Beat hackers at their own game
The world of a hacker revealed by a corporate hack master Hack Attacks Revealed.

Take a technogothic journey inside the world of a hacker as seen by security expert John Chirillo. Drawing on his own experience as a hacking consultant for Fortune 1000 companies, Chirillo shows how hackers can exploit network security holes and how you can recognize an oncoming threat to your security. The book features details of the powerful Tiger Box system, used by hackers to penetrate vulnerable networks, and teaches you how to use that same tool to your advantage.

In this highly provocative work, you’ll discover:

� The hacker’s perspective on networking protocols and communication technologies
� A complete hacker ’s technology handbook, illustrating techniques used by hackers, crackers, phreaks, and cyberpunks
� Information discovery and scanning tools for hacking into known and unknown ports and service vulnerabilities
� Detailed instructions for customizing the Tiger Box for your needs and using it to search hack attacks

(more…)

Recently, the emergence of wireless and mobile networks has made
possible the admission of electronic commerce to a new application and
research subject: mobile commerce, defined as the exchange or buying
and selling of commodities, services, or information on the Internet
through the use of mobile handheld devices. In just a few years, mobile
commerce has emerged from nowhere to become the hottest new trend in
business transactions. However, the prosperity and popularity of mobile
commerce will be brought to a higher level only if information is
securely and safely exchanged among end systems (mobile users and
content providers). Advances in Security and Payment Methods for Mobile
Commerce includes high-quality research papers and industrial and
practice articles in the areas of mobile commerce security and payment
from academics and industrialists. It covers research and development
results of lasting significance in the theory, design, implementation,
analysis, and application of mobile commerce security and payment.

(more…)

Web sites have become a powerful marketplace that can capsize a company when attacked by a virus or hacker. With this book, you can take the necesary steps today to avoid compromising the integrity of your company’s data and communication tomorrow. Web Security Basics give you the knowledge you need to keep your network safe and gain a competitive edge.

(more…)

Wireless Communications Systems and Networks covers the breadth of research in wireless communications. It begins by detailing the essential background, such as wireless standards, spread spectrum and CDMA systems, and goes on to discuss advanced topics in next generation wireless systems. Discussions of advanced-level materials progress in a step-by-step fashion to ensure that readers with some basic knowledge of wireless communications can easily follow the text, without the need to refer to other related readings. This book is a self-contained reference with chapters by top researchers in the field, and is of great interest to telecommunications engineers, students and researchers.

(more…)

This book was written for the many thousands of people involved in designing and writing software for the Microsoft .NET platform. It is chock-full of tips and insights about user-based security, which I like to term “Windows security” because it’s been around in one form or another since Windows NT first shipped. Given the plethora of books that cover the new security features in the .NET Framework, such as code access security and ASP.NET forms authentication, I decided to write a book to help folks with the basics of Windows security, a topic that most other books miss entirely or get subtly or blatantly wrong. This book is in some sense a second edition of my first security book, Programming Windows Security, but I hope that you will find it immensely more approachable and practical. I’ve tried to distill the Zen of these topics into small tidbits of information–items that link to one another–allowing you to read the book in any order that suits you. I hope that you’ll find the format of 75 concise tidbits of information helpful as a reference. The “what is” items focus on explaining concepts, while the “how to” items focus on helping you perform a common task. Within these pages I cover security features in various versions of Windows based on Windows NT. This includes Windows 2000, Windows XP Professional, and Windows Server 2003, but does not include 16-bit Windows or any of the Win9X flavors (Windows 95/98, Windows ME, Windows XP Home Edition). So, when I talk about “Windows” I’m referring to the versions based on Windows NT. Whenever I talk about the file system, I’m assuming that you’re using NTFS, not FAT partitions. Whenever I talk about domains, I’m assuming Windows 2000 or greater. If you’re still living with a Windows NT 4 domain, you have my sincere condolences! Many people have expressed surprise that I occasionally talk about Win32 APIs and refer to Win32 header files in a book for .NET programmers. I wish I didn’t have to do this, but as anyone who has experience with the .NET Framework knows, the framework class library wraps only a fraction of the functionality of the Windows
platform as of this writing. The coverage will get better over time, but to do many things in Windows (including security programming), you often need to call native Win32 APIs. Even as version 2.0 of the framework is being revealed in beta 1, you can see that coverage increasing, but it’s still not complete. In any case, I’ve tried to make it clear in the prose when I’m talking about a Win32 API versus a .NET Framework class, and I’ve provided lots of sample code and helper classes written in Managed C++ that you can leverage to avoid having to call those APIs yourself.

(more…)

The .NET Framework offers new, more effective ways to secure your Web and LAN-based applications. .NET Development Security Solutions uses detailed, code-intensive examples–lots of them–to teach you the right techniques for most scenarios you’re likely to encounter. This is not an introduction to security; it’s an advanced cookbook that shows experienced programmers how to meet tough security challenges:
* Recognize and avoid dangerous traps–including holes in .NET
* Work fluently with both role-based and code access security
* Maximize the security advantages of policies and code groups
* Promote security using Active Directory
* Secure data with .NET cryptographic techniques
* Meet the toughest LAN security requirements
* Tackle special security issues associated with Web and wireless applications
* Implement Win32 API security in managed applications

Uniting this instruction is a coherent, cohesive mindset that will help you take the human factor into account at every step. You’ll become technically proficient with all the tools at your disposal–and, at the same time, you’ll learn to make your solutions more powerful by crafting them in ways that dovetail with users’ needs–and foibles–and anticipate cracker exploits.

(more…)

Provides a concise guide to maintaining secure systems in the Solaris environment. Covers standalone and networked systems running Solaris and presents a special section on disaster preparation and recovery operations. Softcover. DLC: Computer security.

Solaris Security has two audiences ??? IS/IT and security managers and UNIX administrators.

The content for IS/IT and security managers appears primarily in

(more…)

Network security has become the latter-day equivalent of oxymoronic
terms like “jumbo shrimp” and “exact estimate.” Newspaper headlines are
routinely peppered with incidents of hackers thwarting the security put
forth by the government and the private sector. As with any new
technology, the next evolution of network security has long languished
in the realm of science fiction and spy novels. It is now ready to step
into the reality of practical application.

In Biometrics for Network Security,
biometrics security expert Paul Reid covers a variety of biometric
options, ranging from fingerprint identification to voice verification
to hand, face, and eye scanning. Approaching the subject from a
practitioner’s point of view, Reid describes guidelines, applications,
and procedures for implementing biometric solutions for your network
security systems.

Coverage includes:

• An introduction to authentication technologies and biometrics
• Dealing with privacy issues
• Biometric technologies, including finger, hand geometry, handwriting, iris, retina, voice, and face
• Security concerns related to biometrics, including attempts to spoof or fake results
• Deployment of biometric security systems, including vendor selection and roll out procedures
• Real-life case studies

For
security, system, and network administrators and managers, as well as
anyone who is interested in the application of cutting-edge biometric
technology, Biometrics for Network Security will prove an indispensable addition to your library!

(more…)

As a system administrator or security professionals, you probably find yourself inundated each day with a deluge of log files from seemingly countless devices, servers, and applications on your network ranging from Windows Server to Snort to your PIX firewall and everything in between. At times, the task of “seeing the forest through the trees” to extract useful, repeatable information from these logs may seem almost impossible. This unique book will show you how to use a combination of open source software such as Tcpdstats, and Snort perfmonitor to create succinct, meaningful reports that give you the big picture of your network’s overall health and well being. So, if you need to analyze and prioritize everything from how much of your bandwidth is devoted to browsing ESPN.com, to the most targeted machines in your IDS logs, this is the book for you. This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools.

The book begins by discussing the “Top 10″ security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the “Top 10″ list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.

(more…)

Writing Security Tools and Exploits is the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book has over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book dives right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques are included in both the Local and Remote Code sections of the book.

The book is accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library includes multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

(more…)