Nicht aus der Schweiz? Besuchen Sie lehmanns.de
Halting the Hacker - Donald L. Pipkin

Halting the Hacker

A Practical Guide to Computer Security
Media-Kombination
384 Seiten
2002 | 2nd edition
Prentice Hall
978-0-13-046416-3 (ISBN)
CHF 58,15 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
'Halting the Hacker', filled with dozens of up-to-the-minute real world examples, provides a vivid look at the consequences of ignoring security, and gives readers numerous solutions that can be put to immediate use. It contains specific steps for improving the security of your HP-UX and Linux systems.
Halting the Hacker provides a unique look inside the mind of the hacker--you'll understand how and why he makes the choices he does to attack your system. At the same time, you're getting practical, step-by-step information on how to foil him! Unlike many other security books, this book shows you why you need to take particular steps, rather than just listing what to do. This gives you knowledge you can apply to future, as-yet-unknown, attacks. Organized around how hackers gain access, control and privileges on your system, Halting the Hacker helps you understand how different subsystems can be used in harmony to attack your computer. Filled with dozens of up-to-the-minute real world examples, the book provides a vivid look at the consequences of ignoring security, and gives you numerous solutions you can put to immediate use. It contains specific steps for improving the security of your HP-UX and Linux systems.

DONALD L. PIPKIN, CISSP, is an Information Security Architect for the Internet Security Division of Hewlett-Packard who consults with many of HP's largest customers. An internationally renowned security expert with over 15 years of experience, Pipkin is a frequent speaker and presenter on security issues in regional, national, and international conferences. His areas of expertise include policy, procedures, and intrusion response. He is author of Information Security: Protecting the Global Enterprise.

I: UNDERSTANDING HACKERS.



The Hacking Environment. Historic Perspective. Hacker or Cracker.

 1. Who Hackers Are.


Internal Hackers. External Hackers. Categorizing Hackers. Demographics. Classified by Skill Level.

 2. Hacker Motives.


Intellectually Motivated. Personally Motivated. Socially Motivated. Politically Motivated. Financially Motivated. Motivated by Ego.

 3. What Hackers Do.


Modern Day Robin Hood. Digital Dillinger.

 4. How Hackers Do What They Do.


Malicious Code. Modified Source Code. Exploiting Network Protocols. Exploiting Vulnerabilities. Password Crackers.

II. THE HACKING PROCESS.



Selecting the Target. Identifying the Systems to be Attacked. Gathering Information. Gaining Access. Acquiring Privileges. Avoiding Detection. Realizing a Goal.

 5. Gathering Information.


Public Sources. People. Going On Site. Computer Systems. Security Experts. Other Hackers.

 6. Limiting Information Disclosure.


Public Information Sources. Announcements. Restricting the Scope of the Service. Polling. Eavesdropping. Misinformation.

 7. Gaining Access.


Back Doors. Anonymously. Active Sessions. Stolen Credentials. Subverting Protocols.

 8. Limiting Access.


Physical System Access. Restricting Users. Over the Network. Restricting Services. File System Access.

 9. Getting Credentials.


Identity Management. Account Management. Repositories. Monitoring the Network. Social Engineering. Monitoring User Input.

10. Controlling Authentication.


Authentication Management. Cracking Passwords. Finding Passwords in Clear Text. The Future of Passwords. Implementing Strong Authentication.

11. Gaining Privileges.


Having Another User Run a Program. Exploiting Permission Vulnerabilities. Exploiting Hardware Vulnerabilities. Exploiting Software Vulnerabilities.

12. Controlling Authorizations.


User Authorizations. Program Authorizations. Compartmentalization. Protecting Files. Exploiting Permission Vulnerabilities. Read-only File Systems.

13. Avoiding Detection.


Monitoring Connections. Monitoring Processes. Monitoring Information. Increasing Security. Not Making Tracks. Removing Tracks. Misdirection. Changing Time.

14: Increasing Monitoring.


Monitoring Files. Monitoring Users. Monitoring Resources. The Logging System. Consolidated Logging Server. Log File Monitoring.

III. LEGAL RECOURSE.



Criminal Charges. Civil Remedies.

15. Computer Crimes.


Traditional Offenses Using Computers. Computer-specific Offenses. Intellectual Property Offenses. Content-related Offenses. Privacy Offenses.

16. Legal Prosecution.


Criminal Crime. Law Enforcement Agencies.

17. Obstacles to Prosecution.


Identifying the Hacker. Jurisdiction. Extradition. Evidence. Cost of Prosecution. Corporate Concerns. Personal Concerns.

18. Improving Successful Prosecution.


Enforcing Security Policy. Fair Notice. Marking Information. Proper Evidence Preservation. Trusted Time.

IV. HALTING THE HACKER.



Proactive Security Measures. Reactive Security Measures.

19. Preparation.


Define What Needs Protection. Define How Much Protection Is Required. Define How Much Protection Is Afforded. Define What You Have. Define How to Protect It.

20. Installation.


Software Structure. Install Minimum Base Operating System. Remove Any Unneeded Software. Install Additional Products. Install Standard Patches. Install Security Patches. Remove Software Remnants.

21. Proactive Protection.


Remove What Is Not Needed. Disable What Is Not Used. Restrict the Rest. Host Hardening Systems.

22. Security Testing.


Evaluate Current Status. Compliance with Security Program. Integrity of Installed Software. Integrity of Configuration. Security Scanners.

23. Security Monitoring.


Monitoring for New Vulnerabilities. Intrusion Methods. Determining When a Security Incident Has Occurred. System Monitoring Techniques. Comprehensive Monitoring.

24. Reactive Security.


Review the Incident Response Plan. Preserve the State of the Computer. Report the Incident. Contain the Incident. Gathering Information. Countermeasures.

25. Recovery.


Assess the Scope. Setting Priorities. Secure the System. Repair the Vulnerability. System Recovery. Data Recovery. Monitor for Additional Signs of Attack. Restoration of Confidence.

26. Review.


Determine the Cost of the Incident. Evaluate the Response Plan. Improve the Safeguards. Update Detection. Process Improvement. Postmortem Documentation. Follow-up Communication.

Glossary.
Index.
About the CD-ROM.
Accessing the CD-ROM.
Using the CD-ROM.

Erscheint lt. Verlag 5.9.2002
Verlagsort Upper Saddle River
Sprache englisch
Maße 235 x 178 mm
Gewicht 612 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
ISBN-10 0-13-046416-3 / 0130464163
ISBN-13 978-0-13-046416-3 / 9780130464163
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
nach DSGVO und BDSG

von Andreas Schaupp

Druckwerk (2023)
Deutscher Apotheker Verlag
CHF 72,95
Datenschutz (Kombi-Ausgabe), Mitarbeiter-Merkblatt Datenschutz und …
Media-Kombination (2022)
Forum Verlag Herkert
CHF 419,95