Authors: Diana-Lynn Contesti. Douglas Andre. Eric Waxvik. Paul A. Henry. Bonnie A. Goins.
Hardcover, 608 pages
Publisher: Auerbach Publications
Publication Date: 2007-04-27
Edition: 1

Reviews :

    The SSCP® certification is the key to unlocking the upper ranks of security implementation at the world's most prestigious organizations. If you're serious about becoming a leading tactician at the front lines, the (ISC)²® Systems Security Certified Practitioner (SSCP) certification is an absolute necessity-demanded by cutting-edge companies worldwide, today more than ever before. As a warrior defending an organization's digital assets, a SSCP must demonstrate a high level of competence and understanding of the seven domains of the (ISC)² CBK®. This comprehensive taxonomy of information security topics establishes a common framework of terms and principles that enable security professionals around the world to discuss, debate, and resolve matters pertaining to the industry. Nowhere else are the seven domains of the CBK embodied more adeptly than in the first edition of the Official (ISC) ²® Guide to the SSCP® CBK®. In a milestone effort by (ISC)², five of the of the world's leading tacticians with hands-on experience in IT security acknowledge the importance of the security implementation process. Armed with practical experience, the authors discuss the critical role that policy, procedures, standards, and guidelines play within the overall information security management infrastructure. Simply put, the (ISC)² Systems Security Certified Practitioner certification is the most important credential an information security practitioner can have. Through clear descriptions accompanied by numerous tables, easy-to-follow instructions, sample questions, and an entire chapter of self-assessment questions, this book builds a solid, product-independent understanding of information security fundamentals. The Official (ISC) ²® Guide to the SSCP® CBK®. Master it, and you'll have the current concepts, widely recognized best practices, and key techniques used by the world's top specialists....

Authors: Saadat Malik.
Hardcover, 800 pages
Publisher: Cisco Press
Publication Date: 2002-11-25


Reviews :

   

Expert solutions for securing network infrastructures and VPNs

• Build security into the network by defining zones, implementing secure routing protocol designs, and building safe LAN switching environments
• Understand the inner workings of the Cisco PIX Firewall and analyze in-depth Cisco PIX Firewall and Cisco IOS Firewall features and concepts
• Understand what VPNs are and how they are implemented with protocols such as GRE, L2TP, and IPSec
• Gain a packet-level understanding of the IPSec suite of protocols, its associated encryption and hashing functions, and authentication techniques
• Learn how network attacks can be categorized and how the Cisco IDS is designed and can be set upto protect against them
• Control network access by learning how AAA fits into the Cisco security model and by implementing RADIUS and TACACS protocols
• Provision service provider security using ACLs, NBAR, and CAR to identify and control attacks
• Identify and resolve common implementation failures by evaluating real-world troubleshooting scenarios

As organizations increase their dependence on networks for core business processes and increase access to remote sites and mobile workers via virtual private networks (VPNs), network security becomes more and more critical. In today's networked era, information is an organization's most valuable resource. Lack of customer, partner, and employee access to e-commerce and data servers can impact both revenue and productivity. Even so, most networks do not have the proper degree of security. Network Security Principles and Practices provides an in-depth understanding of the policies, products, and expertise that brings organization to this extremely complex topic and boosts your confidence in the performance and integrity of your network systems and services. Written by the CCIE engineer who wrote the CCIE Security lab exam and who helped develop the CCIE Security written exam, Network Security Principles and Practices is the first book to help prepare candidates for the CCIE Security exams.

Network Security Principles and Practices is a comprehensive guide to network security threats and the policies and tools developed specifically to combat those threats. Taking a practical, applied approach to building security into networks, the book shows you how to build secure network architectures from the ground up. Security aspects of routing protocols, Layer 2 threats, and switch security features are all analyzed. A comprehensive treatment of VPNs and IPSec is presented in extensive packet-by-packet detail. The book takes a behind-the-scenes look at how the Cisco PIX(r) Firewall actually works, presenting many difficult-to-understand and new Cisco PIX Firewall and Cisco IOS(r) Firewall concepts. The book launches into a discussion of intrusion detection systems (IDS) by analyzing and breaking down modern-day network attacks, describing how an IDS deals with those threats in general, and elaborating on the Cisco implementation of IDS. The book also discusses AAA, RADIUS, and TACACS and their usage with some of the newer security implementations such as VPNs and proxy authentication. A complete section devoted to service provider techniques for enhancing customer security and providing support in the event of an attack is also included. Finally, the book concludes with a section dedicated to discussing tried-and-tested troubleshooting tools and techniques that are not only invaluable to candidates working toward their CCIE Security lab exam but also to the security network administrator running the operations of a network on a daily basis.

...

Authors: John Arquilla.
Paperback, 352 pages
Publisher: RAND Corporation
Publication Date: 2002-01-25


Reviews :

    Netwar--like cyberwar--describes a new spectrum of conflict that is emerging in the wake of the information revolution. What distinguished netwar is the networked organizational structure of its practitioners and their quickness in coming together in swarming attacks. To confront this new type of conflict, it is crucial for governments, military, and law enforcement to begin networking themselves....

Authors: Vicki Courtney.
Paperback, 208 pages
Publisher: B&H Books
Publication Date: 2007-09-01


Reviews :

    ...

Authors: William Stallings. Lawrie Brown.
Hardcover, 880 pages
Publisher: Prentice Hall
Publication Date: 2007-08-12
Edition: 1

Reviews :

    For courses in Computer/Network Security. In recent years, the need for education in computer security and related topics has grown dramatically -- and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research and modeling projects, giving students a broader perspective. The Text and Academic Authors Association have named Computer Security: Principles and Practice the winner of the Textbook Excellence Award for the best Computer Science textbook of 2008. Visit Stallings Companion Website at http://williamstallings.com/CompSec/CompSec1e.html for student and instructor resources and his Computer Science Student Resource site http://williamstallings.com/StudentSupport.html Password protected instructor resources can be accessed here by clicking on the Resources Tab to view downloadable files. (Registration required) Supplements Include: *Power Point Lecture Slides*Instructor's Manual*Author maintained website ....

Authors: Nancy E. Willard.
Perfect Paperback, 320 pages
Publisher: Research Press
Publication Date: 2007-01-18
Edition: 2nd

Reviews :

    Online communications can be cruel and vicious. They take place 24/7. Damaging text and images can be widely disseminated and impossible to fully remove. There are emerging reports of youth suicide, violence, and abduction related to cyberbullying and cyberthreats. In this book,the author provides school counselors, administrators, teachers and parents with cutting-edge information on how to prevent and respond to cyberbullying and cyberthreats. It covers challenging issues that occur as students embrace the Internet and other digital technologies such as: *Sending offensive, harassing messages *dissing someone or spreading nasty rumors online *Disclosing someone's intimate personal information *Breaking into someone's e-mail account and sending damaging messages under that person's name *Excluding someone from an online group *Using the Internet to intimidate The book includes detailed guidelines for managing in-school use of the Internet and personal devices, including cell phones. Appendices contain reproducible assessment and program forms, as well as parent and student handouts....

Authors: Simson Garfinkel.
Paperback, 336 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2001-01


Reviews :

    As the 21st century begins, advances in technology endanger our privacy in ways never before imagined. Marketers track our every purchase; surveillance cameras observe our movements; misused medical records turn our bodies and our histories against us. Privacy--our most basic civil right--is in grave peril. Simson Garfinkel--journalist, entrepreneur, and international authority on computer security--has devoted his career to testing new technologies and warning about their implications. This newly revised update of the popular hardcover edition of Database Nation is his compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the serious threats to privacy facing us today. Garfinkel's captivating blend of journalism, storytelling, and futurism is a call to arms. It will frighten, entertain, and ultimately convince us that we must take action now to protect our privacy and identity before it's too late...

    Forget the common cold for a moment. Instead, consider the rise of "false data syndrome," a deceptive method of identification derived from numbers rather than more recognizable human traits. Simson Garfinkel couples this idea with concepts like "data shadow" and "datasphere" in Database Nation, offering a decidedly unappealing scenario of how we have overlooked privacy with the advent of advanced technology.

According to Garfinkel, "technology is not privacy neutral." It leaves us with only two choices: 1) allow our personal data to rest in the public domain or 2) become hermits (no credit cards, no midnight video jaunts--you get the point).

Garfinkel's thoroughly researched and example-rich text explores the history of identification procedures; the computerization of ID systems; how and where data is collected, tracked, and stored; and the laws that protect privacy. He also explains who owns, manipulates, ensures the safety of, and manages the vast amount of data that makes up our collective human infrastructure. The big surprise here? It's not the United States government who controls or manages the majority of this data but rather faceless corporations who trade your purchasing habits, social security numbers, and other personal information just like any other hot commodity.

There's a heck of a lot of data to digest about data here and only a smidgen of humor to counterbalance the weight of Garfinkel's projections. But then again, humor isn't really appropriate in connection with stolen identities; medical, bank, and insurance record exploitation; or the potential for a future that's a "video surveillance free-for-all."

In many information-horrific situations, Garfinkel explores the wide variety of data thievery and the future implications of larger, longer-lasting databases. "Citizens," Garfinkel theorizes, "don't know how to fight back even though we know our privacy is at risk." In a case study involving an insurance claim form, he explains how a short paragraph can grant "blanket authorization" to all personal (not just medical) records to an insurance company. Citizens who refuse to sign the consent paragraph typically must forfeit any reimbursement for medical services. Ultimately, "we do not have the choice [as consumers] either to negotiate or to strike our own deal."

The choice that we do have, however, is to build a world in which sensitive data is respected and kept private--and the book offers clever, "turn-the-tables" solutions, suggesting that citizens, government, and corporations cooperate to develop weaker ID systems and legislate heavier penalties for identification theft.

Garfinkel's argument does give one pause, but his paranoia-laden prose and Orwellian imagination tends to obscure the effectiveness of his argument. Strangely, for all his talk about protecting your privacy, he never mentions how to remove your personal information from direct mail and telemarketing groups. And while he would like for Database Nation to be as highly regarded (and timely) as Rachel Carson's Silent Spring, the fact remains that we're not going to perish from having our privacy violated. --E. Brooke Gilbert...

Authors: Shreeraj Shah.
Paperback, 365 pages
Publisher: Charles River Media
Publication Date: 2007-12-04
Edition: 1

Reviews :

    Service-Oriented Architecure (SOA), Rich Internet Applications (RIA), and Asynchronous Java and eXtended Markup Language (Ajax) comprise the backbone behind now-widespread Web 2.0 applications, such as MySpace, Google Maps, Flickr, and Live.com. Although these robust tools make next-generation Web applications possible, they also add new security concerns to the fi eld of Web application security. Yamanner-, Sammy-, and Spaceflash-type worms are exploiting client-side Ajax frameworks, providing new avenues of attack, and compromising confidential information. Portals such as Google, Netflix, Yahoo, and MySpace have witnessed new vulnerabilities recently, and these vulnerabilities can be leveraged by attackers to perform phishing, cross-site scripting (XSS), and cross-site request forgery (CSRF) exploitation. Web 2.0 Security: Defending Ajax, RIA, and SOA covers the new field of Web 2.0 security. Written for security professionals and developers, the book explores Web 2.0 hacking methods and helps enhance next-generation security controls for better application security. Readers will gain knowledge in advanced footprinting and discovery techniques; Web 2.0 scanning and vulnerability detection methods; Ajax and Flash hacking methods; SOAP, REST, and XML-RPC hacking; RSS/Atom feed attacks; fuzzing and code review methodologies and tools; and tool building with Python, Ruby, and .NET. Whether you’re a computer security professional, a developer, or an administrator, Web 2.0 Security: Defending Ajax, RIA, and SOA is the only book you will need to prevent new Web 2.0 security threats from harming your network and compromising your data....

Authors: Duncan Long.
Paperback, 304 pages
Publisher: The Lyons Press
Publication Date: 2007-01-01
Edition: 1

Reviews :

    ...

Authors: Tom Gallagher. Lawrence Landauer. Bryan Jeffries.
Paperback, 592 pages
Publisher: Microsoft Press
Publication Date: 2006-06-09


Reviews :

    Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs—until now. Before the Internet, computers were deployed in trusted environments and software development and testing practices emphasized functionality over security. As networking technologies emerged, though, times changed and people began to connect their computers together, instead of deploying in silos. However, development and testing practices did not account for attacks that could be mounted over networks.

The material currently available does not provide much practical guidance and the instructions given often fail to cultivate the right mindset and approach to enable people to successfully identify security issues before the software is published. This in-depth, technical reference highlights up-to-date tools, technologies, and techniques for helping find and eliminate vulnerabilities in software. Written for testers by testers, it delivers practical, hands-on guidance on how to find, classify, and assess bugs. In addition, this book covers the thought process behind security testing, use of source code to help in testing, and ways to spot security design flaws....