Computer and Information Security Handbook -

eBook PDF install download

https://ebooksecure.com/download/computer-and-information-
security-handbook-ebook-pdf/

Download more ebook instantly today at https://ebooksecure.com

We believe these products will be a great fit for you. Click
the link to download now, or visit ebooksecure.com
to discover even more!

(eBook PDF) Computer Security and Penetration Testing

2nd Edition

http://ebooksecure.com/product/ebook-pdf-computer-security-and-
penetration-testing-2nd-edition/

Computer Security: Principles and Practice 4th Edition

(eBook PDF)

http://ebooksecure.com/product/computer-security-principles-and-
practice-4th-edition-ebook-pdf/

(eBook PDF) Computer Security Principles and Practice

4th Edition

http://ebooksecure.com/product/ebook-pdf-computer-security-
principles-and-practice-4th-edition/

(eBook PDF) Computer Security Fundamentals 4th Edition

http://ebooksecure.com/product/ebook-pdf-computer-security-
fundamentals-4th-edition/
(eBook PDF) Information Security: Principles and
Practices 2nd Edition

http://ebooksecure.com/product/ebook-pdf-information-security-
principles-and-practices-2nd-edition/

Principles of Computer Security Fourth Edition - eBook

PDF

https://ebooksecure.com/download/principles-of-computer-security-
ebook-pdf/

Elementary Information Security, 3rd Edition (eBook

PDF)

http://ebooksecure.com/product/elementary-information-
security-3rd-edition-ebook-pdf/

Principles of Computer Security: CompTIA Security+ and

Beyond (Exam SY0-601), 6th Edition Greg White - eBook
PDF

https://ebooksecure.com/download/principles-of-computer-security-
comptia-security-and-beyond-exam-sy0-601-6th-edition-ebook-pdf/

Principles of Computer Security: CompTIA Security+ and

Beyond Lab Manual (Exam SY0-601) 1st Edition - eBook
PDF

https://ebooksecure.com/download/principles-of-computer-security-
comptia-security-and-beyond-lab-manual-exam-sy0-601-ebook-pdf/
Computer and Information Security Handbook
This page intentionally left blank
Computer and Information
Security Handbook
Third Edition

Edited by
John R. Vacca
Morgan Kaufmann is an imprint of Elsevier
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright © 2017 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher.
Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with
organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website:
www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be
noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding,
changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information,
methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their
own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury
and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of
any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
ISBN: 978-0-12-803843-7

For information on all Morgan Kaufmann publications

visit our website at https://www.elsevier.com/books-and-journals

Publisher: Todd Green

Acquisition Editor: Brian Romer
Editorial Project Manager: Charlie Kent
Production Project Manager: Priya Kumaraguruparan
Designer: Maria Inês Cruz

Typeset by TNQ Books and Journals

This book is dedicated to my wife, Bee.
This page intentionally left blank
Contents

Contributors xxvii 3. A Cryptography Primer 35

About the Editor xxxi
Foreword xxxiii Scott R. Ellis
Preface xxxv 1. What Is Cryptography? What Is
Acknowledgments xli Encryption? 36
2. Famous Cryptographic Devices 36
3. Ciphers 37
Part I 4. Modern Cryptography 44
Overview of System and Network 5. The Computer Age 49
Security: A Comprehensive 6. How Advanced Encryption Standard
Works 52
Introduction 1 7. Selecting Cryptography: the Process 55
8. Summary 56
1. Information Security in the Modern Chapter Review Questions/Exercises 57
Enterprise 3 Exercise 57
James Pooley
1. Introduction 3 4. Verifying User and Host Identity 59
2. Challenges Facing Information Keith Lewis
Security 4
3. Assessment and Planning 5 1. Introduction: Verifying the User 59
4. Policies and Procedures 8 2. Identity Access Management:
5. Training 9 Authentication and Authorization 59
6. Summary 10 3. Synthetic or Real User Logging 61
Chapter Review Questions/Exercises 10 4. Verifying a User in Cloud
Exercise 11 Environments 62
5. Verifying Hosts 63
6. Verifying Host Domain Name System and
2. Building a Secure Organization 13
Internet Protocol Information 63
John R. Mallery 7. Summary 64
8. Chapter Review Questions/Exercises 64
1. Obstacles to Security 13
Exercise 65
2. Computers Are Powerful and
References 65
Complex 13
3. Current Trend Is to Share, Not
Protect 14 5. Detecting System Intrusions 67
4. Security Is Not About Hardware and
Scott R. Ellis
Software 16
5. Ten Steps to Building a Secure 1. Introduction 67
Organization 18 2. Developing Threat Models 69
6. Preparing for the Building of Security 3. Securing Communications 70
Control Assessments 31 4. Network Security Monitoring and
7. Summary 31 Intrusion Detection Systems 74
Chapter Review Questions/Exercises 33 5. Installing Security Onion to a
Exercise 33 Bare-Metal Server 83

vii
viii Contents

6. Putting It All Together 86 4. Motives 134

7. Securing Your Installation 87 5. The Crackers’ Tools of the Trade 134
8. Managing an Intrusion Detection System 6. Bots 136
in a Network Security Monitoring 7. Symptoms of Intrusions 136
Framework 87 8. What Can You Do? 137
9. Setting the Stage 93 9. Security Policies 139
10. Alerts and Events 93 10. Risk Analysis 140
11. Sguil: Tuning Graphics Processing Unit 11. Tools of Your Trade 141
Rules, Alerts, and Responses 95 12. Controlling User Access 143
12. Developing Process 99 13. Intrusion Prevention Capabilities 145
13. Understanding, Exploring, and Managing 14. Summary 145
Alerts 100 Chapter Review Questions/Exercises 146
14. Summary 106 Exercise 146
Chapter Review Questions/Exercises 107
Exercise 107 8. Guarding Against Network
Intrusions 149
6. Intrusion Detection in Contemporary
Environments 109 Thomas M. Chen

Tarfa Hamed, Rozita Dara, Stefan C. Kremer 1. Introduction 149

2. Traditional Reconnaissance and
1. Introduction 109 Attacks 149
2. Mobile Operating Systems 110 3. Malicious Software 152
3. Mobile Device Malware Risks 111 4. Defense in Depth 154
4. Cloud Computing Models 112 5. Preventive Measures 155
5. Cloud Computing Attack Risks 112 6. Intrusion Monitoring and Detection 159
6. Source of Attacks on Mobile 7. Reactive Measures 160
Devices 113 8. Network-Based Intrusion Protection 161
7. Source or Origin of Intrusions in Cloud 9. Summary 162
Computing 113 Chapter Review Questions/Exercises 162
8. Classes of Mobile Malware 114 Exercise 163
9. Types of Cloud Computing Attacks 114
10. Malware Techniques in Android 115
11. Cloud Computing Intrusions 9. Fault Tolerance and Resilience
Techniques 117 in Cloud Computing
12. Examples of Smartphone Malware 118 Environments 165
13. Examples of Cloud Attacks 119
Ravi Jhawar, Vincenzo Piuri
14. Types of Intrusion Detection Systems for
Mobile Devices 121 1. Introduction 165
15. Types of Intrusion Detection Systems for 2. Cloud Computing Fault
Cloud Computing 123 Model 166
16. Intrusion Detection System Performance 3. Basic Concepts of Fault Tolerance 168
Metrics 126 4. Different Levels of Fault Tolerance in
17. Summary 127 Cloud Computing 170
Chapter Review Questions/Exercises 128 5. Fault Tolerance Against Crash Failures in
Exercise 128 Cloud Computing 171
References 128 6. Fault Tolerance Against Byzantine Failures
in Cloud Computing 173
7. Preventing System Intrusions 131 7. Fault Tolerance as a Service in Cloud
Computing 175
Michael A. West 8. Summary 179
1. So, What Is an Intrusion? 132 Chapter Review Questions/Exercises 180
2. Sobering Numbers 133 Exercise 180
3. Know Your Enemy: Hackers Versus Acknowledgments 180
Crackers 133 References 180
 Contents ix

10. Securing Web Applications, 13. Internet Security 239

Services, and Servers 183 Jesse Walker
Gerald Beuchelt
1. Internet Protocol Architecture 239
1. Setting the Stage 183 2. An Internet Threat Model 246
2. Basic Security for HTTP Applications and 3. Defending Against Attacks on the
Services 184 Internet 251
3. Basic Security for SOAP Services 187 4. Internet Security Checklist 262
4. Identity Management and Web 5. Summary 262
Services 189 Chapter Review Questions/Exercises 263
5. Authorization Patterns 195 Exercise 263
6. Security Considerations 196
7. Challenges 201 14. The Botnet Problem 265
8. Summary 202
Nailah Mims
Chapter Review Questions/Exercises 202
Exercise 203 1. Introduction 265
Resources 203 2. What Is a Botnet? 265
3. Building a Botnet 265
11. UNIX and Linux Security 205 4. The Problem With Botnets 268
5. Botnet Case Studies and Known
Gerald Beuchelt
Botnets 270
1. Introduction 205 6. Summary 272
2. UNIX and Security 205 Chapter Review Questions/Exercises 272
3. Basic UNIX Security Overview 206 Exercise 273
4. Achieving UNIX Security 209 References 274
5. Protecting User Accounts and
Strengthening Authentication 211 15. Intranet Security 275
6. Limiting Superuser Privileges 215
7. Securing Local and Network File Bill Mansoor
Systems 217 1. Smartphones and Tablets in the
8. Network Configuration 219 Intranet 277
9. Improving the Security of Linux and 2. Security Considerations 281
UNIX Systems 221 3. Plugging the Gaps: Network Access
10. Additional Resources 222 Control and Access Control 283
11. Summary 223 4. Measuring Risk: Audits 284
Chapter Review Questions/Exercises 223 5. Guardian at the Gate: Authentication
Exercise 224 and Encryption 286
6. Wireless Network Security 286
12. Eliminating the Security Weakness 7. Shielding the Wire: Network
of Linux and UNIX Operating Protection 287
Systems 225 8. Weakest Link in Security: User
Training 289
Mario Santana
9. Documenting the Network: Change
1. Introduction to Linux and UNIX 225 Management 289
2. Hardening Linux and UNIX 229 10. Rehearse the Inevitable: Disaster
3. Proactive Defense for Linux and Recovery 290
UNIX 236 11. Controlling Hazards: Physical and
4. Summary 237 Environmental Protection 292
Chapter Review Questions/Exercises 238 12. Know Your Users: Personnel
Exercise 238 Security 293
x Contents

13. Protecting Data Flow: Information and Chapter Review Questions/Exercises 334
System Integrity 293 Exercise 335
14. Security Assessments 294 References 335
15. Risk Assessments 294
16. Intranet Security Implementation 19. Security for the Internet of
Process Checklist 295 Things 339
17. Summary 295
Chapter Review Questions/Exercises 296 William Stallings
Exercise 296 1. Introduction 339
2. ITU-T Internet of Things (IoT) Reference
Model 340
16. Local Area Network Security
3. Internet of Things (IoT) Security 344
(online chapter) 299 4. Summary 347
Pramod Pandya Chapter Review Questions/Exercises 347
Exercise 348
17. Wireless Network Security 301 References 348

Chunming Rong, Gansen Zhao, 20. Cellular Network Security 349

Liang Yan, Erdal Cayirci,
Hongbing Cheng Peng Liu, Thomas F. LaPorta,
Kameswari Kotapati
1. Cellular Networks 301
2. Wireless Ad Hoc Networks 303 1. Introduction 349
3. Security Protocols 304 2. Overview of Cellular Networks 349
4. Wired Equivalent Privacy 305 3. The State of the Art of Cellular Network
5. Secure Routing 307 Security 352
6. Authenticated Routing for Ad Hoc 4. Cellular Network Attack
Networks 309 Taxonomy 354
7. Secure Link State Routing 5. Cellular Network Vulnerability
Protocol 309 Analysis 359
8. Key Establishment 310 6. Summary 366
9. Ingemarsson, Tang, and Wong 311 Chapter Review Questions/Exercises 367
10. Management Countermeasures 313 Exercise 367
11. Summary 314 References 368
Chapter Review Questions/Exercises 314
Exercise 315 21. Radio Frequency Identification
References 315 Security 369
Chunming Rong, Gansen Zhao, Liang Yan,
18. Wireless Sensor Network Security: Erdal Cayirci, Hongbing Cheng
The Internet of Things 317
1. Radio Frequency Identification
Harsh Kupwade Patil, Thomas M. Chen Introduction 369
2. Radio Frequency Identification
1. Introduction to Wireless Sensor
Challenges 372
Networks 317
3. Radio Frequency Identification
2. Threats to Privacy 319
Protections 376
3. Cryptographic Security in Wireless
4. Summary 382
Sensor Networks 323
Chapter Review Questions/Exercises 383
4. Secure Routing in Wireless Sensor
Exercise 383
Networks 329
References 384
5. Routing Protocols in Wireless Sensor
Networks 330
22. Optical Network Security
6. Wireless Sensor Networks and Internet
(online chapter) 387
of Things 332
7. Summary 334 Lauren Collins
 Contents xi

23. Optical Wireless Security 26. Policy-Driven System

(online chapter) 389 Management 427
Scott R. Ellis Henrik Plate, Cataldo Basile,
Stefano Paraboschi
1. Introduction 427
Part II 2. Security and Policy-Based
Managing Information Security 391 Management 427
3. Classification and Languages 439
24. Information Security Essentials for 4. Controls for Enforcing Security Policies
Information Technology Managers: in Distributed Systems 442
Protecting Mission-Critical 5. Products and Technologies 447
6. Research Projects 452
Systems 393
7. Summary 457
Albert Caballero Chapter Review Questions/Exercises 458
Exercise 458
1. Introduction 393
Acknowledgments 458
2. Protecting Mission-Critical
References 459
Systems 394
3. Information Security Essentials for
Information Technology 27. Information Technology Security
Managers 396 Management (online chapter) 461
4. Systems and Network Security 399
Rahul Bhaskar, Bhushan Kapoor
5. Application Security 402
6. Cloud Security 404
7. Data Protection 407 28. The Enemy (The Intruder’s
8. Wireless and Mobile Security 408 Genesis) (online chapter) 463
9. Identity and Access Management 409
Pramod Pandya
10. Security Operations 410
11. Policies, Plans, and Programs 413
12. Summary 417 29. Social Engineering Deceptions
Chapter Review Questions/Exercises 417 and Defenses 465
Exercise 418 Scott R. Ellis
References 418
1. Introduction 465
25. Security Management Systems 421 2. Counter-Social Engineering 465
3. Vulnerabilities 466
Jim Harmening 4. Using a Layered Defense
1. Security Management System Approach 467
Standards 421 5. Attack Scenarios 469
2. Training Requirements 422 6. Suspect Everyone: Network Vector 469
3. Principles of Information Security 422 7. Policy and Training 471
4. Roles and Responsibilities of 8. Physical Access 472
Personnel 422 9. Summary 472
5. Security Policies 422 Chapter Review Questions/Exercises 473
6. Security Controls 423 Exercise 473
7. Network Access 423
8. Risk Assessment 424 30. Ethical Hacking 475
9. Incident Response 425
Scott R. Ellis
10. Summary 425
Chapter Review Questions/Exercises 426 1. Introduction 475
Exercise 426 2. Hacker’s Toolbox 476
xii Contents

3. Attack Vectors 478 33. Security Education, Training, and

4. Physical Penetrations 480 Awareness 497
5. Summary 481
Chapter Review Questions/Exercises 481 Albert Caballero
Exercise 481 1. Security Education, Training, and
Awareness (SETA) Programs 497
31. What Is Vulnerability 2. Users, Behavior, and Roles 499
Assessment? 483 3. Security Education, Training, and
Awareness (SETA) Program Design 500
Almantas Kakareka
4. Security Education, Training, and
1. Introduction 483 Awareness (SETA) Program
2. Reporting 483 Development 501
3. The “It Will Not Happen to Us” 5. Implementation and Delivery 501
Factor 484 6. Technologies and Platforms 502
4. Why Vulnerability Assessment? 484 7. Summary 503
5. Penetration Testing Versus Vulnerability Chapter Review Questions/Exercises 504
Assessment 484 Exercise 505
6. Vulnerability Assessment Goal 485 References 505
7. Mapping the Network 485
8. Selecting the Right Scanners 485 34. Risk Management 507
9. Central Scans Versus Local Scans 487
10. Defense in Depth Strategy 488 Sokratis K. Katsikas
11. Vulnerability Assessment Tools 488 1. The Concept of Risk 508
12. Security Auditor’s Research 2. Expressing and Measuring Risk 508
Assistant 489 3. The Risk Management
13. Security Administrator’s Integrated Methodology 510
Network Tool 489 4. Risk Management Laws and
14. Microsoft Baseline Security Regulations 522
Analyzer 489 5. Risk Management Standards 524
15. Scanner Performance 489 6. Summary 526
16. Scan Verification 490 Chapter Review Questions/Exercises 526
17. Scanning Cornerstones 490 Exercise 527
18. Network Scanning
Countermeasures 490 35. Insider Threat 529
19. Vulnerability Disclosure
Date 490 William F. Gross
20. Proactive Security Versus Reactive 1. Introduction 529
Security 491 2. Defining Insider Threat 529
21. Vulnerability Causes 492 3. Motivations of the Insider Threat
22. Do It Yourself Vulnerability Actors 530
Assessment 493 4. Insider Threat Indicators 531
23. Summary 493 5. Examples of Insider Threats 531
Chapter Review Questions/Exercises 493 6. Impacts 532
Exercise 494 7. Analysis: Relevance 532
8. Manage and Mitigate the Insider
32. Security Metrics: An Introduction Threat 532
and Literature Review 9. Summary 534
(online chapter) 495 Chapter Review Questions/Exercises 535
Exercise 535
George O.M. Yee
References 535
 Contents xiii

Part III 39. Security Policies and Plans

Disaster Recovery Security 537 Development 565
Keith Lewis
36. Disaster Recovery 539
1. Introduction: Policies and Planning:
Scott R. Ellis, Lauren Collins Security Framework Foundation 565
1. Introduction 539 2. CIA: Not the Central Intelligence
2. Measuring Risk and Avoiding Agency 567
Disaster 539 3. Security Policy Structure 567
3. The Business Impact Assessment 541 4. Security Policy: Sign Off Approval 569
4. Summary 546 5. Summary 569
Chapter Review Questions/Exercises 546 Chapter Review Questions/Exercises 569
Exercise 547 Exercise 570
References 570
37. Disaster Recovery Plans for
Small and Medium Businesses
(SMBs) 549 Part V
Cyber, Network, and Systems
William F. Gross, Jr.
Forensics Security and
1. Introduction 549 Assurance 571
2. Identifying the Need for a Disaster
Recovery Plan 549
40. Cyber Forensics 573
3. Recovery 549
4. Threat Analysis 550 Scott R. Ellis
5. Methodology 550
1. What Is Cyber Forensics? 573
6. Train and Test the Plan 551
2. Analysis of Data 574
7. Communication 551
3. Cyber Forensics in the Court
8. Recovery 552
System 576
9. Summary 552
4. Understanding Internet History 577
Chapter Review Questions/Exercises 552
5. Temporary Restraining Orders and
Exercise 553
Labor Disputes 578
References 553
6. First Principles 589
7. Hacking a Windows XP Password 589
8. Network Analysis 592
Part IV 9. Cyber Forensics Applied 593
Security Standards and Policies 555 10. Tracking, Inventory, Location of Files,
Paperwork, Backups, and So on 593
38. Security Certification and Standards 11. Testifying as an Expert 595
Implementation 557 12. Beginning to End in Court 598
13. Summary 601
Keith Lewis Chapter Review Questions/Exercises 601
1. Introduction: The Security Compliance Exercise 602
Puzzle 557
2. The Age of Digital Regulations 557 41. Cyber Forensics and Incidence
3. Security Regulations and Laws: Response 603
Technology Challenges 558
Cem Gurkok
4. Implementation: The Compliance
Foundation 560 1. Introduction to Cyber Forensics 603
5. Summary 562 2. Handling Preliminary
Chapter Review Questions/Exercises 562 Investigations 604
Exercise 563 3. Controlling an Investigation 606
References 563 4. Conducting Disc-Based Analysis 607
xiv Contents

5. Investigating Information-Hiding Part VI

Techniques 610
6. Scrutinizing Email 614
Encryption Technology 673
7. Validating Email Header
Information 615
46. Data Encryption
8. Tracing Internet Access 616 (online chapter) 675
9. Searching Memory in Real Time 619 Bhushan Kapoor, Pramod Pandya
10. Summary 625
Chapter Review Questions/Exercises 627
Exercise 627 47. Satellite Encryption 677
References 628 Daniel S. Soper

42. Securing e-Discovery 629 1. Introduction 677

2. The Need for Satellite Encryption 678
Scott R. Ellis 3. Implementing Satellite Encryption 679
1. Information Management 631 4. Pirate Decryption of Satellite
2. Legal and Regulatory Obligation 631 Transmissions 683
3. Summary 654 5. Satellite Encryption Policy 685
Chapter Review Questions/Exercises 654 6. Satellite Encryption Service (SES) 686
Exercise 655 7. The Future of Satellite Encryption 686
8. Summary 686
Chapter Review Questions/Exercises 688
43. Network Forensics
Exercise 688
(online chapter) 657
Yong Guan 48. Public Key Infrastructure 691
Terence Spies
44. Microsoft Office and Metadata 1. Cryptographic Background 691
Forensics: A Deeper Dive 659 2. Overview of Public Key
Rich Hoffman Infrastructure 693
3. The X.509 Model 694
1. Introduction 659
4. X.509 Implementation
2. In a Perfect World 659
Architectures 695
3. Microsoft Excel 660
5. X.509 Certificate Validation 695
4. Exams! 661
6. X.509 Certificate Revocation 698
5. Items Outside of Office
7. Server-Based Certificate Validity
Metadata 663
Protocol 699
6. Summary 666
8. X.509 Bridge Certification
Chapter Review Questions/Exercises 666
Systems 700
Exercise 667
9. X.509 Certificate Format 702
10. Public Key Infrastructure Policy
45. Hard Drive Imaging 669 Description 704
John Benjamin Khan 11. Public Key Infrastructure Standards
Organizations 705
1. Introduction 669 12. Pretty Good Privacy Certificate
2. Hard Disc Drives 669 Formats 706
3. Solid State Drives 669 13. Pretty Good Privacy Public Key
4. Hardware Tools 670 Infrastructure Implementations 706
5. Software Tools 670 14. World Wide Web Consortium 707
6. Techniques 670 15. Is Public Key Infrastructure
7. Summary 671 Secure? 707
Chapter Review Questions/Exercises 671 16. Alternative Public Key Infrastructure
Exercise 672 Architectures 707
References 672 17. Modified X.509 Architectures 708
 Contents xv

18. Alternative Key Management Part VII

Models 708
19. Summary 709
Privacy and Access
Chapter Review Questions/Exercises 710 Management 741
Exercise 710
References 710 52. Online Privacy 743
Chiara Braghin, Marco Cremonini
49. Password-Based Authenticated
Key Establishment Protocols 1. The Quest for Privacy 743
2. Trading Personal Data 746
(online chapter) 713
3. Control of Personal Data 747
Jean Lancrenon, Dalia Khader, 4. Privacy and Technologies 749
Peter Y.A. Ryan, Feng Hao 5. Summary 755
Chapter Review Questions/Exercises 755
Exercise 756
50. Context-Aware Multifactor References 756
Authentication Survey 715
Emin Huseynov, Jean-Marc Seigneur 53. Privacy-Enhancing
1. Introduction 715
Technologies 759
2. Classic Approach to Multifactor Simone Fischer-Hbner, Stefan Berthold
Authentication 715
1. The Concept of Privacy 759
3. Modern Approaches to Multifactor
2. Legal Privacy Principles 759
Authentication 718
3. Classification of Privacy-Enhancing
4. Comparative Summary 722
Technologies (PETs) 761
5. Summary 723
4. Traditional Privacy Goals of
Chapter Review Questions/Exercises 724
Privacy-Enhancing Technologies
Exercise 726
(PETs) 761
References 726
5. Privacy Metrics 762
6. Data Minimization Technologies 764
51. Instant-Messaging Security 727 7. Transparency-Enhancing
Samuel J.J. Curry Tools 772
8. Summary 775
1. Why Should I Care About Instant
Chapter Review Questions/Exercises 775
Messaging? 727
Exercise 776
2. What Is Instant Messaging? 727
References 776
3. The Evolution of Networking
Technologies 728
4. Game Theory and Instant
54. Personal Privacy Policies
Messaging 728 (online chapter) 779
5. The Nature of the Threat 731 George O.M. Yee, Larry Korba
6. Common Instant Messaging
Applications 734
7. Defensive Strategies 735 55. Detection of Conflicts in Security
8. Instant-Messaging Security Maturity Policies 781
and Solutions 736 Cataldo Basile, Matteo Maria Casalino,
9. Processes 737 Simone Mutti, Stefano Paraboschi
10. Summary 738
Chapter Review Questions/Exercises 740 1. Introduction 781
Exercise 740 2. Conflicts in Security Policies 781
xvi Contents

3. Conflicts in Executable Security 58. Virtual Private Networks 843

Policies 785
4. Conflicts in Network Security James T. Harmening
Policies 788 1. History 844
5. Query-Based Conflict 2. Who Is in Charge? 847
Detection 789 3. Virtual Private Network Types 848
6. Semantic Web Technology for Conflict 4. Authentication Methods 851
Detection 795 5. Symmetric Encryption 851
7. Summary 798 6. Asymmetric Cryptography 852
Chapter Review Questions/Exercises 798 7. Edge Devices 852
Exercise 799 8. Passwords 852
Acknowledgments 799 9. Hackers and Crackers 853
References 799 10. Mobile Virtual Private Network 853
11. Virtual Private Network
56. Supporting User Privacy Deployments 854
Preferences in Digital 12. Summary 854
Interactions 801 Chapter Review Questions/Exercises 854
Exercise 855
Sara Foresti, Pierangela Samarati References 856
1. Introduction 801 Resources 856
2. Basic Concepts and Desiderata 802
3. Cost-Sensitive Trust Negotiation 805 59. Identity Theft (online chapter) 857
4. Point-Based Trust Management 808 Markus Jakobsson, Alex Tsow
5. Logical-Based Minimal Credential
Disclosure 810
6. Privacy Preferences in Credential-Based 60. VoIP Security 859
Interactions 812 Harsh Kupwade Patil, Dan Wing,
7. Fine-Grained Disclosure of Sensitive Thomas M. Chen
Access Policies 817
8. Open Issues 819 1. Introduction 859
9. Summary 819 2. Overview of Threats 861
Chapter Review Questions/Exercises 820 3. Security in Voice Over Internet
Exercise 820 Protocol 866
Acknowledgments 820 4. Future Trends 868
References 821 5. Summary 871
Chapter Review Questions/Exercises 872
Exercise 873
57. Privacy and Security in
Environmental Monitoring
Systems: Issues and Solutions 823 Part VIII
Sabrina De Capitani di Vimercati, Storage Security 875
Angelo Genovese, Giovanni Livraga,
Vincenzo Piuri, Fabio Scotti 61. SAN Security (online chapter) 877
1. Introduction 823 John McGowan, Jeffrey S. Bardin,
2. System Architectures 824 John McDonald
3. Environmental Data 826
4. Security and Privacy Issues in 62. Storage Area Networking Security
Environmental Monitoring 827 Devices 879
5. Countermeasures 829
Robert Rounsavall
6. Summary 838
Chapter Review Questions/Exercises 838 1. What Is Storage Area Networking
Exercise 838 (SAN)? 879
Acknowledgments 839 2. Storage Area Networking (SAN)
References 839 Deployment Justifications 879
 Contents xvii

3. The Critical Reasons for Storage Area 65. Private Cloud Security 931
Networking (SAN) Security 880
4. Storage Area Networking (SAN) Keith Lewis
Architecture and Components 880 1. Introduction: Private Cloud System
5. Storage Area Networking (SAN) General Management 931
Threats and Issues 882 2. From Physical to Network Security Base
6. Summary 893 Focus 931
Chapter Review Questions/Exercises 893 3. Benefits of Private Cloud Security
Exercise 894 Infrastructures 933
4. Private Cloud Security Standards and
Best Practices 933
Part IX 5. “As-a-Service” Universe: Service
Cloud Security 895 Models 934
6. Private Cloud Service Model: Layer
Considerations 935
63. Securing Cloud Computing
7. Privacy or Public: The Cloud Security
Systems 897 Challenges 935
Cem Gurkok 8. Summary 935
Chapter Review Questions/Exercises 936
1. Cloud Computing Essentials: Examining
Exercise 936
the Cloud Layers 897
References 936
2. Software as a Service: Managing Risks in
the Cloud 903
3. Platform as a Service: Securing the
66. Virtual Private Cloud Security 937
Platform 904 Keith Lewis
4. Infrastructure as a Service 907
1. Introduction: Virtual Networking in a
5. Leveraging Provider-Specific Security
Private Cloud 937
Options 911
2. Security Console: Centralized Control
6. Achieving Security in a Private
Dashboard Management 937
Cloud 912
3. Security Designs: Virtual Private Cloud
7. Meeting Compliance
Setups 938
Requirements 916
4. Security Object Group Allocations:
8. Preparing for Disaster Recovery 919
Functional Control Management
9. Summary 921
Practices 939
Chapter Review Questions/Exercises 921
5. Virtual Private Cloud Performance
Exercise 922
Versus Security 940
References 922
6. Summary 941
Chapter Review Questions/Exercises 941
64. Cloud Security 923 Exercise 942
Edward G. Amoroso References 942
1. Cloud Overview: Public, Private,
Hybrid 923
2. Cloud Security Threats 924 Part X
3. Internet Service Provider Cloud Virtual Virtual Security 943
Private Network Peering Services 924
4. Cloud Access Security Brokers 925 67. Protecting Virtual
5. Cloud Encryption 925 Infrastructure 945
6. Cloud Security Microsegmentation 926
7. Cloud Security Compliance 927 Edward G. Amoroso
8. Summary 929 1. Virtualization in Computing 945
Chapter Review Questions/Exercises 929 2. Virtual Data Center Security 946
Exercise 929 3. Hypervisor Security 947
References 930 4. Enterprise Segmentation 947
xviii Contents

5. Active Containerized Security 948 5. Threat Assessment, Planning, and Plan

6. Virtual Absorption of Volume Implementation 971
Attacks 948 6. Example: A Corporate Physical Security
7. Open Source Versus Proprietary Policy 972
Security Capabilities 949 7. Integration of Physical and Logical
8. Summary 950 Security 973
Chapter Review Questions/Exercises 950 8. Physical Security Checklist 976
Exercise 951 9. Summary 976
Reference 951 Chapter Review Questions/Exercises 977
Exercise 979
References 979
68. Software-Defined Networking and
Network Function Virtualization
70. Biometrics (online chapter) 981
Security 953
Luther Martin
Edward G. Amoroso
1. Introduction to Software-Defined
Networking 953
2. Software-Defined Networking and Part XII
Network Function Virtualization Practical Security 983
Overview 954
3. Software-Defined Networking and 71. Online Identity and User
Network Function Virtualization for Management Services 985
Internet Service Providers 956
Tewfiq El Maliki, Jean-Marc Seigneur
4. Software-Defined Networking
Controller Security 956 1. Introduction 985
5. Improved Patching With 2. Evolution of Identity Management
Software-Defined Networking 957 Requirements 985
6. Dynamic Security Service Chaining in 3. The Requirements Fulfilled by Identity
Software-Defined Networking 957 Management Technologies 989
7. Future Virtualized Management Security 4. Identity Management 1.0 989
Support in Software-Defined 5. Social Login and User
Networking 959 Management 1001
8. Summary 959 6. Identity 2.0 for Mobile Users 1002
Chapter Review Questions/Exercises 960 7. Summary 1007
Exercise 961 Chapter Review Questions/Exercises 1007
References 961 Exercise 1008
References 1008

Part XI 72. Intrusion Prevention and Detection

Systems 1011
Cyber Physical Security 963
Christopher Day
69. Physical Security Essentials 965 1. What Is an “Intrusion” Anyway? 1011
William Stallings 2. Physical Theft 1011
3. Abuse of Privileges (the Insider
1. Overview 965 Threat) 1011
2. Physical Security Threats 966 4. Unauthorized Access by
3. Physical Security Prevention and Outsider 1012
Mitigation Measures 970 5. Malicious Software Infection 1012
4. Recovery From Physical Security 6. Role of the “Zero-Day” 1013
Breaches 971
 Contents xix

7. The Rogue’s Gallery: Attackers and 76. System Security

Motives 1014 (online chapter) 1039
8. A Brief Introduction to Transmission
Control Protocol/Internet Lauren Collins
Protocol 1014
9. Transmission Control Protocol/ 77. Access Controls 1041
Internet Protocol Data Architecture
and Data Encapsulation 1015 Lauren Collins
10. Survey of Intrusion Detection and 1. Infrastructure Weaknesses:
Prevention Technologies 1019 Discretionary Access Control (DAC),
11. Antimalicious Software 1019 Mandatory Access Control (MAC),
12. Network-Based Intrusion Detection and Role-Based Access Control
Systems 1019 (RBAC) 1041
13. Network-Based Intrusion Prevention 2. Strengthening the Infrastructure:
Systems 1021 Authentication Systems 1044
14. Host-Based Intrusion Prevention 3. Summary 1046
Systems 1021 Chapter Review Questions/Exercises 1047
15. Security Information Management Exercise 1047
Systems 1021
16. Network Session Analysis 1022
17. Digital Forensics 1023 78. Endpoint Security 1049
18. System Integrity Validation 1023 Keith Lewis
19. Summary 1023
Chapter Review Questions/Exercises 1023 1. Introduction: Endpoint Security
Exercise 1024 Defined 1049
References 1024 2. Endpoint Solution: Options 1049
3. Standard Requirements: Security
73. Transmission Control Protocol/ Decisions 1049
Internet Protocol Packet Analysis 4. Endpoint Architecture: Functional
Challenges 1050
(online chapter) 1027
5. Endpoint Intrusion Security:
Pramod Pandya Management Systems 1052
6. Intrusion Prevention System (IPS)
74. Firewalls (online chapter) 1029 Network Logging Tools: Seek and Target
(the Offender) 1053
Errin W. Fulp 7. Endpoint Unification: Network
Access Control (NAC) Design
75. Penetration Testing 1031 Approach (From the Ground-Up) 1053
Roman Zabicki, Scott R. Ellis 8. Software-as-a-Service (SaaS) Endpoint
Security 1053
1. What Is Penetration Testing? 1031 9. Summary 1054
2. Why Would You Do It? 1031 Chapter Review Questions/Exercises 1054
3. How Do You Do It? 1032 Exercise 1055
4. Examples of Penetration Test References 1055
Scenarios 1035
5. Summary 1037
79. Assessments and Audits
Chapter Review Questions/Exercises 1037
Exercise 1038
(online chapter) 1057
References 1038 Lauren Collins
xx Contents

80. Fundamentals of 7. Advanced Persistent Threat 1113

Cryptography 1059 8. Additional Considerations 1114
9. Summary 1114
Scott R. Ellis Chapter Review Questions/Exercises 1115
1. Assuring Privacy With Encryption 1059 Exercise 1115
2. Summary 1065 References 1116
Chapter Review Questions/Exercises 1065
Exercise 1066
Part XIV
Advanced Security 1117
Part XIII
Critical Infrastructure Security 1067 85. Security Through Diversity 1119
Kevin Noble
81. Securing the Infrastructure 1069
1. Ubiquity 1120
Lauren Collins 2. Example Attacks Against
1. Communication Security Goals 1069 Uniformity 1121
2. Attacks and Countermeasures 1076 3. Attacking Ubiquity With Antivirus
3. Summary 1080 Tools 1122
Chapter Review Questions/Exercises 1081 4. The Threat of Worms 1122
Exercise 1081 5. Automated Network Defense 1124
6. Diversity and the Browser 1125
7. Sandboxing and Virtualization 1126
82. Homeland Security 8. Domain Name Server Example of
(online chapter) 1083 Diversity Through Security 1126
Rahul Bhaskar, Bhushan Kapoor 9. Recovery From Disaster Is
Survival 1127
10. Summary 1127
83. Cyber Warfare 1085 Chapter Review Questions/Exercises 1128
Anna Granova, Marco Slaviero Exercise 1129

1. Cyber Warfare Model 1085 86. e-Reputation and Online

2. Cyber Warfare Defined 1086
Reputation Management
3. Cyber Warfare: Myth or Reality? 1086
4. Participants, Roles, Attribution, and
Survey 1131
Asymmetry 1088 Jean-Marc Seigneur
5. Making Cyber Warfare Possible 1092
1. Introduction 1131
6. Legal Aspects of Cyber Warfare 1099
2. The Human Notion of Reputation 1132
7. Holistic View of Cyber Warfare 1103
3. Reputation Applied to the Computing
8. Summary 1103
World 1134
Chapter Review Questions/Exercises 1103
4. State of the Art of Attack-Resistant
Exercise 1104
Reputation Computation 1137
5. Overview of Past and Current Online
84. Cyber-Attack Process 1105 Reputation Services 1141
Nailah Mims 6. Summary 1149
Chapter Review Questions/Exercises 1150
1. What Is a Cyber-Attack? 1105
Exercise 1150
2. Cyber-Attack Adversaries 1106
References 1150
3. Cyber-Attack Targets 1106
4. Cyber-Attack Process 1106
5. Tools and Tactics of a
87. Content Filtering
Cyber-Attack 1107 (online chapter) 1153
6. Cyber-Attack Case Studies 1110 Pete F. Nicoletti
 Contents xxi

88. Data Loss Protection 1155 Chapter Review Questions/Exercises 1180

Exercise 1181
Ken Perkins References 1181
1. Precursors of DLP 1156
2. What Is Data Loss Protection 90. Verifiable Voting Systems
(DLP)? 1157 (online chapter) 1183
3. Where to Begin? 1162
Thea Peacock, Peter Y.A. Ryan,
4. Data Is Like Water 1162
Steve Schneider, Zhe Xia
5. You Don’t Know What You Don’t
Know 1164
6. How Do Data Loss Protection (DLP) 91. Advanced Data Encryption 1185
Applications Work? 1165
7. Eat Your Vegetables 1166 Pramod Pandya
8. IT’s a Family Affair, Not Just IT 1. Mathematical Concepts
Security’s Problem 1169 Reviewed 1185
9. Vendors, Vendors Everywhere! 2. The Rivest, Shamir, and Adelman
Who Do You Believe? 1169 Cryptosystem 1189
10. Summary 1170 3. Summary 1194
Chapter Review Questions/Exercises 1171 Chapter Review Questions/Exercises 1195
Exercise 1171 Exercise 1195
References 1195
89. Satellite Cyber Attack Search and
Destroy 1173 Index 1197
Jeffrey Bardin
1. Hacks, Interference, and
Jamming 1173
2. Summary 1180

Online Chapters and Appendices 13. Dynamic Network Address Translation

Configuration e11
14. The Perimeter e11
16. Local Area Network Security e1 15. Access List Details e13
Pramod Pandya 16. Types of Firewalls e14
17. Packet Filtering: Internet Protocol
1. Identify Network Threats e1 Filtering Routers e14
2. Establish Network Access 18. Application-Layer Firewalls: Proxy
Controls e2 Servers e14
3. Risk Assessment e3 19. Stateful Inspection Firewalls e14
4. Listing Network Resources e3 20. Network Intrusion Detection System
5. Threats e3 Complements Firewalls e14
6. Security Policies e4 21. Monitor and Analyze System
7. The Incident-Handling Process e4 Activities e15
8. Secure Design Through Network 22. Signature Analysis e15
Access Controls e4 23. Statistical Analysis e15
9. Intrusion Detection System 24. Signature Algorithms e16
Defined e5 25. Local Area Network Security
10. Network Intrusion Detection System: Countermeasures Implementation
Scope and Limitations e5 Checklist e19
11. A Practical Illustration of Network 26. Summary e19
Intrusion Detection System e5 Chapter Review Questions/Exercises e19
12. Firewalls e7 Exercise e20
xxii Contents

22. Optical Network Security e21 32. Security Metrics: An Introduction

Lauren Collins
and Literature Review e57
George O.M. Yee
1. Optical Networks e21
2. Securing Optical Networks e23 1. Introduction e57
3. Identifying Vulnerabilities e25 2. Why Security Metrics? e58
4. Corrective Actions e26 3. The Nature of Security Metrics e59
5. Summary e26 4. Getting Started With Security
Chapter Review Questions/Exercises e27 Metrics e62
Exercise e27 5. Metrics in Action: Toward an Intelligent
References e27 Security Dashboard e63
6. Security Metrics in the Literature e63
23. Optical Wireless Security e29 7. Summary e68
Chapter Review Questions/Exercises e69
Scott R. Ellis
Exercise e69
1. Optical Wireless Systems Overview e29 References e69
2. Deployment Architectures e30
3. High Bandwidth e31 43. Network Forensics e71
4. Low Cost e31
Yong Guan
5. Implementation e31
6. Surface Area e31 1. Scientific Overview e71
7. Summary e33 2. The Principles of Network
Chapter Review Questions/Exercises e33 Forensics e71
Exercise e34 3. Attack Trace-Back and Attribution e72
4. Critical Needs Analysis e78
27. Information Technology Security 5. Research Directions e78
Management e35 6. Summary e79
Chapter Review Questions/Exercises e81
Rahul Bhaskar, Bhushan Kapoor
Exercise e82
1. Information Security Management
Standards e35 46. Data Encryption e83
2. Other Organizations Involved in
Bhushan Kapoor, Pramod Pandya
Standards e36
3. Information Technology Security 1. Need for Cryptography e83
Aspects e36 2. Mathematical Prelude to
4. Summary e43 Cryptography e84
Chapter Review Questions/Exercises e43 3. Classical Cryptography e84
Exercise e44 4. Modern Symmetric Ciphers e87
5. Algebraic Structure e89
28. The Enemy (The Intruder’s 6. The Internal Functions of Rijndael in
Genesis) e45 Advanced Encryption Standard
Implementation e93
Pramod Pandya 7. Use of Modern Block Ciphers e97
1. Introduction e45 8. Public-Key Cryptography e98
2. Active Reconnaissance e46 9. Cryptanalysis of
3. Enumeration e50 RivesteShamireAdleman e101
4. Penetration and Gain Access e51 10. DiffieeHellman Algorithm e102
5. Maintain Access e53 11. Elliptic Curve Cryptosystems e102
6. Defend Network Against Unauthorized 12. Message Integrity and
Access e54 Authentication e104
7. Summary e55 13. Triple Data Encryption Algorithm Block
Chapter Review Questions/Exercises e55 Cipher e105
Exercise e56 14. Summary e106
 Contents xxiii

Chapter Review Questions/Exercises e106 4. Change Management e168

Exercise e107 5. Password Policies e168
References e107 6. Defense-in-Depth e169
7. Vendor Security Review e169
49. Password-Based Authenticated Key 8. Data Classification e169
Establishment Protocols e109 9. Security Management e169
10. Auditing e169
Jean Lancrenon, Dalia Khader, Peter Y.A. Ryan, 11. Security Maintenance e170
Feng Hao 12. Host Access: Partitioning e171
1. Introduction to Key Exchange e109 13. Data Protection: Replicas e172
2. Password-Authenticated Key 14. Encryption in Storage e174
Exchange e112 15. Application of Encryption e177
3. Concrete Protocols e114 16. Summary e185
4. Summary e121 Chapter Review Questions/Exercises e185
Chapter Review Questions/Exercises e121 Exercise e187
Exercise e122 Reference e187
References e122
70. Biometrics e189
54. Personal Privacy Policies e125 Luther Martin
George O.M. Yee, Larry Korba 1. Relevant Standards e190
1. Introduction e125 2. Biometric System Architecture e191
2. Content of Personal Privacy 3. Using Biometric Systems e197
Policies e126 4. Security Considerations e199
3. Semiautomated Derivation of Personal 5. Summary e203
Privacy Policies e127 Chapter Review Questions/Exercises e203
4. Specifying Well-Formed Personal Exercise e204
Privacy Policies e131
5. Preventing Unexpected Negative 73. Transmission Control Protocol/
Outcomes e134 Internet Protocol Packet
6. The Privacy Management Model e135 Analysis e205
7. Discussion and Related Work e140
Pramod Pandya
8. Summary e142
Chapter Review Questions/Exercises e143 1. The Internet Model e205
Exercise e143 2. Summary e218
Chapter Review Questions/Exercises e218
59. Identity Theft e145 Exercise e218
Markus Jakobsson, Alex Tsow
74. Firewalls e219
1. Experimental Design e145
Errin W. Fulp
2. Results and Analysis e152
3. Implications for Crimeware e160 1. Introduction e219
Chapter Review Questions/Exercises e162 2. Network Firewalls e219
Exercise e163 3. Firewall Security Policies e220
References e163 4. A Simple Mathematical Model for
Policies, Rules, and Packets e221
61. SAN Security e165 5. First-Match Firewall Policy
Anomalies e222
John McGowan, Jeffrey S. Bardin,
6. Policy Optimization e222
John McDonald
7. Firewall Types e223
1. Organizational Structure e165 8. Host and Network Firewalls e225
2. Access Control Lists and Policies e167 9. Software and Hardware Firewall
3. Physical Access e168 Implementations e225
xxiv Contents

10. Choosing the Correct Firewall e225 87. Content Filtering e271
11. Firewall Placement and Network
Topology e226 Pete F. Nicoletti
12. Firewall Installation and 1. Defining the Problem e271
Configuration e228 2. Why Content Filtering Is
13. Supporting Outgoing Services Through Important e272
Firewall Configuration e228 3. Content Categorization
14. Secure External Services Technologies e274
Provisioning e230 4. Perimeter Hardware and Software
15. Network Firewalls for Voice and Video Solutions e276
Applications e230 5. Categories e279
16. Firewalls and Important Administrative 6. Legal Issues e280
Service Protocols e231 7. Circumventing Content Filtering e284
17. Internal IP Services Protection e232 8. Additional Items to Consider:
18. Firewall Remote Access Overblocking and
Configuration e233 Underblocking e286
19. Load Balancing and Firewall 9. Related Products e289
Arrays e234 10. Summary e289
20. Highly Available Firewalls e235 Chapter Review Questions/Exercises e291
21. Firewall Management e236 Exercise e291
22. Summary e236
Chapter Review Questions/Exercises e237 90. Verifiable Voting Systems e293
Exercise e237
Thea Peacock, Peter Y.A. Ryan,
76. System Security e239 Steve Schneider, Zhe Xia

Lauren Collins 1. Introduction e293

2. Security Requirements e293
1. Foundations of Security e239 3. Verifiable Voting Schemes e295
2. Basic Countermeasures e243 4. Building Blocks e296
3. Summary e245 5. Survey of Noteworthy Schemes e304
Chapter Review Questions/Exercises e246 6. Threats to Verifiable Voting
Exercise e246 Systems e311
7. Summary e312
79. Assessments and Audits e247 Chapter Review Questions/Exercises e312
Exercise e313
Lauren Collins
References e313
1. Assessing Vulnerabilities and Risk:
Penetration Testing and Vulnerability
Assessments e247 Part XV
2. Risk Management: Quantitative Risk
Measurements e251
Appendices e317
3. Summary e252
Chapter Review Questions/Exercises e254 Appendix A Configuring Authentication Service
Exercise e254 On Microsoft
Windows 10 e319
82. Homeland Security e255 Appendix B Security Management and
Resiliency e323
Rahul Bhaskar, Bhushan Kapoor
Appendix C List of Top Information
1. Statutory Authorities e255 and Network Security
2. Homeland Security Presidential Implementation and Deployment
Directives e261 Companies e325
3. Organizational Actions e262 Appendix D List of Security Products e329
4. Summary e267 Appendix E List of Security Standards e343
Chapter Review Questions/Exercises e268 Appendix F List of Miscellaneous
Exercise e269 Security Resources e345
 Contents xxv

Appendix G Ensuring Built-in, Appendix J Case Studies e365

Frequency-Hopping Spread- Appendix K Answers to Review
Spectrum, Wireless Network Questions/Exercises, Hands-on
Security e355 Projects, Case Projects and
Appendix H Configuring Wireless Security Optional Team Case Project by
Remote Access e357 Chapter e381
Appendix I Frequently Asked Appendix L Glossary e471
Questions e363
This page intentionally left blank
Contributors

Edward G. Amoroso (Chapters 64, 67, 68), Senior Vice Samuel J.J. Curry (Chapter 51), Chief Technology and
President, Chief Security Officer, TAG Cyber LLC Security Officer, Arbor Networks, 76 Blanchard Road,
Jeffrey S. Bardin (Chapters 61, 89), Chief Intelligence Burlington MA 01803
Strategist, Treadstone 71 LLC, 515 Oakham Road, Rozita Dara (Chapter 6), Professor, University of Guelph,
Barre, MA 01005 School of Computer Science Guelph, ON, Canada
Cataldo Basile (Chapters 26, 55), Professor, Universita Christopher Day, CISSP, NSA:IEM (Chapter 72), Senior
degli studi di Bergamo, Via Salvecchio 19, 24129 Vice President, Secure Information Systems, Terremark
Bergamo Italy Worldwide, Inc., One Biscayne Tower 2 South Biscayne
Stefan Berthold (Chapter 53), Tek. Lic., Karlstad Univer- Blvd, Suite 2900, Miami, Florida 33131
sity, Universitetsgatan 2 S-65469, Karlstad/Sweden Sabrina De Capitani di Vimercati (Chapter 57), Pro-
Gerald Beuchelt (Chapters 10, 11), Principal Software fessor, Università degli Studi di Milano, DTI -
Systems Engineer, Demandware, Inc., Burlington, MA Dipartimento di Tecnologie dell’Informazione, S207,
Università degli Studi di Milano, Via Bramante 65,
Rahul Bhaskar (Chapters 27, 82), Professor, Depart- 26013 Crema e Italy
ment of Information Systems and Decision Sciences,
California State University, LH 564, Fullerton, California Tewfiq El Maliki (Chapter 71), Professor, University of
92834 Geneva, Switzerland, 2850 route nationale, 74120
Megève, France; Telecommunications labs, University
Chiara Braghin (Chapter 52), Professor, Dept. of Infor- of Applied Sciences of Geneva, Geneva, Switzerland
mation Technology, University of Milan, via Bramante
65 e 26013, Crema, Italy Scott R. Ellis (Chapters 3, 5, 23, 29, 30, 36, 40, 42, 75,
80), Manager, Infrastructure Engineering Team, kCura,
Albert Caballero (Chapters 24, 33), Chief Technology 175 West Jackson Blvd., Suite 1000, Chicago, IL 60604
Officer - CTO, Digital Era Group, LLC, 9357 Abbot
Ave., Surfside, Fl. 33154 Michael Erbschloe (Foreword), Teaches Information Se-
curity courses at Webster University, St. Louis, Missouri
Matteo Maria Casalino (Chapter 55), Professor, Universita 63119
degli studi di Bergamo, Via Salvecchio 19, 24129
Bergamo Italy Simone Fischer-Hbner (Chapter 53), Professor, Karlstad
University, Department of Computer Science, Room
Erdal Cayirci (Chapters 17, 21), Professor, University of no: 5A 435, Universitetsgatan 1, S 651 88, Karlstad/
Stavanger, N-4036 Stavanger, Norway Sweden
Thomas M. Chen (Chapters 8, 18, 60), Professor, Swansea Sara Foresti (Chapter 56), Professor, Università degli
University, Singleton Park, SA2 8PP, Wales, United Studi di Milano, Information Technology Department,
Kingdom Università degli Studi di Milano, via Bramante,
Hongbing Cheng (Chapters 17, 21), Professor, University 6526013 Crema (CR) Italy
of Stavanger, N-4036, Stavanger, Norway Errin W. Fulp (Chapter 74), Professor, Department of
Lauren Collins (Chapters 22, 36, 76, 77, 79, 81), Founder Computer Science, 239, Manchester Hall, P.O.
and Chief Strategy Officer, Managing Director, Win- Box 7311, Wake Forest University, Winston-Salem,
ning Edge Communications, 8151 West Eagle Lake North Carolina 27109
Road, Peotone, IL 60468 Angelo Genovese (Chapter 57), Professor, Università
Marco Cremonini (Chapter 52), Professor, Dept. of In- degli Studi di Milano, DTI - Dipartimento di Tecnolo-
formation Technology, University of Milan, via Bra- gie dell’Informazione, S207, Università degli Studi di
mante 65 e 26013, Crema, Italy Milano, Via Bramante 65, 26013 Crema e Italy

xxvii
xxviii Contributors

Anna Granova (Chapter 83), Advocate of the High Court Dalia Khader (Chapter 49), Collaborateur scientifique,
of South Africa, University of Pretoria, Computer University of Luxemburg, Campus Kirchberg,
Science Department, Information Technology Building, F 006, 6, rue Richard Coudenhove-Kalergi, L-1359
49 Algernon Road, Norwood, Johannesburg, 2192, Luxembourg
Republic of South Africa John Benjamin Khan (Chapter 45), Former UNIX Oper-
William F. Gross (Chapters 35, 37), Private Investigator, ator, University of Massachusetts, Infragard Member 6
Gross Security, LLC, 146 Main Street, Spencer, WV Stella Rd, Boston, MA 02131
25276 Larry Korba (Chapter 54), Ottawa, Ontario, Canada K1G
Yong Guan (Chapter 43), Litton Assistant Professor, 5N7
Department of Electrical and Computer Engineering, Kameswari Kotapati (Chapter 20), Department of
Iowa State University, 3216 Coover Hall, Ames, Iowa Computer Science and Engineering, The Pennsylvania
50011 State University, University Park, Pennsylvania 16802
Cem Gurkok (Chapters 41, 63), Threat Intelligence Stefan C. Kremer (Chapter 6), Professor, University of
Development Manager, Terremark Worldwide, Inc., Guelph, School of Computer Science, Guelph, ON,
One Biscayne Tower, 2S. Biscayne Blvd., Suite 2800, Canada
Miami, Florida 33131
Thomas F. LaPorta (Chapter 20), Professor, Department
Feng Hao (Chapter 49), Professor, Newcastle University, of Computer Science and Engineering, The Pennsylvania
School of Computing Science, Newcastle University, State University, University Park, Pennsylvania 16802
Newcastle Upon Tyne NE1 7RU
Jean Lencrenon (Chapter 49), Professor, Interdisciplinary
Tarfa Hamed (Chapter 6), Professor, University of Guelph, Centre for Security, Reliability and Trust, 6 rue Richard
School of Computer Science Guelph, ON, Canada Coudenhove-Kalergi, L-1359 Luxembourg-Kirchberg,
James T. Harmening (Chapters 25, 58), President, Computer Luxembourg
Bits, Inc., 123 W. Madison St. Suite 1005, Chicago, Keith Lewis (Chapters 4, 38, 39, 65, 66, 78), IT Security
Illinois 60602 Infrastructure Specialist, Keller Graduate School of
Rich Hoffman (Chapter 44), Assistant Vice President of Management, Naperville, Illinois
Forensics and the Lead Examiner, UnitedLex, 6130 Peng Liu (Chapter 20), Director, Cyber Security Lab,
Sprint 5 Parkway, Suite 300, Overland Park, Kansas College of Information Sciences and Technology,
66211 Pennsylvania State University, University Park,
Emin Huseynov (Chapter 50), Professor, University of Pennsylvania 16802
Geneva, Switzerland, CUI, Bureau, Battelle batiment A 7 Giovanni Livraga (Chapter 57), Professor, Università
route de Drize, c11-1227, 74120 Carouge, Switzerland degli Studi di Milano, DTI - Dipartimento di Tecnolo-
Markus Jakobsson (Chapter 59), Associate Professor of gie dell’Informazione, S207, Università degli Studi di
Informatics at IUB and Associate Director of CACR, Milano, Via Bramante 65, 26013 Crema e Italy
Indiana University, 5631 E Kerr Creek Rd., Bloo- John R. Mallery (Chapter 2), President, Mallery Tech-
mington, IN 47408 nical Training and Consulting, Inc., 9393 West 110th
Ravi Jhawar (Chapter 9), Professor, Universita’ degli St., Suite 500, Overland Park, Kansas, 66210
Studi di Milano, Department of Information Technol- Bill Mansoor (Chapter 15), Information Security Analyst
ogy, Universita’ degli Studi di Milano, via Bramante III, Information Security Office County of Riverside,
65, 26013 Crema (CR) ITALY 24711 Via Alvorado Mission Viejo, California 92692
Almantas Kakareka CISSP, GSNA, GSEC, CEH Luther Martin (Chapter 70), Chief Security Architect,
(Chapter 31), CTO, Demyo, Inc., 351 189th street, Voltage Security, 20400 Stevens Creek, Blvd STE 500
Sunny Isles Beach, FL 33160 Cupertino, CA 95014
Bhushan Kapoor (Chapters 27, 46, 82), Chair, Depart- John McDonald (Chapter 61), EMC Corporation, Hop-
ment of Information Systems and Decision Sciences, kinton, Massachusetts 01748
California State University, LH 564, Fullerton, California
92834 John McGowan (Chapter 61), EMC Corporation, Hop-
kinton, Massachusetts 01748
Sokratis K. Katsikas (Chapter 34), Department of
Technology Education & Digital Systems, University of Nailah Mims (Chapters 14, 84), Information Systems Se-
Piraeus, Piraeus 18532, Greece curity Analyst, Bright Horizons, 2 Seven Springs Lane
H, Burlington, MA 01803
 Contributors xxix

Simone Mutti (Chapter 55), Professor, Universita degli Pierangela Samarati (Chapter 56), Professor, Università
studi di Bergamo, Via Salvecchio 19, 24129 Bergamo degli Studi di Milano, Information Technology
Italy Department, Università degli Studi di Milano, via Bra-
Peter F. Nicoletti (Chapter 87), Consultant, 110 Gumbo mante, 6526013 Crema (CR), Italy
Limbo Lane Po Box 448Miami, Florida, Tavernier, FL Marco Santambrogio (Chapter 7), Professor, Politecnico
33070 di Milano, Milano, ITALY
Kevin Noble, CISSP GSEC (Chapter 85), Director, Secure Mario Santana (Chapter 12), Consultant, Terremark
Information Services, Terremark Worldwide Inc., 50 Worldwide, Inc., One Biscayne Tower, 2S., Biscayne
N.E. 9 Street, Miami, Florida 33132 Blvd., Suite 2800, Miami, Florida 33131
Pramod Pandya (Chapters 16, 28, 46, 73, 91), Professor, Steve Schneider (Chapter 90), Professor, University of
Department of Information Systems and Decision Sci- Surrey, Department of Computing, Guildford, Surrey,
ences, California State University, Fullerton, California GU2 7XH
92834 Fabio Scotti (Chapter 57), Professor, Universita’ degli
Harsh Kupwade Patil (Chapters 18, 60), Professor, Studi di Milano, Department of Information Technol-
Southern Methodist University, Department of Com- ogy, Universita’ degli Studi di Milano, via Bramante
puter Science and Engineering, Lyle School of Engi- 65, 26013 Crema (CR), ITALY
neering, Caruth Hall 3145 Dyer Street, Suite 445 Jean-Marc Seigneur (Chapters 50, 71, 86), Professor,
Dallas, Texas Advanced Systems Group, University of Geneva,
Stefano Paraboschi (Chapters 26, 55), Professor, Uni- Switzerland, Centre Universitaire d’Informatique, Office
versita degli studi di Bergamo, Via Salvecchio 19, 234, Battelle batiment A 7 route de Drize, c11-1227,
24129 Bergamo Italy 74120 Carouge, Switzerland
Thea Peacock (Chapter 90), Professor, University of Marco Slaviero (Chapter 83), Security Analyst, Sense-
Luxemburg, Faculte des Sciences, De la Technologie et Post Pty Ltd, Lakeview 2, 138 Middel street, Nieuw
de la Communication 6, Rue Richard Coudenhove- Muckleneuk, Pretoria, South Africa
Kalergi L-1359 Luxembourg Daniel S. Soper (Chapter 47), Professor, Information and
Ken Perkins (Chapter 88), CIPP (Certified Information Decision Sciences Department, Mihaylo College of
Privacy Professional), Sr. Systems Engineer, Blazent Business and Economics, California State University,
Incorporated, 3650 E. 1st Ave., Denver, Colorado Fullerton, California 92834-6848
80206 Terence Spies (Chapter 48), Chief Technology Officer/
Vincenzo Piuri (Chapters 9, 57), Professor, Universita’ Vice President of Engineering, Hewlett Packard Enter-
degli Studi di Milano, Department of Information prise, 20400 Stevens Creek Blvd, Suite 500, Cupertino,
Technology, Universita’ degli Studi di Milano, via CA 95014
Bramante 65 26013 Crema (CR), ITALY William Stallings (Chapters 19, 69), Consultant and Writer,
Henrik Plate (Chapter 26), Senior Researcher, CISSP, No affiliation, 845 Satucket Road P. O. Box 2405,
SAP Research Security & Trust, 805, avenue du docteur Brewster, MA 02631
Maurice Donat 06250 Mougins, France Alex Tsow (Chapter 59), Professor, Indiana University,
James Pooley (Chapter 1), Attorney, Orrick, Herrington 7514 Ambergate Pl., Mclean, Virginia 22102
& Sutcliffe LLP, 1000 Marsh Road, Menlo Park, CA Jesse Walker (Chapter 13), Principal Engineer, Intel
94025-1015 Corporation, JF2-55 2111 N.E. 25th Avenue, Hillsboro,
Chunming Rong (Chapters 17, 21), Professor, Ph.D., OR 97124
Chair of Computer Science Section, Faculty of Science Michael A. West (Chapter 7), Senior Technical Writer,
and Technology, University of Stavanger, N-4036 Sta- Truestone Maritime Operations Martinez, California
vanger, Norway 94553
Robert Rounsavall (Chapter 62), Co-founder, Trapezoid, Dan Wing (Chapter 60), Distinguished Engineer, Cisco
Inc., 4931 SW 75th Ave., Miami, Florida 33155 Systems, Inc., 222 Coffeeberry Drive, San Jose, CA
Peter Y.A. Ryan (Chapters 49, 90), Professor of Informa- 95123
tion Security and Head of Applied Security and Infor- George O.M. Yee (Chapters 32, 54), Adjunct Research
mation Assurance (APSIA) Group, GCWN, University Professor, Carleton University, 17 Sai Crescent,
of Luxemburg, Campus Kirchberg 6, rue Richard, Ottawa, ON, Canada K1G 5N7
Coudenhove-Kalergi, L-1359 Luxembourg
xxx Contributors

Liang Yan (Chapters 17, 21), Professor, University of

Stavanger, N-4036, Stavanger, Norway
Roman Zabicki (Chapter 75), Manager, Infrastructure
Engineering Team, kCura, 175 West Jackson Blvd.,
Suite 1000, Chicago, IL 60604
Gansen Zhao (Chapters 17, 21), Professor, South China
Normal University, Guangzhou 510631, P.R. China
Zhe Zias (Chapter 90), Professor, University of Surrey,
Department of Computing Guildford, Surrey, GU2
7XH
About the Editor

John R. Vacca is an information technology consultant,

researcher, professional writer, editor, reviewer, and inter-
nationally known, best-selling author based in Pomeroy,
Ohio. Since 1982, John has authored or edited 79 books;
some of his most recent books include:
l Cloud Computing Security: Foundations and
Challenges (CRC Press, an imprint of Taylor & Francis
Group, LLC, September 14, 2016).
l Security in the Private Cloud (CRC Press, an imprint of
Taylor & Francis Group, LLC, August 26, 2016).
l Handbook of Sensor Networking: Advanced Technolo-
gies and Applications (CRC Press, an imprint of Taylor
& Francis Group, LLC, January 14, 2015).
l Network and System Security, Second Edition, 2E
(Syngress, an imprint of Elsevier Inc., September 23,
2013). l Practical Internet Security (Hardcover) (Springer,
l Cyber Security and IT Infrastructure Protection October 18, 2006).
(Syngress, an imprint of Elsevier Inc., September 23, l Optical Networking Best Practices Handbook
2013). (Hardcover) (Wiley-Interscience, November 28, 2006).
l Managing Information Security, Second Edition, 2E l Guide to Wireless Network Security (Springer, August
(Syngress, an imprint of Elsevier Inc., September 23, 19, 2006).
2013).
l Computer and Information Security Handbook, 2E He is also the author of more than 600 articles in the
(Morgan Kaufmann, an imprint of Elsevier Inc., May areas of advanced storage, computer security, and
31, 2013). aerospace technology (copies of articles and books are
l Identity Theft (Cybersafety) (Chelsea House Pub, April available upon request).
1, 2012). John was also a configuration management specialist,
l System Forensics, Investigation, and Response computer specialist, and the computer security official
(Jones & Bartlett Learning, September 24, 2010). (CSO) for NASA’s space station program (Freedom) and
l Managing Information Security (Syngress, an imprint the International Space Station Program, from 1988 until
of Elsevier Inc., March 29, 2010). his retirement from NASA in 1995.
l Network and Systems Security (Syngress, an imprint of John is also an independent online book reviewer and
Elsevier Inc., March 29, 2010). one of the security consultants for the MGM movie
l Computer and Information Security Handbook, 1E AntiTrust, which was released on January 12, 2001. A
(Morgan Kaufmann, an imprint of Elsevier Inc., June detailed copy of his author bio can be viewed at http://
2, 2009). www.johnvacca.com. John can be reached at
l Biometric Technologies and Verification Systems [email protected].
(Elsevier Science & Technology Books, March 16,
2007).

xxxi
This page intentionally left blank
Foreword

We have all been there as an IT staffer. Suddenly, you have information technology and security have contributed their
a new project which is not in your immediate area of time, effort, and knowledge to this new edition so that you,
expertise. You need to get moving and get moving quickly; as an IT professional, can save valuable time getting up to
and, of course, security issues must be addressed from speed on a myriad of security topics.
inception through implementation. The third edition of the The third edition of the Computer and Information
Computer and Information Security Handbook is a tool that Security Handbook provides you with a professional
will help you to hit the ground running. competitive advantage, thus enabling you to stay on top of
With more than 30 new chapters, the newest edition of current topics and to outperform your peers and your
the Computer and Information Security Handbook covers competitors. I highly recommend this new edition of the
security issues from A to Z. You will not need to mine the handbook.
Internet and sort through a barrage of new material to
determine what is valid, valuable, and usable. The vetting Michael Erbschloe
work has been done for you in this new edition of the Information Security Consultant
handbook. Michael Erbschloe teaches information security
We all know that the new protocol is to effectively build courses at Webster University in St. Louis, Missouri.
security in from the start, so that you do not have to inef-
fectively add it on later. Many of the best minds in

xxxiii
This page intentionally left blank
Preface

This comprehensive third-edition handbook serves as a wireless sensor network security of the Internet of Things
professional reference and as a practitioner’s guide to (IoT); security for IoT; cellular network security, radio-
today’s most complete and concise view of computer and frequency identification (RFID) security; optical network
cyber-security and privacy available in two volumes. It security; and, optical wireless security.
offers in-depth coverage of computer and cyber-security Chapter 1, “Information Security in the Modern
theory, technology, and practice as they relate to estab- Enterprise,” provides a set of procedures and controls for
lished technologies as well as recent advancements. It conducting assessments of information security in the
explores practical solutions to a wide range of security modern enterprise.
issues. Individual chapters are authored by leading experts Chapter 2, “Building a Secure Organization,” sets the
in the field and address the immediate and long-term stage for the rest of the book by presenting insight into
challenges in the authors’ respective areas of expertise. where to start building a secure organization.
The primary audience for this handbook consists of Chapter 3, “A Cryptography Primer,” provides an
researchers and practitioners in industry and academia as overview of cryptography. It shows how communications
well as security technologists, engineers, federal and state may be encrypted and transmitted.
governments, and law enforcement, working with or Chapter 4, “Verifying User and Host Identity,” goes
interested in computer and cyber-security. This compre- over general identity management concepts and how
hensive reference and practitioner’s guide will also be of computer technology is used to validate a person’s
value to students in upper-division undergraduate and authenticity of gaining access to authorized systems.
graduate-level courses in computer and cyber-security. Chapter 5, “Detecting System Intrusions,” describes the
characteristics of the intrusion detection system (IDS)
technologies and provides recommendations for designing,
1. ORGANIZATION OF THIS BOOK implementing, configuring, securing, monitoring, and
maintaining them.
The book is organized into 15 parts composed of 91 Chapter 6, “Intrusion Detection in Contemporary
contributed chapters by leading experts in their fields, as Environments,” discusses intrusion detection applications
well as 12 appendices, including an extensive glossary of for two contemporary environments: mobile devices and
cyber-security terms and acronyms. cloud computing.
Chapter 7, “Preventing System Intrusions,” discusses
Part 1: Overview of System and Network how to prevent system intrusions and where an unautho-
rized penetration of a computer in your enterprise or an
Security: A Comprehensive Introduction
address in your assigned domain can occur.
Part 1 discusses how to build a secure organization; Chapter 8, “Guarding Against Network Intrusions,”
information security in the modern enterprise; how to shows how to guard against network intrusions by under-
generate cryptography; how to verify user and host identity; standing the variety of attacks, from exploits to malware
how to detect system intrusions; how to detect intrusions in and social engineering.
contemporary environments, how to prevent system Chapter 9, “Fault Tolerance and Resilience in Cloud
intrusions; how to guard against network intrusions, fault Computing Environments,” focuses on characterizing the
tolerance, and resilience in cloud computing environments; recurrent failures in a typical Cloud computing environ-
how to secure web applications, services, and servers; ment, analyzing the effects of failures on user’s applica-
UNIX and Linux security; how to eliminate the security tions, and surveying fault tolerance solutions corresponding
weakness of Linux and UNIX Operating systems; Internet to each class of failures.
and intranet security; the botnet problem; local area Chapter 10, “Securing Web Applications, Services, and
network (LAN) security; wireless network security; Servers,” provides a general overview of the breadth of web

xxxv
xxxvi Preface

service security, an introduction to the subject area, and modeling attack problems and protection schemes for op-
guides the reader to sources with deeper information. tical networks.
Chapter 11, “UNIX and Linux Security,” discusses how Chapter 23, “Optical Wireless Security,” focuses on
to scan for vulnerabilities; reduce denial-of-service (DoS) free space optics (FSO) and the security that has been
attacks; deploy firewalls to control network traffic; and developed to protect its transmissions, as well as an over-
build network firewalls. view of the basic technology.
Chapter 12, “Eliminating the Security Weakness of
Linux and UNIX Operating Systems,” presents an intro-
duction to securing UNIX in general and Linux in partic-
ular, providing some historical context and describing some
Part 2: Managing Information Security
fundamental aspects of the secure operating system Part 2 discusses how to protect mission-critical systems;
architecture. deploying security management systems; policy-driven
Chapter 13, “Internet Security,” shows you how cryp- system management; IT security management; how
tography can be used to address some of the security issues intruders gain unlawful access to networks; social
besetting communications protocols. engineering deceptions and defenses; ethical hacking; how
Chapter 14, “The Botnet Problem,” describes the botnet to conduct vulnerability assessments and security metrics;
threat and the countermeasures available to network secu- security education, training, and awareness; risk manage-
rity professionals. ment; and insider threats.
Chapter 15, “Intranet Security,” covers internal security Chapter 24, “Information Security Essentials for Infor-
strategies and tactics; external security strategies and mation Technology Managers: Protecting Mission-Critical
tactics; network access security; and Kerberos. Systems,” discusses how security goes beyond technical
Chapter 16, “Local Area Network Security,” discusses controls and encompasses people, technology, policy, and
network design and security deployment as well as ongoing operations in a way that few other business objectives do.
management and auditing. Chapter 25, “Security Management Systems,” examines
Chapter 17, “Wireless Network Security,” presents an documentation requirements and maintaining an effective
overview of wireless network security technology; how to security system as well as conducting assessments.
design wireless network security and plan for wireless Chapter 26, “Policy-Driven System Management,”
network security; how to install, deploy, and maintain focuses particularly on PBM’s use for securing computing
wireless network security; information warfare counter- systems according to high-level security goals.
measures: the wireless network security solution; and Chapter 27, “Information Technology Security Man-
wireless network security solutions and future directions. agement,” discusses the processes that are supported with
Chapter 18, “Wireless Sensor Network Security: The enabling organizational structure and technology to protect
Internet of Things,” helps organizations design, implement, an organization’s information technology operations and IT
and evaluate wireless sensor intrusion detection systems, assets against internal and external threats, intentional or
which aim at transferring the computational load of the otherwise.
operation from the sensors to the base station. Chapter 28, “The Enemy (The Intruder’s Genesis),”
Chapter 19, “Security for the Internet of Things,” is an discusses process of creating a formal set of governance to
overview of the IoT architecture developed by ITU-T, and define cyber-security, and course of actions to be taken to
defined in Y.2060. defend against the cyber-attacks.
Chapter 20, “Cellular Network Security,” addresses the Chapter 29, “Social Engineering Deceptions and
security of the cellular network; educates readers on the Defenses,” illustrates a cross-section of socially engineered
current state of security of the network and its vulnerabil- attacks.
ities; outlines the cellular network specific attack taxon- Chapter 30, “Ethical Hacking,” provides the foundation
omy, also called three-dimensional attack taxonomy; needed to become skilled at ethical hacking.
discusses the vulnerability assessment tools for cellular Chapter 31, “What Is Vulnerability Assessment?”
networks; and provides insights into why the network is so covers the fundamentals: defining vulnerability, exploit,
vulnerable and why securing it can prevent communication threat, and risk; analyzing vulnerabilities and exploits; and
outages during emergencies. configuring scanners. It also shows you how to generate
Chapter 21, “Radio Frequency Identification Security,” reports, assess risks in a changing environment, and
describes the RFID tags and RFID reader and back-end manage vulnerabilities.
database in detail. Chapter 32, “Security Metrics: An Introduction and
Chapter 22, “Optical Network Security,” presents an Literature Review” describes the need for security metrics,
analysis of attack and protection problems in optical followed by a discussion of the nature of security metrics,
networks. It also proposes a conceptual framework for including what makes a good security metric, what security
 Preface xxxvii

metrics have been used in the past, and how security Chapter 41, “Cyber Forensics and Incidence Response,”
metrics can be scientifically based. discusses the steps and methods to respond to incidents and
Chapter 33, “Security Education, Training, and conduct cyber forensics investigations.
Awareness” is designed to facilitate the implementation of Chapter 42, “Securing e-Discovery,” explains electronic
SETA program requirements and standards, within the full discovery reference model (EDRM) from an industry
range of security disciplines that comprise physical- and insider perspective; collates issues of performance, urgency,
cyber-security. accuracy, risk, and security to a zoned model that underpins
Chapter 34, “Risk Management,” discusses physical the EDRM; explains the very real need for organizations to
security threats, environmental threats, and incident secure certain operations internally; provides examples
response. through real-world experiences of flawed discovery, and
Chapter 35, “Insider Threats,” discusses how the insider what should have been done differently; and discusses how
threat is real; and, the damage done by insiders is increasing security from the information as well as security of it plays a
exponentially with more dependence on data and tele- critical role throughout much of the EDRM.
communication systems. Chapter 43, “Network Forensics,” helps you determine
the path from a victimized network or system through any
intermediate systems and communication pathways, back
Part 3: Disaster Recovery Security to the point of attack origination or the person who should
be held accountable.
Part 3 discusses disaster recovery and disaster recovery Chapter 44, “Microsoft Office and Metadata Forensics:
plans for small and medium business (SMB). A Deeper Dive,” focuses on defining some of the specific
Chapter 36, “Disaster Recovery,” provides insight to the issues encountered when analyzing Microsoft Office met-
job of Disaster Recovery (DR), and provides a framework adata, the most common file types forensic investigators
of what is necessary to achieve a successful DR plan. encounter.
Chapter 37, “Disaster Recovery Plans for Small and Chapter 45, “Hard Drive Imaging,” aims to jumpstart
Medium Business (SMBs),” looks at disaster recovery individuals interested in computer forensics and/or data
planning, business continuity, and business impact analysis recovery.
in the scope of available resources to the average SMB.

Part 6: Encryption Technology

Part 4: Security Standards and Policies
Part 6 discusses how to implement data encryption,
Part 4 discusses security certification and standards satellite encryption, public key infrastructure, password-
implementation and security policies and plans based authenticated key establishment protocols, context-
development. aware multifactor authentication and instant-messaging
Chapter 38, “Security Certification and Standards security.
Implementation,” covers the foundation frameworks for the Chapter 46, “Data Encryption,” is about the role played
latest Security Certification and Standards best practices for by cryptographic technology in data security.
both commercial industry and government agencies. Chapter 47, “Satellite Encryption,” proposes a method
Chapter 39, “Security Policies and Plans Development,” that enhances and complements satellite encryption’s role
covers the importance and structure of Security Policies. in securing the information society. It also covers satellite
encryption policy instruments; implementing satellite
encryption; misuse of satellite encryption technology; and
Part 5: Cyber, Network, and Systems results and future directions.
Chapter 48, “Public Key Infrastructure,” explains the
Forensics Security and Assurance cryptographic background that forms the foundation of
Part 5 discusses cyber forensics; cyber forensics and inci- Public Key Infrastructure (PKI) systems; the mechanics of
dence response; how to secure e-discovery; network fo- the X.509 PKI system (as elaborated by the Internet
rensics; Microsoft Office and metadata forensics; and hard Engineering Task Force); the practical issues surrounding
drive imaging. the implementation of PKI systems; a number of alternative
Chapter 40, “Cyber Forensics,” is intended to provide PKI standards; and alternative cryptographic strategies for
an in-depth familiarization with computer forensics as a solving the problem of secure public key distribution.
career, a job, and a science. It will help you avoid mistakes Chapter 49: “Password-Based Authenticated Key Estab-
and find your way through the many aspects of this diverse lishment Protocols,” emphasizes that one of the main goals of
and rewarding field. cryptography is to provide secure communication channels
xxxviii Preface

between different parties and provides a short overview on a Chapter 57, “Privacy and Security in Environmental
specific variant of authenticated key exchange protocols in Monitoring Systems: Issues and Solutions,” identifies the
which authentication between parties is established through main security and privacy issues characterizing the envi-
knowledge of a simple, human-memorable password. ronmental data as well as the environmental monitoring
Chapter 50, “Context-Aware Multifactor Authentication infrastructures.
Survey,” reviews a wide variety of modern and classic Chapter 58, “Virtual Private Networks,” covers VPN
multifactor authentication systems and methods. scenarios, VPN comparisons, and information assurance
Chapter 51, “Instant-Messaging Security,” helps you requirements. It also covers building VPN tunnels;
develop an IM security plan, keep it current, and make sure applying cryptographic protection; implementing IP secu-
it makes a difference. rity; and deploying virtual private networks.
Chapter 59, “Identity Theft,” describes the importance
of understanding the human factor of ID theft security and
details the findings from a study on deceit.
Part 7: Privacy and Access Management Chapter 60, “VoIP Security,” deals with the attacks
Part 7 discusses online privacy, privacy-enhancing tech- targeted toward a specific host and issues related to social
nologies, personal privacy policies, detection of conflicts in engineering.
security policies, detection of conflicts in security policies,
supporting user privacy preferences in digital interactions,
privacy and security in environmental monitoring systems: Part 8: Storage Security
issues and solutions, virtual private networks, identity theft,
and voice-over Internet protocol (VoIP) security. Part eight covers storage area network (SAN) security and
Chapter 52, “Online Privacy,” addresses the privacy storage area networking devices security.
issues in the digital society from various points of view, Chapter 61, “SAN Security,” describes the following
investigating the different aspects related to the notion of components: protection rings; security and protection;
privacy and the debate that the intricate essence of privacy restricting access to storage; access control lists (ACLs) and
has stimulated; the most common privacy threats and the policies; port blocks and port prohibits; and zoning and
possible economic aspects that may influence the way isolating resources.
privacy is (and especially is not currently) managed in most Chapter 62, “Storage Area Networking Security
firms; the efforts in the computer science community to Devices,” covers all the issues and security concerns
face privacy threats, especially in the context of mobile and related to SAN security.
database systems; and the network-based technologies
available to date to provide anonymity when communi-
cating over a private network. Part 9: Cloud Security
Chapter 53, “Privacy-Enhancing Technologies,”
provides an overview to the area of Privacy-enhancing Part 9 discusses securing cloud computing systems, cloud
technologies (PETs), which help to protect privacy by security and private cloud security.
technically enforcing legal privacy principles. Chapter 63, “Securing Cloud Computing Systems,”
Chapter 54, “Personal Privacy Policies,” begins with the aims to discuss various cloud computing environments and
derivation of policy content based on privacy legislation, methods to make them more secure for hosting companies
followed by a description of how a personal privacy policy and their customers.
may be constructed semiautomatically. It then shows how to Chapter 64, “Cloud Security,” outlines trends in cloud
additionally specify policies so that negative unexpected security.
outcomes can be avoided. Finally, it describes the author’s Chapter 65, “Private Cloud Security,” covers the
Privacy Management Model, which explains how to use importance of private cloud security.
personal privacy policies to protect privacy, including what is Chapter 66, “Virtual Private Cloud Security,” covers the
meant by a “match” of consumer and service provider policies overall concepts of virtual private cloud security.
and how nonmatches can be resolved through negotiation.
Chapter 55, “Detection of Conflicts in Security Policies,”
identifies the common approaches to the identification of Part 10: Virtual Security
security conflicts considering three relevant scenarios: access
control policies, policy execution, and network protection. Part 10 discusses protecting the virtual infrastructure and
The chapter focuses on the detection of the conflicts. software defined networking (SDN) and netword function
Chapter 56, “Supporting User Privacy Preferences in virtualization (NFV) security.
Digital Interactions,” describes solutions supporting both Chapter 67, “Protecting Virtual Infrastructure,” outlines
client privacy preferences and server disclosure policies. trends in security virtualization.
 Preface xxxix

Chapter 68, “Software-Defined Networking and ways penetration tests are conducted, how they’re controlled,
Network Function Virtualization Security,” outlines soft- and what organizations might look for when choosing a
ware defined networking (SDN) and network function company to conduct a penetration test for them.
virtualization (NFV) technologies and gives attention to Chapter 76, “System Security,” shows you how to
cascading threats as well as controller protections. protect your information from harm, and also ways to make
your data readily available for access to an intended audi-
ence of users.
Chapter 77, “Access Controls,” endeavors to inform the
Part 11: Cyber Physical Security reader about the different types of access controls that are
Part 11 discusses physical security essentials and being used, and describes the pros and cons they might
biometrics. have.
Chapter 69, “Physical Security Essentials,” is concerned Chapter 78, “Endpoint Security,” covers the importance
with physical security and some overlapping areas of pre- of endpoint security designing and the architectural func-
mises security. It also looks at physical security threats and tions and philosophy behind it.
then considers physical security prevention measures. Chapter 79, “Assessments and Audits,” presents the
Chapter 70, “Biometrics,” discusses the different types basic technical aspects of conducting information security
of biometrics technology and verification systems and how assessments and audits. It presents technical testing and
the following work: biometrics eye analysis technology; examination methods and techniques that an organization
biometrics facial recognition technology; facial thermal might use as part of an assessment and audit, and offers
imaging; biometrics finger-scanning analysis technology; insights to assessors on their execution and the potential
biometrics geometry analysis technology; biometrics veri- impact they may have on systems and networks.
fication technology; and privacy-enhanced, biometrics- Chapter 80, “Fundamentals of Cryptography,”
based verification/authentication as well as biometrics discusses how information security is the discipline that
solutions and future directions. provides protection of information from intrusion and
accidental or incidental loss. It also provides a framework
for the protection of information from unauthorized use,
copying, distribution, or destruction of data.
Part 12: Practical Security
Part 12 discusses online identity and user management
services, Intrusion Prevention and Detection Systems, TCP/
Part 13: Critical Infrastructure Security
IP Packet Analysis, firewalls, penetration testing, system
security, access controls, endpoint security, assessments Part 13 discusses securing the infrastructure, homeland
and audits, and fundamentals of cryptography. security, cyber warfare, and cyber-attack process.
Chapter 71, “Online Identity and User Management Chapter 81, “Securing the Infrastructure,” focuses on
Services,” presents the evolution of identity management how security is presented to protect the infrastructure.
requirements. It also surveys how the most advanced Smart grid cyber-security in this chapter also addresses
identity management technologies fulfill present-day not only deliberate attacks, such as from disgruntled
requirements. It discusses how mobility can be achieved employees, industrial espionage, and terrorists, but also
in the field of identity management in an ambient intelli- inadvertent compromises of the information infrastructure
gent/ubiquitous computing world. due to user errors, equipment failures, and natural
Chapter 72, “Intrusion Prevention and Detection Sys- disasters.
tems,” discusses the nature of computer system intrusions, Chapter 82, “Homeland Security,” describes some
the people who commit these attacks, and the various principle provisions of US homeland security-related laws
technologies that can be utilized to detect and prevent them. and Presidential directives. It gives the organizational
Chapter 73, “Transmission Control Protocol/Internet changes that were initiated to support homeland security in
Protocol Packet Analysis,” discusses how TCP/IP packets the United States. The chapter highlights the 9/11
are constructed and analyzed to interpret the applications Commission that Congress charted to provide a full account
that use the TCP/IP stack. of the circumstances surrounding the 2001 terrorist attacks
Chapter 74, “Firewalls,” provides an overview of fire- and to develop recommendations for corrective measures
walls: policies, designs, features, and configurations. Of that could be taken to prevent future acts of terrorism. It
course, technology is always changing, and network fire- also details the Intelligence Reform and Terrorism
walls are no exception. However, the intent of this chapter Prevention Act of 2004 and the Implementation of the 9/11
is to describe aspects of network firewalls that tend to Commission Recommendations Act of 2007.
endure over time. Chapter 83, “Cyber Warfare,” defines cyber warfare
Chapter 75, “Penetration Testing,” describes how testing (CW) and discusses its most common tactics, weapons, and
differs from an actual “hacker attack” as well as some of the tools as well as comparing CW terrorism with conventional
xl Preface

warfare and addressing the issues of liability and the such as legal liability risk reduction, productivity gains, and
available legal remedies under international law. bandwidth usage. It also explores the downside and unin-
Chapter 84, “Cyber-Attack Process,” covers the cyber- tended consequences and risks that improperly deployed or
attack process, to include the technical and nontechnical misconfigured systems create. The chapter also looks into
steps an attacker uses in order to exploit their targeted methods to subvert and bypass these systems and the
entity. reasons behind them.
Chapter 88, “Data Loss Protection,” introduces the
reader to a baseline understanding of how to investigate and
evaluate DLP applications in the market today.
Part 14: Advanced Security Chapter 89, “Satellite Cyber-Attack Search and
Part 14 discusses security through diversity, online repu- Destroy,” discusses satellite cyber-attacks with regards to
tation, content filtering, data loss protection, satellite cyber- hacking, interference, and jamming.
attack search and destroy, verifiable voting systems and Chapter 90, “Verifiable Voting Systems,” emphasizes
advanced data encryption. For instance: the challenge to reconcile the secrecy of the ballot, with
Chapter 85, “Security Through Diversity,” covers some demonstrable correctness of the result.
of the industry trends in adopting diversity in hardware, Chapter 91, “Advanced Data Encryption,” explores
software, and application deployments. This chapter also advanced data encryption algorithms.
covers the risks of uniformity, conformity, and the ubiq-
uitous impact of adopting standard organizational princi-
pals without the consideration of security.
2. SUPPLEMENTAL MATERIALS
Chapter 86, “e-Reputation and Online Reputation
Management Survey,” discusses the general understanding Instructor materials, including appendices and glossary,
of the human notion of reputation. It explains how this lecture slides, figures from the text, exercise solutions, and
concept of reputation fits into computer security. The sample syllabi are available at: store.elsevier.com/product.
chapter presents the state of the art of attack-resistant jsp?isbn59780123943972 (click the “Resources” tab at
reputation computation. It also gives an overview of the the bottom of the page).
current market of online reputation services. The chapter John R. Vacca
concludes by underlining the need to standardize online Editor-in-Chief
reputation for increased adoption and robustness. [email protected]
Chapter 87, “Content Filtering,” examines the many www.johnvacca.com
benefits and justifications of web-based content filtering
Acknowledgments

There are many people who have contributed to this book’s Maria Casalino, Erdal Cayirci, Tom Chen, Hongbing
successful completion. I owe each a debt of gratitude and Cheng, Lauren Collins, Marco Cremonini, Sam Curry,
want to take this opportunity to offer my sincere thanks. Rozita Dara, Christopher Day, Sabrina De Capitani Di
A very special thanks to my Senior Acquisitions Editor, Vimercati, Scott R. Ellis, Tewfiq El Maliki, Michael
Brian Romer, without whose continued interest and support Erbschloe, Simone Fischer-Hbner, Sara Foresti, Errin W.
would not have made this book possible. And, a very special Fulp, Angelo Genovese, Anna Granova, William F. Gross,
thanks to Senior Editorial Project Manager, Charlie Kent, Yong Guan, Cem Gurkok, Feng Hao, Tarfa Hamed, James
who provided staunch support and encouragement when it T. Harmening, Rich Hoffman, Emin Huseynov, Markus
was most needed. Thanks to my Senior Project Managers Jakobsson, Ravi Jhawar, Almantas Kakareka, Bhushan
Priya Kumaraguruparan and Udayakumar Raghavan; Kapoor, Sokratis K. Katsikas, Dalia Khader, John B. Khan,
Copyeditors, whose fine editorial work has been invaluable. Larry Korba, Kameswari Kotapati, Stefan C. Kremer,
Thanks also to my Marketing Manager, whose efforts on Thomas F. LaPorta, Jean Lencrenon, Keith Lewis, Peng
this book have been greatly appreciated. Finally, thanks to Liu, Giovanni Livraga, Tewfiq El Maliki, John R. Mallery,
all of the other people at Computer Networking and Computer Bill Mansoor, Luther Martin, John McDonald, John
and Information Systems Security, and Morgan Kaufmann McGowan, Nailah Mims, Simone Mutti, Peter Nicoletti,
Publishers/Elsevier Science & Technology Books, whose Kevin Noble, Pramod Pandya, Harsh Kupwade Patil,
many talents and skills are essential to a finished book. Stefano Paraboschi, Thea Peacock, Ken Perkins, Vincenzo
Thanks to my wife, Bee Vacca, for her love, her help, Piuri, Henrik Plate, James Pooley, Daniel Ramsbrock,
and her understanding of my long work hours. Also, special Chunming Rong, Robert Rounsavall, Peter Ryan,
thanks to Michael Erbschloe for writing the foreword. Pierangela Samarati, Marco Santambrogio, Mario Santana,
Finally, I wish to thank all the following authors who Steve Schneider, Fabio Scotti, Jean-Marc Seigneur, Marco
contributed chapters that were necessary for the completion Slaviero, Daniel S. Soper, Terence Spies, William
of this book: Edward Amoroso, Jeffrey S. Bardin, Cataldo Stallings, Alex Tsow, Jesse Walker, Patrick J. Walsh,
Basile, Sanjay Bavisi, Stefan Berthold, Gerald Beuchelt, Michael A. West, Dan Wing, Zhe Xia, George O.M. Yee,
Rahul Bhaskar, Chiara Braghin, Albert Caballero, Matteo Liang Yan, Roman Zabicki, and Gansen Zhao.

xli
This page intentionally left blank
Part I

Overview of System and

Network Security:
A Comprehensive Introduction

Chapter 1 Information Security in the Modern Enterprise

James Pooley
Chapter 2 Building a Secure Organization
John R. Mallery
Chapter 3 A Cryptography Primer
Scott R. Ellis
Chapter 4 Verifying User and Host Identity
Keith Lewis
Chapter 5 Detecting System Intrusions
Scott R. Ellis
Chapter 6 Intrusion Detection in Contemporary Environments
Tarfa Hamed, Rozita Dara, Stefan C. Kremer
Chapter 7 Preventing System Intrusions
Michael A. West
Chapter 8 Guarding Against Network Intrusions
Thomas M. Chen
Chapter 9 Fault Tolerance and Resilience in Cloud Computing Environments
Ravi Jhawar, Vincenzo Piuri
Chapter 10 Securing Web Applications, Services, and Servers
Gerald Beuchelt
2 PART j I Overview of System and Network Security: A Comprehensive Introduction

Chapter 11 UNIX and Linux Security

Gerald Beuchelt
Chapter 12 Eliminating the Security Weakness of Linux and UNIX Operating Systems
Mario Santana
Chapter 13 Internet Security
Jesse Walker
Chapter 14 The Botnet Problem
Nailah Mims
Chapter 15 Intranet Security
Bill Mansoor
Chapter 16 Local Area Network Security
Pramod Pandya
Chapter 17 Wireless Network Security
Chunming Rong, Gansen Zhao, Liang Yan, Erdal Cayirci, Hongbing Cheng
Chapter 18 Wireless Sensor Network Security: The Internet of Things
Harsh Kupwade Patil, Thomas M. Chen
Chapter 19 Security for the Internet of Things
William Stallings
Chapter 20 Cellular Network Security
Peng Liu, Thomas F. LaPorta, Kameswari Kotapati
Chapter 21 Radio Frequency Identification Security
Chunming Rong, Gansen Zhao, Liang Yan, Erdal Cayirci, Hongbing Cheng
Chapter 22 Optical Network Security
Lauren Collins
Chapter 23 Optical Wireless Security
Scott R. Ellis
Exploring the Variety of Random
Documents with Different Content
cuando quiso Dios sacar de Egipto su pueblo, y castigar á los
Egipcios, se refieren[52] algunas vistas y espantos de monstruos,
como de fuegos vistos á deshora, de gestos horribles que aparecian.
Josefo, en los libros de Bello Judaico, cuenta muchos y grandes
prodigios, que precedieron á la destruccion de Jerusalén y último
cautiverio de la desventurada gente, que con tanta razon tuvo á Dios
por contrario. Y de Josefo tomó Eusebio Cesariense[53] y otros la
misma relacion, autorizando aquellos pronósticos. Los Historiadores
están llenos de semejantes observaciones en grandes mudanzas de
estados, ó Repúblicas, ó Religion. Y Paulo Orosio cuenta no pocas:
sin duda no es vana su observancia, porque aunque el dar crédito
ligeramente á pronósticos y señales, es vanidad, y aun supersticion
prohibida por la ley de nuestro Dios, mas en cosas muy grandes y
mudanza de naciones, reinos, y leyes muy notables, no es vano, sino
acertado creer, que la sabiduría del Altísimo ordena ó permite cosas,
que den como alguna nueva de lo que ha de ser, que sirva, como he
dicho, á unos de aviso, y á otros de parte de castigo, y á todos de
indicio, que el Rey de los Cielos tiene cuenta con las cosas de los
hombres. El cual, como para la mayor mudanza del mundo, que será
el dia del Juicio, tiene ordenadas las mayores y mas terribles señales
que se pueden imaginar, así para denotar otras mudanzas menores,
pero notables, en diversas partes del mundo, no deja de dar algunas
maravillosas muestras, que segun la ley de su eterna Sabiduría tiene
dispuestas. Tambien se ha de entender, que aunque el Demonio es
padre de la mentira; pero á su pesar le hace el Rey de gloria
confesar la verdad muchas veces, y aun él mismo de puro miedo y
despecho la dice no pocas. Así daba voces en el desierto[54], y por la
boca de los endemoniados, que Jesús era el Salvador, que habia
venido á destruirle. Así por la Pithonisa decia[55], que Paulo
predicaba el verdadero Dios. Así apareciéndose, y atormentando á la
muger de Pilato, le hizo negociar por Jesús, varon justo. Así otras
historias, sin la sagrada, refieren diversos testimonios de los Idolos
en aprobacion de la Religion Cristiana, de que Lactancio, Próspero y
otros hacen mencion. Léase Eusebio en los libros de la Preparacion
Evangélica, y despues en los de su Demostracion, que trata de esto
largamente. He dicho todo esto tan de propósito, para que nadie
desprecie lo que refieren las historias y Anales de los Indios cerca de
los prodigios extraños, y pronósticos que tuvieron de acabarse su
Reino y el Reino de el Demonio, á quien ellos adoraban juntamente:
los cuales, así por haber pasado en tiempos muy cercanos, cuya
memoria está fresca, como por ser muy conforme á buena razon,
que de una tan gran mudanza el Demonio sagaz se recelase y
lamentase, y Dios junto con esto comenzase á castigar á idólatras
tan crueles y abominables, digo que me parecen dignos de crédito, y
por tales los tengo y refiero aquí. Pasó, pues, de esta manera: que
habiendo reinado Motezuma en suma prosperidad muchos años, y
puesto en tan altos pensamientos, que realmente se hacia servir y
temer, y aun adorar, como si fuera Dios, comenzó el Altísimo á
castigarle, y en parte avisarle, con permitir, que los mismos
Demonios á quien adoraba, le diesen tristísimos anuncios de la
pérdida de su Reino, y le atormentasen con pronósticos nunca
vistos, de que él quedó tan melancólico y atónito, que no sabia de
sí. El Idolo de los de Cholóla, que se llama Quezalcóatl, anunció que
venía gente extraña á poseer aquellos Reinos. El Rey de Tezcuco,
que era gran Májico, y tenia pacto con el Demonio, vino á visitar á
Motezuma á deshora, y le certificó, que le habian dicho sus Dioses,
que se le aparejaban á él y á todo su Reino grandes pérdidas y
trabajos. Muchos hechiceros y brujos le iban á decir lo mismo, entre
los cuales fué uno, que muy en particular le dijo lo que despues le
vino á suceder; y estándole hablando advirtió, que le faltaban los
dedos pulgares de los pies y manos. Disgustado de tales nuevas,
mandaba prender todos estos hechiceros, mas ellos se desaparecian
presto de la prision, de que el Motezuma tomaba tanta rabia, que no
pudiendo matarlos, hacia matar sus mugeres é hijos, y destruir sus
casas y haciendas. Viéndose acosado de estos anuncios, quiso
aplacar la ira de sus Dioses, y para esto dió en traer una piedra
grandísima, para hacer sobre ella bravos sacrificios. Yendo á traerla
muchísima gente con sus maromas y recaudo, no pudieron moverla,
aunque porfiando quebraron muchas maromas muy gruesas, mas
como porfiasen todavia, oyeron una voz junto á la piedra, que no
trabajasen en vano, que no podrian llevarla, porque ya el Señor de
lo criado no queria que se hiciesen aquellas cosas. Oyendo esto
Motezuma, mandó que allí hiciesen los sacrificios. Dicen que volvió
otra voz: ¿Ya no he dicho, que no es la voluntad del Señor de lo
criado, que se haga eso? Para que veais que es así, yo me dejaré
llevar un rato, y despues no podréis menearme. Fué así, que un rato
la movieron con facilidad, y despues no hubo remedio, hasta que
con muchos ruegos se dejó llevar hasta la entrada de la ciudad de
Méjico, donde súbito se cayó en una acequia, y buscándola no
pareció mas, sino fué en el propio lugar de adonde la habian traído,
que allí la volvieron á hallar, de que quedaron muy confusos y
espantados. Por este propio tiempo apareció en el Cielo una llama
de fuego grandísima, y muy resplandeciente, de figura piramidal, la
cual comenzaba á aparecer á la media noche yendo subiendo, y al
amanecer cuando salia el Sol, llegaba al puesto de medio dia, donde
desaparecía. Mostróse de este modo cada noche por espacio de un
año, y todas las veces que salía, la gente daba grandes gritos, como
acostumbran, entendiendo era pronóstico de gran mal. Tambien una
vez, sin haber lumbre en todo el templo, ni fuera de él, se encendió
todo, sin haber trueno ni relámpago, y dando voces las guardas,
acudió muchísima gente con agua, y nada bastó, hasta que se
consumió todo: dicen, que parecia que salia el fuego de los mismos
maderos, y que ardia mas con el agua. Vieron otrosí salir un Cometa
siendo de dia claro, que corrió de poniente á oriente, echando gran
multitud de centellas: dicen era su figura de una cola muy larga, y al
principio tres como cabezas. La laguna grande, que está entre
Méjico y Tezcuco, sin haber aire, ni temblor de tierra, ni otra ocasion
alguna, súbitamente comenzó á hervir, creciendo á borbollones
tanto, que todos los edificios que estaban cerca de ella, cayeron por
el suelo. A este tiempo dicen, se oyeron muchas voces como de
muger angustiada, que decia unas veces, ¡ó hijos míos, que ya se ha
llegado vuestra destruccion! Otras veces decia, ¡ó hijos mios! ¿dónde
os llevaré, para que no os acabeis de perder? Aparecieron tambien
diversos mónstruos con dos cabezas, que llevándolos delante de el
Rey desaparecian. A todos estos mónstruos vencen dos muy
extraños: uno fué, que los pescadores de la laguna tomaron una ave
del tamaño de una grulla y de su color, pero de extraña hechura, y
no vista. Lleváronla á Motezuma; estaba á la sazon en los Palacios
que llamaban de llanto y luto, todos teñidos de negro, porque como
tenía diversos Palacios para recreacion, tambien los tenia para
tiempo de pena: y estaba él con muy grande, por las amenazas que
sus Dioses le hacian con tan tristes anuncios. Llegaron los
pescadores á punto de medio dia, y pusiéronle delante aquella ave,
la cual tenia en lo alto de la cabeza una cosa como lucida y
transparente, á manera de espejo, donde vió Motezuma, que se
parecian los Cielos y las estrellas, de que quedó admirado, volviendo
los ojos al Cielo, y no viendo estrellas en él. Volviendo á mirar en
aquel espejo, vió que venia gente de guerra de hácia oriente, y que
venia armada, peleando y matando. Mandó llamar sus agoreros, que
tenia muchos, y habiendo visto lo mismo, y no sabiendo dar razon
de lo que eran preguntados, al mejor tiempo desapareció el ave, que
nunca mas la vieron, de que quedó tristísimo, y todo turbado el
Motezuma. Lo otro que sucedió fué, que le vino á hablar un labrador,
que tenía fama de hombre de bien, y llano, y éste le refirió que
estando el día antes haciendo su sementera, vino una grandísima
águila volando hácia él, y tomóle en peso sin lastimarle, y llevóle á
una cierta cueva, donde le metió, diciendo el águila: Poderosísimo
Señor, ya traje á quien me mandaste. Y el Indio labrador miró á
todas partes á ver con quien hablaba, y no vió á nadie, y en esto
oyó una voz que le dijo: ¿Conoces á ese hombre, que está ahí
tendido en el suelo? y mirando al suelo vió un hombre adormecido, y
muy vencido de sueño, con insignias Reales, y unas flores en la
mano, con un pebete de olor ardiendo segun el uso de aquella
tierra, y reconociéndole el labrador, entendió que era el gran Rey
Motezuma. Respondió el labrador, luego despues de haberle mirado:
Gran Señor, éste parece á nuestro Rey Motezuma. Volvió á sonar la
voz; verdad dices, mírale cual está, tan dormido y descuidado de los
grandes trabajos y males que han de venir sobre él. Ya es tiempo
que pague las muchas ofensas que ha hecho á Dios, y las tiranías de
su gran soberbia, y está tan descuidado de esto, y tan ciego en sus
miserias, que ya no siente. Y para que lo veas, toma ese pebete que
tiene ardiendo en la mano, y pégaselo en el muslo, y verás que no
siente. El pobre labrador no osó llegar ni hacer lo que decian, por el
gran miedo que todos tenían á aquel Rey. Mas volvió á decir la voz:
No temas, que yo soy mas sin comparacion que ese Rey: yo le
puedo destruir y defenderte á tí, por eso haz lo que te mando. Con
esto el villano, tomando el pebete de la mano del Rey, pegóselo
ardiendo al muslo, y no se meneó, ni mostró sentimiento. Hecho
esto, le dijo la voz, que pues veía cuan dormido estaba aquel Rey,
que le fuese á despertar, y le contase todo lo que habia pasado y
que el águila por el mismo mandado le volvió á llevar en peso, y le
puso en el propio lugar de donde lo habia traído: y en cumplimiento
de lo que se le habia dicho, venia á avisarle. Dicen, que se miró
entonces Motezuma el muslo, y vió que lo tenia quemado, que hasta
entonces no lo habia sentido, de que quedó en extremo triste y
congojado. Pudo ser, que esto que el rústico refirió, le hubiese á él
pasado en imaginaria vision. Y no es increíble, que Dios ordenase
por medio de Angel bueno, ó permitiese, por medio de Angel malo,
dar aquel aviso al rústico (aunque infiel) para castigo de el Rey. Pues
semejantes apariciones leemos en la divina Escritura[56] haberlas
tenido tambien hombres infieles y pecadores, como Nabucodonosor,
y Balam, y la Pithonisa de Saúl. Y cuando algo de estas cosas no
hubiese acaecido tan puntualmente, á lo menos es cierto que
Motezuma tuvo grandes tristezas y congojas por muchos y varios
anuncios, de que su Reino y su ley habian de acabarse presto.
 CAPÍTULO XXIV

De la nueva que tuvo Motezuma de los Españoles

que habian aportado á su tierra, y de la embajada
que les envió.

Pues á los catorce años del Reinado de Motezuma, que fué en los
mil y quinientos y diez y siete de nuestro Salvador, aparecieron en la
mar de el Norte unos navíos con gente, de que los moradores de la
costa, que eran vasallos de Motezuma, recibieron grande
admiracion, y queriendo satisfacerse mas quien eran, fueron en unas
canoas los Indios á las naves, llevando mucho refresco de comida y
ropa rica, como que iban á vender. Los Españoles les acogieron en
sus naves, y en pago de las comidas y vestidos que les contentaron,
les dieron unos sartales de piedras falsas, coloradas, azules, verdes y
amarillas, las cuales creyeron los Indios ser piedras preciosas. Y
habiéndose informado los Españoles de quien era su Rey, y de su
gran potencia, les despidieron diciéndoles, que llevasen aquellas
piedras á su Señor, y dijesen, que de presente no podian ir á verle,
pero que presto volverian, y se verian con él. Con este recado fueron
á Méjico los de la costa, llevando pintado en unos paños todo cuanto
habian visto, y los navios y hombres, y su figura, y juntamente las
piedras que les habian dado. Quedó con este mensage el Rey
Motezuma muy pensativo, y mandó no dijesen nada á nadie. Otro
dia juntó su Consejo, y mostrando los paños y los sartales, consultó
qué se haria. Y resolvióse en dar órden á todas las costas de la mar,
que estuviesen en vela, y que cualquiera cosa que hubiese le
avisasen. Al año siguiente, que fué á la entrada del diez y ocho,
vieron asomar por la mar la flota, en que vino el Marqués del Valle
Don Fernando Cortés, con sus compañeros, de cuya nueva se turbó
mucho Motezuma, y consultando con los suyos, dijeron todos, que
sin falta era venido su antiguo y gran Señor Quetzaálcoatl, que él
habia dicho volvería, y que así venia de la parte de oriente, adonde
se habia ido. Hubo entre aquellos Indios una opinion, que un gran
Príncipe les habia en tiempos pasados dejado, y prometido que
volveria, de cuyo fundamento se dirá en otra parte. En fin, enviaron
cinco Embajadores principales con presentes ricos á darles la bien
venida, diciéndoles, que ellos sabian que su gran Señor
Quetzaálcoatl venia allí, y que su siervo Motezuma le enviaba á
visitar, teniéndose por siervo suyo. Entendieron los Españoles este
mensage por medio de Marina, India, que traían consigo, que sabia
la lengua Mejicana. Y pareciéndole á Hernando Cortés que era
buena ocasion aquella para su entrada en Méjico, hizo que le
aderezasen muy bien su aposento, y puesto él con gran autoridad y
ornato, mandó entrar los Embajadores, á los cuales no les faltó sino
adorarle por su Dios. Diéronle su embajada diciendo, que su siervo
Motezuma le enviaba á visitar, y que como Teniente suyo le tenia la
tierra en su nombre, y que ya sabía que él era el Topilcin, que les
habia prometido muchos años habia volver á verlos, y que allí le
traian de aquellas ropas, que él solia vestirse cuando andaba entre
ellos, que le pedian las tomase, ofreciéndole muchos y muy buenos
presentes. Respondió Cortés aceptando las ofertas, y dando á
entender, que él era el que decian, de que quedaron muy contentos,
viéndose tratar por él con gran amor y benevolencia (que en esto,
como en otras cosas, fué digno de alabanza este valeroso Capitan),
y si su traza fuera adelante, que era por bien ganar aquella gente,
parece que se habia ofrecido la mejor coyuntura que se podia
pensar, para sugetar al Evangelio con paz y amor toda aquella tierra.
Pero los pecados de aquellos crueles homicidas y esclavos de
Satanás pedian ser castigados del Cielo, y los de muchos Españoles
no eran pocos; y así los juicios altos de Dios dispusieron la salud de
las gentes, cortando primero las raíces dañadas. Y como dice el
Apóstol[57]: la maldad y ceguera de los unos fué la salvacion de los
otros. En efecto, el dia siguiente, despues de la embajada dicha,
vinieron á la Capitana los Capitanes y gente principal de la flota, y
entendiendo el negocio, y cuan poderoso y rico era el Reino de
Motezuma, parecióles que importaba cobrar reputacion de bravos y
valientes con aquella gente; y que así, aunque eran pocos, serian
temidos y recibidos en Méjico. Para esto hicieron soltar toda la
artillería de las naves, y como era cosa jamás vista por los Indios,
quedaron tan atemorizados, como si se cayera el Cielo sobre ellos.
Despues los soldados dieron en desafiarlos á que peleasen con ellos,
y no atreviéndose los Indios, los denostaron, y trataron mal,
mostrándoles sus espadas, lanzas, gorgujes, partesanas, y otras
armas, con que mucho les espantaron. Salieron tan escandalizados y
atemorizados los pobres Indios, que mudaron del todo opinion,
diciendo, que allí no venia su Rey y Señor Topilcin, sino Dioses
enemigos suyos para destruirlos. Cuando llegaron á Méjico, estaba
Motezuma en la casa de Audiencia, y antes que le diesen la
embajada, mandó el desventurado sacrificar en su presencia número
de hombres, y con la sangre de los sacrificados rociar á los
Embajadores, pensando con esta ceremonia (que usaban en
solemnísimas embajadas) tenerla buena. Mas oída toda la relacion é
informacion de la forma de navíos, gente y armas, quedó del todo
confuso y perplejo, y habido su Consejo no halló otro mejor medio,
que procurar estorbar la llegada de aquellos extranjeros por artes
mágicas y conjuros. Solíanse valer de estos medios muchas veces,
porque era grande el trato que tenian con el Diablo, con cuya ayuda
conseguian muchas veces efectos extraños. Juntáronse, pues, los
hechiceros, magos, y encantadores, y persuadidos de Motezuma
tomaron á su cargo el hacer volver aquella gente á su tierra, y para
esto fueron hasta ciertos puestos, que para invocar los Demonios, y
usar su arte les pareció cosa digna de consideracion. Hicieron cuanto
pudieron y supieron: viendo que ninguna cosa les empecia á los
Cristianos, volvieron á su Rey diciendo, que aquellos eran mas que
hombres, porque nada les dañaba de todos sus conjuros y encantos.
Aquí ya le pareció á Motezuma echar por otro camino, y fingiendo
contento de su venida, envió á mandar en todos sus Reinos, que
sirviesen á aquellos Dioses celestiales, que habian venido á su tierra:
todo el pueblo estaba en grandísima tristeza y sobresalto. Venian
nuevas á menudo, que los Españoles preguntaban mucho por el Rey,
y por su modo de proceder, y por su casa y hacienda. De ésto él se
congojaba en demasía; y aconsejándole los suyos, y otros
nigrománticos que se escondiese, y ofreciéndole que ellos le
pondrian donde criatura no pudiese hallarle, parecióle bajeza, y
determinó aguardar, aunque fuese muriendo. Y en fin, se pasó de
sus casas Reales á otras, por dejar su palacio para aposentar en él á
aquellos Dioses, como ellos decían.
 CAPÍTULO XXV

De la entrada de los Españoles en Méjico.

No pretendo tratar los hechos de los Españoles, que ganaron á la

Nueva-España, ni los sucesos extraños que tuvieron, ni el ánimo y
valor invencible de su Capitan Don Fernando Cortés, porque de esto
hay ya muchas historias y relaciones, y las que el mismo Fernando
Cortés, escribió al Emperador Carlos V, aunque con estilo llano y
ageno de arrogancia, dan suficiente noticia de lo que pasó, y fué
mucho, y muy digno de perpétua memoria. Solo para cumplir con mi
intento, resta decir lo que los Indios refieren de este caso, que no
anda en letras Españolas hasta el presente. Sabiendo, pues,
Motezuma las victorias del Capitan y que venia marchando en
demanda suya, y que se habia confederado con los de Tlascála, sus
capitales enemigos, y hecho un duro castigo en los de Cholóla, sus
amigos, pensó engañarle ó probarle con enviar con sus insignias y
aparato un principal, que se fingiese ser Motezuma. Cuya ficcion
entendida por el Marqués, de los de Tlascála, que venian en su
compañía, envióle con una prudente reprehension por haberle
querido engañar, de que quedó confuso Motezuma, y con el temor
de esto, dando vueltas á su pensamiento, volvió á intentar hacer
volver á los Cristianos por medio de hechiceros y encantadores. Para
lo cual juntó muchos mas que la primera vez, amenazándoles que
les quitaria las vidas, si les volvian sin hacer el efecto á que los
enviaba: prometieron hacerlo. Fueron una cuadrilla grandísima de
estos Oficiales diabólicos al camino de Chálco, que era por donde
venian los Españoles. Subiendo por una cuesta arriba, aparecióles
Tezcatlipúca, uno de sus principales Dioses, que venia de hácia el
Real de los Españoles, en hábito de los Chálcas, y traía ceñidos los
pechos con ocho vueltas de una soga de esparto: venia como fuera
de sí, y como embriagado de coraje y rabia. En llegando al
escuadron de los Nigrománticos y hechiceros, paróse, y díjoles con
grandísimo enojo: ¿Para qué volveis vosotros acá? ¿qué pretende
Motezuma por vuestro medio? Tarde ha acordado, que ya está
determinado que le quiten su Reino, su honra y cuanto tiene, por las
tiranías grandes que ha cometido contra sus vasallos, pues no ha
regido como Señor, sino como Tirano traidor. Oyendo estas palabras,
conocieron los hechiceros que era su Idolo, y humilláronse ante él, y
allí le compusieron un altar de piedra, y le cubrieron de flores que
por allí había. El no haciendo caso de esto, les volvió á reñir,
diciendo: ¿A qué vinisteis aquí, traidores? volveos, volveos luego, y
mirad á Méjico, porque sepais lo que ha de ser de ella. Dicen, que
volvieron á mirar á Méjico, y que la vieron arder y abrasarse toda en
vivas llamas. Con esto el Demonio desapareció, y ellos, no osando
pasar adelante, dieron noticia á Motezuma, el cual por un rato no
pudo hablar palabra, mirando pensativo al suelo: pasado aquel
tiempo dijo: ¿Pues qué hemos de hacer si los Dioses y nuestros
amigos no nos favorecen, antes prosperan á nuestros enemigos? Ya
yo estoy determinado, y determinémonos todos, que venga lo que
viniere, que no hemos de huir, ni nos hemos de esconder, ni mostrar
cobardía. Compadézcome de los viejos, niños y niñas, que no tienen
pies, ni manos para defenderse; y diciendo esto calló, porque se
comenzaba á enternecer. En fin, acercándose el Marqués á Méjico,
acordó Motezuma hacer de la necesidad virtud, y salióle á recibir
como tres cuartos de legua de la ciudad, yendo con mucha
magestad, y llevado en hombros de cuatro Señores, y él cubierto de
un rico palio de oro y plumería. Al tiempo de encontrarse bajó el
Motezuma, y ambos se saludaron muy cortesmente, y Don Fernando
Cortés le dijo estuviese sin pena, que su venida no era para quitarle,
ni disminuirle su Reino. Aposentó Motezuma á Cortés y á sus
compañeros en su Palacio principal, que lo era mucho, y él se fué á
otras casas suyas; aquella noche los soldados jugaron el artillería por
regocijo, de que no poco se asombraron los Indios, no hechos á
semejante música. El dia siguiente juntó Cortés en una gran sala á
Motezuma y á los Señores de su Corte, y juntos les dijo, sentado él
en su silla: Que él era criado de un gran Príncipe, que le habia
mandado ir por aquellas tierras á hacer bien, y que habia en ellas
hallado á los de Tlascála, que eran sus amigos, muy quejosos de los
agravios que les hacian siempre los de Méjico, y que queria entender
quien tenia la culpa, y confederarlos para que no se hiciesen mal
unos á otros de ahí adelante, y que él y sus hermanos, que eran los
Españoles, estarían allí sin hacerles daño, antes les ayudarian lo que
pudiesen. Este razonamiento procuró le entendiesen todos, usando
de sus intérpretes. Lo cual percibido por el Rey y los demás Señores
Mejicanos, fué grande el contento que tuvieron, y las muestras de
amistad que á Cortés y á los demás dieron. Es opinion de muchos,
que como aquel dia quedó el negocio puesto, pudieran con facilidad
hacer del Rey y Reino lo que quisieran, y darles la Ley de Cristo con
gran satisfaccion y paz. Mas los juicios de Dios son altos, y los
pecados de ambas partes muchos; y asi se rodeó la cosa muy
diferente, aunque al cabo salió Dios con su intento de hacer
misericordia á aquella nacion con la luz de su Evangelio, habiendo
primero hecho juicio y castigo de los que lo merecian en su divino
acatamiento. En efecto hubo ocasiones, con que de la una parte á la
otra nacieron sospechas, quejas y agravios, y viendo enagenados los
ánimos de los Indios, á Cortés le pareció asegurarse con echar mano
del Rey Motezuma, y prenderle, y echarle grillos: hecho que espanta
al mundo, igual al otro suyo, de quemar los navios, y encerrarse
entre sus enemigos á vencer ó morir. Lo peor de todo fué, que por
ocasion de la venida impertinente de un Pánfilo de Narvaez á la
Vera-Cruz para alterar la tierra, hubo Cortés de hacer ausencia de
Méjico, y dejar al pobre Motezuma en poder de sus compañeros,
que ni tenian la discrecion, ni moderacion que él. Y así vino la cosa á
términos de total rompimiento, sin haber medio ninguno de paz.
 CAPÍTULO XXVI

De la muerte de Motezuma, y salida de los Españoles

de Méjico.

En la ausencia de Cortés de Méjico, pareció al que quedó en su

lugar, hacer un castigo en los Mejicanos, y fué tan excesivo, y murió
tanta nobleza en un gran mitote ó baile que hicieron en Palacio, que
todo el pueblo se alborotó, y con furiosa rabia tomaron armas para
vengarse y matar los Españoles; y así les cercaron la casa, y
apretaron reciamente, sin que bastase el daño que recibian de la
artilleria y ballestas, que era grande, á desviarse de su porfía.
Duraron en esto muchos dias, quitándoles los bastimentos, y no
dejando entrar ni salir criatura. Peleaban con piedras, dardos
arrojadizos, su modo de lanzas y espadas, que son unos garrotes, en
que tienen cuatro ó seis navajas agudísimas, y tales, que en estas
refriegas refieren las Historias, que de un golpe de estas navajas
llevó un Indio á cercen todo el cuello de un caballo. Como un dia
peleasen con esta determinacion y furia, para quietarles hicieron los
Españoles subir á Motezuma con otro Principal á lo alto de una
azotea, amparados con las rodelas de dos soldados que iban con
ellos. En viendo á su Señor Motezuma pararon todos, y tuvieron
grande silencio. Díjoles entonces Motezuma, por medio de aquel
Principal, á voces, que se sosegasen, y que no hiciesen guerra á los
Españoles, pues estando él preso como veian, no les habia de
aprovechar. Oyendo esto un mozo generoso, llamado Quicuxtemoc,
á quien ya trataban de levantar por su Rey, dijo á voces á
Motezuma, que se fuese para bellaco, pues habia sido tan cobarde, y
que no le habian ya de obedecer, sino darle el castigo que merecia,
llamándole por mas afrenta, de muger. Con esto enarcando su arco,
comenzó á tirarle flechas, y el pueblo volvió á tirar piedras, y
proseguir su combate. Dicen muchos, que esta vez le dieron á
Motezuma una pedrada, de que murió. Los Indios de Méjico afirman,
que no hubo tal, sino que despues murió la muerte que luego diré.
Como se vieron tan apretados, Alvarado y los demás enviaron al
Capitan Cortés aviso de el gran peligro en que estaban. Y él
habiendo, con maravillosa destreza y valor, puesto recaudo en el
Narvaez, y cogiéndole para sí la mayor parte de su gente, vino á
grandes jornadas á socorrer á los suyos á Méjico, y aguardando á
tiempo que los Indios estuviesen descansando, porque era su uso en
la guerra, cada cuatro dias descansar uno, con maña y esfuerzo
entró, hasta ponerse con el socorro en las casas Reales, donde se
habian hecho fuertes los Españoles, por lo cual hicieron muchas
alegrias, y jugaron el artillería. Mas como la rabia de los Mejicanos
creciese, sin haber medio para sosegarlos, y los bastimentos los
fuesen faltando de el todo, viendo que no habia esperanza de mas
defensa, acordó el Capitan Cortés salirse una noche á cencerros
tapados, y habiendo hecho unas puentes de madera para pasar dos
acequias grandísimas y muy peligrosas, salió con muy gran silencio á
media noche. Y habiendo ya pasado gran parte de la gente la
primera acequia, antes de pasar la segunda, fueron sentidos de una
India, la cual fué dando grandes voces, que se iban sus enemigos, y
á las voces se convocó y acudió todo el pueblo con terrible furia, de
modo que al pasar la segunda acequia, de heridos y atropellados
cayeron muertos mas de trescientos, adonde está hoy una hermita,
que impertinentemente y sin razon la llaman de los Mártires.
Muchos, por guarecer el oro y joyas que tenian, no pudieron
escapar: otros deteniéndose en recogerlo y traerlo, fueron presos
por los Mejicanos, y cruelmente sacrificados ante sus Idolos. Al Rey
Motezuma hallaron los Mejicanos muerto, y pasado, segun dicen, de
puñaladas; y es su opinion, que aquella noche le mataron los
Españoles con otros principales. El Marqués, en la relacion que envió
al Emperador, antes dice, que á un hijo de Motezuma, que él llevaba
consigo, con otros nobles, le mataron aquella noche los Mejicanos. Y
dice, que toda la riqueza de oro, piedras y plata que llevaban, se
cayó en la laguna, donde nunca mas pareció. Como quiera que sea,
Motezuma acabó miserablemente, y de su gran soberbia y tiranías
pagó al justo juicio de el Señor de los Cielos, lo que merecía. Porque
viniendo á poder de los Indios su cuerpo, no quisieron hacerle
exequias de Rey, ni aun de hombre comun, desechándole con gran
desprecio y enojo. Un criado suyo, doliéndose de tanta desventura
de un Rey, temido y adorado antes como Dios, allá le hizo una
hoguera, y puso sus cenizas donde pudo, en lugar harto desechado.
Volviendo á los Españoles que escaparon, pasaron grandísima fatiga
y trabajo, porque los Indios les fueron siguiendo obstinadamente
dos ó tres dias, sin dejarles reposar un momento, y ellos iban tan
fatigados de comida, que muy pocos granos de maíz se repartian
para comer. Las relaciones de los Españoles, y las de los Indios
concuerdan, en que aqui les libró nuestro Señor por milagro,
defendiéndoles la Madre de misericordia, y Reina del Cielo María,
maravillosamente en un cerrillo, donde á tres leguas de Méjico está
hasta el dia de hoy fundada una Iglesia en memoria de esto, con
título de nuestra Señora de el Socorro. Fuéronse á los amigos de
Tlascála, donde se rehicieron, y con su ayuda, y con el admirable
valor y gran traza de Fernando Cortés volvieron á hacer la guerra á
Méjico, por mar y tierra, con la invencion de los bergantines que
echaron á la laguna; y despues de muchos combates, y mas de
sesenta peleas peligrosísimas, vinieron á ganar del todo la ciudad dia
de San Hipólito, á trece de Agosto de mil quinientos y veinte y un
años. El último Rey de los Mejicanos habiendo porfiadísimamente
sustentando la guerra, á lo último fué tomado en una canoa grande
donde iba huyendo, y traído con otros principales ante Fernando
Cortés. El Reyezuelo con extraño valor arrancando una daga se llegó
á Cortés, y le dijo: Hasta ahora yo he hecho lo que he podido en
defensa de los míos: ahora no debo mas sino darte ésta, y que con
ella me mates luego. Respondió Cortés, que él no queria matarle, ni
habia sido su intencion de dañarles; mas que su porfia tan loca tenia
la culpa de tanto mal y destruccion, como habian padecido: que bien
sabian cuantas veces les habian requerido con la paz y amistad. Con
esto le mandó poner guardia, y tratar muy bien á él y á todos los
demás que habian escapado. Sucedieron en esta conquista de
Méjico muchas cosas maravillosas, y no tengo por mentira, ni por
encarecimiento, lo que dicen los que escriben, que favoreció Dios el
negocio de los Españoles con muchos milagros; y sin el favor del
Cielo era imposible vencerse tantas dificultades, y allanarse toda la
tierra al mando de tan pocos hombres. Porque aunque nosotros
fuésemos pecadores, é indignos de tal favor, la causa de Dios, y
gloria de nuestra Fé, y bien de tantos millares de almas, como de
aquellas naciones tenia el Señor predestinadas, requería que para la
mudanza que vemos, se pusiesen medios sobrenaturales, y propios
del que llama á su conocimiento á los ciegos y presos, y les da luz y
libertad con su sagrado Evangelio. Y porque esto mejor se crea y
entienda, referiré algunos ejemplos, que me parecen á propósito de
esta historia.
 CAPÍTULO XXVII

De algunos milagros, que en las Indias ha obrado

Dios en favor de la Fé, sin méritos de los que los
obraron.

Santa Cruz de la Sierra es una provincia muy apartada y grande

en los Reinos del Perú, que tiene vecindad con diversas naciones de
infieles, que aun no tienen luz del Evangelio, si de los años acá que
han ido Padres de nuestra Compañía con ese intento, no se la han
dado. Pero la misma provincia es de Cristianos, y hay en ella
Españoles é Indios bautizados en mucha cuantidad. La manera en
que entró allá la Cristiandad fué ésta: Un soldado de ruín vida, y
facineroso en la provincia de los Charcas, por temor de la justicia,
que por sus delitos le buscaba, entró mucho la tierra adentro, y fué
acogido de los Bárbaros de aquella tierra, á los cuales viendo el
Español que pasaban gran necesidad por falta de agua, y que para
que lloviese hacian muchas supersticiones, como ellos usan, díjoles,
que si ellos hacian lo que él les diría, que luego lloveria. Ellos se
ofrecieron á hacerlo de buena gana. El soldado con esto hizo una
grande Cruz, y púsola en alto, y mandóles que adorasen allí, y
pidiesen agua, y ellos lo hicieron así: cosa maravillosa. Cargó luego
tan copiosísima lluvia, que los Indios cobraron tanta devocion á la
santa Cruz, que acudian á ella con todas sus necesidades, y
alcanzaban lo que pedian, tanto, que vinieron á derribar sus Idolos,
y á traer la Cruz por insignia, y pedir Predicadores que les enseñasen
y bautizasen; y la misma provincia se intitula hasta hoy por eso
Santa Cruz de la Sierra. Mas porque se vea por quien obraba Dios
estas maravillas, es bien decir, como el sobredicho soldado, despues
de haber algunos años hechos estos milagros de Apóstol, no
mejorando su vida, salió á la provincia de los Charcas, y haciendo de
las suyas, fué en Potosí públicamente puesto en la horca. Polo que lo
debia de conocer bien, escribe todo esto como cosa notoria que
pasó en su tiempo. En la peregrinacion extraña que escribe Cabeza
de Vaca, el que fué despues Gobernador en el Paraguay, que le
sucedió en la Florida con otros dos ó tres compañeros, que solos
quedaron de una armada, en que pasaron diez años en tierras de
Bárbaros, penetrando hasta la mar del sur, cuenta, y es Autor
fidedigno: Que compeliéndoles los Bárbaros á que les curasen de
ciertas enfermedades, y que si no lo hacian, les quitarian la vida, no
sabiendo ellos parte de medicina, ni teniendo aparejo para ello,
compelidos de la necesidad se hicieron Médicos Evangélicos, y
diciendo las oraciones de la Iglesia, y haciendo la señal de la Cruz,
sanaron aquellos enfermos. De cuya fama hubieron de proseguir el
mismo oficio por todos los pueblos, que fueron innumerables,
concurriendo el Señor maravillosamente, de suerte que ellos se
admiraban de sí mismos, siendo hombres de vida comun, y el uno
de ellos un negro. Lancero fué en el Perú un soldado, que no se
saben de él mas méritos que ser soldado, decia sobre las heridas
ciertas palabras buenas, haciendo la señal de la Cruz, y sanaban
luego, de donde vino á decirse como por refrán, el salmo de
Lancero. Y examinado por los que tienen en la Iglesia autoridad, fué
aprobado su hecho y oficio. En la ciudad del Cuzco, cuando
estuvieron cercados los Españoles cercados, y en tanto aprieto que
sin ayuda del Cielo fuera imposible escapar, cuentan personas
fidedignas y yo se lo oí, que echando los Indios fuego arrojadizo
sobre el techo de la morada de los Españoles, que era donde es
ahora la Iglesia mayor, siendo el techo de cierta paja, que allá
llaman chicho, y siendo los hachos de tea muy grandes, jamás
prendió, ni quemó cosa, porque una Señora que estaba en lo alto,
apagaba el fuego luego, y esto visiblemente lo vieron los Indios, y lo
dijeron muy admirados. Por relaciones de muchos y por historias que
hay, se sabe de cierto, que en diversas batallas que los Españoles
tuvieron, así en la Nueva-España como en el Perú, vieron los Indios
contrarios en el aire un Caballero con la espada en la mano, en un
caballo blanco, peleando por los Españoles, de donde ha sido y es
tan grande la veneracion que en todas las Indias tienen al glorioso
Apostol Santiago. Otras veces vieron en tales conflictos la imagen de
nuestra Señora, de quien los Cristianos en aquellas partes han
recibido incomparables beneficios. Y si estas obras de el Cielo se
hubiesen de referir por extenso, como han pasado, sería relacion
muy larga. Baste haber tocado esto, con ocasion de la merced que la
Reina de gloria hizo á los nuestros, cuando iban tan apretados y
perseguidos de los Mejicanos: lo cual todo se ha dicho para que se
entienda, que ha tenido nuestro Señor cuidado de favorecer la Fe y
Religion Cristiana, defendiendo á los que la tenian aunque ellos por
ventura no mereciesen por sus obras semejantes regalos y favores
del Cielo. Junto con esto es bien que no se condenen tan
absolutamente todas las cosas de los primeros Conquistadores de las
Indias, como algunos Letrados y Religiosos han hecho con buen celo
sin duda, pero demasiado. Porque aunque por la mayor parte fueron
hombres codiciosos, y ásperos, y muy ignorantes del modo de
proceder, que se habia de tener entre infieles, que jamás habian
ofendido á los Cristianos; pero tampoco se puede negar, que de
parte de los infieles hubo muchas maldades contra Dios y contra los
nuestros, que les obligaron á usar de rigor y castigo. Y lo que es
mas, el Señor de todos, aunque los fieles fueron pecadores, quiso
favorecer su causa y partido para bien de los mismos infieles que
habian de convertirse despues por esa ocasion al Santo Evangelio.
Porque los caminos de Dios son altos, y sus trazas maravillosas.
 CAPÍTULO XXVIII

De la disposicion que la divina providencia ordenó en

Indias para la entrada de la Religion Cristiana en
ellas.

Quiero dar fin á esta Historia de Indias, con declarar la admirable

traza, con que Dios dispuso y preparó la entrada del Evangelio en
ellas, que es mucho de considerar, para alabar y engrandecer el
saber y bondad del Criador. Por la relacion y discurso que en estos
libros he escrito, podrá cualquiera entender, que así en el Perú,
como en la Nueva-España, al tiempo que entraron los Cristianos,
habian llegado aquellos Reinos á lo sumo, y estaban en la cumbre de
su pujanza, pues los Incas poseian en el Perú desde el Reino de
Chile hasta pasado el de Quito, que son mil leguas; y estaban tan
servidos y ricos de oro, plata y todas riquezas. Y en Méjico,
Motezuma imperaba desde el mar Océano del norte hasta el mar del
sur, siendo temido y adorado, no como hombre, sino como Dios. A
este tiempo juzgó el Altísimo, que aquella piedra de Daniel[58], que
quebrantó los Reinos y Monarquías del mundo, quebrantase tambien
los de estotro mundo nuevo, y así como la Ley de Cristo vino,
cuando la Monarquía de Roma habia llegado á su cumbre, así
tambien fué en las Indias Occidentales: Y verdaderamente fué suma
providencia de el Señor. Porque el haber en el orbe una cabeza, y un
Señor temporal (como notan los Sagrados Doctores), hizo que el
Evangelio se pudiese comunicar con facilidad á tantas gentes y
naciones. Y lo mismo sucedió en las Indias, donde el haber llegado
la noticia de Cristo á las Cabezas de tantos Reinos y gentes, hizo que
con facilidad pasase por todas ellas. Y aun hay aquí un particular
notable, que como iban los Señores de Méjico y de el Cuzco
conquistando tierras, iban tambien introduciendo su lengua, porque
aunque hubo y hay muy gran diversidad de lenguas particulares y
propias; pero la lengua cortesana de el Cuzco corrió y corre hoy dia
mas de mil leguas, y la de Méjico debe correr poco menos. Lo cual
para facilitar la predicacion en tiempo que los Predicadores no
reciben el don de lenguas como antiguamente, no ha importado
poco, sino muy mucho. De cuanta ayuda haya sido para la
predicacion y conversion de las gentes la grandeza de estos dos
Imperios, que he dicho, mírelo quien quisiere en la suma dificultad
que se ha experimentado en reducir á Cristo los Indios que no
reconocen un Señor. Véanlo en la Florida, en el Brasil, en los Andes y
en otras cien partes, donde no se ha hecho tanto efecto, en
cincuenta años, como en el Perú y Nueva-España en menos de cinco
se hizo. Si dicen, que el ser rica esa tierra fué la causa, yo no lo
niego; pero esa riqueza era imposible haberla, ni conservarla, si no
hubiera Monarquía. Y eso mismo es traza de Dios, en tiempo que los
Predicadores de el Evangelio somos tan frios y falsos de espíritu, que
haya Mercaderes y Soldados que con el calor de la codicia y del
mando, busquen y hallen nuevas gentes, donde pasemos con
nuestra mercadería. Pues como San Agustin dice[59], la profecía de
Isaias se cumplió, en dilatarse la Iglesia de Cristianos, no solo á la
diestra, sino tambien á la siniestra, que es como él declara, crecer
por medios humanos y terrenos de hombres, que mas se buscan á
sí, que á Jesu-Cristo. Fué tambien grande providencia de el Señor,
que cuando fueron los primeros Españoles, hallaron ayuda en los
mismos Indios, por haber parcialidades, y grandes divisiones. En el
Perú está claro, que la division entre los dos hermanos Atahualpa y
Guascar, recien muerto el gran Rey Guaynacapa su padre, esa dió la
entrada al Marqués Don Francisco Pizarro, y á los Españoles,
queriéndolos por amigos cada uno de ellos, y estando ocupados en
Welcome to Our Bookstore - The Ultimate Destination for Book Lovers
Are you passionate about testbank and eager to explore new worlds of
knowledge? At our website, we offer a vast collection of books that
cater to every interest and age group. From classic literature to
specialized publications, self-help books, and children’s stories, we
have it all! Each book is a gateway to new adventures, helping you
expand your knowledge and nourish your soul
Experience Convenient and Enjoyable Book Shopping Our website is more
than just an online bookstore—it’s a bridge connecting readers to the
timeless values of culture and wisdom. With a sleek and user-friendly
interface and a smart search system, you can find your favorite books
quickly and easily. Enjoy special promotions, fast home delivery, and
a seamless shopping experience that saves you time and enhances your
love for reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!

ebooksecure.com