Syngress Force Emerging Threat Analysis

Syngress Force Emerging Threat Analysis

Author: Robert Graham

Publisher: Elsevier

Published: 2006-11-08

Total Pages: 642

ISBN-13: 0080475590

DOWNLOAD EBOOK

A One-Stop Reference Containing the Most Read Topics in the Syngress Security LibraryThis Syngress Anthology Helps You Protect Your Enterprise from Tomorrow's Threats TodayThis is the perfect reference for any IT professional responsible for protecting their enterprise from the next generation of IT security threats. This anthology represents the "best of this year's top Syngress Security books on the Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats likely to be unleashed in the near future..* From Practical VoIP Security, Thomas Porter, Ph.D. and Director of IT Security for the FIFA 2006 World Cup, writes on threats to VoIP communications systems and makes recommendations on VoIP security.* From Phishing Exposed, Lance James, Chief Technology Officer of Secure Science Corporation, presents the latest information on phishing and spam.* From Combating Spyware in the Enterprise, Brian Baskin, instructor for the annual Department of Defense Cyber Crime Conference, writes on forensic detection and removal of spyware.* Also from Combating Spyware in the Enterprise, About.com's security expert Tony Bradley covers the transformation of spyware.* From Inside the SPAM Cartel, Spammer-X shows how spam is created and why it works so well.* From Securing IM and P2P Applications for the Enterprise, Paul Piccard, former manager of Internet Security Systems' Global Threat Operations Center, covers Skype security.* Also from Securing IM and P2P Applications for the Enterprise, Craig Edwards, creator of the IRC security software IRC Defender, discusses global IRC security.* From RFID Security, Brad "Renderman Haines, one of the most visible members of the wardriving community, covers tag encoding and tag application attacks.* Also from RFID Security, Frank Thornton, owner of Blackthorn Systems and an expert in wireless networks, discusses management of RFID security.* From Hack the Stack, security expert Michael Gregg covers attacking the people layer.* Bonus coverage includes exclusive material on device driver attacks by Dave Maynor, Senior Researcher at SecureWorks.* The "best of this year: Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats* Complete Coverage of forensic detection and removal of spyware, the transformation of spyware, global IRC security, and more* Covers secure enterprise-wide deployment of hottest technologies including Voice Over IP, Pocket PCs, smart phones, and more


Wireshark & Ethereal Network Protocol Analyzer Toolkit

Wireshark & Ethereal Network Protocol Analyzer Toolkit

Author: Jay Beale

Publisher: Elsevier

Published: 2006-12-18

Total Pages: 577

ISBN-13: 0080506011

DOWNLOAD EBOOK

Ethereal is the #2 most popular open source security tool used by system administrators and security professionals. This all new book builds on the success of Syngress' best-selling book Ethereal Packet Sniffing.Wireshark & Ethereal Network Protocol Analyzer Toolkit provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using Ethereal. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereal's graphical user interface. The following sections will teach readers to use command-line options of Ethereal as well as using Tethereal to capture live packets from the wire or to read saved capture files. This section also details how to import and export files between Ethereal and WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek. The book then teaches the reader to master advanced tasks such as creating sub-trees, displaying bitfields in a graphical view, tracking requests and reply packet pairs as well as exclusive coverage of MATE, Ethereal's brand new configurable upper level analysis engine. The final section to the book teaches readers to enable Ethereal to read new Data sources, program their own protocol dissectors, and to create and customize Ethereal reports. - Ethereal is the #2 most popular open source security tool, according to a recent study conducted by insecure.org - Syngress' first Ethereal book has consistently been one of the best selling security books for the past 2 years


Google Talking

Google Talking

Author: Johnny Long

Publisher: Elsevier

Published: 2006-12-13

Total Pages: 290

ISBN-13: 0080488870

DOWNLOAD EBOOK

Nationwide and around the world, instant messaging use is growing, with more than 7 billion instant messages being sent every day worldwide, according to IDC. comScore Media Metrix reports that there are 250 million people across the globe--and nearly 80 million Americans--who regularly use instant messaging as a quick and convenient communications tool. Google Talking takes communication to the next level, combining the awesome power of Text and Voice! This book teaches readers how to blow the lid off of Instant Messaging and Phone calls over the Internet.This book will cover the program "Google Talk in its entirety. From detailed information about each of its features, to a deep-down analysis of how it works. Also, we will cover real techniques from the computer programmers and hackers to bend and tweak the program to do exciting and unexpected things. - Google has 41% of the search engine market making it by far the most commonly used search engine - The Instant Messaging market has 250 million users world wide - Google Talking will be the first book to hit the streets about Google Talk


CD and DVD Forensics

CD and DVD Forensics

Author: Paul Crowley

Publisher: Elsevier

Published: 2006-12-12

Total Pages: 321

ISBN-13: 0080500803

DOWNLOAD EBOOK

CD and DVD Forensics will take the reader through all facets of handling, examining, and processing CD and DVD evidence for computer forensics. At a time where data forensics is becoming a major part of law enforcement and prosecution in the public sector, and corporate and system security in the private sector, the interest in this subject has just begun to blossom.CD and DVD Forensics is a how to book that will give the reader tools to be able to open CDs and DVDs in an effort to identify evidence of a crime. These tools can be applied in both the public and private sectors. Armed with this information, law enforcement, corporate security, and private investigators will be able to be more effective in their evidence related tasks. To accomplish this the book is divided into four basic parts: (a) CD and DVD physics dealing with the history, construction and technology of CD and DVD media, (b) file systems present on CDs and DVDs and how these are different from that which is found on hard disks, floppy disks and other media, (c) considerations for handling CD and DVD evidence to both recover the maximum amount of information present on a disc and to do so without destroying or altering the disc in any way, and (d) using the InfinaDyne product CD/DVD Inspector to examine discs in detail and collect evidence. - This is the first book addressing using the CD/DVD Inspector product in a hands-on manner with a complete step-by-step guide for examining evidence discs - See how to open CD's and DVD'd and extract all the crucial evidence they may contain


Cryptography for Developers

Cryptography for Developers

Author: Tom St Denis

Publisher: Elsevier

Published: 2006-12-01

Total Pages: 449

ISBN-13: 0080503454

DOWNLOAD EBOOK

The only guide for software developers who must learn and implement cryptography safely and cost effectively.Cryptography for Developers begins with a chapter that introduces the subject of cryptography to the reader. The second chapter discusses how to implement large integer arithmetic as required by RSA and ECC public key algorithms The subsequent chapters discuss the implementation of symmetric ciphers, one-way hashes, message authentication codes, combined authentication and encryption modes, public key cryptography and finally portable coding practices. Each chapter includes in-depth discussion on memory/size/speed performance trade-offs as well as what cryptographic problems are solved with the specific topics at hand. - The author is the developer of the industry standard cryptographic suite of tools called LibTom - A regular expert speaker at industry conferences and events on this development


Penetration Tester's Open Source Toolkit

Penetration Tester's Open Source Toolkit

Author: Jeremy Faircloth

Publisher: Elsevier

Published: 2011-07-18

Total Pages: 466

ISBN-13: 1597496278

DOWNLOAD EBOOK

"Penetration testing is often considered an art as much as it is a science, but even an artist needs the right brushes to do the job well. Many commercial and open source tools exist for performing penetration testing, but it's often hard to ensure that you know what tools are available and which ones to use for a certain task. Through the next ten chapters, we'll be exploring the plethora of open source tools that are available to you as a penetration tester, how to use them, and in which situations they apply. Open source tools are pieces of software which are available with the source code so that the software can be modified and improved by other interested contributors. In most cases, this software comes with a license allowing for distribution of the modified software version with the requirement that the source code continue to be included with the distribution. In many cases, open source software becomes a community effort where dozens if not hundreds of people are actively contributing code and improvements to the software project. This type of project tends to result in a stronger and more valuable piece of software than what would often be developed by a single individual or small company. While commercial tools certainly exist in the penetration testing space, they're often expensive and, in some cases, too automated to be useful for all penetration testing scenarios. There are many common situations where the open source tools that we will be talking about fill a need better and (obviously) more cost effectively than any commercial tool. The tools that we will be discussing throughout this book are all open source and available for you to use in your work as a penetration tester"--


PCI Compliance

PCI Compliance

Author: Anton Chuvakin

Publisher: Syngress

Published: 2011-04-18

Total Pages: 353

ISBN-13: 0080556388

DOWNLOAD EBOOK

Identity theft has been steadily rising in recent years, and credit card data is one of the number one targets for identity theft. With a few pieces of key information. Organized crime has made malware development and computer networking attacks more professional and better defenses are necessary to protect against attack. The credit card industry established the PCI Data Security standards to provide a baseline expectancy for how vendors, or any entity that handles credit card transactions or data, should protect data to ensure it is not stolen or compromised. This book will provide the information that you need to understand the PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. - PCI Data Security standards apply to every company globally that processes or transmits credit card transaction data - Information to develop and implement an effective security strategy to keep infrastructures compliant - Well known authors have extensive information security backgrounds


InfoSecurity 2008 Threat Analysis

InfoSecurity 2008 Threat Analysis

Author: Craig Schiller

Publisher: Elsevier

Published: 2011-04-18

Total Pages: 481

ISBN-13: 0080558690

DOWNLOAD EBOOK

An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking. Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.* Provides IT Security Professionals with a first look at likely new threats to their enterprise * Includes real-world examples of system intrusions and compromised data * Provides techniques and strategies to detect, prevent, and recover * Includes coverage of PCI, VoIP, XSS, Asterisk, Social Engineering, Botnets, and Convergence


Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft

Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft

Author: Eric Cole

Publisher: Elsevier

Published: 2005-12-15

Total Pages: 427

ISBN-13: 0080489052

DOWNLOAD EBOOK

The Secret Service, FBI, NSA, CERT (Computer Emergency Response Team) and George Washington University have all identified "Insider Threats as one of the most significant challenges facing IT, security, law enforcement, and intelligence professionals today. This book will teach IT professional and law enforcement officials about the dangers posed by insiders to their IT infrastructure and how to mitigate these risks by designing and implementing secure IT systems as well as security and human resource policies. The book will begin by identifying the types of insiders who are most likely to pose a threat. Next, the reader will learn about the variety of tools and attacks used by insiders to commit their crimes including: encryption, steganography, and social engineering. The book will then specifically address the dangers faced by corporations and government agencies. Finally, the reader will learn how to design effective security systems to prevent insider attacks and how to investigate insider security breeches that do occur. Throughout the book, the authors will use their backgrounds in the CIA to analyze several, high-profile cases involving insider threats.* Tackles one of the most significant challenges facing IT, security, law enforcement, and intelligence professionals today* Both co-authors worked for several years at the CIA, and they use this experience to analyze several high-profile cases involving insider threat attacks * Despite the frequency and harm caused by insider attacks, there are no competing books on this topic.books on this topic


Federal Cloud Computing

Federal Cloud Computing

Author: Matthew Metheny

Publisher: Syngress

Published: 2017-01-05

Total Pages: 538

ISBN-13: 012809687X

DOWNLOAD EBOOK

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis. This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing. - Provides a common understanding of the federal requirements as they apply to cloud computing - Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) - Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization