Book description
Maximum Security, Third Edition provides comprehensive, platform-by-platform coverage of security issues and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. In one book, security managers and others interested in computer and network security can learn everything the hackers already know, and then take steps to protect their systems.
Table of contents
- Copyright
- About the Lead Author
- About the Contributing Authors
- Tell Us What You Think!
-
I. Setting the Stage
- 1. Why This Book Was Written
- 2. How to Use This Book
-
II. Security Concepts
- 3. Building a Roadmap for Securing Your Enterprise
- 4. A Brief Primer on TCP/IP
- 5. Hackers and Crackers
- 6. The State of the Net: A World at War
-
III. Hacking 101: The Tricks of the Trade
- 7. Spoofing Attacks
- 8. Hiding One's Identity
-
9. Dispelling Some of the Myths
- When Can Attacks Occur?
- What Kinds of Attackers Exist?
- Operating Systems Used by Crackers
- Is There a Typical Attack?
- Who Gets Targeted Most Frequently?
- What Is the Motivation Behind Attacks?
- Summary
-
IV. The Defender's Toolkit
-
10. Firewalls
- What Is a Firewall?
- Other Features Found in Firewall Products
- Firewalls Are Not Bulletproof
- A Look Under the Hood of Firewalling Products
- Pitfalls of Firewalling
- Firewall Appliances
- Building Firewalls in the Real World
- Sample Failures of Firewall Technology
- Building a Firewall with the Firewall Toolkit (FWTK)
- Commercial Firewalls
- Summary
- 11. Vulnerability Assessment Tools (Scanners)
- 12. Intrusion Detection Systems (IDSs)
- 13. Logging and Auditing Tools
- 14. Password Crackers
-
15. Sniffers
- Sniffers as Security Risks
- What Level of Risk Do Sniffers Represent?
- Has Anyone Actually Seen a Sniffer Attack?
- What Information Do Sniffers Capture?
- Where Is One Likely to Find a Sniffer?
-
Where Can I Get a Sniffer?
-
Commercial Sniffers
- Sniffer Portable Analysis Solutions from Network Associates
- Shomiti Systems Surveyor, Explorer, and Century LAN Analyzers
- PacketView by Klos Technologies
- Network Probe from Network Communications
- LANWatch by Precision Guesswork
- EtherPeek from WildPackets Inc. (formerly AG Group)
- NetMinder Ethernet by Neon Software
- DatagLANce Network Analyzer by IBM
- LinkView Network Analyzers by Acterna
- ProConvert from WildPackets, Inc. (formerly Net3 Group)
- LANdecoder32 by Triticom
- LanExplorer Protocol Analyzer from Sunrise Telecom
- Freely Available Sniffers
- Ethload (Vyncke, et al.)
- TCPDUMP
- LinSniff
- Sunsniff
- linux_sniffer.c
-
Commercial Sniffers
- Defeating Sniffer Attacks
- Summary
- Further Reading on Sniffers
-
10. Firewalls
-
V. Virtual Weapons of Mass Destruction
- 16. Denial of Service Attacks
- 17. Viruses and Worms
- 18. Trojans
-
VI. Platforms and Security
-
19. Microsoft
- DOS
- Windows for Workgroups, Windows 9x, and Windows Me
- Windows NT
- Internal Windows NT Security
-
Windows 2000
- Improvements to Security
- Windows 2000 Distributed Security Overview
-
General Windows 2000 Security Vulnerabilities
- The Windows 2000 Directory Service Restore Mode Password Vulnerability
- The Netmon Protocol Parsing Vulnerability
- The Network DDE Agent Request Vulnerability
- The Phone Book Service Buffer Overflow Vulnerability
- The Telnet Client NTLM Authentication Vulnerability
- The Telnet Server Flooding Vulnerability
- Summary of Windows 2000
-
Modern Vulnerabilities in Microsoft Applications
-
Microsoft Internet Explorer
- The Active Setup Download Vulnerability
- The Cached Web Credentials Vulnerability
- The IE Script Vulnerability
- The Microsoft Internet Explorer GetObject() File Disclosure Vulnerability
- The Office HTML Script Vulnerability
- The SSL Certificate Validation Vulnerability
- The Unauthorized Cookie Access Vulnerability
-
Microsoft Exchange Server
- Microsoft Exchange Encapsulated SMTP Address Vulnerability
- Microsoft Exchange Malformed Bind Request Vulnerability
- Microsoft Exchange Malformed MIME Header Vulnerability
- Microsoft Exchange NNTP Denial-of-Service Vulnerability
- Microsoft Exchange SMTP Denial of Service Vulnerability
- Microsoft Exchange Error Message Vulnerability
- Microsoft Exchange User Account Vulnerability
-
IIS (Internet Information Server)
- The IIS Cross-Site Scripting Vulnerabilities
- The IIS Malformed Web Form Submission Vulnerability
- The IIS New Variant of File Fragment Reading via .HTR Vulnerability
- The IIS Session ID Cookie Marking Vulnerability
- The IIS Web Server File Request Parsing Vulnerability
- The Invalid URL Vulnerability
- The Myriad Escaped Characters Vulnerability
- The Web Server Folder Traversal Vulnerability
-
Tools
- Administrator Assistant Tool Kit
- Administrator's Pak
- AntiSniff 1.021
- FileAdmin
- Kane Security Analyst 5.0
- L0phtCrack 3.0
- LANguard Internet Access Control
- LANguard Security Reporter
- NT Crack
- NT Locksmith
- NTFSDOS Pro
- NTHandle
- NTRecover
- PC Firewall ASaP
- RedButton
- RegAdmin
- Remote Recover
- ScanNT Plus
- Sniffer Basic
- Somarsoft DumpSec
- Somarsoft DumpEvt
- Somarsoft DumpReg
- Virtuosity
-
Access Control Software
- Cetus StormWindow
- Clasp2000
- ConfigSafe Complete Recovery v4 by imagine LAN, Inc.
- DECROS Security Card by DECROS, Ltd.
- Desktop Surveillance Enterprise and Personal Editions
- HDD-Protect 2.5c
- Omniquad Detective 2.1
- Secure4U 5.0
- StopLock Suite by Conclusive Logic, Inc.
- TrueFace
- Windows Task-Lock by Posum LLC
- WP WinSafe
- SafeGuard Easy
- Secure Shell
-
Good Online Sources of Information
- The Windows NT Security FAQ
- NTBugTraq
- NTSECURITY.COM for Windows 2000 and Windows NT
- Expert Answers for Windows 2000, Windows NT, and Windows 9x/Me
- Windows IT Security (Formerly NTSecurity.net)
- "An Introduction to the Windows 2000 Public Key Infrastructure"
- Windows 2000 Magazine Online
- Securing Windows NT Installation
- Checklist for Upgrading to Windows 2000 Server
- The University of Texas at Austin Computation Center NT Archive
-
Books on Windows 2000 and Windows NT Security
-
Microsoft Internet Explorer
- Summary
-
20. UNIX
- A Whistle-Stop Tour of UNIX History
- Classifying UNIX Distributions
- Security Considerations in Choosing a Distribution
- UNIX Security Risks
- Breaking Set-uid Programs for Fun and Profit
- Rootkits and Defenses
- Host Network Security
- Telnet
- An Essential Tool: Secure Shell
- FTP
- The r Services
- REXEC
- SMTP
- DNS
- Finger
- SNMP
- Network File System
- The Caveats of chroot
- Better the Daemon You Know…
- Assessing Your UNIX Systems for Vulnerabilities
- Summary
-
21. Novell
- The OS Facts of Life
- Watching the Big Three
-
Further Reading
- Summary
- 22. Cisco Routers and Switches
-
23. Macintosh
- Establishing the Macintosh as a Server
- Vulnerabilities on the Macintosh Platform
- About File Sharing and Security
- Server Management and Security
- Internal Security
- Password Crackers and Related Utilities
- Anonymous Email and Mailbombing
- Macintosh OSX
- Tools Designed Specifically for America Online
- Summary
- Resources
- 24. VAX/VMS
-
19. Microsoft
-
VII. Bringing It All Together
- 25. Mining the Data Monster
- 26. Policies, Procedures, and Enforcement
- 27. Internal Security
- 28. Network Architecture Considerations
- 29. Secure Application Development, Languages, and Extensions
-
VIII. Appendixes
- A. Security Bibliography—Further Reading
- B . Internet 101
- C. How to Get More Information
-
D. Security Consultants
-
The Listings
- ACROS, d.o.o. (Slovenia)
- Armor Security, Inc. (U.S.A.)
- AS Stallion Ltd. (Estonia)
- ASCIItech (Canada)
- AtBusiness Communications (Finland, Germany, Russia)
- Atlantic Computing Technology Corporation (U.S.A.)
- beTRUSTed (WorldWide)
- Cambridge Technology Partners, Inc. (Worldwide)
- Canaudit, Inc (U.S.A.)
- CobWeb Applications (U.K.)
- Command Systems (U.S.A.)
- Computer Associates Services eTrust (Worldwide)
- CorpNet Security (U.S.A.)
- Counterpane Internet Security (U.S.A.)
- Cryptek Secure Communications LLC (U.S.A.)
- CygnaCom Solutions (U.S.A.)
- Data Fellows (Europe, North America, Asia)
- Data Systems West (U.S.A.)
- DataLynx, Inc. (U.S.A.)
- Dataway, Inc. (U.S.A., Ireland)
- Delphi Consulting, LLC (U.S.A.)
- EAC Network Integrators (U.S.A.)
- ECG Management Consultants (U.S.A.)
- EGAN Group Pty Limited (Australia)
- Energis (U.K.)
- EnGarde Systems, Inc (U.S.A.)
- EnterEdge Technology LLC (U.S.A.)
- Ernst & Young LLP (U.S.A.)
- eSoft (U.S.A., U.K., Singapore)
- Espiria (U.S.A.)
- ESTec Systems Corporation (North America, Latin America, Asia)
- Flavio Marcelo Amaral (Brazil)
- FMJ/PADLOCK Computer Security Systems (U.S.A.)
- Galaxy Computer Services, Inc. (U.S.A.)
- Gemini Computers, Inc. (U.S.A.)
- Getronics Government Services (U.S.A.)
- GlobalCenter (U.S.A.)
- Global Privacy Solutions (U.S.A.)
- Graham Information Security and Management Services (Australia)
- Grand Designs Ltd./ConfluX.net (U.S.A.)
- Gregory R. Block (U.K.)
- The GSR Consulting Group Inc. (Canada)
- Guardent Inc (North America, U.K.)
- Hyperon Consulting (U.S.A.)
- I.T. NetworX Ltd. (Ireland)
- Infoconcept GmbH (Germany)
- INFOSEC Engineering (U.S.A.)
- Infosecure Australia (Australia)
- Ingenieurbüro Dr.-Ing Markus a Campo (Germany)
- Integrity Sciences, Inc. (U.S.A.)
- InterNet Guide Service, Inc. (U.S.A.)
- Internet Security Systems, Inc. (ISS) (U.S.A.)
- Interpact, Inc./http://Infowar.Com (U.S.A.)
- Jerboa, Inc. (U.S.A.)
- Karl Nagel & Company
- Kinetic, Inc. (U.S.A.)
- Learning Tree International (U.S.A.)
- Livermore Software Labs (Worldwide)
- Lucent Worldwide Services Security Consulting (U.S.A. and UK)
- Lunux Network Security Services (U.S.A.)
- Lurhq Corporation (U.S.A.)
- marchFIRST (U.S.A.)
- Maxon Services (Canada)
- Merdan Group, Inc. (U.S.A.)
- Merilus Technologies (U.S.A.)
- Milvets System Technology, Inc (U.S.A.)
- MIS Corporate Defence Solutions (Holland and U.K.)
- Myxa Corporation (U.S.A.)
- NetraCorp LLC. (U.S.A.)
- Nett & So GmbH (Germany)
- Network Associates, Inc.
- Network Security Assurance Group (U.S.A.)
- Network Technology Solutions, Inc. (U.S.A.)
- NH&A (U.S.A.)
- NovaTech Internet Security (Australia)
- Pacificnet Internet Services (U.S.A.)
- Pangeia Informatica LTDA (Brazil)
- Pentex Net, Inc. (U.S.A.)
- Predictive Systems (U.S.A.)
- PSINet Consulting Solutions (Worldwide)
- R.C. Consulting, Inc. (Canada)
- Rainbow Technologies, Spectra Division (U.S.A.)
- Ritter Software Engineering (U.S.A.)
- Saffire Systems (U.S.A.)
- SAGUS Security, Inc. (Canada)
- Schlumberger Network Solutions (U.S.A.)
- SecTek, Inc. (U.S.A.)
- Security First Technologies, Inc. (U.S.A.)
- Security Sciences (Europe, Middle East, North America, Africa)
- Siam Relay Ltd. (Thailand)
- http://Slmsoft.com (Canada)
- SmallWorks, Inc. (U.S.A.)
- STRATESEC, Inc. (U.S.A., WorldWide)
- Sword & Shield Enterprise Security, Inc. (U.S.A.)
- Symantec Security Services (Worldwide)
- Sysman Computers (P) Ltd. (India)
- Sytex, Inc. (U.S.A.)
- http://tec-gate.com (U.S.A.)
- Triumph Technologies, Inc. (U.S.A.)
- Utimaco SafeWare AG(Worldwide)
- Verio (U.S.A.)
- Visionary Corporate Computing Concepts (U.S.A.)
- http://VoteHere.net (U.S.A.)
- WatchGuard Technologies, Inc. (U.S.A.)
- WorldCom (U.K.)
-
The Listings
- E. Vendor Information and Security Standards
- F. What's on the CD-ROM
-
G. Security Glossary
Product information
- Title: Maximum Security, Third Edition
- Author(s):
- Release date: May 2001
- Publisher(s): Que
- ISBN: 9780672318719
You might also like
book
Hands-on Guide to the Red Hat Exams: RHSCA and RHCE Cert Guide and Lab Manual
This certification guide to the Red Hat RHCSA (EX200) and RHCE (EX300) exams gives candidates all …
book
Security Strategies in Windows Platforms and Applications, 3rd Edition
Revised and updated to keep pace with this ever changing field, Security Strategies in Windows Platforms …
book
Security Power Tools
What if you could sit down with some of the most talented security engineers in the …
book
Linux Firewalls
System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every …