Authors: Andrew Whitaker. Daniel Newman.
Paperback, 624 pages
Publisher: Cisco Press
Publication Date: 2005-11-10


Reviews :

   

The practical guide to simulating, detecting, and responding to network attacks 

• Create step-by-step testing plans
• Learn to perform social engineering and host reconnaissance
• Evaluate session hijacking methods
• Exploit web server vulnerabilities
• Detect attempts to breach database security
• Use password crackers to obtain access information
• Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
• Scan and penetrate wireless networks
• Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
• Test UNIX, Microsoft, and Novell servers for vulnerabilities
• Learn the root cause of buffer overflows and how to prevent them
• Perform and prevent Denial of Service attacks

Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.

 

Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.

 

Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.

 

Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.

 

“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”

–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®

...

Authors: Umer Khan. Vitaly Osipov. Mike Sweeney. Woody Weaver.
Paperback, 608 pages
Publisher: Syngress
Publication Date: 2002-12
Edition: 1

Reviews :

    Cisco Security Specialist's Guide to PIX Firewall immerses the reader in the highly complicated subject of firewall implementation, deployment, configuration, and administration. This guide will instruct the reader on the necessary information to pass the CSPFA exam including protocols, hardware, software, troubleshooting and more.

Cisco Security Specialist's Guide to PIX Firewall introduces the basic concepts of attack, explains the networking principals necessary to effectively implement and deploy a PIX firewall, covers the hardware and software components of the device, provides multiple configurations and administration examples, and fully describes the unique line syntax native to PIX firewall configuration and administration.

Ø Coverage of the Latest Versions of PIX Firewalls. This book includes coverage of the latest additions to the PIX Firewall family including the CiscoSecure PIX Firewall (PIX) Software Release 6.0.
Ø Must-have desk reference for the serious security professional. In addition to the foundation information and dedicated text focused on the exam objectives for the CSPFA, this book offers real-world administration and configuration support. This book will not only help readers pass the exam; it will continue to assist them with their duties on a daily basis.
Ø Firewall administration guides? Syngress wrote the book. Syngress has demonstrated a proficiency to answer the market need for quality information pertaining to firewall administration guides. Configuring ISA Server 2000: Building Firewalls for Windows 2000 (ISBN: 1-928994-29-6) and Checkpoint Next Generation Security Administration (ISBN: 1-928994-74-1) are currently best sellers in the security market....

Authors: Edward Humphreys.
Hardcover, 290 pages
Publisher: Artech House Publishers
Publication Date: 2007-09-30
Edition: 1

Authors: Ingemar Cox. Matthew Miller. Jeffrey Bloom. Jessica Fridrich. Ton Kalker.
Hardcover, 624 pages
Publisher: Morgan Kaufmann
Publication Date: 2007-11-16
Edition: 2

Reviews :

    Digital audio, video, images, and documents are flying through cyberspace to their respective owners. Unfortunately, along the way, individuals may choose to intervene and take this content for themselves. Digital watermarking and steganography technology greatly reduces the instances of this by limiting or eliminating the ability of third parties to decipher the content that he has taken. The many techiniques of digital watermarking (embedding a code) and steganography (hiding information) continue to evolve as applications that necessitate them do the same. The authors of this second edition provide an update on the framework for applying these techniques that they provided researchers and professionals in the first well-received edition. Steganography and steganalysis (the art of detecting hidden information) have been added to a robust treatment of digital watermarking, as many in each field research and deal with the other. New material includes watermarking with side information, QIM, and dirty-paper codes. The revision and inclusion of new material by these influential authors has created a must-own book for anyone in this profession.

*This new edition now contains essential information on steganalysis and steganography
*New concepts and new applications including QIM introduced
*Digital watermark embedding is given a complete update with new processes and applications...

Authors: Steve Wright.
Paperback, 188 pages
Publisher: IT Governance Ltd
Publication Date: 2008-03-31


Reviews :

    The objective of this practical guide is to give organisations practical advice and tips on the entire Payment Card Industry (PCI) implementation process. It provides a roadmap, helping organisations to navigate the broad and sometimes confusing Payment Card Industry Data Security Standard (PCI DSS) v1.1 and shows them how to build and maintain a sustainable PCI compliance programme. Although the guide starts with sections on why and what is PCI, it is not intended to replace the 'publicly available' PCI information. Thus, it is designed to provide guidance and support for project managers, executives and security officers who have been tasked with ensuring PCI compliance and don't know where to start. This book looks to serve those who have been given the responsibility of PCI; it does not attempt to provide all the answers. It should be read, absorbed and digested, only with a good helping of other PCI 'publicly available' information. In other words - it will help an organisation get started and hopefully furnish the reader with enough of the fundamental basics to create, design and build the organisation's own PCI compliance framework....

Authors: William R. Cheswick. Steven M. Bellovin. Aviel D. Rubin.
Paperback, 464 pages
Publisher: Addison-Wesley Professional
Publication Date: 2003-03-06
Edition: 2

Reviews :

    The best-selling first edition of Firewalls and Internet Security became the bible of Internet security by showing readers how to think about threats and solutions. The completely updated and expanded second edition defines the security problems students face in today's Internet, identifies the weaknesses of the most popular security technologies, and illustrates the ins and outs of deploying an effective firewall. Students learn how to plan and execute a security strategy that allows easy access to Internet services while defeating even the wiliest of hackers. Written by well-known senior researchers at AT&T Bell Labs, Lumeta, and Johns Hopkins University the students will benefit from the actual, real-world experiences of the authors maintaining, improving, and redesigning AT&T's Internet gateway....

    Essential information for anyone wanting to protect Internet-connected computers from unauthorized access. Includes:

• thorough discussion of security-related aspects of TCP/IP;
• step-by-step plans for setting up firewalls;
• hacking and monitoring tools the authors have built to rigorously test and maintain firewalls;
• pointers to public domain security tools on the net;
• first-hand step-by-step accounts of battles with the "Berferd" hackers; and
• practical discussions of the legal aspects of security.

...

Authors: Vincent Nestler. Wm. Arthur Conklin. Gregory White. Matthew Hirsch.
Paperback, 759 pages
Publisher: Career Education
Publication Date: 2005-06-22
Edition: 1

Reviews :

    This lab manual provides a host of hands-on exercises that are the perfect supplement to your computer security textbook. Over 40 lab projects build from basic networking skills to identification of vulnerabilities, hardening of computer systems, and detection and incident response. This book reinforces Security certification objectives and prepares students to work in the real world by applying networking concepts to solve real business problems.

This lab manual is suitable to accompany any security textbook, but an appendix maps the labs specifically for easy use with McGraw-Hill textbooks, Principles of Computer Security: Security and Beyond and Fundamentals of Network Security....

Authors: Russell Shaw. Mercer.
Paperback, 286 pages
Publisher: Wiley
Publication Date: 2004-12-03


Reviews :

    There's Safety in Knowledge. Are you informed?

Everybody's doing it - downloading music and video from the Internet and sharing files. But you've always worried that such downloads might put your computer at risk, and wondered - are they legal? Relax. This book shows you exactly how to safeguard y our PC while enjoying music and video downloads from safe and legal sources. You'll get the facts, not the scare tactics, about online music services, virus dangers, spyware, identity theft, and other privacy concerns, with many tips to protect your computer and yourself.
* Select download sites that are safe, legal, and sometimes free
* Review major music downloading and file-sharing sites to choose the best service for your needs
* Make informed decisions about direct downloads versus file sharing
* Get the security track records of all the major file-sharing and direct-download sites
* Understand the types of file-sharing attacks and know if you've bee victimized
* Examine the unique risks associated with network use
* Take a look at privacy laws and learn how to protect yourself online
* Learn why illegal downloads aren't worth the risk
* Download media files safely to your cell phone, MP3 player, or PDA...

Authors: Geeks On Call.
Paperback, 216 pages
Publisher: Wiley
Publication Date: 2005-12-19


Reviews :

    Bringing order to the lawless frontier

Almost daily, the boomtown growth of online activity generates more opportunities for cybercrime, identity theft, loss of data, and invasion of your privacy. To this lawless high-tech frontier comes the cavalry, mounted on (or in) blue PT Cruisers--Geeks On Call. Now they're helping you build that all-important first line of defense, with quick, easy-to-follow solutions to the most common security problems, plus simple steps you can take to protect your computer, your privacy, and your personal information--today.
* Keep your virus protection up to date
* Identify and remove spyware
* Recognize phishing scams
* Practice safe chatting and instant messaging
* Learn to encrypt data for security
* Protect your laptop and wireless connection
* Create secure passwords
* Safely use public computers

Geeks On Call(r) is the premier provider of on-site computer services. The certified, trained and tested technicians from Geeks On Call provide expert computer installation and networking services, on-site repairs, security solutions and system upgrades for residential and commercial customers numbering in the hundreds of thousands each year. Founded in 1999, Geeks On Call began franchising in 2001. For more information, call 1-800-905-GEEK or visit www.geeksoncall.com. Geeks On Call franchises are independently owned and operated....

Authors: Naganand Doraswamy. Dan Harkins.
Paperback, 288 pages
Publisher: Prentice Hall PTR
Publication Date: 2003-03-23
Edition: 2

Reviews :

    Provides extensive coverage of IPSec architecture and protocols and instruction on how to deploy IPSec in Virtual Private Networks. DLC: IPSec (Computer network protocol) ...

    IPSec, the suite of protocols for securing any sort of traffic that moves over an Internet Protocol (IP) network, promises big things for online business. IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks catalogs the specifications that compose this suite and explain how they fit into intranets, virtual private networks (VPNs), and the Internet.

Authors Doraswamy and Harkins first treat IPSec as a system, explaining how its component parts work together to provide flexible security. Their approach to this task makes sense: They first explain why standard IP packets aren't secure; then they show how the IPSec improvements make secure transactions possible. Readers get full descriptions of how various network entities talk to one another. Where appropriate, concepts that aren't specific to IPSec are explained, including IPv4 and IPv6 packet structures and addressing schemes. There's some information on cryptography too.

IPSec's parts are explained individually: the Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), and ISAKMP/Oakley protocols are detailed with lots of prose, supplemented with a smattering of packet diagrams and conceptual sketches. Sections on implementing IPSec protocols on networks remain fairly abstract and don't mention actual products, but should prove useful to programmers designing their own network security products around the IPSec specifications. --David Wall...