How to Cheat at Securing Your Network: How to Cheat
Autor Ido Dubrawskyen Limba Engleză Paperback – 19 noi 2007
The latest addition to the best selling "How to Cheat..." series of IT handbooks, this book clearly identifies the primary vulnerabilities of most computer networks, including user access, remote access, messaging, wireless hacking, media, email threats, storage devices, and web applications. Solutions are provided for each type of threat, with emphasis on intrusion detection, prevention, and disaster recovery.
* A concise information source - perfect for busy System Administrators with little spare time
* Details what to do when disaster strikes your network
* Covers the most likely threats to small to medium sized networks
Din seria How to Cheat
- 21% Preț: 219.68 lei
- 20% Preț: 376.51 lei
- 20% Preț: 366.65 lei
- 20% Preț: 356.51 lei
- 20% Preț: 323.93 lei
- 20% Preț: 287.57 lei
- 20% Preț: 289.99 lei
- 20% Preț: 369.56 lei
- 20% Preț: 374.24 lei
- 20% Preț: 314.23 lei
- 20% Preț: 271.72 lei
- 20% Preț: 369.56 lei
- 20% Preț: 306.47 lei
- 20% Preț: 299.99 lei
- 20% Preț: 307.76 lei
- 20% Preț: 351.67 lei
- 20% Preț: 372.63 lei
- 16% Preț: 185.08 lei
Preț: 357.25 lei
Preț vechi: 446.57 lei
-20% Nou
Puncte Express: 536
Preț estimativ în valută:
68.37€ • 71.02$ • 56.79£
68.37€ • 71.02$ • 56.79£
Carte tipărită la comandă
Livrare economică 03-17 februarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781597492317
ISBN-10: 1597492310
Pagini: 432
Dimensiuni: 191 x 235 x 25 mm
Greutate: 0.88 kg
Editura: ELSEVIER SCIENCE
Seria How to Cheat
ISBN-10: 1597492310
Pagini: 432
Dimensiuni: 191 x 235 x 25 mm
Greutate: 0.88 kg
Editura: ELSEVIER SCIENCE
Seria How to Cheat
Public țintă
System Administrators responsible for securing networks in small to mid-size enterprises.Cuprins
Chapter 1 General Security Concepts: Access Control, Authentication, and Auditing
Introduction to AAA
What is AAA?
Access Control
Authentication
Auditing
Access Control
MAC/DAC/RBAC
MAC
DAC
RBAC
Authentication
Kerberos
CHAP
Certificates
Username/Password
Tokens
Multi-factor
Mutual Authentication
Biometrics
Auditing
Auditing Systems
Logging
System Scanning
Disabling Non-essential Services, Protocols, Systems and Processes
Non-essential Services
Non-essential Protocols
Disabling Non-essential Systems
Disabling Non-essential Processes
Disabling Non-Essential Programs
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 General Security Concepts: Attacks
Attacks
Active Attacks
DoS and DDoS
Resource Consumption Attacks
SYN Attacks
DDoS Attacks
Software Exploitation and Buffer Overflows
MITM Attacks
TCP/IP Hijacking
Replay Attacks
Spoofing Attacks
IP Spoofing
E-mail Spoofing
Web Site Spoofing
Phishing
Wardialing
Dumpster Diving
Social Engineering
Vulnerability Scanning
Passive Attacks
Sniffing and Eavesdropping
Password Attacks
Brute Force Attacks
Dictionary-based Attacks
Malicious Code Attacks
Viruses
Worms
Trojan Horses
Rootkits
Back Doors
Logic Bombs
Spyware and Adware
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Communication Security: Remote Access and Messaging
Introduction
he Need for Communication Security
Communications-based Security
Remote Access Security
802.1x
EAP
Vulnerabilities
Media Access Control Authentication
VPN
Site-to-site VPN
Remote Access VPN
RADIUS
Authentication Process
Vulnerabilities
TACACS/+
TACACS
XTACACS
TACACS+
Vulnerabilities
PPTP/L2TP
PPTP
L2TP
SSH
How SSH Works
IPSec
IPSec Authentication
ISAKMP
Vulnerabilities
Eavesdropping
Data Modification
Identity Spoofing
User Vulnerabilities and Errors
Administrator Vulnerabilities and Errors
E-mail Security
MIME
S/MIME
PGP
How PGP Works
Vulnerabilities
SMTP Relay
Spoofing
E-mail and Mobility
E-mail and Viruses
Spam
Hoaxes
Phishing
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Communication Security: Wireless
Introduction
Wireless Concepts
Understanding Wireless Networks
Overview of Wireless
Communication in a Wireless Network
Radio Frequency Communications
Spread Spectrum Technology
Wireless Network Architecture
CSMA/CD and CSMA/CA
Wireless Local Area Networks
WAP
WTLS
IEEE 802.11
IEEE 802.11b
Ad-Hoc and Infrastructure Network Configuration
WEP
Creating Privacy with WEP
Authentication
Common Exploits of Wireless Networks
Passive Attacks on Wireless Networks
Active Attacks on Wireless Networks
MITM Attacks on Wireless Networks
Wireless Vulnerabilities
WAP Vulnerabilities
WEP Vulnerabilities
Security of 64-Bit vs. 128-Bit Keys
Acquiring a WEP Key
Addressing Common Risks and Threats
Finding a Target
Finding Weaknesses in a Target
Exploiting Those Weaknesses
Sniffing
Protecting Against Sniffing and Eavesdropping
Spoofing (Interception) and Unauthorized Access
Protecting Against Spoofing and Unauthorized Attacks
Network Hijacking and Modification
Protection against Network
Hijacking and Modification
Denial of Service and Flooding Attacks
Protecting Against DoS and Flooding Attacks
IEEE 802.1x Vulnerabilities
Site Surveys
Additional Security Measures for Wireless Networks
Using a Separate Subnet for Wireless Networks
Using VPNs for Wireless Access to Wired Network
Temporal Key Integrity Protocol
Message Integrity Code (MIC)
IEEE 802.11i Standard
Implementing Wireless Security: Common Best Practices
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Communication Security: Web Based Services
Introduction
Web Security
Web Server Lockdown
Managing Access Control
Handling Directory and Data Structures
Eliminating Scripting Vulnerabilities
Logging Activity
Performing Backups
Maintaining Integrity
Finding Rogue Web Servers
Stopping Browser Exploits
Exploitable Browser Characteristics
Cookies
Web Spoofing
Web Server Exploits
SSL and HTTP/S
SSL and TLS
HTTP/S
TLS
S-HTTP
Instant Messaging
Packet Sniffers and Instant Messaging7
Text Messaging and Short Message Service (SMS)
Web-based Vulnerabilities
Understanding Java-, JavaScript-, and ActiveX-based Problems
Preventing Problems with
Java, JavaScript, and ActiveX
Programming Secure Scripts
Code Signing: Solution or More Problems?
Understanding Code Signing
The Benefits of Code Signing
Problems with the Code Signing Process
Buffer Overflows
Making Browsers and E-mail Clients More Secure
Restricting Programming Languages
Keep Security Patches Current
Securing Web Browser Software
Securing Microsoft IE
CGI
What is a CGI Script and What Does It Do?
Typical Uses of CGI Scripts
Break-ins Resulting from Weak CGI Scripts
CGI Wrappers
Nikto
FTP Security
Active and Passive FTP
S/FTP
Secure Copy
Blind FTP/Anonymous
FTP Sharing and Vulnerabilities
Packet Sniffing FTP Transmissions
Directory Services and LDAP Security
LDAP
LDAP Directories
Organizational Units
Objects, Attributes and the Schema
Securing LDAP
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Infrastructure Security: Devices and Media
Introduction
Device-based Security
Firewalls
Packet-filtering Firewalls
Application-layer Gateways
Stateful Inspection Firewalls
Routers
Switches
Wireless
Modems
RAS
Telecom/PBX
Virtual Private Network
IDS
Network Monitoring/Diagnostic
Workstations
Servers
Mobile Devices
Media-based Security
Coax
Thin Coax
Thick Coax
Vulnerabilities of Coax Cabling
UTP/STP
Fiber Optic
Removable Media
Magnetic Tape
CDRs
Hard Drives
Diskettes
Flashcards
Smart Cards
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Topologies and IDS
Introduction
Security Topologies
Security Zones
Introducing the Demilitarized Zone
Intranet
Extranet
VLANs
Network Address Translation
Tunneling
Intrusion Detection
Characterizing IDSes
Signature-based IDSes and Detection Evasion
Popular Commercial IDS Systems
Honeypots and Honeynets
Judging False Positives and Negatives
Incident Response
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Infrastructure Security: System Hardening
Introduction
Concepts and Processes of OS and NOS Hardening
File System
Updates
Hotfixes
Service Packs
Patches
Network Hardening
pdates (Firmware)
Configuration
Enabling and Disabling Services and Protocols
ACLs
Application Hardening
Updates
Hotfixes
Service Packs
Patches
Web Servers
E-mail Servers
FTP Servers
DNS Servers
NNTP Servers
File and Print Servers
DHCP Servers
Data Repositories
Directory Services
Network Access Control
Databases
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Basics of Cryptography
Introduction
Algorithms
What Is Encryption?
Symmetric Encryption Algorithms
Data Encryption Standard and
Triple Data Encryption Standard
Advanced Encryption Standard (Rijndael)
IDEA
Asymmetric Encryption Algorithms
Diffie-Hellman
El Gamal
RSA
Hashing Algorithms
Concepts of Using Cryptography
Confidentiality
Integrity
Digital Signatures
MITM Attacks
Authentication
Non-Repudiation
Access Control
One-time Pad
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Public Key Infrastructure
Introduction
PKI
Trust Models
Web-of-trust Model
Single Certificate Authority Model
Hierarchical Model
Certificates
X.509
Certificate Policies
Certificate Practice Statements
Revocation
Certificate Revocation List
OCSP
Standards and Protocols
Key Management and Certificate Lifecycle
Centralized vs. Decentralized
Storage
Hardware Key Storage vs. Software Key Storage
Private Key Protection
Escrow
Expiration
Revocation
Status Checking
Suspension
Status Checking
Recovery
Key Recovery Information
M of N Control
Renewal
Destruction
Key Usage
Multiple Key Pairs (Single, Dual)
Summary
Solutions Fast Track
Frequently Asked Questions
Index
Introduction to AAA
What is AAA?
Access Control
Authentication
Auditing
Access Control
MAC/DAC/RBAC
MAC
DAC
RBAC
Authentication
Kerberos
CHAP
Certificates
Username/Password
Tokens
Multi-factor
Mutual Authentication
Biometrics
Auditing
Auditing Systems
Logging
System Scanning
Disabling Non-essential Services, Protocols, Systems and Processes
Non-essential Services
Non-essential Protocols
Disabling Non-essential Systems
Disabling Non-essential Processes
Disabling Non-Essential Programs
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 General Security Concepts: Attacks
Attacks
Active Attacks
DoS and DDoS
Resource Consumption Attacks
SYN Attacks
DDoS Attacks
Software Exploitation and Buffer Overflows
MITM Attacks
TCP/IP Hijacking
Replay Attacks
Spoofing Attacks
IP Spoofing
E-mail Spoofing
Web Site Spoofing
Phishing
Wardialing
Dumpster Diving
Social Engineering
Vulnerability Scanning
Passive Attacks
Sniffing and Eavesdropping
Password Attacks
Brute Force Attacks
Dictionary-based Attacks
Malicious Code Attacks
Viruses
Worms
Trojan Horses
Rootkits
Back Doors
Logic Bombs
Spyware and Adware
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Communication Security: Remote Access and Messaging
Introduction
he Need for Communication Security
Communications-based Security
Remote Access Security
802.1x
EAP
Vulnerabilities
Media Access Control Authentication
VPN
Site-to-site VPN
Remote Access VPN
RADIUS
Authentication Process
Vulnerabilities
TACACS/+
TACACS
XTACACS
TACACS+
Vulnerabilities
PPTP/L2TP
PPTP
L2TP
SSH
How SSH Works
IPSec
IPSec Authentication
ISAKMP
Vulnerabilities
Eavesdropping
Data Modification
Identity Spoofing
User Vulnerabilities and Errors
Administrator Vulnerabilities and Errors
E-mail Security
MIME
S/MIME
PGP
How PGP Works
Vulnerabilities
SMTP Relay
Spoofing
E-mail and Mobility
E-mail and Viruses
Spam
Hoaxes
Phishing
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Communication Security: Wireless
Introduction
Wireless Concepts
Understanding Wireless Networks
Overview of Wireless
Communication in a Wireless Network
Radio Frequency Communications
Spread Spectrum Technology
Wireless Network Architecture
CSMA/CD and CSMA/CA
Wireless Local Area Networks
WAP
WTLS
IEEE 802.11
IEEE 802.11b
Ad-Hoc and Infrastructure Network Configuration
WEP
Creating Privacy with WEP
Authentication
Common Exploits of Wireless Networks
Passive Attacks on Wireless Networks
Active Attacks on Wireless Networks
MITM Attacks on Wireless Networks
Wireless Vulnerabilities
WAP Vulnerabilities
WEP Vulnerabilities
Security of 64-Bit vs. 128-Bit Keys
Acquiring a WEP Key
Addressing Common Risks and Threats
Finding a Target
Finding Weaknesses in a Target
Exploiting Those Weaknesses
Sniffing
Protecting Against Sniffing and Eavesdropping
Spoofing (Interception) and Unauthorized Access
Protecting Against Spoofing and Unauthorized Attacks
Network Hijacking and Modification
Protection against Network
Hijacking and Modification
Denial of Service and Flooding Attacks
Protecting Against DoS and Flooding Attacks
IEEE 802.1x Vulnerabilities
Site Surveys
Additional Security Measures for Wireless Networks
Using a Separate Subnet for Wireless Networks
Using VPNs for Wireless Access to Wired Network
Temporal Key Integrity Protocol
Message Integrity Code (MIC)
IEEE 802.11i Standard
Implementing Wireless Security: Common Best Practices
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Communication Security: Web Based Services
Introduction
Web Security
Web Server Lockdown
Managing Access Control
Handling Directory and Data Structures
Eliminating Scripting Vulnerabilities
Logging Activity
Performing Backups
Maintaining Integrity
Finding Rogue Web Servers
Stopping Browser Exploits
Exploitable Browser Characteristics
Cookies
Web Spoofing
Web Server Exploits
SSL and HTTP/S
SSL and TLS
HTTP/S
TLS
S-HTTP
Instant Messaging
Packet Sniffers and Instant Messaging7
Text Messaging and Short Message Service (SMS)
Web-based Vulnerabilities
Understanding Java-, JavaScript-, and ActiveX-based Problems
Preventing Problems with
Java, JavaScript, and ActiveX
Programming Secure Scripts
Code Signing: Solution or More Problems?
Understanding Code Signing
The Benefits of Code Signing
Problems with the Code Signing Process
Buffer Overflows
Making Browsers and E-mail Clients More Secure
Restricting Programming Languages
Keep Security Patches Current
Securing Web Browser Software
Securing Microsoft IE
CGI
What is a CGI Script and What Does It Do?
Typical Uses of CGI Scripts
Break-ins Resulting from Weak CGI Scripts
CGI Wrappers
Nikto
FTP Security
Active and Passive FTP
S/FTP
Secure Copy
Blind FTP/Anonymous
FTP Sharing and Vulnerabilities
Packet Sniffing FTP Transmissions
Directory Services and LDAP Security
LDAP
LDAP Directories
Organizational Units
Objects, Attributes and the Schema
Securing LDAP
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Infrastructure Security: Devices and Media
Introduction
Device-based Security
Firewalls
Packet-filtering Firewalls
Application-layer Gateways
Stateful Inspection Firewalls
Routers
Switches
Wireless
Modems
RAS
Telecom/PBX
Virtual Private Network
IDS
Network Monitoring/Diagnostic
Workstations
Servers
Mobile Devices
Media-based Security
Coax
Thin Coax
Thick Coax
Vulnerabilities of Coax Cabling
UTP/STP
Fiber Optic
Removable Media
Magnetic Tape
CDRs
Hard Drives
Diskettes
Flashcards
Smart Cards
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Topologies and IDS
Introduction
Security Topologies
Security Zones
Introducing the Demilitarized Zone
Intranet
Extranet
VLANs
Network Address Translation
Tunneling
Intrusion Detection
Characterizing IDSes
Signature-based IDSes and Detection Evasion
Popular Commercial IDS Systems
Honeypots and Honeynets
Judging False Positives and Negatives
Incident Response
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Infrastructure Security: System Hardening
Introduction
Concepts and Processes of OS and NOS Hardening
File System
Updates
Hotfixes
Service Packs
Patches
Network Hardening
pdates (Firmware)
Configuration
Enabling and Disabling Services and Protocols
ACLs
Application Hardening
Updates
Hotfixes
Service Packs
Patches
Web Servers
E-mail Servers
FTP Servers
DNS Servers
NNTP Servers
File and Print Servers
DHCP Servers
Data Repositories
Directory Services
Network Access Control
Databases
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Basics of Cryptography
Introduction
Algorithms
What Is Encryption?
Symmetric Encryption Algorithms
Data Encryption Standard and
Triple Data Encryption Standard
Advanced Encryption Standard (Rijndael)
IDEA
Asymmetric Encryption Algorithms
Diffie-Hellman
El Gamal
RSA
Hashing Algorithms
Concepts of Using Cryptography
Confidentiality
Integrity
Digital Signatures
MITM Attacks
Authentication
Non-Repudiation
Access Control
One-time Pad
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Public Key Infrastructure
Introduction
PKI
Trust Models
Web-of-trust Model
Single Certificate Authority Model
Hierarchical Model
Certificates
X.509
Certificate Policies
Certificate Practice Statements
Revocation
Certificate Revocation List
OCSP
Standards and Protocols
Key Management and Certificate Lifecycle
Centralized vs. Decentralized
Storage
Hardware Key Storage vs. Software Key Storage
Private Key Protection
Escrow
Expiration
Revocation
Status Checking
Suspension
Status Checking
Recovery
Key Recovery Information
M of N Control
Renewal
Destruction
Key Usage
Multiple Key Pairs (Single, Dual)
Summary
Solutions Fast Track
Frequently Asked Questions
Index