vadim-kiev
Турист
Если у когото есть курсовик на тему
Информационная безопасность на предприятии, выложите пожалоста...
Информационная безопасность на предприятии, выложите пожалоста...
ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ
- Автор темы okun
- Дата начала
-
- Теги
- it security безопасность
J
ja_tak
Кто-нибудь нашел РУС перевод ISO 17799:2005???
Материалы информационного бюллетеня Для просмотра ссылки Войди или Зарегистрируйся, посвященные Для просмотра ссылки Войди или Зарегистрируйся.
Комрады 
нужна рыба по следующей теме: "Регламент реагирования на инциденты информационной безопасности" - то бишь несанкционированное подключение компа в сети с левым MAC (IP), противоречивые действия инсайдера ну и так далее.
Мол обнаружил, подбежал, пальцы отрубил и докладную написал
Уже неделю думаю и не знаю с чего подступиться - Если инфа секретна - хотя бы через ПМ.
нужна рыба по следующей теме: "Регламент реагирования на инциденты информационной безопасности" - то бишь несанкционированное подключение компа в сети с левым MAC (IP), противоречивые действия инсайдера ну и так далее. Мол обнаружил, подбежал, пальцы отрубил и докладную написал
Уже неделю думаю и не знаю с чего подступиться
- Если инфа секретна - хотя бы через ПМ.Bersarea, полистай книгу Защита от вторжений. Расследование компьютерных преступлений
Critical Incident Management
Alan B. Sterneckert
Auerbach Publications © 2004 (552 pages)
ISBN:084930010X
Формат: chm
Аннотация:
Most businesses are aware of the danger posed by malicious network intruders and other internal and external security threats. Unfortunately, in many cases the actions they have taken to secure people, information and infrastructure from outside attacks are inefficient or incomplete. Responding to security threats and incidents requires a competent mixture of risk management, security policies and procedures, security auditing, incident response, legal and law enforcement issues, and privacy.
Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.
CTOs, CFOs, Chief Legal Officers, and senior IT managers can rely on this book to develop plans that thwart critical security incidents. And if such incidents do occur, these executives will have a reference to help put the people and procedures in place to contain the damage and get back to business.
Для просмотра ссылки Войдиили Зарегистрируйся (2.56 Мб) pass: http://netz.ru
Для просмотра ссылки Войдиили Зарегистрируйся
Alan B. Sterneckert
Auerbach Publications © 2004 (552 pages)
ISBN:084930010X
Формат: chm
Аннотация:
Most businesses are aware of the danger posed by malicious network intruders and other internal and external security threats. Unfortunately, in many cases the actions they have taken to secure people, information and infrastructure from outside attacks are inefficient or incomplete. Responding to security threats and incidents requires a competent mixture of risk management, security policies and procedures, security auditing, incident response, legal and law enforcement issues, and privacy.
Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.
CTOs, CFOs, Chief Legal Officers, and senior IT managers can rely on this book to develop plans that thwart critical security incidents. And if such incidents do occur, these executives will have a reference to help put the people and procedures in place to contain the damage and get back to business.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
Hack I.T.: Security Through Penetration Testing
T. J. Klevinsky, Scott Laliberte, Ajay Gupta
First Edition February 01, 2002
ISBN: 0-201-71956-8, 544 pages
Формат: chm
Preface:
Why write a book about hacking? The question is really whether a book about the techniques and tools used to break into a network would be beneficial to the information security community. We, the authors, believe that penetration testing is a valuable and effective means of identifying security holes and weaknesses in a network and computing environment. Understanding how others will try to break into a network offers considerable insight into the common pitfalls and misconfigurations that make networks vulnerable. This insight is essential to creating a comprehensive network security structure.
Some may argue that providing this penetration-testing information gives script kiddies and hackers ammunition to better attack systems. However, script kiddies and hackers already have access to this information or have the time to find it—most of the material presented in this book is available from a variety of sources on the Internet. The problem is that the system and security administrators defending against attacks do not have the time or resources to research the sites necessary to compile this information. We decided to write this book to provide defenders with the information hackers already have. A hacker has to find only one hole to gain unauthorized access. The security group defending against the hackers needs to find all the holes to prevent unauthorized access.
There is no tried-and-true training that can make everyone a security expert, but there are some baseline principles, skills, and tools that must be mastered to become proficient in this field. Our goal is to provide you with those skills in a manner that helps you to understand the structure and tools used and to begin developing your own style of penetration testing.
The process described in this book is not the only way to perform a penetration test. We continue to evolve our own methodology to respond to new technologies and threats. This process has worked well for us in the past and continues to be a successful way to evaluate and test network security.
Для просмотра ссылки Войдиили Зарегистрируйся. (4,58 Мб) pass: http://netz.ru
Для просмотра ссылки Войдиили Зарегистрируйся
T. J. Klevinsky, Scott Laliberte, Ajay Gupta
First Edition February 01, 2002
ISBN: 0-201-71956-8, 544 pages
Формат: chm
Preface:
Why write a book about hacking? The question is really whether a book about the techniques and tools used to break into a network would be beneficial to the information security community. We, the authors, believe that penetration testing is a valuable and effective means of identifying security holes and weaknesses in a network and computing environment. Understanding how others will try to break into a network offers considerable insight into the common pitfalls and misconfigurations that make networks vulnerable. This insight is essential to creating a comprehensive network security structure.
Some may argue that providing this penetration-testing information gives script kiddies and hackers ammunition to better attack systems. However, script kiddies and hackers already have access to this information or have the time to find it—most of the material presented in this book is available from a variety of sources on the Internet. The problem is that the system and security administrators defending against attacks do not have the time or resources to research the sites necessary to compile this information. We decided to write this book to provide defenders with the information hackers already have. A hacker has to find only one hole to gain unauthorized access. The security group defending against the hackers needs to find all the holes to prevent unauthorized access.
There is no tried-and-true training that can make everyone a security expert, but there are some baseline principles, skills, and tools that must be mastered to become proficient in this field. Our goal is to provide you with those skills in a manner that helps you to understand the structure and tools used and to begin developing your own style of penetration testing.
The process described in this book is not the only way to perform a penetration test. We continue to evolve our own methodology to respond to new technologies and threats. This process has worked well for us in the past and continues to be a successful way to evaluate and test network security.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
Invasion of Privacy: Big Brother and the Company Hackers
Michael J. Weber
Premier Press © 2004 (275 pages)
ISBN:1592000436
Формат: chm
Introduction
I thought I knew something about technology when I started writing this. Perhaps I did, but over the course of my research the world changed, I changed, and technology changed perhaps more than anything else. One dollar invested in the NASDAQ when my research began was worth about 19 cents by the time I got around to writing about the Internet boom (and bust). When I began this investigation the greatest threat to technology was the Y2K bug. Now it's cyber-terrorism!
The list is a long one. Denial-of-service attacks (DDoS) and killer Internet worms like Nimda, Code Red, and MSBlast were virtually unheard of when I began my research. I'm not one hundred percent certain, but to the best of my knowledge the phrase "identity theft" did not yet exist.
While I researched this book, the tech boom fizzled, the Internet bubble burst, the NASDAQ collapsed, and Al Qaeda attacked America on September 11, 2001. In essence, this book is about the technological and legal ramifications of all that. What I fear most from the fallout has been dubbed "the death of privacy" by noted law professor and cyber-privacy expert A. Michael Froomkin. The institutions and corporations we trust most have begun hacking us, suggests Froomkin in his article entitled "The Death of Privacy?" published in the Stanford Law Review.
Big business and Big Brother are the biggest hackers of all! Technology has become a nasty business. You know what I'm talking about: pop-up ads, cookies, spyware, spam, junk faxes, junk mail, telemarketing calls. You're a target and your personal information is a commodity! It is systematically harvested by information brokers with vast databases that do nothing but spit out computer profiles 24 hours a day. A nice fat dossier all about you is available for under a hundred bucks at your friendly neighborhood information broker! Unfortunately, most people don't realize that.
Technology, advertising, the media, and government have converged to invade our privacy. This book exposes the dangers (Part I) and proposes a practical defense.
Для просмотра ссылки Войдиили Зарегистрируйся (9,96 Мб) pass: http://netz.ru
Для просмотра ссылки Войдиили Зарегистрируйся
Michael J. Weber
Premier Press © 2004 (275 pages)
ISBN:1592000436
Формат: chm
Introduction
I thought I knew something about technology when I started writing this. Perhaps I did, but over the course of my research the world changed, I changed, and technology changed perhaps more than anything else. One dollar invested in the NASDAQ when my research began was worth about 19 cents by the time I got around to writing about the Internet boom (and bust). When I began this investigation the greatest threat to technology was the Y2K bug. Now it's cyber-terrorism!
The list is a long one. Denial-of-service attacks (DDoS) and killer Internet worms like Nimda, Code Red, and MSBlast were virtually unheard of when I began my research. I'm not one hundred percent certain, but to the best of my knowledge the phrase "identity theft" did not yet exist.
While I researched this book, the tech boom fizzled, the Internet bubble burst, the NASDAQ collapsed, and Al Qaeda attacked America on September 11, 2001. In essence, this book is about the technological and legal ramifications of all that. What I fear most from the fallout has been dubbed "the death of privacy" by noted law professor and cyber-privacy expert A. Michael Froomkin. The institutions and corporations we trust most have begun hacking us, suggests Froomkin in his article entitled "The Death of Privacy?" published in the Stanford Law Review.
Big business and Big Brother are the biggest hackers of all! Technology has become a nasty business. You know what I'm talking about: pop-up ads, cookies, spyware, spam, junk faxes, junk mail, telemarketing calls. You're a target and your personal information is a commodity! It is systematically harvested by information brokers with vast databases that do nothing but spit out computer profiles 24 hours a day. A nice fat dossier all about you is available for under a hundred bucks at your friendly neighborhood information broker! Unfortunately, most people don't realize that.
Technology, advertising, the media, and government have converged to invade our privacy. This book exposes the dangers (Part I) and proposes a practical defense.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
Security and Usability
Lorrie Faith Cranor, Simson Garfinkel
Publisher: O'Reilly
Pub Date: August 2005
ISBN: 0-596-00827-9
Pages: 738
Format: chm
Overview
Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.
But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.
Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.
There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.
Security & Usability groups 34 essays into six parts:
* Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.
* Authentication Mechanisms-- techniques for identifying and authenticating computer users.
* Secure Systems--how system software can deliver or destroy a secure user experience.
* Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.
* Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g., IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
* The Classics--groundbreaking papers that sparked the field of security and usability.
This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.
Для просмотра ссылки Войдиили Зарегистрируйся (7,57 Мб) pass: http://netz.ru
Для просмотра ссылки Войдиили Зарегистрируйся
Lorrie Faith Cranor, Simson Garfinkel
Publisher: O'Reilly
Pub Date: August 2005
ISBN: 0-596-00827-9
Pages: 738
Format: chm
Overview
Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.
But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.
Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.
There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.
Security & Usability groups 34 essays into six parts:
* Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.
* Authentication Mechanisms-- techniques for identifying and authenticating computer users.
* Secure Systems--how system software can deliver or destroy a secure user experience.
* Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.
* Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g., IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
* The Classics--groundbreaking papers that sparked the field of security and usability.
This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
Security+ Fast Pass
James Michael Stewart
Publisher: Sybex, 2004
ISBN: 0782143598
Format: pdf
Introduction
The Security+ certification program was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of computer service technicians in basics of computer security. The Security+ certification is granted to those who have attained the level of knowledge and security skills that show a basic competency with security needs of both personal and corporate computing environments.
CompTIA's exam objectives are periodically updated to keep their exams applicable to the most recent developments. However, this isn't a regular occurrence since the foundational elements remain constant even as the higher-end technology advances. The Security+ objectives themselves haven't been altered since the exam came out in 2002.
What Is Security+ Certification?
The Security+ certification was created to offer an introductory step into the complex world of IT security. You only need to pass a single exam to become Security+ certified. However, obtaining this certification doesn't mean you can provide realistic security services to a company. In fact, this is just the first step toward true security knowledge and experience. By obtaining Security+ certification, you should be able to acquire more security experience in order to pursue more complex and in-depth security knowledge and certification.
For the latest pricing on the exam and updates to the registration procedures, call Pro-metric at (866) 776-6387 or (800) 776-4276. You can also goto either Для просмотра ссылки Войдиили Зарегистрируйся or Для просмотра ссылки Войди или Зарегистрируйся for additional information or to register online. If you have further questions about the scope of the exams or related CompTIA programs, refer to the CompTIA website atwww.comptia.org.
Is This Book for You?
Security+ Past Pass is designed to be a succinct, portable exam review guide that can be used either in conjunction with a more complete study program (Sybex's Security+ Study Guide, 2nd Edition (Sybex, 2004), CBT courseware, classroom/lab environment) or as an exam review for those who don't feel the need for more extensive test preparation. It isn't our goal to give away the answers, but rather to identify those topics on which you can expect to be tested and to provide sufficient coverage of these topics.
Perhaps you've been working with information technologies for years. The thought of paying lots of money for a specialized IT exam-preparation course probably doesn't sound appealing. What can they teach you that you don't already know, right? Be careful, though—many experienced network administrators have walked confidently into the test center only to walk sheepishly out of it after failing an IT exam. After you've finished reading this book, you should have a clear idea of how your understanding of the technologies involved matches up with the expectations of the Security+ test makers.
Or perhaps you're relatively new to the world of IT, drawn to it by the promise of challenging work and higher salaries. You've just waded through an 800-page study guide or taken a class at a local training center. Lots of information to keep track of, isn't it? Well, by organizing the Past Pass book according to CompTIA's exam objectives, and by breaking up the information into concise, manageable pieces, we've created what we think is the handiest exam review guide available. Throw it in your briefcase and carry it to work with you. As you read the book, you'll be able to quickly identify those areas you know best and those that require a more in-depth review.
Для просмотра ссылки Войдиили Зарегистрируйся (3,64 Мб)
Для просмотра ссылки Войдиили Зарегистрируйся
James Michael Stewart
Publisher: Sybex, 2004
ISBN: 0782143598
Format: pdf
Introduction
The Security+ certification program was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of computer service technicians in basics of computer security. The Security+ certification is granted to those who have attained the level of knowledge and security skills that show a basic competency with security needs of both personal and corporate computing environments.
CompTIA's exam objectives are periodically updated to keep their exams applicable to the most recent developments. However, this isn't a regular occurrence since the foundational elements remain constant even as the higher-end technology advances. The Security+ objectives themselves haven't been altered since the exam came out in 2002.
What Is Security+ Certification?
The Security+ certification was created to offer an introductory step into the complex world of IT security. You only need to pass a single exam to become Security+ certified. However, obtaining this certification doesn't mean you can provide realistic security services to a company. In fact, this is just the first step toward true security knowledge and experience. By obtaining Security+ certification, you should be able to acquire more security experience in order to pursue more complex and in-depth security knowledge and certification.
For the latest pricing on the exam and updates to the registration procedures, call Pro-metric at (866) 776-6387 or (800) 776-4276. You can also goto either Для просмотра ссылки Войди
Is This Book for You?
Security+ Past Pass is designed to be a succinct, portable exam review guide that can be used either in conjunction with a more complete study program (Sybex's Security+ Study Guide, 2nd Edition (Sybex, 2004), CBT courseware, classroom/lab environment) or as an exam review for those who don't feel the need for more extensive test preparation. It isn't our goal to give away the answers, but rather to identify those topics on which you can expect to be tested and to provide sufficient coverage of these topics.
Perhaps you've been working with information technologies for years. The thought of paying lots of money for a specialized IT exam-preparation course probably doesn't sound appealing. What can they teach you that you don't already know, right? Be careful, though—many experienced network administrators have walked confidently into the test center only to walk sheepishly out of it after failing an IT exam. After you've finished reading this book, you should have a clear idea of how your understanding of the technologies involved matches up with the expectations of the Security+ test makers.
Or perhaps you're relatively new to the world of IT, drawn to it by the promise of challenging work and higher salaries. You've just waded through an 800-page study guide or taken a class at a local training center. Lots of information to keep track of, isn't it? Well, by organizing the Past Pass book according to CompTIA's exam objectives, and by breaking up the information into concise, manageable pieces, we've created what we think is the handiest exam review guide available. Throw it in your briefcase and carry it to work with you. As you read the book, you'll be able to quickly identify those areas you know best and those that require a more in-depth review.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
Последнее редактирование модератором:
Security + Exam Guide (Testtaker's Guide Series)
Christopher A. Crayton
Charles River Media © 2003
416 pages
ISBN:1584502517
Format: chm
Back Cover
The Security+ Exam Guide provides exam candidates with the concepts, objectives, and test-taking skills needed to pass on their first attempt. Instead of covering every computer security topic, this book isolates those topics most likely to be addressed on the exam. Written by an experienced network administrator and CompTIA certified instructor, the book draws upon subject expertise and teaching experience to provide everything test takers need to know for successful test taking.
KEY FEATURES
About the Author
Christopher A. Crayton is the author of A+ Adaptive Exams (Test Taker’s Guide Series). He is also a CompTIA certified instructor, and was recognized as “Teacher of the Year” by Keiser College in 2000.
Для просмотра ссылки Войдиили Зарегистрируйся (1,38 Мб)
Для просмотра ссылки Войдиили Зарегистрируйся
Christopher A. Crayton
Charles River Media © 2003
416 pages
ISBN:1584502517
Format: chm
Back Cover
The Security+ Exam Guide provides exam candidates with the concepts, objectives, and test-taking skills needed to pass on their first attempt. Instead of covering every computer security topic, this book isolates those topics most likely to be addressed on the exam. Written by an experienced network administrator and CompTIA certified instructor, the book draws upon subject expertise and teaching experience to provide everything test takers need to know for successful test taking.
KEY FEATURES
- Covers all domains and objectives for Security+, CompTIA’s newest certification exam
- Provides chapter review questions and a complete cumulative practice exam
- Guides the reader through the entire Security+ certification process from start to finish
- Explains the test structure in detail, with useful exam and study techniques
- Teaches the process of scheduling an exam and what to expect when you get to the test site
- Written by an experienced network administrator and CompTIA certified instructor with an established record of teaching success
About the Author
Christopher A. Crayton is the author of A+ Adaptive Exams (Test Taker’s Guide Series). He is also a CompTIA certified instructor, and was recognized as “Teacher of the Year” by Keiser College in 2000.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
Последнее редактирование модератором:
Windows Forensics and Incident Recovery
Harlan Carvey
Publisher : Addison Wesley
Pub Date : July 21, 2004
ISBN : 0-321-20098-5
Pages : 480
Format: chm
Preface
As long as networks of Microsoft Windows systems are managed, administered, and used by people, security incidents will occur. Regardless of whether we're talking about hundreds of corporate Windows workstations and servers or home user systems running Windows XP on broadband connections to the Internet, Windows systems will be attacked, compromised, and used for malicious purposes. This is not to say that only Windows systems will be attacked; rather, Windows systems are highly pervasive throughout the entire computing infrastructure, from home and school systems to high-end e-commerce sites. In contrast to this pervasiveness, information regarding conducting effective incident response and forensic audit activities on Windows systems is limited, to say the least. Attacks may come from insiders who have legitimate physical access to systems and are authorized to use them or from faceless individuals hiding in the shapeless ether of the Internet. Knowing this, anyone who manages or administers Windows systems (including the home user) needs to know how to react when he suspects that an incident has occurred.
When it comes to investigating and resolving computer security incidents, Windows systems lag well behind Linux and *nix systems. This gap can be attributed to a variety of reasons. One reason is a lack of detailed technical knowledge regarding Windows systems themselves on the part of administrators. This lack of understanding may be due at least in part to Microsoft's use of graphical user interfaces (GUIs) to control everything from the installation process to all aspects of system administration. Attackers and malicious users take steps to ensure that their activities remain hidden from view, particularly from the system's GUI tools such as the Event Viewer and the Task Manager. For example, enabling an audit policy requires that the system administrator navigate through multiple layers of the GUI, while an attacker can easily disable (and then reenable, if necessary) that audit policy with a single command line tool (which, incidentally, is provided for free from Microsoft).
Other reasons for the "incident response gap" include a lack of understanding regarding how to use available native and third-party tools to retrieve data and how to interpret the data that is collected from potentially infected or compromised systems. Many useful and powerful tools that mirror the functionality used on Linux systems are not available through either the Microsoft operating system distributions or the Resource Kits. Sites that make these tools available are scattered across the Internet, with no central location cataloguing them. This book was written to aid anyone investigating incidents that occur on Windows systems by providing information regarding the tools and techniques used to respond to incidents and conduct forensic audits.
This book arose out of a need that I, and I am sure others, have seen in the Microsoft Windows system administration community. Microsoft's network operating systems, beginning with Windows NT, are designed to be easy to use and manage. These systems come with some very powerful tools. As useful as these tools are to the administrator, they are also very useful to an attacker or to a malicious user. Most system administrators and owners spend their time dealing with Windows operating systems through the GUI, and in doing so, miss many of the important aspects of the operating system that go on "under the hood." For example, the Task Manager does not show the complete path to the executable image for each process, nor does it display the command line used to launch each process. This information is available using third-party tools, which most folks who work with Windows systems may not be familiar with. Therefore, it may be relatively simple to hide an errant process, such as a network backdoor, by renaming the file "svchost.exe" or something similarly innocuous.
Several years ago, I developed a hands-on course for teaching system administrators how to respond to security incidents on Windows 2000 systems. While teaching the course to system administrators at various organizations, I saw the same things that I saw on listservs and on forums on the Internet. During the first break on the first day of the course, I would go around the room and "infect" all of the systems with a "Trojan." This "Trojan" was netcat, renamed to "inetinfo.exe," listening on port 80. When the attendees returned to the room, I'd tell them that I "infected" their systems and challenged them to find it. The purpose of this exercise was not to find out who could find the "Trojan" first but to look at the steps that the attendees would go through in their incident response activities, to look at their "methodology." Invariably, every attendee would examine the contents of the Event Log, comb through the Task Manager, and maybe run netstat –an from a command prompt. All of the systems were connected to the Internet, and the only instructions I would give to the class was that they could not use any of the tools from the course CD that I'd put together. As the course progressed through the rest of the two days, the attendees became familiar with the tools and techniques they could use to retrieve valuable data about a system, as well as how to interpret that data.
I've assembled a good deal of unique content for this book, information that I've developed because I haven't been able to locate it any place else and therefore had to do my own research. For example, when I first began researching NTFS alternate data streams, there wasn't much information available. Over time, research has revealed additional information, which is included in this book. I've included tools that I've developed (written in Perl) and information, results, and insights from my own research. This book also includes information from a variety of sources put together in a single location so that it can be easily referenced.
Unlike other books about incident response, this book is specific to Windows systems. Other books on the subject will present a great deal of information regarding Linux and Unix systems, and in some cases, leave it up to the reader to extrapolate the information to Windows. All of the tools and techniques presented in this book are specific to Windows (NT, 2000, XP, and 2003) systems.
The book is organized so that the reader progresses through an understanding of incidents, what they are and how they can (and do) occur. From there, the reader is guided through developing an understanding of what is required to prevent incidents and how to prepare for them, and then where to look for data and how to analyze that data, should an incident occur. Data hiding and tools used in incident response and live forensic audits are covered at great length, and all of the information presented is specific to Windows operating systems, file systems (i.e., NTFS), and applications (i.e., MS Word, etc.). This information is presented in a progression, each chapter taking the content of the previous chapter further. However, each chapter can also stand on its own, as a reference that the reader can return to time and time again.
The main premise of this book is really very simple. When incidents occur, an entire spectrum of incident response activities can be performed. The lower end of the spectrum involves...well...nothing. No activity. Basically, the incident goes completely unrecognized or is simply ignored. The opposite end of the spectrum consists of those activities that purists think of when they hear the word "forensics": the system is shut down in a forensically sound manner and a bit-level image of the drive is made. All investigative activities are then conducted against that copy. This is usually accompanied by law enforcement involvement and may even lead to prosecution. However, many organizations do not wish to involve law enforcement when an incident occurs and generally conduct non-litigious investigations because they just want to get systems back online and in use. In other cases, potentially compromised systems may be part of an e-commerce infrastructure, in which downtime is measured in hundreds of dollars per minute. In such cases, an investigation will occur, but it will not involve law enforcement or legal prosecution, as the goal is determining what, if anything, happened. These steps may be required to gather information and facts in order to justify further action, such as taking the system down.
In addition, a great deal of extremely valuable information regarding the state of the system is lost when the system is shut down. This information is referred to as "volatile" information, and it includes such things as process information, network connections, clipboard contents, etc. This information can be retrieved, parsed, and analyzed in order to determine first whether an incident has even occurred, and then the extent of the incident. In some cases, enough information may have been collected to show that the incident is manageable, and the system does not have to be taken out of service to be "cleaned." More importantly, the investigator will want to understand how the system was infected or compromised so that shortfalls in security policies can be rectified and other systems protected.
The Perl programming language is used to programmatically demonstrate many of the concepts addressed throughout the book. The underlying premise of the book is to get the reader "under the hood" within the Windows system, that is, to show the reader how to move beyond the simple GUI tools provided with the operating system in order to collect information about the state of the system. Many third-party tools are discussed, and several Perl scripts are provided in order to support this premise. Perl scripts are also used in this book to provide for customization and automation. By customization, we mean that Perl is used to correlate and "massage" the output of various third-party tools in order to present a more complete picture of the data. By automation, we mean that Perl is used in this book to implement a methodology so that the investigator does not have to perform the steps by hand, thereby avoiding mistakes and making the overall process more efficient.
This book guides the reader through information, tools, and techniques that are required to conduct incident response and live forensic audit activities. By providing the necessary background for understanding how incidents occur and how data can be hidden on compromised systems, the reader will have a better understanding of the "why's" and "how's" of incident response and forensic audit activities.
Для просмотра ссылки Войдиили Зарегистрируйся (7,17 Мб) pass: http://netz.ru
Для просмотра ссылки Войдиили Зарегистрируйся
Harlan Carvey
Publisher : Addison Wesley
Pub Date : July 21, 2004
ISBN : 0-321-20098-5
Pages : 480
Format: chm
Preface
As long as networks of Microsoft Windows systems are managed, administered, and used by people, security incidents will occur. Regardless of whether we're talking about hundreds of corporate Windows workstations and servers or home user systems running Windows XP on broadband connections to the Internet, Windows systems will be attacked, compromised, and used for malicious purposes. This is not to say that only Windows systems will be attacked; rather, Windows systems are highly pervasive throughout the entire computing infrastructure, from home and school systems to high-end e-commerce sites. In contrast to this pervasiveness, information regarding conducting effective incident response and forensic audit activities on Windows systems is limited, to say the least. Attacks may come from insiders who have legitimate physical access to systems and are authorized to use them or from faceless individuals hiding in the shapeless ether of the Internet. Knowing this, anyone who manages or administers Windows systems (including the home user) needs to know how to react when he suspects that an incident has occurred.
When it comes to investigating and resolving computer security incidents, Windows systems lag well behind Linux and *nix systems. This gap can be attributed to a variety of reasons. One reason is a lack of detailed technical knowledge regarding Windows systems themselves on the part of administrators. This lack of understanding may be due at least in part to Microsoft's use of graphical user interfaces (GUIs) to control everything from the installation process to all aspects of system administration. Attackers and malicious users take steps to ensure that their activities remain hidden from view, particularly from the system's GUI tools such as the Event Viewer and the Task Manager. For example, enabling an audit policy requires that the system administrator navigate through multiple layers of the GUI, while an attacker can easily disable (and then reenable, if necessary) that audit policy with a single command line tool (which, incidentally, is provided for free from Microsoft).
Other reasons for the "incident response gap" include a lack of understanding regarding how to use available native and third-party tools to retrieve data and how to interpret the data that is collected from potentially infected or compromised systems. Many useful and powerful tools that mirror the functionality used on Linux systems are not available through either the Microsoft operating system distributions or the Resource Kits. Sites that make these tools available are scattered across the Internet, with no central location cataloguing them. This book was written to aid anyone investigating incidents that occur on Windows systems by providing information regarding the tools and techniques used to respond to incidents and conduct forensic audits.
This book arose out of a need that I, and I am sure others, have seen in the Microsoft Windows system administration community. Microsoft's network operating systems, beginning with Windows NT, are designed to be easy to use and manage. These systems come with some very powerful tools. As useful as these tools are to the administrator, they are also very useful to an attacker or to a malicious user. Most system administrators and owners spend their time dealing with Windows operating systems through the GUI, and in doing so, miss many of the important aspects of the operating system that go on "under the hood." For example, the Task Manager does not show the complete path to the executable image for each process, nor does it display the command line used to launch each process. This information is available using third-party tools, which most folks who work with Windows systems may not be familiar with. Therefore, it may be relatively simple to hide an errant process, such as a network backdoor, by renaming the file "svchost.exe" or something similarly innocuous.
Several years ago, I developed a hands-on course for teaching system administrators how to respond to security incidents on Windows 2000 systems. While teaching the course to system administrators at various organizations, I saw the same things that I saw on listservs and on forums on the Internet. During the first break on the first day of the course, I would go around the room and "infect" all of the systems with a "Trojan." This "Trojan" was netcat, renamed to "inetinfo.exe," listening on port 80. When the attendees returned to the room, I'd tell them that I "infected" their systems and challenged them to find it. The purpose of this exercise was not to find out who could find the "Trojan" first but to look at the steps that the attendees would go through in their incident response activities, to look at their "methodology." Invariably, every attendee would examine the contents of the Event Log, comb through the Task Manager, and maybe run netstat –an from a command prompt. All of the systems were connected to the Internet, and the only instructions I would give to the class was that they could not use any of the tools from the course CD that I'd put together. As the course progressed through the rest of the two days, the attendees became familiar with the tools and techniques they could use to retrieve valuable data about a system, as well as how to interpret that data.
I've assembled a good deal of unique content for this book, information that I've developed because I haven't been able to locate it any place else and therefore had to do my own research. For example, when I first began researching NTFS alternate data streams, there wasn't much information available. Over time, research has revealed additional information, which is included in this book. I've included tools that I've developed (written in Perl) and information, results, and insights from my own research. This book also includes information from a variety of sources put together in a single location so that it can be easily referenced.
Unlike other books about incident response, this book is specific to Windows systems. Other books on the subject will present a great deal of information regarding Linux and Unix systems, and in some cases, leave it up to the reader to extrapolate the information to Windows. All of the tools and techniques presented in this book are specific to Windows (NT, 2000, XP, and 2003) systems.
The book is organized so that the reader progresses through an understanding of incidents, what they are and how they can (and do) occur. From there, the reader is guided through developing an understanding of what is required to prevent incidents and how to prepare for them, and then where to look for data and how to analyze that data, should an incident occur. Data hiding and tools used in incident response and live forensic audits are covered at great length, and all of the information presented is specific to Windows operating systems, file systems (i.e., NTFS), and applications (i.e., MS Word, etc.). This information is presented in a progression, each chapter taking the content of the previous chapter further. However, each chapter can also stand on its own, as a reference that the reader can return to time and time again.
The main premise of this book is really very simple. When incidents occur, an entire spectrum of incident response activities can be performed. The lower end of the spectrum involves...well...nothing. No activity. Basically, the incident goes completely unrecognized or is simply ignored. The opposite end of the spectrum consists of those activities that purists think of when they hear the word "forensics": the system is shut down in a forensically sound manner and a bit-level image of the drive is made. All investigative activities are then conducted against that copy. This is usually accompanied by law enforcement involvement and may even lead to prosecution. However, many organizations do not wish to involve law enforcement when an incident occurs and generally conduct non-litigious investigations because they just want to get systems back online and in use. In other cases, potentially compromised systems may be part of an e-commerce infrastructure, in which downtime is measured in hundreds of dollars per minute. In such cases, an investigation will occur, but it will not involve law enforcement or legal prosecution, as the goal is determining what, if anything, happened. These steps may be required to gather information and facts in order to justify further action, such as taking the system down.
In addition, a great deal of extremely valuable information regarding the state of the system is lost when the system is shut down. This information is referred to as "volatile" information, and it includes such things as process information, network connections, clipboard contents, etc. This information can be retrieved, parsed, and analyzed in order to determine first whether an incident has even occurred, and then the extent of the incident. In some cases, enough information may have been collected to show that the incident is manageable, and the system does not have to be taken out of service to be "cleaned." More importantly, the investigator will want to understand how the system was infected or compromised so that shortfalls in security policies can be rectified and other systems protected.
The Perl programming language is used to programmatically demonstrate many of the concepts addressed throughout the book. The underlying premise of the book is to get the reader "under the hood" within the Windows system, that is, to show the reader how to move beyond the simple GUI tools provided with the operating system in order to collect information about the state of the system. Many third-party tools are discussed, and several Perl scripts are provided in order to support this premise. Perl scripts are also used in this book to provide for customization and automation. By customization, we mean that Perl is used to correlate and "massage" the output of various third-party tools in order to present a more complete picture of the data. By automation, we mean that Perl is used in this book to implement a methodology so that the investigator does not have to perform the steps by hand, thereby avoiding mistakes and making the overall process more efficient.
This book guides the reader through information, tools, and techniques that are required to conduct incident response and live forensic audit activities. By providing the necessary background for understanding how incidents occur and how data can be hidden on compromised systems, the reader will have a better understanding of the "why's" and "how's" of incident response and forensic audit activities.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
Security Warrior
Cyrus Peikari, Anton Chuvakin
Publisher : O'Reilly
Pub Date : January 2004
ISBN : 0-596-00545-8
Pages : 552
Format: chm
Overview
When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.
What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.
Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.
Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.
This book offers unique methods for honing your information security (infosec) technique.
Для просмотра ссылки Войдиили Зарегистрируйся (4,5 Мб) pass: http://netz.ru
Для просмотра ссылки Войдиили Зарегистрируйся
Cyrus Peikari, Anton Chuvakin
Publisher : O'Reilly
Pub Date : January 2004
ISBN : 0-596-00545-8
Pages : 552
Format: chm
Overview
When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.
What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.
Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.
Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.
This book offers unique methods for honing your information security (infosec) technique.
Для просмотра ссылки Войди
Для просмотра ссылки Войди
