- Legal
- White, Edmund
- Faiz, Ahmed Faiz
- Privatization
- Lesbian
- Japanese
- Takahashi, Rumiko
- Salmonson, Jessica Amanda
- Socially Handicapped
- Robinson, Kevin
- General
- Level 3 (Book & Tape Sets)
- Little Red Riding Hood
- Smith, James
- Gaskell, Elizabeth
- Yep, Laurence
- Differential Geometry
- Wright, James
- Shange, Ntozake
- Alex Anderson
- Taylor, Janelle
- Hardcover
- Reference
- Muller, Marcia
- Korean
- Balearic Islands
- Jerome
- Baskets
- Reading
- Paperback
- Some of our other sites:
- Books
- Clothing, Shoes and Accessories
- Baby Clothes and Accessories
- Cosmetics, Beauty Products and Fragrances
- Cellphones, Call Plans and Accessories
- Video Games
- DVDs
- Electronics, Gadgets and Computers
- Health and Personal Care
- Home and Garden
- Home DIY
- Jewelry
- Magazines and Newspapers
- Music Downloads
- Musical Instruments
- Office Equipment and Supplies
- Software and Games
- Sporting Goods
- Toys and Games
- Watches
- UK Books
- UK Video Games
- UK Home and Garden
- UK Electronics, Gadgets and Computers
- UK Baby Clothes and Accessories
- UK Software and Games
- UK Sporting Goods
- UK Toys and Games
Books : Computers & Internet : Web Development : Security & Encryption
-
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.
The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
- Program computers using C, assembly language, and shell scripts
- Corrupt system memory to run arbitrary code using buffer overflows and format strings
- Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
- Outsmart common security measures like nonexecutable stacks and intrusion detection systems
- Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
- Redirect network traffic, conceal open ports, and hijack TCP connections
- Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix
Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.
-
-
-
-
Identify, mitigate, and respond to network attacks
- Understand the evolution of security technologies that make up the unified ASA device and how to install the ASA hardware
- Examine firewall solutions including network access control, IP routing, AAA, application inspection, virtual firewalls, transparent (Layer 2) firewalls, failover and redundancy, and QoS
- Evaluate Intrusion Prevention System (IPS) solutions including IPS integration and Adaptive Inspection and Prevention Security Services Module (AIP-SSM) configuration
- Deploy VPN solutions including site-to-site IPsec VPNs, remote- access VPNs, and Public Key Infrastructure (PKI)
- Learn to manage firewall, IPS, and VPN solutions with Adaptive Security Device Manager (ASDM)
Achieving maximum network security is a challenge for most organizations. Cisco® ASA, a new unified security device that combines firewall, network antivirus, intrusion prevention, and virtual private network (VPN) capabilities, provides proactive threat defense that stops attacks before they spread through the network.
This new family of adaptive security appliances also controls network activity and application traffic and delivers flexible VPN connectivity. The result is a powerful multifunction network security device that provides the security breadth and depth for protecting your entire network, while reducing the high deployment and operations costs and complexities associated with managing multiple point products.
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance is a practitioner’s guide to planning, deploying, and troubleshooting a comprehensive security plan with Cisco ASA. The book provides valuable insight and deployment examples and demonstrates how adaptive identification and mitigation services on Cisco ASA provide a sophisticated security solution for both large and small network environments.
The book contains many useful sample configurations, proven design scenarios, and discussions of debugs that help you understand how to get the most out of Cisco ASA in your own network.
“I have found this book really highlights the practical aspects needed for building real-world security. It offers the insider’s guidance needed to plan, implement, configure, and troubleshoot the Cisco ASA in customer environments and demonstrates the potential and power of Self-Defending Networks.”
–Jayshree Ullal, Sr. Vice President, Security Technologies Group, Cisco Systems®
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
-
-
<>The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security OperationsSecurity Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise.
Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization’s unique requirements. You’ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management.
Security Metrics successfully bridges management’s quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith’s extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You’ll learn how to:
• Replace nonstop crisis response with a systematic approach to security improvement
• Understand the differences between “good” and “bad” metrics
• Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk
• Quantify the effectiveness of security acquisition, implementation, and other program activities
• Organize, aggregate, and analyze your data to bring out key insights
• Use visualization to understand and communicate security issues more clearly
• Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources
• Implement balanced scorecards that present compact, holistic views of organizational security effectiveness
Whether you’re an engineer or consultant responsible for security and reporting to management–or an executive who needs better information for decision-making–Security Metrics is the resource you have been searching for.
Andrew Jaquith, program manager for Yankee Group’s Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist.
Foreword
Preface
Acknowledgments
About the Author
Chapter 1 Introduction: Escaping the Hamster Wheel of Pain
Chapter 2 Defining Security Metrics
Chapter 3 Diagnosing Problems and Measuring Technical Security
Chapter 4 Measuring Program Effectiveness
Chapter 5 Analysis Techniques
Chapter 6 Visualization
Chapter 7 Automating Metrics Calculations
Chapter 8 Designing Security Scorecards
Index
-
Nagios is an Open Source network, hardware, and application monitoring program. It is designed to inform system administrators of problems on their networks before their clients, end-users or managers do. Nagios is a SysAdmin's best friend. Nagios is installed on over 300,000 machines worldwide, and truly is a global product: approximately 25.6% of users are in the U.S., and 30% in EMEA. Nagios can monitor everything from network bandwidth to the temperature and humidity in a server room. SysAdmins are able to use Nagios for such a variety of purposes through custom software "plug ins" and third party hardware. SysAdmins customize these plug ins instructing Nagios to monitor the servers, applications, or devices that are most critical to their network infrastructure. These plug ins also allow SysAdmins to integrate Nagios with other monitoring devices and applications like Snort and Wireshark. Nagios can also be fully integrated with third party environmental monitoring devices and remote power supplies. When Nagios detects a problem, it can notify the SysAdmin in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser. Nagios could send a text message to a SysAdmin sitting on his couch at home that the temperature in the server room is too hot and could potentially damage the equipment. The SysAdmin can then check the status of the server from home using his Nagios Web interface, and then coordinate with the appropriate facility management personnel to check the air conditioning in the server room. This is merely one example of Nagios? capabilities. The same scenario could be applied to an overloaded Exchange server, a router being pounded by a Denial of Service Attack, or a user accessing or downloading unauthorized materials.
* Contains complete case study on deploying Nagios in an enterprise environment.
* Companion Web site offers 100 working Scripts for customizing Nagios plug-ins.
* Helps organizations adhere to federally mandated compliance regulations such as Sarbanes Oxley, or HIPAA.
* Details how to integrate Nagios with third-party hardware.
-
"Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the worlds leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection.Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers.
After reading this book, readers will be able to
- Understand the role of rootkits in remote command/control and software eavesdropping
- Build kernel rootkits that can make processes, files, and directories invisible
- Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects
- Work with layered drivers to implement keyboard sniffers and file filters
- Detect rootkits and build host-based intrusion prevention software that resists rootkit attacks
Visit rootkit.com for code and programs from this book. The site also contains enhancements to the book's text, such as up-to-the-minute information on rootkits available nowhere else.
"
-
The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond. The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else, as they were created by the author.
-
According to Microsoft, Exchange Server delivers over 75% of all corporate e-mail. The 2007 release is the fist major overhaul since 2003. It attempts to address the challenge of delivering greater performance and accessibility while increasing protection against a new generation of high risk security threats. Microsoft has added many new features that dramatically improve the scope of Exchange Server and the Outlook web client, positioning the platform as a groupware and collaboration tool that is accessible to remote and wireless users as will as those wired directly to the corporate intranet. The typical SysAdmin needs a reference that cuts through all the complexity and seldom-used features to get the product successfully deployed as efficiently as possible---exactly the job of the "How to Cheat" series.
-
-
n-depth and comprehensive, this resource delivers the information you need for administering Windows Vista. You get expert technical guidance from those who know the technology best Microsoft Most Valuable Professionals and the Microsoft Windows Vista team. Plus more than 200 scripts, tools and essential administration resources on DVD. Get expert guidance on how to: Plan and implement high-volume and low-volume deployment projects Configure Group Policy to manage clients, user profiles, search features, and network resources Administer disks, file systems, folders, printers, and other devices Implement file and media sharing in workgroup and domain environments Configure wireless networking protocols, TCP/IP, and VPN connections Manage software updates, User Account Control, Windows Firewall, and Ipsec protection Monitor event logs and system performance Troubleshoot hardware, drivers, network connectivity, and stop messages DVD features: 140+ scripts for automating administration and deployment. Network troubleshooting tools. Debugging tools for 32-bit and 64-bit editions of Windows. Solution Accelerator for Business Desktop Deployment 2007 plus supporting tools.Technical white papers on Windows Vista administration. Sample chapters from Microsoft Security Resource Kit, Second Edition and Microsoft VBScript Step by Step. Fully searchable eBook.
-
This is an advanced cookbook and reference guide for digital forensic practitioners. File System Forensic Analysis focuses on the file system and disk. The file system of a computer is where most files are stored and where most evidence is found; it also the most technically challenging part of forensic analysis. This book offers an overview and detailed knowledge of the file system and disc layout. The overview will allow an investigator to more easily find evidence, recover deleted data, and validate his tools. The cookbook section will show how to use the many open source tools for analysis, many of which Brian Carrier has developed himself.
-
The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information SecurityFor years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.
The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.
Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.
New coverage also includes
- Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
- Web application threats and vulnerabilities
- Networks of compromised systems: bots, botnets, and drones
- Rootkits--including the notorious Sony XCP
- Wi-Fi network security challenges, standards, and techniques
- New malicious code attacks, including false interfaces and keystroke loggers
- Improving code quality: software engineering, testing, and liability approaches
- Biometric authentication: capabilities and limitations
- Using the Advanced Encryption System (AES) more effectively
- Balancing dissemination with piracy control in music and other digital content
- Countering new cryptanalytic attacks against RSA, DES, and SHA
- Responding to the emergence of organized attacker groups pursuing profit
-
Get in-depth guidance for designing and implementing certificate-based security solutions straight from PKI expert Brian Komar. No need to buy or outsource costly PKI services when you can use the robust PKI and certificate-based security services already built into Windows Server 2008! This in-depth reference teaches you how to design and implement even the most demanding certificate-based security solutions for wireless networking, smart card authentication, VPNs, secure email, Web SSL, EFS, and code-signing applications using Windows Server PKI and certificate services. A principal PKI consultant to Microsoft, Brian shows you how to incorporate best practices, avoid common design and implementation mistakes, help minimize risk, and optimize security administration. This definitive reference features a CD loaded with tools, scripts, and a fully searchable eBook.Key Book Benefits
Guides system engineers and administrators how to design and implement PKI-based solutions
Explains how to exploit the tight integration of Windows Server 2008 PKI services with Active Directory® directory service
Features best practices based on real-world implementations
Includes a CD with tools, scripts, and a fully-searchable eBook
-
Capitalize on the built-in security services in Windows Server 2003 and deliver your own robust, public key infrastructure (PKI) based solutions at a fraction of the cost and time. This in-depth reference cuts straight to the details of designing and implementing certificate-based security solutions for PKI-enabled applications. Written by Brian Komar, a well-known network security and PKI expert, along with members of the Microsoft PKI Team, this guide describes real-world solutions and best practices for wireless networking, smart card authentication, VPNs, security-enhanced e-mail, Web SSL, EFS, and code-signing applications. Get the inside information and guidance you need to avoid common design and implementation mistakes, help minimize risk, and optimize security administration.Discover how to: Strengthen PKI design with policy documents security policies, certificate policies, and Certificate Practice Statements (CPS) Deploy a Windows Server 2003 PKI in an Active Directory environment Design, install, and take measures to help secure the CA hierarchy Plan PKI membership and implement role separation Issue certificates to computers, users, or network devices Create trust between organizations by using code signing and security-enhanced email Recover a user s private key by archiving it for encryption certifications Plan and perform the deployment of Encrypting File System (EFS) Implement Web Secure Sockets Layer (SSL) Install the hardware and software required for smart card authentication CD features: Timesaving tools and scripts Complete eBook in PDF format
-
MCSE SP TRAIN KIT EXAM 70298 DESIGN SEC WIN SVR
-
Master the skills necessary to launch and complete a successful computer investigation with the updated edition of this highly successful book, Guide to Computer Forensics and Investigations. This text will teach readers how to conduct a high-tech investigation, from acquiring digital evidence to reporting its findings. Coverage includes how to set up a forensics lab, how to acquire the proper and necessary tools, and how to conduct the investigation and subsequent digital analysis. The comprehensive coverage and detailed know-how led to the book being listed as recommended reading by the FBI Forensics Communications the United States Certified reading room. The book features free downloads of the latest forensic software, so students become familiar with the tools of the trade.
-
