spend sleepless nights hacking into switches to steal money by sending hundreds of thousands of scam mails on daily basis. They search for preys online and have suddenly become notorious impersonators in various chat forums attached to email clients in the cyber world.
The sadder story is that these crackers, spammers and scammers (a.k.a Yahoo boys in Nigeria) are now in possession of criminal software. They are becoming more and more aware of the NET platform, pearl codes, java scripts dhtml, c/c++, shell scripts, PHP and a host of others. These codes have now become more or less as easy as playing football as these boys/girls have no worries about making the corporate world an endangered sector.
This book is written with the ordinary computer user in mind using soft and accessible language. This is important because most security books in the market are often too technical for the ordinary user to comprehend. In this regard, I was able to strike a balance in order to make this book interesting to both technical and non-technical readers.
The ordinary user needs to know when to click accept on the Internet, how to formulate good passwords, and lots of other vital basic security practice. If you are a business manager, you will find this book very interesting. If you are interested in taking a career in security as a student, then you will find this book very helpful, and if you are a computer-savvy fellow, you will find this book very useful.
This book is also an important guide for Students of Computer Science and related disciplines that are already familiar with basic networking protocols and want to major in Computer Security. The book is also intended to address modern computer security issues because it focuses on real life oriented attacks, the theories supporting those attacks, and the antidotes for the attacks. The attacks are demonstrated both from the hacker’s and the administrator’s perspective.
This book addresses computer network security in its wholeness by attempting to explore simple and complex tricks used by scammers and hackers to infiltrate into networks.
The book is divided into two phases: the attack phase and the defense phase. The attack phase reveals the tools and intrigues used by criminal hackers to infiltrate a target network or host. The important part here is not to show how to attack something, but to show how attackers take advantage of our mistakes.
This will enable us to protect our networks by avoiding the pitfalls hackers use. However, let me make one thing absolutely clear: I neither condone nor defend those who attack networks or systems they do not own or that which they have not been asked to attack. One of the greatest challenges the security community faces is lack of information on the enemy. Questions like who is the threat? Why do they attack? How do they attack? What are their tools? And possibly when will they attack? These are questions the security community often cannot answer.
For centuries military organizations have focused on information gathering to understand and protect against an enemy. To defend against a threat, you have to first know about it. However, in the information security world we make little of such information gathering.
I have spent a reasonable part of my productive life in IT, training corporate staff on security issues and securing networks not distributing tools to break them. Certain information systems security professionals, namely those who are charged with pen testing, have a legitimate use for most of these tools.
It is also important to note that tools used by system administrators to troubleshoot networks are the same tools used by hackers to break into networks. In addition to this, to stop a criminal hacker or scammer requires the ability to think like a criminal. After all, the objective is to demonstrate what an attacker would do.
Most of us have been taught from a very early age to be good law-abiding people and are simply not good at thinking up very plausible and innovative criminal schemes. On the other side of the coin, the defense phase provides the antidote for the attacks and a good view of the anatomy of the operating system’s kernel structure, because as security professionals, we have to go beyond just knowing how to administer the system, we have to be able to maneuver the kernel processes.
I must say, at this point that this book will make a satisfying read for anyone who has ever clicked a mouse, most especially system administrators, or anyone who wants to take a career in network security.
IS THIS BOOK FOR YOU?
Quite a few books deal with network security in depth. I wrote this with the ordinary computer user in mind using soft and accessible language, because most security books in the market are often too technical for the ordinary user to comprehend.
In this regard, I was able to strike a balance in order to make this book interesting to both technical and non-technical readers. If you are a business manager, you will find this book very interesting. If you are interested in taking a career in security as a student, then you will find this book very helpful, and if you are a computer-savvy fellow, you will find this book very useful.
This book is also an important guide for students of Computer Science and related disciplines that are already familiar with basic networking protocols and want to major in Computer Security. In addition, this book is a compilation of series of my publications in various IT magazines and symposia, which are orchestrated to address modern computer security issues.
This book focuses on real life oriented attacks, the theories supporting those attacks, and the antidotes for the attacks. The attacks are demonstrated both from the hacker’s and the administrator’s perspective, as the book views the computer host as well as the Internet network. Have a superb read!
Chapter 1 describes the philosophy behind the concept of security, the thought process a criminal hacker adopts when taking over a system or network, and a real life methodology of an attack scenario. We discussed the protective measures a user or an administrator is supposed to abide by at each stage of the attacks. We also disassembled the Windows Operating System kernel which is the target of most cyber criminals, so as to get a clear picture of the anatomy of the Windows kernel architecture.
Chapter 2 covers the safe practices a user should abide by to protect his/her online transactions. We illustrated simple mistakes ATM users make which land them into a scammer’s pitfall. We also showed the best way to run Internet banking.
Chapter 3 reveals an extensive field research about the malicious intents of Internet fraudsters aka Yahoo Boys in Nigeria, the psychology behind their attacks, the reasons they attack, the tools of their attack, and the timing of their attacks. We also discussed FBI/EFCC warnings on cyber crime.
Chapter 4 is about the basic laws surrounding the use of computing devices. We compared and contrasted the existing computer laws in developed and developing countries.
Chapter 5 centers on the tools in Google search engine. We also demonstrated the research and business tools attached Google.
Chapter 6 compares different Internet browsers focusing on Internet Explorer and Mozilla Firefox, the two dominant browsers on the Internet. We carefully discussed the security features of each browser.
Chapter 7 is about simple protection against viruses, worms and Trojan horses. We discussed differences between various infections, and the performances of various antivirus software.
Chapter 8 works you through how to make important decisions regarding how to choose and navigate your IT career path. We describe the prospects in networking, Operating System support and programming.
Chapter 9 describes the shortcomings of Linux as a desktop Operating System, and the nature of the coexistence of Linux and Windows on the same network.
Chapter 10 describes the model of the operation and transmission of data on the Internet, and the analysis of IPv4 and IPv6. We also illustrated the TCP/IP troubleshooting techniques.
Chapter 11 is about of firewalls on computing networks, the various distributions of firewalls, and how to build a simple Linux firewall gateway.
Chapter 12 describes the roles of Intrusion Detection Systems on our system/network, the shortcomings of IDS, and an analysis of the science of encryption.
Chapter 13 is about popular port numbers that are the targets of malicious port scanners. We discussed the well known port numbers, private port numbers, and the commands to monitor the activities of these ports.
Finally, we provided links to a variety of tools that technically savvy fellows can play with on their home networks, useful IT resource sites for subscription, recommended network security books, and a comprehensive network security glossary.
About The Author
The author, Aliyu Ahmed Ahmed was born in Lokoja,, Nigeria. Ahmed holds a B.Sc in Economics from Ahmadu Bello University, Zaria. He is a Microsoft Certified Technology Specialist and a Cisco Certified Network Associate. His other IT certifications include MCP, MCDST, MCTS and Linux Certification from a Kolkatan (India) Software Training Facility. He is also an occasional columnist in The Guardian Newspaper and a contributing editor in Communicationsweek, an IT magazine. Ahmed has five years field experience in Network Support and has over the years worked in the following IT firms; KarRox Training Institute as MCSE Instructor, Aptech World Wide/STPL (Software Technology Park Limited) Nigeria, as a Networking Instructor/Security Administrator, Sphinx Interactive Solutions as a Technical Support Engineer, Meridian Technology as a CCNA instructor. He is currently working with Webb Fontaine as a site support engineer in Lagos, Nigeria.Ahmed also contributes articles for TechTrends.Contact Ahmed on his email: firstname.lastname@example.org or Mobile:+2348036241983