28,65 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
MEET THE ROCK STARS OF CYBERSECURITY
Day after day, whitehats meet blackhats on the field of cyberspace, battling for control of the technology that powers our world. Ethical hackers?whitehats?are among the most brilliant and resourceful of technology experts, constantly developing new ways to stay one step ahead of those who would hijack our data and systems for personal gain.
In these pages, you're going to meet some of the unsung heroes who protect us all from the Dark Side. You'll discover why they chose this field, the areas in which they excel, and their most notable accomplishments. You'll also get a brief overview of the many different types of cyberattacks they battle.
If the world of ethical hacking intrigues you, here's where to start exploring. You'll hear from:
- Bruce Schneier, America's leading cyber-security expert
- Kevin Mitnick, master of social engineering
- Dr. Dorothy E. Denning, specialist in intrusion detection
- Mark Russinovich, Azure Cloud CTO
- Dr. Charlie Miller, leader in thwarting car hacks
... and many more
MEET THE ROCK STARS OF CYBERSECURITY
Day after day, whitehats meet blackhats on the field of cyberspace, battling for control of the technology that powers our world. Ethical hackers?whitehats?are among the most brilliant and resourceful of technology experts, constantly developing new ways to stay one step ahead of those who would hijack our data and systems for personal gain.
In these pages, you're going to meet some of the unsung heroes who protect us all from the Dark Side. You'll discover why they chose this field, the areas in which they excel, and their most notable accomplishments. You'll also get a brief overview of the many different types of cyberattacks they battle.
If the world of ethical hacking intrigues you, here's where to start exploring. You'll hear from:
- Bruce Schneier, America's leading cyber-security expert
- Kevin Mitnick, master of social engineering
- Dr. Dorothy E. Denning, specialist in intrusion detection
- Mark Russinovich, Azure Cloud CTO
- Dr. Charlie Miller, leader in thwarting car hacks
... and many more
ROGER A. GRIMES has worked in the field of computer security for over 27 years. As a professional penetration tester, he successfully broke into every company he was hired to hack within an hour, with a single exception that took three hours. He consults worldwide and has been the InfoWorld magazine ([...] computer security columnist since 2005.
(ISC)2 books published by Wiley provide aspiring and experienced cybersecurity professionals with unique insights and advice for delivering on (ISC)2's vision of inspiring a safe and secure world.
Foreword xxxi
Introduction xxxiii
1 What Type of Hacker Are You? 1
Most Hackers Aren't Geniuses 2
Defenders Are Hackers Plus 3
Hackers Are Special 3
Hackers Are Persistent 4
Hacker Hats 4
2 How Hackers Hack 9
The Secret to Hacking 10
The Hacking Methodology 11
Hacking Is Boringly Successful 20
Automated Malware as a Hacking Tool 20
Hacking Ethically 21
3 Profile: Bruce Schneier 23
For More Information on Bruce Schneier 26
4 Social Engineering 27
Social Engineering Methods 27
Phishing 27
Trojan Horse Execution 28
Over the Phone 28
Purchase Scams 28
In-Person 29
Carrot or Stick 29
Social Engineering Defenses 30
Education 30
Be Careful of Installing Software from Third-Party Websites 30
EV Digital Certificates 31
Get Rid of Passwords 31
Anti-Social Engineering Technologies 31
5 Profile: Kevin Mitnick 33
For More Information on Kevin Mitnick 37
6 Software Vulnerabilities 39
Number of Software Vulnerabilities 39
Why Are Software Vulnerabilities Still a Big Problem? 40
Defenses Against Software Vulnerabilities 41
Security Development Lifecycle 41
More Secure Programming Languages 42
Code and Program Analysis 42
More Secure Operating Systems 42
Third-Party Protections and Vendor Add-Ons 42
Perfect Software Won't Cure All Ills 43
7 Profile: Michael Howard 45
For More Information on Michael Howard 49
8 Profile: Gary McGraw 51
For More Information on Gary McGraw 54
9 Malware 55
Malware Types 55
Number of Malware Programs 56
Mostly Criminal in Origin 57
Defenses Against Malware 58
Fully Patched Software 58
Training 58
Anti-Malware Software 58
Application Control Programs 59
Security Boundaries 59
Intrusion Detection 59
10 Profile: Susan Bradley 61
For More Information on Susan Bradley 63
11 Profile: Mark Russinovich 65
For More on Mark Russinovich 68
12 Cryptography 69
What Is Cryptography? 69
Why Can't Attackers Just Guess All the Possible Keys? 70
Symmetric Versus Asymmetric Keys 70
Popular Cryptography 70
Hashes 71
Cryptographic Uses 72
Cryptographic Attacks 72
Math Attacks 72
Known Ciphertext/Plaintext 73
Side Channel Attacks 73
Insecure Implementations 73
13 Profile: Martin Hellman 75
For More Information on Martin Hellman 79
14 Intrusion Detection/APTs 81
Traits of a Good Security Event Message 82
Advanced Persistent Threats (APTs) 82
Types of Intrusion Detection 83
Behavior-Based 83
Signature-Based 84
Intrusion Detection Tools and Services 84
Intrusion Detection/Prevention Systems 84
Event Log Management Systems 85
Detecting Advanced Persistent Threats (APTs) 85
15 Profile: Dr. Dorothy E. Denning 87
For More Information on Dr Dorothy E Denning 90
16 Profile: Michael Dubinsky 91
For More Information on Michael Dubinsky 93
17 Firewalls 95
What Is a Firewall? 95
The Early History of Firewalls 95
Firewall Rules 97
Where Are Firewalls? 97
Advanced Firewalls 98
What Firewalls Protect Against 98
18 Profile: William Cheswick 101
For More Information on William Cheswick 105
19 Honeypots 107
What Is a Honeypot? 107
Interaction 108
Why Use a Honeypot? 108
Catching My Own Russian Spy 109
Honeypot Resources to Explore 110
20 Profile: Lance Spitzner 111
For More Information on Lance Spitzner 114
21 Password Hacking 115
Authentication Components 115
Passwords 116
Authentication Databases 116
Password Hashes 116
Authentication Challenges 116
Authentication Factors 117
Hacking Passwords 117
Password Guessing 117
Phishing 118
Keylogging 118
Hash Cracking 118
Credential Reuse 119
Hacking Password Reset Portals 119
Password Defenses 119
Complexity and Length 120
Frequent Changes with No Repeating 120
Not Sharing Passwords Between Systems 120
Account Lockout 121
Strong Password Hashes 121
Don't Use Passwords 121
Credential Theft Defenses 121
Reset Portal Defenses 122
22 Profile: Dr. Cormac Herley 123
For More Information on Dr. Cormac Herley 126
23 Wireless Hacking 127
The Wireless World 127
Types of Wireless Hacking 127
Attacking the Access Point 128
Denial of Service 128
Guessing a Wireless Channel Password 128
Session Hijacking 128
Stealing Information 129
Physically Locating a User 129
Some Wireless Hacking Tools 129
Aircrack-Ng 130
Kismet 130
Fern Wi-Fi Hacker 130
Firesheep 130
Wireless Hacking Defenses 130
Frequency Hopping 130
Predefined Client Identification 131
Strong Protocols 131
Long Passwords 131
Patching Access Points 131
Electromagnetic Shielding 131
24 Profile: Thomas d'Otreppe de Bouvette 133
For More Information on Thomas d'Otreppe de Bouvette 135
25 Penetration Testing 137
My Penetration Testing Highlights 137
Hacked Every Cable Box in the Country 137
Simultaneously Hacked a Major Television Network and Pornography 138
Hacked a Major Credit Card Company 138
Created a Camera Virus 139
How to Be a Pen Tester 139
Hacker Methodology 139
Get Documented Permission First 140
Get a Signed Contract 140
Reporting 140
Certifications 141
Be Ethical 145
Minimize Potential Operational Interruption 145
26 Profile: Aaron Higbee 147
For More Information on Aaron Higbee 149
27 Profile: Benild Joseph 151
For More Information on Benild Joseph 153
28 DDoS Attacks 155
Types of DDoS Attacks 155
Denial of Service 155
Direct Attacks 156
Reflection Attacks 156
Amplification 156
Every Layer in the OSI Model 157
Escalating Attacks 157
Upstream and Downsteam Attacks 157
DDoS Tools and Providers 158
Tools 158
DDoS as a Service 158
DDoS Defenses 159
Training 159
Stress Testing 159
Appropriate Network Configuration 159
Engineer Out Potential Weak Points 159
Anti-DDoS Services 160
29 Profile: Brian Krebs 161
For More Information on Brian Krebs 164
30 Secure OS 165
How to Secure an Operating System 166
Secure-Built OS 166
Secure Guidelines 168
Secure Configuration Tools 169
Security Consortiums 169
Trusted Computing Group 169
FIDO Alliance 169
31 Profile: Joanna Rutkowska 171
For More Information on Joanna Rutkowska 173
32 Profile: Aaron Margosis 175
For More Information on Aaron Margosis 179
33 Network Attacks 181
Types of Network Attacks 181
Eavesdropping 182
Man-in-the-Middle Attacks 182
Distributed Denial-of-Service Attacks 183
Network Attack Defenses 183
Domain Isolation 183
Virtual Private Networks 183
Use Secure Protocols and Applications 183
Network Intrusion Detection 184
Anti-DDoS Defenses 184
Visit Secure Web Sites and Use Secure Services 184
34 Profile: Laura Chappell 185
For More Information on Laura Chappell 188
35 IoT Hacking 189
How Do Hackers Hack IoT? 189
IoT Defenses 190
36 Profile: Dr. Charlie Miller 193
For More Information on Dr. Charlie Miller 198
37 Policy and Strategy 201
Standards 201
Policies 202
Procedures 203
Frameworks 203
Regulatory Laws 203
Global Concerns 203
Systems Support 204
38 Profile: Jing de Jong-Chen 205
For More Information on Jing de Jong-Chen 209
39 Threat Modeling 211
Why Threat Model? 211
Threat Modeling Models 212
Threat Actors 213
Nation-States 213
Industrial Hackers 213
Financial Crime 213
Hacktivists 214
Gamers 214
Insider Threats 214
Ordinary, Solitary Hackers or Hacker Groups 214
40 Profile: Adam Shostack 217
For More Information on Adam Shostack 220
41 Computer Security Education 221
Computer Security Training Topics 222
End-User/Security Awareness Training 222
General IT Security Training 222
Incident Response 222
OS and Application-Specific Training 223
Technical Skills 223
Certifications 223
Training Methods 224
Online Training 224
Break into My Website 224
Schools and Training Centers 224
Boot Camps 225
Corporate Training 225
Books 225
42 Profile: Stephen Northcutt 227
For More Information on...
Erscheinungsjahr: | 2017 |
---|---|
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | Kartoniert / Broschiert |
ISBN-13: | 9781119396215 |
ISBN-10: | 1119396212 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Grimes, Roger A |
Hersteller: | Wiley |
Verantwortliche Person für die EU: | Produktsicherheitsverantwortliche/r, Europaallee 1, D-36244 Bad Hersfeld, gpsr@libri.de |
Maße: | 228 x 154 x 20 mm |
Von/Mit: | Roger A Grimes |
Erscheinungsdatum: | 01.05.2017 |
Gewicht: | 0,427 kg |
ROGER A. GRIMES has worked in the field of computer security for over 27 years. As a professional penetration tester, he successfully broke into every company he was hired to hack within an hour, with a single exception that took three hours. He consults worldwide and has been the InfoWorld magazine ([...] computer security columnist since 2005.
(ISC)2 books published by Wiley provide aspiring and experienced cybersecurity professionals with unique insights and advice for delivering on (ISC)2's vision of inspiring a safe and secure world.
Foreword xxxi
Introduction xxxiii
1 What Type of Hacker Are You? 1
Most Hackers Aren't Geniuses 2
Defenders Are Hackers Plus 3
Hackers Are Special 3
Hackers Are Persistent 4
Hacker Hats 4
2 How Hackers Hack 9
The Secret to Hacking 10
The Hacking Methodology 11
Hacking Is Boringly Successful 20
Automated Malware as a Hacking Tool 20
Hacking Ethically 21
3 Profile: Bruce Schneier 23
For More Information on Bruce Schneier 26
4 Social Engineering 27
Social Engineering Methods 27
Phishing 27
Trojan Horse Execution 28
Over the Phone 28
Purchase Scams 28
In-Person 29
Carrot or Stick 29
Social Engineering Defenses 30
Education 30
Be Careful of Installing Software from Third-Party Websites 30
EV Digital Certificates 31
Get Rid of Passwords 31
Anti-Social Engineering Technologies 31
5 Profile: Kevin Mitnick 33
For More Information on Kevin Mitnick 37
6 Software Vulnerabilities 39
Number of Software Vulnerabilities 39
Why Are Software Vulnerabilities Still a Big Problem? 40
Defenses Against Software Vulnerabilities 41
Security Development Lifecycle 41
More Secure Programming Languages 42
Code and Program Analysis 42
More Secure Operating Systems 42
Third-Party Protections and Vendor Add-Ons 42
Perfect Software Won't Cure All Ills 43
7 Profile: Michael Howard 45
For More Information on Michael Howard 49
8 Profile: Gary McGraw 51
For More Information on Gary McGraw 54
9 Malware 55
Malware Types 55
Number of Malware Programs 56
Mostly Criminal in Origin 57
Defenses Against Malware 58
Fully Patched Software 58
Training 58
Anti-Malware Software 58
Application Control Programs 59
Security Boundaries 59
Intrusion Detection 59
10 Profile: Susan Bradley 61
For More Information on Susan Bradley 63
11 Profile: Mark Russinovich 65
For More on Mark Russinovich 68
12 Cryptography 69
What Is Cryptography? 69
Why Can't Attackers Just Guess All the Possible Keys? 70
Symmetric Versus Asymmetric Keys 70
Popular Cryptography 70
Hashes 71
Cryptographic Uses 72
Cryptographic Attacks 72
Math Attacks 72
Known Ciphertext/Plaintext 73
Side Channel Attacks 73
Insecure Implementations 73
13 Profile: Martin Hellman 75
For More Information on Martin Hellman 79
14 Intrusion Detection/APTs 81
Traits of a Good Security Event Message 82
Advanced Persistent Threats (APTs) 82
Types of Intrusion Detection 83
Behavior-Based 83
Signature-Based 84
Intrusion Detection Tools and Services 84
Intrusion Detection/Prevention Systems 84
Event Log Management Systems 85
Detecting Advanced Persistent Threats (APTs) 85
15 Profile: Dr. Dorothy E. Denning 87
For More Information on Dr Dorothy E Denning 90
16 Profile: Michael Dubinsky 91
For More Information on Michael Dubinsky 93
17 Firewalls 95
What Is a Firewall? 95
The Early History of Firewalls 95
Firewall Rules 97
Where Are Firewalls? 97
Advanced Firewalls 98
What Firewalls Protect Against 98
18 Profile: William Cheswick 101
For More Information on William Cheswick 105
19 Honeypots 107
What Is a Honeypot? 107
Interaction 108
Why Use a Honeypot? 108
Catching My Own Russian Spy 109
Honeypot Resources to Explore 110
20 Profile: Lance Spitzner 111
For More Information on Lance Spitzner 114
21 Password Hacking 115
Authentication Components 115
Passwords 116
Authentication Databases 116
Password Hashes 116
Authentication Challenges 116
Authentication Factors 117
Hacking Passwords 117
Password Guessing 117
Phishing 118
Keylogging 118
Hash Cracking 118
Credential Reuse 119
Hacking Password Reset Portals 119
Password Defenses 119
Complexity and Length 120
Frequent Changes with No Repeating 120
Not Sharing Passwords Between Systems 120
Account Lockout 121
Strong Password Hashes 121
Don't Use Passwords 121
Credential Theft Defenses 121
Reset Portal Defenses 122
22 Profile: Dr. Cormac Herley 123
For More Information on Dr. Cormac Herley 126
23 Wireless Hacking 127
The Wireless World 127
Types of Wireless Hacking 127
Attacking the Access Point 128
Denial of Service 128
Guessing a Wireless Channel Password 128
Session Hijacking 128
Stealing Information 129
Physically Locating a User 129
Some Wireless Hacking Tools 129
Aircrack-Ng 130
Kismet 130
Fern Wi-Fi Hacker 130
Firesheep 130
Wireless Hacking Defenses 130
Frequency Hopping 130
Predefined Client Identification 131
Strong Protocols 131
Long Passwords 131
Patching Access Points 131
Electromagnetic Shielding 131
24 Profile: Thomas d'Otreppe de Bouvette 133
For More Information on Thomas d'Otreppe de Bouvette 135
25 Penetration Testing 137
My Penetration Testing Highlights 137
Hacked Every Cable Box in the Country 137
Simultaneously Hacked a Major Television Network and Pornography 138
Hacked a Major Credit Card Company 138
Created a Camera Virus 139
How to Be a Pen Tester 139
Hacker Methodology 139
Get Documented Permission First 140
Get a Signed Contract 140
Reporting 140
Certifications 141
Be Ethical 145
Minimize Potential Operational Interruption 145
26 Profile: Aaron Higbee 147
For More Information on Aaron Higbee 149
27 Profile: Benild Joseph 151
For More Information on Benild Joseph 153
28 DDoS Attacks 155
Types of DDoS Attacks 155
Denial of Service 155
Direct Attacks 156
Reflection Attacks 156
Amplification 156
Every Layer in the OSI Model 157
Escalating Attacks 157
Upstream and Downsteam Attacks 157
DDoS Tools and Providers 158
Tools 158
DDoS as a Service 158
DDoS Defenses 159
Training 159
Stress Testing 159
Appropriate Network Configuration 159
Engineer Out Potential Weak Points 159
Anti-DDoS Services 160
29 Profile: Brian Krebs 161
For More Information on Brian Krebs 164
30 Secure OS 165
How to Secure an Operating System 166
Secure-Built OS 166
Secure Guidelines 168
Secure Configuration Tools 169
Security Consortiums 169
Trusted Computing Group 169
FIDO Alliance 169
31 Profile: Joanna Rutkowska 171
For More Information on Joanna Rutkowska 173
32 Profile: Aaron Margosis 175
For More Information on Aaron Margosis 179
33 Network Attacks 181
Types of Network Attacks 181
Eavesdropping 182
Man-in-the-Middle Attacks 182
Distributed Denial-of-Service Attacks 183
Network Attack Defenses 183
Domain Isolation 183
Virtual Private Networks 183
Use Secure Protocols and Applications 183
Network Intrusion Detection 184
Anti-DDoS Defenses 184
Visit Secure Web Sites and Use Secure Services 184
34 Profile: Laura Chappell 185
For More Information on Laura Chappell 188
35 IoT Hacking 189
How Do Hackers Hack IoT? 189
IoT Defenses 190
36 Profile: Dr. Charlie Miller 193
For More Information on Dr. Charlie Miller 198
37 Policy and Strategy 201
Standards 201
Policies 202
Procedures 203
Frameworks 203
Regulatory Laws 203
Global Concerns 203
Systems Support 204
38 Profile: Jing de Jong-Chen 205
For More Information on Jing de Jong-Chen 209
39 Threat Modeling 211
Why Threat Model? 211
Threat Modeling Models 212
Threat Actors 213
Nation-States 213
Industrial Hackers 213
Financial Crime 213
Hacktivists 214
Gamers 214
Insider Threats 214
Ordinary, Solitary Hackers or Hacker Groups 214
40 Profile: Adam Shostack 217
For More Information on Adam Shostack 220
41 Computer Security Education 221
Computer Security Training Topics 222
End-User/Security Awareness Training 222
General IT Security Training 222
Incident Response 222
OS and Application-Specific Training 223
Technical Skills 223
Certifications 223
Training Methods 224
Online Training 224
Break into My Website 224
Schools and Training Centers 224
Boot Camps 225
Corporate Training 225
Books 225
42 Profile: Stephen Northcutt 227
For More Information on...
Erscheinungsjahr: | 2017 |
---|---|
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | Kartoniert / Broschiert |
ISBN-13: | 9781119396215 |
ISBN-10: | 1119396212 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Grimes, Roger A |
Hersteller: | Wiley |
Verantwortliche Person für die EU: | Produktsicherheitsverantwortliche/r, Europaallee 1, D-36244 Bad Hersfeld, gpsr@libri.de |
Maße: | 228 x 154 x 20 mm |
Von/Mit: | Roger A Grimes |
Erscheinungsdatum: | 01.05.2017 |
Gewicht: | 0,427 kg |