An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking.
Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.
* Provides IT Security Professionals with a first look at likely new threats to their enterprise
* Includes real-world examples of system intrusions and compromised data
* Provides techniques and strategies to detect, prevent, and recover
* Includes coverage of PCI, VoIP, XSS, Asterisk, Social Engineering, Botnets, and Convergence
Autorentext
Craig A Schiller (CISSP-ISSMP, ISSAP) is the CISO for Portland State University and President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He is a co-author of "Combating Spyware in the Enterprise and "Winternals from Syngress, several editions of the Handbook of Information Security Management, and a contributing author to Data Security Management. Mr. Schiller has co-founded two ISSA chapters, the Central Plains chapter and the Texas Gulf Coast Chapter.
Inhalt
Foreword
Part I: Botnets
Chapter 1 Botnets: A Call to Action
Introduction
The Killer Web App
How Big is the Problem?
The Industry Responds
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Botnets Overview
What is a Botnet?
The Botnet Life Cycle
What Does a Botnet Do?
Botnet Economic
Summary
Solutions Fast Track
Frequently Asked Questions
Part II Cross Site Scripting Attacks
Chapter 3 Cross-site Scripting Fundamentals
Introduction
Web Application Security
XML and AJAX Introduction
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 XSS Theory
Introduction
Getting XSS'ed
DOM-based XSS in Detail
Redirection
CSRF
Flash, QuickTime, PDF, Oh My
HTTP Response Injection
Source vs. DHTML Reality
Bypassing XSS Length Limitations
XSS Filter Evasion
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 XSS Attack Methods
Introduction
History Stealing
Intranet Hacking
XSS Defacements
Summary
Solutions Fast Track
Frequently Asked Questions
References
Part III Physical and Logical Security Convergence
Chapter 6 Protecting Critical
Infrastructure: Process Control and SCADA
Introduction
Technology Background: Process Control Systems
Why Convergence?
Threats and Challenges
Conclusion
Chapter 7 Final Thought
Introduction
Final Thoughts from William Crower
Final Thoughts from Dan Dunkel
Final Thoughts from Brian Contos
Final Thoughts from Colby DeRodeoff
Part IV PCI Compliance
Chapter 8 Why PCi is Important
Introduction
What is PCI?
Overview of PCI Requirements
Risks and Consequences
Benefits of Compliance
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Protect Cardholder Data
Protecting Cardholder Data
PCI Requirement 3: Protect Stored Cardholder Data
PCI Requirement 4~Encrypt Transmission of Cardholder Data Across Open, Public Networks
Using Compensating Controls
Mapping Out a Strategy
The Absolute Essentials
Summary
Solutions Fast Track
Frequently Asked Questions
Part V Asterisk and VolP Hacking
Chapter 10 Understanding and Taking Advantage of VolP Protocols
Introduction
Your Voice to Data
Making Your Voice Smaller
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Asterisk Hardware Ninjutsu
Introduction
Serial
Motion
Modems
Fun with Dialing
Legalities and Tips
Summary
Solutions Fast Track
Frequently Asked Questions
Part VI Hack the Stack
Chapter 12 Social Engineering
Introduction
Attacking the People Layer
Defending the People Layer
Making the Case for Stronger Security
People Layer Security Project
Summary
Solutions Fast Track
Frequently Asked Questions
Index