Hi! Thanks for the question.
Since web security is a growing concern, you can find numerous
resources on such a subject. I will provide you with snippets of the
articles that directly answer your questions but I highly recommend
you read them in their entirety so as to get a better coverage.
The CERT website has an amazing web page which discusses web security
in an easy to understand manner. It provides this definition and
discussion:
“To make information available to those who need it and who can be
trusted with it, organizations use authentication and authorization.
Authentication is proving that a user is whom he or she claims to be.
That proof may involve something the user knows (such as a password),
something the user has (such as a 'smartcard'), or something about the
user that proves the person's identity (such as a fingerprint).
Authorization is the act of determining whether a particular user (or
computer system) has the right to carry out a certain activity, such
as reading a file or running a program. Authentication and
authorization go hand in hand. Users must be authenticated before
carrying out the activity they are authorized to perform. Security is
strong when the means of authentication cannot later be refuted - the
user cannot later deny that he or she performed the activity. This is
known as nonrepudiation.”
“Basic Security Concepts”
http://www.cert.org/encyc_article/tocencyc.html#BasicSec
The history of the issue of web security actually started with the
birth of the Internet itself or its predecessor the ARPANET.
“During these years, researchers also played "practical jokes" on each
other using the ARPANET. These jokes usually involved joke messages,
annoying messages, and other minor security violations. Some of these
are described in Steven Levy's Hackers: Heroes of the Computer
Revolution (2). It was rare that a connection from a remote system was
considered an attack, however, because ARPANET users comprised a small
group of people who generally knew and trusted each other.”
“In 1986, the first well-publicized international security incident
was identified by Cliff Stoll, then of Lawrence Berkeley National
Laboratory in northern California. A simple accounting error in the
computer records of systems connected to the ARPANET led Stoll to
uncover an international effort, using the network, to connect to
computers in the United States and copy information from them. These
U.S. computers were not only at universities, but at military and
government sites all over the country. When Stoll published his
experience in a 1989 book, The Cuckoo's Egg (3), he raised awareness
that the ARPANET could be used for destructive purposes.“
“In 1988, the ARPANET had its first automated network security
incident, usually referred to as "the Morris worm" (4). A student at
Cornell University (Ithaca, NY), Robert T. Morris, wrote a program
that would connect to another computer, find and use one of several
vulnerabilities to copy itself to that second computer, and begin to
run the copy of itself at the new location. Both the original code and
the copy would then repeat these actions in an infinite loop to other
computers on the ARPANET. This "self-replicating automated network
attack tool" caused a geometric explosion of copies to be started at
computers all around the ARPANET. The worm used so many system
resources that the attacked computers could no longer function. As a
result, 10% of the U.S. computers connected to the ARPANET effectively
stopped at about the same time.”
“History”
http://www.cert.org/encyc_article/tocencyc.html#History
Another article that deals with the historical perspective of web
security could be found on our next link.
“Learning from History—Web Security in Review”
By John Stewart
http://www.newarchitectmag.com/documents/s=4505/new1013637023/index.html
You would find more about web security by reading the whole CERT page
on Internet security.
“Security of the Internet”
http://www.cert.org/encyc_article/tocencyc.html
Another valuable resource for information is the W3C Security FAQ
http://www.w3.org/Security/Faq/www-security-faq.html
------------
In terms of viruses, the BBC article enumerates and explains its
various forms. The types as mentioned by the article consist of worms,
Trojans, file viruses, boot sector viruses, macroviruses and hoaxes.
“How do computer viruses work?” (Page 2)
http://www.bbc.co.uk/science/hottopics/computerviruses/types.shtml
In order to fully understand computer viruses, the How Stuff Works
website created an excellent article which is detailed yet very easy
to understand. From the article we can see that it’s effects range
from personal computers through commercial business and banks and even
government servers.
“How Computer Viruses Work?” by Marshall Brain
http://www.howstuffworks.com/virus.htm/printable
The Yahoo web directory lists a number of software applications that
one could use to combat computer viruses.
Yahoo: Antivirus Software
http://dir.yahoo.com/Business_and_Economy/Business_to_Business/Computers/Software/System_Utilities/Virus_Protection/
The How Stuff Works website also has a good definition of firewalls
and the concepts related to it.
“A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your private
network or computer system. If an incoming packet of information is
flagged by the filters, it is not allowed through.”
Firewalls could be either software or hardware. An example of firewall
software would be Zonealarm. A hardware type meanwhile could be
Linksys. The article also provides links to other vendors.
It protects us from the following types of intrusion:
Remote login
Application backdoors
SMTP session hijacking
Operating system bugs
Denial of service
E-mail bombs
Macros
Viruses
Spam
Redirect bombs
Source routing
You could read all about it through this link.
“How Firewalls Work”
by Jeff Tyson
http://www.howstuffworks.com/firewall.htm/printable
-------
The Hacking lexicon website meanwhile provides us with valuable
information about the terms you need to know when studying this field.
“A hacker is someone who is able to manipulate the inner workings of
computers, information, and technology.”
“In the 1970s, the word "hacker" was used by computer enthusiasts to
refer to themselves. This reflected the way enthusiasts approach
computers: they eschew formal education and play around with the
computer until they can get it to work. (In much the same way, a golf
hacker keeps hacking at the golf ball until they get it in the hole).”
“Furthermore, as ‘experts’ learn about the technology, the more they
realize how much they don't know (especially about the implications of
technology). When experts refer to themselves as "hackers", they are
making a Socratic statement that they truly know nothing. For more
information on this connotation, see ESR's computer enthusiast ‘Jargon
File’.”
Hacking Lexicon
http://www.robertgraham.com/pubs/hacking-dict.html#hacker
In the article, “Cyber Crime Treaty”, we could identify 10 types of
hacking activities.
“data-related crimes, including interception, modification, and
theft;”
“network-related crimes, including interference and sabotage;”
“crimes of access, including hacking and virus distribution;”
“associated computer-related crimes, including aiding and abetting
cyber criminals, computer fraud, and computer forgery;”
“CyberCrime Treaty”
Greg Paulson
June 12, 2001
http://216.239.33.100/search?q=cache:VWI1jDAqUGYC:rr.sans.org/legal/treaty.htm+hacking+activities+types&hl=en&ie=UTF-8
------------
The Institute of National Strategies website gives us a good
background on the nature of information warfare.
“In recent years, a concept known as "information warfare" has become
popular within certain circles of the U.S. defense establishment. The
concept is rooted in the undisputable fact that information and
information technologies are increasingly important to national
security in general and to warfare specifically. According to this
concept, advanced conflict will increasingly be characterized by the
struggle over information systems. All forms of struggle over control
and dominance of information are considered essentially one struggle,
and the techniques of information warfare are seen as aspects of a
single discipline.”
“WHAT IS INFORMATION WARFARE?” – Preface
http://www.ndu.edu/inss/actpubs/act003/a003ch00.html
By looking at the table of contents for information warfare, we could
see that it could come in different forms.
“WHAT IS INFORMATION WARFARE?” - Table of Contents
http://www.ndu.edu/inss/actpubs/act003/a003cont.html
Our immediate concern in this instance is about hacker and cyber
warfare.
“Hacker warfare varies considerably. Attackers can be on site,
although the popular imagination can place them anywhere. The intent
of an attack can range from total paralysis to intermittent shutdown,
random data errors, wholesale theft of information, theft of services
(e.g., unpaid-for telephone calls), illicit systems' monitoring (and
intelligence collection), the injection of false message traffic, and
access to data for the purpose of blackmail. Among the popular devices
are viruses, logic bombs, Trojan horses, and sniffers.”
“Hacker Warfare”
http://www.ndu.edu/inss/actpubs/act003/a003ch07.html
“The Internet and its imitators have produced virtual equivalents of
the real world's sticks and stones. Women have complained of virtual
stalkers and sexual harassers; flame wars in the global village are as
intense and maybe as violent as the village gossip they have
supplanted; agent technology, coming soon, permits a user to launch a
simulacrum into the net, armed with its master's wants and needs, to
make reservations, acquire goods, hand over assets, and, with work, to
negotiate terms for enforceable contracts. What conceptual distance
separates an agent capable of negotiating terms from another capable
of negotiating concepts, hence, conducting a discussion? What will
prevent an agent from conducting an argument? Arguments may require
the support of allies, perhaps other agents wandering the net, who may
be otherwise engaged in booking the best Caribbean vacation but who
have spare bandwidth available for engaging in sophomoric colloquy.”
“Cyberwarfare”
http://www.ndu.edu/inss/actpubs/act003/a003ch09.html
I have found the following bibliography citations that could help you:
------
Bibliography Links:
Web Security:
http://www.w3.org/Security/Faq/wwwsf7.html
http://puma.wellesley.edu/~security/bib.html
http://mailserv.cc.kuleuven.ac.be/secbook/secbook.htm
Computer Viruses:
http://www.geocities.com/janice_cv/bibli.html
Firewalls:
http://www.sit.wisc.edu/~LuZhou/Bibliography.htm
Hacking:
http://www.thocp.net/reference/hacking/bibliography_hacking.htm
Information Warfare
http://www.enolagaia.com/IWBib.html
http://www.au.af.mil/au/aul/bibs/infowar/if.htm
http://www.dodccrp.org/C2_Biblio/C2_Biblio_NCW.htm
Search terms used:
Web security history
Computer virus types
Firewalls
Hacking activities
Information warfare
bibliography
I hope these links would help you in your research. Before rating this
answer, please ask for a clarification if you have a question or if
you would need further information.
Thanks for visiting us.
Regards,
Easterangel-ga
Google Answers Researcher |
