Authors: Daniel J., Lohrmann.
Paperback, 224 pages
Publisher: Brazos Press
Publication Date: 2008-11-01


Reviews :

    It's unavoidable--every time we surf the Web we are bombarded with temptations vying for our thoughts, dreams, time, and money. As a high-ranking government computer security expert and an avid personal Internet user, Daniel Lohrmann knows these lures well. In Virtual Integrity, he sets out to answer an important question: How can we safely surf our values? Approachable and essential for all Web users, this book reveals the vast scope of the current battle, creative new answers to the problem, and practical steps everyone can follow. Delving into more than just commonly discussed issues of Internet gambling and pornography, Lohrmann offers a rare holistic vision for how to avoid "integrity theft" and unpacks a revolutionary new paradigm for integrity security. EXCERPT Over the past 24 years, I've led teams building websites and customer-focused portals that have changed the way citizens and businesses interact with government - for the better. Since working for the National Security Agency in the 1980s, I've circled the globe fixing computers, battling hackers, stopping computer viruses, and taking on a never-ending list of "bad guys." America still faces serious challenges from foreign threats, and many books have been written and websites developed on all aspects of cybersecurity, organized crime, and protecting your confidential information. I've seen firsthand a lot of these threats and abuses of Internet capabilities. But in the past few years, an even more troubling trend has grabbed my attention. I am referring to an extraordinary increase in the numbers of temptations we face in cyberspace. New seductions are cleverly packaged as "innovative opportunities" that are really appeals to engage in unproductive, harmful, even immoral activities online. A much wider set of questions have arisen that can't be answered by simply blocking spam, installing web filters, or upgrading your antivirus software and PC firewall. These virtual threats can have the net effect of taking away some of the most important things in life. As individuals, institutions, and a nation, we spend significant time battling identity theft online, but we neglect to fight other negative aspects of Internet life that I call "integrity theft." We need a new approach to virtual integrity....

Authors: Kenneth Walton.
Paperback, 304 pages
Publisher: Simon Spotlight Entertainment
Publication Date: 2007-05-08


Reviews :

    Ripped from the headlines of the New York Times, Fake describes Kenneth Walton's innocent beginnings as a lawyer turned online art-trading hobbyist, whose satisfaction in reselling thrift store paintings for a profit soon became a fierce addiction to eBay. In a landscape peopled with colorful eccentrics hoping to score museum-quality paintings at bargain prices, Walton entered into a partnership with con man Ken Fetterman. Over the course of eighteen months they managed to take in hundreds of thousands of dollars by selling forged paintings and bidding on their own auctions to drive up the prices. When their deception was discovered and made international headlines, Walton found himself stalked by reporters and federal agents while Fetterman went on the lam, sparking a nationwide FBI manhunt.

In this sensational story of the seductive power of greed, Kenneth Walton breaks his silence for the first time and details the international scandal that forever changed the way eBay does business....

Authors: Roberta Bragg.
Paperback, 544 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2004-05-11
Edition: 1

Reviews :

   

“The definitive tool to learn what’s proper for Microsoft Windows systems. Roberta’s excellent guidance will easily help you build secure, resiliant systems.” --Steve Riley, Security Business and Technology Unit, Windows Division, Microsoft Corporation

Take a proactive approach to network security by hardening your Windows systems against attacks before they occur. Written by security evangelist Roberta Bragg, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Whether you have one Windows server or one hundred, you’ll get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan. With coverage of Windows 95/98/NT 4.0/2000/XP and Windows Server 2003, this book is an essential security tool for on-the-job IT professionals.

Features a four-part hardening methodology:

• Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack
• Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on authentication, access controls, borders, logical security boundaries, communications, storage, and administrative authority
• Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing
• How to Succeed At Hardening Your Windows Systems--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

Roberta Bragg, CISSP, MCSE: Security, Security , co-author of Network Security: The Complete Reference, instructor, and consultant, focuses on how to proactively deploy proven security principles to defend Windows systems from possible attack. Roberta is the Security Advisor columnist for MCP magazine, the Security Expert for searchWin2000.com, and writes for the Security Watch newsletter. Roberta is the series editor of McGraw-Hill/Osborne’s Hardening security series.

...

Authors: Preston Gralla.
Paperback, 192 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2007-02-22


Reviews :

    Windows Vista Pocket Reference is the ideal guide to setting up and navigating the basics of this new operating system, from the new user interface to networking, multimedia, security, and mobility. This pocket reference offers four sections that will familiarize readers with Vista quickly:

• Getting Started gives a crash course in using Windows Vista, including the user interface, handling files, folders, drives and search, and working with hardware.
  
  
• Networking, the Internet and Wireless offers a tour of Internet Explorer 7, a wireless networking guide, and how to set up and maintain home networks.
  
  
• Multimedia shows how to use the Media Center, Windows Media Player, and how to handle graphics and photos, podcasts and MP3 players.
  
  
• Security, Mobility, and Troubleshooting visits the security features, shows how to tune up Vista, troubleshoot problems, and use Vista with mobile devices.

...

Authors: Stephen A. Thomas.
Paperback, 224 pages
Publisher: Wiley
Publication Date: 2000-02-11


Reviews :

    "Great writing . . . a clear introduction to the most widely deployed security technology in the Internet."-Paul Lambert, former co-chair of IETF IPSEC working group

The Secure Sockets Layer (SSL) and Transport Layer Security(TLS) protocols form the foundation for e-commerce security on the World Wide Web, verifying the authenticity of Web sites, encrypting the transfer of sensitive data, and ensuring the integrity of information exchanged. Now-for the first time the details of these critical security protocols are available in a complete, clear, and concise reference. SSL and TLS Essentials provides complete documentation of the SSL and TLS protocols, including advanced and proprietary extensions never before published. The book thoroughly covers the protocols in operation, including the contents of their messages, message formats, and the cryptographic calculations used to construct them. The text also includes an introduction to cryptography and an explanation of X.509 public key certificates. Stephen Thomas, author of IPng and the TCP/IP Protocols, presents this complex material in a clear and reader-friendly manner. The book includes more than 80 figures and illustrations to supplement its text, and it describes SSL in the context of real-world, practical applications. Readers will immediately understand not only the academic principles behind he security protocols, but how those principles apply to their own network security challenges.

The book includes:
* Full details of Netscape's SSL and the IETF's TLS protocols, with differences between the two clearl highlighted and explained
* A concise tutorial in cryptography
* Complete coverage of Netscape's International Step-Up and Microsoft's Server Gated Cryptography implementations
* A description of X.509 public key certificates
* Details on implementing backwards compatibility among previous versions of SSL and TLS
* A thorough security checklist with explanations of all known attacks on SSL implementations, along with appropriate countermeasures.

The CD-ROM contains convenient electronic versions of the book for:
* Windows(r) CE handheld computers
* Adobe(r) Acrobat Reader for PCs

Visit our Web site at www.wiley.com/compbooks/...

Authors: Thomas R. Peltier.
Hardcover, 360 pages
Publisher: Auerbach Publications
Publication Date: 2005-04-26
Edition: 2

Reviews :

    The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently.

Information Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to understand when, why, and how risk assessments and analyses can be conducted effectively. This book discusses the principle of risk management and its three key elements: risk analysis, risk assessment, and vulnerability assessment. It examines the differences between quantitative and qualitative risk assessment, and details how various types of qualitative risk assessment can be applied to the assessment process. The text offers a thorough discussion of recent changes to FRAAP and the need to develop a pre-screening method for risk assessment and business impact analysis. ---------------------Features--------------------- · Analyzes risk analysis, risk assessment, and vulnerability assessments · Introduces System Development Life Cycle (SDLC) and Business Process Life Cycle (BPLC), and integrates risk analysis and assessment into these processes · Discusses the need to develop a standard set of controls, and details how to apply regulations such as GLBA, HIPPA, SOX, ISO 17799, and others · Explains how to use qualitative risk assessment concepts and FRAAP to conduct business impact analyses and determine information classification requirements · Contains samples of forms, controls, policies, letters, and spreadsheets needed to complete the risk analysis and assessment processes...

Authors: Ed Skoudis. Lenny Zeltser.
Paperback, 672 pages
Publisher: Prentice Hall PTR
Publication Date: 2003-11-17


Reviews :

    Malicious code is a set of instructions that runs on your computer and makes your system do something that you do not want it to do. For example, it can delete sensitive configuration files from your hard drive, rendering your computer completely inoperable; infect your computer and use it as a jumping-off point to spread to all of your buddies' computers; and steal files from your machine. Malicious code in the hands of a crafty attacker is indeed powerful. It's becoming even more of a problem because many of the very same factors fueling the evolution of the computer industry are making our systems even more vulnerable to malicious code. Specifically, malicious code writers benefit from the trends toward mixing static data and executable instructions, increasingly homogenous computing environments, unprecedented connectivity, an ever-larger clueless user base, and an unfriendly world. Skoudis addressed malicious code in just one chapter of his previous book. Here, a dozen chapters focus on one of the most interesting and rapidly developing areas of computer attacks.*Chapter 11, "Defender's Toolbox," rolls together the defensive strategies described in the book.As a bonus, Skoudis gives recipes for creating your own malicious code analysis laboratory using cheap hardware and software....

Authors: Cheah Yeow.
Paperback, 292 pages
Publisher: SitePoint
Publication Date: 2005-06-15


Reviews :

    This is a must read guide to anyone who wants to learn how to browse faster and more conveniently with Firefox. Firefox Secrets will teach you how to get the most from Mozilla, including how to find and use all the hidden features, extensions available to you. You'll learn:

• Ways to ease the transition from Internet Explorer
• A way to setup multiple "homepages" when you launch your browser
• Read RSS feeds from within Firefox using a free extension
• Where to download a new and less obtrusive "Download Manager"
• The best "must-have" extensions to download as well as the "fun" ones
• Two different ways to speed up Firefox downloads with prefetcher and pipelining
• Firefox's secret features for Web Developers
• And much, much more!

Firefox Secrets is the ultimate guide to the Web Browser that major magazines, newspapers and even Microsoft's own "Slate.com" website are recommending as the ultimate replacement to Internet Explorer.

...

Authors: Constantine Photopoulos.
Paperback, 400 pages
Publisher: Syngress
Publication Date: 2008-03-03


Reviews :

    Offering a structured approach to handling and recovering from a catastrophic data loss, this book will help both technical and non-technical professionals put effective processes in place to secure their business-critical information and provide a roadmap of the appropriate recovery and notification steps when calamity strikes.

*Addresses a very topical subject of great concern to security, general IT and business management
*Provides a step-by-step approach to managing the consequences of and recovering from the loss of sensitive data.
*Gathers in a single place all information about this critical issue, including legal, public relations and regulatory issues...

Authors: Fred Chris Smith. Rebecca Gurley Bace.
Paperback, 560 pages
Publisher: Addison-Wesley Professional
Publication Date: 2002-10-19


Reviews :

    Today technologists need expert witness skills. In addition to understanding the technologies that may be at issue in a given case, an effective expert witness must have an understanding of the legal system, specific courtroom communication skills, skills for enduring cross-examination and preparing for legal testimony. When new technologies are introduced, litigation about the technology and its uses is quick to follow. There are new forms of legal claims for everything from damages for the failures of enterprise networks to new uses of surveillance and the authenticity of digital evidence. Over 90 percent of all information is now created and stored in computers. Technical experts routinely come into play in investigations where evidence is suspected or where computer system behavior is relevant to the case. IT professionals, system administrators, and security consultants are increasingly being brought into the legal world, and they need to prepared....