Authors: Andrew Vladimirov. Konstantin V. Gavrilenko. Andrei A. Mikhailovsky.
Paperback, 592 pages
Publisher: Addison-Wesley Professional
Publication Date: 2004-07-08


Reviews :

    "This is an excellent book. It contains the 'in the trenches' coverage that the enterprise administrator needs to know to deploy wireless networks securely." --Robert Haskins, Chief Technology Officer, ZipLink Wi-Foo: The Secrets of Wireless Hacking is the first practical and realistic book about 802.11 network penetration testing and hardening. Unlike other books, it is based on a daily experience of breaking into and securing wireless LANs. Rather than collecting random wireless security news, tools, and methodologies, Wi-Foo presents a systematic approach to wireless security threats and countermeasures starting from the rational wireless hardware selection for security auditing and finishing with how to choose the optimal encryption ciphers for the particular network you are trying to protect....

Authors: Joshua Marinacci. Chris Adamson.
Paperback, 542 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-06-30


Reviews :

    "Swing Hacks" helps Java developers move beyond the basics of Swing, the graphical user interface (GUI) standard since Java 2. If you're a Java developer looking to build enterprise applications with a first-class look and feel, Swing is definitely one skill you need to master. This latest title from O'Reilly is a reference to the cool stuff in Swing. It's about the interesting things you learn over the years--creative, original, even weird hacks--the things that make you say, "I didn't know you could even do that with Swing!"

"Swing Hacks" will show you how to extend Swing's rich component set in advanced and sometimes non-obvious ways. The book touches upon the entire Swing gamut-tables, trees, sliders, spinners, progress bars, internal frames, and text components. Detail is also provided on JTable/JTree, threaded component models, and translucent windows. You'll learn how to filter lists, power-up trees and tables, and add drag-and-drop support.

"Swing Hacks" will show you how to do fun things that will directly enhance your own applications. Some are visual enhancements to make your software look better. Some are functional improvements to make your software do something it couldn't do before. Some are even just plain silly, in print only to prove it could be done. The book will also give you give you a small glimpse of the applications coming in the future. New technology is streaming into the Java community at a blistering rate, and it gives application developers a whole new set of blocks to play with.

With its profusion of tips and tricks, "Swing Hacks" isn't just for the developer who wants to build a better user interface. It's also ideally suited for client-sideJava developers who want to deliver polished applications, enthusiasts who want to push Java client application boundaries, and coders who want to bring powerful techniques to their own applications.

Whatever your programming needs, "Swing Hacks" is packed with programming lessons that increase your competency with interface-building tools....

Authors: Greg Hoglund. Gary McGraw.
Paperback, 384 pages
Publisher: Addison-Wesley Professional
Publication Date: 2007-07-19
Edition: 1

Reviews :

   

"Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.

"The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys."

--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University

"Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be."

--Cade Metz
Senior Editor
PC Magazine

"If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge."

--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University

"Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.

"Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge."

--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force

"Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.

"With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today."

--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University

"If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk."

--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis

"This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!"

--Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL

If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.

From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraft^™ and Second Life^®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.

This book covers

• Why online games are a harbinger of software security issues to come
• How millions of gamers have created billion-dollar virtual economies
• How game companies invade personal privacy
• Why some gamers cheat
• Techniques for breaking online game security
• How to build a bot to play a game for you
• Methods for total conversion and advanced mods

Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.

...

Authors: Michael Rash.
Paperback, 336 pages
Publisher: No Starch Press
Publication Date: 2007-09-15

Authors: Peter Hansteen.
Paperback, 184 pages
Publisher: No Starch Press
Publication Date: 2008-01-11


Reviews :

   

OpenBSD's stateful packet filter, PF, offers an amazing feature set and support across the major BSD platforms. Like most firewall software though, unlocking PF's full potential takes a good teacher. Peter N.M. Hansteen's PF website and conference tutorials have helped thousands of users build the networks they need using PF. The Book of PF is the product of Hansteen's knowledge and experience, teaching good practices as well as bare facts and software options. Throughout the book, Hansteen emphasizes the importance of staying in control by having a written network specification, using macros to make rule sets more readable, and performing rigid testing when loading in new rules.

Today's system administrators face increasing challenges in the quest for network quality, and The Book of PF can help by demystifying the tools of modern *BSD network defense. But, perhaps more importantly, because we know you like to tinker, The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:

• Create rule sets for all kinds of network traffic, whether it is crossing a simple home LAN, hiding behind NAT, traversing DMZs, or spanning bridges
• Use PF to create a wireless access point, and lock it down tight with authpf and special access restrictions
• Maximize availability by using redirection rules for load balancing and CARP for failover
• Use tables for proactive defense against would-be attackers and spammers
• Set up queues and traffic shaping with ALTQ, so your network stays responsive
• Master your logs with monitoring and visualization, because you can never be too paranoid

The Book of PF is written for BSD enthusiasts and network admins at any level of expertise. With more and more services placing high demands on bandwidth and increasing hostility coming from the Internet at-large, you can never be too skilled with PF.

...

Authors: Stephen Northcutt. Judy Novak.
Paperback, 512 pages
Publisher: Sams
Publication Date: 2002-09-06
Edition: 3

Reviews :

   

The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. New to this edition is coverage of packet dissection, IP datagram fields, forensics, and snort filters.

...

    Network Intrusion Detection: An Analyst's Handbook explains some of what you need to know to prevent unauthorized accesses of your networked computers and minimize the damage intruders can do. It emphasizes, though, proven techniques for recognizing attacks while they're underway. Without placing too much emphasis (or blame, for that matter) on any operating system or other software product, author Stephen Northcutt explains ways to spot suspicious behavior and deal with it, both automatically and manually.

The case studies, large and small, are the best part of this book. Northcutt opens with a technical brief on the methods used by Kevin Mitnick in his attack upon Tsutomu Shimomura's server. In documenting that famous attack, Northcutt explains SYN flooding and TCP hijacking with clarity and detail: readers get a precise picture of what Mitnick did and how Shimomura's machine reacted. A former security expert for the U.S. Department of Defense, Northcutt explains how a system administrator would detect and defeat an attack like Mitnick's. Another case study appears later in the book, this one in the form of a line-by-line analysis of a .history file that shows how a bad guy with root privileges attacked a Domain Name System (DNS) server. Reading Northcutt's analysis is like reading a play-by-play account of a football match. Network Intrusion Detection is one of the most readable technical books around. --David Wall

Topics covered: Catching intruders in the act by recognizing the characteristics of various kinds of attacks in real time, both manually and with the use of filters and other automated systems; techniques for identifying security weaknesses and minimizing false security alarms....

Authors: Eoghan Casey.
Hardcover, 688 pages
Publisher: Academic Press
Publication Date: 2004-03-22
Edition: 2

Reviews :

    Digital evidence--evidence that is stored on or transmitted by computers--can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism.
Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked,
collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime.
This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.
Readers will receive access to the author's accompanying Web site which contains simulated cases that integrate many of the topics covered in the text. Frequently updated, these cases teaching individuals about:
* Components of computer networks
* Use of computer networks in an investigation
* Abuse of computer networks
* Privacy and security issues on computer networks
* The law as it applies to computer networks

* Provides a thorough explanation of how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence
* Offers readers information about relevant legal issues
* Features coverage of the abuse of computer networks and privacy and security issues on computer networks
* Free unlimited access to author's Web site which includes numerous and frequently updated case examples...

Authors: Keith J. Jones. Richard Bejtlich. Curtis W. Rose. Dan Farmer. Wietse Venema. Brian Carrier.
Paperback, 1392 pages
Publisher: Addison-Wesley Professional
Publication Date: 2007-08-20
Edition: 1 Pap/DVD

Reviews :

   

Praise for Forensic Discovery

"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book."
--Richard Bejtlich, TaoSecurity

Praise for Real Digital Forensics

"Real Digital Forensics is as practical as a printed book can be. In a very methodical fashion, the authors cover live response (Unix, Windows), network-based forensics following the NSM model (Unix, Windows), forensics duplication, common forensics analysis techniques (such as file recovery and Internet history review), hostile binary analysis (Unix, Windows), creating a forensics toolkit and PDA, flash and USB drive forensics. The book is both comprehensive and in-depth; following the text and trying the investigations using the enclosed DVD definitely presents an effective way to learn forensic techniques."
--Anton Chuvakin, LogLogic

Praise for File System Forensic Analysis

"Carrier has achieved what few technical authors do, namely a clear explanation of highly technical topics that retains a level of detail making it valuable for the long term. For anyone looking seriously at electronic forensics, this is a must have. File System Forensic Analysis is a great technical resource."
--Jose Nazario, Arbor Networks

The Computer Forensics Library

With the ever-increasing number of computer-related crimes, more and more professionals find themselves needing to conduct a forensics examination. But where to start? What if you don't have the time or resources to take a lengthy training course? We've assembled the works of today's leading forensics experts to help you dive into forensics, give you perspective on the big picture of forensic investigations, and arm you to handle the nitty-gritty technicalities of the toughest cases out there.

Forensic Discovery, the definitive guide, presents a thorough introduction to the field of computer forensics. Authors Dan Farmer and Wietse Venema cover everything from file systems to memory andkernel hacks and malware. They expose many myths about forensics that can stand in the way of success. This succinct book will get you started with the realities of forensics.

Real Digital Forensics allows you to dive right in to an investigation and learn by doing. Authors Keith J. Jones, Richard Bejtlich, and Curtis W. Rose walk you through six detailed, highly realistic investigations and provide a DVD with all the data you need to follow along and practice. Once you understand the big picture of computer forensics, this book will show you what a Unix or Windows investigation really looks like.

File System Forensic Analysis completes the set and provides the information you need to investigate a computer's file system. Most digital evidence is stored within the computer's file system, so many investigations will inevitably lead there. But understanding how the file system works is one of the most technically challenging concepts for digital investigators. With this book, expert Brian Carrier closes out the set by providing details about file system analysis available nowhere else.

...

Authors: Peter Szor.
Paperback, 744 pages
Publisher: Addison-Wesley Professional
Publication Date: 2005-02-13


Reviews :

    Peter Szor takes you behind the scenes of anti-virus research, showing howthey are analyzed, how they spread, and--most importantly--how to effectivelydefend against them. This book offers an encyclopedic treatment of thecomputer virus, including: a history of computer viruses, virus behavior,classification, protection strategies, anti-virus and worm-blocking techniques,and how to conduct an accurate threat analysis. The Art of Computer VirusResearch and Defense entertains readers with its look at anti-virus research, butmore importantly it truly arms them in the fight against computer viruses.As one of the lead researchers behind Norton AntiVirus, the most popularantivirus program in the industry, Peter Szor studies viruses every day. Byshowing how viruses really work, this book will help security professionals andstudents protect against them, recognize them, and analyze and limit thedamage they can do....

Authors: Robert Fischer. Edward Halibozek.
Hardcover, 528 pages
Publisher: Butterworth-Heinemann
Publication Date: 2008-03-14
Edition: 8

Reviews :

    Introduction to Security, 8th Edition, has been the leading introduction to private security for over thirty years, celebrated for its balanced and professional approach to this increasingly important area. Now the eighth edition expands the key topics and adds material on important issues in the 21st c environment.

The author team brings together top-level professional experience in industry with years of teaching experience. As a recommended title for security certifications, it is a crucial resource for the 30,000 ASIS International members, and is also used as a core security textbook in universities throughout the country. This is Butterworth-Heinemann's best-selling security text of all time, an essential reference for all security professionals.

* Significantly expanded chapters on computer issues, cargo, homeland security and terrorism
* New chapter on Internal Issues and Controls covering crucial information on internal theft, personnel policies, and drugs and violence in the workplace
* More illustrations and photos to make learning easier...