Skip to main content
View Cart

Syngress

  • The Official CHFI Study Guide (Exam 312-49)

    for Computer Hacking Forensic Investigator
    • 1st Edition
    • August 31, 2011
    • Dave Kleiman
    • English
    This is the official CHFI (Computer Hacking Forensics Investigator) study guide for professionals studying for the forensics exams and for professionals needing the skills to identify an intruder's footprints and properly gather the necessary evidence to prosecute. The EC-Council offers certification for ethical hacking and computer forensics. Their ethical hacker exam has become very popular as an industry gauge and we expect the forensics exam to follow suit. Material is presented in a logical learning sequence: a section builds upon previous sections and a chapter on previous chapters. All concepts, simple and complex, are defined and explained when they appear for the first time. This book includes: Exam objectives covered in a chapter are clearly explained in the beginning of the chapter, Notes and Alerts highlight crucial points, Exam’s Eye View emphasizes the important points from the exam’s perspective, Key Terms present definitions of key terms used in the chapter, Review Questions contains the questions modeled after real exam questions based on the material covered in the chapter. Answers to the questions are presented with explanations. Also included is a full practice exam modeled after the real exam.

  • Industrial Network Security

    Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
    • 1st Edition
    • August 15, 2011
    • Eric D. Knapp + 1 more
    • English
    Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems covers implementation guidelines for security measures of critical infrastructure. The book describes an approach to ensure the security of industrial networks by taking into account the unique network, protocol, and application characteristics of an industrial control system, along with various compliance controls. It offers guidance on deployment and configuration, and it explains why, where, and how security controls should be implemented. It also discusses common pitfalls and mistakes and how to avoid them. After reading this book, students will understand and address the unique security concerns that face the world's most important networks. This book examines the unique protocols and applications that are the foundation of industrial control systems and provides comprehensive guidelines for their protection. Divided into 11 chapters, it explains the basics of Ethernet and Transmission Control Protocol/Internet Protocol (TCP/IP) networking communications and the SCADA and field bus protocols. It also explores industrial networks as they relate to "critical infrastructure" and cyber security; potential risks and consequences of a cyber attack against an industrial control system; compliance controls in relation to network security practices; industrial network protocols such as Modbus and DNP3; assessment of vulnerabilities and risk; how to secure enclaves; regulatory compliance standards applicable to industrial network security; and common pitfalls and mistakes, like complacency and deployment errors. This book is a valuable resource for plant operators and information security analysts, as well as compliance officers who want to pass an audit with minimal penalties and/or fines. It will also appeal to IT and security professionals working on networks and control systems operations.

  • Penetration Tester's Open Source Toolkit

    • 3rd Edition
    • July 18, 2011
    • Jeremy Faircloth
    • English
    Penetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply. Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the student for each situation. This edition offers instruction on how and in which situations the penetration tester can best use them. Real-life scenarios support and expand upon explanations throughout. It also presents core technologies for each type of testing and the best tools for the job. The book consists of 10 chapters that covers a wide range of topics such as reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; enterprise application testing; wireless penetrating testing; and building penetration test labs. The chapters also include case studies where the tools that are discussed are applied. New to this edition: enterprise application testing, client-side attacks and updates on Metasploit and Backtrack. This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.

  • Thor's Microsoft Security Bible

    A Collection of Practical Security Techniques
    • 1st Edition
    • July 16, 2011
    • Timothy "Thor" Mullen
    • English
    Thor's Microsoft Security Bible provides a one-stop-shop for Microsoft-related security techniques and procedures as applied to the typical deployment of a Microsoft-based infrastructure. Written by world-renowned security expert Timothy Thor Mullen, the book presents a fascinating collection of practical and immediately implementable Microsoft security techniques, processes and methodologies uniquely illustrated through real-world process examples. This book contains detailed security concepts and methodologies described at every level: Server, Client, Organizational Structure, Platform-specific security options, and application specific security (IIS, SQL, Active Directory, etc.). It also includes new, never-before-publish... security tools complete with source code; detailed technical information on security processes for all major Microsoft applications; unique project-based storytelling delivery, combining multiple security techniques and methods together for real-world solutions to security challenges in actual business use cases; reference-style content for access to specific application security techniques and methods; actual author opinion and guidance as not only HOW to go about security particular applications, but WHY to do so. This book will be of interest to systems and network administrators, IT managers, security and network engineers, and database administrators.

  • iPhone and iOS Forensics

    Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices
    • 1st Edition
    • June 16, 2011
    • Andrew Hoog + 1 more
    • English
    iPhone and iOS Forensics is a guide to the forensic acquisition and analysis of iPhone and iOS devices, and offers practical advice on how to secure iOS devices, data and apps. The book takes an in-depth look at methods and processes that analyze the iPhone/iPod in an official legal manner, so that all of the methods and procedures outlined in the text can be taken into any courtroom. It includes information data sets that are new and evolving, with official hardware knowledge from Apple itself to help aid investigators.This book consists of 7 chapters covering device features and functions; file system and data storage; iPhone and iPad data security; acquisitions; data and application analysis; and commercial tool testing.This book will appeal to forensic investigators (corporate and law enforcement) and incident response professionals.

  • Android Forensics

    Investigation, Analysis and Mobile Security for Google Android
    • 1st Edition
    • June 15, 2011
    • Andrew Hoog
    • English
    Android Forensics: Investigation, Analysis, and Mobile Security for Google Android provides the background, techniques and analysis tools you need to effectively investigate an Android phone. This book offers a thorough review of the Android platform, including the core hardware and software components, file systems and data structures, data security considerations, and forensic acquisition techniques and strategies for the subsequent analysis require d. this book is ideal for the classroom as it teaches readers not only how to forensically acquire Android devices but also how to apply actual forensic techniques to recover data. The book lays a heavy emphasis on open source tools and step-by-step examples and includes information about Android applications needed for forensic investigations. It is organized into seven chapters that cover the history of the Android platform and its internationalization... the Android Open Source Project (AOSP) and the Android Market; a brief tutorial on Linux and Android forensics; and how to create an Ubuntu-based virtual machine (VM). The book also considers a wide array of Android-supported hardware and device types, the various Android releases, the Android software development kit (SDK), the Davlik VM, key components of Android security, and other fundamental concepts related to Android forensics, such as the Android debug bridge and the USB debugging setting. In addition, it analyzes how data are stored on an Android device and describes strategies and specific utilities that a forensic analyst or security engineer can use to examine an acquired Android device. Core Android developers and manufacturers, app developers, corporate security officers, and anyone with limited forensic experience will find this book extremely useful. It will also appeal to computer forensic and incident response professionals, including commercial/private sector contractors, consultants, and those in federal government.

  • The Basics of Information Security

    Understanding the Fundamentals of InfoSec in Theory and Practice
    • 1st Edition
    • June 10, 2011
    • Jason Andress
    • English
    The Basics of Information Security provides fundamental knowledge of information security in both theoretical and practical aspects. This book is packed with key concepts of information security, such as confidentiality, integrity, and availability, as well as tips and additional resources for further advanced study. It also includes practical applications in the areas of operations, physical, network, operating system, and application security. Complete with exercises at the end of each chapter, this book is well-suited for classroom or instructional use. The book consists of 10 chapters covering such topics as identification and authentication; authorization and access control; auditing and accountability; cryptography; operations security; physical security; network security; operating system security; and application security. Useful implementations for each concept are demonstrated using real world examples. PowerPoint lecture slides are available for use in the classroom. This book is an ideal reference for security consultants, IT managers, students, and those new to the InfoSec field.

  • Security Risk Management

    Building an Information Security Risk Management Program from the Ground Up
    • 1st Edition
    • April 20, 2011
    • Evan Wheeler
    • English
    Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs.

  • PCI Compliance

    Understand and Implement Effective PCI Data Security Standard Compliance
    • 1st Edition
    • April 18, 2011
    • Anton Chuvakin + 1 more
    • Tony Bradley
    • English
    Identity theft has been steadily rising in recent years, and credit card data is one of the number one targets for identity theft. With a few pieces of key information. Organized crime has made malware development and computer networking attacks more professional and better defenses are necessary to protect against attack. The credit card industry established the PCI Data Security standards to provide a baseline expectancy for how vendors, or any entity that handles credit card transactions or data, should protect data to ensure it is not stolen or compromised. This book will provide the information that you need to understand the PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.

  • Digital Forensics with Open Source Tools

    • 1st Edition
    • March 29, 2011
    • Harlan Carvey + 1 more
    • English
    Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts. Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations. This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.

Browse by Publisher