Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Help

Syngress


41. 

The Hacker's Guide to OS X

The Hacker's Guide to OS X

By: Robert Bathurst; Russ Rogers; Alijohn Ghassemlouei

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Written by two experienced penetration testers the material presented discusses the basics of the OS X environment and its vulnerabilities. Including but limited to; application porting, virtualization utilization and offensive tactics at the kernel, OS and wireless level. This book provides a comprehensive in-depth guide to exploiting and compromising the OS X platform while offering the necessary defense and countermeasure techniques that can be used to stop hackers As a resource to the reader, the companion website will provide links from the authors, commentary and updates. ...

42. 

Advanced Persistent Threat

Advanced Persistent Threat

By: Eric Cole

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

The newest threat to security has been categorized as the Advanced Persistent Threat or APT. The APT bypasses most of an organization’s current security devices, and is typically carried out by an organized group, such as a foreign nation state or rogue group with both the capability and the intent to persistently and effectively target a specific entity and wreak havoc. Most organizations do not understand how to deal with it and what is needed to protect their network from compromise. In Advanced Persistent Threat: Understanding the Danger and How to Protect your Organization Eric...

43. 

PCI Compliance, 3rd Edition

PCI Compliance, 3rd Edition

By: Branden R. Williams; Anton Chuvakin

Publisher: Syngress

Publication Date: 01-SEP-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting...

44. 

UTM Security with Fortinet

UTM Security with Fortinet

By: Kenneth Tam; Martín H. Hoz Salvador; Ken McAlpine; Rick Basile; Bruce Matsugu; Josh More

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Traditionally, network security (firewalls to block unauthorized users, Intrusion Prevention Systems (IPS) to keep attackers out, Web filters to avoid misuse of Internet browsing, and antivirus software to block malicious programs) required separate boxes with increased cost and complexity. Unified Threat Management (UTM) makes network security less complex, cheaper, and more effective by consolidating all these components. This book explains the advantages of using UTM and how it works, presents best practices on deployment, and is a hands-on, step-by-step guide to deploying Fortinet's...

45. 

Data Hiding

Data Hiding

By: Michael T. Raggo; Chet Hosmer

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

As data hiding detection and forensic techniques have matured, people are creating more advanced stealth methods for spying, corporate espionage, terrorism, and cyber warfare all to avoid detection. Data Hiding provides an exploration into the present day and next generation of tools and techniques used in covert communications, advanced malware methods and data concealment tactics. The hiding techniques outlined include the latest technologies including mobile devices, multimedia, virtualization and others. These concepts provide corporate, goverment and military personnel with the...

46. 

Blackhatonomics

Blackhatonomics

By: Will Gragido; Daniel Molina; John Pirc; Nick Selby

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Blackhatonomics explains the basic economic truths of the underworld of hacking, and why people devote hours to develop malware around the world. The root cause analysis of the monetization of cybersecurity in the inner circle of cybercrime is analyzed from the impact of multiple. Written by an exceptional author team, they take practical academic principles back them up with use cases and extensive interviews, placing you right into the mindset of the cyber criminal. Historical perspectives of the development of malware as it evolved into a viable economic endeavour ...

47. 

Federal Cloud Computing

Federal Cloud Computing

By: Matthew Metheny

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization...

48. 

Information Security Risk Assessment Toolkit

Information Security Risk Assessment Toolkit

By: Mark Talabis; Jason Martin

Publisher: Syngress

Publication Date: 17-OCT-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments.  Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored.   Information Security...

49. 

Augmented Reality

Augmented Reality

By: Greg Kipper; Joseph Rampolla

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

With the explosive growth in mobile phone usage and rapid rise in search engine technologies over the last decade, augmented reality (AR) is poised to be one of this decade's most disruptive technologies, as the information that is constantly flowing around us is brought into view, in real-time, through augmented reality. In this cutting-edge book, the authors outline and discuss never-before-published information about augmented reality and its capabilities. With coverage of mobile, desktop, developers, security, challenges, and gaming, this book gives you a comprehensive understanding...

50. 

Wireless Reconnaissance in Penetration Testing

Wireless Reconnaissance in Penetration Testing

By: Matthew Neely; Alex Hamerstone; Chris Sanyk

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

In many penetration tests, there is a lot of useful information to be gathered from the radios used by organizations. These radios can include two-way radios used by guards, wireless headsets, cordless phones and wireless cameras. Wireless Reconnaissance in Penetration Testing  describes the many ways that a penetration tester can gather and apply the information available from radio traffic. Stopping attacks means thinking like an attacker, and understanding all the ways that attackers gather information, or in industry terms profile, specific targets. With information from what...

51. 

FISMA and the Risk Management Framework

FISMA and the Risk Management Framework

By: Stephen D. Gantz; Daniel R. Philpott

Publisher: Syngress

Publication Date: 12-JUN-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

If you are responsible for meeting federal information security requirements such as FISMA, this book is all you need to know to get a system authorized. Now in the first full revision of FISMA since its inception in 2002, a new wave of stronger security measures are now available through the efforts of the Department of Defense, Office of the Directory of National Intelligence, Committee for National Security Systems and the National Institute of Standards and Technology. Based on the new FISMA requirements for 2011 and beyond, this book catalogs the processes, procedures and specific...

52. 

Logging and Log Management

Logging and Log Management

By: Anton Chuvakin; Kevin Schmidt; Chris Phillips

Publisher: Syngress

Publication Date: 31-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Effectively analyzing large volumes of diverse logs can pose many challenges. Logging and Log Management helps to simplify this complex process using practical guidance and real-world examples. Packed with information you need to know for system, network and security logging. Log management and log analysis methods are covered in detail, including approaches to creating useful logs on systems and applications, log searching and log review. Comprehensive coverage of log management including analysis, visualization, reporting and more Includes information on different uses for logs...

53. 

Client Side Attacks and Defense

Client Side Attacks and Defense

By: Sean-Philip Oriyano; Robert Shimonski

Publisher: Syngress

Publication Date: 28-SEP-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Individuals wishing to attack a company’s network have found a new path of least resistance-the end user. A client- side attack is one that uses the inexperience of the end user to create a foothold in the user’s machine and therefore the network. Client-side attacks are everywhere and hidden in plain sight. Common hiding places are malicious Web sites and spam. A simple click of a link will allow the attacker to enter. This book presents a framework for defending your network against these attacks in an environment where it might seem impossible. The most current attacks are discussed...

54. 

Cybercrime Investigative Case Management

Cybercrime Investigative Case Management

By: Brett Brett Shavers

Publisher: Syngress

Publication Date: 17-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Investigative Case Management is a "first look" excerpted from Brett Shavers' new Syngress book, Placing the Suspect Behind the Keyboard. Investigative case management is more than just organizing your case files. It includes the analysis of all evidence collected through digital examinations, interviews, surveillance, and other data sources. In order to place a suspect behind any keyboard, supporting evidence needs to be collected and attributed to a person. This first look provides you with traditional and innovative methods of data analysis to identify and eliminate suspects...

55. 

Cybercrime Investigation Case Studies

Cybercrime Investigation Case Studies

By: Brett Brett Shavers

Publisher: Syngress

Publication Date: 17-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Cybercrime Investigation Case Studies is a "first look" excerpt from Brett Shavers' new Syngress book, Placing the Suspect Behind the Keyboard. Case studies are an effective method of learning the methods and processes that were both successful and unsuccessful in real cases. Using a variety of case types, including civil and criminal cases, with different cybercrimes, a broad base of knowledge can be gained by comparing the cases against each other. The primary goal of reviewing successful cases involving suspects using technology to facilitate crimes is to be able to find and use...

56. 

Cybercrime Case Presentation

Cybercrime Case Presentation

By: Brett Brett Shavers

Publisher: Syngress

Publication Date: 17-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Cybercrime Case Presentation is a "first look" excerpt from Brett Shavers' new Syngress book, Placing the Suspect Behind the Keyboard. Case presentation requires the skills of a good forensic examiner and great public speaker in order to convey enough information to an audience for the audience to place the suspect behind the keyboard. Using a variety of visual aids, demonstrative methods, and analogies, investigators can effectively create an environment where the audience fully understands complex technical information and activity in a chronological fashion, as if they observed...

57. 

Federated Identity Primer

Federated Identity Primer

By: Derrick Derrick Rountree

Publisher: Syngress

Publication Date: 10-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

Identity authentication and authorization are integral tasks in today's digital world. As businesses become more technologically integrated and consumers use more web services, the questions of identity security and accessibility are becoming more prevalent. Federated identity links user credentials across multiple systems and services, altering both the utility and security landscape of both. In Federated Identity Primer , Derrick Rountree Explains the concepts of digital identity Describes the technology behind and implementation of federated identity systems Helps you...

58. 

The Basics of Cyber Warfare

The Basics of Cyber Warfare

By: Steve Winterfeld; Jason Andress

Publisher: Syngress

Publication Date: 28-DEC-2012

Insert Date: 22-JAN-2013

Slots: 1.0

Table of Contents • Start Reading

As part of the Syngress Basics series, The Basics of Cyber Warfare provides readers with fundamental knowledge of cyber warfare in both theoretical and practical aspects. This book explores the battlefields, participants and the tools and techniques used during today's digital conflicts. The Basics of Cyber Warfare teaches readers the principles of cyber warfare, including military doctrine, cyber doctrine, and both offensive and defensive tactics and procedures. Readers learn the basics of how to defend against: • Espionage • Hactivism • Insider threats • State-sponsored...

59. 

Violent Python

Violent Python

By: TJ TJ O'Connor

Publisher: Syngress

Publication Date: 28-DEC-2012

Insert Date: 15-DEC-2012

Slots: 1.0

Table of Contents • Start Reading

Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker’s tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to...

60. 

Physical and Logical Security Convergence: Powered By Enterprise Security Management

Physical and Logical Security Convergence: Powered By Enterprise Security Management

By: William P Crowell; Brian T Contos; Colby DeRodeff; Dan Dunkel; Eric Cole

Publisher: Syngress

Publication Date: 13-APR-2007

Insert Date: 20-SEP-2012

Slots: 1.0

Table of Contents • Start Reading

Government and companies have already invested hundreds of millions of dollars in the convergence of physical and logical security solutions, but there are no books on the topic. This book begins with an overall explanation of information security, physical security, and why approaching these two different types of security in one way (called convergence) is so critical in today’s changing security landscape. It then details enterprise security management as it relates to incident detection and incident management. This is followed by detailed examples of implementation, taking the...