%{search_type} search results

The Security Consultant's Handbook sets out a holistic overview of the essential core knowledge, emerging opportunities and approaches to corporate thinking that are increasingly demanded by employers and buyers in the security market.

• Introduction xiii
• Chapter 1 Introducing Wireshark 1 What Is Wireshark? 2 A Best Time to Use Wireshark? 2 Avoiding Being Overwhelmed 3 The Wireshark User Interface 3 Packet List Pane 5 Packet Details Pane 6 Packet Bytes Pane 8 Filters 9 Capture Filters 9 Display Filters 13 Summary 17 Exercises 18
• Chapter 2 Setting Up the Lab 19 Kali Linux 20 Virtualization 22 Basic Terminology and Concepts 23 Benefi ts of Virtualization 23 VirtualBox 24 Installing VirtualBox 24 Installing the VirtualBox Extension Pack 31 Creating a Kali Linux Virtual Machine 33 Installing Kali Linux 40 The W4SP Lab 46 Requirements 46 A Few Words about Docker 47 What Is GitHub? 48 Creating the Lab User 49 Installing the W4SP Lab on the Kali Virtual Machine 50 Setting Up the W4SP Lab 53 The Lab Network 54 Summary 55 Exercises 56
• Chapter 3 The Fundamentals 57 Networking 58 OSI Layers 58 Networking between Virtual Machines 61 Security 63 The Security Triad 63 Intrusion Detection and Prevention Systems 63 False Positives and False Negatives 64 Malware 64 Spoofi ng and Poisoning 66 Packet and Protocol Analysis 66 A Protocol Analysis Story 67 Ports and Protocols 71 Summary 73 Exercises 74
• Chapter 4 Capturing Packets 75 Sniffi ng 76 Promiscuous Mode 76 Starting the First Capture 78 TShark 82 Dealing with the Network 86 Local Machine 87 Sniffi ng Localhost 88 Sniffi ng on Virtual Machine Interfaces 92 Sniffi ng with Hubs 96 SPAN Ports 98 Network Taps 101 Transparent Linux Bridges 103 Wireless Networks 105 Loading and Saving Capture Files 108 File Formats 108 Ring Buffers and Multiple Files 111 Recent Capture Files 116 Dissectors 118 W4SP Lab: Managing Nonstandard HTTP Traffi c 118 Filtering SMB Filenames 120 Packet Colorization 123 Viewing Someone Else s Captures 126 Summary 127 Exercises 128
• Chapter 5 Diagnosing Attacks 129 Attack Type: Man-in-the-Middle 130 Why MitM Attacks Are Effective 130 How MitM Attacks Get Done: ARP 131 W4SP Lab: Performing an ARP MitM Attack 133 W4SP Lab: Performing a DNS MitM Attack 141 How to Prevent MitM Attacks 147 Attack Type: Denial of Service 148 Why DoS Attacks Are Effective 149 How DoS Attacks Get Done 150 How to Prevent DoS Attacks 155 Attack Type: Advanced Persistent Threat 156 Why APT Attacks Are Effective 156 How APT Attacks Get Done 157 Example APT Traffi c in Wireshark 157 How to Prevent APT Attacks 161 Summary 162 Exercises 162
• Chapter 6 Off ensive Wireshark 163 Attack Methodology 163 Reconnaissance Using Wireshark 165 Evading IPS/IDS 168 Session Splicing and Fragmentation 168 Playing to the Host, Not the IDS 169 Covering Tracks and Placing Backdoors 169 Exploitation 170 Setting Up the W4SP Lab with Metasploitable 171 Launching Metasploit Console 171 VSFTP Exploit 172 Debugging with Wireshark 173 Shell in Wireshark 175 TCP Stream Showing a Bind Shell 176 TCP Stream Showing a Reverse Shell 183 Starting ELK 188 Remote Capture over SSH 190 Summary 191 Exercises 192
• Chapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193 Decrypting SSL/TLS 193 Decrypting SSL/TLS Using Private Keys 195 Decrypting SSL/TLS Using Session Keys 199 USB and Wireshark 202 Capturing USB Traffi c on Linux 203 Capturing USB Traffi c on Windows 206 TShark Keylogger 208 Graphing the Network 212 Lua with Graphviz Library 213 Summary 218 Exercises 219
• Chapter 8 Scripting with Lua 221 Why Lua? 222 Scripting Basics 223 Variables 225 Functions and Blocks 226 Loops 228 Conditionals 230 Setup 230 Checking for Lua Support 231 Lua Initialization 232 Windows Setup 233 Linux Setup 233 Tools 234 Hello World with TShark 236 Counting Packets Script 237 ARP Cache Script 241 Creating Dissectors for Wireshark 244 Dissector Types 245 Why a Dissector Is Needed 245 Experiment 253 Extending Wireshark 255 Packet Direction Script 255 Marking Suspicious Script 257 Snooping SMB File Transfers 260 Summary 262 Index 265.
• (source: Nielsen Book Data)

Master Wireshark to solve real-world security problems If you don t already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment. Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples. Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material. Lastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wireshark s features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The book s final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark. By the end of the book you will gain the following: * Master the basics of Wireshark * Explore the virtual w4sp-lab environment that mimics a real-world network * Gain experience using the Debian-based Kali OS among other systems * Understand the technical details behind network attacks * Execute exploitation and grasp offensive and defensive activities, exploring them through Wireshark * Employ Lua to extend Wireshark features and create useful scripts To sum up, the book content, labs and online material, coupled with many referenced sources of PCAP traces, together present a dynamic and robust manual for information security professionals seeking to leverage Wireshark.
(source: Nielsen Book Data)

• Classification and Discovery of Firewalls Policy Anomalies.- Modeling and Verification of Firewall and IPSec Policies using Binary Decision Diagrams.- Specification and Refinement of a Conflict-Free Distributed Firewall Configuration Language.- Design and Configuration of Firewall Architecture Under Risk, Usability and Cost Constraints.- Dynamic Firewall Configuration Optimization.
• (source: Nielsen Book Data)

This book provides a comprehensive and in-depth study of automated firewall policy analysis for designing, configuring and managing distributed firewalls in large-scale enterpriser networks. It presents methodologies, techniques and tools for researchers as well as professionals to understand the challenges and improve the state-of-the-art of managing firewalls systematically in both research and application domains. Chapters explore set-theory, managing firewall configuration globally and consistently, access control list with encryption, and authentication such as IPSec policies. The author also reveals a high-level service-oriented firewall configuration language (called FLIP) and a methodology and framework for designing optimal distributed firewall architecture. The chapters illustrate the concepts, algorithms, implementations and case studies for each technique. Automated Firewall Analytics: Design, Configuration and Optimization is appropriate for researchers and professionals working with firewalls. Advanced-level students in computer science will find this material suitable as a secondary textbook or reference.
(source: Nielsen Book Data)

• Front Cover; Security Operations Center Guidebook; Copyright Page; Dedication; Contents; Introduction; A Rocky Start; I. Developing Your Security Operations Center; 1 What is a Security Operations Center?; Third Party; Hybrid; Dedicated; Historical Lessons; 2 Needs Assessment; Risk Assessment; Types of Companies; A Single Suite in a Larger Office Complex That Operates Primarily During Business Hours; A Single Location Dedicated to Only Your Company, with no Other Tenants; A Single Campus with Multiple Buildings; Multiple Locations Located in the Same Metro Area

• Multiple Locations Spread across a Single Country and Multiple Locations Spread across Several CountriesAdditional Considerations; Historical Lessons; Vulnerable Adults; Modest Beginnings; 3 Business Case; Example; Historical Lessons; First Attempt; A Unique Approach; 4 Building Your SOC; Workstations; Historical Lessons; 5 Staffing Options; Training; Career Progression; Retention; Historical Lessons; II. Operations; 6 Responsibilities and Duties; Introduction; Welcome to the SOC-You Have an Important Role; Mission Statement; SCO Job Description; Sample SCO Job Description; Position Summary

• Duties and ResponsibilitiesQualifications; Physical Demands/Environmental Conditions; Hiring and Interviewing Your SCO Candidate; Sample Interview Questions for a SCO; Staffing and Schedule; Sample Three-Week Rotation; Supervisory Authority; Staff Responsibility; Historical Lessons; 7 Post Orders and Procedures; Introduction; Setting Up Your Post Orders; Create a Shared Email Address for Security Inquiries and Requests; Performance of Duties; Example Post Order Table of Contents Setup and Their Purpose; Chapter One-Introduction; Chapter Two-Duties; Chapter Three-Call Center Procedures

• Chapter Four-Emergency ProceduresChapter Five-Standards and Policies; Chapter Six-Equipment Procedures; Chapter Seven-Post Order Changes and Updates; Chapter Eight-Appendices; Site Procedures; Section One-Site Info; Section Two-Intrusion Alarm Response; Section Three-Fire Alarm Response; Section Four-Mechanical Alarms; Section Five-Contact Lists; Section Six-Special Instructions; Historical Lessons; 8 Training Programs; Introduction; Getting Started; New Hire Training Schedule; Individual Training Checklist; Monthly, Quarterly, and Annual Training; Historical Lessons

• 9 Enterprise Access ControlIntroduction; Setting Up Your Physical Access Control System; Operator Permissions; Card Access Programming and Control; Setting up and Controlling Your Restricted Areas Access; Creating a Restricted Area; Access Approvals, Denials, and Removals; Access Control Matrix; Site Access Control; Follow These Steps; System Status Checks; Troubleshooting; Historical Lessons; 10 Alarm Monitoring; Introduction; Physical Access Control System (PACS) or Intrusion Detection System (IDS) Alarms; Alarm Instructions; Receiving Alarms

• Front Matter
• Network Security Overview
• Data Encryption Algorithms
• Public-Key Cryptography and Key Management
• Data Authentication
• Network Security Protocols in Practice
• Wireless Network Security
• Cloud Security
• Network Perimeter Security
• Intrusion Detections
• The Art of Anti-Malicious Software
• 7-bit ASCII code
• SHA-512 Constants (in Hexadecimal)
• Data Compression Using ZIP
• Base64 Encoding
• Cracking WEP Keys Using WEPCrack
• Acronyms
• Further Readings
• Index

Introductory textbook in the important area of network security for undergraduate and graduate students * Comprehensively covers fundamental concepts with newer topics such as electronic cash, bit-coin, P2P, SHA-3, E-voting, and Zigbee security * Fully updated to reflect new developments in network security * Introduces a chapter on Cloud security, a very popular and essential topic * Uses everyday examples that most computer users experience to illustrate important principles and mechanisms * Features a companion website with Powerpoint slides for lectures and solution manuals to selected exercise problems, available at http://www.cs.uml.edu/~wang/NetSec.
(source: Nielsen Book Data)

• Chapter 1 Logs, Trees, Forest: the Big Picture Chapter 2 What is a Log? Chapter 3 Generating Logs
• Chapter 4 Log Storage Technologies Chapter 5 Case study: syslog-ng
• Chapter 6 Covert logging
• Chapter 7 Analysis Goals, Planning and Preparation: What Are We Looking for?
• Chapter 8 Simple Analysis Techniques Chapter 9 Filtering, Matching and Correlation Chapter 10 Statistical Analysis Chapter 11 Log Data Mining Chapter 12 Reporting and Summarization Chapter 13 Visualizing Log Data Chapter 14 Logging Laws and Logging Mistakes Chapter 15 Tools for Log Analysis and Collection Chapter 16 Log Management Procedures: Escalation, Response Chapter 17 Attacks against logging systems Chapter 18 Logging for Programmers
• Chapter 19 Logs and Compliance Chapter 20 Planning Your Own Log Analysis System Chapter 21 Cloud Logging
• Chapter 22 Log Standard and Future Trends.
• (source: Nielsen Book Data)

Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management introduces information technology professionals to the basic concepts of logging and log management. It provides tools and techniques to analyze log data and detect malicious activity. The book consists of 22 chapters that cover the basics of log data; log data sources; log storage technologies; a case study on how syslog-ng is deployed in a real environment for log collection; covert logging; planning and preparing for the analysis log data; simple analysis techniques; and tools and techniques for reviewing logs for potential problems. The book also discusses statistical analysis; log data mining; visualizing log data; logging laws and logging mistakes; open source and commercial toolsets for log data collection and analysis; log management procedures; and attacks against logging systems. In addition, the book addresses logging for programmers; logging and compliance with regulations and policies; planning for log analysis system deployment; cloud logging; and the future of log standards, logging, and log analysis. This book was written for anyone interested in learning more about logging and log management. These include systems administrators, junior security engineers, application developers, and managers.
(source: Nielsen Book Data)

• Introduction
• Chapter 1: Background on Attacks
• Chapter 2: A Closer Look at Client-Side Attacks
• Chapter 3: A History of Web Browsers
• Chapter 4: The Problem with Browsers
• Chapter 5: Exploring and Exploiting Active Content
• Chapter 6: Browser Defenses
• Chapter 7: E-mail Client Attacks
• Chapter 8: E-mail Client Defenses
• Chapter 9: Web Applications
• Chapter 10: Web Applications and Client Defenses
• Chapter 11: Other Client-Side Attack Targets
• Chapter 12: Malware
• Chapter 13: Client-Side Countermeasures
• Chapter 14: The Road Ahead.
• (source: Nielsen Book Data)

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.
(source: Nielsen Book Data)

• Foreword xxxi Introduction xxxiii
• 1 What Type of Hacker Are You? 1
• 2 How Hackers Hack 9
• 3 Profile: Bruce Schneier 23
• 4 Social Engineering 27
• 5 Profile: Kevin Mitnick 33
• 6 Software Vulnerabilities 39
• 7 Profile: Michael Howard 45
• 8 Profile: Gary McGraw 51
• 9 Malware 55
• 10 Profile: Susan Bradley 61
• 11 Profile: Mark Russinovich 65
• 12 Cryptography 69
• 13 Profile: Martin Hellman 75
• 14 Intrusion Detection/APTs 81
• 15 Profile: Dr. Dorothy E. Denning 87
• 16 Profile: Michael Dubinsky 91
• 17 Firewalls 95
• 18 Profile: William Cheswick 101
• 19 Honeypots 107
• 20 Profile: Lance Spitzner 111
• 21 Password Hacking 115
• 22 Profile: Dr. Cormac Herley 123
• 23 Wireless Hacking 127
• 24 Profile: Thomas d Otreppe de Bouvette 133
• 25 Penetration Testing 137
• 26 Profile: Aaron Higbee 147
• 27 Profile: Benild Joseph 151
• 28 DDoS Attacks 155
• 29 Profile: Brian Krebs 161
• 30 Secure OS 165
• 31 Profile: Joanna Rutkowska 171
• 32 Profile: Aaron Margosis 175
• 33 Network Attacks 181
• 34 Profile: Laura Chappell 185
• 35 IoT Hacking 189
• 36 Profile: Dr. Charlie Miller 193
• 37 Policy and Strategy 201
• 38 Profile: Jing de Jong-Chen 205
• 39 Threat Modeling 211
• 40 Profile: Adam Shostack 217
• 41 Computer Security Education 221
• 42 Profile: Stephen Northcutt 227
• 43 Privacy 231
• 44 Profile: Eva Galperin 235
• 45 Patching 239
• 46 Profile: Window Snyder 245
• 47 Writing as a Career 249
• 48 Profile: Fahmida Y. Rashid 259
• 49 Guide for Parents with Young Hackers 263
• 50 Hacker Code of Ethics 271 Index 275.
• (source: Nielsen Book Data)

Meet the world's top ethical hackers and explore the tools of the trade Hacking the Hacker takes you inside the world of cybersecurity to show you what goes on behind the scenes, and introduces you to the men and women on the front lines of this technological arms race. Twenty-six of the world's top white hat hackers, security researchers, writers, and leaders, describe what they do and why, with each profile preceded by a no-experience-necessary explanation of the relevant technology. Dorothy Denning discusses advanced persistent threats, Martin Hellman describes how he helped invent public key encryption, Bill Cheswick talks about firewalls, Dr. Charlie Miller talks about hacking cars, and other cybersecurity experts from around the world detail the threats, their defenses, and the tools and techniques they use to thwart the most advanced criminals history has ever seen. Light on jargon and heavy on intrigue, this book is designed to be an introduction to the field; final chapters include a guide for parents of young hackers, as well as the Code of Ethical Hacking to help you start your own journey to the top. Cybersecurity is becoming increasingly critical at all levels, from retail businesses all the way up to national security. This book drives to the heart of the field, introducing the people and practices that help keep our world secure. * Go deep into the world of white hat hacking to grasp just how critical cybersecurity is * Read the stories of some of the world's most renowned computer security experts * Learn how hackers do what they do no technical expertise necessary * Delve into social engineering, cryptography, penetration testing, network attacks, and more As a field, cybersecurity is large and multi-faceted yet not historically diverse. With a massive demand for qualified professional that is only going to grow, opportunities are endless. Hacking the Hacker shows you why you should give the field a closer look.
(source: Nielsen Book Data)

Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers About This Book * Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux * Footprint, monitor, and audit your network and investigate any ongoing infestations * Customize Kali Linux with this professional guide so it becomes your pen testing toolkit Who This Book Is For If you are a working ethical hacker who is looking to expand the offensive skillset with a thorough understanding of Kali Linux, then this is the book for you. Prior knowledge about Linux operating systems and the BASH terminal emulator along with Windows desktop and command line would be highly beneficial. What You Will Learn * Set up Kali Linux for pen testing * Map and enumerate your Windows network * Exploit several common Windows network vulnerabilities * Attack and defeat password schemes on Windows * Debug and reverse-engineer Windows programs * Recover lost files, investigate successful hacks and discover hidden data in innocent-looking files * Catch and hold admin rights on the network, and maintain backdoors on the network after your initial testing is done In Detail Microsoft Windows is one of the two most common OS and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, forensics tools and not the OS. This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. First, you are introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities to be able to exploit a system remotely. Next, you will prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools in seven categories of exploitation tools. Further, you perform web access exploits using tools like websploit and more. Security is only as strong as the weakest link in the chain. Passwords are often that weak link. Thus, you learn about password attacks that can be used in concert with other approaches to break into and own a network. Moreover, you come to terms with network sniffing, which helps you understand which users are using services you can exploit, and IP spoofing, which can be used to poison a system's DNS cache. Once you gain access to a machine or network, maintaining access is important. Thus, you not only learn penetrating in the machine you also learn Windows privilege's escalations. With easy to follow step-by-step instructions and support images, you will be able to quickly pen test your system and network. Style and approach This book is a hands-on guide for Kali Linux pen testing. This book will provide all the practical knowledge needed to test your network's security using a proven hacker's methodology. The book uses easy-to-understand yet professional language for explaining concepts.
(source: Nielsen Book Data)

Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition! About This Book * Get a rock-solid insight into penetration testing techniques and test your corporate network against threats like never before * Formulate your pentesting strategies by relying on the most up-to-date and feature-rich Kali version in town-Kali Linux 2 (aka Sana). * Experience this journey with new cutting-edge wireless penetration tools and a variety of new features to make your pentesting experience smoother Who This Book Is For If you are an IT security professional or a student with basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you. What You Will Learn * Find out to download and install your own copy of Kali Linux * Properly scope and conduct the initial stages of a penetration test * Conduct reconnaissance and enumeration of target networks * Exploit and gain a foothold on a target system or network * Obtain and crack passwords * Use the Kali Linux NetHunter install to conduct wireless penetration testing * Create proper penetration testing reports In Detail Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux - Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age. Style and approach This practical guide will showcase penetration testing through cutting-edge tools and techniques using a coherent, step-by-step approach.
(source: Nielsen Book Data)

• Preface Introduction Chapter 1
• An ordinary in the life of M. Rowley, or the dangers of virtualization and mobility. Chapter 2
• Threats and attacks Chapter 3
• Technological countermeasures Chapter 4
• Technological countermeasures for remote access Chapter 5
• What should have been done for M. Rowley's day to be ordinary Conclusion Appendix 1
• Recap of security solutions Appendix 2
• Glossary.
• (source: Nielsen Book Data)

• Introduction ix
• Chapter 1. An Ordinary Day in the Life of Mr. Rowley, or the Dangers of Virtualization and Mobility 1 1.1. A busy day 1 1.2. The ups and downs of the day 3 1.3. What actually happened? 3
• Chapter 2. Threats and Attacks 7 2.1. Reconnaissance phase 9 2.1.1. Passive mode information gathering techniques 10 2.1.2. Active mode information gathering techniques 14 2.2. Identity/authentication attack 22 2.2.1. ARP spoofing 22 2.2.2. IP spoofing 22 2.2.3. Connection hijacking 29 2.2.4. Man in the middle 29 2.2.5. DNS spoofing 30 2.2.6. Replay attack 31 2.2.7. Rebound intrusion 31 2.2.8. Password hacking 32 2.2.9. The insecurity of SSL/TLS 34 2.3. Confidentiality attack 38 2.3.1. Espionage software 39 2.3.2. Trojans 41 2.3.3. Sniffing 43 2.3.4. Cracking encrypted data 44 2.4. Availability attack 49 2.4.1. ICMP Flood 50 2.4.2. SYN Flood 50 2.4.3. Smurfing 52 2.4.4. Log Flood 52 2.4.5. Worms 53 2.5. Attack on software integrity 55 2.6. BYOD: mixed-genre threats and attacks 57 2.7. Interception of GSM/GPRS/EDGE communications 61
• Chapter 3. Technological Countermeasures 65 3.1. Prevention 66 3.1.1. Protection of mobile equipment 67 3.1.2. Data protection 71 3.2. Detection 81 3.2.1. Systems of intrusion detection 81 3.2.2. Honeypot 88 3.2.3. Management and supervision tools 91 3.3. Reaction 95 3.3.1. Firewall 95 3.3.2. Reverse proxy 102 3.3.3. Antivirus software 104 3.3.4. Antivirus software: an essential building block but in need of completion 107 3.4. Organizing the information system's security 108 3.4.1. What is security organization? 109 3.4.2. Quality of security, or the attraction of ISMS 110
• Chapter 4. Technological Countermeasures for Remote Access 113 4.1. Remote connection solutions 114 4.1.1. Historic solutions 115 4.1.2. Desktop sharing solutions 115 4.1.3. Publication on the Internet 116 4.1.4. Virtual Private Network (VPN) solutions 118 4.2. Control of remote access 137 4.2.1. Identification and authentication 139 4.2.2. Unique authentication 155 4.3. Architecture of remote access solutions 157 4.3.1. Securing the infrastructure 157 4.3.2. Load balancing/redundancy 161 4.4. Control of conformity of the VPN infrastructure 162 4.5. Control of network admission 166 4.5.1. Control of network access 166 4.5.2. ESCV (Endpoint Security Compliancy Verification) 167 4.5.3. Mobile NAC 170
• Chapter 5. What Should Have Been Done to Make Sure Mr Rowley's Day Really Was Ordinary 173 5.1. The attack at Mr Rowley's house 173 5.1.1. Securing Mr Rowley's PC 173 5.1.2. Securing the organizational level 174 5.1.3. Detection at the organizational level 175 5.1.4. A little bit of prevention 175 5.2. The attack at the airport VIP lounge while on the move 176 5.3. The attack at the cafe 176 5.4. The attack in the airport VIP lounge during Mr Rowley's return journey 178 5.5. The loss of a smartphone and access to confidential data 180 5.6. Summary of the different security solutions that should have been implemented 181 Conclusion 187 APPENDICES 189
• Appendix 1 191
• Appendix 2 197 Bibliography 223 Index 233.
• (source: Nielsen Book Data)

Over the last few years, mobile equipment to remotely connect to the corporate network (smartphones, ultra-light laptops, etc.) has rapidly grown. Future development perspectives and new tendencies such as BYOD (Bring your own device) expose more than ever business information system to various compromising threats. The safety control of remote accesses has become a strategic stake for all companies. This book reviews all the threats weighing on these remote accesses, as well as the existing standard and specific countermeasures to protect companies, from both the technical and organizational aspects.
(source: Nielsen Book Data)
Over recent years, the amount of mobile equipment that needs to be connected to corporate networks remotely (smartphones, laptops, etc.) has increased rapidly. Innovative development perspectives and new tendencies such as BYOD (bring your own device) are exposing business information systems more than ever to various compromising threats. The safety control of remote access has become a strategic issue for all companies. This book reviews all the threats weighing on these remote access points, as well as the existing standards and specific countermeasures to protect companies, from both the technical and organizational points of view. It also reminds us that the organization of safety is a key element in the implementation of an efficient system of countermeasures as well. The authors also discuss the novelty of BYOD, its dangers and how to face them. Contents: 1. An Ordinary Day in the Life of Mr. Rowley, or the Dangers of Virtualization and Mobility. 2.Threats and Attacks. 3. Technological Countermeasures. 4. Technological Countermeasures for Remote Access. 5. What Should Have Been Done to Make Sure Mr Rowley's Day Really Was Ordinary.
(source: Nielsen Book Data)

• Introduction xxi
• 1 Introduction to Network Forensics 1 What Is Forensics? 3 Handling Evidence 4 Cryptographic Hashes 5 Chain of Custody 8 Incident Response 8 The Need for Network Forensic Practitioners 10 Summary 11 References 12
• 2 Networking Basics 13 Protocols 14 Open Systems Interconnection (OSI) Model 16 TCP/IP Protocol Suite 18 Protocol Data Units 19 Request for Comments 20 Internet Registries 23 Internet Protocol and Addressing 25 Internet Protocol Addresses 28 Internet Control Message Protocol (ICMP) 31 Internet Protocol Version 6 (IPv6) 31 Transmission Control Protocol (TCP) 33 Connection-Oriented Transport 36 User Datagram Protocol (UDP) 38 Connectionless Transport 39 Ports 40 Domain Name System 42 Support Protocols (DHCP) 46 Support Protocols (ARP) 48 Summary 49 References 51
• 3 Host-Side Artifacts 53 Services 54 Connections 60 Tools 62 netstat 63 nbstat 66 ifconfi g/ipconfi g 68 Sysinternals 69 ntop 73 Task Manager/Resource Monitor 75 ARP 77 /proc Filesystem 78 Summary 79
• 4 Packet Capture and Analysis 81 Capturing Packets 82 Tcpdump/Tshark 84 Wireshark 89 Taps 91 Port Spanning 93 ARP Spoofi ng 94 Passive Scanning 96 Packet Analysis with Wireshark 98 Packet Decoding 98 Filtering 101 Statistics 102 Following Streams 105 Gathering Files 106 Network Miner 108 Summary 110
• 5 Attack Types 113 Denial of Service Attacks 114 SYN Floods 115 Malformed Packets 118 UDP Floods 122 Amplifi cation Attacks 124 Distributed Attacks 126 Backscatter 128 Vulnerability Exploits 130 Insider Threats 132 Evasion 134 Application Attacks 136 Summary 140
• 6 Location Awareness 143 Time Zones 144 Using whois 147 Traceroute 150 Geolocation 153 Location-Based Services 156 WiFi Positioning 157 Summary 158
• 7 Preparing for Attacks 159 NetFlow 160 Logging 165 Syslog 166 Windows Event Logs 171 Firewall Logs 173 Router and Switch Logs 177 Log Servers and Monitors 178 Antivirus 180 Incident Response Preparation 181 Google Rapid Response 182 Commercial Offerings 182 Security Information and Event Management 183 Summary 185
• 8 Intrusion Detection Systems 187 Detection Styles 188 Signature-Based 188 Heuristic 189 Host-Based versus Network-Based 190 Snort 191 Suricata and Sagan 201 Bro 203 Tripwire 205 OSSEC 206 Architecture 206 Alerting 207 Summary 208
• 9 Using Firewall and Application Logs 211 Syslog 212 Centralized Logging 216 Reading Log Messages 220 LogWatch 222 Event Viewer 224 Querying Event Logs 227 Clearing Event Logs 231 Firewall Logs 233 Proxy Logs 236 Web Application Firewall Logs 238 Common Log Format 240 Summary 243
• 10 Correlating Attacks 245 Time Synchronization 246 Time Zones 246 Network Time Protocol 247 Packet Capture Times 249 Log Aggregation and Management 251 Windows Event Forwarding 251 Syslog 252 Log Management Offerings 254 Timelines 257 Plaso 258 PacketTotal 259 Wireshark 261 Security Information and Event Management 262 Summary 263
• 11 Network Scanning 265 Port Scanning 266 Operating System Analysis 271 Scripts 273 Banner Grabbing 275 Ping Sweeps 278 Vulnerability Scanning 280 Port Knocking 285 Tunneling 286 Passive Data Gathering 287 Summary 289
• 12 Final Considerations 291 Encryption 292 Keys 293 Symmetric 294 Asymmetric 295 Hybrid 296 SSL/TLS 297 Cloud Computing 306 Infrastructure as a Service 306 Storage as a Service 309 Software as a Service 310 Other Factors 311 The Onion Router (TOR) 314 Summary 317 Index 319.
• (source: Nielsen Book Data)

Intensively hands-on training for real-world network forensics Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light. Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need. * Investigate packet captures to examine network communications * Locate host-based artifacts and analyze network logs * Understand intrusion detection systems and let them do the legwork * Have the right architecture and systems in place ahead of an incident Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.
(source: Nielsen Book Data)

• Copyright
• Table of Contents
• Foreword
• Preface
• Who This Book Is For
• How to Use This Book
• Conventions Used in This Book
• Using Code Examples
• Safari® Books Online
• How to Contact Us
• Acknowledgments
• Chapter 1. Lights Out-Hacking Wireless Lightbulbs to Cause Sustained Blackouts
• Why hue?
• Controlling Lights via the Website Interface
• Information Leakage
• Drive-by Blackouts
• Weak Password Complexity and Password Leaks
• Controlling Lights Using the iOS App
• Stealing the Token from a Mobile Device
• Malware Can Cause Perpetual Blackouts.

• Changing Lightbulb State
• If This Then That (IFTTT)
• Conclusion
• Chapter 2. Electronic Lock Picking-Abusing Door Locks to Compromise Physical Security
• Hotel Door Locks and Magnetic Stripes
• The Onity Door Lock
• The Magnetic Stripe
• The Programming Port
• Security Issues
• Vendor Response
• The Case of Z-Wave-Enabled Door Locks
• Z-Wave Protocol and Implementation Analysis
• Exploiting Key-Exchange Vulnerability
• Bluetooth Low Energy and Unlocking via Mobile Apps
• Understanding Weaknesses in BLE and Using Packet-Capture Tools
• Kevo Mobile App Insecurities
• Conclusion.

• Chapter 3. Assaulting the Radio Nurse-Breaching Baby Monitors and One Other Thing
• The Foscam Incident
• Foscam Vulnerabilities Exposed by Researchers
• Using Shodan to Find Baby Monitors Exposed on the Internet
• Exploiting Default Credentials
• Exploiting Dynamic DNS
• The Foscam Saga Continues
• The Belkin WeMo Baby Monitor
• Bad Security by Design
• Malware Gone Wild
• Some Things Never Change: The WeMo Switch
• Conclusion
• Chapter 4. Blurred Lines-When the Physical Space Meets the Virtual Space
• SmartThings
• Hijacking Credentials
• Abusing the Physical Graph.

• SmartThings SSL Certificate Validation Vulnerability
• Interoperability with Insecurity Leads to{u2026}Insecurity
• SmartThings and hue Lighting
• SmartThings and the WeMo Switch
• Conclusion
• Chapter 5. The Idiot Box-Attacking "Smart" Televisions
• The TOCTTOU Attack
• The Samsung LExxB650 Series
• The Exploit
• You Call That Encryption?
• Understanding XOR
• I call it Encraption
• Understanding and Exploiting the App World
• Decrypting Firmware
• Cursory Exploration of the Operating System
• Remotely Exploiting a Samsung Smart TV
• Inspecting Your Own Smart TV (and Other IoT Devices)

• Say Hello to the WiFi Pineapple Mark V
• Capturing credentials and stripping TLS
• Conclusion
• Chapter 6. Connected Car Security Analysis-From Gas to Fully Electric
• The Tire Pressure Monitoring System (TPMS)
• Reversing TPMS Communication
• Eavesdropping and Privacy Implications
• Spoofing Alerts
• Exploiting Wireless Connectivity
• Injecting CAN Data
• Bluetooth Vulnerabilities
• Vulnerabilities in Telematics
• Significant Attack Surface
• The Tesla Model S
• Locate and Steal a Tesla the Old-Fashioned Way
• Social Engineering Tesla Employees and the Quest for Location Privacy.

A future with billions of connected "things" includes monumental security concerns. This practical book explores how malicious attackers can abuse popular IoT-based devices, including wireless LED lightbulbs, electronic door locks, baby monitors, smart TVs, and connected cars. If you're part of a team creating applications for Internet-connected devices, this guide will help you explore security solutions. You'll not only learn how to uncover vulnerabilities in existing IoT devices, but also gain deeper insight into an attacker's tactics. Analyze the design, architecture, and security issues of wireless lighting systems Understand how to breach electronic door locks and their wireless mechanisms Examine security design flaws in remote-controlled baby monitors Evaluate the security design of a suite of IoT-connected home products Scrutinize security vulnerabilities in smart TVs Explore research into security weaknesses in smart cars Delve into prototyping techniques that address security in initial designs Learn plausible attacks scenarios based on how people will likely use IoT devices.
(source: Nielsen Book Data)

• Introduction: Securing Cyber-Physical Infrastructures--An Overview Part 1: Theoretical Foundations of Security Chapter 1: Security and Vulnerability of Cyber-Physical Infrastructure Networks: A Control-Theoretic Approach Chapter 2: Game Theory for Infrastructure Security - The Power of Intent-Based Adversary Models Chapter 3: An Analytical Framework for Cyber-Physical Networks Chapter 4: Evolution of Widely Spreading Worms and Countermeasures : Epidemic Theory and Application Part 2: Security for Wireless Mobile Networks Chapter 5: Mobile Wireless Network Security Chapter 6: Robust Wireless Infrastructure against Jamming Attacks Chapter 7: Security for Mobile Ad Hoc Networks Chapter 8: Defending against Identity-Based Attacks in Wireless Networks Part 3: Security for Sensor Networks Chapter 9: Efficient and Distributed Access Control for Sensor Networks Chapter 10: Defending against Physical Attacks in Wireless Sensor Networks Chapter 11: Node Compromise Detection in Wireless Sensor Networks Part 4: Platform Security Chapter 12: Hardware and Security: Vulnerabilities and Solutions Chapter 13: Languages and Security: Safer Software Through Language and Compiler Techniques Part 5: Cloud Computing and Data Security Chapter 14: Protecting Data in Outsourcing Scenarios Chapter 15: Data Security in Cloud Computing Chapter 16: Secure Mobile Cloud Computing Chapter 17: Relation Privacy Preservation in Online Social Networks Part 6: Event Monitoring and Situation Awareness Chapter 18: Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure Chapter 19: Discovering and Tracking Patterns of Interest in Security Sensor Streams Chapter 20: Pervasive Sensing and Monitoring for Situational Awareness Chapter 21: Sense and Response Systems for Crisis Management Part 7. Policy Issues in Security Management Chapter 22: Managing and Securing Critical Infrastructure
• A Semantic Policy and Trust-Driven Approach Chapter 23: Policies, Access Control, and Formal Methods Chapter 24: Formal Analysis of Policy based Security Configurations in Enterprise Networks Part 8: Security Issues in Real-World Systems Chapter 25: Security and Privacy in the Smart Grid Chapter 26: Cyber-physical Security of Automotive Information Technology Chapter 27: Security and Privacy for Mobile Healthcare (m-Health) Systems Chapter 28: Security and Robustness in the Internet Infrastructure Chapter 29: Emergency Vehicular Networks Chapter 30: Security Issues in VoIP Telecommunication Networks.
• (source: Nielsen Book Data)

The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques - while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system.
(source: Nielsen Book Data)

• Building a Hardware and Software Test Platform
• Passive Information Gathering
• Analyzing Network Traffic
• Detecting Live Systems and Analyzing Results
• Enumerating Systems
• Automating Encryption and Tunneling Techniques
• Automated Attack and Penetration Tools
• Securing Wireless Systems
• An Introduction to Malware
• Detecting Intrusions and Analyzing Malware
• Forensic Detection.

The ultimate hands-on guide to IT security and proactive defense The Network Security Test Lab is a hands-on, step-by-step guide to ultimate IT security implementation. Covering the full complement of malware, viruses, and other attack technologies, this essential guide walks you through the security assessment and penetration testing process, and provides the set-up guidance you need to build your own security-testing lab. You'll look inside the actual attacks to decode their methods, and learn how to run attacks in an isolated sandbox to better understand how attackers target systems, and how to build the defenses that stop them. You'll be introduced to tools like Wireshark, Networkminer, Nmap, Metasploit, and more as you discover techniques for defending against network attacks, social networking bugs, malware, and the most prevalent malicious traffic. You also get access to open source tools, demo software, and a bootable version of Linux to facilitate hands-on learning and help you implement your new skills. Security technology continues to evolve, and yet not a week goes by without news of a new security breach or a new exploit being released. The Network Security Test Lab is the ultimate guide when you are on the front lines of defense, providing the most up-to-date methods of thwarting would-be attackers. * Get acquainted with your hardware, gear, and test platform * Learn how attackers penetrate existing security systems * Detect malicious activity and build effective defenses * Investigate and analyze attacks to inform defense strategy The Network Security Test Lab is your complete, essential guide.
(source: Nielsen Book Data)

• Introduction xxi Assessment Test xxxi
• Chapter 1 Understanding Security Fundamentals 1 Goals of Security 2 Confidentiality 2 Integrity 3 Availability 3 Guiding Principles 3 Common Security Terms 6 Risk Management Process 7 Network Topologies 15 CAN 15 WAN 16 Data Center 16 SOHO 17 Virtual 17 Common Network Security Zones 17 DMZ 17 Intranet and Extranet 18 Public and Private 18 VLAN 18 Summary 19 Exam Essentials 19 Review Questions 20
• Chapter 2 Understanding Security Threats 25 Common Network Attacks 26 Motivations 26 Classifying Attack Vectors 27 Spoofing 28 Password Attacks 29 Reconnaissance Attacks 30 Buffer Overflow 34 DoS 34 DDoS 36 Man-in-the-Middle Attack 37 ARP Poisoning 37 Social Engineering 38 Phishing/Pharming 38 Prevention 38 Malware 39 Data Loss and Exfiltration 39 Summary 40 Exam Essentials 40 Review Questions 42
• Chapter 3 Understanding Cryptography 45 Symmetric and Asymmetric Encryption 46 Ciphers 46 Algorithms 48 Hashing Algorithms 53 MD5 54 SHA-1 54 SHA-2 54 HMAC 55 Digital Signatures 55 Key Exchange 57 Application: SSH 57 Public Key Infrastructure 57 Public and Private Keys 58 Certificates 60 Certificate Authorities 61 PKI Standards 63 PKI Topologies 64 Certificates in the ASA 65 Cryptanalysis 67 Summary 68 Exam Essentials 68 Review Questions 69
• Chapter 4 Securing the Routing Process 73 Securing Router Access 74 Configuring SSH Access 74 Configuring Privilege Levels in IOS 76 Configuring IOS Role-Based CLI 77 Implementing Cisco IOS Resilient Configuration 79 Implementing OSPF Routing Update Authentication 80 Implementing OSPF Routing Update Authentication 80 Implementing EIGRP Routing Update Authentication 82 Securing the Control Plane 82 Control Plane Policing 83 Summary 84 Exam Essentials 85 Review Questions 86
• Chapter 5 Understanding Layer 2 Attacks 91 Understanding STP Attacks 92 Understanding ARP Attacks 93 Understanding MAC Attacks 95 Understanding CAM Overflows 96 Understanding CDP/LLDP Reconnaissance 97 Understanding VLAN Hopping 98 Switch Spoofing 98 Double Tagging 99 Understanding DHCP Spoofing 99 Summary 101 Exam Essentials 101 Review Questions 102
• Chapter 6 Preventing Layer 2 Attacks 107 Configuring DHCP Snooping 108 Configuring Dynamic ARP Inspection 110 Configuring Port Security 112 Configuring STP Security Features 114 BPDU Guard 114 Root Guard 115 Loop Guard 115 Disabling DTP 116 Verifying Mitigations 116 DHCP Snooping 116 DAI 117 Port Security 118 STP Features 118 DTP 120 Summary 120 Exam Essentials 121 Review Questions 122
• Chapter 7 VLAN Security 127 Native VLANs 128 Mitigation 128 PVLANs 128 PVLAN Edge 131 PVLAN Proxy Attack 132 ACLs on Switches 133 Port ACLs 133 VLAN ACLs 133 Summary 134 Exam Essentials 134 Review Questions 136
• Chapter 8 Securing Management Traffic 141 In-Band and Out-of-Band Management 142 AUX Port 142 VTY Ports 143 HTTPS Connection 144 SNMP 144 Console Port 145 Securing Network Management 146 SSH 146 HTTPS 146 ACLs 146 Banner Messages 147 Securing Access through SNMP v3 149 Securing NTP 150 Using SCP for File Transfer 151 Summary 151 Exam Essentials 152 Review Questions 153
• Chapter 9 Understanding 802.1x and AAA 157 802.1x Components 158 RADIUS and TACACS+ Technologies 159 Configuring Administrative Access with TACACS+ 160 Local AAA Authentication and Accounting 160 SSH Using AAA 161 Understanding Authentication and Authorization Using ACS and ISE 161 Understanding the Integration of Active Directory with AAA 162 TACACS+ on IOS 162 Verify Router Connectivity to TACACS+ 164 Summary 164 Exam Essentials 165 Review Questions 166
• Chapter 10 Securing a BYOD Initiative 171 The BYOD Architecture Framework 172 Cisco ISE 172 Cisco TrustSec 174 The Function of Mobile Device Management 177 Integration with ISE Authorization Policies 177 Summary 178 Exam Essentials 179 Review Questions 180
• Chapter 11 Understanding VPNs 185 Understanding IPsec 186 Security Services 186 Protocols 189 Delivery Modes 192 IPsec with IPV6 194 Understanding Advanced VPN Concepts 195 Hairpinning 195 Split Tunneling 196 Always-on VPN 197 NAT Traversal 198 Summary 199 Exam Essentials 199 Review Questions 200
• Chapter 12 Configuring VPNs 203 Configuring Remote Access VPNs 204 Basic Clientless SSL VPN Using ASDM 204 Verify a Clientless Connection 207 Basic AnyConnect SSL VPN Using ASDM 207 Verify an AnyConnect Connection 209 Endpoint Posture Assessment 209 Configuring Site-to-Site VPNs 209 Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209 Verify an IPsec Site-to-Site VPN 212 Summary 212 Exam Essentials 213 Review Questions 214
• Chapter 13 Understanding Firewalls 219 Understanding Firewall Technologies 220 Packet Filtering 220 Proxy Firewalls 220 Application Firewall 221 Personal Firewall 221 Stateful vs. Stateless Firewalls 222 Operations 222 State Table 223 Summary 224 Exam Essentials 224 Review Questions 225
• Chapter 14 Configuring NAT and Zone-Based Firewalls 229 Implementing NAT on ASA 9.x 230 Static 231 Dynamic 232 PAT 233 Policy NAT 233 Verifying NAT Operations 235 Configuring Zone-Based Firewalls 236 Class Maps 237 Default Policies 237 Configuring Zone-to-Zone Access 239 Summary 240 Exam Essentials 240 Review Questions 241
• Chapter 15 Configuring the Firewall on an ASA 245 Understanding Firewall Services 246 Understanding Modes of Deployment 247 Routed Firewall 247 Transparent Firewall 247 Understanding Methods of Implementing High Availability 247 Active/Standby Failover 248 Active/Active Failover 248 Clustering 249 Understanding Security Contexts 249 Configuring ASA Management Access 250 Initial Configuration 250 Configuring Cisco ASA Interface Security Levels 251 Security Levels 251 Configuring Security Access Policies 253 Interface Access Rules 253 Object Groups 254 Configuring Default Cisco Modular Policy Framework (MPF) 256 Summary 257 Exam Essentials 257 Review Questions 259
• Chapter 16 Intrusion Prevention 263 IPS Terminology 264 Threat 264 Risk 264 Vulnerability 265 Exploit 265 Zero-Day Threat 265 Actions 265 Network-Based IPS vs. Host-Based IPS 266 Host-Based IPS 266 Network-Based IPS 266 Promiscuous Mode 266 Detection Methods 267 Evasion Techniques 267 Packet Fragmentation 267 Injection Attacks 270 Alternate String Expressions 271 Introducing Cisco FireSIGHT 271 Capabilities 271 Protections 272 Understanding Modes of Deployment 273 Inline 275 Positioning of the IPS within the Network 275 Outside 275 DMZ 276 Inside 277 Understanding False Positives, False Negatives, True Positives, and True Negatives 277 Summary 278 Exam Essentials 278 Review Questions 280
• Chapter 17 Content and Endpoint Security 285 Mitigating Email Threats 286 Spam Filtering 286 Context-Based Filtering 287 Anti-malware Filtering 287 DLP 287 Blacklisting 288 Email Encryption 288 Cisco Email Security Appliance 288 Putting the Pieces Together 290 Mitigating Web-Based Threats 292 Understanding Web Proxies 292 Cisco Web Security Appliance 293 Mitigating Endpoint Threats 294 Cisco Identity Services Engine (ISE) 294 Antivirus/Anti-malware 294 Personal Firewall 294 Hardware/Software Encryption of Local Data 294 HIPS 295 Summary 295 Exam Essentials 295 Review Questions 296 Appendix Answers to Review Questions 301
• Chapter 1: Understanding Security Fundamentals 302
• Chapter 2: Understanding Security Threats 304
• Chapter 3: Understanding Cryptography 305
• Chapter 4: Securing the Routing Process 307
• Chapter 5: Understanding Layer 2 Attacks 309
• Chapter 6: Preventing Layer 2 Attacks 311
• Chapter 7: VLAN Security 312
• Chapter 8: Securing Management Traffic 314
• Chapter 9: Understanding 802.1x and AAA 316
• Chapter 10: Securing a BYOD Initiative 317
• Chapter 11: Understanding VPNs 319
• Chapter 12: Configuring VPNs 321
• Chapter 13: Understanding Firewalls 322
• Chapter 14: Configuring NAT and Zone-Based Firewalls 324
• Chapter 15: Configuring the Firewall on an ASA 325
• Chapter 16: Intrusion Prevention 327
• Chapter 17: Content and Endpoint Security 328 Index 331.
• (source: Nielsen Book Data)

Lay the foundation for a successful career in network security CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you successfully prepare for the exam. Expert instruction guides you through critical concepts relating to secure network infrastructure, access management, VPN encryption, Firewalls, intrusion prevention and more, with complete coverage of the CCNA exam objectives. Practical examples allow you to apply your skills in real-world scenarios, helping you transition effectively from "learning" to "doing." You also get access to the Sybex online learning environment, featuring the tools you need to maximize your study time: key terminology and flash cards allow you to study anytime, anywhere, while chapter tests and practice exams help you track your progress and gauge your readiness along the way. The CCNA Security certification tests your knowledge of secure network installation, monitoring, and troubleshooting using Cisco security hardware and software solutions. When you're ready to get serious about preparing for the exam, this book gives you the advantage of complete coverage, real-world application, and extensive learning aids to help you pass with confidence. Master Cisco security essentials, standards, and core technologies Work through practical examples drawn from real-world examples Track your progress with online study aids and self-tests Develop critical competencies in maintaining data integrity, confidentiality, and availability Earning your CCNA Security certification validates your abilities in areas that define careers including network security, administrator, and network security support engineer. With data threats continuing to mount, the demand for this skill set will only continue to grow--and in an employer's eyes, a CCNA certification makes you a true professional. CCNA Security Study Guide is the ideal preparation resource for candidates looking to not only pass the exam, but also succeed in the field.
(source: Nielsen Book Data)