Skip to main content
Computer Systems Security
Planning for Success
Dr. Jan Pearce, Editor
Contents
Index
Search Book
close
Search Results:
No results.
dark_mode
Dark Mode
Prev
Up
Next
Scratch ActiveCode
Profile
Course Home
Assignments
Practice
Peer Instruction (Instructor)
Peer Instruction (Student)
Change Course
Instructor Dashboard
Progress Page
Edit Profile
Change Password
Log Out
Prefaces
Repository and License
Acknowledgements
Instructional Notes
1
Introduction
1.1
Managing Risk
1.2
Learning the Lingo
1.3
Hacker Culture
1.3.1
Hacker Hats
1.4
Threat Actors
1.5
Security Plans
1.6
Tools of the Trade
1.7
Lab: Think Like a Hacker
1.8
Review Questions
2
Cryptography
2.1
Why do we need cryptography?
2.2
Terminology
2.3
Keys
2.4
Mathematical Foundation
2.5
Hashes
2.6
Symmetric Encryption
2.7
Asymmetric Encryption
2.8
Stream Ciphers
2.9
Block Ciphers
2.9.1
Block Cipher Modes of Operation
2.9.1.1
Electronic Codebook (ECB)
2.9.1.2
Cipher block chaining (CBC)
2.9.1.3
Counter (CTR)
2.9.1.4
Galois/Counter Mode (GCM)
2.10
Encryption Examples
2.10.1
RSA
2.10.2
Advanced Encryption Standard (AES)
2.10.3
Elliptic-curve Cryptography (ECC)
2.10.4
Diffie-Hellman Key Exchange
2.10.5
Digital Certificates
2.10.6
Blockchain
2.10.7
Trusted Platform Module (TPM) / Hardware Security Module (HSM)
2.10.8
Steganography
2.11
Lab: Hash it Out
2.11.1
Anagram Hash
2.11.2
MD5
2.11.2.1
MD5 in a Github Codespace
2.11.2.2
MD5 in a Local Docker Container
2.11.3
MD5 Hash
2.12
Review Questions
3
Malware
3.1
What is Malware?
3.2
Malware Targets
3.3
Types of Malware
3.3.1
Worms, Viruses, and Trojans
3.3.2
Ransomware
3.3.3
Spyware
3.3.4
Cryptojacking
3.3.5
Rootkit
3.3.5.1
Firmware Rootkit
3.3.5.2
Bootloader Rootkit
3.3.5.3
Kernel-mode Rootkit
3.3.5.4
Application Rootkit
3.3.5.1
Botnet
3.3.6
RAT
3.3.7
Adware / Potentially Unwanted Programs (PUP)
3.4
Indicators of Compromise
3.4.1
Common IoC Types
3.5
Delivery of Malware
3.5.1
Phishing
3.5.2
SPAM
3.5.3
Dumpster Diving
3.5.4
Shoulder Surfing
3.5.5
Tailgating
3.5.6
Impersonation/Identity Theft
3.6
Cyber Killchain
3.6.1
Recon
3.6.2
Weaponization
3.6.3
Delivery
3.6.4
Exploitation
3.6.5
Installation
3.6.6
Command and Control (C2, C&C)
3.6.7
Exfiltration / Actions & Objectives
3.7
Lab: Malware Analysis
3.8
Review Questions
4
Protocols
4.1
Network Access Layer
4.1.1
ARP
4.1.2
Wifi
4.2
Internet Layer Protocols
4.2.1
IP
4.2.2
ICMP
4.2.3
NAT
4.2.4
IPsec
4.3
Transport Layer Protocols
4.3.1
TCP
4.3.2
UDP
4.3.3
Common Ports and Services
4.4
Application Layer Protocols
4.4.1
DHCP
4.4.2
HTTP
4.4.3
SSL/TLS
4.4.4
HTTPS
4.4.5
RDP
4.4.6
Telnet
4.4.7
SSH
4.4.8
LDAP
4.4.9
DNS
4.4.10
DNSSEC
4.4.11
IMAP/POP3
4.4.12
SMTP
4.4.13
NTP
4.4.14
FTP
4.4.15
SNMP
4.5
Lab: Scanning with Nmap
4.5.1
Using Nmap in a Github Codespace
4.5.2
Using Nmap in a Local Docker installation
4.5.3
Lab Instructions for Nmap
4.6
Review Questions
5
Attacks
5.1
Interception Attacks
5.1.1
MitM
5.1.2
MitB
5.1.3
Replay Attacks
5.1.4
SSL Circumvention
5.2
Network Layer Attacks
5.2.1
MAC Spoofing/MAC Cloning
5.2.2
MAC Flooding
5.2.3
ARP Poisoning
5.3
Internet Layer Attacks
5.3.1
IP Spoofing
5.4
Name Resolution Attacks
5.4.1
DNS Cache Poisoning
5.4.2
LLMNR Hijacking
5.5
Web-based Attacks
5.5.1
XSS
5.5.2
CSRF
5.5.3
SSRF
5.5.4
Session Hijacking
5.5.5
SQL Injection
5.5.6
XML Injection
5.5.7
LDAP Injection
5.5.8
Directory Traversal
5.5.9
URL Typosquating
5.5.10
Domain Hijacking
5.5.11
Zone Transfer Attacks
5.5.12
Clickjacking
5.6
Outcomes
5.6.1
Remote Code Execution (RCE)
5.6.2
Privilege Escalation
5.6.3
Denial of Service (DoS)
5.7
Lab: MitM with Scapy
5.7.1
MitM with Scapy in a Github Codespace
5.7.2
MitM with Scapy in a Local Docker Container
5.7.3
Continue with the MitM with Scapy Lab
5.8
Review Questions
6
Security Solutions
6.1
False Positives / Negatives
6.2
Layered Security
6.3
Network Solutions
6.3.1
Firewall
6.3.2
Proxy
6.3.3
Load Balancer
6.3.4
VPN
6.3.5
TAP
6.4
EDR
6.5
Data Loss Prevention
6.6
IDS/IPS
6.7
Email Solutions
6.8
SIEM
6.9
Lab: Exploiting Log4j
6.9.1
Exploiting log4j in a Github Codespace
6.9.2
Exploiting log4j in a Local Docker installation
6.9.3
Lab Instructions for Exploiting log4j
6.10
Review Questions
7
Assess Controls
7.1
General Principles and Techniques
7.1.1
Least Privilege
7.1.2
Multi-factor Authentication (MFA)
7.1.3
MAC, DAC, RBAC, and ABAC
7.1.3.1
MAC
7.1.3.2
DAC
7.1.3.3
RBAC
7.1.3.4
ABAC
7.2
Physical Access
7.2.1
Gates
7.2.2
Biometrics
7.2.3
Key Cards
7.2.4
Security Guards
7.2.5
Cameras
7.2.6
Mantraps
7.3
Network Access
7.3.1
Active Directory
7.3.2
Privileged Identity Management (PIM)
7.3.3
Privileged Access Management (PAM)
7.3.4
Identity and Access Management (IAM)
7.3.5
Unix File Permissions
7.3.6
ACLs
7.3.7
SSH Keys
7.3.8
Sessions and Cookies
7.3.9
Single Sign On (SSO)
7.3.10
Kerberos
7.3.11
Tokenization
7.4
Lab: Linux File Permissions
7.4.1
Linux Permissions in a Github Codespace
7.4.2
Linux Permissions in a Local Docker installation
7.4.3
Lab Instructions for Linux Permissions
7.5
Review Questions
8
Vulnerability Management and Compliance
8.1
Vulnerability Management
8.1.1
CVEs
8.1.2
CVSS
8.1.3
Evaluation
8.2
Compliance
8.2.1
Compliance Tools
8.2.2
PII/PCI
8.2.3
PCI DSS
8.2.4
PHI/HIPPA
8.2.5
SOX/GLBA
8.2.6
GDPR
8.2.7
US Patriot Act/PRISM
8.3
Lab: Scanning with Nessus
8.4
Review Questions
9
Incident Response and Continuity
9.1
Security Organizations
9.1.1
MITRE
9.1.2
NIST
9.1.3
OWASP
9.2
SOC
9.3
Incidents
9.3.1
Precursors
9.3.2
Indicators
9.4
Response
9.4.1
Business Continuity
9.4.2
Redundancy
9.4.3
Isolation and Containment
9.4.4
Recovery
9.4.5
Remediation
9.4.6
Reporting
9.5
MITRE ATT&CK Framework
9.5.1
Reconnaissance
9.5.2
Resource Development
9.5.3
Initial Access
9.5.4
Execution
9.5.5
Persistence
9.5.6
Escalation of Privilege
9.5.7
Defense Evasion
9.5.8
Credential Access
9.5.9
Discovery
9.5.10
Lateral Movement
9.5.11
Collection
9.5.12
Command and Control
9.5.13
Exfiltration
9.5.14
Impact
9.6
Lab: Reporting on the 2014 Sony Pictures Hack
9.7
Review Questions
10
Virtualization
10.1
Methods
10.1.1
Virtual Machines
10.1.2
Containers
10.1.3
Container Orchestration Systems
10.1.4
IaaS
10.1.5
PaaS
10.1.6
SaaS
10.2
Cloud Computing
10.2.1
Public
10.2.2
Private
10.2.3
Hybrid
10.2.4
Multi-Cloud
10.3
Serverless Solutions
10.4
4C’s of Cloud Native Security
10.5
Lab: Malicious Containers
10.5.1
Malicious Containers in a Github Codespace
10.5.2
Malicious Containers in a Local Docker installation
10.5.3
Lab Instructions for Malicious Containers
10.6
Review Questions
Index
1
Commands Cheat Sheet
Computer Systems Security
Planning for Success
Dr. Jan Pearce, Editor
Computer Science
Berea College
June 18, 2025
Repository and License
Acknowledgements
Instructional Notes
