Syngress Force Emerging Threat Analysis (eBook)
500 Seiten
Elsevier Science (Verlag)
978-0-08-047559-2 (ISBN)
This Syngress Anthology Helps You Protect Your Enterprise from Tomorrow's Threats Today
This is the perfect reference for any IT professional responsible for protecting their enterprise from the next generation of IT security threats. This anthology represents the best of this year's top Syngress Security books on the Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats likely to be unleashed in the near future..
* From Practical VoIP Security, Thomas Porter, Ph.D. and Director of IT Security for the FIFA 2006 World Cup, writes on threats to VoIP communications systems and makes recommendations on VoIP security.
* From Phishing Exposed, Lance James, Chief Technology Officer of Secure Science Corporation, presents the latest information on phishing and spam.
* From Combating Spyware in the Enterprise, Brian Baskin, instructor for the annual Department of Defense Cyber Crime Conference, writes on forensic detection and removal of spyware.
* Also from Combating Spyware in the Enterprise, About.com's security expert Tony Bradley covers the transformation of spyware.
* From Inside the SPAM Cartel, Spammer-X shows how spam is created and why it works so well.
* From Securing IM and P2P Applications for the Enterprise, Paul Piccard, former manager of Internet Security Systems' Global Threat Operations Center, covers Skype security.
* Also from Securing IM and P2P Applications for the Enterprise, Craig Edwards, creator of the IRC security software IRC Defender, discusses global IRC security.
* From RFID Security, Brad Renderman Haines, one of the most visible members of the wardriving community, covers tag encoding and tag application attacks.
* Also from RFID Security, Frank Thornton, owner of Blackthorn Systems and an expert in wireless networks, discusses management of RFID security.
* From Hack the Stack, security expert Michael Gregg covers attacking the people layer.
* Bonus coverage includes exclusive material on device driver attacks by Dave Maynor, Senior Researcher at SecureWorks.
* The best of this year: Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats
* Complete Coverage of forensic detection and removal of spyware, the transformation of spyware, global IRC security, and more
* Covers secure enterprise-wide deployment of hottest technologies including Voice Over IP, Pocket PCs, smart phones, and more
A One-Stop Reference Containing the Most Read Topics in the Syngress Security LibraryThis Syngress Anthology Helps You Protect Your Enterprise from Tomorrow's Threats TodayThis is the perfect reference for any IT professional responsible for protecting their enterprise from the next generation of IT security threats. This anthology represents the "e;best of? this year's top Syngress Security books on the Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats likely to be unleashed in the near future..* From Practical VoIP Security, Thomas Porter, Ph.D. and Director of IT Security for the FIFA 2006 World Cup, writes on threats to VoIP communications systems and makes recommendations on VoIP security.* From Phishing Exposed, Lance James, Chief Technology Officer of Secure Science Corporation, presents the latest information on phishing and spam.* From Combating Spyware in the Enterprise, Brian Baskin, instructor for the annual Department of Defense Cyber Crime Conference, writes on forensic detection and removal of spyware.* Also from Combating Spyware in the Enterprise, About.com's security expert Tony Bradley covers the transformation of spyware.* From Inside the SPAM Cartel, Spammer-X shows how spam is created and why it works so well.* From Securing IM and P2P Applications for the Enterprise, Paul Piccard, former manager of Internet Security Systems' Global Threat Operations Center, covers Skype security.* Also from Securing IM and P2P Applications for the Enterprise, Craig Edwards, creator of the IRC security software IRC Defender, discusses global IRC security.* From RFID Security, Brad "e;Renderman? Haines, one of the most visible members of the wardriving community, covers tag encoding and tag application attacks.* Also from RFID Security, Frank Thornton, owner of Blackthorn Systems and an expert in wireless networks, discusses management of RFID security.* From Hack the Stack, security expert Michael Gregg covers attacking the people layer.* Bonus coverage includes exclusive material on device driver attacks by Dave Maynor, Senior Researcher at SecureWorks.* The "e;best of? this year: Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats* Complete Coverage of forensic detection and removal of spyware, the transformation of spyware, global IRC security, and more* Covers secure enterprise-wide deployment of hottest technologies including Voice Over IP, Pocket PCs, smart phones, and more
Cover 1
Contents 17
Foreword 31
Part I VoIP 33
Chapter 1 Threats to VoIP Communications Systems By Thomas Porter 35
Introduction 36
Denial-of-Service or VoIP Service Disruption 36
Call Hijacking and Interception 44
H.323-Specific Attacks 52
SIP-Specific Attacks 53
Chapter 2 Validate Existing Security Infrastructure for VoIP By Thomas Porter 59
Introduction 60
Security Policies and Processes 61
Physical Security 73
Server Hardening 77
Supporting Services 90
Unified Network Management 95
Chapter 3 Recommendations for VoIP Security By Thomas Porter 105
Introduction 106
Reuse Existing Security Infrastructure Wisely 107
Confirm User Identity 111
Active Security Monitoring 114
Logically Segregate VoIP from Data Traffic 116
Chapter 4 Skype Security By Paul Piccard 135
Introduction 136
Skype Architecture 137
Features and Security Information 139
Malicious Code 145
Client Security 146
Part II Malware 155
Chapter 5 The Transformation of Spyware By Tony Bradley 157
Introduction 158
The Humble Beginnings 158
Spyware in the Twenty-First Century 166
The Future of Spyware 170
Chapter 6 Spyware and the Enterprise Network By Jeremy Faircloth 175
Introduction 176
Keystroke Loggers 177
Trojan Encapsulation 187
Spyware and Backdoors 191
Chapter 7 Global IRC Security By Craig Edwards 199
Introduction 200
DDoS Botnets Turned Bot-Armies 200
Information Leakage 207
Copyright Infringement 208
Transfer of Malicious Files 211
Firewall/IDS Information 215
Chapter 8 Forensic Detection and Removal of Spyware By Brian Baskin 221
Introduction 222
Manual Detection Techniques 222
Detection and Removal Tools 240
Enterprise Removal Tools 267
Part III Phishing and Spam 277
Chapter 9 Go Phish! By Lance James 279
Introduction 280
The Impersonation Attack 282
The Forwarding Attack 302
The Popup Attack 308
Chapter 10 E-Mail: The Weapon of Mass Delivery By Lance James 321
Introduction 322
E-Mail Basics 322
Chapter 11 How Spam Works By Spammer X 367
Who Am I? 368
The Business of Spam 368
Spam in the Works: A Real-World Step-by-Step Example 370
Chapter 12 Sending Spam By Spammer X 381
The Required Mindset to Send Spam 382
Methods of Sending Spam 383
Chapter 13 Your E-mail: Digital Gold By Spammer X 415
What Does Your E-mail Address Mean to a Spammer? 416
Hackers and Spammers: Their United Partnership 418
Harvesting the Crumbs of the Internet 421
Mass Verification 429
Chapter 14 Creating the Spam Message and Getting It Read By Spammer X 437
Jake Calderon? Who Are You? 438
Part IV RFID 463
Chapter 15 RFID Attacks: Tag Encoding Attacks By Brad “Renderman” Haines 465
Introduction 466
Case Study: John Hopkins vs. SpeedPass 466
The SpeedPass 466
Chapter 16 RFID Attacks: Tag Application Attacks By Brad “Renderman” Haines 479
MIM 480
Chip Clones—Fraud and Theft 480
Tracking: Passports/Clothing 485
Chip Cloning > Fraud
Disruption 491
Chapter 17 RFID Attacks: Securing Communications Using RFID Middleware By Anand M. Das 493
RFID Middleware Introduction 494
Attacking Middleware with the Air Interface 505
Understanding Security Fundamentals and Principles of Protection 510
Addressing Common Risks and Threats 523
Securing RFID Data Using Middleware 526
Using DES in RFID Middleware for Robust Encryption 528
Using Stateful Inspection in the Application Layer Gateway For Monitoring RFID Data Streams 529
Providing Bulletproof Security Using Discovery, Resolution, and Trust Services in AdaptLink™ 531
Chapter 18 RFID Security: Attacking the Backend By Hersh Bhargava 535
Introduction 536
Overview of Backend Systems 536
Data Attacks 538
Virus Attacks 540
RFID Data Collection Tool— Backend Communication Attacks 542
Attacks on ONS 543
Chapter 19 Management of RFID Security By Frank Thornton 547
Introduction 548
Risk and Vulnerability Assessment 548
Risk Management 551
Threat Management 553
Part V Non-Traditional Threats 557
Chapter 20 Attacking The People Layer By Michael Gregg and Ron Bandes 559
Attacking the People Layer 560
Defending the People Layer 582
Making the Case for Stronger Security 597
People Layer Security Project 604
Chapter 21 Device Driver Auditing By David Maynor 609
Introduction 610
Why Should You Care? 610
What Is a Device Driver? 613
Index 629
| Erscheint lt. Verlag | 8.11.2006 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Informatik ► Theorie / Studium ► Kryptologie | |
| Mathematik / Informatik ► Informatik ► Web / Internet | |
| Wirtschaft ► Betriebswirtschaft / Management | |
| ISBN-10 | 0-08-047559-0 / 0080475590 |
| ISBN-13 | 978-0-08-047559-2 / 9780080475592 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 10,2 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
