College senior research paper.
Every day around the world, millions of individuals work at computers. Whether it is at the headquarters of a huge international corporation or in the basement of their home, these people are expending precious time and resources in accomplishing work on their computers. Unfortunately, in many cases all of this effort is left in a vulnerable state. Through varying means, criminals can gain access to a computer with vital information on it and exploit it in many different criminal ways. And even with this being the case and with statistics continually on the rise, many people aren’t even aware of computer crime. The purpose of this paper is to bring to light many of the issues at stake in computer security. With the staggering way that computers are affecting the world, the information on them is becoming more and more valuable. Computing personnel need to take security seriously. They need to know its background, how to identify the weaknesses in their systems, and finally, what tools are available to them to prevent breaches to their security.
II. The History of Computer Crimes
It isn’t very difficult to find occurrences of computer crime. Over the last fifty years, as computers have emerged in business, the number of opportunities for computer crime has increased. In the 1960s computer crime started to gain prominence and with the wide introduction of computers into automating the telephone industry, computer hackers took advantage of the weaknesses that they saw (Sterling 1993).
In the 1970s, computer criminals expanded from focusing on manipulating the phone industry to taking on bigger challenges within corporate America. The largest known computer crime in the world took place at Equity Funding Insurance, a Los Angeles based insurance company, in 1973. The company’s own management was responsible for a two billion-dollar loss when they were caught using the computer system to create fake insurance policies for 64,000 people (Parker pg. 65).
Throughout the 1980s and into the present, the Internet has become a component of many businesses, leaving companies increasingly vulnerable. For the most part, in the 1970s and early 1980s computer criminals were viewed as minor annoyances. Generally they didn’t do significant damage and only caused pranks (Standler 1999). However, with so many computers networked together and the systems administrator trying to control everything at once, it has become much easier for computer criminals to strike more effectively (Anderson 1999).
As computers have come to control more vital functions, computer pranks started to have more serious consequences. Instances of medical records being hacked into could have far reaching effects on patients if information was even accidentally changed. With the vast scope of the Internet, viruses have come to light as the source of major problems where there is loose security. In November 1988, Robert Tappan Morris, Jr. virtually brought down the entire Internet for a short time after unleashing an extremely effective virus. The costs to repair the damage was in the thousands of dollars per computer effected (Devost 1995). In March of 1999, the “Melissa” virus reminded companies how vulnerable they still were by wreaking havoc with company e-mail servers.
III. Definition of a Computer Crime
In light of this historical background, exactly what is a computer crime? A formal definition is hard to nail down, but a broad definition would be “…any illegal act that involves a computer system, whether the computer is an object of crime, an instrument used to commit a crime or a repository of evidence related to a crime.” (Hammad 1999). Working off of this definition, computer crimes can be broken down into a few key areas: Crimes which damage or modify a computer system, fraud crimes which involve computers, and crimes in which information located on a computer is reproduced or stolen.
Activity that modifies or damages a computer system can be accomplished in any number of ways. A program, known as a “mail bomb,” which could overload an e-mail server with millions of messages being released (Standler 1999). This action would quickly crash the main server and stop work until the damage could be repaired. Alternatively, damage could be the simple erasure of files, an act that could do minor to considerable damage depending on the importance of the files that were deleted.
The most common type of computer damage occurs through the use of computer viruses. While not all computer viruses are destructive, at the very least most perform annoying functions to files or even the computer hardware itself (Kane pg. 4). A precise, scientific definition of a computer virus is a “program that is able to infect other programs by modifying them to include a possibly evolved copy of itself.” (Bontchev 1999). Viruses have increasingly been in the news, with numerous instances of what started out as small pranks getting out of control. Since so many computers in an organization are networked together, once a virus enters a system, it doesn’t take long for it to multiply and spread. The fact that the criminal doesn’t even have to be at the scene when the crime occurs makes computer damage or modification so effective. Often the unauthorized user is at a distantly remote location, making apprehension time-consuming and difficult (Standler 1999).
Computer fraud should be common to the minds of most, as we see it frequently in movies or on television shows. An example would be using a computer to manipulate one’s school grades or breaking into one’s bank account and playing with the numbers. While some aspects of computer fraud occur by customers or other outside users, internal security breaches by personnel are common in as many as a third of the cases (Rapalus 1999). Embezzlement can take place by simple additions or deletions of input data, and by changing the information contained in files or by the duplication of outputs (Norman pg. 13).
The theft or reproduction of critical information is a final common type of computer crime. Like computer damage or modification, the user could be at a remote location acting like a burglar who never even has to enter the building (Standler 1999). However, what should be of an even greater concern to the IT administrator isn’t necessarily the threat from outside, but the threat from within. It surely isn’t an unknown concept for disgruntled employees to sell their knowledge to competitors (Kerlin 1999).
For an outsider, methods such as tapping into a network through a direct Internet connection or slipping in through a back-door modem connection may be used to steal information. Common ways in which an employee steals information includes selling their knowledge outright, giving out raw data, or handing out passwords (Kerlin 1989). Because of this threat, it is a good idea to be very knowledgeable of the people that you hire.
IV. Risk Assessment
With all of these security obstacles facing an IT manager, one may wonder where prevention should begin. The first step in addressing computer security in an organization should be the performance of a risk assessment. While there are many different approaches, computer security expert Charles Pfleeger has broken risk assessment down into six steps:
1. Identify Assets: An inventory needs to be taken of all the different components that comprise your computer system. This will include the hardware with everything from keyboards to monitors, printers and CPU’s. Software also will need to be considered, from the operating system up to all data stored on the system. Not to be forgotten are all of the support aspects of the computer. This could include the system documentation, the people who run and maintain the system, and even supplies such as paper for the printers (Pfleeger pg. 464).
2. Determine Vulnerabilities: This may sound more easily said then done, but the next step is to look at each component from the inventory created in step one and determine the state of vulnerability of that component. What defines vulnerability? Pfleeger insists that “A secure system should be protected against unauthorized disclosure, modification, destruction, or denial of service of any component (Pfleeger pg. 465).” A rough guide would be the likelihood of any of the computer crimes outlined earlier occurring on the system
3. Estimate Likelihood of Occurrence: There are several ways that this step can be accomplished, depending on the resources that you want to expend and the amount of information that you have at hand. A wide variety of estimation options are available. If there is a large amount of data that has been collected over a long period of time, you could mathematically calculate the probabilities of certain events. A more simplistic method, providing at least a rough estimate, would be to create a table listing the different events that could occur and then ranking them on a scale depending on management’s view of likely occurrence. In more complex cases, professional organizations should likely be enlisted to provide guidance in determining the likelihood of occurrences. (Pfleeger pg. 465).
4. Compute Expected Annual Loss: This step is comprised of a vast range of costs that need to be considered in the event of a security breach. Figuring such costs can get very complicated when the specific factors considered include the costs associated with replacing data that has been lost and the gains a competitor could make if they were to come into possession of such data. Not to be overlooked would be the legal costs involved in disputes over data losses (Pfleeger pg. 467).
5. Survey Applicable Controls and their Costs: This step is where the costs of prevention begin to be assessed. The costs of tools for preventing security breaches (which will be looked at in detail shortly) including identification, authentication, authorization and encryption methods can be very expensive and determining what is specifically needed is key. Also not to be overlooked are the costs of physical controls, such as security guards to physically guard against property theft (Pfleeger pg. 468).
6. Project Annual Savings of Control: This step is where you will determine the money that could be saved by making your system more secure. If you subtract the cost of controls that were determined in step five from the loss estimations made in step four you will be left with the amount saved (Pfleeger pg. 469).
Interestingly, situations may arise where it is not cost effective to implement security procedures. For businesses that have limited applications or uses for their computers, costs of implementation and future maintenance of those measures could outweigh the costs associated with property losses (Dalton 1998). However, one must bear in mind that any conclusions drawn with regard to a computer system’s vulnerability is limited to the current situation of the system. Circumstances can and will change in the future and continual “check-ups” of risk assessments need to be performed so that when losses become too high, they will be detected.
Performing risk assessment isn’t something that necessarily needs to be done “in-house.” Devoting staff resources to figuring out risk assessment can prove to be very costly when the regular work not being done by those employees is considered. In some cases, due to the complexity of the system to be analyzed, it may be more cost effective to assign those already familiar with the system to the task. Alternatively, there are many consulting companies ready to assist companies in performing risk assessments. As risk assessment is not necessarily a one size fits all situation, it should be considered on a case by case basis what would be the most cost-effective solution.
V. Solutions to Combat Computer Crime
With the Risk Assessment performed, holes should begin to appear in the company’s present setup. If you do decide that the benefits out-weight the costs, you should move forward into prevention. There are many different tools that can be used to fill the holes and it is essential that one understand the common solutions that exist. What follows are an explanations of such solutions, including: Encryption, Firewalls, Authentication/ Authorization, Real-Time Monitoring, Virtual Private Networks and Dumping of Files.
Encryption: Encryption is a first line of defense. It transfers the vulnerability of sensitive information from the communication channels or storage facilities to the encryption keys. These keys contain the information necessary to unlock an encrypted file (Parker pg. 372). After encryption moved into private use in the 1960s, there have been 3 major standards developed: DES, RSA, and PGP. Each is an improvement on the last, but given issues of cost and necessity it may not necessarily be the best decision to jump right to the latest in encryption.
DES stands for Data Encryption Standard and was developed by the United States federal government in 1972. With DES, data can be secured with a possible 256 different combinations available to lock it (Van Der Lubbe pg. 62). By devising a standard for encryption, extensive usage became easier as improvements could be made very efficiently. However, standards did leave the door open to hackers being able to cause major problems, as they would only have to crack a single encryption algorithm in order to gain access to a large number of systems (Van Der Lubbe pg. 61). As of very recently, Triple-DES has come along to offer even better protection (Parker pg. 380).
The RSA system is named after the last names of its designers: R. L. Rivest, A. Shamir, and L. Adlema. It was developed at the Massachusetts Institute of Technology in 1978 and uses what is known as a public key system. The public key system uses two different keys, one for encrypting the file and one for decrypting it (Haller 1994). The public key is made generally available in a manner so that anyone needing it can get to it easily, while those for whom the information is intended have their private key to decrypt it (Van Der Lubbe 131). The basic idea is that anyone can encrypt a given file, but only certain people are able to decrypt it.
PGP stands for Pretty Good Protection and it also uses the public key method. This method has gained much popularity since its introduction in 1986 as it can run well on a standard desktop PC. For this reason, PGP is the cryptographic system used for e-mail security (Van Der Lubbe pg. 95). Interestingly, PGP builds for the user a “Key Ring” which has a set of all the public keys that a person possesses. Users can then exchange other user’s public keys with each other. And while this can be convenient, a drawback occurs in that a chain of users can develop which begins to stretch the credibility of who is inside the security loop (Pfleeger pg. 426).
Encryption isn’t a perfect security method as it entails putting large amounts of valuable information under a lock and key that could be lost or forgotten. It isn’t unheard of for businesses to have severe damage inflicted upon them because of carelessness or destruction when dealing with encrypted files. If your encryption key is accidentally destroyed and can’t be replaced, you are going to have major problems when trying to decrypt locked files. Also not to be overlooked is the concept of Information Anarchy which can result if employees are allowed to use their own non-standard encryption methods or have their own keys outside of management control (Parker pg. 378). This takes too much control out of the manager’s hands and invites complex problems to develop further down the road.
Authentication: Another security method is Authentication, which deals with not only making sure that the right people are interacting with the right machine but also with making sure that the right computer is interacting with another “correct” computer. With computers interacting with each other outside of the watchful eyes of humans, it is increasingly necessary that computers have built in methods of making sure that they can trust another computer (Parker pg. 383). While authentication can get very complex (use of Global Positioning Systems to verify computer locations, and so on), it doesn’t have to be. According to some security experts, authentication is based on only three factors: what you know (a secret password); what you possess (a token or a key); and what you are (your own biometric characteristics, such as your fingerprints) (Parker pg. 383).
In order to be done correctly, password implementation should meet a number of requirements. Firstly, the password should meet the minimum length and content requirements. Each password system is different and some may require strictly letters, numbers, or a combination of both. There should be a limit on the number of invalid inputs that the user can make. In some cases, such as with on-line banking, it isn’t uncommon for multiple invalid attempts to result in the closing of your account for a specified amount of time. Information concerning the identity of the computer or service provider shouldn’t be displayed, as this could give clues to a criminal that may help them break into the system. The master copy of the protected password file should be encrypted using a method that makes decryption not possible, as the input of a password should be only one-way. It’s also a good idea to have a time limit for entry so that a criminal doesn’t have all day to work our password combinations (Parker pg. 384).
The password shouldn’t be displayed once successful entry has been made either. You never know who may be looking over a user’s shoulder. Once entry has been made, the computer should return a different password or identifier from that of the user to authenticate the computer to the user. This is just to make sure that the user isn’t unknowingly using a computer that has been disguised as another. A common practice of computer criminals is the use of a fake login method to collect user data and their password (Parker pg. 385).
Passwords can be used in combination with Tokens. Tokens are either hardware or software devices that are in the possession of the user. An example could be a plastic “smart card,” which is very similar in appearance to a credit card. The “smart card,” however, contains an electronically recorded and encrypted password. The user’s identity is then authenticated in two ways, as both the card with the password and a user-entered password are needed (Parker pg. 388).
Tokens become even more complex when more elaborate hardware methods become involved. A typical method would be to have the Token calculate a new password every few seconds. The new password would then be compared with one that is generated in synchronization with the computer being used. However, keep in mind that as Tokens get more complex, their convenience starts to become an issue. People could become resistant of the security measures if they are constantly annoyed by the processes needed for security. Users’ needs should be taken into consideration alongside security needs at stake when deciding what method to use (Parker pg. 389).
Offering just as much inconvenience, but maybe even better security is biometrics. The most commonly seen forms of protection involve identifying physical features including the use of fingerprints, retinal or iris eye scans or hand geometry methods that are used to verify the user’s identity (Dippel 1996). This form of authentication is still undergoing much development, as the past systems that have been devised haven’t been very financially successful for their developers. The cost to implement biometrics is considerable when one considers its costs over a large amount of computers. Also, these products have many technological “kinks” that pop up due to biological changes in people. Such mundane issues as the caffeine in a morning cup of coffee can cause problems with biometric security. These problems have to be resolved in order to make biometrics a very viable security option (Parker pg. 391).
Firewalls: Many of the security techniques outlined above come together as part of a firewall. The basic idea of a firewall is software or hardware that “…thwarts hackers’ attempts to access your network, preventing them from copying, changing, or destroying information or consuming bandwidth, memory, or processing power” (Boyer 1997). A major part of computer networks are devices called routers which act almost like traffic cops by receiving data in the form of “packets” and then deciding where the data should be sent next. A firewall is used in conjunction with a router to form a virtual barrier to the outside computer world. Since everything entering the network from an outside source has to pass through a router, placing a screening process at that first point of entry can be a very simple and yet very effective security measure (Pfleeger pg. 429). There are four commonly used types of firewalls: packet filters, dynamic packet filters, application gateways, and circuit relays.
Packet Filters offer the cheapest and fastest type of firewall solution. They work by looking at information from each individual packet and then making a decision to let them pass or not, based on the source and destination addresses and port numbers associated with them (Boyer 1997). Conveniently, most routers on the market today already have this function built into them, so it is just a matter of setting them up properly. Unfortunately, packet filters have no idea of the context in which a packet is arriving. Its previous input history isn’t evaluated at all. However, the introduction of Dynamic Packet Filters has overcome this limitation and they are more capable of making intelligent decisions. Their only drawback lies in their increased complexity (Denning pg. 129).
Application Gateways are generally regarded as the safest form of firewalls. From inside the firewall, individual applications make calls outward to receive incoming data. Each necessary application has a specialized gateway program at the firewall that understands the specifics of the application and knows what is needed. These gateway programs ensure that incoming packets of raw data are safe and the risk of an inappropriate packet entering is eliminated. The downside of gateway programs is that they can get very complex. Every time you add a new application to your system, you also have to set up a gateway program that corresponds to that application (Denning pg. 130).
Circuit Relays are a different approach to firewalls in that they monitor the communications between the host computer (which they are protecting) and an outside computer that my not be trusted (Farrow 1996). This method is considered to be safer than packet filters as no data is being passed directly, instead it is simply being monitored. The major drawback of Circuit Relays is that inside users can inadvertently set up connections to unsafe outside systems, which could lead to a bypassing of the firewall altogether (Denning pg. 130).
While firewalls provide great protection under certain circumstances, they aren’t the magic cure for computer crimes. Many times, viruses and/or other executable files may be able to run past the firewall and you’ll have to have software (such as an anti-virus program) in place inside to look out for that possibility. More importantly, attacks aren’t always going to come through the firewall and in those cases, you need to turn you sights toward the possibility of inside threats (Denning pg. 131). Monitoring employees’ computing and work activities is becoming a legal gray area in the United States, but considering the risk that exists, it is something that should be considered in depth.
Activity Logging: Keeping track of movement from both outside and inside a network is Activity Logging. On the outside level, you can continuously monitor and log activity to your web server. As outsiders visit, information about their system is recorded for later reference, should the need arise (Khare 1998). For the internal network, there is specialized software built into many popular operating systems or networking software that lets you monitor what tasks are currently being performed on specific computers and lets you record activity by insiders to outside locations.
Sniffers: Also not to be overlooked are criminals using software known as a “Sniffer,” which is considered a promiscuous monitoring attack. The Sniffer can capture unauthorized packets, as they are located at an intermediate stage of travel. (Denning pg. 137). When you are using devices called hubs to carry information from computer to computer across your network, you should consider the use of “smart hubs” as they can be configured to monitor passing data. This type of approach will dramatically reduce the opportunities for sniffing.
However, this solution won’t always be possible to implement. Similarly to what was just discussed concerning employee monitoring, management sometimes use Sniffers of their own to watch packets between employees and in those instances Sniffer detection methods would be irrelevant (Kleimola 1999).
Little Things: As a final reminder, don’t forget to pay attention to the little things. A common example would be not occasionally dumping files that would be regarded as garbage. Many modern personal computers have “recycle bins” that store recently deleted files in a temporary folder. However, the files in these folders are still available to be used long after the deletion, unless the folder is specifically cleared out manually or by an automated program. While files sit in these folders, they are vulnerable to anyone with access to the computer who could retrieve those files and use them for their own purposes.
VI. Crime Recovery
No matter how hard an IT person works to prevent security breaches, the reality is that there will always be holes for a criminal to pass through. Furthermore, your chances of becoming a victim are greatly increased if you are in some way connected to the Internet. It’s likely that the intruder wasn’t even a person with a defined plan, but just a casual visitor dropping in (Goncalves 1997). If or when that does occur, like any crime scene, clues need to be gathered and steps taken to catch the intruder and prevent any future problems.
Your first step will be to simply discover and assess what has happened. Something has likely changed on the system and this could have occurred in a multitude of places. Configuration files may be changed or user accounts may have been added or altered. In a situation where you don’t have backups properly stored, they too could have been tampered with. Finally, your security software or hardware itself could have been changed and may not be currently functioning properly (Goncalves 1997).
Next, you are going to have to deal with the problem at hand. You have a criminal that has done something to your system and if they are still at large. You need to devise a way to catch them. The control of your security system needs to be made aware that there has been a security anomaly. In that way, future anomalies that pop up will be recognized and recorded (Parker pg. 317). You also need to begin to actively track down the identity of the criminal. Your first step should be to immediately contact the FBI’s Computer Crime Unit, as they can give you valuable assistance and advice, regardless of whether the crime was on an individual or aimed at a business. Look over your Activity Logs for any information that could prove to be useful. You can sometimes track a criminal back to the source. Also, you should begin to consider motives for the activity. The criminal could be right in front of your face and through sitting down and considering who would have committed the act, a motive may appear that leads right to the perpetrator (Goncalves 1997).
While all of this activity is going on, you will want to consider blocking various forms of access to the system until problems are resolved. Depending on the severity of the crime or the importance of the information at stake, this could mean being as extreme as disconnecting network and modem lines. You could also block outsiders from having any access at all, locking or removing specific accounts. Depending on the feasibility of it, physically moving or removing critical files altogether from a system might also be an option to consider (Goncalves 1997).
Once a criminal has been apprehended, you are still left with the mess that they created. Hopefully, you have taken precautions in anticipation of problematic events occurring. Computer crime insurance and all-risk information insurance are options that have been quickly gaining popularity. Insurance is available to cover a wide range of computer resources. Everything from individual data to your entire system can be insured in case damage is inflicted (Parker pg. 317).
In order to make at least a partial recovery of lost information, you need to have a backup plan in place. This could mean having in place a regularly done complete system backup of a specific system. Highly critical systems may be placed on a revolving backup in which several backups are kept in storage and replaced on certain intervals. For major systems, selective backups may be considered. Under this method, only partial backups are performed on files that have been changed or created since the last backup (Pfleeger pg. 484). With proper backups made, being affected by a computer crime doesn’t have to be a devastating event.
Computer security is a huge subject that contains details that I haven’t even begun to touch upon. From physical security with guards to securing online monetary transactions, computer security can get much more complex. The more complex details will emerge once you determine what your particular security needs are and plan a course of action. That is why it is so important to have a firm understanding of the background and weaknesses of your system. Once you have drawn conclusions, the time must be taken to create formal policies concerning computer security. However, as a caution, computer crimes shouldn’t be something that you become paranoid about, going overboard with the resources available to you and causing waste. At the same time, you need to seriously understand what is at stake and how it could affect you. The key to success in computer security is to be alert to what is vulnerable and what to expect. Then, take that information and evaluate what is really needed to keep yourself secure.
Activity Logging: Specialized program that monitors and records activity on a computer system.
Application Gateways: Firewall application that makes calls outside of the firewall for information that will be used by applications within the firewall.
Authentication: Security method that focuses on making sure that only authorized users or safe computers have access to the computer system.
Biometrics: Authentication method that involves using identifying physical features for authorization.
Circuit Relays: Firewall application that monitors the communications between the host computer (which they are protecting) and an outside computer that my not be trusted.
Complete System Backup: Data backup method in which all files on the system have backups made.
Computer Crime: “…any illegal act that involves a computer system, whether the computer is an object of crime, an instrument used to commit a crime or a repository of evidence related to a crime.” (Hammad 1999).
DES (Data Encryption Standard): First encryption standard, developed by the United States federal government in 1972.
Dynamic Packet Filters: Improvement on packet filters that allows for more intelligent decision making.
Encryption: Security methods that scrambles data into an unusable form and then uses a key to unlock its correct contents.
Firewall: Security method that forms a virtual wall between the internal computer system and the outside world by sifting through all incoming information traffic and rejecting those that are unauthorized.
Hubs: Similar to a router, directs where information should go between computers on a network.
Information Anarchy: State of chaos within the information of an organization that can result if employees are allowed to use their own non-standard encryption methods or have their own keys outside of management control.
Keys: Password that is used to activate the encryption or decryption of data.
Key Ring: Set of keys produced under PGP encryption of all public keys that a person possesses.
Mail Bomb: The sending of a huge amount of mail to an e-mail server (usually with the intent of crashing it).
Packet (Data Packet): The most basic unit of data that is passed over a network.
Packet Filters: Firewall method that looks at information from each individual packet that passes through it and then making a decision to let them pass or not.
Password: Authentication method that uses either a numeric or alphanumeric combination to identify an authorized user.
PGP (Pretty Good Protection): Developed in 1986, this encryption method is easily run on personal computers and builds for users a “Key Ring.”
Public Key: Encryption method that uses two different keys, one for encrypting the file and one for decrypting it. The public key is made generally available in a manner so that anyone needing it can get to it easily, while those for whom the information is intended have their private key to decrypt it.
Revolving Backup: Data backup method in which several backups are kept in storage and replaced on certain intervals.
Risk Assessment: Standard procedures followed to determine the vulnerability of a computer system.
Routers: Piece of network hardware which receives data in the form of “packets” and then decides where the data should be sent next.
RSA: Encryption method that was developed at the Massachusetts Institute of Technology in 1978 and uses what is known as a public key system.
Selective Backup: Data backup method in which partial backups are performed on files that have been changed or created since the last backup.
Smart Card: Credit card size devices that can be used to store and exchange information.
Sniffers: Program that is used as an independent monitoring device that can also intercept packets of data in transit.
Token: Independent hardware or software device that is used in authentication to uniquely identify a user.
Viruses: “Program that is able to infect other programs by modifying them to include a possibly evolved copy of itself.” (Bontchev 1999).
Anderson, Kent. “Criminal Threats to Business on the Internet.” 1999.
<http://www.aracnet.com/~kea/Papers/White_Paper.shtml> (14 September 1999).
Bontchev, Vesselin. “Are ‘Good’ Computer Viruses Still a Bad Idea?” 1999.
<http://www.virusbtn.com/OtherPapers/GoodVir/> (2 October 1999).
Boyer, Linda. “Great Walls of Fire.” 1997. <http://www.novell.com/nwc/jan.97/fire17/> (15 October 1999).
Dalton, Gregory. “Acceptable Risks.” 1998 <http://www.informationweek.com/698/98iursk.htm> (8 September 1999).
Denning, Peter J. and Dorothy E. “Internet Besieged: Countering Cyberspace Scofflaws.” New York: ACM Press, 1997.
Devost, Matthew G. “National Security in the Information Age.” 1995. <http://www.terrorism.com/documents/devostthesis.html> (26 August 1999).
Dippel, Alan K. “Authentication of Computer Communications.” 1996. <http://ftp.cs.indiana.edu/l/www/hyplan/adippel/authent.html> (19 October 1999).
Farrow, Rick. “How to Pick a Firewall with the Right Stuff.” 1996. <http://www.gocsi.com/rightst.htm> (14 October 1999).
Feinman, Todd, and David Goldman, Ricky Wong, Neil Cooper. Security Basics, A Whitepaper. PriceWaterhouseCoops LLP. 1998.
Goncalves, Marcus. “Internet Privacy Kit.” 1997.
<http://merchant.superlibrary.com:8000/products/07897/0789712342/078971234 2s.html> (2 October 1999).
Haller N. and Atkin R. “On Internet Authentication.” 1994. <http://www.sunsite.auc.dk/RFC/rfc/rfc1704.html> (14 October 1999).
Hammad, Mousa. “Legal and Social Aspects of Computing- Computer Crime.” 1998. <http://www.scit.wlv.ac.uk/~c9727436/page2.html> (26 September 1999).
Kane, Pamela. “PC Security and Virus Protection Handbook.” New York: M&T Books, 1994.
Kerlin, Bobbi A. Ph.D. “The Dark Side of the Chip.” 1989. <http://www.oit.pdx.edu/~kerlinb/myresearch/darkside.html> (16 October 1999).
Khare, Rohit and Adam Rifkin. “Trust Management on the World Wide Web.” 1998.
<http://www.firstmonday.dk/issues/issue3_6/khare/> (29 October 1999).
Kleimola, Johannes. “Sniffers” 1999. <http://www.hut.fi/u/jjkleimo/kurssit/tik110452/experiment_sniffers.html> (24 October 1999).
Norman, Adrian R. D. “Computer Insecurity.” New York: Chapman and Hall, 1983.
Parker, Donn B. “Fighting Computer Crime.” New York: John Wiley and Sons, Inc., 1998.
Pfleeger, Charles P. “Security in Computing.” New York: Prentice Hall, 1996.
Rapalus, Patrice. “Cyber Attacks Rise from Outside and Inside Corporations.” 1999.
<http://www.gocsi.com/prelea990301.htm> (18 November 1999).
Standler, Dr. Ronald B. “Computer Crime.” 1999. <http://www.rbs2.com/ccrime.htm>
(17 September 1999).
Sterling, Bruce. “The Hacker Crackdown.” New York: Bantam Books, 1993.
Van Der Lubbe, Jan C. A. “Basic Methods of Cryptography.” Melbourne: Cambridge University Press, 1999.