Skip to main content
View Cart

Syngress

  • Professional Penetration Testing

    Volume 1: Creating and Learning in a Hacking Lab
    • 1st Edition
    • Thomas Wilhelm
    • English
    Professional Penetration Testing: Creating and Operating a Formal Hacking Lab examines all aspects of professional penetration testing, from project management to team building, metrics, risk management, training, reporting, information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, and test-data archival methods. It also discusses how to maintain access and cover one's tracks. It includes two video courses to teach readers fundamental and intermediate information-system penetration testing techniques, and to explain how to create and operate a formal hacking lab.The book is divided into three parts. Part 1 focuses on the professionals who are members of a penetration test team, the skills required to be an effective team member, and the ways to create a PenTest lab. Part 2 looks at the activities involved in a penetration test and how to run a PenTest to improve the overall security posture of the client. Part 3 discusses the creation of a final report for the client, cleaning up the lab for the next penetration test, and identifying the training needs of penetration-test team members. This book will benefit both experienced and novice penetration test practitioners.

  • Digital Forensics Ultimate DVD

    • 1st Edition
    • Michael Cross + 5 more
    • English
    Digital Forensics Ultimate DVD contains six of our best-selling titles. This collection of ebooks provides the IT security professional with easy access to tones of information on a single DVD. It contains over 3000 pages of techniques and tools. The books included are: Malware Forensics 9781597492683 Mac OS Forensics 9781597492973 Windows Forensic Analysis DVD Toolkit, First Edition 9781597491563 UNIX and Linux Forensic Analysis DVD Toolkit 9781597492690 Alternate Data Storage Forensics 9781597491631 Scene of the Cybercrime, 2nd Edition 9781597492768

  • SQL Injection Attacks and Defense

    • 1st Edition
    • Justin Clarke-Salt
    • English
    Winner of the Best Book Bejtlich Read in 2009 award! "SQL injection is probably the number one problem for any server-side application, and this book is unequaled in its coverage." Richard Bejtlich, http://taosecurity.b... SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information to turn to for help. This is the only book devoted exclusively to this long-established but recently growing threat. It includes all the currently known information about these attacks and significant insight from its contributing team of SQL injection experts.

  • Cisco Router and Switch Forensics

    Investigating and Analyzing Malicious Network Activity
    • 1st Edition
    • Dale Liu
    • English
    Cisco IOS (the software that runs the vast majority of Cisco routers and all Cisco network switches) is the dominant routing platform on the Internet and corporate networks. This widespread distribution, as well as its architectural deficiencies, makes it a valuable target for hackers looking to attack a corporate or private network infrastructure. Compromised devices can disrupt stability, introduce malicious modification, and endanger all communication on the network. For security of the network and investigation of attacks, in-depth analysis and diagnostics are critical, but no book currently covers forensic analysis of Cisco network devices in any detail. Cisco Router and Switch Forensics is the first book devoted to criminal attacks, incident response, data collection, and legal testimony on the market leader in network devices, including routers, switches, and wireless access points. Why is this focus on network devices necessary? Because criminals are targeting networks, and network devices require a fundamentally different approach than the process taken with traditional forensics. By hacking a router, an attacker can bypass a network's firewalls, issue a denial of service (DoS) attack to disable the network, monitor and record all outgoing and incoming traffic, or redirect that communication anywhere they like. But capturing this criminal activity cannot be accomplished with the tools and techniques of traditional forensics. While forensic analysis of computers or other traditional media typically involves immediate shut-down of the target machine, creation of a duplicate, and analysis of static data, this process rarely recovers live system data. So, when an investigation focuses on live network activity, this traditional approach obviously fails. Investigators must recover data as it is transferred via the router or switch, because it is destroyed when the network device is powered down. In this case, following the traditional approach outlined in books on general computer forensics techniques is not only insufficient, but also essentially harmful to an investigation.Jargon buster: A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). A router is a more sophisticated network device that joins multiple wired or wireless networks together.

  • The Real Citrix CCA Exam Preparation Kit

    Prepare for XenApp 5.0
    • 1st Edition
    • Shawn Tooley
    • English
    The Citrix Certified Administrator (CCA) credential is the first tier of Citrix certification. The CCA is most often sought out by IT professionals whose networks employ Citrix virtualization technology, and for those IT professionals who are seeking a broad base of general network expertise. The number of CCAs is estimated at between 65 and 70K, up from 45,000 in 2003. Citrix recently released a new version of its most popular product, XenApp (formerly Presentation Server). This new version is fully compatible with Windows Server 2008. To retain their CCA credential, all current CCAs will need to upgrade to the new software. This will be particularly important to those companies enrolled in Citrix partner programs, as current certification is a requirement of the program. When packaged with practice exams, this prep kit will offer an affordable, effective solution for CCA certification and re-certification.

  • The Real MCTS SQL Server 2008 Exam 70-433 Prep Kit

    Database Design
    • 1st Edition
    • English
    SQL Server 2008 is the latest update to Microsoft's flagship database management system. This is the largest update since SQL Server 2005, and it brings increased ability to deliver data across more platforms, and thus many different types of devices. New functionality also allows for easy storage and retrieval of digitized images and video. These attributes address the recent explosion in the popularity of web-based video and server and desktop virtualization. The Real MCTS SQL Server 2008 Exam 70-433 Prep Kit prepares readers for the Microsoft Certified Technology Specialist exam: SQL Server 2008, Database Development. This is a new exam in the SQL Server product family, and is comprised of some objectives from exam 70-431 from SQL Server 2005, and covers new, expanded query capabilities in SQL Server 2008. According to Microsoft: Exam 70-431 for SQL Server 2005 was passed by over 35,000 people. ~ 150,000 people passed a similar exam for SQL Server 2000. Additionally, this exam is a pre-requisite for those going on to obtain the MCITP: Database Developer 2008: Successful candidates for the SQL Server 2005 MCITP ~ 2,500.

  • The Real MCTS SQL Server 2008 Exam 70-432 Prep Kit

    Database Implementation and Maintenance
    • 1st Edition
    • English
    SQL Server 2008 is the latest update to Microsoft's flagship database management system. This is the largest update since SQL Server 2005. SQL Server 2008 is a much more significant update than SQL Server 2005, because it brings increased ability to deliver data across more platforms, and thus many different types of devices. New functionality also allows for easy storage and retrieval of digitized images and video. These attributes address the recent explosion in the popularity of web-based video and server and desktop virtualization.The Real MCTS SQL Server 2008 Exam 70-432 Prep Kit prepares readers for the Microsoft Certified Technology Specialist exam: SQL Server 2008, Implementation and Maintenance.

  • Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit

    • 1st Edition
    • Jesse Varsalone
    • English
    This book provides digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data.FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine.Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist filesRecovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email.Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist.Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them.PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats.Forensic Acquisition and Analysis of an iPod Documentseizure of an iPod model and analyze the iPod image file and artifacts on a Mac.Forensic Acquisition and Analysis of an iPhone Acquire a physical image of an iPhone or iPod Touch and safely analyze without jailbreaking.

  • Virtualization for Security

    Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting
    • 1st Edition
    • John Hoopes
    • English
    One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives. Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.About the TechnologiesA sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.Virtualiz... has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.

  • Nokia Firewall, VPN, and IPSO Configuration Guide

    • 1st Edition
    • Andrew Hay + 2 more
    • English
    "While Nokia is perhaps most recognized for its leadership in the mobile phone market, they have successfully demonstrated their knowledge of the Internet security appliance market and its customers requirements."--Chri... Christiansen, Vice President, Internet Infrastructure and Security Software, IDC.Syngress has a long history of publishing market-leading books for system administrators and security professionals on commercial security products, particularly Firewall and Virtual Private Network (VPN) appliances from Cisco, Check Point, Juniper, SonicWall, and Nokia (see related titles for sales histories). The Nokia Firewall, VPN, and IPSO Configuration Guide will be the only book on the market covering the all-new Nokia Firewall/VPN Appliance suite. Nokia Firewall/VPN appliances are designed to protect and extend the network perimeter.According to IDC research, Nokia Firewall/VPN Appliances hold the #3 worldwide market-share position in this space behind Cisco and Juniper/NetScreen. IDC estimated the total Firewall/VPN market at $6 billion in 2007, and Nokia owns 6.6% of this market. Nokia's primary customers for security appliances are Mid-size to Large enterprises who need site-to-site connectivity and Mid-size to Large enterprises who need remote access connectivity through enterprise-deployed mobile devices. Nokia appliances for this market are priced form $1,000 for the simplest devices (Nokia IP60) up to $60,0000 for large enterprise- and service-provider class devices (like the Nokia IP2450 released in Q4 2007). While the feature set of such a broad product range obviously varies greatly, all of the appliances run on the same operating system: Nokia IPSO (IPSO refers to Ipsilon Networks, a company specializing in IP switching acquired by Nokia in 1997. The definition of the acronym has little to no meaning for customers.) As a result of this common operating system across the product line, The Nokia Firewall, VPN, and IPSO Configuration Guide will be an essential reference to users of any of these products. Users manage the Nokia IPSO (which is a Linux variant, specifically designed for these appliances) through a Web interface called Nokia Network Voyager or via a powerful Command Line Interface (CLI). Coverage within the book becomes increasingly complex relative to the product line.The Nokia Firewall, VPN, and IPSO Configuration Guide and companion Web site will provide seasoned network administrators and security professionals with the in-depth coverage and step-by-step walkthroughs they require to properly secure their network perimeters and ensure safe connectivity for remote users. The book contains special chapters devoted to mastering the complex Nokia IPSO command line, as well as tips and tricks for taking advantage of the new "ease of use" features in the Nokia Network Voyager Web interface. In addition, the companion Web site offers downloadable video walkthroughs on various installation and troubleshooting tips from the authors.

Browse by Publisher