Skip to main content

Syngress

Next Generation SSH2 Implementation
Securing Data in Motion
1st Edition
November 12, 2008
Dale Liu
English
New security risks, continuously evolving regulation and increasing security standards have created new and growing needs for secure internal information transfers, which SSH provides. This book addresses these new trends in depth, offering the most up-to-date information on the integration of SSH into a security environment. It covers the newest features and applications of SSH-2 (which received Proposed Standard status from the IETF in 2006). SSH2 is more secure than previous versions and has many expanded uses on a wider variety of computing platforms. Another particular note driving new SSH2 adoption are the requirements of recent legislation (PCI/HIPAA/SOX/FISMA... SSH 2 has become an even more valuable tool, as it provides communications security compliance with the latest standards.This book offers the most up-to-date information on SSH2 in a practical, hands-on, tutorial-style reference that goes well beyond UNIX implementation. It concentrates on the latest version of SSH 2 with all new information.
SAP Security Configuration and Deployment
The IT Administrator's Guide to Best Practices
1st Edition
October 31, 2008
Joey Hirao
English
Throughout the world, high-profile large organizations (aerospace and defense, automotive, banking, chemicals, financial service providers, healthcare, high tech, insurance, oil and gas, pharmaceuticals, retail, telecommunications, and utilities) and governments are using SAP software to process their most mission-critical, highly sensitive data. With more than 100,000 installations, SAP is the world's largest enterprise software company and the world's third largest independent software supplier overall. Despite this widespread use, there have been very few books written on SAP implementation and security, despite a great deal of interest. (There are 220,000 members in an on-line SAP 'community' seeking information, ideas and tools on the IT Toolbox Website alone.) Managing SAP user authentication and authorizations is becoming more complex than ever, as there are more and more SAP products involved that have very different access issues. It's a complex area that requires focused expertise.This book is designed for these network and systems administrator who deal with the complexity of having to make judgmental decisions regarding enormously complicated and technical data in the SAP landscape, as well as pay attention to new compliance rules and security regulations.Most SAP users experience significant challenges when trying to manage and mitigate the risks in existing or new security solutions and usually end up facing repetitive, expensive re-work and perpetuated compliance challenges. This book is designed to help them properly and efficiently manage these challenges on an ongoing basis. It aims to remove the 'Black Box' mystique that surrounds SAP security.
Mobile Malware Attacks and Defense
1st Edition
October 31, 2008
Ken Dunham
English
Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices.* Visual PayloadsView attacks as visible to the end user, including notation of variants.* Timeline of Mobile Hoaxes and ThreatsUnderstand the history of major attacks and horizon for emerging threates.* Overview of Mobile Malware FamiliesIdentify and understand groups of mobile malicious code and their variations.* Taxonomy of Mobile MalwareBring order to known samples based on infection, distribution, and payload strategies.* Phishing, SMishing, and Vishing AttacksDetect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques.* Operating System and Device VulnerabilitiesAnaly... unique OS security issues and examine offensive mobile device threats.* Analyze Mobile MalwareDesign a sandbox for dynamic software analysis and use MobileSandbox to analyze mobile malware.* Forensic Analysis of Mobile MalwareConduct forensic analysis of mobile devices and learn key differences in mobile forensics.* Debugging and Disassembling Mobile MalwareUse IDA and other tools to reverse-engineer samples of malicious code for analysis.* Mobile Malware Mitigation MeasuresQualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents.
E-discovery: Creating and Managing an Enterprisewide Program
A Technical Guide to Digital Investigation and Litigation Support
1st Edition
October 20, 2008
Karen A. Schuler
English
One of the hottest topics in computer forensics today, electronic discovery (e-discovery) is the process by which parties involved in litigation respond to requests to produce electronically stored information (ESI). According to the 2007 Socha-Gelbmann Electronic Discovery Survey, it is now a $2 billion industry, a 60% increase from 2004, projected to double by 2009. The core reason for the explosion of e-discovery is sheer volume; evidence is digital and 75% of modern day lawsuits entail e-discovery.A recent survey reports that U.S. companies face an average of 305 pending lawsuits internationally. For large U.S. companies ($1 billion or more in revenue)that number has soared to 556 on average, with an average of 50 new disputes emerging each year for nearly half of them. To properly manage the role of digital information in an investigative or legal setting, an enterprise--whether it is a Fortune 500 company, a small accounting firm or a vast government agency--must develop an effective electronic discovery program. Since the amendments to the Federal Rules of Civil Procedure, which took effect in December 2006, it is even more vital that the lifecycle of electronically stored information be understood and properly managed to avoid risks and costly mistakes. This books holds the keys to success for systems administrators, information security and other IT department personnel who are charged with aiding the e-discovery process.
Building a Digital Forensic Laboratory
Establishing and Managing a Successful Facility
1st Edition
October 2, 2008
Andrew Jones + 1 more
English
The need to professionally and successfully conduct computer forensic investigations of incidents and crimes has never been greater. This has caused an increased requirement for information about the creation and management of computer forensic laboratories and the investigations themselves. This includes a great need for information on how to cost-effectively establish and manage a computer forensics laboratory. This book meets that need: a clearly written, non-technical book on the topic of computer forensics with emphasis on the establishment and management of a computer forensics laboratory and its subsequent support to successfully conducting computer-related crime investigations.
GFI Network Security and PCI Compliance Power Tools
1st Edition
September 22, 2008
Brien Posey
English
Today all companies, U.S. federal agencies, and non-profit organizations have valuable data on their servers that needs to be secured. One of the challenges for IT experts is learning how to use new products in a time-efficient manner, so that new implementations can go quickly and smoothly. Learning how to set up sophisticated products is time-consuming, and can be confusing. GFI's LANguard Network Security Scanner reports vulnerabilities so that they can be mitigated before unauthorized intruders can wreck havoc on your network. To take advantage of the best things that GFI's LANguard Network Security Scanner has to offer, you'll want to configure it on your network so that it captures key events and alerts you to potential vulnerabilities before they are exploited.In this book Brien Posey has pinpointed the most important concepts with examples and screenshots so that systems administrators and security engineers can understand how to get the GFI security tools working quickly and effectively. His straightforward, no nonsense writing style is devoid of difficult to understand technical jargon. His descriptive examples explain how GFI's security tools enhance the security controls that are already built into your server's operating system.* Secure Your Network Master the various components that make up the management console and prepare to use it for most tasks.* Analyze Scan Results View detected vulnerabilities, save and print results, query open ports, and filter your results.* Install and Use the ReportPack Learn how to build custom reports and schedule reports. See how filters allow you to control the information that is processed when a reports is run.* Perform a Hardware Inventory and Compile a Software Inventory Use GFI to do your inventories and perform audits. See how to blacklist and whitelist applications to make your reports more meaningful.* Manage Patches Effectively See how to deploy a specific patch, perform a scan comparison, uninstall a patch, and deploy custom software.* Use GFI EndPointSecurity to Lock Down Hardware Be prepared for users trying to install unauthorized software, copy sensitive data onto removable media, or perform other actions to try and circumvent your network's security.* Create Protection Policies Control the level of device access allowed on a system and create separate protection policies; one for servers, one for workstations, and one for laptops. Learn how to deploy agents.* Regulate Specific Devices Master some of the advanced features of GFI: locking device categories, blacklisting and whitelisting devices, and using file type restrictions.* Monitor Device Usage Keep tabs on your network by setting logging options, setting alerting options, and generating end point security reports.
Configuring Windows Vista Post-Installation System Settings
Exam: 70-620
1st Edition
August 15, 2008
English
Syngress vLabs let you learn on live systems in a safe, secure staging environment. You will learn more effectively by experiencing real-world situations and getting immediate feedback. You will be more certain to pass your certification exams because you've studied specific scenarios that you'll see on exam day.
Techno Security's Guide to Securing SCADA
A Comprehensive Handbook On Protecting The Critical Infrastructure
1st Edition
July 16, 2008
Greg Miles + 8 more
English
Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--ever... from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack. This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independ... concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.
Malware Forensics
Investigating and Analyzing Malicious Code
1st Edition
June 30, 2008
Eoghan Casey + 2 more
English
Malware Forensics: Investigating and Analyzing Malicious Code covers the complete process of responding to a malicious code incident. Written by authors who have investigated and prosecuted federal malware cases, this book deals with the emerging and evolving field of live forensics, where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss live forensics on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system. It is the first book detailing how to perform live forensic techniques on malicious code. The book gives deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more. It explores over 150 different tools for malware incident response and analysis, including forensic tools for preserving and analyzing computer memory. Readers from all educational and technical backgrounds will benefit from the clear and concise explanations of the applicable legal case law and statutes covered in every chapter. In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter. This book is intended for system administrators, information security professionals, network personnel, forensic examiners, attorneys, and law enforcement working with the inner-workings of computer memory and malicious code.
The IT / Digital Legal Companion
A Comprehensive Business Guide to Software, IT, Internet, Media and IP Law
1st Edition
June 27, 2008
Gene K. Landy + 1 more
English
The IT/Digital Legal Companion is a comprehensive business and legal guidance covering intellectual property for digital business; digital contract fundamentals; open source rules and strategies; development, consulting and outsourcing; software as a service; business software licensing, partnering, and distribution; web and Internet agreements; privacy on the Internet; digital multimedia content clearance and distribution; IT standards; video game development and content deals; international distribution; and user-created content, mash-ups, MMOGs, and web widgets.Chapters deal with topics such as copyrights on the Internet, for software protection and around the world; trademarks and domain names; patents and digital technology companies; trade secrets and non-disclosure agreements; confidentiality, rights transfer, and non-competition agreements for employees; introduction to digital product and service contracts; a pragmatic guide to open source; IT services - development, outsourcing, and consulting; beta test agreements; commercial end-user agreements; terms of use for web sites and online applications; privacy and use of personal data; digital technology standards - opportunities, risks, and strategies; content for digital media; and deals in the web and mobile value chains.This book is intended for executives, entrepreneurs, finance and business development officers; technology and engineering officers; marketers, licensing professionals, and technology professionals; in-house counsel; and anyone else that deals with software or digital technology in business.

Browse by Publisher