| |
New Titles |
| |
 Perfect Passwords
User passwords are the keys to the network kingdom, yet most users choose overly simplistic passwords (like password) that anyone could guess, while system administrators demand impossible to remember passwords littered with obscure characters and random numerals. Author Mark Burnett has accumulated and analyzed over 1,000,000 user passwords, and in this highly entertaining and informative book filled with dozens of illustrations reveals his findings and balances the rigid needs of security professionals against the ease of use desired by users.
|
 Penetration Tester's Open Source Toolkit
This is the first fully integrated Penetration Testing book and bootable Linux CD containing the Auditor Security Collection which includes over 300 of the most effective and commonly used open source attack and penetration testing tools. This powerful tool kit and authoritative reference is written by the security industry's foremost penetration testers including HD Moore, Jay Beale, and SensePost. This unique package provides you with a completely portable and bootable Linux attack distribution and authoritative reference to the toolset included and the required methodology.
|
 Writing Security Tools and Exploits
Writing Security Tools and Exploits is the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book has over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book dives right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques are included in both the Local and Remote Code sections of the book.
|
| |
Upcoming Titles |
| |
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerabiity Research
(May)
This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.
|
Ethereal Network Protocol Analyzer Toolkit
(May)
Ethereal Network Protocol Analyzer Toolkit provides the reader with a completely integrated book and companion Web site to analyze network traffic using Ethereal, the world?s most popular network protocol analyzer on Windows, Unix, and Apple OS X. This book covers everything from the fundamentals of protocol analysis, to analyzing real world malicious code to programming advanced protocol dissectors. The companion Web site for the book offers dozens of working tools and scripts created for this book.
|
Syngress IT Security Project Management Handbook
(May)
The definitive work for IT professionals responsible for the management of the design, configuration, deployment and maintenance of enterprise wide security projects. Provides specialized coverage of key project areas including Penetration Testing, Intrusion Detection and Prevention Systems, and Access Control Systems.
|
Practical VoIP Security
(April)
After struggling for years, you finally think you?ve got your network secured from malicious hackers and obnoxious spammers. Just when you think it?s safe to go back into the water, VoIP finally catches on. Now your newly converged network is vulnerable to DoS attacks, hacked gateways leading to unauthorized free calls, call eavesdropping, malicious call redirection, and spam over Internet Telephony (SPIT). This book details both VoIP attacks and defense techniques and tools.
|
Video Conferencing over IP
(April)
Until recently, the reality of video conferencing didn't live up to the marketing hype. That's all changed. The network infrastructure and broadband capacity is now in place to deliver clear, real time video and voice feeds between multiple points of contacts, with market leaders such as Cisco and Microsoft continuing to invest heavily in development. In addition, newcomers Skype and Google are poised to launch services and products targeting this market. Video Conferencing over IP is the perfect guide to getting up and running with video teleconferencing for small to medium size enterprises.
|
Combating Spyware in the Enterprise
(April)
Combating Spyware in the Enterprise is the first book published on defending enterprise networks from increasingly sophisticated and malicious spyware. System administrators and security professionals responsible for administering and securing networks ranging in size from SOHO networks up the largest, enterprise networks will learn to use a combination of free and commercial anti-spyware software, firewalls, intrusion detection systems, intrusion prevention systems, and host integrity monitoring applications to prevent the installation of spyware, and to limit the damage caused by spyware that does in fact infiltrate their network.
|
Web Application Security
(April)
This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
|
How to Cheat at Configuring ISA Server 2004
(March)
If deploying and managing ISA Server 2004 is just one of a hundred responsibilities you have as a System Administrator, How to Cheat at Configuring ISA Server 2004 is the perfect book for you. Written by Microsoft MVP Dr. Tom Shinder, this is a concise, accurate, enterprise tested method for the successful deployment of ISA Server.
|
ISS X-Force: Next Generation Threat Analysis and Prevention
(March)
Over the last seven years, Internet Security Systems (ISS) elite X-Force has discovered more high-risk vulnerabilities than all other research groups and vendors combined, including the vulnerability that led to the recent, widespread Zotob worm. For the first time ever, follow the X-Force team as they analyze potential vulnerabilities and security solutions for cutting edge technologies and emerging attack methodologies.
|
RFID Security
(February)
Wal-Mart was the main force behind the widespread adoption of bar codes in the 80s; they now have started the conversion from bar codes to RFID tags and are requiring all suppliers to switch to RFID tags as well or lose their business. RFID will become a mainstream technology whether liked or not and anyone using barcode technology needs to have their RFID solution in place quickly. This book teaches readers about the security implications of RFID.
|
Scripting VMware Power Tools: Automating Virtual Infrastructure Administration
(February)
This book covers the native tools that VMware provides with ESX Server. It then discusses in detail the different scripting API's and how they can be leveraged to provide some very useful, practical and time saving tools to manage a virtual infrastructure. From virtual server provisioning to backups and everything in between, all will be covered in detail with real world examples that have been tested and will work either copied directly from the book or with slight modifications for the reader's specific environments. This tools book is a one stop shop for virtual.
|
Configuring SonicWALL Firewalls
(February)
|
Security Log Management
As a system administrator or security professionals, you probably find yourself inundated each day with a deluge of log files from seemingly countless devices, servers, and applications on your network ranging from Windows Server to Snort to your PIX firewall and everything in between. At times, the task of "seeing the forest through the trees" to extract useful, repeatable information from these logs may seem almost impossible. This unique book will show you how to use a combination of open source software such as Tcpdstats, and Snort perfmonitor to create succinct, meaningful reports that give you the big picture of your network's overall health and well being. So, if you need to analyze and prioritize everything from how much of your bandwidth is devoted to browsing ESPN.com, to the most targeted machines in your IDS logs, this is the book for you.
|
Nessus Network Auditing
Nessus is the premier Open Source vulnerability assessment tool, and was recently voted the "most popular" open source security tool of any kind. This is the first book available on Nessus and it is written by the world's premier Nessus developers led by the creator of Nessus, Renaud Deraison.
|
Game Console Hacking
Game Console Hacking is the first book on the market to show Video Game enthusiasts (self described hardware geeks) how to disassemble, reconfigure, customize and re-purpose their Atari, Nintendo, Playstation and Xbox systems.
|
Dr. Tom Shinder's Configuring ISA Server 2004, Second Edition
This book provides you with unparalleled information on installing, configuring, and troubleshooting ISA Server 2004 by teaching you to:
- Deploy ISA Server 2004 in small businesses and large organizations
- Achieve 99.999% uptime for your ISA Server 2004 Internet access solution
- Roll out an International VPN using built-in ISA Server 2004 VPN Wizards and configuration interface
- Learn how to configure complex DMZ configurations using ISA Server 2004's new network awareness features and built-in multinetworking capabilities
- Learn how to take advantage of ISA Server 2004's new VPN capabilities!
|
Black Hat Physical Device Security: Exploiting Har
This book provides you a methodology to approach and detect similar types of vulnerabilities in individual security devices that plague the software industry. Bypassing key components in a security system can negate the presence of other subsystems. Our content supplies an applicable process of assessment that will never age. As long as hardware and software work together and data is sent over wires or airwaves the methods contained in this book will help detect flaws and information leakage in physical security devices. Not only do we supply a methodology and checklist for finding common exposures, our book also supplies real world scenarios and show how bypassing specific equipment can render a security system powerless.
|
Microsoft Log Parser Toolkit
Do you want to find Brute Force Attacks against your Exchange Server? Would you like to know who is spamming you? Do you need to monitor the performance of your IIS Server? Are there intruders out there you would like to find? Would you like to build user logon reports from your Windows Server? Would you like working scripts to automate all of these tasks and many more for you? If so, "Microsoft Log Parser Toolkit" is the book for you.
|
Programmer's Ultimate Security DeskRef
The Programmer's Ultimate Security DeskRef is the only complete desk reference covering multiple languages and their inherent security issues. It will serve as the programming encyclopedia for almost every major language in use. While there are many books starting to address the broad subject of security best practices within the software development lifecycle, none has yet to address the overarching technical problems of incorrect function usage. Most books fail to draw the line from covering best practices security principles to actual code implementation. This book bridges that gap and covers the most popular programming languages such as Java, Perl, C++, C#, and Visual Basic.
|
Configuring Netscreen Firewalls
Configuring NetScreen Firewalls is the first book to deliver an in-depth look at the NetScreen firewall product line. It covers all of the aspects of the NetScreen product line from the SOHO devices to the Enterprise NetScreen firewalls. Advanced troubleshooting techniques and the NetScreen Security Manager are also covered.
|
Hacking a Terror Network
Written by a certified Arabic linguist from the Defense Language Institute with extensive background in decoding encrypted communications, this cyber-thriller uses a fictional narrative to provide a fascinating and realistic "insider's look" into technically sophisticated covert terrorist communications over the Internet. The accompanying CD-ROM allows readers to "hack along" with the story line, by viewing the same Web sites described in the book containing encrypted, covert communications.
|
Cyber Spying Tracking Your Family's (Sometimes) Secret Online Lives
Have you ever wondered about that friend your spouse e-mails, or who they spend hours chatting online with? Are you curious about what your children are doing online, who they meet, and what they talk about? Do you worry about them finding drugs and other illegal items online, and wonder what they look at? This book shows you how to monitor and analyze your family's online behavior.
|
Intrusion Prevention and Active Response: Deploying Network and Host IPS
There are many books that exhaust the topic of Intrusion Detection, but there are few that cover with any depth the concept of Intrusion Prevention. This book serves as a reference for next generation IDS technology that provides active response and Intrusion Prevention functions both at the network and host level.
|
Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
In this ground breaking book, best-selling author James C. Foster provides never before seen detail on how the fundamental building blocks of software and operating systems are exploited by malicious hackers and provides working code and scripts in C/C++, Java, Perl and NASL to detect and defend against the most dangerous attacks.
The book is logically divided into the five, main categories representing the major skill sets required by security professionals and software developers: Coding, Sockets, Shellcode, Porting Applications, and Coding Security Tools. Topics covered include:
- Writing and automating exploits on windows systems with all new exploits.
- Perform Zero-Day exploit forensics through reverse engineering.
- Enhance nikto by up to 7000 percent with custom code.
- Step-by-step guides on porting public exploits to work on Windows, Linux, Unix, and even Mac!
- Custom, optimized shellcode that can exploit nearly any systems.
- Custom COM objects to wrap and automate exploit binaries and security tools such as netcat and hping.
- Never before seen Nmap-style IP input function included, detailed, and implemented.
|
Cisco PIX Firewalls, Second Edition
Cisco PIX Firewall is the world's most used network firewall, protecting internal networks from unwanted intrusions and attacks. Virtual Private Networks (VPNs) are the means by which authorized users are allowed through PIX Firewalls. Network engineers and security specialists must constantly balance the need for air-tight security (Firewalls) with the need for on-demand access (VPNs).
In this book, Umer Khan, author of the #1 best selling PIX Firewall book, provides a concise, to-the-point blueprint for fully integrating these two essential pieces of any enterprise network. It is fully current with the newest PIX Software Version 7 and is appropriate for the new CSPFA exam covering PIX Software Version 7.
|
