| |
New Titles |
| |
 Stealing the Network: How to Own an Identity
The first two books in this series Stealing the Network: How to Own the Box and Stealing the Network: How to Own a Continent have become classics in the Hacker and Infosec communities because of their chillingly realistic depictions of criminal hacking techniques. In this third installment, the all-star cast of authors tackle one of the fastest growing crimes in the world: Identity Theft. Now, the criminal hackers, readers have grown to both love and hate, try to cover their tracks and vanish into thin air.
|
 Network Security Evaluation Using the NSA IEM
Finally, a book that gives you everything you need to provide the most comprehensive technical security posture evaluation for any organization! The NSA's recommended methodology is described in depth,leading you through each step in providing customers with analysis customized to their organization. From setting scope and legal coordination to the final report and trending metrics, this book has it all.
|
 Aggressive Network Self-Defense
Are you tired of feeling vulnerable to the latest security vulnerabilities? Are you fed up with vendors who take too long to release security patches, while criminals waste no time in exploiting those very same holes? Do you want to know who, exactly, is really trying to hack your network? Do you think EVERYONE should be responsible for securing their owns systems so they can't be used to attack yours? Do you think you have the right to defend yourself, your network, and ultimately your business against aggressors and adversaries? If so, Aggressive Network Self-Defense is the book for you. Learn how you can take your security into your own hands to identify, target, and nullify your adversaries.
|
| |
Upcoming Titles |
| |
How to Cheat at Managing Windows Server Update Services
(November)
If you manage a Microsoft Windows network, you probably find yourself overwhelmed at times by the sheer volume of updates and patches released by Microsoft for their products. You know these updates are critical to keep your network running efficiently and securely, but staying current amidst all of your other responsibilities can be almost impossible. Microsoft's recently released Windows Server Update Services (WSUS) is designed to streamline this process. Learn how to take full advantage of WSUS using Syngress' proven "How to Cheat" methodology which gives you everything you need and nothing you don't.
|
Penetration Tester's Open Source Toolkit
(October)
This is the first fully integrated Penetration Testing book and bootable Linux CD containing the Auditor Security Collection which includes over 300 of the most effective and commonly used open source attack and penetration testing tools. This powerful tool kit and authoritative reference is written by the security industry's foremost penetration testers including HD Moore, Jay Beale, and SensePost. This unique package provides you with a completely portable and bootable Linux attack distribution and authoritative reference to the toolset included and the required methodology.
|
RFID Security
(October)
Wal-Mart was the main force behind the widespread adoption of bar codes in the 80s; they now have started the conversion from bar codes to RFID tags and are requiring all suppliers to switch to RFID tags as well or lose their business. RFID will become a mainstream technology whether liked or not and anyone using barcode technology needs to have their RFID solution in place quickly. This book teaches readers about the security implications of RFID.
|
Insider Threat
(October)
As network defense perimeters get stronger and stronger; IT, security, law enforcement, and intelligence professionals are realizing that the greatest threats to their networks are increasingly coming from within their own organizations. These insiders, comprised of current and former employees or contractors, can use their inside knowledge of a target network to carry out acts of sabotage, espionage, and theft of data.
|
Software Piracy Exposed
(September)
For every $2 worth of software purchased legally, $1 worth of software is pirated illegally. For the first time ever, the dark underground of how software is stolen and traded over the internet is revealed. The technical detail provided will open the eyes of software users and manufacturers worldwide! This book is a tell-it-like-it-is expos of how tens of billions of dollars worth of software is stolen every year.
|
Securing IM and P2P Applications for the Enterprise
(September)
As an IT Professional, you know that the majority of the workstations on your network now contain IM and P2P applications that you did not select, test, install, or configure. As a result, malicious hackers, as well as virus and worm writers are targeting these inadequately secured applications for attack This book will teach you how to take back control of your workstations and reap the benefits provided by these applications while protecting your network from the inherent dangers.
|
Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications
(September)
If you have Snort, Nessus, and Ethereal up and running and now you're ready to customize, code, and torque these tools to their fullest potential, this book is for you. The authors of this book provide the inside scoop on coding the most effective and efficient Snort rules, Nessus plug-ins with NASL, and Ethereal capture and display filters. When done with this book, you will be a master at coding your own tools to detect malicious traffic, scan for vulnerabilities, and capture only the packets YOU really care about.
|
Phishing Exposed
(September)
If you have ever received a phish, become a victim of a phish, or manage the security of a major e-commerce or financial site, then you need to read this book. The author of this book delivers the unconcealed techniques of phishers including their evolving patterns, and how to gain the upper hand against the ever-accelerating attacks they deploy. Filled with elaborate and unprecedented forensics, Phishing Exposed details techniques that system administrators, law enforcement, and fraud investigators can exercise and learn more about their attacker and their specific attack methods, enabling risk mitigation in many cases before the attack occurs.
|
Skype Me!
(September)
In the first-ever book on Skype Markus Daehne, who is the forum moderator on the Skype web site, takes you from the basics of getting Skype up and running on all platforms, through advanced features included in SkypeIn, SkypeOut, and Skype for Business. The book teaches you everything from installing a headset to configuring a firewall to setting up Skype as a telephone Base to developing your own customized applications using the Skype Application Programming Interface.
|
How to Cheat at IT Project Management
(September)
Most IT projects fail to deliver, on average, all IT projects run over schedule by 82%, run over cost by 43% and deliver only 52% of the desired functionality. Pretty dismal statistics. Using the proven methods in this book, every IT project you work on from here on out will have a much higher likelihood of being on time, on budget and higher quality. This book provides clear, concise, information and hands-on training to give you immediate results. And, the companion Web site provides dozens of templates for managing IT projects.
|
Configuring Check Point NGX VPN-1/Firewall-1
(September)
Configuring Check Point NGX VPN-1/Firewall-1 is the perfect reference for anyone migrating from earlier versions of Check Point's flagship firewall/VPN product as well as those deploying VPN-1/Firewall-1 for the first time. NGX includes dramatic changes and new, enhanced features to secure the integrity of your network's data, communications, and applications from the plethora of blended threats which can breech your security through your network perimeter, web access, and increasingly common internal threats.
|
OS X for Hackers at Heart
(September)
With sexy hardware, a powerful operating system, and easy to use applications, Apple has made OS X the operating system of choice for hackers everywhere. But as great as OS X is out of the box, hackers are eager to push the boundaries by tweaking and tuning the software and hardware in order to do the things that really excite them such as penetration testing or software development. These modifications are often sexy in their own right and drive the OS X community even deeper into the realm of "elite." This book attempts to capture these purpose-driven modifications and shows how the best and brightest use OS X to do cutting edge research, development, and just plain fooling around.
|
Perfect Passwords
(September)
User passwords are the keys to the network kingdom, yet most users choose overly simplistic passwords (like password) that anyone could guess, while system administrators demand impossible to remember passwords littered with obscure characters and random numerals. Author Mark Burnett has accumulated and analyzed over 1,000,000 user passwords, and in this highly entertaining and informative book filled with dozens of illustrations reveals his findings and balances the rigid needs of security professionals against the ease of use desired by users.
|
Security Log Management
(September)
As a system administrator or security professionals, you probably find yourself inundated each day with a deluge of log files from seemingly countless devices, servers, and applications on your network ranging from Windows Server to Snort to your PIX firewall and everything in between. At times, the task of "seeing the forest through the trees" to extract useful, repeatable information from these logs may seem almost impossible. This unique book will show you how to use a combination of open source software such as Tcpdstats, and Snort perfmonitor to create succinct, meaningful reports that give you the big picture of your network's overall health and well being. So, if you need to analyze and prioritize everything from how much of your bandwidth is devoted to browsing ESPN.com, to the most targeted machines in your IDS logs, this is the book for you.
|
Virtualization with Vmware ESX Server
(August)
This book provides the essential concepts as well as an advanced understanding of Vmware's ESX Server and explains what the virtual evolution is and why it is important. This book gives you the requisite knowledge to plan and execute a server consolidation project as well as build both basic and advanced virtual machines and a virtual infrastructure.
|
Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools
(August)
Whether you work for a publicly traded or pre-IPO company or an IT consultant, you are familiar with the daunting task of complying with The Sarbanes-Oxley Act. You have no doubt seen the hour and dollar estimates for compliance go up and up. Now, you can re-grain control. This ground-breaking, fully integrated book and bootable, live CD provide all of the information AND the open source tools required for you to achieve SOX compliance the cheap and easy way.
|
Nessus Network Auditing
Nessus is the premier Open Source vulnerability assessment tool, and was recently voted the "most popular" open source security tool of any kind. This is the first book available on Nessus and it is written by the world's premier Nessus developers led by the creator of Nessus, Renaud Deraison.
|
Game Console Hacking
Game Console Hacking is the first book on the market to show Video Game enthusiasts (self described hardware geeks) how to disassemble, reconfigure, customize and re-purpose their Atari, Nintendo, Playstation and Xbox systems.
|
Dr. Tom Shinder's Configuring ISA Server 2004
This book provides you with unparalleled information on installing, configuring, and troubleshooting ISA Server 2004 by teaching you to:
- Deploy ISA Server 2004 in small businesses and large organizations
- Achieve 99.999% uptime for your ISA Server 2004 Internet access solution
- Roll out an International VPN using built-in ISA Server 2004 VPN Wizards and configuration interface
- Learn how to configure complex DMZ configurations using ISA Server 2004's new network awareness features and built-in multinetworking capabilities
- Learn how to take advantage of ISA Server 2004's new VPN capabilities!
|
Black Hat Physical Device Security: Exploiting Har
This book provides you a methodology to approach and detect similar types of vulnerabilities in individual security devices that plague the software industry. Bypassing key components in a security system can negate the presence of other subsystems. Our content supplies an applicable process of assessment that will never age. As long as hardware and software work together and data is sent over wires or airwaves the methods contained in this book will help detect flaws and information leakage in physical security devices. Not only do we supply a methodology and checklist for finding common exposures, our book also supplies real world scenarios and show how bypassing specific equipment can render a security system powerless.
|
Windows to Linux Migration Toolkit
Windows to Linux Migration Toolkit is a unique book that offers a complete solution for migrating from Windows to Linux. It provides migration process planning, automated migration scripts, anti-virus/anti-spam solutions, and specific migration and deployment details for all relevant technologies. The CD includes valuable automated scripts for migrating any flavor of Windows to Linux.
|
Microsoft Log Parser Toolkit
Do you want to find Brute Force Attacks against your Exchange Server? Would you like to know who is spamming you? Do you need to monitor the performance of your IIS Server? Are there intruders out there you would like to find? Would you like to build user logon reports from your Windows Server? Would you like working scripts to automate all of these tasks and many more for you? If so, "Microsoft Log Parser Toolkit" is the book for you.
|
Programmer's Ultimate Security DeskRef
The Programmer's Ultimate Security DeskRef is the only complete desk reference covering multiple languages and their inherent security issues. It will serve as the programming encyclopedia for almost every major language in use. While there are many books starting to address the broad subject of security best practices within the software development lifecycle, none has yet to address the overarching technical problems of incorrect function usage. Most books fail to draw the line from covering best practices security principles to actual code implementation. This book bridges that gap and covers the most popular programming languages such as Java, Perl, C++, C#, and Visual Basic.
|
Inside the Spam Cartel
Authored by a former spammer, this is a methodical, technically explicit expose of the inner workings of the SPAM economy. You will be shocked by the sophistication and sheer size of this underworld. "Inside the Spam Cartel" is a great read even if you have a casual interest in cyber-crime. In addition, it includes a level of technical detail that will clearly attract its core audience of technology junkies and security professionals.
|
Buffer Overflow Attacks: Detect, Exploit, Prevent
The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.
|
Configuring Netscreen Firewalls
Configuring NetScreen Firewalls is the first book to deliver an in-depth look at the NetScreen firewall product line. It covers all of the aspects of the NetScreen product line from the SOHO devices to the Enterprise NetScreen firewalls. Advanced troubleshooting techniques and the NetScreen Security Manager are also covered.
|
Hacking a Terror Network
Written by a certified Arabic linguist from the Defense Language Institute with extensive background in decoding encrypted communications, this cyber-thriller uses a fictional narrative to provide a fascinating and realistic "insider's look" into technically sophisticated covert terrorist communications over the Internet. The accompanying CD-ROM allows readers to "hack along" with the story line, by viewing the same Web sites described in the book containing encrypted, covert communications.
|
Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives
Have you ever wondered about that friend your spouse e-mails, or who they spend hours chatting online with? Are you curious about what your children are doing online, who they meet, and what they talk about? Do you worry about them finding drugs and other illegal items online, and wonder what they look at? This book shows you how to monitor and analyze your family's online behavior.
|
Intrusion Prevention and Active Response: Deploying Network and Host IPS
There are many books that exhaust the topic of Intrusion Detection, but there are few that cover with any depth the concept of Intrusion Prevention. This book serves as a reference for next generation IDS technology that provides active response and Intrusion Prevention functions both at the network and host level.
|
Deploying Citrix MetaFrame Presentation Server 3.0 with Windows Server 2003 Terminal Services
Whether you are a systems administrator managing the day to day aspects of a Server Based Computing environment or an Engineer, Architect or Consultant looking to build and implement Thin Client solutions, you will find this book a constant companion that will assist you in the design and implementation phases.
|
Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
In this ground breaking book, best-selling author James C. Foster provides never before seen detail on how the fundamental building blocks of software and operating systems are exploited by malicious hackers and provides working code and scripts in C/C++, Java, Perl and NASL to detect and defend against the most dangerous attacks.
The book is logically divided into the five, main categories representing the major skill sets required by security professionals and software developers: Coding, Sockets, Shellcode, Porting Applications, and Coding Security Tools. Topics covered include:
- Writing and automating exploits on windows systems with all new exploits.
- Perform Zero-Day exploit forensics through reverse engineering.
- Enhance nikto by up to 7000 percent with custom code.
- Step-by-step guides on porting public exploits to work on Windows, Linux, Unix, and even Mac!
- Custom, optimized shellcode that can exploit nearly any systems.
- Custom COM objects to wrap and automate exploit binaries and security tools such as netcat and hping.
- Never before seen Nmap-style IP input function included, detailed, and implemented.
|
Cisco PIX Firewalls
Cisco PIX Firewall is the world's most used network firewall, protecting internal networks from unwanted intrusions and attacks. Virtual Private Networks (VPNs) are the means by which authorized users are allowed through PIX Firewalls. Network engineers and security specialists must constantly balance the need for air-tight security (Firewalls) with the need for on-demand access (VPNs).
In this book, Umer Khan, author of the #1 best selling PIX Firewall book, provides a concise, to-the-point blueprint for fully integrating these two essential pieces of any enterprise network. It is fully current with the newest PIX Software Version 7 and is appropriate for the new CSPFA exam covering PIX Software Version 7.
|
Network+ Study Guide & Practice Exams
Over 750,000 IT professionals have prepared for exams using Syngress-authored study guides. The Network+ Study Guide & Practice Exams: Exam N10-003 is the new title from Syngress covering the revised Network+ exam, to be released in early 2005 and rendering all existing study guides obsolete. The Network+ Study Guide & Practice Exams: Exam N10-003 covers all the objectives on the CompTIA exam, including the features and functions of networking components, and ensuring that you have the knowledge and skills needed to install, configure and troubleshoot basic networking hardware, protocols and services.
|
Cisco Voice Over IP Security
After struggling for years, you finally think you've got your network secured from malicious hackers and obnoxious spammers. Just when you think it's safe to go back into the water, VoIP finally catches on. Now your newly converged network is vulnerable to DoS attacks, hacked gateways leading to unauthorized free calls, call eavesdropping, malicious call redirection, and spam over Internet Telephony (SPIT). This book details both VoIP attacks and defense techniques and tools.
|
InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
Do you spend hours coding on an application for the sheer joy and challenge? How about taking the time to analyze every piece of traffic that crosses your network, dissecting packets, and making sure nothing hidden is going on? If you want to refine these skills (and learn many new ones) to build an InfoSec career in a top corporation or government agency, this book is for you!
|
Host Integrity Monitoring Using Osiris and Samhain
Host Integrity Monitoring is the most effective way to determine if some form of malicious attack or threat has compromised your network security to modify the filesystem, system configuration, or runtime environment of monitored hosts. This book provides foundation information on host integrity monitoring as well as specific, detailed instruction on using best of breed products Osiris and Samhain. By the end of the book, you will not only understand the strengths and limitations of host integrity tools, but also understand how to effectively make use of them in order to integrate them into a security policy.
|
