Authors: Thomas Akin.
Paperback, 190 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2002-02
Edition: 1

Reviews :

    As a network administrator, auditor or architect, you know the importance of securing your network and finding security solutions you can implement quickly. This succinct book departs from other security literature by focusing exclusively on ways to secure Cisco routers, rather than the entire network. The rational is simple: If the router protecting a network is exposed to hackers, then so is the network behind it. Hardening Cisco Routers is a reference for protecting the protectors. Written by Thomas Akin, an experienced Certified Information Systems Security Professional (CISSP) and Certified Cisco Academic Instructor (CCAI), the book emphasizes practicality and a hands-on approach. At the end of each chapter, Akin includes a Checklist that helps you double-check the configurations you have been instructed to make. They serve as quick references for future security procedures. Concise and to the point, Hardening Cisco Routers supplies you with all the tools necessary to turn a potential vulnerability into a strength....

    To harden a router is to render it more heavily defended and more difficult to attack. Because routers (by definition) serve as points of entry into your network, it makes sense to devote extra effort to their security. Hardening Cisco Routers shows how to make adjustments to the configurations of routers from Cisco Systems to improve their resistance to attack, particularly external attack. This is essentially a book of specialized Internetwork Operating System (IOS) commands, as well as explanations of their behavior. It'll appeal to the router administrator--employed either by an organization's internal network staff, an outside consultancy, or a service provider--who wants to know which IOS commands he or she should add to routers' configuration files to tighten their security without a lot of hassle.

The great thing about this book is that you can approach it in either of two ways. If you just want to clamp down on your routers' security weaknesses as soon as possible, you can begin with the checklists at the end of each chapter (each of which focuses on a particular area, like SMTP) or the big one in an appendix, which is comprehensive. These checklists include both "how" and "why" information, as exemplified by "Disable ICMP broadcasts with the no ip directed-broadcast command." If you want more information on the big picture, or want to prepare for a specific kind of attack, read the individual chapters for detailed advice on how to set IOS to behave as you want. --David Wall

Topics covered: Internetwork Operating System (IOS) commands you can use to protect Cisco Systems routers from a variety of attacks. Specialized sections deal with security assessment, auditing, access control, privileges, optional services, and the legal importance of your login banners' contents....

Authors: William Stallings.
Hardcover, 592 pages
Publisher: Prentice Hall
Publication Date: 2005-11-26
Edition: 4

Reviews :

   

In this age of viruses and hackers, of electronic eavesdropping and electronic fraud, security is paramount. This solid, up-to-date tutorial is a comprehensive treatment of cryptography and network security is ideal for self-study. Explores the basic issues to be addressed by a network security capability through a tutorial and survey of cryptography and network security technology. Examines the practice of network security via practical applications that have been implemented and are in use today. Provides a simplified AES (Advanced Encryption Standard) that enables readers to grasp the essentials of AES more easily. Features block cipher modes of operation, including the CMAC mode for authentication and the CCM mode for authenticated encryption. Includes an expanded, updated treatment of intruders and malicious software. A useful reference for system engineers, programmers, system managers, network managers, product marketing personnel, and system support specialists.

...

Authors: Susan Snedaker.
Paperback, 456 pages
Publisher: Syngress
Publication Date: 2007-06-08
Edition: 1

Reviews :

    Increase Your Company's Odds of Surviving a Major Disaster

Powerful Earthquake Triggers Tsunami in Pacific. Hurricane Katrina Makes Landfall in the Gulf Coast. Avalanche Buries Highway in Denver. Tornado Touches Down in Georgia. These headlines not only have caught the attention of people around the world, they have had a significant effect on IT professionals as well.

As technology continues to become more integral to corporate operations at every level of the organization, the job of IT has expanded to become almost all-encompassing. These days, it's difficult to find corners of a company that technology does not touch. As a result, the need to plan for potential disruptions to technology services has increased exponentially.

Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are emerging as the 'next big thing' in corporate IT circles. With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning.

The British Standards Institute is releasing a new standard for BCP this year, the Disaster Recovery Institute has developed a certification for DRP/BCP professionals in conjunction with the British Standards Institute, trade shows are popping up on this topic and the news is filled with companies facing disasters from all sides.

In this book you will find:

* Complete coverage of the 3 categories of disaster: natural hazards, human-caused hazards, and accidental/ technical hazards.
* Updated information on risks from cyber attacks, rioting, protests, product tampering, bombs, explosions, and terrorism.
* Extensive disaster planning and readiness checklists for IT infrastructure, enterprise applications, servers and desktops.
* Clear guidance on developing alternate work and computing sites and emergency facilities.
* Actionable advice on emergency readiness and response.
* Up-to-date information on the legal implications of data loss following a security breach or disaster.

Featuring Case Studies from:
Deanna Conn, Partner, Quarles & Brady, LLP, information security expert
Debbie Earnest, Disaster Recovery and IT expert
Patty Hoenig, Communications and PR expert

* Complete coverage of the 3 categories of disaster: natural hazards, human-caused hazards, and accidental and technical hazards.
* Only published source of information on the new BCI standards and government requirements.
* Up dated information on recovery from cyber attacks, rioting, protests, product tampering, bombs, explosions, and terrorism....

Authors: Alex Ferrara. Matthew MacDonald.
Paperback, 414 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2002-10-15
Edition: 1

Reviews :

    Programming .NET Web Services is a comprehensive tutorial that teaches you the skills needed to develop web services hosted on the .NET platform. Written for experienced programmers, this book takes you beyond the obvious functionality of ASP.NET or Visual Studio .NET. It provides a solid foundation in the building blocks of web services, and leads you step-by-step through the process of creating your own. Beginning with a close look at the underlying technologies, Programming .NET Web Services discusses the unique features of the .NET Framework that make creating web services easier, including the Common Language Runtime (CLR) and the namespaces used in .NET programming. Filled with numerous code examples using the C# language, the book leads you through some of the more challenging issues of web services development, including the use of proxies, marshalling of complex data types, state management, security, performance tuning and cross-platform implementation. For those interested in building industrial-strength web services, Programming .NET Web Services is full of practical information and good old-fashioned advice....

Authors: Richard Deal.
Paperback, 537 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2002-10-23
Edition: 1

Reviews :

    Secure your mission-critical networks with the #1 leading firewall and this definitive guide. Featuring in-depth coverage of installation, configuration, and maintenance this book will show you how to protect your data from unauthorized users and hackers....

Authors: Ilia Alshanetsky.
Paperback, 200 pages
Publisher: Marco Tabini & Associates, Inc.
Publication Date: 2005-09-05


Reviews :

    Security is a hot topic these days, with new exploits and patches released on a daily basis for all sorts of operating systems and applications.

Recently, the security bubble has expanded to touch the PHP world, and several well-known applications have been the target of a great number of attacks.

Despite all the negative publicity, however, PHP is and remains a very stable--and very secure--programming environment. php|architect's Guide to PHP Security, written by security expert (and frequent php|architect contributor) Ilia Alshanetsky, provides you with a guide that covers everything you need to secure existing PHP applications and write new ones with security in mind.

* Provides techniques for both PHP 4 and PHP 5
* Includes a step-by-step guide to securing your applications
* Provides comprehensive coverage of security design
* Teaches you how to defend yourself from hackers
* Shows you how to distract hackers with a "tar pit" to help you fend off potential attacks

Rather than drowning you in overlong explanations, this book focuses on providing you with accurate information on proper security techniques, and showing you a step-by-step approach to writing applications that are stable, secure and reliable....

Authors: Al Muller. Seburn Wilson.
Paperback, 608 pages
Publisher: Syngress
Publication Date: 2005-08-09
Edition: 1

Reviews :

    A virtual evolution in IT organizations throughout the world has begun. It is estimated that currently 3% of all servers run virtually and that number is expected to grow rapidly over the next 5 years. VMware's ESX server is the enterprise tool that provides the platform on which a complete virtual infrastructure can be designed, implemented, and managed. ESX is the most powerful, resilient and customizable of VMware's three virtual platforms and this book explores many of the possibilities that a virtual infrastructure running on ESX Server provides.

Server Sprawl and escalating IT costs have managers and system administrators scrambling to find ways to cut costs and reduce Total Cost of Ownership of their physical infrastructure. Combining software applications onto a single server, even if those applications are from the same software vendor, can be dangerous and problems hard to troubleshoot. VMware ESX Server allows you to consolidate 15 to 20 or even more servers onto a single physical server reducing hardware, electrical, cooling, and administrative costs. These virtual servers run completely independent of each other so if one crashes the other are not affected. Planning and implementing a server consolidation is a complex process.

This book details the requirements for such a project, includes sample forms and templates, and delivers several physical to virtual migration strategies which will save both time and costs. You will easily be able to plan and deploy VMware's ESX Server and begin down the path of an evolved, virtual infrastructure in which costs, administration overhead, and complexity are reduced. VMware has provided the technology for a virtual infrastructure and this book shows you how to build it.

...

Authors: Carlisle Adams. Steve Lloyd.
Hardcover, 352 pages
Publisher: Addison-Wesley Professional
Publication Date: 2002-11-16
Edition: 2

Reviews :

    Covers a broad range of material related to PKIs, including certification, operational considerations and standardization efforts, as well as deployment issues and considerations. ...

Authors: Colin J. Bennett.
Hardcover, 259 pages
Publisher: The MIT Press
Publication Date: 2008-10-31


Reviews :

    Today, personal information is captured, processed, and disseminated in a bewildering variety of ways, and through increasingly sophisticated, miniaturized, and distributed technologies: identity cards, biometrics, video surveillance, the use of cookies and spyware by Web sites, data mining and profiling, and many others. In The Privacy Advocates, Colin Bennett analyzes the people and groups around the world who have risen to challenge the most intrusive surveillance practices by both government and corporations. Bennett describes a network of self-identified privacy advocates who have emerged from civil society—without official sanction and with few resources, but surprisingly influential.

A number of high-profile conflicts in recent years have brought this international advocacy movement more sharply into focus. Bennett is the first to examine privacy and surveillance not from a legal, political, or technical perspective but from the viewpoint of these independent activists who have found creative ways to affect policy and practice. Drawing on extensive interviews with key informants in the movement, he examines how they frame the issue and how they organize, who they are, and what strategies they use. He also presents a series of case studies that illustrate how effective their efforts have been, including conflicts over key-escrow encryption (which allows the government to read encrypted messages), online advertising through third-party cookies that track users across different Web sites, and online authentication mechanisms such as the short-lived Microsoft Passport. Finally, Bennett considers how the loose coalitions of the privacy network could develop into a more cohesive international social movement....

Authors: Himanshu Dwivedi.
Paperback, 220 pages
Publisher: No Starch Press
Publication Date: 2008-03-21


Reviews :

   

Voice over Internet Protocol (VoIP) networks have freed users from the tyranny of big telecom, allowing people to make phone calls over the Internet at very low or no cost. But while VoIP is easy and cheap, it's notoriously lacking in security. With minimal effort, hackers can eavesdrop on conversations, disrupt phone calls, change caller IDs, insert unwanted audio into existing phone calls, and access sensitive information.

Hacking VoIP takes a dual approach to VoIP security, explaining its many security holes to hackers and administrators. If you're serious about security, and you either use or administer VoIP, you should know where VoIP's biggest weaknesses lie and how to shore up your security. And if your intellectual curiosity is leading you to explore the boundaries of VoIP, Hacking VoIP is your map and guidebook.

Hacking VoIP will introduce you to every aspect of VoIP security, both in home and enterprise implementations. You'll learn about popular security assessment tools, the inherent vulnerabilities of common hardware and software packages, and how to:

• Identify and defend against VoIP security attacks such as eavesdropping, audio injection, caller ID spoofing, and VoIP phishing
• Audit VoIP network security
• Assess the security of enterprise-level VoIP networks such as Cisco, Avaya, and Asterisk, and home VoIP solutions like Yahoo! and Vonage
• Use common VoIP protocols like H.323, SIP, and RTP as well as unique protocols like IAX
• Identify the many vulnerabilities in any VoIP network

Whether you're setting up and defending your VoIP network against attacks or just having sick fun testing the limits of VoIP networks, Hacking VoIP is your go-to source for every aspect of VoIP security and defense.

...