InfoSecurity 2008 Threat Analysis - Colby DeRodeff, Seth Fogie, Michael Gregg, Craig Schiller

InfoSecurity 2008 Threat Analysis (eBook)

Colby DeRodeff, Seth Fogie, Michael Gregg, Craig Schiller (Autoren)

eBook Download: PDF

2011 | 1. Auflage
480 Seiten
Elsevier Science (Verlag)
978-0-08-055869-1 (ISBN)

An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking.

Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.

* Provides IT Security Professionals with a first look at likely new threats to their enterprise
* Includes real-world examples of system intrusions and compromised data
* Provides techniques and strategies to detect, prevent, and recover
* Includes coverage of PCI, VoIP, XSS, Asterisk, Social Engineering, Botnets, and Convergence

An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking. Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.* Provides IT Security Professionals with a first look at likely new threats to their enterprise * Includes real-world examples of system intrusions and compromised data * Provides techniques and strategies to detect, prevent, and recover * Includes coverage of PCI, VoIP, XSS, Asterisk, Social Engineering, Botnets, and Convergence

Front Cover 1
Infosecurity 2008 Threat Analysis 4
Copyright Page 5
Contents 14
Foreword 24
Part I: Botnets 26
Chapter 1. Botnets: A Call to Action 28
Introduction 29
The Killer Web App 30
How Big Is the Problem? 31
The Industry Responds 45
Summary 47
Solutions Fast Track 48
Frequently Asked Questions 49
Chapter 2. Botnets Overview 50
What Is a Botnet? 51
The Botnet Life Cycle 51
What Does a Botnet Do? 61
Botnet Economics 79
Summary 85
Solutions Fast Track 85
Frequently Asked Questions 88
Part II: Cross Site Scripting Attacks 90
Chapter 3. Cross-site Scripting Fundamentals 92
Introduction 93
Web Application Security 95
XML and AJAX Introduction 97
Summary 102
Solutions Fast Track 102
Frequently Asked Questions 103
Chapter 4. XSS Theory 106
Introduction 107
Getting XSS'ed 107
DOM-based XSS in Detail 114
Redirection 125
CSRF 132
Flash, QuickTime, PDF, Oh My 136
HTTP Response Injection 162
Source vs. DHTML Reality 164
Bypassing XSS Length Limitations 170
XSS Filter Evasion 172
Summary 198
Solutions Fast Track 198
Frequently Asked Questions 201
Chapter 5. XSS Attack Methods 202
Introduction 203
History Stealing 203
Intranet Hacking 212
XSS Defacements 223
Summary 227
Solutions Fast Track 227
Frequently Asked Questions 228
References 229
Part III: Physical and Logical Security Convergence 230
Chapter 6. Protecting Critical Infrastructure: Process Control and SCADA 232
Introduction 233
Technology Background: Process Control Systems 234
Why Convergence? 248
Threats and Challenges 252
Conclusion 276
Chapter 7. Final Thoughts 278
Introduction 279
Final Thoughts from William Crower 279
Final Thoughts from Dan Dunkel 280
Final Thoughts from Brian Contos 281
Final Thoughts from Colby DeRodeoff 282
Part IV: PCI Compliance 284
Chapter 8. Why PCI Is Important 286
Introduction 287
What is PCI? 287
Overview of PCI Requirements 297
Risks and Consequences 299
Benefits of Compliance 301
Summary 302
Solutions Fast Track 302
Frequently Asked Questions 303
Chapter 9. Protect Cardholder Data 304
Protecting Cardholder Data 305
PCI Requirement 3: Protect Stored Cardholder Data 306
PCI Requirement 4—Encrypt Transmission of Cardholder Data Across Open, Public Networks 313
Using Compensating Controls 316
Mapping Out a Strategy 320
The Absolute Essentials 322
Summary 324
Solutions Fast Track 324
Frequently Asked Questions 326
Part V: Asterisk and VoIP Hacking 328
Chapter 10. Understanding and Taking Advantage of VoIP Protocols 330
Introduction 331
Your Voice to Data 331
Making Your Voice Smaller 332
Summary 357
Solutions Fast Track 357
Frequently Asked Questions 359
Chapter 11. Asterisk Hardware Ninjutsu 360
Introduction 361
Serial 361
Motion 373
Modems 379
Fun with Dialing 381
Legalities and Tips 395
Summary 397
Solutions Fast Track 397
Frequently Asked Questions 399
Part VI: Hack the Stack 400
Chapter 12. Social Engineering 402
Introduction 403
Attacking the People Layer 403
Defending the People Layer 426
Making the Case for Stronger Security 441
People Layer Security Project 447
Summary 449
Solutions Fast Track 449
Frequently Asked Questions 450
Index 452

Erscheint lt. Verlag	18.4.2011
Co-Autor	Paul Schooping
Sprache	englisch
Themenwelt	Sachbuch/Ratgeber
	Informatik ► Netzwerke ► Sicherheit / Firewall
	Informatik ► Theorie / Studium ► Kryptologie
	Wirtschaft ► Betriebswirtschaft / Management
ISBN-10	0-08-055869-0 / 0080558690
ISBN-13	978-0-08-055869-1 / 9780080558691

Haben Sie eine Frage zum Produkt?

PDF (Adobe DRM)
Größe: 41,7 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Andere Ausgabe

Buch | Softcover (2007)

CHF 71,55