(eBook PDF) Computer Security Fundamentals 4th

Edition download

https://ebookluna.com/product/ebook-pdf-computer-security-
fundamentals-4th-edition/

Download more ebook from https://ebookluna.com

 We believe these products will be a great fit for you. Click
the link to download now, or visit ebookluna.com
to discover even more!

Computer Security: Principles and Practice 4th Edition (eBook PDF)

https://ebookluna.com/product/computer-security-principles-and-
practice-4th-edition-ebook-pdf/

(eBook PDF) Computer Security Principles and Practice 4th Edition

https://ebookluna.com/product/ebook-pdf-computer-security-principles-and-
practice-4th-edition/

(eBook PDF) Corporate Computer Security 4th Edition by Randall J. Boyle

https://ebookluna.com/product/ebook-pdf-corporate-computer-security-4th-
edition-by-randall-j-boyle/

Computer and Information Security Handbook - eBook PDF

https://ebookluna.com/download/computer-and-information-security-handbook-
ebook-pdf/
Principles of Computer Security Fourth Edition - eBook PDF

https://ebookluna.com/download/principles-of-computer-security-ebook-pdf/

(eBook PDF) Computer Security Principles Practice 3rd Global Edition

https://ebookluna.com/product/ebook-pdf-computer-security-principles-
practice-3rd-global-edition/

(eBook PDF) Computer Security and Penetration Testing 2nd Edition

https://ebookluna.com/product/ebook-pdf-computer-security-and-penetration-
testing-2nd-edition/

(eBook PDF) CompTIA Security+ Guide to Network Security Fundamentals 6th

Edition

https://ebookluna.com/product/ebook-pdf-comptia-security-guide-to-network-
security-fundamentals-6th-edition/

Principles of Computer Security: CompTIA Security+ and Beyond (Exam

SY0-601), 6th Edition Greg White - eBook PDF

https://ebookluna.com/download/principles-of-computer-security-comptia-
security-and-beyond-exam-sy0-601-6th-edition-ebook-pdf/
more are all stored in computer databases. Personal information is often called
Personal Identifiable Information (PII) and health related data is usually termed
Personal Health Information (PHI). This leads to some very important questions:

How is information safeguarded?

What are the vulnerabilities to these systems?

What steps are taken to ensure that these systems and data are safe?

Who can access my information?

FYI: Where Is the Internet Going?

Obviously, the Internet has expanded, as previously mentioned. We now

have smart phones, smart watches, even smart cars. We have the Internet
of things (IoT) which involves devices communicating on the Internet. What
do you think the next 10 years will bring? Smart homes and medical devices,
including implantable medical devices, are the current trends.

Unfortunately, not only has technology and Internet access expanded since the original
publication of this book, but so have the dangers. How serious is the problem?
1
According to a 2018 article from the Center for Strategic and International Studies,
Cybercrime has reached over 600 billion a year in damages and is likely to exceed 1
trillion per year soon. Cybercrime is now an economic and strategic problem that even
affects national security.

1 . https://www.csis.org/analysis/economic­impact­cybercrime

2
Forbes magazine reported there were 2,216 data breaches and over 53,000 incidents
in the 12 months ending March 2018. The specific number may vary from one study to
the next, but the primary point remains the same. Cybercrime is increasing. Part of this
is due to there being more connected devices every year. Every connected device is yet
another potential target. There is also easy access to cyber crime tools and weapons on
the internet. All of these factors increase the opportunity for cybercrime.

2 . https://www.forbes.com/sites/gilpress/2018/12/03/60­cybersecurity­predictions­
for­2019/#4b352a144352

In spite of daily horror stories, however, many people (including some law enforcement
professionals and trained computer professionals) lack an adequate understanding
about the reality of these threats. Clearly the media will focus attention on the most
dramatic computer security breaches, not necessarily giving an accurate picture of the
most plausible threat scenarios. It is not uncommon to encounter the occasional system
administrator whose knowledge of computer security is inadequate.

This chapter outlines current dangers, describes the most common types of attacks on
your personal computer and network, teaches you how to speak the lingo of both
hackers and security professionals, and outlines the broad strokes of what it takes to
secure your computer and your network.

In this book, you will learn how to secure both individual computers and entire
networks. You will also find out how to secure data transmission, and you will complete
an exercise to find out about your region’s laws regarding computer security. Perhaps
the most crucial discussion in this chapter is what attacks are commonly attempted and
how they are perpetrated. In this first chapter we set the stage for the rest of the book
by outlining what exactly the dangers are and introducing you to the terminology used
by both network security professionals and hackers. All of these topics are explored
more fully in subsequent chapters.

HOW SERIOUSLY SHOULD YOU TAKE THREATS TO

NETWORK SECURITY?
The first step in understanding computer and network security is to formulate a
realistic assessment of the threats to those systems. You will need a clear picture of the
dangers in order to adequately prepare a defense. There seem to be two extreme
attitudes regarding computer security. The first group assumes there is no real threat.
Subscribers to this belief feel that there is little real danger to computer systems and
that much of the negative news is simply unwarranted panic. They often believe taking
only minimal security precautions should ensure the safety of their systems. The
prevailing sentiment is, if our organization has not been attacked so far, we must be
secure. If decision makers subscribe to this point of view, they tend to push a reactive
approach to security. They will wait to address security issues until an incident occurs—
the proverbial “closing the barn door after the horse has already gotten out.” If you are
fortunate, the incident will have only minor impact on your organization and will serve
as a much­needed wakeup call. If you are unfortunate, then your organization may face
serious and possible catastrophic consequences. One major goal of this book is to
encourage a proactive approach to security.

People who subscribe to the opposite viewpoint overestimate the dangers. They tend to
assume that talented, numerous hackers are an imminent threat to their system. They
may believe that any teenager with a laptop can traverse highly secure systems at will.
Such a worldview makes excellent movie plots, but it is simply unrealistic. The reality is
that many people who call themselves hackers are less knowledgeable than they think
they are. These people have a low probability of being able to compromise any system
that has implemented even moderate security precautions.

This does not mean that skillful hackers do not exist, of course. However, they must
balance the costs (financial, time) against the rewards (ideological, monetary). “Good”
hackers tend to target systems that yield the highest rewards. If a hacker doesn’t
perceive your system as beneficial to these goals, he is less likely to expend the
resources to compromise your system. It is also important to understand that real
intrusions into a network take time and effort. Hacking is not the dramatic process you
see in movies. I often teach courses in hacking and penetration testing, and students
are usually surprised to find that the process is actually a bit tedious and requires
patience.

Both extremes of attitudes regarding the dangers to computer systems are inaccurate. It
is certainly true that there are people who have the understanding of computer systems
and the skills to compromise the security of many, if not most, systems. A number of
people who call themselves hackers, though, are not as skilled as they claim to be. They
have ascertained a few buzzwords from the Internet and may be convinced of their own
digital supremacy, but they are not able to affect any real compromises to even a
moderately secure system.

The truly talented hacker is no more common than the truly talented concert pianist.
Consider how many people take piano lessons at some point in their lives. Now
consider how many of those ever truly become virtuosos. The same is true of computer
hackers. There are many people with mediocre skills, but truly skilled hackers are not
terribly common. Keep in mind that even those who do possess the requisite skills need
to be motivated to expend the time and effort to compromise your system.

A better way to assess the threat level to your system is to weigh the attractiveness of
your system to potential intruders against the security measures in place. This is the
essence of threat analysis. You examine your risks, vulnerabilities, and threats in order
to decide where to put the most effort in cybersecurity.
Keep in mind, too, that the greatest external threat to any system is not hackers, but
malware and denial of service (DoS) attacks. Malware includes viruses, worms, Trojan
horses, and logic bombs. And beyond the external attacks, there is the issue of internal
problems due to malfeasance or simple ignorance.

Security audits always begin with a risk assessment, and that is what we are describing
here. First you need to identify your assets. Clearly, the actual computers, routers,
switches and other devices that make up your network are assets. But it is more likely
that your most important assets lie in the information on your network. Identifying
assets begins with evaluating the information your network stores and its value. Does
your network contain personal information for bank accounts? Perhaps medical
information, health care records? In other cases, your network might contain
intellectual property, trade secrets, or even classified military data.

Once you have identified the assets, you need to take inventory of the threats to your
assets. Certainly, any threat is possible, but some are more likely than others. This is
very much like what one does when selecting home insurance. If you live in a flood
plain, then flood insurance is critical. If you live at a high altitude in a desert, it may be
less critical. We do the same thing with our data. If you are working for a defense
contractor, then foreign state­sponsored hackers are a significant threat. However, if
you are the network administrator for a school district, then your greatest threat
involves juveniles attempting to breach the network. It is always important to realize
what the threats are for your network.

Now that you have identified your assets and inventoried the threats, you need to find
out what vulnerabilities your system has. Every system has vulnerabilities. Identifying
your network’s specific vulnerabilities is a major part of risk assessment.

The knowledge of your assets, threats, and vulnerabilities will give you the information
needed to decide what security measures are appropriate for your network. You will
always have budget constraints, so you will need to make wise decisions on selecting
security controls. Using good risk assessment is how you make wise security decisions.

Note

There are a number of industry certifications that emphasize risk

assessment. The Certified Information System’s Security Professional
(CISSP) puts significant emphasis on this issue. The Certified Information
Systems Auditor (CISA) places even more focus on risk assessment. One or
more appropriate industry certifications can enhance your skillset and make
 you more marketable as a security professional. There are many other
certifications including the CompTIA Certified Advanced Security Practitioner
(CASP) and Security+ certifications.

There are methods and formulas for quantifying risk. A few simple formulas are
provided here:

Single Loss Expectancy (SLE) = the asset value (AV) multiplied by the exposure factor
(EV).

What this formula means is that in order to calculate the loss from a single incident,
you start with the asset value, and multiple that times what percentage of that asset is
exposed. Let us assume you have a laptop that was purchased for $1000. It has
depreciated by 20%, meaning there is 80% of its value left. If that laptop is lost or
stolen the AV (1000) * EV (.8) = 800 (SLE). Now this is rather oversimplified and does
not account for the value of the data. But it does illustrate the point of the formula. Now
to go forward and calculate the loss per year you use the following formula:

Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) multiplied by the
Annual Rate of Occurrence (ARO).

Using the previous SLE of 800 dollars, if you would expect to lose 3 laptops per year,
then the ARO = $800 * 3 or $2400.

Obviously, these formulas have some subjectiveness to them. For example, ARO is
usually estimated from industry trends and past incidents. But they can help you to
understand the risk you have. This will help to guide you in how much resources to
allocate addressing the risk.

Once you have identified a risk, you really only have four choices:

■ Acceptance: Means you find the impact of the risk to be less than the cost of
addressing it, or the probability is so remote that you do nothing. This is not the most
common approach but is appropriate in some scenarios.

■ Avoidance: Means there is zero chance of the risk occurring. If you are concerned
about a virus being introduced to your network via USB and you shut down all USB
ports, you have avoided the risk.

■ Transference: Involves transferring responsibility for the damages should the risk
be realized. This is commonly done via cyber threat insurance.

■ Mitigation: This is the most common approach. This means you take steps to either
lower the likelihood of the event occurring, or the impact. For example, if you are
concerned about computer viruses, you might mitigate that via anti­virus software and
policies about attachments and links

This is basic risk assessment. Before spending resources of your organization to address
a threat, you must do basic threat assessment. How likely is the threat to be realized? If
it is realized, how much damage would it cause you. For example, I personally don’t
employ any security on my website. Yes, someone could hack it, however the impact
would be negligible. There is no data on that website at all. Now database back end, no
files, no logins, etc. The only information on the website is information I freely give to
anyone, without even recording who gets the information. Thus, for that website, the
impact of a breach is only negligible, thus making the resources necessary to security
unacceptable. On the other extreme are major e­commerce sites. These sites invest a
great deal of resources in security. A breach of their website would immediately cost
significant money and would damage their reputation long term.

IDENTIFYING TYPES OF THREATS

As was discussed in the last section, identifying your threats is a key part of risk
assessment. Some threats are common to all networks; others are more likely with
specific types of networks. Various sources have divided threats into different
categories based on specific criteria. In this section we will examine threats that have
been divided into categories based on the nature of the attack. Since the last edition of
this book I have separated out one of the security breach subcategories into its own
category: insider threats. Most attacks can be categorized as one of seven broad classes:

■ Malware: This is a generic term for software that has a malicious purpose. It
includes virus attacks, worms, adware, Trojan horses, and spyware. This is the most
prevalent danger to your system. One reason the more generic term ‘malware’ is now
widely used is because many times a piece of malware does not fit neatly into one of
these categories.

■ Security breaches: This group of attacks includes any attempt to gain

unauthorized access to your system. This includes cracking passwords, elevating
privileges, breaking into a serverƒall the things you probably associate with the term
hacking.
■ DoS attacks: These are designed to prevent legitimate access to your system. And,
as you will see in later chapters, this includes distributed denial of service (DDoS).

■ Web attacks: This is any attack that attempts to breach your website. Two of the
most common such attacks are SQL injection and cross­site scripting.

■ Session hijacking: These attacks are rather advanced and involve an attacker
attempting to take over a session.

■ Insider threats: These are breaches based on someone who has access to your
network misusing his access to steal data or compromise security.

■ DNS poisoning: This type of attack seeks to compromise a DNS server so that users
can be redirected to malicious websites, including phishing websites.

There are other attacks, such as social engineering. The forgoing list is just an attempt
to provide a broad categorization of attack types. This section offers a broad description
of each type of attack. Later chapters go into greater detail with each specific attack,
how it is accomplished, and how to avoid it.

Malware
Malware is a generic term for software that has a malicious purpose. This section
discusses four types of malware: viruses, Trojan horses, spyware, and logic bombs.
Trojan horses and viruses are the most widely encountered. One could also include
rootkits, but these usually spread as viruses and are regarded as simply a specific type
of virus.

According to Malware bytes:

Malware, or “malicious software,” is an umbrella term that describes any malicious

program or code that is harmful to systems. Hostile, intrusive, and intentionally nasty,
malware seeks to invade, damage, or disable computers, computer systems, networks,
tablets, and mobile devices, often by taking partial control over a device’s operations.
Like the human flu, it interferes with normal functioning.”

We still think primarily of the computer virus when we think of malware.

The key characteristic of a computer virus is that it self­replicates. A computer virus is

similar to a biological virus; both are designed to replicate and spread. The most
common method for spreading a virus is using the victim’s email account to spread the
virus to everyone in his address book. Some viruses don’t actually harm the system
itself, but almost of them cause network slowdowns due to the heavy network traffic
caused by the virus replication.

The Trojan horse gets its name from an ancient tale. The city of Troy was besieged for
an extended period of time. The attackers could not gain entrance, so they constructed
a huge wooden horse and one night left it in front of the gates of Troy. The next
morning the residents of Troy saw the horse and assumed it to be a gift, so they rolled
the wooden horse into the city. Unbeknownst to them, several soldiers where hidden
inside the horse. That evening the soldiers left the horse, opened the city gates, and let
their fellow attackers into the city. An electronic Trojan horse works the same way,
appearing to be benign software but secretly downloading a virus or some other type of
malware onto your computer from within.

Another category of malware currently on the rise is spyware. Spyware is simply

software that literally spies on what you do on your computer. Spyware can be as
simple as a cookie—a text file that your browser creates and stores on your hard drive—
that a website you have visited downloads to your machine and uses to recognize you
when you return to the site. However, that flat file can then be read by the website or by
other websites. Any data that the file saves can be retrieved by any website, so your
entire Internet browsing history can be tracked. Spyware may also consist of software
that takes periodic screenshots of the activity on your computer and sends those to the
attacker.

Another form of spyware, called a key logger, records all of your keystrokes. Some key
loggers also take periodic screenshots of your computer. Data is then either stored for
later retrieval by the person who installed the key logger or is sent immediately back via
email. We will discuss specific types of key loggers later in this book.

A logic bomb is software that lays dormant until some specific condition is met. That
condition is usually a date and time. When the condition is met, the software does some
malicious act such as delete files, alter system configuration, or perhaps release a virus.
In Chapter 5, “Malware,” we will examine logic bombs and other types of malware in
detail.

Compromising System Security

Next we will look at attacks that breach your system’s security. This activity is what is
commonly referred to as hacking, though that is not the term hackers themselves use.
We will delve into appropriate terminology in just a few pages; however, it should be
noted at this point that cracking is the appropriate word for intruding into a system
without permission, usually with malevolent intent. Any attack that is designed to
breach your security, either via some operating system flaw or any other means, can be
classified as cracking.

Essentially any technique to bypass security, crack passwords, breach Wi­Fi, or in any
way actually gain access to the target network fits into this category. That makes this a
very broad category indeed.

However, not all breaches involve technical exploits. In fact, some of the most
successful breaches are entirely nontechnical. Social engineering is a technique for
breaching a system’s security by exploiting human nature rather than technology. This
was the path that the famous hacker Kevin Mitnick most often used. Social engineering
uses standard con techniques to get users to give up the information needed to gain
access to a target system. The way this method works is rather simple: The perpetrator
gets preliminary information about a target organization and leverages it to obtain
additional information from the system’s users.

Following is an example of social engineering in action. Armed with the name of a

system administrator, you might call someone in the business’s accounting department
and claim to be one of the company’s technical support personnel. Mentioning the
system administrator’s name would help validate that claim, allowing you to ask
questions in an attempt to ascertain more details about the system’s specifications. A
savvy intruder might even get the accounting person to say a username and password.
As you can see, this method is based on how well the prospective intruder can
manipulate people and actually has little to do with computer skills.

The growing popularity of wireless networks gave rise to new kinds of attacks. One such
activity is war­driving. This type of attack is an offshoot of war­dialing. With war­
dialing, a hacker sets up a computer to call phone numbers in sequence until another
computer answers to try to gain entry to its system. War­driving is much the same
concept, applied to locating vulnerable wireless networks. In this scenario, the hacker
simply drives around trying to locate wireless networks. Many people forget that their
wireless network signal often extends as much as 100 feet (thus, past walls). At the
2004 DefCon convention for hackers, there was a war­driving contest where
contestants drove around the city trying to locate as many vulnerable wireless networks
as they could (BlackBeetle, 2004). These sorts of contests are now common at various
hacking conventions.

Recent technological innovations have introduced new variations of war

driving/dialing. Now we have war flying. The attacker uses a small private drone
equipped with Wi­Fi sniffing and cracking software, flies the drone in the area of
interest, and attempts to gain access to wireless networks.

Of course, Wi­Fi hacking is only one sort of breach. Password cracking tools are now
commonly available on the Internet. We will examine some of these later in this book.
There are also exploits of software vulnerabilities that allow one to gain access to the
target computer.

DoS Attacks
In a DoS, the attacker does not actually access the system. Rather, this person simply
blocks access from legitimate users. One common way to prevent legitimate service is to
flood the targeted system with so many false connection requests that the system
cannot respond to legitimate requests. DoS is a very common attack because it is so
easy.

In recent years there has been a proliferation of DoS tools available on the Internet.
One of the most common such tools is the Low Orbit Ion Cannon (LOIC). Because these
tools can be downloaded for free from the Internet, anyone can execute a DoS attack,
even without technical skill.

We also have variations, such as the DDoS attack. This uses multiple machines to attack
the target. Given that many modern websites are hosted in network clusters or even in
clouds, it is very difficult for a single attacking machine to generate enough traffic to
take down a web server. But a network of hundreds or even thousands of computers
certainly can. We will explore DoS and DDoS attacks in more detail in Chapter 4,
“Denial of Service Attacks.”

Web Attacks
By their nature, web servers have to allow communications. Oftentimes, websites allow
users to interact with the website. Any part of a website that allows for user interaction
is also a potential point for attempting a web­based attack. SQL injections involve
entering SQL (Structured Query Language) commands into login forms (username and
password text fields) in an attempt to trick the server into executing those commands.
The most common purpose is to force the server to log the attacker on, even though the
attacker does not have a legitimate username and password. While SQL injection is just
one type of web attack, it is the most common.

SQL Injection
SQL Injection
SQL injection is still quite common, though it has been known for many years.
Unfortunately, not enough web developers take the appropriate steps to remediate the
vulnerabilities that make this attack possible. Given the prevalence of this attack, it
warrants a bit more detailed description.

Consider one of the simplest forms of SQL injection, used to bypass login screens. The
website was developed in some web programming language, such as PHP or ASP.NET.
The database is most likely a basic relational database such as Oracle, SQL Server,
MySQL, or PostGres. SQL is used to communicate with the database, so we need to put
SQL statements into the web page that was written into some programming language.
That will allow us to query the database and see if the username and password are
valid.

SQL is relatively easy to understand; in fact, it looks a lot like English. There are
commands like SELECT to get data, INSERT to put data in, and UPDATE to change data.
In order to log in to a website, the web page has to query a database table to see if that
username and password are correct. The general structure of SQL is like this:

select column1, column2 from tablename

or

select * from tablename;

Conditions:
select columns from tablename where condition;

For example:

SELECT * FROM tblUsers WHERE USERNAME = 'jsmith'

This statement retrieves all the columns or fields from a table named tblUsers where
the username is jsmith.

The problem arises when we try to put SQL statements into our web page. Recall that
the web page was written in some web language such as PHP or ASP.net. If you just
place SQL statements directly in the web page code, an error will be generated. The
SQL statements in the programming code for the website have to use quotation marks
to separate the SQL code from the programming code. A typical SQL statement might
look something like this:

"SELECT * FROM tblUsers WHERE USERNAME = '" + txtUsername.Text +'

AND PASSWORD = '" + txtPassword.Text +"'" .

If you enter username 'jdoe' and the password 'password', this code produces this
SQL command:

SELECT * FROM tblUsers WHERE USERNAME = 'jdoe' AND PASSWORD =

'password'

This is fairly easy to understand even for nonprogrammers. And it is effective. If there
is a match in the database, that means the username and password match. If no records
are returned from the database, that means there was no match, and this is not a valid
login.

The most basic form of SQL injection seeks to subvert this process. The idea is to create
a statement that will always be true. For example, instead of putting an actual
username and password into the appropriate text fields, the attacker will enter ' or '1'
= '1 into the username and password boxes. This will cause the program to create this
query:

SELECT * FROM tblUsers WHERE USERNAME = '' or '1' = '1' AND

PASSWORD = '' or '1' = '1'.

So you are telling the database and application to return all records where username
and password are blank or if 1 = 1. It is highly unlikely that the username and password
are blank. But I am certain that 1 =1 always. Any true statement can be substituted.
Examples are a = a and bob = bob.

The tragedy of this attack is that it is so easy to prevent. If the web programmer would
simply filter all input prior to processing it, then this type of SQL injection would be
impossible. That means that before any user input is processed, the web page
programming code looks through that code for common SQL injection symbols,
scripting symbols, and similar items. It is true that each year fewer and fewer websites
are susceptible to this. However, while writing this chapter there was a report that the
Joomla Content Management System, used by many web developers, was susceptible to
SQL injection. There will be more coverage of most of these attacks, including tools
used for them in subsequent chapters.

Cross-Site Scripting
Cross-Site Scripting
This attack is closely related to SQL injection. It involves entering data other than what
was intended, and it depends on the web programmer not filtering input. The
perpetrator finds some area of a website that allows users to type in text that other
users will see and then instead injects client­side script into those fields.

Note

Before I describe this particular crime, I would point out that the major online
retailers such as eBay and Amazon.com are not susceptible to this attack;
they do filter user input.

To better understand this process, let’s look at a hypothetical scenario. Let’s assume
that ABC online book sales has a website. In addition to shopping, users can have
accounts with credit cards stored, post reviews, and more. The attacker first sets up an
alternate web page that looks as close to the real one as possible. Then the attacker goes
to the real ABC online book sales website and finds a rather popular book. He goes to
the review section, but instead of typing in a review he types in this:

<script> window.location = "http://www.fakesite.com"; </script>

Now when users go to that book, this script will redirect them to the fake site, which
looks a great deal like the real one. The attacker then can have the website tell the user
that his session has timed out and to please log in again. That would allow the attacker
to gather a lot of accounts and passwords. That is only one scenario, but it illustrates
the attack.

Session Hijacking
Session hijacking can be rather complex to perform. For that reason, it is not a very
common form of attack. Simply put, the attacker monitors an authenticated session
between the client machine and the server and takes that session over. We will explore
specific methods of how this is done later in this book.

A 1985 paper written by Robert T. Morris titled “A Weakness in the 4.2BSD Unix
TCP/IP Software” defined the original session hijacking.
By predicting the initial sequence number, Morris was able to spoof the identity of a
trusted client to a server. This is much harder to do today.

In addition to flags (syn, ack, syn­ack), the packet header will contain the sequence
number that is intended to be used by the client to reconstitute the data sent over the
stream in the correct order. If you are unfamiliar with network packet flags, we will be
exploring that topic in Chapter 2, “Networks and the Internet.”

The Morris attack and several other session hijacking attacks require the attacker to be
connected to the network and to simultaneously knock the legitimate user offline and
then pretend to be that user. As you can probably imagine, it is a complex attack.

Insider Threats
Insider threats are a type of security breach. However, they present such a significant
issue that we will deal with them separately. An insider threat is simply when someone
inside your organization either misuses his access to data or accesses data he is not
authorized to access.

The most obvious case is that of Edward Snowden. For our purposes we can ignore the
political issues connected with his case and instead focus solely on the issue of insiders
accessing information and using it in a way other than what was authorized.

In 2009 Edward Snowden was working as a contractor for Dell, which manages
computer systems for several U.S. government agencies. In March 2012 he was
assigned to an NSA location in Hawaii. While there he convinced several people at that
location to provide him with their login and password, under the pretense of
performing network administrative duties. Some sources dispute whether or not this is
the specific method he used, but it is the one most widely reported. Whatever method
he used, he accessed and downloaded thousands of documents that he was not
authorized to access.

Again, ignoring the political issues and the content of the documents, our focus is on
the security issues. Clearly there were inadequate security controls in place to detect
Edward Snowden’s activities and to prevent him from disclosing confidential
documents. While your organization may not have the high profile that the NSA has,
any organization is susceptible to insider threats. Theft of trade secrets by insiders is a
common business concern and has been the focus of many lawsuits against former
employees. In both Chapter 7, “Industrial Espionage in Cyberspace,” and Chapter 9,
“Computer Security Technology,” we will see some countermeasures to mitigate this
Discovering Diverse Content Through
Random Scribd Documents
The following cut I take from Baldwin's work, for which it was copied
from one of Tempsky's plates. It is very faulty, as is proved by
Charnay's photograph taken from the same point of view, in
representing the walls as if built of large rough stones without
mortar, in putting a doorway in the central part of the northern wall,
and in making the columns diminish in size towards the top much
more than is actually the case.[VII-44]
Passing now to the northern wing of this
MOSAIC GRECQUES
AT MITLA.
building, C, the exterior walls are the same in
style and construction as those of the southern
wing just described, as is proved by the photographic views.[VII-45]
The court, C, is about thirty-one feet square, and its pavement was
covered with cement, as that of the larger court, E, may have been
originally. The ground plan shows the arrangement of the four
apartments, b, b, b, b, although it is to be noted that other plans
differ slightly from this in the northern and western rooms. The only
entrance to the northern court and rooms is from the southern wing
through the passage f, f, which is barely wide enough to admit one
person. The interior façades, fronting on the court, are precisely like
the southern façade of the southern wing, A, being made up of
mosaic work in panels.[VII-46] The interior walls of the small
apartments, b, b, b, b, unlike those of the southern apartment, A,
are formed of mosaic work in regular and graceful patterns, except a
space of four or five feet at the bottom, which is covered with
plaster and bears traces of a kind of fresco painting in bright colors.
The mosaic grecques or arabesques of the upper portions are
arranged, not in panels as on the exterior, but in three parallel bands
of uniform and nearly equal width, extending round the whole
circumference of each room. The cut is a fac-simile from Charnay's
photograph of one of these interiors, and gives an excellent idea of
the three mosaic bands that extend entirely round each room.[VII-47]
 Grecques on Interior of Room at Mitla.

I now have to speak of the roof which originally

ROOF STRUCTURES.
covered this building, since in the other buildings
and palaces nothing will be found to throw any
additional light on the subject. It seems evident that the columns in
the southern wing were intended to support the roof, and if there
were no contradictory evidence, the natural conclusion would be that
the covering was of wooden beams stretching completely across the
narrow apartments, and resting on the pillars of the wider ones, as
we have seen to be the case at Tuloom, on the eastern coast of
Yucatan.[VII-48] Burgoa, in whose time it is not impossible that some
of the roofs may have been yet in place, tells us that they were
formed of large stone blocks, resting on the columns, and joined
without mortar.[VII-49] Humboldt states that the roof was supported
by large sabino beams, and that three of these beams still remained
in place (1802). According to Dupaix, both the roofs and floors in the
northern wing were formed by a row of beams, or rather logs, of the
ahuehuete, a kind of pine, a foot and a half in diameter, built into
the top of the wall, and stretching from side to side. He does not
inform us what traces he found to support his opinion.
Mühlenpfordt[VII-50] found traces of a roof in one of the northern
rooms sufficient to convince him that the original "consisted of round
oak timbers, eight inches in diameter, placed across the room at a
distance of eight inches one from another; these were first covered
with mats, on which were placed stone flags, and over the latter a
coat of lime; forming thus a solid and water-proof covering." Fossey
speaks of one worm-eaten beam, but probably obtained his
information from Humboldt. Tempsky, notwithstanding the shortness
of his exploration, made the remarkable discovery that one of the
northern rooms was still covered by a flat roof of stone. He also
found windows in some of the buildings. What would he not have
found had he been able to remain a few hours longer at Mitla?
Viollet-le-Duc judges from the quantity and quality of the débris in
the south wing, that the roof could not have been of stone in large
blocks, but was formed by large beams extending longitudinally from
pillar to pillar, and supporting two transverse ranges of smaller
timbers, laid close together from the centre to either wall, the whole
being surmounted by a mass of concrete like that which constitutes
the bulk of the walls; and finally covered with a coating of cement. I
have no doubt that this author has given a correct idea of the
original roof structure, although in attempting to explain in detail the
exact position which—'il y a tout lieu de croire'—each timber
occupied, it is possible that the distinguished architect has gone
somewhat beyond his data.[VII-51]
 View from Court of Palace No. 1.

As I have said before, the western building of the palace No. 1—like
the southern building, if any ever stood on the south of the court—
has entirely fallen. Of the eastern building, d, there remain standing
a small portion of the wall fronting on the court, including a doorway
and its lintel, and also two of the five columns which occupied the
centre of the building. The condition of this side structure seems not
to have changed materially between Dupaix's and Charnay's visits, a
period of over fifty years. The preceding cut, taken by Baldwin from
Tempsky's work, gives a tolerably correct idea of what remains of it,
except that the lintel had a sculptured front. It is a view from the
south side of the court, and includes an imperfect representation
also of the northern façade.[VII-52]
The palaces of Mitla are differently numbered by different writers,
and much that has been written of them is so vague or confused
that is difficult to determine in many cases what particular structure
is referred to; I believe, however, that the preceding pages include
all that is known of the palace numbered 1 on my general plan. I
close my account of this palace by presenting on the opposite page
a cut copied for Baldwin's work from one of Charnay's photographs,
a general view of the ruins. The cut is a distant view of the palace
No. 1 from the south-west, and cannot be said to add very
materially to our knowledge respecting this building.[VII-53]

VIEW OF PALACE.

Distant View of Palace No. 1.

The remaining palaces of Mitla, Nos. 2, 3, and 4,

THE SECOND PALACE.
may be more briefly disposed of, since in the
construction of their walls they are precisely the
same as No. 1, but are not in so good a state of preservation. No. 2
is located south-west of No. 1, and almost in contact with it, so that
both groups have been by some visitors described together under
the name of First Palace. It consists of four buildings, built on low
mounds like those of No. 1, from seven to nine feet high, about a
square court. All four are precisely the same in their ground plan,
which is identical with that of the western building in palace No. 1.
The dimensions of the four buildings are also the same, according to
Castañeda's plan, being about eighteen by ninety-two English feet;
[VII-54] but Mühlenpfordt's plan, so far as it can be understood,
makes the eastern and western buildings about one hundred and
forty feet long, the northern and southern being about twenty by
one hundred feet, and the former somewhat larger than the latter.
The western building is the best preserved, being, so far as can be
judged by human figures in Charnay's photographs, about seventeen
feet high. The eastern building has fallen, and only its foundation
stones remain by which to trace its plan. Three doorways open on
the court from each building, and in the rear wall opposite the doors
square niches are seen. There are no traces of columns in any of the
apartments; nor was any part of the roofs in place in 1806. The
outer walls are composed, as in palace No. 1, of oblong panels of
mosaic; whether any mosaic work is found in the interior, is not
stated. The court is said by Mühlenpfordt to be covered with a
coating of cement five or six inches in thickness, painted red as was
also the exterior of the buildings. The same writer, and Müller, noted
that the supporting mounds were double, or terraced, on the
exterior;[VII-55] and the latter, that one of the central doorways
diminishes in width towards the top. If this, latter statement be true,
it must be one of the doorways in the southern building, of which no
photographic view was taken.[VII-56] Views of the southern façade of
the northern building are given by Charnay, Dupaix, Mühlenpfordt,
and Tempsky; of the court façade of the western building, by
Charnay and Mühlenpfordt; and Charnay also took photographs of
the western and southern façades of the latter building.[VII-57]
Under the northern building of this palace there is a subterranean
gallery in the form of a cross. The entrance to this gallery is said by
several writers to have been originally in the centre of the court, but
this seems to rest on no very good authority, and it is not unlikely
that the entrance was always where it is now, at the base of the
northern mound, as shown in the photograph and in other views.
The centre of the cross may be supposed to be nearly under the
centre of the apartment above, and the northern, eastern, and
western arms are each, according to Castañeda's drawings, about
twelve feet long, five and a half feet wide, and six and a half feet
high. The southern arm, leading out into the court is something over
twenty feet long, and for most of its length only a little over four feet
high; its floor is also several feet lower than that of the other arms,
to the level of which latter four steps lead up. Nearly the whole
depth of this gallery is probably in the body of the supporting mound
rather than really subterranean. The top is formed of large blocks of
stone, stretching across from side to side, and, according to
Mühlenpfordt, plastered and polished. The floor was also covered, if
we may credit Müller, with a polished coat of cement. The walls are
panels of mosaic work like that found on the exterior walls above.
Mühlenpfordt noticed that the mosaic work was less skillfully
executed than on the upper walls, and therefore probably much
older. The large dall that covers the crossing of the two galleries is
supported by a circular pillar resting on a square base. According to
Tempsky the natives call this the 'pillar of death,' believing that
whoever embraces it must die shortly. The whole interior surface,
sides, floor, and ceiling, are painted red. No relics of any kind have
been found here. Fossey says that this gallery, or at least a gallery,
leads from the palace to the eastern pyramid—meaning probably the
western pyramid, No. 5 of the plan—and from that point still further
westward, where it may be traced for a league to the farm of Saga,
and extends, as the natives believe, some three hundred leagues.
Tradition relates that the Zapotecs originally had their temples in
natural caverns, which they gradually improved to meet their
requirements, and over which they finally built these palaces. There
are consequently many absurd rumors afloat respecting the extent
of the subterranean passages, but nothing has ever been discovered
to indicate the existence of natural caves or extensive artificial
excavations at this point. At the time of Charnay's visit the opening
to the gallery had been closed up, and the natives would allow no
one to remove the obstructions, on the ground that hidden treasure
was the object sought.[VII-58]

Ground Plan—Palace No. 3.

Palace No. 3 of the plan is said to have no

THIRD PALACE.
supporting mound, but to stand on the level of the
ground. Its ground plan, according to Castañeda,
the only authority, is shown in the cut. The whole structure, divided
into three courts, is about two hundred and eighty-four feet long and
one hundred and eight feet wide, the thickness of the walls, not
shown in the plan, being five or six feet. Nearly all the walls have
fallen except those of the buildings about the central court, B, which
have been repaired, covered with a roof of tiles, and are occupied by
the curate of the parish as a residence. In the western front a
doorway has been cut, before which, supporting a balcony, or
awning, stand two stone columns which were evidently brought from
some other part of the ruins. Both on the exterior and court walls,
the regular panels of mosaic work are seen in the upper portions;
the lower parts have been repaired with adobes, and newly
plastered in many places. The modern church, quite a large and
imposing structure, stands either upon or adjacent to a part of this
ancient palace.[VII-59]

Ground Plan—Palace No. 4.

The cut is a ground plan of palace No. 4, which

FOURTH PALACE, AND
PYRAMIDS.
is also said to stand on the original level of the
ground. The walls are spoken of by all visitors as
almost entirely in ruins, and as presenting no peculiarities of
construction when compared with the other palaces. From one of
the portions still standing, however, Mühlenpfordt copied some
fragmentary paintings, representing processions of rudely pictured
human figures, as shown in the accompanying cut. The same author
speaks of similar paintings, very likely not the work of the original
builders of Mitla, on the walls of some of the other buildings.[VII-60]

Painting on Doorway—Palace No. 4.

Two mounds, or groups of mounds, stand west and south of the

other ruins at 5 and 7 of the plan. No. 5 was photographed by
Charnay, and is described as built of adobes, ascended by a stone
stairway, and bearing now a modern chapel. According to
Castañeda's drawing probably representing these pyramids, the
principal structure had four stories, or terraces, and was about
seventy-five feet high, measuring at the base about one hundred
and twenty feet on its shortest sides from east to west. The stairway
faces westward towards the court formed by the smaller mounds
which have only two stories. Group No. 7 is represented by
Castañeda as consisting like No. 5 of a large mound and three small
ones, of two and one stories respectively, surrounding a court in
whose centre is a block, or altar, which Dupaix thinks may conceal
the entrance to a subterranean passage. Mühlenpfordt represents
the arrangement of the mounds as on my plan, and thinks the
smaller elevations may have borne originally buildings like the
northern palaces. In one of these mounds, according to the last-
mentioned author, a tomb was found. Dupaix also describes two
tombs found under mounds, the locality of which is not specified.
One of these tombs was in the form of a cross, with arms about
three by nine feet, six feet high, covered with a roof of flat stones,
and in its construction like the gallery under palace No. 2, except
that the small brick-shaped blocks of which its sides are formed are
not arranged in grecques, but laid so as to present a plain surface.
The second tomb was of rectangular form, about four by eight feet
in dimensions. In one of them some human remains, with fragments
of fine blue stone were discovered.[VII-61]
At a distance of a league and a half eastward of
FORTIFIED HILL.
the village, Dupaix described and Castañeda
sketched a small plain square stone building,
divided into four apartments, standing on the slope of a high rocky
hill. On the plate there is also shown the entrance to a subterranean
gallery not mentioned in Dupaix's text.[VII-62] Three fourths of a
league westward from the village is a hill some six hundred feet in
height, with precipitous sides naturally inaccessible save on one side,
toward Mitla. The summit platform, probably leveled by artificial
means, is enclosed by a wall of stone about six feet thick, eighteen
feet high, and over a mile in circumference, forming many angles, as
is shown in the annexed plan. On the eastern and accessible side,
the wall is double, the inner wall being higher than the outer; and
the entrances are not only not opposite each other, but penetrate
the walls obliquely. Heaps of loose stones, c, c, c, were found at
various points in the enclosure, doubtless for use as weapons in a
hand-to-hand conflict. Outside of the walls, moreover, large rocks,
some three feet in diameter, were carefully poised where they might
be easily started down the sides against the advancing foe. Within
the fortress, at several places, d, e, f, g, are slight remains of adobe
buildings, probably erected for the accommodation of the aboriginal
garrison. All we know of this fortress is derived from the work of
Dupaix and Castañeda.[VII-63]
 Plan of Fortress near Mitla.

Dupaix claims to have found the quarries which furnished material

for the Mitla structures, in a hill three-fourths of a league eastward
from the ruins, called by the Zapotecs Aguilosoé, by the Spaniards
Mirador. The stone is described as of such a nature that large blocks
may be easily split off by means of wedges and levers, and many
such blocks were scattered about the place; the removal of the
stone to the site of the palaces, here as in the case of many other
American ruins, must have been the chief difficulty overcome by the
builders. Stone wedges, together with axes and chisels of hard
copper, are said to have been found at Mitla, but are not particularly
described.[VII-64]
 Head in Terra Cotta—Mitla.

A head in terra cotta, wearing a peculiar helmet, was sketched here

by Castañeda, and is shown in the cut. Another terra-cotta image
represented a masked human figure, squatting cross-legged with
hands on knees. A large semicircular cape reaches from the neck to
the ground, showing only the hands and feet in front. The whole is
very similar to some of the figures at Zachila, already described, but
the tube which may be supposed to have held a torch originally,
projects above the head, and is an inch and a half in diameter. The
only specimen of stone images or idols found in connection with the
ruins, is shown in the cut. It represents a seated figure, carved from
a hard red stone, and brilliantly polished. Its height is about four
inches. Tempsky tells us that the children at Mitla offered for sale
small idols of clay and sandstone, which had been taken from the
inner palace walls.[VII-65]
 Stone Image from Mitla.

The ruins of Mitla resemble Palenque only in the

GENERAL REMARKS. long low narrow form of the buildings, since the
low supporting mounds can hardly be said to
COMPARISONS. resemble the lofty stone-faced pyramids of
Chiapas. A stronger likeness may be discovered
when they are compared with the structures of Yucatan; since in
both cases we find long narrow windowless buildings, raised on low
mounds, and enclosing a rectangular courtyard, walls of rubble, and
facings of hewn stone. The contrasts are also strong, as seen in the
mosaic grecques, the absence of sculpture, and the flat roofs, in
some cases supported by columns; although in one city on the east
coast of Yucatan flat roofs of wooden beams were found. Whether
the mosaic work of Mitla indicates in itself an earlier or later
development of aboriginal art than the elaborately sculptured
façades of Uxmal, I am unable to decide; but the flat roof supported
by pillars would seem to indicate a later architectural development
than the overlapping arch. The influence of the builders of Palenque
and the cities of Yucatan, was doubtless felt by the builders of Mitla.
How the influence was exerted it is very difficult to determine;
Viollet-le-Duc attributes these northern structures to a branch of the
southern civilization separated from the parent stock after the
foundation of the Maya cities in Yucatan. Most antiquarians have
concluded that Mitla is less ancient than the southern ruins, and the
condition of the remains, so far as it throws any light on the subject,
confirms the conclusion. This is the last ruin that will be found in our
progress northward, which shows any marked analogy with the
Maya monuments, save in the almost universal use of supporting
mounds or pyramids, of various forms and dimensions. It has
already been shown that the Zapotec language has no likeness
whatever to the Aztec, or to the Maya, and that so far as institutions
are concerned, this people might almost as properly be classed with
the Maya as with the Nahua nations. The Abbé Brasseur in one part
of his writings expresses the opinion that Mitla was built by the
Toltecs from Cholula, who introduced their religion in Oajaca in the
ninth or tenth century. Mitla is also frequently spoken of as a
connecting link between the Central American and Mexican remains;
this, however, is merely a part of the old favorite theory of one
civilized people originating in the far north, moving gradually
southward, and leaving at each stopping-place traces of their
constantly improving and developing culture. There seems to have
been no tradition among the natives at the Conquest, indicating that
Mitla was built by a people preceding the Zapotecs. On the contrary,
Burgoa and other early Oajacan chroniclers mention the place
frequently as a Zapotec holy place, devoted to the burial of kings,
the residence of a certain order of the priesthood, who lived here to
make expiatory sacrifices for the dead, and a place of royal
mourning, whither the king retired on the death of a relative.
Subterranean caverns were used for the celebration of religious rites
before the upper temples were built. Charnay fancies that the
palaces were built by a people that afterwards migrated southward.
He noticed that the walls in sheltered places were covered with very
rude paintings—a sample of which has been given—and suggests
that these were executed by occupants who succeeded the original
builders. It will be apparent to the reader that the ruins at Mitla bear
no resemblance whatever to other Oajacan monuments, such as
those at Guiengola, Monte Alban, and Quiotepec; and that they are
either the work of a different nation, or what is much more
probable, for a different purpose. I am inclined to believe that Mitla
was built by the Zapotecs at a very early period of their civilization,
at a time when the builders were strongly influenced by the Maya
priesthood, if they were not themselves a branch of the Maya
people.[VII-66]
The mosaic work undoubtedly bears a strong resemblance to the
ornamentation observed on Grecian vases and other old-world relics;
but this analogy is far from indicating any communication between
the artists or their ancestors, for, as Humboldt says, "in all zones
men have been pleased with a rhythmic repetition of the same
forms, a repetition which constitutes the leading characteristic of
what we vaguely call grecques, meandres, and Arabesques."[VII-67]
In the northern part of Oajaca, towards the boundary line of Puebla,
remains have been found in several localities. Those near Quiotepec
are extensive and important, but are only known by the description
of one explorer, Juan N. Lovato, who visited the ruins as a
commissioner from the government in January, 1844.[VII-68] Lovato's
account contains many details, but the drawings which originally
accompanied it were, with two exceptions, not published, and from
the text only a general idea can be formed respecting the nature of
the ruins. The following are such items of information as I have been
able to extract from the report in question.
A hill about a mile long and a quarter of a mile
RUINS OF
QUIOTEPEC.
wide at its base, and over a thousand feet high,
known as the Cerro de las Juntas, stands at the
junction of the rivers Quiotepec and Salado. At the eastern end,
where the streams meet, the ascent is precipitous and inaccessible,
but the other sides and the summit are covered with ruins. The
slopes are formed into level platforms with perpendicular terrace
walls of stone, of height and thickness varying according to the
nature of the ground. In ascending the western slope, thirty-five of
these terrace walls were encountered; on the southern slope there
were fifty-seven, and on the northern eighty-eight, counting only
those that were still standing. One of the walls at the summit is
about three hundred and twenty feet long, sixty feet high, and five
and a half feet thick.
Scattered over the hill on the terrace platforms, the foundations of
small buildings, supposed to have been dwellings, were found in at
least a hundred and thirty places. In connection with these buildings
some tombs were found underground, box-shaped with walls of
stone, containing human remains and some fragments of pottery.
Tumuli in great numbers are found in all directions, probably burial
mounds, although nothing but a few stone beads has been found in
them. Other mounds were apparently designed for the support of
buildings. At different points towards the summit of the hill are three
tanks, or reservoirs, one of which is sixty feet long, twenty-four feet
wide, and six feet deep, with traces of steps leading down into it. In
the walls traces of beams are seen, supposed by the explorer to
have supported the scaffolding used in their construction.

Temple Pyramid—Cerro de las Juntas.

Besides the terrace walls, foundations of dwellings, and the remains

that have been mentioned, there are also many ruins of statelier
edifices, presumably palaces and temples. Of these, the only ones
described are situated at the summit on a small level plateau, of a
hundred and twenty-two by two hundred and forty-eight feet. These
consist of what are spoken of as a palace and a temple, facing each
other, a hundred and sixty-six feet apart. Between the two are the
bases of what was formerly a line of circular pillars, leading from one
edifice to the other. The bases, or pedestals, are fourteen inches in
diameter, five inches high, and about fourteen feet apart. The
Temple faces north-east, and its front is shown in the accompanying
cut. This is a form of the pyramidal structure very different from any
that has been met before. Its dimensions on the ground are fifty by
fifty-five feet. The Palace is described as thirty-nine feet high in front
and thirty-three feet in the rear, and has a stairway of twenty steps
about twenty-eight feet wide, leading up to the summit on the front.
Judging by the plate, this so-called palace is a solid elevation with
perpendicular sides, ornamented with three plain cornices, one end
of which is occupied throughout nearly its whole width by the
stairway mentioned. The material of the two structures is the stone
of the hill itself cut in thin regular blocks, laid in what is described as
mud, and covered, as is shown by traces still left in a few parts, with
a coating of plaster. Both the structures, according to the plates,
have a rather modern appearance, and differ widely from any other
American monuments, but there seems to be no reason to doubt the
reliability of Sr Lovato's account, considering its official nature, and I
cannot suppose that the Spaniards ever erected such edifices. The
foundations and arches of three small apartments are vaguely
spoken of as having been discovered by excavation in connection
with the Palace, but whether they were on its summit or in the
interior of the apparently solid mass, does not clearly appear,
although Müller states that the latter was the case. On the summit
of the Palace a copal-tree, one foot in diameter, was found. Five
sculptured slabs were sketched by Müller at Quiotepec, but he does
not state in what part of the ruins they were found. Each slab has a
human figure in profile, surrounded by a variety of inexplicable
attributes. The foreheads seem to be flattened, and four of the five
have an immense curved tongue, possibly the well-known Aztec
symbol of speech, protruding from the mouth. Somewhere in this
vicinity, on the perpendicular banks of rock that form the channel of
the Rio Tecomava, painted figures of a sun, moon, and hand, are
reported, at a great height from the water.[VII-69]
 Near the town of Tuxtepec, some fifty miles
TUXTEPEC AND
HUAHUAPAN.
eastward from Quiotepec, near the Vera Cruz
boundary, there is said to be an artificial mound
eighty-three feet high, known as the Castillo de Montezuma. A
passage leads toward the centre, but nothing further is known of it,
except that some stone idols are mentioned by another writer as
having been dug from a mound in a town of the same name.[VII-70]

Sculptured Block from Huahuapan.

At Huahuapan, about fifty miles westward of Quiotepec, Dupaix

found the sculptured block shown in the cut. It is four and a half feet
long, and a foot and a half high; the material is a hard blue stone,
and the sculpture in low relief seems to represent a kind of coat of
arms, from which projects a hand grasping an object, a part of
which bears a strong resemblance to the Aztec symbol of water. This
relic was found in a hill called Tallesto, about a league east of the
town.[VII-71]
In another hill, called Sombrerito, only half a league from the town,
a laborer in 1831 plowed up an ancient grave, said to have
contained human bones, fine pottery, with gold beads and rings. All
the relics were buried again by the finder, except four of the rings,
which came into the possession of the Bishop of Puebla, and two of
which are shown in the cut. With some doubts respecting the
authenticity of these relics I give the cuts for what they are worth.
There are accounts and drawings of several rudely carved stone
images from the same region.[VII-72]

Gold Rings from Huahuapan.

At Yanguitlan, ten or fifteen miles south-east of Huahuapan, several

relics were found, including a human head of natural size carved
from red stone; two idols of green jasper, slightly carved in human
likeness; three cutting implements of hard stone; and the two
objects shown in the cuts on the opposite page. The first is a spear-
head of gray flint, and the second a very curious relic of unknown
use, and whose material and dimensions the finder has neglected to
mention. It is of a red color, and is very beautifully wrought in two
pieces, one serving as a cover for the other, apparently intended to
be joined by a cord as represented in the cut. Among the uses
suggested are those of a censer and a lantern.[VII-73]
 Relics from Yanguitlan.

Respecting the relics of the state of Guerrero,

ANTIQUITIES OF my only information is derived from a statistical
GUERRERO. work by Sr Celso Muñoz, contained in the report
of Gov. Francisco O. Arce to the legislature of the
state in 1872. This author mentions such relics in the district of
Hidalgo, north of the Rio Zacatula towards the Mexican boundary, as
follows: 1st. "The momoxtles, or tombs of the ancient Indians, which
are found in almost all the towns, although they are constantly
disappearing, and abound especially in the municipality of Cocula."
2d. "Traces of ancient settlements of the aborigines, who either
became extinct or migrated to other localities: such are seen on the
hill of Huizteco, in the municipality of Tasco, in that of Tetipac el
Viejo and of Coatlan el Viejo, of Tetipac, of Coculatepil, of Piedra
Grande or San Gaspar, region of Iglesia Vieja, Cocula, and many
others." 3d. At Tepecoacuilco "there are traces very clearly defined
of many foundations of houses; and in excavations that have been
made there have been found many idols and flint weapons,
especially lances, very well preserved, and other curious relics of
Aztec times." 4th. At Chontalcuatlan, there are traces of the ancient
town on a hill called Coatlan el Viejo, where there is also said to be a
block of porphyry one or two mètres in diameter, on the surface of
which is sculptured a coiled serpent.[VII-74]
 CHAPTER VIII.
ANTIQUITIES OF VERA CRUZ.

Physical Features of the State—Exploration and Reports—Caxapa and Tuxtla—Negro

Head—Relics from Island of Sacrificios—Eastern Slope Remains—Medelin—Xicalanco
—Rio Blanco—Amatlan—Orizava—Cempoala—Puente Nacional—Paso de Ovejas—
Huatusco—Fortifications and Pyramids of Centla—El Castillo—Fortress of
Tlacotepec—Palmillas—Zacuapan—Inscription at Atliaca—Consoquitla Fort and Tomb
—Calcahualco—Ruins of Misantla or Monte Real—District of Jalancingo—Pyramid of
Papantla—Mapilca—Pyramid and Fountain at Tusapan—Ruins of Metlaltoyuca—Relics
near Pánuco—Calondras, San Nicolas, and Trinidad.

Passing now to the eastern or gulf coast, I shall devote the present
chapter to the antiquities of Vera Cruz, the ancient home of the
Totonacs in the north, and the Xicalancas and Nonohualcos in the
south. Vera Cruz, with an average width of seventy miles, extends
from the Laguna de Santa Ana, the western boundary of Tabasco, to
the mouth of the River Pánuco, a distance of about five hundred
miles. Its territory is about equally divided lengthwise between the
low malarious tierra caliente on the immediate gulf shore, and the
eastern slope of the lofty sierra that bounds the Mexican plateau.
Two or three much-traveled routes lead inland from the port of Vera
Cruz towards the city of Mexico, and travelers make haste to cross
this plague-belt, the lurking-place of the deadly vomito, turning
neither to the right nor left to investigate the past or present. A
railroad now completed renders the transit still more direct and rapid
than before. Away from these routes the territory of this state is less
known than almost any other portion of the Mexican Republic,
although a portion of the southern Goatzacoalco region has been
pretty thoroughly explored by surveyors of the Tehuantepec
interoceanic routes, and by an unfortunate French colonization
company that settled here early in the present century. The
mountain slopes and plateaux twenty-five or thirty miles inland are,
however, fertile and not unhealthy, having been crowded in ancient
times with a dense aboriginal population, traces of whose former
presence are found in every direction. Most of our information
respecting the antiquities of this state is derived from the reports of
Mexican explorers, only one or two of whom have in most cases
visited each of the many groups of ruins. These explorers have as a
rule fallen into a very natural, perhaps, but at the same time very
unfortunate error in their descriptions; for after having displayed
great energy and skill in the discovery and examination of a ruin,
doubtless forming a clear idea of all its details, they usually
compress these details into the space of a few paragraphs or a few
pages, and devote the larger part of their reports to essays on the
Toltec, Chichimec, or Olmec history—subjects on which they can
throw no light. They neglect a topic of the deepest interest,
concerning which their authority would be of the very greatest
weight, for another respecting which their conclusions are for the
most part valueless.

RELICS AT The ruins of an aboriginal city are mentioned at

SACRIFICIOS ISLAND. Caxapa, between the volcano of Tuxtla and the
coast in the southern part of the state.[VIII-1] In
the vicinity of Tuxtla, at the south-western base of the volcano, a
colossal granite head, six feet high, was found by a laborer in 1862,
while making a clearing for a milpa. The head was photographed,
and a copy of the plate published by the Mexican Geographical
Society, together with an accompanying text prepared by J. M.
Melgar. A copy of the plate is given in the cut. The most noticeable
peculiarity in this head is the negro cast of the features, and Señor
Melgar devotes his article to the negro race, which as he supposes
lived in America before the coming of the Spaniards.[VIII-2]

Ethiopian Head of Granite.

Earthen Vase—Isle of Sacrificios.

 White Marble Vase—Vera Cruz.

On the island of Sacrificios, in the harbor of Vera Cruz, one

author[VIII-3] states that remains of the ancient temple are visible.
This is probably an error, but numerous small relics have been dug
up on the island. Many of the relics were articles of pottery, one of
which of very peculiar form is shown in the cut from Waldeck. This,
like most of the other articles found here, is preserved in the
Museum of Mexico, and was sketched by Mayer and by Waldeck. Mr
Tylor pronounces it not the work of the natives before the Conquest,
in fact a fraud, "one of the worst cases I ever noticed." There is no
doubt of the accuracy of the drawing, and Sr Gondra assured Col.
Mayer, as the latter informs me, that the relic is an authentic one.
[VIII-4] Workmen engaged in laying the foundations of the modern
fort found, at a depth of six feet, vases of hard material, which in
the opinion of M. Baradère resembled vases that have been brought
from Japan.[VIII-5] Col. Mayer gives cuts of thirteen relics dug from a
subterranean chamber or grave in 1828. Two of these were of white
marble or alabaster, and one of them is shown in the cut. M.
Dumanoir made an excavation also in 1841, finding a sepulchre
containing well-preserved human skeletons, earthen vases painted
and etched, idols, images, bracelets, teeth of dogs and wild beasts,
and marble, or alabaster, urns. Plates of many of the relics have
been published.[VIII-6]
 From the city of Vera Cruz two main routes of
REMAINS ON THE
EASTERN SLOPE.
travel lead inland toward the city of Mexico. The
first extends north-westward via Jalapa, and the
second south-westward via Orizava. After crossing the first lofty
mountain barrier which divides the coast from the interior plateaux,
the roads approach each other and meet near Puebla. On the
eastern slope, the roads with the mountain range, which at this
point extends nearly north and south, form a triangle with equal
sides of about eighty miles, at the angles of which are the cities of
Vera Cruz, Jalapa, and Orizava, or more accurately points ten or
fifteen miles above the two latter. This comparatively small triangular
area, round which so many travelers have passed in their journey to
Anáhuac, is literally covered with traces of its aboriginal population,
in the shape of pottery, implements, foundation stones of dwellings,
fortifications, pyramids, and graves. I quote the following from an
article on the antiquities of Vera Cruz, written in 1869, for the
Mexican Geographical Society, by Carlos Sartorius:
"On the eastern slope of the lofty volcanic range, from the Peak of
Orizava to the Cofre de Perote, at an average elevation of two to five
thousand feet above the level of the gulf, there exist innumerable
traces of a very numerous indigenous population before the
Conquest. History tells us nothing respecting this part of the country,
distinguished for its abundant supply of water, its fertility, and its
delightful and healthy climate." "For an extent of fifteen to twenty
leagues, from east to west, there was not a span of earth that was
not cultivated, as is proved by numberless remains.... The whole
country is formed into terraces by stone walls, which follow all the
variations of the surface with the evident object of preventing the
washing away of the soil. Sometimes the terraces are ten or twelve
yards wide, at others hardly one yard. The small ravines called rayas
served for innumerable water-tanks, built of rocks and clay, or of
stone and mortar, these dams being also covered with a coating of
hard cement. It is evident that a numerous population took
advantage of every inch of land for cultivation, using the water
gathered in the tanks during the rainy season for irrigation, possibly
effected by hand by means of earthern vessels. In the more sterile
portions of the land, on the top of hills which have no soil are seen
the foundations of dwellings, all of stone without mortar, arranged in
streets or in groups. They always form an oblong rectangle and face
the cardinal points. They are found in clearing heavy forests as well
as on open tracts, and the fact that oaks a mètre in diameter are
found within the enclosure of the walls, proves that many centuries
have passed since the population disappeared. In many parts are
found groups of pyramids, of various sizes and degrees of
preservation. The largest, of stone, are fifty feet and over in height,
while the smallest are not over ten or twelve. The last seem to be
tombs; at least several that we opened contained skeletons in a very
decomposed state, with earthen utensils like those now made by the
natives, arrow-heads of obsidian and bird-bone, doubtless the
supplies given to the dead for their journey." One contained an
elegant burial urn, bearing ornamental figures in relief, containing
ashes and fragments of human bones, and covered first with small
pebbles, and then with stone flags. "The region which we subjected
to our investigation comprehends the slope of the sierra to the coast
between Orizava and Jalapa. At an elevation of four or five thousand
feet there are many springs, which at a short distance form ravines
in a soil composed of conglomerates or, further south, of lime. In
their course the ravines unite and form points sometimes with
vertical walls of considerable height. As the water-courses do not
follow a straight line, but wind about, the erosion of the current
above the meeting of the ravines destroys a great portion of the
dividing ridge, so that above there remains only a narrow pass, the
ridge afterwards assuming greater width until the end is reached.
This play of nature occurs in the region of which we are speaking, at
many points and with great uniformity, almost always at the same
level of two thousand to twenty-five hundred feet. The natives
selected these points, strong by nature, fortifying them by art so
ingeniously as to leave no doubt as to their progress in military
art.... Some of them are almost inaccessible, and can be reached
only by means of ladders and ropes. They all have this peculiarity in
common, that, besides serving for defense, they enclose a number
of edifices destined for worship,—teocallis and traces of very large
structures, such as residences, quarters, or perhaps palaces of the
priests and rulers. In some of them there are springs and remains of
large artificial tanks; in others, aqueducts of stone and mortar, to
bring water from distant springs." Sr Sartorius then proceeds to the
description of particular ruins, of which more hereafter.[VIII-7]
Mr Hugo Finck, a resident for twenty-eight years
TRACES OF
ABORIGINAL
in the region under consideration, in which he
POPULATION. traveled extensively to collect botanical
specimens, contributed the following general
remarks to the Smithsonian Report for 1870: "There is hardly a foot
of ground in the whole state of Vera Cruz [the author refers
particularly to the region about Córdova, Huatusco, and Mirador] in
which, by excavation, either a broken obsidian knife, or a broken
piece of pottery is not found. The whole country is intersected with
parallel lines of stones, which were intended during the heavy
showers of the rainy season to keep the earth from washing away.
The number of those lines of stones shows clearly that even the
poorest land, which nobody in our days would cultivate, was put
under requisition by them.... In this part of the country no trace of
iron or copper tools has ever come under my notice. Their
implements of husbandry and war were of hard stone, but generally
of obsidian and of wood. The small mounds of stones near their
habitations have the form of a parallelogram, and are not over
twenty-seven inches high. Their length is from five to twelve yards,
their width from two to four. On searching into them nothing is
found. A second class of mounds is round, in the form of a cone,
always standing singly. They are built of loose stones and earth, and
of various sizes; some as high as five yards, with a diameter of from
five to twenty yards. Excavation made in them brought to light a
large pot of burned clay filled with ashes, but in general nothing is
found. The third class of mounds, also built of loose stones and
earth, have the form of a parallelogram, whose smaller sides look
east and west, and are from five to six yards high, terminating at the
top in a level space of from three to five yards in width, the base
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

ebookluna.com