ICT-Beveiligingsrichtlijnen Voor Webapplicaties

Total Page:16

File Type:pdf, Size:1020Kb

ICT-Beveiligingsrichtlijnen Voor Webapplicaties ICT-Beveiligingsrichtlijnen voor Webapplicaties VERDIEPING ICT-Beveiligingsrichtlijnen voor Webapplicaties Nationaal Cyber Security Centrum Het Nationaal Cyber Security Centrum (NCSC) draagt via samenwerking tussen bedrijfsleven, overheid en wetenschap bij aan het vergroten van de weerbaarheid van de Nederlandse samenleving in het digitale domein. Het NCSC ondersteunt de Rijksoverheid en organisaties met een vitale functie VERDIEPING in de samenleving met het geven van expertise en advies, response op dreigingen en het versterken van de crisisbeheersing. Daarnaast voorziet het in informatie en advies voor burger, overheid en bedrijfsleven ten behoeve van bewustwording en preventie. Het NCSC is daarmee het centrale meld- en informatiepunt voor ICT-dreigingen en -veiligheidsinci- denten. Het NCSC is een onderdeel van de Directie Cyber Security van de Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV). Samenwerking en bronnen Deze beveiligingsrichtlijnen zijn opgesteld door het NCSC, in een nauwe samenwerking met het Centrum voor Informatiebeveiliging en Privacybescherming (CIP) en met meerdere deskundigen uit publieke en private organisaties. Hun bijdrage, de inhoudelijke reviews evenals openbaar toegankelijke bronnen hebben in sterke mate bijgedragen aan de inhoud van deze beveiligingsrichtlijnen. In bijlage C worden de individuele deskundigen die een bijdrage geleverd hebben met naam genoemd. INHOUDSOPGAVE Inleiding 4 U/PW.04 Isolatie van processen/bestanden 38 U/PW.05 Toegang tot beheermechanismen 39 Aanleiding voor de Beveiligingsrichtlijnen 5 U/PW.06 Platform-netwerkkoppeling 39 Webapplicaties 5 U/PW.07 Hardening van platformen 40 Doelgroep 5 U/PW.08 latform- en webserverarchitectuur 41 Doelstelling 5 Toepassing van de Richtlijnen 5 Netwerken 42 Prioriteit 5 U/NW.01 Operationeel beleid voor netwerken 43 Uitgangspunten 6 U/NW.02 Beschikbaarheid van netwerken 43 Context/scope 6 U/NW.03 Netwerkzonering 45 Verschil tussen versie 2012 en versie 2015 7 U/NW.04 Protectie- en detectiefunctie 48 Organisatie van de Richtlijnen 7 U/NW.05 Beheer- en productieomgeving 50 Onderhoud van de Richtlijnen 8 U/NW.06 Hardening van netwerken 51 Relatie met andere documenten 9 U/NW.07 Netwerktoegang tot webapplicaties 54 U/NW.08 Netwerkarchitectuur 54 Beleidsdomein 10 Beheersingsdomein (control) 56 B.01 Informatiebeveiligingsbeleid 11 B.02 Toegangsvoorzieningsbeleid 12 C.01 Servicemanagementbeleid 58 B.03 Risicomanagement 13 C.02 Compliancemanagement 58 B.04 Cryptografiebeleid 14 C.03 Vulnerability-assessments 59 B.05 Contractmanagement 15 C.04 Penetratietestproces 61 B.06 ICT-landschap 16 C.05 Technische controlefunctie 62 C.06 Logging 64 C.07 Monitoring 66 Uitvoeringsdomein 20 C.08 Wijzigingenbeheer 68 C.09 Patchmanagement 70 Toegangsvoorzieningsmiddelen 22 C.10 Beschikbaarheidbeheer 71 U/TV.01 Toegangsvoorzieningsmiddelen 23 C.11 Configuratiebeheer 72 Webapplicaties 24 U/WA.01 Operationeel beleid voor webapplicaties 25 Bijlagen 74 U/WA.02 Webapplicatiebeheer 25 U/WA.03 Webapplicatie-invoer 26 Bijlage A Conformiteitsindicatoren 75 U/WA.04 Webapplicatie-uitvoer 28 Bijlage B Afkortingen 81 U/WA.05 Betrouwbaarheid van gegevens 29 Bijlage C Referenties 85 U/WA.06 Webapplicatie-informatie 30 Bijlage D Aanvalsmethoden 87 U/WA.07 Webapplicatie-integratie 31 Bijlage E Kwetsbaarheden 90 U/WA.08 Webapplicatiesessie 31 E.1 Beleidsdomein 90 U/WA.09 Webapplicatiearchitectuur 32 E.2 Uitvoeringsdomein: webapplicaties 90 E.3 Uitvoeringsdomein: toegangsvoorziening 93 Platformen en webservers 34 E.4 Uitvoeringsdomein: platformen en webservers 100 U/PW.01 Operationeel beleid voor platformen en webservers 35 E.5 Uitvoeringsdomein: netwerken 101 U/PW.02 Webprotocollen 36 E.6 Beheersingsdomein (control) 102 U/PW.03 Webserver 37 Bijlage F Relatie versie 2012 en 2015 104 ICT-Beveiligingsrichtlijnen voor webapplicaties » Verdieping | 5 Aanleiding voor Doelgroep Dit document heeft drie primaire doelgroepen: de Beveiligingsrichtlijnen » De eerste doelgroep bestaat uit partijen die verantwoordelijk zijn Digitale informatie-uitwisseling is een essentieel onderdeel voor het stellen van beveiligingskaders en de controle op Inleiding geworden voor het functioneren van de Nederlandse samenleving. naleving hiervan. Hierbij kan worden gedacht aan securitymana- Betrouwbare digitale communicatie is van wezenlijk belang en gers en systeemeigenaren van de te leveren ICT-diensten. vraagt om voortdurende zorg. Dat dit geen makkelijke opgave is » De tweede doelgroep bestaat uit diegenen die betrokken zijn bij blijkt wel uit het veelvoud van incidenten. De Beveiligingsrichtlijnen het ontwerp- en ontwikkelproces, de implementatie en het bieden een leidraad naar een veiliger dienstverlening. beheer van webapplicaties. Deze doelgroep moet de beveiligings- richtlijnen implementeren. Bij deze doelgroep zijn drie partijen Deze ICT-Beveiligingsrichtlijnen voor Webapplicaties (hierna te onderscheiden: Richtlijnen genoemd) bestaan uit twee documenten die na › interne afdelingen. implementatie bijdragen aan een betere beveiliging van webappli- › externe leveranciers van software. caties bij organisaties en de (rijks)overheid. Het document › externe webhostingpartijen. Richtlijnen beschrijft de beveiligingsrichtlijnen voor webapplicaties » De derde doelgroep bestaat uit de controlerende instanties op hoofdniveau, bijbehorend beleid, uitvoering en beheersing. Dit (IT-auditors) die op basis van deze richtlijnen een objectieve document (Verdieping) vormt een ondersteunend document en ICT-beveiligingsassessment uitvoeren. beschrijft de beveiligingsrichtlijnen op detailniveau en geeft richting (handelingsperspectief ) met betrekking tot de implemen- tatie en controleerbaarheid van de beveiligingsrichtlijnen. Waar Doelstelling mogelijk worden concrete adviezen geven. Met de adviezen in dit Deze Richtlijnen geven een overzicht van beveiligingsmaatregelen deel kan worden voldaan aan de beveiligingsrichtlijnen uit het die aanbieders van webapplicaties kunnen nemen om een bepaalde document Richtlijnen. mate van veiligheid te bereiken. De beveiligingsmaatregelen hebben niet alleen betrekking op de webapplicatie, maar ook op de beheeromgeving en de omringende hard- en softwareomgeving die Webapplicaties noodzakelijk is om de webapplicatie te laten functioneren. Wanneer dit document spreekt over een webapplicatie, dan gaat het om een applicatie die bereikbaar is met een webbrowser of een andere client, die ondersteuning biedt voor het Hypertext Transfer Toepassing van de Richtlijnen Protocol (http). Kern van deze definitie is dat een webapplicatie Organisaties kunnen (een deel van) deze Richtlijnen voor bepaalde altijd bereikbaar is op basis van http of de met versleuteling toepassingsgebieden verheffen tot een normenkader. In tegenstel- beveiligde vorm hiervan: https (http secure). De functionaliteit die ling tot de beveiligingsrichtlijnen, die adviserend van aard zijn, is een webapplicatie kan bieden is onbeperkt. De techniek is echter een normenkader dwingend voor het toepassingsgebied. Ook altijd gebaseerd op de http-standaard zoals gedefinieerd in ‘Request kunnen de Richtlijnen worden gebruikt in aanbestedingen, het for Comments’ (RFC) 19451, 26162, 26173, 28174, 62655, 65856 en 75407. uitbesteden van dienstverlening en in onderlinge afspraken bij ketenprocessen. Afhankelijk van de aard en de specifieke kenmer- Ook bijbehorende infrastructuur, het koppelvlak met internet, de ken van de betreffende dienst kunnen beveiligingsrichtlijnen opslag van de gegevens en de netwerkservices worden in dit worden geselecteerd en kunnen de wegingsfactoren van de document beschouwd als aandachtsgebied. Voorbeelden van individuele beveiligingsrichtlijnen worden aangepast om de applicaties, die volgens deze definitie onder de noemer ‘webappli- gewenste situatie te weerspiegelen. catie’ vallen, zijn internetsites, extranetten, intranetten, software- as-a-service (SaaS)-applicaties, webservices en web-api’s. Prioriteit De prioriteit van elke beveiligingsrichtlijn wordt in algemene zin gewaardeerd volgens de classificatie Hoog, Midden of Laag. Deze 1 RFC 1945: Hypertext Transfer Protocol -- HTTP/1.0: http://www.ietf.org/rfc/rfc1945.txt 2 RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1: http://www.ietf.org/rfc/rfc2616.txt 3 RFC 2617: HTTP Authentication (Basic and Digest): http://www.ietf.org/rfc/rfc2617.txt 4 RFC 2817: Upgrading to TLS Within HTTP/1.1: http://www.ietf.org/rfc/rfc2817.txt 5 RFC 6265: HTTP State Management Mechanism: http://www.ietf.org/rfc/rfc6265.txt 6 RFC 6585: Additional HTTP Status Codes: http://www.ietf.org/rfc/rfc6585.txt 7 RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2): https://tools.ietf.org/html/rfc7540 6 | ICT-Beveiligingsrichtlijnen voor webapplicaties » Verdieping ICT-Beveiligingsrichtlijnen voor webapplicaties » Verdieping | 7 aanleiding geeft voor het invullen van deze aanvullende beveili- In bijlage F is een verwijzingstabel opgenomen waarin is aangege- drie classificaties vormen drie punten op een continuüm van Context/scope gingsmaatregelen dan wordt verwezen naar andere beveiligings- ven in welke richtlijn(en) iedere richtlijn uit 2012 is opgenomen. mogelijke waarden waarbij Hoog de sterkste mate van gewenstheid Deze Richtlijnen richten zich op de beveiliging van webapplicaties standaarden zoals ISO 27001 en ISO 27002. is (must have), Midden een redelijk sterke mate van gewenstheid is vanuit het oogpunt van de aanbiedende partij (de serverzijde). De (should have) en Laag een gewenste, maar niet noodzakelijke Richtlijnen richten zich niet op de clientinrichting
Recommended publications
  • Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • Web Security School Article #1
    Know your enemy: Why your Web site is at risk By Michael Cobb To the tag line for the Internet -- “Build it and they will come” -- I would add “...and try to crack it, deface it, abuse it, break it and steal it.” Hackers have more resources and time than even the largest organizations, and they don't suffer from the usual organizational constraints, such as office politics and budgets, that security practitioners face. In fact, hackers can show an almost enviable example of online collaboration, sharing information in order to achieve a result. This article will help you understand the tools, tactics and motives of the black hat community so that you have a better appreciation of the threats to your Web site and the system it runs on, and the importance of protecting them. Statistics to keep you awake at night In a test conducted over a two-week period in September 2004 by USA TODAY, there were 305,922 attempts to break into six computers connected to the Internet. The attacks literally began as soon as the computers went online, averaging more than 300 per hour against both a Windows XP Service Pack 1 machine with no firewall and an Apple Macintosh. There were more than 60 attacks per hour against a Windows Small Business Server. During the test, both of the Windows-based machines were compromised. These figures show how active the hacker community is. Any computer connected to the Internet is at risk, particularly a Web server. Although e-commerce Web sites receive more targeted attacks than any other type of Web site, it is no longer a question of if, but when your site will be probed.
    [Show full text]
  • Attacker Behaviour Forecasting Using Methods of Intelligent Data Analysis: a Comparative Review and Prospects
    information Review Attacker Behaviour Forecasting Using Methods of Intelligent Data Analysis: A Comparative Review and Prospects Elena Doynikova 1,*, Evgenia Novikova 1,2 and Igor Kotenko 1 1 St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg 199178, Russia; [email protected] (E.N.); [email protected] (I.K.) 2 Saint Petersburg Electrotechnical University “LETI”, Department of computer science and technology, St. Petersburg 197022, Russia * Correspondence: [email protected] Received: 18 February 2020; Accepted: 16 March 2020; Published: 23 March 2020 Abstract: Early detection of the security incidents and correct forecasting of the attack development is the basis for the efficient and timely response to cyber threats. The development of the attack depends on future steps available to the attackers, their goals, and their motivation—that is, the attacker “profile” that defines the malefactor behaviour in the system. Usually, the “attacker profile” is a set of attacker’s attributes—both inner such as motives and skills, and external such as existing financial support and tools used. The definition of the attacker’s profile allows determining the type of the malefactor and the complexity of the countermeasures, and may significantly simplify the attacker attribution process when investigating security incidents. The goal of the paper is to analyze existing techniques of the attacker’s behaviour, the attacker’ profile specifications, and their application for the forecasting of the attack future steps. The implemented analysis allowed outlining the main advantages and limitations of the approaches to attack forecasting and attacker’s profile constructing, existing challenges, and prospects in the area.
    [Show full text]
  • America Exposed Who’S Watching You Through Your Computer’S
    America Exposed Who’s Watching You Through Your Computer’s Camera? May 2017 By: James Scott, Senior Fellow, The Institute for Critical Infrastructure Technology 1 America Exposed Who’s Watching You Through Your Computer’s Camera May 2017 Authored by: James Scott, Sr. Fellow, ICIT Except for (1) brief quotations used in media coverage of this publication, (2) links to the www.icitech.org website, and (3) certain other noncommercial uses permitted as fair use under United States copyright law, no part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher. For permission requests, contact the Institute for Critical Infrastructure Technology. Copyright © 2017 Institute for Critical Infrastructure Technology – All Rights Reserved ` 2 Support ICIT & Increase Webcam Privacy CamPatch®, the world’s leading manufacturer of webcam covers, is proud to donate 100% of net proceeds to ICIT. Custom Branded Webcam Covers are a powerful tool for security training initiatives, and are a valuable and impactful promotional giveaway item. Visit www.CamPatch.com or contact [email protected] to learn more. Upcoming Events The Annual ICIT Forum June 7, 2017, The Four Seasons Washington D.C. www.icitforum.org ` 3 Contents Are You Being Watched? .............................................................................................................................. 4 Computing Devices
    [Show full text]
  • Group Project
    Awareness & Prevention of Black Hat Hackers Mohamed Islam & Yves Francois IASP 470 History on Hacking • Was born in MIT’s Tech Model Railway Club in 1960 • Were considered computer wizards who had a passion for exploring electronic systems • Would examine electronic systems to familiarize themselves with the weaknesses of the system • Had strict ethical codes • As computers became more accessible hackers were replaced with more youthful that did not share the same ethical high ground. Types of Hackers • Script Kiddie: Uses existing computer scripts or code to hack into computers usually lacking the expertise to write their own. Common script kiddie attack is DoSing or DDoSing. • White Hat: person who hacks into a computer network to test or evaluate its security system. They are also known as ethical hackers usually with a college degree in IT security. • Black Hat: Person who hacks into a computer network with malicious or criminal intent. • Grey Hat: This person falls between white and black hat hackers. This is a security expert who may sometimes violate laws or typical ethical standards but does not have the malicious intent associated with a black hat hacker. • Green Hat: Person who is new to the hacking world but is passionate about the craft and works vigorously to excel at it to become a full-blown hacker • Red Hat: Security experts that have a similar agenda to white hat hackers which is stopping black hat hackers. Instead of reporting a malicious attack like a white hat hacker would do they would and believe that they can and will take down the perpretrator.
    [Show full text]
  • WHAT IS ETHICAL HACKING? > Table of Contents
    Cracking The Code < WHAT IS ETHICAL HACKING? > Table of Contents WHAT IS HACKING? ................................................... 04 WHAT ARE THE DIFFERENT TYPES OF HACKERS? .................................................. 05 White Hat Hackers ................................................................... 05 Black Hat Hackers .................................................................... 05 Gray Hat Hackers..................................................................... 05 Blue Hat Hackers ..................................................................... 06 Script Kiddie ............................................................................ 06 Hacktivist ................................................................................. 06 WHY IS ETHICAL HACKING IMPORTANT? .............................................. 07 WHAT ARE ETHICAL HACKERS TARGETING? ............................................... 08 Web Application Testing .......................................................... 08 Mobile App Testing.................................................................. 08 Social Engineering Testing ....................................................... 08 Wireless Technology Testing .................................................... 09 What Motivates Ethical Hackers .............................................. 09 IS HACKING LEGAL? .................................................... 10 WHAT YOU NEED TO BECOME A WHITE HAT HACKER ................................................ 11 CAREER OUTLOOK .....................................................
    [Show full text]
  • Hacking for Dummies.Pdf
    01 55784X FM.qxd 3/29/04 4:16 PM Page i Hacking FOR DUMmIES‰ by Kevin Beaver Foreword by Stuart McClure 01 55784X FM.qxd 3/29/04 4:16 PM Page v 01 55784X FM.qxd 3/29/04 4:16 PM Page i Hacking FOR DUMmIES‰ by Kevin Beaver Foreword by Stuart McClure 01 55784X FM.qxd 3/29/04 4:16 PM Page ii Hacking For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 Copyright © 2004 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis- sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, e-mail: permcoordinator@ wiley.com. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
    [Show full text]
  • The Tools and Methodologies of the Script Kiddie
    The Tools and Methodologies of the Script Kiddie Know Your Enemy Lance Spitzner http://www.enteract.com/~lspitz/papers.html Last Modified: 21 July, 2000 My commander used to tell me that to secure yourself against the enemy, you have to first know who your enemy is. This military doctrine readily applies to the world of network security. Just like the military, you have resources that you are trying to protect. To help protect these resources, you need to know who your threat is and how they are going to attack. This article, the first of a series, does just that, it discusses the tools and methodology of one of the most common and universal threats, the Script Kiddie. If you or your organization has any resources connected to the Internet, this threat applies to you. Know Your Enemy: II focuses on how you can detect these threats, identify what tools they are using and what vulnerabilities they are looking for. Know Your Enemy: III focuses on what happens once they gain root. Specifically, how they cover their tracks and what they do next. Know Your Enemy: Forensics covers how you can analyze such an attack. Finally, Know Your Enemy: Motives, the result of a group project, uncovers the motives and psychology of some members of the black-hat community, in their own words. Who is the Script Kiddie The script kiddie is someone looking for the easy kill. They are not out for specific information or targeting a specific company. Their goal is to gain root the easiest way possible.
    [Show full text]
  • Hacking Healthcare IT in 2016
    Introduction: ................................................................................................................................................. 1 The Healthcare System’s Adversaries: .......................................................................................................... 8 Script Kiddies: .......................................................................................................................................... 12 Hacktivists: .............................................................................................................................................. 12 Cyber Criminals: ...................................................................................................................................... 16 Cyberterrorist: ......................................................................................................................................... 17 Nation State Actors: ................................................................................................................................ 18 A Multipronged Approach to Meaningful Cybersecurity ............................................................................ 22 People: .................................................................................................................................................... 22 Policies & Procedures: ............................................................................................................................ 31 Technical Controls: .................................................................................................................................
    [Show full text]
  • An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p. ii ABSTRACT This dissertation examines both the subculture and social organization practices of computer hackers. The concept of normative orders (Herbert, 1998: 347) is used to explore hacker subculture in different contexts.
    [Show full text]
  • Network Security in Virtualized Data Centers for Dummies®
    These materials are the copyright of John Wiley & Sons, Inc. and any dissemination, distribution, or unauthorized use is strictly prohibited. Network Security in Virtualized Data Centers FOR DUMmIES‰ by Lawrence C. Miller, CISSP These materials are the copyright of John Wiley & Sons, Inc. and any dissemination, distribution, or unauthorized use is strictly prohibited. Network Security in Virtualized Data Centers For Dummies® Published by John Wiley & Sons, Inc. 111 River St. Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2012 by John Wiley & Sons, Inc., Hoboken, New Jersey Published by John Wiley & Sons, Inc., Hoboken, New Jersey No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. Palo Alto Networks and the Palo Alto Networks logo are trademarks or registered trademarks of Palo Alto Networks, Inc.
    [Show full text]