Syngress print books and ebooks | Elsevier | Elsevier Shop

Penetration Tester's Open Source Toolkit

3rd Edition
July 18, 2011
Jeremy Faircloth
English
eBook
9 7 8 1 5 9 7 4 9 6 2 8 5

Penetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply. Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the student for each situation. This edition offers instruction on how and in which situations the penetration tester can best use them. Real-life scenarios support and expand upon explanations throughout. It also presents core technologies for each type of testing and the best tools for the job. The book consists of 10 chapters that covers a wide range of topics such as reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; enterprise application testing; wireless penetrating testing; and building penetration test labs. The chapters also include case studies where the tools that are discussed are applied. New to this edition: enterprise application testing, client-side attacks and updates on Metasploit and Backtrack. This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.

Thor's Microsoft Security Bible

1st Edition
July 16, 2011
Timothy "Thor" Mullen
English
Hardback
9 7 8 1 5 9 7 4 9 5 7 2 1
eBook
9 7 8 1 5 9 7 4 9 5 7 3 8

Thor's Microsoft Security Bible provides a one-stop-shop for Microsoft-related security techniques and procedures as applied to the typical deployment of a Microsoft-based infrastructure. Written by world-renowned security expert Timothy Thor Mullen, the book presents a fascinating collection of practical and immediately implementable Microsoft security techniques, processes and methodologies uniquely illustrated through real-world process examples. This book contains detailed security concepts and methodologies described at every level: Server, Client, Organizational Structure, Platform-specific security options, and application specific security (IIS, SQL, Active Directory, etc.). It also includes new, never-before-publish... security tools complete with source code; detailed technical information on security processes for all major Microsoft applications; unique project-based storytelling delivery, combining multiple security techniques and methods together for real-world solutions to security challenges in actual business use cases; reference-style content for access to specific application security techniques and methods; actual author opinion and guidance as not only HOW to go about security particular applications, but WHY to do so. This book will be of interest to systems and network administrators, IT managers, security and network engineers, and database administrators.

iPhone and iOS Forensics

1st Edition
June 16, 2011
Andrew Hoog + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 6 5 9 9
eBook
9 7 8 1 5 9 7 4 9 6 6 0 5

iPhone and iOS Forensics is a guide to the forensic acquisition and analysis of iPhone and iOS devices, and offers practical advice on how to secure iOS devices, data and apps. The book takes an in-depth look at methods and processes that analyze the iPhone/iPod in an official legal manner, so that all of the methods and procedures outlined in the text can be taken into any courtroom. It includes information data sets that are new and evolving, with official hardware knowledge from Apple itself to help aid investigators.This book consists of 7 chapters covering device features and functions; file system and data storage; iPhone and iPad data security; acquisitions; data and application analysis; and commercial tool testing.This book will appeal to forensic investigators (corporate and law enforcement) and incident response professionals.

Android Forensics

1st Edition
June 15, 2011
Andrew Hoog
English
Paperback
9 7 8 1 5 9 7 4 9 6 5 1 3
eBook
9 7 8 1 5 9 7 4 9 6 5 2 0

Android Forensics: Investigation, Analysis, and Mobile Security for Google Android provides the background, techniques and analysis tools you need to effectively investigate an Android phone. This book offers a thorough review of the Android platform, including the core hardware and software components, file systems and data structures, data security considerations, and forensic acquisition techniques and strategies for the subsequent analysis require d. this book is ideal for the classroom as it teaches readers not only how to forensically acquire Android devices but also how to apply actual forensic techniques to recover data. The book lays a heavy emphasis on open source tools and step-by-step examples and includes information about Android applications needed for forensic investigations. It is organized into seven chapters that cover the history of the Android platform and its internationalization... the Android Open Source Project (AOSP) and the Android Market; a brief tutorial on Linux and Android forensics; and how to create an Ubuntu-based virtual machine (VM). The book also considers a wide array of Android-supported hardware and device types, the various Android releases, the Android software development kit (SDK), the Davlik VM, key components of Android security, and other fundamental concepts related to Android forensics, such as the Android debug bridge and the USB debugging setting. In addition, it analyzes how data are stored on an Android device and describes strategies and specific utilities that a forensic analyst or security engineer can use to examine an acquired Android device. Core Android developers and manufacturers, app developers, corporate security officers, and anyone with limited forensic experience will find this book extremely useful. It will also appeal to computer forensic and incident response professionals, including commercial/private sector contractors, consultants, and those in federal government.

The Basics of Information Security

1st Edition
June 10, 2011
Jason Andress
English
Paperback
9 7 8 1 5 9 7 4 9 6 5 3 7
eBook
9 7 8 1 5 9 7 4 9 6 5 4 4

The Basics of Information Security provides fundamental knowledge of information security in both theoretical and practical aspects. This book is packed with key concepts of information security, such as confidentiality, integrity, and availability, as well as tips and additional resources for further advanced study. It also includes practical applications in the areas of operations, physical, network, operating system, and application security. Complete with exercises at the end of each chapter, this book is well-suited for classroom or instructional use. The book consists of 10 chapters covering such topics as identification and authentication; authorization and access control; auditing and accountability; cryptography; operations security; physical security; network security; operating system security; and application security. Useful implementations for each concept are demonstrated using real world examples. PowerPoint lecture slides are available for use in the classroom. This book is an ideal reference for security consultants, IT managers, students, and those new to the InfoSec field.

Cyber Warfare

1st Edition
June 1, 2011
Jason Andress + 1 more
English
eBook
9 7 8 1 5 9 7 4 9 6 3 8 4

Cyber Warfare Techniques, Tactics and Tools for Security Practitioners provides a comprehensive look at how and why digital warfare is waged. This book explores the participants, battlefields, and the tools and techniques used during today's digital conflicts. The concepts discussed will give students of information security a better idea of how cyber conflicts are carried out now, how they will change in the future, and how to detect and defend against espionage, hacktivism, insider threats and non-state actors such as organized criminals and terrorists. Every one of our systems is under attack from multiple vectors - our defenses must be ready all the time and our alert systems must detect the threats every time. This book provides concrete examples and real-world guidance on how to identify and defend a network against malicious attacks. It considers relevant technical and factual information from an insider's point of view, as well as the ethics, laws and consequences of cyber war and how computer criminal law may change as a result. Starting with a definition of cyber warfare, the book’s 15 chapters discuss the following topics: the cyberspace battlefield; cyber doctrine; cyber warriors; logical, physical, and psychological weapons; computer network exploitation; computer network attack and defense; non-state actors in computer network operations; legal system impacts; ethics in cyber warfare; cyberspace challenges; and the future of cyber war. This book is a valuable resource to those involved in cyber warfare activities, including policymakers, penetration testers, security professionals, network and systems administrators, and college instructors. The information provided on cyber tactics and attacks can also be used to assist in developing improved and more efficient procedures and technical defenses. Managers will find the text useful in improving the overall risk management strategies for their organizations.

Securing the Cloud

1st Edition
April 21, 2011
Vic (J.R.) Winkler
English
Paperback
9 7 8 1 5 9 7 4 9 5 9 2 9
eBook
9 7 8 1 5 9 7 4 9 5 9 3 6

Securing the Cloud is the first book that helps you secure your information while taking part in the time and cost savings of cloud computing. As companies turn to burgeoning cloud computing technology to streamline and save money, security is a fundamental concern. The cloud offers flexibility, adaptability, scalability, and in the case of security - resilience. Securing the Cloud explains how to make the move to the cloud, detailing the strengths and weaknesses of securing a company's information with different cloud approaches. It offers a clear and concise framework to secure a business' assets while making the most of this new technology.This book considers alternate approaches for securing a piece of the cloud, such as private vs. public clouds, SaaS vs. IaaS, and loss of control and lack of trust. It discusses the cloud's impact on security roles, highlighting security as a service, data backup, and disaster recovery. It also describes the benefits of moving to the cloud - solving for limited availability of space, power, and storage.This book will appeal to network and security IT staff and management responsible for design, implementation and management of IT structures from admins to CSOs, CTOs, CIOs and CISOs.

Security Risk Management

1st Edition
April 20, 2011
Evan Wheeler
English
Paperback
9 7 8 1 5 9 7 4 9 6 1 5 5
eBook
9 7 8 1 5 9 7 4 9 6 1 6 2

Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs.

PCI Compliance

1st Edition
April 18, 2011
Anton Chuvakin + 1 more
Tony Bradley
English
Paperback
9 7 8 1 5 9 7 4 9 1 6 5 5
eBook
9 7 8 0 0 8 0 5 5 6 3 8 3

Identity theft has been steadily rising in recent years, and credit card data is one of the number one targets for identity theft. With a few pieces of key information. Organized crime has made malware development and computer networking attacks more professional and better defenses are necessary to protect against attack. The credit card industry established the PCI Data Security standards to provide a baseline expectancy for how vendors, or any entity that handles credit card transactions or data, should protect data to ensure it is not stolen or compromised. This book will provide the information that you need to understand the PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.

Digital Forensics with Open Source Tools

1st Edition
March 29, 2011
Harlan Carvey + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 5 8 6 8
eBook
9 7 8 1 5 9 7 4 9 5 8 7 5

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts. Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations. This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.

Life Sciences

Physical Sciences & Engineering

Social Sciences & Humanities

Health

Syngress