Fogie / DeRodeff / Gregg | InfoSecurity 2008 Threat Analysis | Buch | 978-1-59749-224-9 | sack.de

Buch, Englisch, 480 Seiten, Format (B × H): 191 mm x 235 mm, Gewicht: 790 g

Fogie / DeRodeff / Gregg

InfoSecurity 2008 Threat Analysis


Erscheinungsjahr 2007
ISBN: 978-1-59749-224-9
Verlag: Syngress

Buch, Englisch, 480 Seiten, Format (B × H): 191 mm x 235 mm, Gewicht: 790 g

ISBN: 978-1-59749-224-9
Verlag: Syngress


An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking.

Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.
Fogie / DeRodeff / Gregg InfoSecurity 2008 Threat Analysis jetzt bestellen!

Zielgruppe


* Co-branded Syngress and Infosecurity Magazine and featuring best of breed writers from both
* Featured placement on Infosecurity.com, ads in Infosecurity print magazine (25K circ, 10K in U.S.), and in e-newsletter (15K circ)
* Featured at Infosecurity booth at high traffic shows such as Infosecurity US, Infosecurity Canada, and Infosecurity Europe

Weitere Infos & Material


Foreword
Part I: Botnets
Chapter 1 Botnets: A Call to Action
Introduction
The Killer Web App
How Big is the Problem?
The Industry Responds
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Botnets Overview
What is a Botnet?
The Botnet Life Cycle
What Does a Botnet Do?
Botnet Economic
Summary
Solutions Fast Track
Frequently Asked Questions
Part II Cross Site Scripting Attacks
Chapter 3 Cross-site Scripting Fundamentals
Introduction
Web Application Security
XML and AJAX Introduction
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 XSS Theory
Introduction
Getting XSS'ed
DOM-based XSS in Detail
Redirection
CSRF
Flash, QuickTime, PDF, Oh My
HTTP Response Injection
Source vs. DHTML Reality
Bypassing XSS Length Limitations
XSS Filter Evasion
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 XSS Attack Methods
Introduction
History Stealing
Intranet Hacking
XSS Defacements
Summary
Solutions Fast Track
Frequently Asked Questions
References
Part III Physical and Logical Security Convergence
Chapter 6 Protecting Critical
Infrastructure: Process Control and SCADA
Introduction
Technology Background: Process Control Systems
Why Convergence?
Threats and Challenges
Conclusion
Chapter 7 Final Thought
Introduction
Final Thoughts from William Crower
Final Thoughts from Dan Dunkel
Final Thoughts from Brian Contos
Final Thoughts from Colby DeRodeoff
Part IV PCI Compliance
Chapter 8 Why PCi is Important
Introduction
What is PCI?
Overview of PCI Requirements
Risks and Consequences
Benefits of Compliance
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Protect Cardholder Data
Protecting Cardholder Data
PCI Requirement 3: Protect Stored Cardholder Data
PCI Requirement 4~Encrypt Transmission of Cardholder Data Across Open, Public Networks
Using Compensating Controls
Mapping Out a Strategy
The Absolute Essentials
Summary
Solutions Fast Track
Frequently Asked Questions
Part V Asterisk and VolP Hacking
Chapter 10 Understanding and Taking Advantage of VolP Protocols
Introduction
Your Voice to Data
Making Your Voice Smaller
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Asterisk Hardware Ninjutsu
Introduction
Serial
Motion
Modems
Fun with Dialing
Legalities and Tips
Summary
Solutions Fast Track
Frequently Asked Questions
Part VI Hack the Stack
Chapter 12 Social Engineering
Introduction
Attacking the People Layer
Defending the People Layer
Making the Case for Stronger Security
People Layer Security Project
Summary
Solutions Fast Track
Frequently Asked Questions
Index


Fogie, Seth
Seth Fogie is the VP of Dallas-based Airscanner Corporation where he oversees the development of security software for the Window Mobile (Pocket PC) platform. He has co-authored numerous technical books on information security, including the top selling "Maximum Wireless Security" from SAMS, and "Security Warrior" from O'Reilly. Seth frequently speaks at IT and security conferences/seminars, including Black Hat, Defcon, CSI, and Dallascon. In addition, Seth has co-authored the HIPAA medical education course for the Texas Medical Associate and is acting Site Host for Security at the "InformIT.com" website where he writes articles and reviews/manages weekly information security related books and articles

DeRodeff, Colby
Colby DeRodeff, GCIA, GCNA; Manager, Technical Marketing, ArcSight, has spent nearly a decade working with global organizations guiding best practices and empowering the use of ArcSight products across all business verticals including government, finance and healthcare. In this capacity he has been exposed to countless security and organizational challenges giving him a unique perspective on today's information security challenges.
Recognized as an expert in the field of IT security, Colby's primary areas of focus are insider threat, the convergence of physical and logical security, as well as enterprise security and information management. As the leader of ArcSight's Technical Marketing team, Colby drives content for customers to more easily identify and solve complex real-world issues. He has helped ArcSight grow from the earliest days as a sales consultant and implementation engineer, to joining the development organization where he was one of the founders of ArcSight's Strategic Application Solutions team delivering content solutions to solve real world problems such as compliance and insider threat.
Colby has held several consulting positions at companies; such as Veritas where he was responsible for deploying their global IDS infrastructure and ThinkLink Inc, where he maintained an enterprise VoIP network.
Colby attended San Francisco State University and holds both the SANS Intrusion Analyst (GCIA) and Network Auditor (GCNA) certifications

Schooping, Paul
Paul Schooping (CISSP) is a Security Engineer for a leading global technology services company. He currently participates in the design, implementation and support of global security and privacy solutions. Paul's background includes experience as the Global Antivirus and Vulnerability Manager for a Fortune 500 Company and the development of an enterprise Emergency Security Response Team. His specialties include Antivirus, vulnerability assessment, reverse engineering of malware, and encryption technologies. Paul holds a bachelors degree in psychology and formerly served in multiple youth ministry positions.

Gregg, Michael
Michael Gregg is the President of Superior Solutions, Inc. and has more than 20 years' experience in the IT field. He holds two associate's degrees, a bachelor's degree, and a master's degree and is certified as CISSP, MCSE, MCT, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA. Michael's primary duty is to serve as project lead for security assessments, helping businesses and state agencies secure their IT resources and assets. Michael has authored four books, including Inside Network Security Assessment, CISSP Prep Questions, CISSP Exam Cram2, and Certified Ethical Hacker Exam Prep2. He has developed four high-level security classes, including Global Knowledge's Advanced Security Boot Camp, Intense School's Professional Hacking Lab Guide, ASPE's Network Security Essentials, and Assessing Network Vulnerabilities. He has written over 50 articles featured in magazines and Web sites, including Certification Magazine, GoCertify, The El Paso Times, and SearchSecurity. Michael is also a faculty member of Villanova University and creator of Villanova's college-level security classes, including Essentials of IS Security, Mastering IS Security, and Advanced Security Management. He also serves as a site expert for four TechTarget sites, including SearchNetworking, SearchSecurity, SearchMobileNetworking, and SearchSmallBiz. He is a member of the TechTarget Editorial Board.


Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.