Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010108428 | QA76.9.A25 H324 2006 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
The stories about phishing attacks against banks are so true-to-life, it's chilling." --Joel Dubin, CISSP, Microsoft MVP in Security
Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker's Challenge 3 . Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you'll get a detailed analysis of how the experts solved each incident.
Author Notes
David Pollino has a strong background in security, wireless, and networking. David is currently a security practitioner working in financial services. During his career, he has worked for an industry-leading security consulting company, a large financial services company, and a tier 1 ISP. David often speaks at security events and has frequently been quoted in online and printed journals regarding security issues. During his career as a consultant and network engineer, David has worked for clients across multiple industries, including financial services, service providers, high technology, manufacturing, and government. He co-authored Wireless Security (RSA Press, 2002) and Hacker's Challenge and Hacker's Challenge 2 (McGraw-Hill/Osborne, 2001 and 2002, respectively).
Bill Pennington, CISSP, has six years of professional experience in information security and eleven years in information technology. His duties at WhiteHat include managing research and development, guiding product and technology direction, managing web application assessment teams, and developing and delivering WhiteHat Security training. Bill has performed web application assessments for more than four years in a variety of industry verticals including financial services, e-commerce, and biotechnology. He is familiar with Mac OS X, Linux, Solaris, Windows, and OpenBSD, and he is a Certified Information Security Systems Practitioner (CISSP) and Certified Cisco Network Administrator (CCNA). He has broad experience in web application security, penetration testing, computer forensics, and intrusion detection systems. Prior to joining WhiteHat, Bill was a principal consultant and technical lead for assessment services at Guardent, a nationwide security services provider.
Tony Bradley, CISSP-ISSAP, MCSE2k, has eight years of computer networking and administration experience, focusing the last four on network security and malware protection. Tony is a network security architect providing design, implementation, and management of network security solutions for a variety of Fortune 500 customers. He is also the editor and writer for the About.com Internet/Network Security website and frequently contributes to a variety of technical and security publications, both in print and on the Web. You can view his writing portfolio at http://www.s3kur3.com.
Himanshu Dwivedi is a founding partner of iSEC Partners, an independent provider of information security services and tools. He has 12 years of experience in security and IT. Before forming iSEC, he was Technical Director for @stake's Bay Area security practice. Himanshu's professional focus includes strategic security services, which leverages his experience with software development, infrastructure security, application security, tool development, and secure product design. He is considered an industry expert in storage security, specifically Fibre Channel/iSCSI SANs and CIFS/NFS NAS systems. Himanshu has presented at major security conferences throughout the world, including Black Hat, Storage Networking World, Syscan Singapore, and Bellua Indonesia. Himanshu also has a patent pending for a storage security design architecture that can be implemented on enterprise storage products for Fibre Channel networks. Himanshu has also authored two additional security books, including Securing Storage: A Practical Guide to SAN and NAS Security (Addison-Wesley, 2005) and Implementing SSH: Strategies for Optimizing the Secure Shell (Wiley, 2003).
Table of Contents
Foreword | p. xix |
Acknowledgments | p. xxi |
Introduction | p. xxiii |
Part I Challenges | |
1 To Catch a Phish | p. 3 |
Industry: Financial Services | |
Prevention Complexity: Moderate | |
Attack Complexity: Moderate | |
Mitigation Complexity: High | |
2 Owning the Pharm | p. 15 |
Industry: Pharmaceutical | |
Prevention Complexity: Low | |
Attack Complexity: High | |
Mitigation Complexity: Moderate | |
3 Big Bait, Big Phish | p. 27 |
Industry: E-commerce | |
Prevention Complexity: Medium | |
Attack Complexity: Hard | |
Mitigation Complexity: Hard | |
4 Shooting Phish in a Barrel | p. 37 |
Industry: Public Relations | |
Prevention Complexity: Moderate | |
Attack Complexity: Moderate | |
Mitigation Complexity: Moderate | |
5 Too Few Secrets | p. 47 |
Industry: Financial Services | |
Prevention Complexity: Moderate | |
Attack Complexity: Moderate | |
Mitigation Complexity: Moderate | |
6 Upgraded or "Owned?" | p. 59 |
Industry: Internet Service Provider | |
Prevention Complexity: Medium | |
Attack Complexity: Low | |
Mitigation Complexity: High | |
7 Pale Blue Glow | p. 69 |
Industry: Banking and Finance | |
Prevention Complexity: Moderate | |
Attack Complexity: Easy | |
Mitigation Complexity: Moderate | |
8 Crossing the Line | p. 77 |
Industry: Internet and Retail | |
Prevention Complexity: Medium | |
Attack Complexity: Medium | |
Mitigation Complexity: Medium to High | |
9 The Root of the Problem | p. 87 |
Industry: Publishing | |
Prevention Complexity: Moderate | |
Attack Complexity: Moderate | |
Mitigation Complexity: Moderate | |
10 Firewall Insights | p. 95 |
Industry: Small Bank | |
Prevention Complexity: Medium | |
Attack Complexity: Low | |
Mitigation Complexity: High | |
11 Peter LemonJello's "A Series of Unfortunate Events" | p. 103 |
Industry: Finance | |
Prevention Complexity: Easy | |
Attack Complexity: Medium | |
Mitigation Complexity: Easy | |
12 Share and Share Alike | p. 115 |
Industry: Online Retail | |
Prevention Complexity: Moderate | |
Attack Complexity: Low | |
Mitigation Complexity: Low | |
13 The Holy Grail | p. 131 |
Industry: Financial | |
Prevention Complexity: Moderate | |
Attack Complexity: High | |
Mitigation Complexity: Moderate | |
14 Open Source | p. 141 |
Industry: Small Business | |
Prevention Complexity: Moderate | |
Attack Complexity: Easy | |
Mitigation Complexity: Easy | |
15 Cup of Chai | p. 153 |
Industry: E-commerce | |
Prevention Complexity: Moderate | |
Attack Complexity: High | |
Mitigation Complexity: Moderate | |
16 Love Plus One | p. 167 |
Industry: E-commerce | |
Prevention Complexity: Easy | |
Attack Complexity: Low | |
Mitigation Complexity: High | |
17 Bullet the Blue Sky | p. 179 |
Industry: E-commerce | |
Prevention Complexity: High | |
Attack Complexity: Hard | |
Mitigation Complexity: Easy | |
18 The Insider III | p. 189 |
Industry: Financial Institution | |
Prevention Complexity: Low | |
Attack Complexity: Low | |
Mitigation Complexity: Moderate | |
19 Jumping Someone Else's Train | p. 201 |
Industry: Pharmaceutical | |
Prevention Complexity: Easy | |
Attack Complexity: Low | |
Mitigation Complexity: Low | |
20 The Not-So-Usual Suspects | p. 223 |
Industry: Financial | |
Prevention Complexity: Moderate | |
Attack Complexity: High | |
Mitigation Complexity: Moderate | |
Part II Solutions | |
1 To Catch a Phish | p. 235 |
2 Owning the Pharm | p. 239 |
3 Big Bait, Big Phish | p. 245 |
4 Shooting Phish in a Barrel | p. 251 |
5 Too Few Secrets | p. 257 |
6 Upgraded or "Owned?" | p. 263 |
7 Pale Blue Glow | p. 269 |
8 Crossing the Line | p. 275 |
9 The Root of the Problem | p. 279 |
10 Firewall Insights | p. 291 |
11 Peter LemonJello's "A Series of Unfortunate Events" | p. 295 |
12 Share and Share Alike | p. 299 |
13 The Holy Grail | p. 307 |
14 Open Source | p. 315 |
15 Cup of Chai | p. 321 |
16 Love Plus One | p. 327 |
17 Bullet the Blue Sky | p. 331 |
18 The Insider III | p. 337 |
19 Jumping Someone Else's Train | p. 343 |
20 The Not-So-Usual Suspects | p. 347 |
Index | p. 355 |