Author: Edward Skoudis
Publisher: Prentice Hall
Release Date: 2005-12-23
For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security expert Ed Skoudis, with Tom Liston, has thoroughly updated this best-selling guide, showing how to defeat today’s newest, most sophisticated, and most destructive attacks. For this second edition, more than half the content is new and updated, including coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. The authors walk you through each attack and demystify every tool and tactic. You’ll learn exactly how to establish effective defenses, recognize attacks in progress, and respond quickly and effectively in both UNIX/Linux and Windows environments. Important features of this new edition include All-new “anatomy-of-an-attack” scenarios and tools An all-new section on wireless hacking: war driving, wireless sniffing attacks, and more Fully updated coverage of reconnaissance tools, including Nmap port scanning and “Google hacking” New coverage of tools for gaining access, including uncovering Windows and Linux vulnerabilities with Metasploit New information on dangerous, hard-to-detect, kernel-mode rootkits
Explains how and why hackers break into computers, steal information, and deny services to machines' legitimate users, and discusses strategies and tools used by hackers and how to defend against them.
Facts101 is your complete guide to Counter Hack Reloaded, Step-by-Step Guide to Computer Attacks and Effective Defenses. In this book, you will learn topics such as Linux and UNIX Overview: Pretty Much EverythingYou Need to Know About ..., Windows NT/2000/XP/2003 Overview: Pretty Much EverythingYou Need to Kn ..., Phase I: Reconnaissance, and Phase 2: Scanning plus much more. With key features such as key terms, people and places, Facts101 gives you all the information you need to prepare for your next exam. Our practice tests are specific to the textbook and we have designed tools to make the most of your limited study time.
Author: Christopher J. Alberts
Publisher: Addison-Wesley Professional
Release Date: 2002
Genre: Business & Economics
This is a descriptive and process-oriented book on a new security risk evaluation method, OCTAVE. OCTAVE stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation "SM." An information security risk evaluation helps organizations evaluate organizational practice as well as the installed technology base and to make decisions based on potential impact.
Author: Richard E. Klima
Publisher: CRC Press
Release Date: 2012-06-20
Easily Accessible to Students with Nontechnical Backgrounds In a clear, nontechnical manner, Cryptology: Classical and Modern with Maplets explains how fundamental mathematical concepts are the bases of cryptographic algorithms. Designed for students with no background in college-level mathematics, the book assumes minimal mathematical prerequisites and incorporates student-friendly Maplets throughout that provide practical examples of the techniques used. Technology Resource By using the Maplets, students can complete complicated tasks with relative ease. They can encrypt, decrypt, and cryptanalyze messages without the burden of understanding programming or computer syntax. The authors explain topics in detail first before introducing one or more Maplets. All Maplet material and exercises are given in separate, clearly labeled sections. Instructors can omit the Maplet sections without any loss of continuity and non-Maplet examples and exercises can be completed with, at most, a simple hand-held calculator. The Maplets are available for download at www.radford.edu/~npsigmon/cryptobook.html. A Gentle, Hands-On Introduction to Cryptology After introducing elementary methods and techniques, the text fully develops the Enigma cipher machine and Navajo code used during World War II, both of which are rarely found in cryptology textbooks. The authors then demonstrate mathematics in cryptology through monoalphabetic, polyalphabetic, and block ciphers. With a focus on public-key cryptography, the book describes RSA ciphers, the Diffie–Hellman key exchange, and ElGamal ciphers. It also explores current U.S. federal cryptographic standards, such as the AES, and explains how to authenticate messages via digital signatures, hash functions, and certificates.
With the number of intrusion and hacking incidents around the world on the rise, the importance of having dependable intrusion detection systems in place is greater than ever. Offering both a developmental and technical perspective on this crucial element of network security, Intrusion Detection covers: practical considerations for selecting and implementing intrusion detection systems; methods of handling the results of analysis, and the options for responses to detected problems, data sources commonly used in intrusion detection and how they influence the capabilities of all intrusion detection systems; legal issues surrounding detection and monitoring that affect the design, development, and operation of intrusion detection systems. More than just an overview of the technology, Intrusion Detection presents real analysis schemes and responses, as well as a detailed discussion of the vulnerabilities inherent in many systems, and approaches to testing systems for these problems.
How secure is your network? The best way to find out is to attack it, using the same tactics attackers employ to identify and exploit weaknesses. With the third edition of this practical book, you’ll learn how to perform network-based penetration testing in a structured manner. Security expert Chris McNab demonstrates common vulnerabilities, and the steps you can take to identify them in your environment. System complexity and attack surfaces continue to grow. This book provides a process to help you mitigate risks posed to your network. Each chapter includes a checklist summarizing attacker techniques, along with effective countermeasures you can use immediately. Learn how to effectively test system components, including: Common services such as SSH, FTP, Kerberos, SNMP, and LDAP Microsoft services, including NetBIOS, SMB, RPC, and RDP SMTP, POP3, and IMAP email services IPsec and PPTP services that provide secure network access TLS protocols and features providing transport security Web server software, including Microsoft IIS, Apache, and Nginx Frameworks including Rails, Django, Microsoft ASP.NET, and PHP Database servers, storage protocols, and distributed key-value stores
Publisher: Jones & Bartlett Learning
Release Date: 2014-08-12
Part of the Jones & Bartlett Learning Information Systems Security and Assurance Series http://www.issaseries.com Revised and updated to address the many changes in this evolving field, the Second Edition of Legal Issues in Information Security (Textbook with Lab Manual) addresses the area where law and information security concerns intersect. Information systems security and legal compliance are now required to protect critical governmental and corporate infrastructure, intellectual property created by individuals and organizations alike, and information that individuals believe should be protected from unreasonable intrusion. Organizations must build numerous information security and privacy responses into their daily operations to protect the business itself, fully meet legal requirements, and to meet the expectations of employees and customers. Instructor Materials for Legal Issues in Information Security include: PowerPoint Lecture Slides Instructor's Guide Sample Course Syllabus Quiz & Exam Questions Case Scenarios/Handouts New to the Second Edition: • Includes discussions of amendments in several relevant federal and state laws and regulations since 2011 • Reviews relevant court decisions that have come to light since the publication of the first edition • Includes numerous information security data breaches highlighting new vulnerabilities
When the Stuxnet computer worm damaged the Iranian nuclear program in 2010, the public got a small glimpse into modern cyber warfare—without truly realizing the scope of this global conflict. Inside Cyber Warfare provides fascinating and disturbing details on how nations, groups, and individuals throughout the world increasingly rely on Internet attacks to gain military, political, and economic advantages over their adversaries. This updated second edition takes a detailed look at the complex domain of cyberspace, and the players and strategies involved. You’ll discover how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality. Discover how Russian investment in social networks benefits the Kremlin Learn the role of social networks in fomenting revolution in the Middle East and Northern Africa Explore the rise of anarchist groups such as Anonymous and LulzSec Look inside cyber warfare capabilities of nations including China and Israel Understand how the U.S. can legally engage in covert cyber operations Learn how the Intellectual Property war has become the primary focus of state-sponsored cyber operations Jeffrey Carr, the founder and CEO of Taia Global, Inc., is a cyber intelligence expert and consultant who specializes in the investigation of cyber attacks against governments and infrastructures by state and non-state hackers.
Author: William Stallings
Publisher: Pearson Higher Ed
Release Date: 2015-01-26
Computer Security: Principles and Practice, Third Edition, is ideal for courses in Computer/Network Security. In recent years, the need for education in computer security and related topics has grown dramatically—and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research and modeling projects, giving students a broader perspective. It covers all security topics considered Core in the EEE/ACM Computer Science Curriculum. This textbook can be used to prep for CISSP Certification, and includes in-depth coverage of Computer Security, Technology and Principles, Software Security, Management Issues, Cryptographic Algorithms, Internet Security and more. The Text and Academic Authors Association named Computer Security: Principles and Practice, First Edition, the winner of the Textbook Excellence Award for the best Computer Science textbook of 2008. Teaching and Learning Experience This program presents a better teaching and learning experience—for you and your students. It will help: Easily Integrate Projects in your Course: This book provides an unparalleled degree of support for including both research and modeling projects in your course, giving students a broader perspective. Keep Your Course Current with Updated Technical Content: This edition covers the latest trends and developments in computer security. Enhance Learning with Engaging Features: Extensive use of case studies and examples provides real-world context to the text material. Provide Extensive Support Material to Instructors and Students: Student and instructor resources are available to expand on the topics presented in the text.
Coding for Penetration Testers: Building Better Tools, Second Edition provides readers with an understanding of the scripting languages that are commonly used when developing tools for penetration testing, also guiding users through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the book presents real-world scenarios and tool development that can be incorporated into a tester's toolkit. This completely updated edition focuses on an expanded discussion on the use of Powershell, and includes practical updates to all tools and coverage. Discusses the use of various scripting languages in penetration testing Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages Provides a primer on scripting, including, but not limited to, web scripting, scanner scripting, and exploitation scripting Includes all-new coverage of Powershell