Authors: Brian Koerner.
Paperback, 364 pages
Publisher: For Dummies
Publication Date: 2007-11-12


Reviews :

    *Ninety percent of the world's PCs run Windows, making Vista a prime target for malicious hackers

*Helps readers get the most out of new Vista security features by detailing the vulnerabilities that have already been found in Vista and explains how to combat potential problems

*Identifies possible threats brought on by the millions of lines of brand-new code in the operating system and risky new features, including IPv6 and peer-to-peer support

*Covers the Windows Security Center, rights management, BitLocker, Web security, and much more...

Authors: Jonathan Hassell.
Paperback, 206 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2002-10-08


Reviews :

    The subject of security never strays far from the minds of IT workers, for good reason. If there is a network with even just one connection to another network, it needs to be secured. "RADIUS," or Remote Authentication Dial-In User Service, is a widely deployed protocol that enables companies to authenticate, authorize and account for remote users who want access to a system or service from a central network server. Originally developed for dial-up remote access, RADIUS is now used by virtual private network (VPN) servers, wireless access points, authenticating Ethernet switches, Digital Subscriber Line (DSL) access, and other network access types. Extensible, easy to implement, supported, and actively developed, RADIUS is currently the de facto standard for remote authentication.

"RADIUS" provides a complete, detailed guide to the underpinnings of the RADIUS protocol, with particular emphasis on the utility of user accounting. Author Jonathan Hassell draws from his extensive experience in Internet service provider operations to bring practical suggestions and advice for implementing RADIUS. He also provides instructions for using an open-source variation called FreeRADIUS.

"RADIUS is an extensible protocol that enjoys the support of a wide range of vendors," says Jonathan Hassell. "Coupled with the amazing efforts of the open source development community to extend RADIUS's capabilities to other applications-Web, calling card security, physical device security, such as RSA's SecureID-RADIUS is possibly the best protocol with which to ensure only the people that need access to a resource indeed gain that access."

This unique book covers RADIUS completely, from the history andtheory of the architecture around which it was designed, to how the protocol and its ancillaries function on a day-to-day basis, to implementing RADIUS-based security in a variety of corporate and service provider environments. If you are an ISP owner or administrator, corporate IT professional responsible for maintaining mobile user connectivity, or a web presence provider responsible for providing multiple communications resources, you'll want this book to help you master this widely implemented but little understood protocol.

...

    There's far more to information security than usernames and passwords; it's not just a matter of letting legitimate users "in" and keeping bad guys "out." Users who have authority to use certain parts of a system may not be authorized to see everything, and businesses, for billing purposes, often want to track how long users spend in a system. The Remote Access Dial-In User Service (RADIUS) solves all of these engineering challenges, but you have to implement it correctly in order to achieve maximum benefit and keep your systems safe. RADIUS provides an architectural and technical guide to RADIUS implementation, enabling its readers to design RADIUS-secured systems properly and choose products wisely.

Jonathan Hassell's approach is to lay down a foundation of RADIUS protocol theory, then explain how to implement the protocol with a particular product (FreeRADIUS for Linux). He approaches both elements of his book with precision and detail, and provides plenty of tabular information for reference. He's also liberal with examples, which is a welcome trait if you're in a hurry to know how to format a radiusd.conf file or how to configure Cisco IOS to do RADIUS authentication. This is a comprehensive treatment of a complicated subject. --David Wall

Topics covered: How the RADIUS protocol provides authentication, authorization, and accounting (AAA services), and how it fits with other elements of network design. The author covers the protocol in theory before digging into its implementation in FreeRADIUS for Linux and the integration of that package with several important networking products....

Authors: Tony Mobily.
Paperback, 296 pages
Publisher: Apress
Publication Date: 2004-05-17


Reviews :

   

A must-read for any system administrator installing or currently using Apache, Hardening Apache shows you exactly what to do to make Apache more secure. Throughout this book, renowned author Tony Mobily introduces you to many of the security problems youll inevitably stumble across when using Apache---and most important, youll learn how to protect yourself and your server.

Mobily provides in-depth instruction on the safe installation and configuration of Apache and gives detailed guidance on tightening the security of your existing Apache installation. This comprehensive book covers a wide variety of the most important issues, including common attacks, logging, downloading, administration, cross-site scripting attacks, and web-related RFC details. The book also delves into many of the more advanced system administration techniques including "jailing" Apache and securing third-party modules....

Authors: tapeworm.
Paperback, 256 pages
Publisher: Sams
Publication Date: 2005-08-20


Reviews :

   

This is your ticket into the elusive underworld of the Internet, home to millions of elite computer hackers. 1337 h4x0r h4ndb00k will show you how to walk-the-walk and talk-the-talk of this exclusive community. Soon, you too will be able to go into a chat room and carry on conversations speaking the cryptic 1337 language. 1337 h4x0r h4ndb00k will also review the nature of computer viruses, different practical jokes to play on your desktop and tips on how to live the hacker lifestyle. Join the elite society of computer hackers with 1337 h4x0r h4ndb00k as your guide.

...

Authors: Siva Vaidhyanathan.
Paperback, 272 pages
Publisher: Basic Books
Publication Date: 2005-05-10


Reviews :

    ...

Authors: Harlan Carvey. Jeremy Faircloth.
Paperback, 232 pages
Publisher: Elsevier Inc.
Publication Date: 2007-12-28


Reviews :

    I decided to write this book for a couple of reasons. One was that I've now written a couple of books that have to do with incident response and forensic analysis on Windows systems, and I used a lot of Perl in both books. Okay.I'll come clean.I used nothing but Perl in both books! What I've seen as a result of this is that many readers want to use the tools, but don't know how.they simply aren't familiar with Perl, with interpreted (or scripting) languages in general, and may not be entirely comfortable with running tools at the command line.

This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.

*Perl Scripting for Live Response

Using Perl, there's a great deal of information you can retrieve from systems, locally or remotely, as part of troubleshooting or investigating an issue. Perl scripts can be run from a central management point, reaching out to remote systems in order to collect information, or they can be "compiled" into standalone executables using PAR, PerlApp, or Perl2Exe so that they can be run on systems that do not have ActiveState's Perl distribution (or any other Perl distribution) installed.

*Perl Scripting for Computer Forensic Analysis

Perl is an extremely useful and powerful tool for performing computer forensic analysis. While there are applications available that let an examiner access acquired images and perform some modicum of visualization, there are relatively few tools that meet the specific needs of a specific examiner working on a specific case. This is where the use of Perl really shines through and becomes apparent.

*Perl Scripting for Application Monitoring

Working with enterprise-level Windows applications requires a great deal of analysis and constant monitoring. Automating the monitoring portion of this effort can save a great deal of time, reduce system downtimes, and improve the reliability of your overall application. By utilizing Perl scripts and integrating them with the application technology, you can easily build a simple monitoring framework that can alert you to current or future application issues....

Authors: Mark S. Merkow.
Paperback, 336 pages
Publisher: For Dummies
Publication Date: 1999-11-15
Edition: 1

Reviews :

    Let’s face it: the information age makes dummies of us all at some point. One thing we can say for sure, though, about things related to the Internet is that their best strengths are often also their worst weaknesses. This goes for virtual private networks (VPNs). They may reach a wide base of customers – but can also be vulnerable to viruses, hackers, spoofers, and other shady online characters and entities. VPNs may allow for super-efficient communication between customer and company – but they rely on information which, if compromised, can cause huge losses. The Internet is still a frontier – sometimes so wide open it leaves us bewildered – and, like any frontier, the risks go hand in hand with potentially huge rewards.

Virtual Private Networks for Dummies offers you a no-nonsense, practical guide to evaluating your company’s need for a VPN, understanding what it takes to implement one, and undertaking the challenging quest to set it up, make it work, and keep it safe. Whether you’re the resident expert leading the project team, or you just want to learn what makes e-commerce tick, this detailed, from-the-ground-up guide will soon have you comfortably conceptualizing:

• Security goals and strategies
• The evolution of VPNs
• Privacy in VPNs
• Extranets
• Remote-Access VPNs
• Funding
• Custom network solutions design
• Testing VPNs
• And more

With new products and technologies offering supposedly revolutionary solutions to IT departments every day, this book focuses on the real world – you know, the one full of obstacles, mishaps, threats, delays, and errors – and gives you the background knowledge to make decisions for yourself about your VPN needs. Written with a dash of humor, Virtual Private Networks for Dummies contains both technical detail (standards, protocols, etc.) and more general concepts (such as conducting cost-benefit analyses). This clear, authoritative guide will have you securely and cost-effectively networking over the Internet in no time....

    Shockingly short on implementation details, Virtual Private Networks for Dummies tries to craft a scattershot collection of facts and references into an introduction to virtual private networks (VPNs). That's not to say that this book is insubstantial, because it's not; probably, you'll learn something about networking, cryptography, authentication infrastructures, and other aspects of VPN engineering. Also, it's done a good job of compiling references to VPN resources on the Internet, so you'll have plenty of surfing to do. But it never explains how to build a VPN--or even the simplest laboratory simulation of one--and that's precisely the kind of how-to information that buyers of this book will want.

True enough: every situation that calls for a VPN is different; and, if the book had shown how to implement a VPN with one turnkey solution, users of the others would complain. But even the narrowest example would have been better than some of the stuff that fills these pages. At one point, the reader is walked through the process of encoding and decoding a plain-text message--by hand--by using a shared private key. Spare us, please. The book gives the vital Layer 2 Transport Protocol all of two short paragraphs. Sections on public-key encryption and digital certificates do a good job of unraveling perennially misunderstood processes, but they don't offset the lack of details on VPN. --David Wall

Topics covered: Aspects of virtual private networks (VPNs), organized to get potential VPN implementers thinking about security and other design issues. Specifically, Public-Key Infrastructure (PKI); digital certificates; turnkey VPN packages; and a lot of general stuff about what VPNs are good for, and how to design a good one....

Authors: William Stallings.
Paperback, 432 pages
Publisher: Prentice Hall
Publication Date: 2006-07-29
Edition: 3

Reviews :

   

This book provides a practical, up-to-date, and comprehensive survey of network-based and Internet-based security applications and standards. Covers e-mail security, IP security, Web security, and network management security. Includes a concise section on the discipline of cryptography–covering algorithms and protocols underlying network security applications, encryption, hash functions, digital signatures, and key exchange. For system engineers, engineers, programmers, system managers, network managers, product marketing personnel, and system support specialists.

...

Authors: Michael Gough.
Paperback, 432 pages
Publisher: Syngress
Publication Date: 2005-12-07
Edition: 1

Reviews :

    Whether you're a single user or you manage voice communications for a large enterprise, the inevitable change predicted above by Michael Powell of the FCC has now arrived. Skype Me! provides readers with a complete understanding of the technology behind Skype, walks through the steps for getting connected quickly, and then provides IT professionals with instructions on deploying and securing Skype in the workplace.

Get through the Basics Painlessly
Step-by-step instructions get you up and running on Windows, Mac, Pocket PC and Linux devices.

Create Skype Accounts and Begin Chatting Sign up, become listed in the Skype directory, and begin searching for contacts.

Transition Existing Services to Skype Plan a process that gradually replaces those services you currently pay for with Skype.

Expand Skype's Capabilities with Add-ons See how to add voice mail, SMS text messaging, Outlook integration, Web toolbars, and call forwarding.

Extend Skype via Its API
The API itself is divided into two main sections, the Skype Phone API and the Skype Access API.

Use Skype Away from Your Computer
No, you don't need to be at your computer to use Skype. Learn how to connect with your Skype server.

Deploy Skype in the Workplace
Create a system design, accommodate SIP and H.323, and roll out security policies.

Create Business Solutions
Consider the pros and cons of Skype-based help desks, WiFi phones, and other applications.

Configure Firewalls and Network Settings
Make certain that ports, proxy servers, and NAT routers are Skype ready.

...

Authors: Michael D. Bauer.
Paperback, 542 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-01-18
Edition: 2

Reviews :

    Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell. Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic. A number of new security topics have been added for this edition, including:

• Database security, with a focus on MySQL
• Using OpenLDAP for authentication
• An introduction to email encryption
• The Cyrus IMAP service, a popular mail delivery agent
• The vsftpd FTP server

Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system....