Authors: Cameron.
Paperback, 656 pages
Publisher: Syngress
Publication Date: 2007-07-18


Reviews :

    Juniper Networks Secure Access SSL VPN appliances provide a complete range of remote access appliances for the smallest companies up to the largest service providers. As a system administrator or security professional, this comprehensive configuration guide will allow you to configure these appliances to allow remote and mobile access for employees. If you manage and secure a larger enterprise, this book will help you to provide remote and/or extranet access, for employees, partners, and customers from a single platform.

* Complete coverage of the Juniper Networks Secure Access SSL VPN line including the 700, 2000, 4000, 6000, and 6000 SP.
* Learn to scale your appliances to meet the demands of remote workers and offices.
* Use the NEW coordinated threat control with Juniper Networks IDP to manage the security of your entire enterprise....

Authors: Simson Garfinkel. Gene Spafford. Alan Schwartz.
Paperback, 986 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2003-02-21
Edition: 3

Reviews :

    When "Practical Unix Security" was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.

Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.

"Practical Unix & Internet Security" consists of six parts:

Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security.

Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security.

Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS , and Kerberos), NFS and other filesystems, and theimportance of secure programming.

Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing.

Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security.

Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research.

Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.

...

    The world's most business-critical transactions run on Unix machines, which means the machines running those transactions attract evildoers. Furthermore, a lot of those machines have Internet connections, which means it's always possible that some nefarious remote user will find a way in. The third edition of Practical Unix & Internet Security contains--to an even greater extent than its favorably reputed ancestors--an enormous amount of accumulated wisdom about how to protect Internet-connected Unix machines from intrusion and other forms of attack. This book is fat with practical advice on specific defensive measures (to defeat known attacks) and generally wise policies (to head off as-yet-undiscovered ones).

The authors' approach to Unix security is holistic and clever; they devote as much space to security philosophy as to advice about closing TCP ports and disabling unnecessary services. They also recognize that lots of Unix machines are development platforms, and make many recommendations to consider as you design software. It's rare that you read a page in this carefully compiled book that does not impart some obscure nugget of knowledge, or remind you to implement some important policy. Plus, the authors have a style that reminds their readers that computing is supposed to be about intellectual exercise and fun, an attitude that's absent from too much of the information technology industry lately. Read this book if you use any flavor of Unix in any mission-critical situation. --David Wall

Topics covered: Security risks (and ways to limit them) under Linux, Solaris, Mac OS X, and FreeBSD. Coverage ranges from responsible system administration (including selection of usernames and logins) to intrusion detection, break-in forensics, and log analysis....

Authors: Jim Farley. William Crawford. Prakash Malani. John Norman. Justin Gehtland.
Paperback, 892 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-11-22
Edition: 3

Reviews :

    Nothing is as constant as change, and this is as true in enterprise computing as anywhere else. With the recent release of Java 2 Enterprise Edition 1.4, developers are being called on to add even greater, more complex levels of interconnectivity to their applications.

To do this, Java developers today need a clear understanding of how to apply the new APIs, use the latest open source Java tools, and learn the capabilities and pitfalls in Java 2 Enterprise Edition 1.4 -- so they can plan a technology and implementation strategy for new enterprise projects.

Fortunately, this is exactly what they get with the new "Java Enterprise in a Nutshell," 3rd Edition. Because most integrated development environments (IDE) today include API lookup, we took out the main API sections from our previous edition to make room for new chapters, among others, on Ant, Cactus, Hibernate, Jakarta Struts, JUnit, security, XDoclet, and XML/JAXP.

Revised and updated for the new 1.4 version of Sun Microsystems Java Enterprise Edition software, "Java Enterprise in a Nutshell," 3rd Edition is a practical guide for enterprise Java developers....

    For the intermediate to advanced Java developer, Java Enterprise in a Nutshell shows how to work with all of today's relevant Java APIs. Plus, it's a topnotch reference for all enterprise classes. Part tutorial and part reference work that you can use everyday at your desk, this title is a worthwhile resource for any Java developer building Web or enterprise software.

The practical, succinct focus here on actual Java enterprise APIs helps distinguish this text from the pack. Early sections provide short, clear examples along with just enough background to help you use APIs like JDBC, servlets and JSPs, EJBs, and others. Coverage of Java's ability to interface with legacy CORBA systems is just excellent, with a full tour of Java IDL, CORBA services, and Remote Method Invocation (RMI). Typically, readers will be familiar with some J2EE APIs and not others. This book can help fill in the gaps.

Updated with the latest standards from Sun, including JDBC 3.0, Servlet 2.3, and EJB 2.0, this is an essential primer for today's high-end (and high-paying) Java. The basic presentation of servlets/JSP and EJBs (among the most important APIs for current Java Web development) is concise and nicely digestible. We also liked the chapter on JMS for messaging (also a hotbed of Java job activity).

The second half of this text lists every J2EE class, along with methods and properties, in a very valuable reference section that makes good use of two-toned shading for easy access. Entries are organized by package name. (One small oversight here is that an index of cross-listed packages, classes, and methods omits page numbers.)

Overall, this book is truly indispensable for any working Java programmer. The second edition of Java Enterprise in a Nutshell is a fully up-to-date tutorial and reference that lives up to the standards of O'Reilly’s Nutshell series. Both thorough and concise, it's a handy resource for anyone who works with the hundreds and thousands of Java enterprise APIs on a regular basis. --Richard Dragan

Topics covered: Introduction to enterprise computing with the Java 2 Enterprise Edition (J2EE), survey of Java enterprise APIs, JDBC 3.0 (including database connections, ResultSets, prepared statements, BLOB fields, transaction support, stored procedures), the JDBC Optional Package (and connection pooling), Remote Method Invocation (RMI) described (building stubs and skeletons, dynamically loaded classes and remote object activation, RMI over IIOP), in-depth tutorial for Java IDL (with CORBA) and designing remote objects, Java Servlet 2.3 APIs (basic servlet processing and the servlet lifecycle, chaining and filters, thread safety, managing state, cookies, servlets used with JDBC), JavaServer Pages (JSP): including custom tags, JNDI and directory tutorial (contexts, looking up objects, accessing and modifying directory entries), Enterprise Java Beans (EJB) 2.0 (conventions for entity, session and message beans, using transactions), Java XML APIs (DOM, SAX and XSLT), Java Message Service (JMS), point-to-point and publish-subscribe messaging models, message selectors, JavaMail, reference to SQL and relational databases, RMI tools, reference to all IDL keywords, data types and declarations; CORBA services, Java IDL tool reference, Enterprise JavaBeans Query Language (EJB QL) 2.0 query language, and an alphabetical listing of all APIs for Java enterprise programming (listing of classes, methods, and properties). ...

Authors:
Paperback, 320 pages
Publisher: The MIT Press
Publication Date: 2008-02-29


Reviews :

    Many countries around the world block or filter Internet content, denying access to information—often about politics, but also relating to sexuality, culture, or religion—that they deem too sensitive for ordinary citizens. Access Denied documents and analyzes Internet filtering practices in over three dozen countries, offering the first rigorously conducted study of this accelerating trend.

Internet filtering takes place in at least forty states worldwide including many countries in Asia and the Middle East and North Africa. Related Internet content control mechanisms are also in place in Canada, the United States and a cluster of countries in Europe. Drawing on a just-completed survey of global Internet filtering undertaken by the OpenNet Initiative (a collaboration of the Berkman Center for Internet and Society at Harvard Law School, the Citizen Lab at the University of Toronto, the Oxford Internet Institute at Oxford University, and the University of Cambridge) and relying on work by regional experts and an extensive network of researchers, Access Denied examines the political, legal, social, and cultural contexts of Internet filtering in these states from a variety of perspectives. Chapters discuss the mechanisms and politics of Internet filtering, the strengths and limitations of the technology that powers it, the relevance of international law, ethical considerations for corporations that supply states with the tools for blocking and filtering, and the implications of Internet filtering for activist communities that increasingly rely on Internet technologies for communicating their missions.

Reports on Internet content regulation in forty different countries follow, with each country profile outlining the types of content blocked by category and documenting key findings.

Contributors: Ross Anderson, Malcolm Birdling, Ronald Deibert, Robert Faris, Vesselina Haralampieva, Steven Murdoch, Helmi Noman, John Palfrey, Rafal Rohozinski, Mary Rundle, Nart Villeneuve, Stephanie Wang, and Jonathan Zittrain...

Authors: Larry Stevenson. Nancy Altholz.
Paperback, 380 pages
Publisher: For Dummies
Publication Date: 2007-01-30


Reviews :

    A rootkit is a type of malicious software that gives the hacker "root" or administrator access to your network. They are activated before your system's operating system has completely booted up, making them extremely difficult to detect. Rootkits allow hackers to install hidden files, processes, and hidden user accounts. Hackers can use them to open back doors in order to intercept data from terminals, connections, and keyboards. A rootkit hacker can gain access to your systems and stay there for years, completely undetected.

Learn from respected security experts and Microsoft Security MVPs how to recognize rootkits, get rid of them, and manage damage control.

Accompanying the book is a value-packed companion CD offering a unique suite of tools to help administrators and users detect rootkit problems, conduct forensic analysis, and make quick security fixes.

Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file....

Authors: James Foster.
Paperback, 352 pages
Publisher: Syngress
Publication Date: 2007-09-01


Reviews :

    This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code. This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform.

The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits. By working through a real-world vulnerabilities against a popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

...

Authors: Ron Ben Natan.
Paperback, 432 pages
Publisher: Digital Press
Publication Date: 2005-04-18


Reviews :

    This book is about database security and auditing. You will learn many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing - including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. You will also learn of vulnerabilities and attacks that exist within various database environments or that have been used to attack databases (and that have since been fixed). These will often be explained to an "internals" level. There are many sections which outline the "anatomy of an attack" - before delving into the details of how to combat such an attack. Equally important, you will learn about the database auditing landscape - both from a business and regulatory requirements perspective as well as from a technical implementation perspective.

* Useful to the database administrator and/or security administrator - regardless of the precise database vendor (or vendors) that you are using within your organization.
* Has a large number of examples - examples that pertain to Oracle, SQL Server, DB2, Sybase and even MySQL..
* Many of the techniques you will see in this book will never be described in a manual or a book that is devoted to a certain database product.
* Addressing complex issues must take into account more than just the database and focusing on capabilities that are provided only by the database vendor is not always enough. This book offers a broader view of the database environment - which is not dependent on the database platform - a view that is important to ensure good database security....

Authors: ISECOM.
Paperback, 614 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2008-07-15
Edition: 3

Reviews :

   

The Latest Linux Security Solutions

This authoritative guide will help you secure your Linux network--whether you use Linux as a desktop OS, for Internet services, for telecommunications, or for wireless services. Completely rewritten the ISECOM way, Hacking Exposed Linux, Third Edition provides the most up-to-date coverage available from a large team of topic-focused experts. The book is based on the latest ISECOM security research and shows you, in full detail, how to lock out intruders  and defend your Linux systems against catastrophic attacks.

• Secure Linux by using attacks and countermeasures from the latest OSSTMM research
• Follow attack techniques of PSTN, ISDN, and PSDN over Linux
• Harden VoIP, Bluetooth, RF, RFID, and IR devices on Linux
• Block Linux signal jamming, cloning, and eavesdropping attacks
• Apply Trusted Computing and cryptography tools for your best defense
• Fix vulnerabilities in DNS, SMTP, and Web 2.0 services
• Prevent SPAM, Trojan, phishing, DoS, and DDoS exploits
• Find and repair errors in C code with static analysis and Hoare Logic

...

Authors: Blake Ross.
Paperback, 384 pages
Publisher: For Dummies
Publication Date: 2006-01-11


Reviews :

   

• Firefox For Dummies gives you the inside scoop on the exciting new browser from the Web wizard that got it started. The book's author, Blake Ross, began developing Firefox as a teenager. Once available to the world, the simple and powerful tool was an instant hit claiming a sizable share of the Web browser market with over 140 million downloads.
• In this book Blake not only gives you the lowdown on how to use Firefox for safe Web searching, but he also shares his insight into how the product came to life. It's a combination of practical tech insight and a good story that is rare in computer books.
• Topics covered include downloading and installing Firefox, creating a home page, searching with Google, creating customized themes and toolbars, using tabbed browsing, downloading and saving files, maintaining security and privacy, eliminating annoying popups, and adding Firefox extensions.

...

Authors: Michael Sutton. Adam Greene. Pedram Amini.
Paperback, 576 pages
Publisher: Addison-Wesley Professional
Publication Date: 2007-07-09
Edition: 1

Reviews :

   

FUZZING

Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!

Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have

relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.

 

Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:

 

• Why fuzzing simplifies test design and catches flaws other methods miss

• The fuzzing process: from identifying inputs to assessing “exploitability”

• Understanding the requirements for effective fuzzing

• Comparing mutation-based and generation-based fuzzers

• Using and automating environment variable and argument fuzzing

• Mastering in-memory fuzzing techniques

• Constructing custom fuzzing frameworks and tools

• Implementing intelligent fault detection

 

Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.

 

Foreword     xix

Preface        xxi

Acknowledgments  xxv

About the Author   xxvii

PARTI         BACKGROUND     1

Chapter 1    Vulnerability Discovery Methodologies  3

Chapter 2    What Is Fuzzing?   21

Chapter 3    Fuzzing Methods and Fuzzer Types     33

Chapter 4    Data Representation and Analysis        45

Chapter 5    Requirements for Effective Fuzzing      61

PART II      TARGETS AND AUTOMATION          71

Chapter 6    Automation and Data Generation        73

Chapter 7    Environment Variable and Argument Fuzzing 89

Chapter 8    Environment Variable and Argument Fuzzing: Automation 103

Chapter 9    Web Application and Server Fuzzing     113

Chapter 10  Web Application and Server Fuzzing: Automation    137

Chapter 11  File Format Fuzzing         169

Chapter 12  File Format Fuzzing: Automation on UNIX     181

Chapter 13  File Format Fuzzing: Automation on Windows         197

Chapter 14  Network Protocol Fuzzing         223

Chapter 15  Network Protocol Fuzzing: Automation on UNIX     235

Chapter 16  Network Protocol Fuzzing: Automation on Windows         249

Chapter 17  Web Browser Fuzzing      267

Chapter 18  Web Browser Fuzzing: Automation     283

Chapter 19  In-Memory Fuzzing         301

Chapter 20  In-Memory Fuzzing: Automation         315

PART III    ADVANCED FUZZING TECHNOLOGIES      349

Chapter 21  Fuzzing Frameworks       351

Chapter 22  Automated Protocol Dissection  419

Chapter 23  Fuzzer Tracking     437

Chapter 24  Intelligent Fault Detection 471

PART IV     LOOKING FORWARD    495

Chapter 25  Lessons Learned    497

Chapter 26  Looking Forward    507

Index 519

 

 

...