Network Defense and

Countermeasures: Principles and

Practices 3rd Edition Chuck Easttom
Visit to download the full and correct content document:
https://textbookfull.com/product/network-defense-and-countermeasures-principles-an
d-practices-3rd-edition-chuck-easttom/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Security Policies and Implementation Issues 3rd Edition

Robert Johnson Chuck Easttom

https://textbookfull.com/product/security-policies-and-
implementation-issues-3rd-edition-robert-johnson-chuck-easttom/

Computer Security Fundamentals, 4th Edition Chuck

Easttom

https://textbookfull.com/product/computer-security-
fundamentals-4th-edition-chuck-easttom/

Certified Ethical Hacker (CEH) Exam Cram. 1st Edition

William Chuck Easttom.

https://textbookfull.com/product/certified-ethical-hacker-ceh-
exam-cram-1st-edition-william-chuck-easttom/

Corporate Governance: Principles, Policies and

Practices 3rd Edition E. K. Satheesh

https://textbookfull.com/product/corporate-governance-principles-
policies-and-practices-3rd-edition-e-k-satheesh/
Language Assessment: Principles and Classroom Practices
3rd Edition H. Douglas Brown

https://textbookfull.com/product/language-assessment-principles-
and-classroom-practices-3rd-edition-h-douglas-brown/

Internet of Things Security: Principles, Applications,

Attacks, and Countermeasures 1st Edition Gupta

https://textbookfull.com/product/internet-of-things-security-
principles-applications-attacks-and-countermeasures-1st-edition-
gupta/

MGMT Principles of Management Ninth Edition Chuck

Williams

https://textbookfull.com/product/mgmt-principles-of-management-
ninth-edition-chuck-williams/

MGMT Principles of Management Third Canadian Edition

Chuck Williams

https://textbookfull.com/product/mgmt-principles-of-management-
third-canadian-edition-chuck-williams/

Hands-On Ethical Hacking and Network Defense Third

Edition Michael T. Simpson

https://textbookfull.com/product/hands-on-ethical-hacking-and-
network-defense-third-edition-michael-t-simpson/
Network Defense and
Countermeasures
Principles and Practices

Third Edition

Chuck Easttom

800 East 96th Street, Indianapolis, Indiana 46240 USA

Network Defense and Countermeasures Editor-in-Chief
Mark Taub
Copyright © 2018 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or Product Line Manager
transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without Brett Bartow
written permission from the publisher. No patent liability is assumed with respect to the use of
the information contained herein. Although every precaution has been taken in the preparation of Executive Editor
this book, the publisher and author assume no responsibility for errors or omissions. Nor is any Mary Beth Ray
liability assumed for damages resulting from the use of the information contained herein.
ISBN-13: 978-0-7897-5996-2 Development Editor
Ellie C. Bru
ISBN-10: 0-7897-5996-9
Library of Congress Control Number: 2018933854 Managing Editor
Printed in the United States of America Sandra Schroeder
1 18 Senior Project Editor
Tonya Simpson
Trademarks
All terms mentioned in this book that are known to be trademarks or service marks have Copy Editor
been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this Bill McManus
information. Use of a term in this book should not be regarded as affecting the validity of any
trademark or service mark.
Indexer
Microsoft and/or its respective suppliers make no representations about the suitability of Erika Millen
the information contained in the documents and related graphics published as part of the
services for any purpose. All such documents and related graphics are provided “as is” without Proofreader
warranty of any kind. Microsoft and/ or its respective suppliers hereby disclaim all warranties
Abigail Manheim
and conditions with regard to this information, including all warranties and conditions of
merchantability, whether express, implied or statutory, fitness for a particular purpose, title and
non-infringement. In no event shall Microsoft and/or its respective suppliers be liable for any Technical Editors
special, indirect or consequential damages or any damages whatsoever resulting from loss of Akhil Behl
use, data or profits, whether in an action of contract, negligence or other tortious action, arising Steve Kalman
out of or in connection with the use or performance of information available from the services.
The documents and related graphics contained herein could include technical inaccuracies Publishing Coordinator
or typographical errors. Changes are periodically added to the information herein. Microsoft Vanessa Evans
and/or its respective suppliers may make improvements and/or changes in the product(s)
and/or the program(s) described herein at any time. Partial screenshots may be viewed in full Cover Designer
within the software version specified. Chuti Prasertsith
Microsoft® and Windows® are registered trademarks of the Microsoft Corporation in
the U.S.A. and other countries. Screenshots and icons reprinted with permission from the Compositor
Microsoft Corporation. This book is not sponsored or endorsed by or affiliated with the codemantra
Microsoft Corporation.

Warning and Disclaimer

Every effort has been made to make this book as complete and as accurate as possible, but
no warranty or fitness is implied. The information provided is on an “as is” basis. The author
and the publisher shall have neither liability nor responsibility to any person or entity with
respect to any loss or damages arising from the information contained in this book.

Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities
(which may include electronic versions; custom cover designs; and content particular to your
business, training goals, marketing focus, or branding interests), please contact our corporate
sales department at [email protected] or (800) 382-3419.
For government sales inquiries, please contact [email protected].
For questions about sales outside the U.S., please contact [email protected].
Contents at a Glance
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
1 Introduction to Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Types of Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3 Fundamentals of Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
4 Firewall Practical Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
5 Intrusion-Detection Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
6 Encryption Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
7 Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
8 Operating System Hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
9 Defending Against Virus Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
10 Defending against Trojan Horses, Spyware, and Adware . . . . . . . . . . . . . . . . . . 268
11 Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
12 Assessing System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
13 Security Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
14 Physical Security and Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
15 Techniques Used by Attackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
16 Introduction to Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
17 Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Appendix A: Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

iii
Table of Contents
Chapter 1: Introduction to Network Security 2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
The Basics of a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Basic Network Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Data Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Uniform Resource Locators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
ipconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
tracert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
netstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
The OSI Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
What Does This Mean for Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Assessing Likely Threats to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Classifications of Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Compromising System Security—Intrusions . . . . . . . . . . . . . . . . . . . . . . 21
Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Likely Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Threat Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Understanding Security Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Hacking Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Security Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Choosing a Network Security Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Perimeter Security Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

iv Table of Contents
 Layered Security Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Hybrid Security Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Network Security and the Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Using Security Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 2: Types of Attacks 40
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Understanding Denial of Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
DoS in Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
SYN Flood . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Smurf Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Ping of Death . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
UDP Flood . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
ICMP Flood . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
DHCP Starvation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
HTTP Post DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
PDoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Distributed Reflection Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . 50
DoS Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Real-World Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Defending Against DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Defending Against Buffer Overflow Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Defending Against IP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Defending Against Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Blocking Virus and Trojan Horse Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Types of Viruses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Table of Contents v
Chapter 3: Fundamentals of Firewalls 76
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
What Is a Firewall? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Types of Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Packet Filtering Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Stateful Packet Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Application Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Circuit Level Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Hybrid Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Blacklisting/Whitelisting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Implementing Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Host-Based . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Dual-Homed Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Router-Based Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Screened Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Selecting and Using a Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Using a Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Using Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
The WinGate Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Chapter 4: Firewall Practical Applications 100
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Using Single Machine Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Windows 10 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
User Account Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

vi Table of Contents
Linux Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Iptables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Symantec Norton Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
McAfee Personal Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Using Small Office/Home Office Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
SonicWALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
D-Link DFL-2560 Office Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Using Medium-Sized Network Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Check Point Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Cisco Next-Generation Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Using Enterprise Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Chapter 5: Intrusion-Detection Systems 122
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Understanding IDS Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Preemptive Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Anomaly Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
IDS Components and Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Understanding and Implementing IDSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Snort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Cisco Intrusion-Detection and Prevention . . . . . . . . . . . . . . . . . . . . . . . 127
Understanding and Implementing Honeypots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Specter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Symantec Decoy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Intrusion Deflection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Intrusion Deterrence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Table of Contents vii

Chapter 6: Encryption Fundamentals 140
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
The History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
The Caesar Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
ROT 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Atbash Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Multi-Alphabet Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Rail Fence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Vigenère . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Enigma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Binary Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Learning About Modern Encryption Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Symmetric Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Key Stretching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
PRNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Public Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Identifying Good Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Understanding Digital Signatures and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
PGP Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
MD5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
SHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
RIPEMD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
HAVAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Understanding and Using Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Cracking Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
John the Ripper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Using Rainbow Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

viii Table of Contents

 Using Other Password Crackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
General Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Steganalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Quantum Computing and Quantum Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Chapter 7: Virtual Private Networks 176
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Basic VPN Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Using VPN Protocols for VPN Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
PPTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
PPTP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
L2TP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
L2TP Compared to PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
SSL/TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Implementing VPN Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Cisco Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Service Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Openswan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Other Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Chapter 8: Operating System Hardening 202
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Configuring Windows Properly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Accounts, Users, Groups, and Passwords . . . . . . . . . . . . . . . . . . . . . . . 203
Setting Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Registry Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Table of Contents ix
 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Encrypting File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Configuring Linux Properly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Patching the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Configuring Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Securing Browser Settings for Microsoft Internet Explorer . . . . . . . . . . 225
Other Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Chapter 9: Defending Against Virus Attacks 236
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Understanding Virus Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
What Is a Virus? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
What Is a Worm? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
How a Virus Spreads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
The Virus Hoax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Types of Viruses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Virus Scanning Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Commercial Antivirus Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Antivirus Policies and Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Additional Methods for Defending Your System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
What to Do If Your System Is Infected by a Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Stopping the Spread of the Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Removing the Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Finding Out How the Infection Started . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

x Table of Contents
Chapter 10: Defending Against Trojan Horses, Spyware, and Adware 268
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Identifying Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Symptoms of a Trojan Horse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Why So Many Trojan Horses? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Preventing Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Spyware and Adware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Identifying Spyware and Adware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Anti-Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Anti-Spyware Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Chapter 11: Security Policies 290
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Internet Use Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
E-mail Attachments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Software Installation and Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Desktop Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Final Thoughts on User Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Defining System Administration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
New Employees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Leaving Employees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Change Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Security Breaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Defining Developmental Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Table of Contents xi
Chapter 12: Assessing System Security 312
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Risk Assessment Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Evaluating the Security Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Conducting the Initial Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Physical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Probing the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
NetCop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
NetBrute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Cerberus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Port Scanner for Unix: SATAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
SAINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
NetStat Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Active Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Other Port Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Microsoft Baseline Security Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
NSAuditor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
NMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
CVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
NIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
OWASP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
McCumber Cube . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Information States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Safeguards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

xii Table of Contents

Security Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Physical Security Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Policy and Personnel Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Probe Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Network Protection Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Chapter 13: Security Standards 350
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
COBIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
ISO Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
NIST Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
NIST SP 800-14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
NIST SP 800-35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
NIST SP 800-30 Rev. 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
U.S. DoD Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Using the Orange Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
D - Minimal Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
C - Discretionary Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
B - Mandatory Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
A - Verified Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Using the Rainbow Series. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Using the Common Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Using Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Bell-LaPadula Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Biba Integrity Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Clark-Wilson Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Chinese Wall Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
State Machine Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Table of Contents xiii

U.S. Federal Regulations, Guidelines, and Standards . . . . . . . . . . . . . . . . . . . . . . . . 373
The Health Insurance Portability & Accountability
Act of 1996 (HIPAA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
HITECH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Sarbanes-Oxley (SOX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030 . . . . . . 374
Fraud and Related Activity in Connection with Access Devices:
18 U.S. Code § 1029 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
General Data Protection Regulation (GDPR) . . . . . . . . . . . . . . . . . . . . . . 375
PCI DSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Chapter 14: Physical Security and Disaster Recovery 382
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Equipment Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Securing Building Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Fire Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
General Premises Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Disaster Recovery Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Business Continuity Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Determining Impact on Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Testing Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Disaster Recovery Related Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Ensuring Fault Tolerance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

xiv Table of Contents

Chapter 15: Techniques Used by Attackers 396
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Preparing to Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Passively Searching for Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Active Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
NSAuditor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Enumerating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Shodan.io . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Manual Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
The Attack Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Physical Access Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Remote Access Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Wi-Fi Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Chapter 16: Introduction to Forensics 420
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
General Forensics Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
EU Evidence Gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Scientific Working Group on Digital Evidence. . . . . . . . . . . . . . . . . . . . . 422
U.S. Secret Service Forensics Guidelines . . . . . . . . . . . . . . . . . . . . . . . . 422
Don’t Touch the Suspect Drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Leave a Document Trail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Secure the Evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
FBI Forensics Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424

Table of Contents xv
Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
In the Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
In System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Recovering Deleted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Operating System Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
The Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Gathering Evidence from a Cell Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Logical Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Physical Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Chip-off and JTAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Cellular Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Cell Phone Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Forensic Tools to Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
AccessData Forensic Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
EnCase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
The Sleuth Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
OSForensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Forensic Science . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
To Certify or Not to Certify? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Chapter 17: Cyber Terrorism 444
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Defending Against Computer-Based Espionage . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Defending Against Computer-Based Terrorism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Economic Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Compromising Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
General Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
China Eagle Union . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454

xvi Table of Contents

Choosing Defense Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Defending Against Information Warfare. . . . . . . . . . . . . . . . . . . . . . . . . . 456
Propaganda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Information Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Actual Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Packet Sniffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Appendix A: Answers 470
Glossary 480

Index 490

Table of Contents xvii

xviii

Preface
The hottest topic in the IT industry today is computer security. The news is replete with stories of
hacking, viruses, and identity theft. The cornerstone of security is defending the organizational
network. Network Defense and Countermeasures: Principles and Practices offers a comprehensive
overview of network defense. It introduces students to network security threats and methods for
defending the network. Three entire chapters are devoted to firewalls and intrusion-detection systems.
There is also a chapter providing a basic introduction to encryption. Combining information on the
threats to networks, the devices and technologies used to ensure security, as well as concepts such as
encryption provides students with a solid, broad-based approach to network defense.
This book provides a blend of theoretical foundations and practical applications. Each chapter ends
with multiple choice questions and exercises, and most chapters also have projects. Students who
successfully complete this textbook, including the end of chapter material, should have a solid under-
standing of network security. Throughout the book the student is directed to additional resources that
can augment the material presented in the chapter.

Audience
This book is designed primarily as a textbook for students who have a basic understanding of how
networks operate, including basic terminology, protocols, and devices. Students do not need to have an
extensive math background or more than introductory computer courses.

Overview of the Book

This book will walk you through the intricacies of defending your network against attacks. It begins
with a brief introduction to the field of network security in Chapter 1, “Introduction to Network
Security.” Chapter 2, “Types of Attacks,” explains the threats to a network—including denial of service
attacks, buffer overflow attacks, and viruses.
Chapter 3, “Fundamentals of Firewalls,” Chapter 4, “Firewall Practical Applications,” Chapter 5,
“Intrusion-Detection Systems,” and Chapter 7, “Virtual Private Networks,” give details on various
security technologies including firewalls, intrusion-detection systems, and VPNs. These items are the
core of any network’s security, so a significant portion of this book is devoted to ensuring the reader
fully understands both the concepts behind them and the practical applications. In every case, practical
direction for selecting appropriate technology for a given network is included.
Chapter 6, “Encryption Fundamentals,” provides a solid introduction to encryption. This topic is
critical because ultimately computer systems are simply devices for storing, transmitting, and manipu-
lating data. No matter how secure the network is, if the data it transmits is not secure then there is a
significant danger.
 xix

Chapter 8, “Operating System Hardening,” teaches operating system hardening. Chapter 9, “Defending
Against Virus Attacks,” and Chapter 10, “Defending Against Trojan Horses, Spyware, and Adware,”
give the reader specific defense strategies and techniques to guard against the most common network
dangers. Chapter 11, “Security Policies,” gives readers an introduction to security policies.
Chapter 12, “Assessing System Security,” teaches the reader how to do an assessment of a network’s
security. This includes guidelines for examining policies as well as an overview of network assessment
tools. Chapter 13, “Security Standards,” gives an overview of common security standards such as the
Orange Book and the Common Criteria. This chapter also discusses various security models such as
Bell-LaPadula. Chapter 14, “Physical Security and Disaster Recovery,” examines the often-overlooked
topic of physical security as well as disaster recovery, which is a key part of network security.
Chapter 15, “Techniques Used by Attackers,” provides the tools necessary to “know your enemy,”
by examining basic hacking techniques and tools as well as strategies for mitigating hacker attacks.
Chapter 16, “Introduction to Forensics,” helps you understand basic forensics principles in order to
properly prepare for investigation if you or your company become the victim of a computer crime.
Chapter 17, “Cyber Terrorism,” discusses computer-based espionage and terrorism, two topics of
growing concern for the computer security community but often overlooked in textbooks.

About the Author

Chuck Easttom is a computer scientist, author, and inventor. He has authored 25 other books on
programming, Web development, security, and Linux. He has also authored dozens of research papers
on a wide range of computer science and cyber security topics. He is an inventor with 13 computer
science patents. Chuck holds more than 40 different industry certifications. He also is a frequent
presenter/speaker at computer and cyber security conferences such as Defcon, ISC2 Security Congress,
Secure World, IEEE workshops, and more.
You can reach Chuck at his website (www.chuckeasttom.com) or by e-mail at [email protected].
xx

Dedication
This book is dedicated to all the people working in the
computer security field, diligently working to make
computer networks safer.

Acknowledgments
While only one name goes on the cover of this book, it is hardly the work of just one person. I would
like to take this opportunity to thank a few of the people involved. First of all, the editing staff at
Pearson worked extremely hard on this book. Without them this project would simply not be possible. I
would also like to thank my wife, Teresa, for all her support while working on this book. She is always
very supportive in all my endeavors, a one-woman support team!

About the Technical Reviewers

Akhil Behl, CCIE No. 19564, is a passionate IT executive with key focus on cloud and security. He has
more than 15 years of experience in the IT industry working in several leadership, advisory, consul-
tancy, and business development profiles with various organizations. His technology and business
specialization includes cloud, security, infrastructure, data center, and business communication
technologies.
Akhil has authored multiple titles on security and business communication technologies. He has
contributed as technical editor for a number of books on network and information security. He has
published several research papers in national and international journals, including IEEE Xplore, and
presented at various IEEE conferences, as well as other prominent ICT, security, and telecom events.
Akhil also holds CCSK, CHFI, PMP, ITIL, VCP, TOGAF, CEH, ISM, and several other industry certi-
fications. He has bachelor’s in technology degree and an MBA.
Steve Kalman is both an attorney and a professional security expert. He holds the following creden-
tials from (ISC)2 for whom he worked as an authorized instructor: CISSP, CCFP-US, CSSLP, ISSMP,
ISSAP, HCISPP, SSCP. Steve has been author or technical editor for more than 20 Pearson/Cisco Press
books.
 xxi

We Want to Hear from You!

As the reader of this book, you are our most important critic and commentator. We value your opinion
and want to know what we're doing right, what we could do better, what areas you'd like to see us
publish in, and any other words of wisdom you're willing to pass our way.
We welcome your comments. You can email or write to let us know what you did or didn't like about
this book—as well as what we can do to make our books better.
Please note that we cannot help you with technical problems related to the topic of this book.
When you write, please be sure to include this book’s title and author as well as your name and email
address. We will carefully review your comments and share them with the author and editors who
worked on the book.
Email: [email protected]
Mail: Pearson IT Certification
ATTN: Reader Feedback
800 East 96th Street
Indianapolis, IN 46240 USA

Reader Services
Register your copy of Network Defense and Countermeasures at www.pearsonitcertification.com for
convenient access to downloads, updates, and corrections as they become available. To start the regis-
tration process, go to www.pearsonitcertification.com/register and log in or create an account*. Enter
the product ISBN 9780789759962 and click Submit. When the process is complete, you will find any
available bonus content under Registered Products.

*Be sure to check the box that you would like to hear from us to receive exclusive discounts on future
editions of this product.
 Chapter 1
Introduction to Network Security
Chapter Objectives
After reading this chapter and completing the exercises, you will be able
to do the following:
■ Identify the most common dangers to networks.
■ Understand basic networking.
■ Employ basic security terminology.
■ Find the best approach to network security for your organization.
■ Evaluate the legal issues that will affect your work as a network administrator.
■ Use resources available for network security.

Introduction
Finding a week without some major security breach in the news is difficult. University web servers
hacked, government computers hacked, banks’ data compromised, health information exposed—the
list goes on. It also seems as if each year brings more focus to this issue. Finding anyone in any indus-
trialized nation who had not heard of things such as websites being hacked and identities stolen would
be difficult.
More venues for training also exist now. Many universities offer Information Assurance degrees from
the bachelor’s level up through the doctoral level. A plethora of industry certification training programs
are available, including the CISSP, EC Council’s CEH, Mile2 Security, SANS, and CompTIA’s
Security+. There are also now a number of universities offering degrees in cyber security, including
distance learning degrees.
Despite this attention from the media and the opportunities to acquire security training, far too many
computer professionals—including a surprising number of network administrators—do not have a

2
 The Basics of a Network 3

clear understanding of the type of threats to which network systems are exposed, or which ones are
most likely to actually occur. Mainstream media focuses attention on the most dramatic computer
security breaches rather than giving an accurate picture of the most plausible threat scenarios.
This chapter looks at the threats posed to networks, defines basic security terminology, and lays the
foundation for concepts covered in the chapters that follow. The steps required to ensure the integrity
and security of your network are methodical and, for the most part, already outlined. By the time you
complete this book, you will be able to identify the most common attacks, explain how they are perpe-
trated in order to prevent them, and understand how to secure your data transmissions.

The Basics of a Network

Before diving into how to protect your network, exploring what networks are would probably be a good
idea. For many readers this section will be a review, but for some it might be new material. Whether
this is a review for you, or new information, having a thorough understanding of basic networking
before attempting to study network security is critical. Also, be aware this is just a brief introduction to
basic networking concepts. Many more details are not explored in this section.
A network is simply a way for machines/computers to communicate. At the physical level, it consists
of all the machines you want to connect and the devices you use to connect them. Individual machines
are connected either with a physical connection (a category 5 cable going into a network interface card,
or NIC) or wirelessly. To connect multiple machines together, each machine must connect to a hub
or switch, and then those hubs/switches must connect together. In larger networks, each subnetwork
is connected to the others by a router. We look at many attacks in this book (including several in
Chapter 2, “Types of Attacks”) that focus on the devices that connect machines together on a network
(that is, routers, hubs, and switches). If you find this chapter is not enough, this resource might
assist you: http://compnetworking.about.com/od/basicnetworkingconcepts/Networking_Basics_Key_
Concepts_in_Computer_Networking.htm.

Basic Network Structure

Some connection point(s) must exist between your network and the outside world. A barrier is set up
between that network and the Internet, usually in the form of a firewall. Many attacks discussed in this
book work to overcome the firewall and get into the network.
The real essence of networks is communication—allowing one machine to communicate with another.
However, every avenue of communication is also an avenue of attack. The first step in understanding
how to defend a network is having a detailed understanding of how computers communicate over a
network.
The previously mentioned network interface cards, switches, routers, hubs, and firewalls are the funda-
mental physical pieces of a network. The way they are connected and the format they use for commu-
nication is the network architecture.
4 CHAPTER 1 Introduction to Network Security

Data Packets
After you have established a connection with the network (whether it is physical or wireless), you
need to send data. The first part is to identify where you want to send it. We will start off discussing IP
version 4 addresses; we will look at IPv6 a bit later in this chapter. All computers (as well as routers)
have an IP address that is a series of four numbers between 0 and 255 and separated by periods, such
as 192.0.0.5 (note that this is an IPv4 address). The second part is to format the data for transmission.
All data is ultimately in binary form (1s and 0s). This binary data is put into packets, all less than
about 65,000 bytes. The first few bytes are the header. That header tells where the packet is going,
where it came from, and how many more packets are coming as part of this transmission. There is
actually more than one header, but for now, we will just discuss the header as a single entity. Some
attacks that we will study (IP spoofing, for example) try to change the header of packets to give
false information. Other methods of attack simply try to intercept packets and read the content (thus
compromising the data).
A packet can have multiple headers. In fact, most packets will have at least three headers. The IP
header has information such as IP addresses for the source and destination, as well as what protocol the
packet is. The TCP header has information such as port number. The Ethernet header has information
such as the MAC address for the source and destination. If a packet is encrypted with Transport Layer
Security (TLS), it will also have a TLS header.

IP Addresses
The first major issue to understand is how to get packets to their proper destination. Even a small
network has many computers that could potentially be the final destination of any packet sent. The
Internet has millions of computers spread out across the globe. How do you ensure that a packet gets to
its proper destination? The problem is not unlike addressing a letter and ensuring it gets to the correct
destination. Let’s begin by looking at IP version 4 addressing because it is the most common in use
today, but this section also briefly discusses IP version 6.
An IP version 4 address is a series of four three-digit numbers separated by periods. (An example
is 107.22.98.198.) Each of the three-digit numbers must be between 0 and 255. You can see that an
address of 107.22.98.466 would not be a valid one. The reason for this rule is that these addresses are
actually four binary numbers: The computer simply displays them to you in decimal format. Recall
that 1 byte is 8 bits (1s and 0s), and an 8-bit binary number converted to decimal format will be
between 0 and 255. The total of 32 bits means that approximately 4.2 billion possible IP version 4
addresses exist.
The IP address of a computer tells you a lot about that computer. The first byte (or the first decimal
number) in an address tells you to what class of network that machine belongs. Table 1-1 summarizes
the five network classes.
 The Basics of a Network 5

TABLE 1-1 Network Classes

Class IP Range for the First Byte Use

A 0–126 Extremely large networks. No Class A network IP addresses are
left. All have been used.

B 128–191 Large corporate and government networks. All Class B IP

addresses have been used.

C 192–223 The most common group of IP addresses. Your ISP probably

has a Class C address.

D 224–247 These are reserved for multicasting (transmitting different data

on the same channel).

E 248–255 Reserved for experimental use.

These five classes of networks will become more important later in this book (or should you decide
to study networking on a deeper level). Observe Table 1-1 carefully, and you probably will discover
that the IP range of 127 was not listed. This omission is because that range is reserved for testing. The
IP address of 127.0.0.1 designates the machine you are on, regardless of that machine’s assigned IP
address. This address is often referred to as the loopback address. That address will be used often in
testing your machine and your NIC. We will examine its use a bit later in this chapter in the section on
network utilities.
These particular classes are important as they tell you what part of the address represents the network
and what part represents the node. For example, in a Class A address, the first octet represents the
network, and the remaining three represent the node. In a Class B address, the first two octets represent
the network, and the second two represent the node. And finally, in a Class C address, the first three
octets represent the network, and the last represents the node.
There are also some very specific IP addresses and IP address ranges you should be aware of. The first,
as previously mentioned, is 127.0.0.1, or the loopback address. It is another way of referring to the
network interface card of the machine you are on.
Private IP addresses are another issue to be aware of. Certain ranges of IP addresses have been desig-
nated for use within networks. These cannot be used as public IP addresses but can be used for internal
workstations and servers. Those IP addresses are

■ 10.0.0.10 to 10.255.255.255
■ 172.16.0.0 to 172.31.255.255
■ 192.168.0.0 to 192.168.255.255
6 CHAPTER 1 Introduction to Network Security

Sometimes people new to networking have some trouble understanding public and private IP addresses.
A good analogy is an office building. Within a single office building, each office number must be
unique. You can only have one 305. And within that building, if you discuss office 305 it is immedi-
ately clear what you are talking about. But there are other office buildings, many of which have their
own office 305. You can think of private IP addresses as office numbers. They must be unique within
their network, but there may be other networks with the same private IP.
Public IP addresses are more like traditional mailing addresses. Those must be unique worldwide.
When communicating from office to office you can use the office number, but to get a letter to another
building you have to use the complete mailing address. It is much the same with networking. You can
communicate within your network using private IP addresses, but to communicate with any computer
outside your network, you have to use public IP addresses.
One of the roles of a gateway router is to perform what is called network address translation (NAT).
Using NAT, a router takes the private IP address on outgoing packets and replaces it with the public IP
address of the gateway router so that the packet can be routed through the Internet.
We have already discussed IP version 4 network addresses; now let’s turn our attention to subnetting. If
you are already familiar with this topic, feel free to skip this section. For some reason this topic tends
to give networking students a great deal of trouble. So we will begin with a conceptual understanding.
Subnetting is simply chopping up a network into smaller portions. For example, if you have a network
using the IP address 192.168.1.X (X being whatever the address is for the specific computer), then you
have allocated 255 possible IP addresses. What if you want to divide that into two separate subnet-
works? Subnetting is how you do that.
More technically, the subnet mask is a 32-bit number that is assigned to each host to divide the 32-bit
binary IP address into network and node portions. You also cannot just put in any number you want.
The first value of a subnet mask must be 255; the remaining three values can be 255, 254, 252, 248,
240, 224, or 128. Your computer will take your network IP address and the subnet mask and use a
binary AND operation to combine them.
It may surprise you to know that you already have a subnet mask even if you have not been subnetting.
If you have a Class C IP address, then your network subnet mask is 255.255.255.0. If you have a Class
B IP address, then your subnet mask is 255.255.0.0. And finally, if it is Class A, your subnet mask is
255.0.0.0.
Now think about these numbers in relationship to binary numbers. The decimal value 255 converts
to 11111111 in binary. So you are literally “masking” the portion of the network address that is used
to define the network, and the remaining portion is used to define individual nodes. Now if you want
fewer than 255 nodes in your subnet, then you need something like 255.255.255.240 for your subnet.
If you convert 240 to binary, it is 11110000. That means the first three octets and the first 4 bits of the
last octet define the network. The last 4 bits of the last octet define the node. That means you could
have as many as 1111 (in binary) or 15 (in decimal) nodes on this subnetwork. This is the basic essence
of subnetting.
 The Basics of a Network 7

Subnetting only allows you to use certain, limited subnets. Another approach is CIDR, or classless
interdomain routing. Rather than define a subnet mask, you have the IP address followed by a slash and
a number. That number can be any number between 0 and 32, which results in IP addresses like these:
192.168.1.10/24 (basically a Class C IP address)
192.168.1.10/31 (much like a Class C IP address with a subnet mask)
When you use this, rather than having classes with subnets, you have variable-length subnet masking
(VLSM) that provides classless IP addresses. This is the most common way to define network IP
addresses today.
You should not be concerned that new IP addresses are likely to run out soon. The IP version 6 standard is
already available, and methods are in place already to extend the use of IPv4 addresses. The IP addresses
come in two groups: public and private. The public IP addresses are for computers connected to the Internet.
No two public IP addresses can be the same. However, a private IP address, such as one on a private
company network, has to be unique only in that network. It does not matter if other computers in the world
have the same IP address, because this computer is never connected to those other worldwide computers.
Network administrators often use private IP addresses that begin with a 10, such as 10.102.230.17.
The other private IP addresses are 172.16.0.0–172.31.255.255 and 192.168.0.0–192.168.255.255.
Also note that an ISP often will buy a pool of public IP addresses and assign them to you when you log
on. So, an ISP might own 1,000 public IP addresses and have 10,000 customers. Because all 10,000
customers will not be online at the same time, the ISP simply assigns an IP address to a customer when
he or she logs on, and the ISP un-assigns the IP address when the customer logs off.
IPv6 utilizes a 128-bit address (instead of 32) and utilizes a hex numbering method in order to avoid
long addresses such as 132.64.34.26.64.156.143.57.1.3.7.44.122.111.201.5. The hex address format
appears in the form of 3FFE:B00:800:2::C, for example. This gives you 2128 possible addresses (many
trillions of addresses), so no chance exists of running out of IP addresses in the foreseeable future.
There is no subnetting in IPv6. Instead, it only uses CIDR. The network portion is indicated by a slash
followed by the number of bits in the address that are assigned to the network portion, such as
/48
/64
There is a loopback address for IPv6, and it can be written as ::/128. Other differences between IPv4
and IPv6 are described here:

■ Link/machine-local.
■ IPv6 version of IPv4’s APIPA or Automatic Private IP Addressing. So if the machine is
configured for dynamically assigned addresses and cannot communicate with a DHCP
server, it assigns itself a generic IP address. DHCP, or Dynamic Host Configuration
Protocol, is used to dynamically assign IP addresses within a network.
Another random document with
no related content on Scribd:
She explained that the right mugwort for the purpose was a very special
kind that did not grow in Somerset, but at the gates of the cobbler in her
native village the mugwort grew fair enough. Long after this discussion had
taken place, Laura found in Aubrey’s Miscellany a passage quoted from
Pliny which told how Artemis had revealed the virtues of mugwort to the
dreaming Pericles. She hastened to tell Nannie of this. Nannie was gratified,
but she would not admit that her faith needed any buttressing. ‘Those
Greeks didn’t know everything!’ she said, and drove a needle into her red
cloth emery case, which was shaped like a strawberry and spotted over with
small yellow beads.
For nearly ten years Laura kept house for Everard and James. Nothing
happened to disturb the easy serenity of their days except the birth of first
one daughter and then another to Henry and Caroline, and this did not
disturb it much. Everard, so happy in a daughter, was prepared to be happy
in granddaughters also. When Henry apologised to him with dignity for the
accident of their sex Everard quoted to him the nursery rhyme about what
little boys and girls were made of. Henry was relieved to find his father
taking so lightly a possible failure in the Willowes male line, but he wished
the old man wouldn’t trifle so. He could not stoop to give his father the lie
over this unscientific theory of sex. He observed gloomily that daughters
could be very expensive now that so much fuss was being made about the
education of women.
Henry in his fears for the Willowes’ male line had taken it for granted
that his brother would never marry. And certainly if to lie very low about a
thing is a sign that one is not thinking about it, James had no thought of
marriage. He was nearly thirty-three when he announced with his usual
quiet abruptness that he was going to marry. The lady of his choice was a
Miss Sibyl Mauleverer. She was the daughter of a clergyman, but of a
fashionable London clergyman which no doubt accounted for her not being
in the least like any clergyman’s daughter seen by Everard and Laura
hitherto. Miss Mauleverer’s skirts were so long and so lavish that they lay
in folds upon the ground all round her when she stood still, and required to
be lifted in both hands before she could walk. Her hats were further off her
head than any hats that had yet been seen in Somerset, and she had one of
the up to date smooth Aberdeen terriers. It was indeed hard to believe that
this distinguished creature had been born and bred in a parish. But nothing
could have been more parochial than her determination to love her new
relations and to be loved in return. She called Everard Vaterlein, she taught
Laura to dance the cake-walk, she taught Mrs. Bonnet to make petits
canapés à l’Impératrice; having failed to teach Brewer how to make a rock
garden, she talked of making one herself; and though she would have liked
old oak better, she professed herself enchanted by the Willowes walnut and
mahogany. So assiduously did this pretty young person seek to please that
Laura and Everard would have been churlish had they not responded to her
blandishments. Each, indeed, secretly wondered what James could see in
any one so showy and dashing as Sibyl. But they were too discreet to admit
this, even one to the other, and contented themselves with politely
wondering what Sibyl could see in such a country sobersides as James.
Lady Place was a large house, and it seemed proper that James should
bring his wife to live there. It also seemed proper that she should take
Laura’s place as mistress of the household. The sisters-in-law disputed this
point with much civility, each insisting upon the other’s claim like two
queens curtseying in a doorway. However Sibyl was the visiting queen and
had to yield to Laura in civility, and assume the responsibilities of
housekeeping. She jingled them very lightly, and as soon as she found
herself to be with child she gave them over again to Laura, who made a
point of ordering the petite canapés whenever any one came to dinner.
Whatever small doubts and regrets Everard and Laura had nursed about
James’s wife were put away when Sibyl bore a man child. It would not have
been loyal to the heir of the Willowes to suppose that his mother was not
quite as well-bred as he. Everard did not even need to remind himself of the
Duchess of Suffolk. Titus, sprawling his fat hands over his mother’s bosom,
Titus, a disembodied cooing of contentment in the nursery overhead, would
have justified a far more questionable match than James had made.
A year later Everard, amid solemnity, lit the solitary candle of his
grandson’s first birthday upon the cake that Mrs. Bonnet had made, that
Laura had iced, that Sibyl had wreathed with flowers. The flame wavered a
little in the draught, and Everard, careful against omens, ordered the French
windows to be shut. On so glowing a September afternoon it was strange to
see the conifers nodding their heads in the wind and to hear the harsh breath
of autumn go forebodingly round the house. Laura gazed at the candle. She
understood her father’s alarm and, superstitious also, held her breath until
she saw the flame straighten itself and the first little trickle of coloured wax
flow down upon the glittering tin star that held the candle. That evening,
after dinner, there was a show of fireworks for the school children in the
garden. So many rockets were let off by Everard and James that for a while
the northern sky was laced with a thicket of bright sedge scattering a fiery
pollen. So hot and excited did Everard become in manœuvring this
splendour that he forgot the cold wind and took off his coat.
Two days after he complained of a pain in his side. The doctor looked
grave as he came out of the bed-chamber, though within it Laura had heard
him laughing with his old friend, and rallying him upon his nightcap.
Everard had inflammation of the lungs, he told her; he would send for two
nurses. They came, and their starched white aprons looked to her like
unlettered tombstones. From the beginning her soul had crouched in
apprehension, and indeed there was at no time much hope for the old man.
When he was conscious he lay very peacefully, his face turned towards the
window, watching the swallows fly restlessly from tree to tree. ‘It will be a
hard winter,’ he said to Laura. ‘They’re gathering early to go.’ And then:
‘Do you suppose they know where they’re going?’
‘I’m sure they do,’ she answered, thinking to comfort him. He regarded
her shrewdly, smiled, and shook his head. ‘Then they’re wiser than we.’
When grandfather Henry, that masterful man, removed across the border,
he was followed by a patriarchal train of manservants and maidservants,
mares, geldings, and spaniels, vans full of household stuff, and slow
country waggons loaded with nodding greenery. ‘I want to make sure of a
good eating apple,’ said he, ‘since I am going to Lady Place for life.’ Death
was another matter. The Willowes burial-ground was in Dorset, nor would
Henry lie elsewhere. Now it was Everard’s turn. The dead appeared to
welcome him without astonishment—the former Everards and Tituses,
Lauras and Emmelines; they were sure that he would come, they approved
his decision to join them.
Laura stood by the open grave, but the heap of raw earth and the planks
sprawling upon it displeased her. Her eyes strayed to the graves that were
completed. Her mind told the tale of them, for she knew them well. Four
times a year Mrs. Willowes had visited the family burying place, and as a
child Laura had counted it a solemn and delicious honour to accompany her
upon these expeditions. In summer especially, it was pleasant to sit on the
churchyard wall under the thick roof of lime trees, or to finger the
headstones, now hot, now cold, while her mother went from grave to grave
with her gauntlet gloves and her gardening basket. Afterwards they would
eat their sandwiches in a hayfield, and pay a visit to old Mrs. Dymond,
whose sons and grandsons in hereditary office clipped the grass and
trimmed the bushes of the family enclosure. As Laura grew older the active
part of these excursions fell upon her; and often of late years when she went
alone she half yielded her mind to the fancy that the dead mother whose
grave she tended was sitting a little apart in the shade, presently to rise and
come to meet her, having just recalled and delicately elaborated some odd
trait of a neighbouring great-uncle.
The bees droned in the motionless lime trees, A hot ginny churchyard
smell detached itself in a leisurely way from the evergreens when the
mourners brushed by them. The sun, but an hour or so declined, shone with
an ardent and steadfast interest upon the little group. ‘In the midst of life we
are in death,’ said Mr. Warbury, his voice sounding rather shameless taken
out of church and displayed upon the basking echoless air. ‘In the midst of
death we are in life,’ Laura thought, would be a more accurate expression of
the moment. Her small body encased in tremendous sunlight seemed to
throb with an intense vitality, impersonally responding to heat, scent, and
colour. With blind clear-sighted eyes she saw the coffin lowered into the
grave, and the earth shovelled in on top of it. She was aware of movement
around her, of a loosening texture of onlookers, of footsteps and departures.
But it did not occur to her that the time was come when she too must depart.
She stood and watched the sexton, who had set to work now in a more
business-like fashion. An arm was put through hers. A voice said: ‘Dear
Laura! we must go now,’ and Caroline led her away. Tears ran down
Caroline’s face; she seemed to be weeping because it was time to go.
Laura would have turned for one more backward look, but Caroline
prevented her. Her tears ran faster and she shook her head and sighed. They
reached the gate. It closed behind them with a contented click, for they were
the last to leave.
Opposite the churchyard were the gates of the old home. The drive was
long, straight, and formal; it had been a cart-track across a meadow when
the old home was a farm. At the end of the drive stood the grey stone house.
A purple clematis muffled the porch, and a white cat lay asleep in a bed of
nasturtiums. The blinds were drawn down in respect to the dead. Laura
looked at it. Since her earliest childhood it had been a familiar sight, a
familiar thought. But now she saw it with different eyes: a prescience of
exile came over her and, forgetting Lady Place, she looked with the
yearning of an outcast at the dwelling so long ago discarded. The house was
like an old blind nurse sitting in the sun and ruminating past events. It
seemed an act of the most horrible ingratitude to leave it all and go away
without one word of love. But the gates were shut, the time of welcome was
gone by.
For a while they stood in the road, none making a move, each waiting
for the other’s lead. A tall poplar grew on the left hand of the churchyard
gate. Its scant shadow scarcely indented the white surface of the road. A
quantity of wasps were buzzing about its trunk, and presently one of the
wasps stung Henry. This seemed to be the spur that they were all waiting
for; they turned and walked to the corner of the road where the carriages
stood that were to drive them back to the station.
Every one was sorry for Laura, for they knew how much she had loved
her father. They agreed that it was a good thing that Henry and Caroline
were taking her to London. They hoped that this change would distract her
from her grief. Meanwhile, there was a good deal to do, and that also was a
distraction. Clothes and belongings had to be sorted out, friends and family
pensioners visited, and letters of condolence answered. Beside this she had
her own personal accumulation of vagrant odds and ends to dispose of. She
had lived for twenty-eight years in a house where there was no lack of
cupboard room, and a tradition of hoarding, so the accumulation was
considerable. There were old toys, letters, stones of strange shapes or bright
colours, lesson-books, water-colour sketches of the dogs and the garden; a
bunch of dance programmes kept for the sake of their little pencils, and all
the little pencils tangled into an inextricable knot; pieces of unfinished
needlework, jeweller’s boxes, scraps cut out of the newspaper, and
unexplainable objects that could only be remembrancers of things she had
forgotten. To go over these hoards amused the surface of her mind. But with
everything thrown away she seemed to be denying the significance of her
youth.
Thus busied, she was withheld all day from her proper care. But at dusk
she would go out of the house and pace up and down the nut alley at the
foot of the garden. The cold airs that rose up from the ground spoke sadly to
her of burial, the mossy paths were hushed and humble under her tread, and
the smells of autumn condoled with her. Brewer the gardener, stamping out
the ashes of his bonfire, saw her pass to and fro, a slender figure moving
sedately between the unmoving boughs. He alone of all the household had
taken his master’s death without exclamation. Death coming to the old was
a harmless thought to him, but looking at Laura he sighed deeply, as though
he had planted her and now saw her dashed and broken by bad weather.
Ten days after Everard’s death Henry and Caroline left Lady Place,
taking Laura with them. She found the leave-taking less painful than she
had expected, and Caroline put her to bed as soon as they arrived in Apsley
Terrace, which simplified her unhappiness by making her feel like an
unhappy child.
Laura had heard the others agreeing that the move to London would
make her feel very differently. She had thought them stupid to suppose that
any outward change could alter her mood. She now found that they had
judged better than she. In Somerset she had grieved over her father’s death.
In London her grief was retracted into sudden realisations of her loss. She
had thought that sorrow would be her companion for many years, and had
planned for its entertainment. Now it visited her like sudden snow-storms, a
hastening darkness across the sky, a transient whiteness and rigour cast
upon her. She tried to recover the sentiment of renunciation which she had
worn like a veil. It was gone, and gone with it was her sense of the dignity
of bereavement.
Henry and Caroline did all they could to prevent her feeling unhappy. If
they had been overlooking some shame of hers they could not have been
more tactful, more modulatory.
The first winter passed by like a half-frozen stream. At the turn of the
year it grew extremely cold. Red cotton sandbags were laid along the
window-sashes, and Fancy and Marion skated on the Round Pond with
small astrakhan muffs. Laura did not skate, but she walked briskly along the
path with Caroline, listening to the rock and jar of the skates grinding upon
the ice and to the cries of the gulls overhead. She found London much
colder than the country, though Henry assured her that this was impossible.
She developed chilblains, and this annoyed her, for she had not had
chilblains since she was a child. Then Nannie Quantrell would send her out
in the early morning to run barefoot over the rimy lawn. There was a small
garden at Apsley Terrace, but it had been gravelled over because Henry
disliked the quality of London grass; and in any case it was not the sort of
garden in which she could run barefoot.
 She was also annoyed by the hardness of the London water. Her hands
were so thin that they were always a little red; now they were rough also. If
they could have remained idle, she would not have minded this so much.
But Caroline never sat with idle hands; she would knit, or darn, or do useful
needlework. Laura could not sit opposite her and do nothing. There was no
useful needlework for her to do, Caroline did it all, so Laura was driven to
embroidery. Each time that a strand of silk rasped against her fingers she
shuddered inwardly.
Time went fester than the embroidery did. She had actually a sensation
that she was stitching herself into a piece of embroidery with a good deal of
background. But, as Caroline said, it was not possible to feel dull when
there was so much to do. Indeed, it was surprising how much there was to
do, and for everybody in the house. Even Laura, introduced as a sort of
extra wheel, soon found herself part of the mechanism, and, interworking
with the other wheels, went round as busily as they.
When she awoke, the day was already begun. She could hear iron noises
from the kitchen, the sound of yesterday’s ashes being probed out. Then
came a smell of wood smoke—the kitchen fire had been laid anew and
kindled in the cleansed grate. This was followed by the automatic noise of
the carpet-sweeper and, breaking in upon it, the irregular knocking of the
staircase brush against the banisters. The maid who brought her morning tea
and laid the folded towel across the hot-water can had an experienced look;
when she drew back the curtains she looked out upon the day with no
curiosity. She had seen it already.
By the time the Willowes family met at breakfast all this activity had
disappeared like the tide from the smooth, garnished beach. For the rest of
the day it functioned unnoticed. Bells were answered, meals were served,
all that appeared was completion. Yet unseen and underground the
preparation and demolition of every day went on, like the inward persistent
workings of heart and entrails. Sometimes a crash, a banging door, a voice
upraised, would rend the veil of impersonality. And sometimes a sound of
running water at unusual hours and a faint steaminess in the upper parts of
the house betokened that one of the servants was having a bath.
After breakfast, and after Henry had been seen off, Caroline descended
to the kitchen and Laura read the relinquished Times. Then came shopping,
letter-writing, arranging the flowers, cleaning the canary-cage, and the girls’
walk. Such things as arranging flowers or cleaning the canary-cage were
done with a kind of precautious routine which made them seem alike
solemn and illicit. The flowers were always arranged in the ground-floor
lavatory, where there was a small sink; vases and wire frames were kept in a
cupboard, and a pair of scissors was strung to a nail. Then the completed
affair was carried carefully past the coats that hung in the lobby outside and
set down upon some established site.
Every Tuesday the books were changed at the library.
After lunch there was a spell of embroidery and more Times. If it was
fine, Caroline paid calls; if wet, she sat at home on the chance of receiving
them. On Saturday afternoons there was the girls’ dancing-class. Laura
accompanied her nieces thither, carrying their slippers in a bag. She sat
among the other parents and guardians upon a dais which shook to the
primary accents of the pianist, watching lancers and polkas and waltzes
being performed, and hearing Miss Parley say: ‘Now we will recommence.’
After the dancing was over there was a March of Grace, and when Fancy
and Marion had miscarried of their curtseys she would envelop their muslin
dresses and their red elbows in the grey ulsters, and walk them briskly
home again.
They were dull children, though their dullness did not prevent them
having a penetrating flow of conversation. Their ways and thoughts were
governed by a sort of zodiacal procession of other little girls, and when they
came down to the drawing-room after tea it seemed to Laura that they
brought the Wardours, or the Wilkinsons, or the de la Bottes with them.
Dinner was at half-past seven. It was a sensible rule of Caroline’s that at
dinner only general topics should be discussed. The difficulties of the day
(if the day had presented difficulties) were laid aside. To this rule Caroline
attributed the excellence of Henry’s digestion. Henry’s digestion was
further safe-guarded by being left to itself in the smoking-room for an hour
after dinner. If he was busy, this hour of meditation would be followed by
some law-work. If not, he would join them in the drawing-room, or go to
his club. When they were thus left by themselves Laura and Caroline went
off to bed early, for they were pleasantly fatigued by their regular days and
regular meals. Later on Laura, half asleep, would hear Henry’s return from
his club. The thud of the front door pulled to after him drove through the
silent house, and this was followed by the noise of bolts and chains. Then
the house, emptied of another day, creaked once or twice, and fell into
repose, its silence and security barred up within it like a kind of moral
family plate. The remainder of the night was left at the disposal of the
grandfather’s clock in the hall, equitably dealing out minutes and quarters
and hours.
On Sunday mornings Henry would wind the clock. First one and then the
other the quivering chains were wound up, till only the snouts of the leaden
weights were visible, drooping sullenly over the abyss of time wherein they
were to make their descent during the seven days following. After that the
family went to church, and there were wound up for the week in much the
same manner. They went to evening service too, but evening service was
less austere. The vindictive sentiments sounded less vindictive; if an
umbrella fell down with a crash the ensuing silence was less affronted; the
sermon was shorter, or seemed so, and swung more robustly into ‘And now
to God the Father.’
After evening service came cold supper. Fancy and Marion sat up for
this, and it was rather a cheerful meal, with extra trivialities such as sardines
and celery. The leaden weights had already started upon their downward
course.
Caroline was a religious woman. Resolute, orderly and unromantic, she
would have made an admirable Mother Superior. In her housekeeping and
her scrupulous account-books she expressed an almost mystical sense of the
validity of small things. But like most true mystics, she was unsympathetic
and difficult of approach. Once only did she speak her spiritual mind to
Laura. Laura was nursing her when she had influenza; Caroline wished to
put on a clean nightdress, and Laura, opening the third drawer of the large
mahogany wardrobe, had commented upon the beautiful orderliness with
which Caroline’s body linen was arranged therein. ‘We have our example,’
said Caroline. ‘The graveclothes were folded in the tomb.’
Looking into the large shadowy drawer, where nightgowns and chemises
lay folded exactly upon each other in a purity that disdained even lavender,
Laura shuddered a little at this revelation of her sister-in-law’s private
thoughts. She made no answer, and never again did Caroline open her mind
to her upon such matters.
Laura never forgot this. Caroline seemed affectionately disposed towards
her; she was full of practical good sense, her advice was excellent, and
pleasantly bestowed. Laura saw her a good wife, a fond and discreet
mother, a kind mistress, a most conscientious sister-in-law. She was also
rather gluttonous. But for none of these qualities could Laura feel at ease
with her. Compared to Caroline she knew herself to be unpractical,
unmethodical, lacking in initiative. The tasks that Caroline delegated to her
she performed eagerly and carefully, but she performed them with the
hampering consciousness that Caroline could do them better than she, and
in less time. Even in so simple a matter as holding a skein of wool for
Caroline to wind off into a ball, Caroline’s large white fingers worked so
swiftly that it was she who twitched the next length off Laura’s thumb
before Laura, watching the diminishing thread, remembered to dip her
hand. But all this—for Laura was humble and Caroline kind—could have
been overcome. It was in the things that never appeared that Laura felt her
inadequacy.
Laura was not in any way religious. She was not even religious enough
to speculate towards irreligion. She went with Caroline to early service
whenever Caroline’s inquiries suggested it, and to morning service and
evening service every Sunday; she knelt beside her and heard her pray in a
small, stilled version of the voice which she knew so well in its clear
everyday ordinances. Religion was great-great-aunt Salome’s prayer-book
which Caroline held in her gloved hands. Religion was a strand in the
Willowes’ life, and the prayer-book was the outward sign of it. But it was
also the outward sign of the puff pastry which had been praised by King
George III. Religion was something to be preserved: it was part of the
Willowes life and so was the prayer-book, preserved from generation to
generation.
Laura was bored by the church which they attended. She would have
liked, now that she was come to London, to see the world, to adventure in
churches. She was darkly, adventurously drawn to see what services were
like amongst Roman Catholics, amongst Huguenots, amongst Unitarians
and Swedenborgians, feeling about this rather as she felt about the East
End. She expressed her wish to Caroline, and Caroline, rather unexpectedly,
had been inclined to further it. But Henry banned the project. It would not
do for Laura to go elsewhere than to the family place of worship, he said.
For Henry, the family place of worship was the pew upon whose ledge
rested great-great-aunt Salome’s prayer-book. He felt this less explicitly
than the straying Laura did, for he was a man and had less time to think of
such things. But he felt it strongly.
Laura believed that she would like Caroline if she could only understand
her. She had no difficulty in understanding Henry, but for no amount of
understanding could she much like him. After some years in his house she
came to the conclusion that Caroline had been very bad for his character.
Caroline was a good woman and a good wife. She was slightly self-
righteous, and fairly rightly so, but she yielded to Henry’s judgment in
every dispute, she bowed her good sense to his will and blinkered her wider
views in obedience to his prejudices. Henry had a high opinion of her
merits, but thinking her to be so admirable and finding her to be so
acquiescent had encouraged him to have an even higher opinion of his own.
However good a wife Caroline might choose to be, she could not quite
make Henry a bad husband or a bad man—he was too much of a Willowes
for that: but she fed his vanity, and ministered to his imperiousness.
Laura also thought that the law had done a great deal to spoil Henry. It
had changed his natural sturdy stupidity into a browbeating indifference to
other people’s point of view. He seemed to consider himself briefed by his
Creator to turn into ridicule the opinions of those who disagreed with him,
and to attribute dishonesty, idiocy, or a base motive to every one who
supported a better case than he. This did not often appear in his private life,
Henry was kindly disposed to those who did not thwart him by word or
deed. His household had been well schooled by Caroline in yielding
gracefully, and she was careful not to invite guests who were not of her
husband’s way of thinking.
Most of their acquaintance were people connected with the law. Laura
grew familiar with the legal manner, but she did not grow fond of it. She
felt that these clean-shaven men with bristling eyebrows were suavely
concealing their doubts of her intelligence and her probity. Their jaws were
like so many mouse-traps, baited with commonplaces. They made her feel
shy and behave stiffly.
This was unfortunate, as Henry and Caroline had hoped that some one of
them would fall sufficiently in love with Laura to marry her. Mr. Fortescue,
Mr. Parker, Mr. Jermyn, Mr. Danby, Mr. Thrush, were in turn selected as
suitable and likely undertakers. Every decent effort was made by Henry and
Caroline, and a certain number of efforts were made by the chosen. But
Laura would make no efforts at all. Henry and Caroline had lost heart when
they invited Mr. Arbuthnot to tea on Sunday. They invited him for pity’s
sake, and but to tea at that, for he was very shy and stammered. To their
surprise they saw Laura taking special pains to be nice to him. Equally to
their surprise they saw Mr. Arbuthnot laying aside his special pains to
observe a legal manner and stammering away quite enthusiastically about
climbing Welsh mountains and gathering parsley fern. They scarcely dared
to hope, for they felt the time for hope was gone by. However, they invited
him to dinner, and did their best to be on friendly terms with him.
Mr. Arbuthnot received their advances without surprise, for he had a
very good opinion of himself. He felt that being thirty-five he owed himself
a wife, and he also felt that Laura would do very nicely. His aunt, Lady
Ross-Price, always tried to get servants from the Willowes establishment,
for Mrs. Willowes trained them so well. Mr. Arbuthnot supposed that Mrs.
Willowes would be equally good at training wives. He began to think of
Laura quite tenderly, and Caroline began to read the Stores’ catalogue quite
seriously. This was the moment when Laura, who had been behaving nicely
for years, chose to indulge her fantasy, and to wreck in five minutes the
good intentions of as many months.
She had come more and more to look on Mr. Arbuthnot as an
indulgence. His stammer had endeared him to her; it seemed, after so much
legal manner, quite sympathetic. Though nothing would have induced her to
marry him, she was very ready to talk to him, and even to talk naturally of
what came uppermost in her thoughts. Laura’s thoughts ranged over a wide
field, even now. Sometimes she said rather amusing things, and displayed
unexpected stores (General Stores) of knowledge. But her remarks were as
a rule so disconnected from the conversation that no one paid much
attention to them. Mr. Arbuthnot certainly was not prepared for her
response to his statement that February was a dangerous month. ‘It is,’
answered Laura with almost violent agreement. ‘If you are a were-wolf, and
very likely you may be, for lots of people are without knowing, February, of
all months, is the month when you are most likely to go out on a dark windy
night and worry sheep.’
Henry and Caroline glanced at each other in horror. Mr. Arbuthnot said:
‘How very interesting! But I really don’t think I am likely to do such a
thing.’ Laura made no answer. She did not think so either. But she was
amusing herself with a surprisingly vivid and terrible picture of Mr.
Arbuthnot cloaked in a shaggy hide and going with heavy devouring
swiftness upon all-fours with a lamb dangling from his mouth.
This settled it. Henry and Caroline made no more attempts to marry off
Laura. Trying to do so had been a nuisance and an expense, and Laura had
never shown the smallest appreciation of their trouble. Before long they
would have the girls to think of. Fancy was sixteen, and Marion nearly as
tall as Fancy. In two years they would have to begin again. They were glad
of a respite, and made the most of it Laura also was glad of a respite. She
bought second-hand copies of Herodotus and Johnson’s Dictionary to read
in the evenings. Caroline, still sewing on buttons, would look at her sister-
in-law’s composed profile. Laura’s hair was black as ever, but it was not so
thick. She had grown paler from living in London. Her forehead had not a
wrinkle, but two downward lines prolonged the drooping corners of her
mouth. Her face was beginning to stiffen. It had lost its power of
expressiveness, and was more and more dominated by the hook nose and
the sharp chin. When Laura was ten years older she would be nut-
crackerish.
Caroline resigned herself to spending the rest of her evenings with Laura
beside her. The perpetual company of a sister-in-law was rather more than
she had bargained for. Still, there she was, and Henry was right—they had
been the proper people to make a home for Laura when her father died, and
she was too old now to begin living by herself. It was not as if she had had
any experience of life; she had passed from one guardianship to another: it
was impossible to imagine Laura fending for herself. A kind of pity for the
unused virgin beside her spread through Caroline’s thoughts. She did not
attach an inordinate value to her wifehood and maternity; they were her
duties, rather than her glories. But for all that she felt emotionally plumper
than Laura. It was well to be loved, to be necessary to other people. But
Laura too was loved, and Laura was necessary. Caroline did not know what
the children would do without their Aunt Lolly.
Every one spoke of her as Aunt Lolly, till in the course of time she had
almost forgotten her baptismal name.
‘Say How-do to Auntie Laura,’ said Caroline to Fancy. This was long
ago in the re-furbished nursery at Lady Place where Laura knelt timidly
before her first niece, while the London nurse bustled round them
unpacking soft hairbrushes and pots of cold cream, and hanging linen to air
upon the tall nursery fender.
‘How-do, Auntie Lolly,’ said Fancy, graciously thrusting forward a fur
monkey.
‘She’s taken to you at once, Laura,’ said Caroline. ‘I was afraid this
journey would upset her, but she’s borne it better than any of us.’
‘Journeys are nothing to them at that age, ma’am,’ said the nurse. ‘Now
suppose you tell your new auntie what you call Monkey.’
‘Auntie Lolly, Auntie Lolly,’ repeated Fancy, rhythmically banging the
monkey against the table-leg.
The name hit upon by Fancy was accepted by Marion and Titus; before
long their parents made use of it also. Everard never spoke of his daughter
but as Laura, even when he spoke of her to his grandchildren. He was too
old to change his ways, and he had, in any case, a prejudice against
nicknames and abbreviations. But when Laura went to London she left
Laura behind, and entered into a state of Aunt Lolly. She had quitted so
much of herself in quitting Somerset that it seemed natural to relinquish her
name also. Divested of her easily-worn honours as mistress of the
household, shorn of her long meandering country days, sleeping in a smart
brass bedstead instead of her old and rather pompous four-poster, wearing
unaccustomed clothes and performing unaccustomed duties, she seemed to
herself to have become a different person. Or rather, she had become two
persons, each different. One was Aunt Lolly, a middle-aging lady, light-
footed upon stairs, and indispensable for Christmas Eve and birthday
preparations. The other was Miss Willowes, ‘my sister-in-law Miss
Willowes,’ whom Caroline would introduce, and abandon to a feeling of
being neither light-footed nor indispensable. But Laura was put away.
When Henry asked her to witness some document for him her Laura
Erminia Willowes seemed as much a thing out of common speech as the
Spinster that followed it. She would look, and be surprised that such a
dignified name should belong to her.
Twice a year, in spring and in summer, the Willowes family went into
the country for a holiday. For the first three years of Laura’s London life
they went as a matter of course to Lady Place. There once more arose the
problem of how two children of one sex can play nicely with a much
younger child of the other. Fancy and Marion played at tea-parties under the
weeping ash, and Titus was the butler with a tin tray. Titus would presently
run off and play by himself at soldiers, beating martial tattoos upon the tray.
But now there was no danger of the youngest member of the party falling
into the pond, for Aunt Lolly was always on guard.
Laura enjoyed the visits to Lady Place, but her enjoyment did not go
very deep. The knowledge that she was now a visitor where she had
formerly been at home seemed to place a clear sheet of glass between her
and her surroundings. She felt none of the grudge of the dispossessed; she
scarcely gave a thought to the old days. It was as if in the agony of leaving
Lady Place after her father’s death she had said good-bye so irremediably
that she could never really come there again.
But the visits to Lady Place came to a sad end, for in 1905 James died
suddenly of heartfailure. Sibyl decided that she could not go on living alone
in the country. A manager was found for the brewery, Lady Place was let
unfurnished upon a long lease, and Sibyl and the four-years-old heir of the
Willowes name and traditions moved to a small house in Hampstead. Sibyl
had proposed to sell some of the furniture, for there was a great deal more
of it than she needed, and most of it was too large to fit into her new
dwelling. This project was opposed by Henry, and with considerable heat.
The family establishment must, he admitted, be broken up, but he would
allow no part of it to be alienated. All the furniture that could not be found
room for at Hampstead or at Apsley Terrace must be stored till Titus should
be of an age to resume the tenure of Lady Place.
To Laura it seemed as though some familiar murmuring brook had
suddenly gone underground. There it flowed, silenced and obscured, until
the moment when it should reappear and murmur again between green
banks. She thought of Titus as a grown man and herself as an old woman
meeting among the familiar belongings. She believed that when she was old
the ghost-like feeling that distressed her would matter less. She hoped that
she might not die before that day, if it were only that she would remember
so well, as Titus could not, how the furniture stood in the rooms and the
pictures hung on the walls.
But by then, she said to herself, Titus would have a wife with tastes of
her own. Sibyl would have liked to alter several things, but tradition had
been too strong for her. It would be a very different matter in twenty years’
time. The chairs and tables and cabinets would come out blinking and
forgetful from their long storage in darkness. They would have lost the
individuality by which they had made certain corners so surely their own.
The Lady Place she had known was over. She could remember it if she
pleased; but she must not think of it.
Meanwhile Emma’s harp trailed its strings in her bedroom. Ratafee was
removed to Hampstead. Titus had insisted upon this.
She wondered if Henry felt as she did. He had shown a great deal of
Willowes spirit over the furniture, but otherwise he had not expressed
himself. In person Henry, so it was said, resembled his grandfather who had
made the move from Dorset to Somerset—the sacrilegious move which the
home-loving of the Willoweses had so soon sanctified that in the third
generation she was feeling like this about Lady Place. Henry seemed to
resemble his grandfather in spirit also. He could house all the family
traditions in his practical mind, and for the rest talk about bricks and mortar.
He concerned himself with the terms of Sibyl’s lease, the agreement with
the manager of the brewery, and the question of finding a satisfactory place
to carry his family to for the holidays.
After some experiments they settled down to a routine that with a few
modifications for the sake of variety or convenience served them for the
next fifteen years. In spring they went to some moderately popular health
resort and stayed in a hotel, for it was found that the uncertainty of an
English spring, let alone the uncertainty of a Christian Easter, made
lodgings unsatisfactory at that time of year. In summer they went into
lodgings, or took a furnished house in some seaside village without any
attractions. They did this, not to be economical—there was no need for
economy—but because they found rather plain dull holidays the most
refreshing Henry was content with a little unsophisticated golf and float-
fishing. The children bathed and played on the beach and went on bicycling
expeditions; and Caroline and Laura watched the children bathe and play,
and replenished their stock of underclothes, and rested from the strain of
London housekeeping. Sometimes Caroline did a little reading. Sometimes
Sibyl and Titus stayed with them, or Titus stayed with them alone while his
mother paid visits.
Laura looked forward with pleasure to the summer holidays (the Easter
holidays she never cared about, as she had a particular dislike for palms);
but after the first shock of arrival and smelling the sea, the days seemed to
dribble out very much like the days in London. When the end came, and she
looked back from the wagonette over the past weeks, she found that after all
she had done few of the things she intended to do. She would have liked to
go by herself for long walks inland and find strange herbs, but she was too
useful to be allowed to stray. She had once formed an indistinct project of
observing limpets. But for all her observations she discovered little save
that if you sit very still for a long time the limpet will begin to move
sideways, and that it is almost impossible to sit very still for a long time and
keep your attention fixed upon such a small object as a limpet without
feeling slightly hypnotised and slightly sick. On the lowest count she
seldom contrived to read all the books or to finish all the needlework which
she had taken with her. And the freckles on her nose mocked her with the
receptivity of her skin compared to the dullness of her senses.
They were submerged in the usual quiet summer holidays when the war
broke out. The parish magazine said: ‘The vicar had scarcely left East
Bingham when war was declared.’ The vicar was made of stouter stuff than
they. He continued his holiday, but the Willoweses went back to London.
Laura had never seen London in August before. It had an arrested look, as
though the war were a kind of premature autumn. She was extraordinarily
moved; as they drove across the river from Waterloo she wanted to cry.
That same evening Fancy went upstairs and scrubbed the boxroom floor for
the sake of practice. She upset the bucket, and large damp patches appeared
on the ceiling of Laura’s room.
For a month Fancy behaved like a cat whose kittens have been drowned.
If her family had not been so taken up with the war they would have been
alarmed at this change in her demeanour. As it was, they scarcely noticed it.
When she came in very late for lunch and said: ‘I am going to marry Kit
Bendigo on Saturday,’ Henry said, ‘Very well, my dear. It’s your day, not
mine,’ and ordered champagne to be brought up. For a moment Laura
thought she heard her father speaking. She knew that Henry disapproved of
Kit Bendigo as a husband for Fancy: Willoweses did not mate with
Bendigos. But now he was more than resigned—he was ready. And he
swallowed the gnat as unswervingly as the camel, which, if Laura had
wanted to be ill-natured just then, would have surprised her as being the
greater feat. Willoweses do not marry at five days’ notice. But Fancy was
married on Saturday, and her parents discovered that a hasty wedding can
cost quite as much as a formal one. In the mood that they were in this
afforded them some slight satisfaction.
Kit Bendigo was killed in December 1916. Fancy received the news
calmly; two years’ war-work and a daughter thrown in had steadied her
nerves. Kit was a dear, of course, poor old Kit. But there was a war on, and
people get killed in wars. If it came to that, she was working in a high-
explosive shed herself. Caroline could not understand her eldest daughter.
She was baffled and annoyed by the turn her own good sense inherited had
taken. The married nun looked at the widowed amazon and refused battle.
At least Fancy might stay in her very expensive flat and be a mother to her
baby. But Fancy drew on a pair of heavy gauntlet gloves and went to France
to drive motor lorries. Caroline dared not say a word.
The war had no such excitements for Laura. Four times a week she went
to a depot and did up parcels. She did them up so well that no one thought
of offering her a change of work. The parcel-room was cold and
encumbered, early in the war some one had decorated the walls with
recruiting posters. By degrees these faded. The ruddy young man and his
Spartan mother grew pale, as if with fear, and Britannia’s scarlet cloak
trailing on the waters bleached to a cocoa-ish pink. Laura watched them
discolour with a muffled heart. She would not allow herself the cheap
symbolism they provoked. Time will bleach the scarlet from young men’s
cheeks, and from Britannia’s mantle. But blood was scarlet as ever, and she
believed that, however despairing her disapproval, that blood was being
shed for her.
She continued to do up parcels until the eleventh day of November 1918.
Then, when she heard the noise of cheering and the sounding of hooters,
she left her work and went home. The house was empty. Every one had
gone out to rejoice. She went up to her room and sat down on the bed. She
felt cold and sick, she trembled from head to foot as once she had done after
witnessing a dog fight. All the hooters were sounding, they seemed to
domineer over the noises of rejoicing with sarcastic emphasis. She got up
and walked about the room. On the mantelpiece was a photograph of Titus.
‘Well,’ she said to it, ‘you’ve escaped killing, anyhow.’ Her voice sounded
harsh and unreal, she thought the walls of her room were shaking at the
concussion, like stage walls. She lay down upon her bed, and presently
fainted.
 When she came to herself again she had been discovered by Caroline
and put to bed with influenza. She was grateful for this, and for the
darkened room and the cool clinking tumblers. She was even grateful for
the bad dreams which visited her every night and sent up her temperature.
By their aid she was enabled to stay in bed for a fortnight, a thing she had
not done since she came to London.
When she went downstairs again she found Henry and Caroline talking
of better days to come. The house was unaltered, yet it had a general air of
refurbishment. She also, after her fortnight in bed, felt somehow
refurbished, and was soon drawn into the talk of better days. There was
nothing immoderate in the family display of satisfaction. Henry still found
frowning matter in the Times, and Caroline did not relinquish a single
economy. But the satisfaction was there, a demure Willowes-like
satisfaction in the family tree that had endured the gale with an unflinching
green heart. Laura saw nothing in this to quarrel with. She was rather proud
of the Willowes war record; she admired the stolid decorum which had
mastered four years of disintegration, and was stolid and decorous still. A
lady had inquired of Henry: ‘What do you do in air-raids? Do you go down
to the cellar or up to the roof?’ ‘We do neither,’ Henry had replied. ‘We stay
where we are.’ A thrill had passed through Laura when she heard this
statement of the Willowes mind. But afterwards she questioned the validity
of the thrill. Was it nothing more than the response of her emotions to other
old and honourable symbols such as the trooping of the colours and the
fifteenth chapter of Corinthians, symbols too old and too honourable to
have called out her thoughts? She saw how admirable it was for Henry and
Caroline to have stayed where they were. But she was conscious, more
conscious than they were, that the younger members of the family had
somehow moved into new positions. And she herself, had she not slightly
strained against her moorings, fast and far sunk as they were? But now the
buffeting waves withdrew, and she began to settle back into her place, and
to see all around her once more the familiar undisturbed shadows of
familiar things. Outwardly there was no difference between her and Henry
and Caroline in their resumption of peace. But they, she thought, had done
with the war, whereas she had only shelved it, and that by an accident of
consciousness.
When the better days to come came, they proved to be modelled as
closely as possible upon the days that were past. It was astonishing what
little difference differences had made. When they went back to East
Bingham—for owing to its military importance, East Bingham had been
unsuited for holidays—there were at first a good many traces of war lying
about, such as sandbags and barbed-wire entanglements. But on the
following summer the sandbags had rotted and burst and the barbed-wire
had been absorbed into the farmer’s fences. So, Laura thought, such warlike
phenomena as Mr. Wolf-Saunders, Fancy’s second husband, and Jemima
and Rosalind, Fancy’s two daughters, might well disappear off the family
landscape. Mr. Wolf-Saunders recumbent on the beach was indeed much
like a sandbag, and no more arresting to the eye. Jemima and Rosalind were
more obtrusive. Here was a new generation to call her Aunt Lolly and find
her as indispensable as did the last.
‘It is quite like old times,’ said Caroline, who sat working beside her.
‘Isn’t it, Lolly?’
‘Except for these anachronisms,’ said Laura.
Caroline removed the seaweed which Jemima had stuffed into her work-
bag. ‘Bless them!’ she said absently. ‘We shall soon be back in town again.’