Skip to main content
Elsevier

Syngress

  • Cisco Router and Switch Forensics

    Investigating and Analyzing Malicious Network Activity
    • 1st Edition
    • Dale Liu
    • English
    Cisco IOS (the software that runs the vast majority of Cisco routers and all Cisco network switches) is the dominant routing platform on the Internet and corporate networks. This widespread distribution, as well as its architectural deficiencies, makes it a valuable target for hackers looking to attack a corporate or private network infrastructure. Compromised devices can disrupt stability, introduce malicious modification, and endanger all communication on the network. For security of the network and investigation of attacks, in-depth analysis and diagnostics are critical, but no book currently covers forensic analysis of Cisco network devices in any detail. Cisco Router and Switch Forensics is the first book devoted to criminal attacks, incident response, data collection, and legal testimony on the market leader in network devices, including routers, switches, and wireless access points. Why is this focus on network devices necessary? Because criminals are targeting networks, and network devices require a fundamentally different approach than the process taken with traditional forensics. By hacking a router, an attacker can bypass a network's firewalls, issue a denial of service (DoS) attack to disable the network, monitor and record all outgoing and incoming traffic, or redirect that communication anywhere they like. But capturing this criminal activity cannot be accomplished with the tools and techniques of traditional forensics. While forensic analysis of computers or other traditional media typically involves immediate shut-down of the target machine, creation of a duplicate, and analysis of static data, this process rarely recovers live system data. So, when an investigation focuses on live network activity, this traditional approach obviously fails. Investigators must recover data as it is transferred via the router or switch, because it is destroyed when the network device is powered down. In this case, following the traditional approach outlined in books on general computer forensics techniques is not only insufficient, but also essentially harmful to an investigation.Jargon buster: A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). A router is a more sophisticated network device that joins multiple wired or wireless networks together.

  • Introduction to Microsoft Certification and Study Skills: Exam 70-620

    Exam 70-620
    • 1st Edition
    • Robert Shimonski
    • English
    This is a 1-hour short course from the complete self-paced online training course for 70-620. It provides a unique and intense test prep experience. Written and designed by leading experts and Microsoft MVPs, this short course delivers rich content, an interactive learning experience, and realistic practice questions.

  • The Real Citrix CCA Exam Preparation Kit

    Prepare for XenApp 5.0
    • 1st Edition
    • Shawn Tooley
    • English
    The Citrix Certified Administrator (CCA) credential is the first tier of Citrix certification. The CCA is most often sought out by IT professionals whose networks employ Citrix virtualization technology, and for those IT professionals who are seeking a broad base of general network expertise. The number of CCAs is estimated at between 65 and 70K, up from 45,000 in 2003. Citrix recently released a new version of its most popular product, XenApp (formerly Presentation Server). This new version is fully compatible with Windows Server 2008. To retain their CCA credential, all current CCAs will need to upgrade to the new software. This will be particularly important to those companies enrolled in Citrix partner programs, as current certification is a requirement of the program. When packaged with practice exams, this prep kit will offer an affordable, effective solution for CCA certification and re-certification.

  • The Real MCTS SQL Server 2008 Exam 70-432 Prep Kit

    Database Implementation and Maintenance
    • 1st Edition
    • English
    SQL Server 2008 is the latest update to Microsoft's flagship database management system. This is the largest update since SQL Server 2005. SQL Server 2008 is a much more significant update than SQL Server 2005, because it brings increased ability to deliver data across more platforms, and thus many different types of devices. New functionality also allows for easy storage and retrieval of digitized images and video. These attributes address the recent explosion in the popularity of web-based video and server and desktop virtualization.The Real MCTS SQL Server 2008 Exam 70-432 Prep Kit prepares readers for the Microsoft Certified Technology Specialist exam: SQL Server 2008, Implementation and Maintenance.

  • Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit

    • 1st Edition
    • Jesse Varsalone
    • English
    This book provides digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data.FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine.Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist filesRecovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email.Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist.Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them.PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats.Forensic Acquisition and Analysis of an iPod Documentseizure of an iPod model and analyze the iPod image file and artifacts on a Mac.Forensic Acquisition and Analysis of an iPhone Acquire a physical image of an iPhone or iPod Touch and safely analyze without jailbreaking.

  • Virtualization for Security

    Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting
    • 1st Edition
    • John Hoopes
    • English
    One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives. Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.About the TechnologiesA sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.Virtualiz... has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.

  • Nokia Firewall, VPN, and IPSO Configuration Guide

    • 1st Edition
    • Andrew Hay + 2 more
    • English
    "While Nokia is perhaps most recognized for its leadership in the mobile phone market, they have successfully demonstrated their knowledge of the Internet security appliance market and its customers requirements."--Chri... Christiansen, Vice President, Internet Infrastructure and Security Software, IDC.Syngress has a long history of publishing market-leading books for system administrators and security professionals on commercial security products, particularly Firewall and Virtual Private Network (VPN) appliances from Cisco, Check Point, Juniper, SonicWall, and Nokia (see related titles for sales histories). The Nokia Firewall, VPN, and IPSO Configuration Guide will be the only book on the market covering the all-new Nokia Firewall/VPN Appliance suite. Nokia Firewall/VPN appliances are designed to protect and extend the network perimeter.According to IDC research, Nokia Firewall/VPN Appliances hold the #3 worldwide market-share position in this space behind Cisco and Juniper/NetScreen. IDC estimated the total Firewall/VPN market at $6 billion in 2007, and Nokia owns 6.6% of this market. Nokia's primary customers for security appliances are Mid-size to Large enterprises who need site-to-site connectivity and Mid-size to Large enterprises who need remote access connectivity through enterprise-deployed mobile devices. Nokia appliances for this market are priced form $1,000 for the simplest devices (Nokia IP60) up to $60,0000 for large enterprise- and service-provider class devices (like the Nokia IP2450 released in Q4 2007). While the feature set of such a broad product range obviously varies greatly, all of the appliances run on the same operating system: Nokia IPSO (IPSO refers to Ipsilon Networks, a company specializing in IP switching acquired by Nokia in 1997. The definition of the acronym has little to no meaning for customers.) As a result of this common operating system across the product line, The Nokia Firewall, VPN, and IPSO Configuration Guide will be an essential reference to users of any of these products. Users manage the Nokia IPSO (which is a Linux variant, specifically designed for these appliances) through a Web interface called Nokia Network Voyager or via a powerful Command Line Interface (CLI). Coverage within the book becomes increasingly complex relative to the product line.The Nokia Firewall, VPN, and IPSO Configuration Guide and companion Web site will provide seasoned network administrators and security professionals with the in-depth coverage and step-by-step walkthroughs they require to properly secure their network perimeters and ensure safe connectivity for remote users. The book contains special chapters devoted to mastering the complex Nokia IPSO command line, as well as tips and tricks for taking advantage of the new "ease of use" features in the Nokia Network Voyager Web interface. In addition, the companion Web site offers downloadable video walkthroughs on various installation and troubleshooting tips from the authors.

  • Next Generation SSH2 Implementation

    Securing Data in Motion
    • 1st Edition
    • Dale Liu
    • English
    New security risks, continuously evolving regulation and increasing security standards have created new and growing needs for secure internal information transfers, which SSH provides. This book addresses these new trends in depth, offering the most up-to-date information on the integration of SSH into a security environment. It covers the newest features and applications of SSH-2 (which received Proposed Standard status from the IETF in 2006). SSH2 is more secure than previous versions and has many expanded uses on a wider variety of computing platforms. Another particular note driving new SSH2 adoption are the requirements of recent legislation (PCI/HIPAA/SOX/FISMA... SSH 2 has become an even more valuable tool, as it provides communications security compliance with the latest standards.This book offers the most up-to-date information on SSH2 in a practical, hands-on, tutorial-style reference that goes well beyond UNIX implementation. It concentrates on the latest version of SSH 2 with all new information.

  • Mobile Malware Attacks and Defense

    • 1st Edition
    • Ken Dunham
    • English
    Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices.* Visual PayloadsView attacks as visible to the end user, including notation of variants.* Timeline of Mobile Hoaxes and ThreatsUnderstand the history of major attacks and horizon for emerging threates.* Overview of Mobile Malware FamiliesIdentify and understand groups of mobile malicious code and their variations.* Taxonomy of Mobile MalwareBring order to known samples based on infection, distribution, and payload strategies.* Phishing, SMishing, and Vishing AttacksDetect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques.* Operating System and Device VulnerabilitiesAnaly... unique OS security issues and examine offensive mobile device threats.* Analyze Mobile MalwareDesign a sandbox for dynamic software analysis and use MobileSandbox to analyze mobile malware.* Forensic Analysis of Mobile MalwareConduct forensic analysis of mobile devices and learn key differences in mobile forensics.* Debugging and Disassembling Mobile MalwareUse IDA and other tools to reverse-engineer samples of malicious code for analysis.* Mobile Malware Mitigation MeasuresQualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents.

  • SAP Security Configuration and Deployment

    The IT Administrator's Guide to Best Practices
    • 1st Edition
    • Joey Hirao
    • English
    Throughout the world, high-profile large organizations (aerospace and defense, automotive, banking, chemicals, financial service providers, healthcare, high tech, insurance, oil and gas, pharmaceuticals, retail, telecommunications, and utilities) and governments are using SAP software to process their most mission-critical, highly sensitive data. With more than 100,000 installations, SAP is the world's largest enterprise software company and the world's third largest independent software supplier overall. Despite this widespread use, there have been very few books written on SAP implementation and security, despite a great deal of interest. (There are 220,000 members in an on-line SAP 'community' seeking information, ideas and tools on the IT Toolbox Website alone.) Managing SAP user authentication and authorizations is becoming more complex than ever, as there are more and more SAP products involved that have very different access issues. It's a complex area that requires focused expertise.This book is designed for these network and systems administrator who deal with the complexity of having to make judgmental decisions regarding enormously complicated and technical data in the SAP landscape, as well as pay attention to new compliance rules and security regulations.Most SAP users experience significant challenges when trying to manage and mitigate the risks in existing or new security solutions and usually end up facing repetitive, expensive re-work and perpetuated compliance challenges. This book is designed to help them properly and efficiently manage these challenges on an ongoing basis. It aims to remove the 'Black Box' mystique that surrounds SAP security.

Browse by Publisher