Evifa-Portal

1

Online Resource

Software security engineering : a guide for project managers (2008)

Allen, Julia H [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321559685 , 0321559681

Language: English

Pages: xxvi, 315 p , ill.

Parallel Title: Erscheint auch als

Keywords: Computer security ; Software engineering ; Computer networks ; Security measures ; Electronic books ; local

Abstract: "This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle." -Steve Riley, senior security strategist, Microsoft Corporation "There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one." -Ronda Henning, senior scientist-software/security queen, Harris Corporation Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation. Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book's expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and to define what is "good enough"-understanding that software security risks will change throughout the SDLC Project managers and software engineers need to learn to think like an attacker in order to address the range of function...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780321559685/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

2

Online Resource

Apache cookbook (2008)

Coar, Ken A. L [VerfasserIn] ; Bowen, Richard Cooper [MitwirkendeR]

Farnham : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780596529949 , 0596529945

Language: English

Pages: xviii, 285 p , ill. , 24 cm

Edition: 2nd ed.

Keywords: Apache (Computer file) ; Web servers ; Computer programs ; Computer networks ; Security measures ; Electronic books ; local

Abstract: There's plenty of documentation on installing and configuring the Apache web server, but where do you find help for the day-to-day stuff, like adding common modules or fine-tuning your activity logging? That's easy. The new edition of the Apache Cookbook offers you updated solutions to the problems you're likely to encounter with the new versions of Apache. Written by members of the Apache Software Foundation, and thoroughly revised for Apache versions 2.0 and 2.2, recipes in this book range from simple tasks, such installing the server on Red Hat Linux or Windows, to more complex tasks, such as setting up name-based virtual hosts or securing and managing your proxy server. Altogether, you get more than 200 timesaving recipes for solving a crisis or other deadline conundrums, with topics including: Security Aliases, Redirecting, and Rewriting CGI Scripts, the suexec Wrapper, and other dynamic content techniques Error Handling SSL Performance This book tackles everything from beginner problems to those faced by experienced users. For every problem addressed in the book, you will find a worked-out solution that includes short, focused pieces of code you can use immediately. You also get explanations of how and why the code works, so you can adapt the problem-solving techniques to similar situations. Instead of poking around mailing lists, online documentation, and other sources, rely on the Apache Cookbook for quick solutions when you need them. Then you can spend your time and energy where it matters most.

Note: Previous ed.: 2004. - Includes index

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

3

Online Resource

Ajax security (2008)

Hoffman, Billy [VerfasserIn] 1980- ; Sullivan, Bryan [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321491930 , 0321491939

Language: English

Pages: xxvi, 470 p , ill. , 24 cm

Keywords: Ajax (Web site development technology) ; Computer networks ; Security measures ; Computer security ; Electronic books ; local

Abstract: The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren't designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that's been virtually impossible to find, until now . Ajax Security systematically debunks today's most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace's Samy worm to MacWorld's conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You'll learn how to: · Mitigate unique risks associated with Ajax, including overly granular Web services, application control flow tampering, and manipulation of program logic · Write new Ajax code more safely-and identify and fix flaws in existing code · Prevent emerging Ajax-specific attacks, including JavaScript hijacking and persistent storage theft · Avoid attacks based on XSS and SQL Injection-including a dangerous SQL Injection variant that can extract an entire backend database with just two requests · Leverage security built into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions-and recognize what you still must implement on your own · Create more secure "mashup" applications Ajax Security will be an indispensable resource for developers coding or maintaining Ajax applications; architects and development managers planning or designing new Ajax software, and all software security professionals, from QA specialists to penetration testers.

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780321491930/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

4

Online Resource

Hacking : the art of exploitation (2008)

Erickson, Jon [VerfasserIn] 1977-

San Francisco, Calif. : No Starch Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9781593271442 , 1593271441

Language: English

Pages: x, 472 p , ill. , 23 cm. +

Edition: 2nd ed.

DDC: 005.8

RVK:

ST 277

Keywords: Computer security ; Computer hackers ; Computer networks ; Security measures ; Electronic books ; local

Abstract: Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to: Program computers using C, assembly language, and shell scripts Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening Outsmart common security measures like nonexecutable stacks and intrusion detection systems Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence Redirect network traffic, conceal open ports, and hijack TCP connections Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Note: Includes bibliographical references and index

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

5

Online Resource

End-to-end network security : defense-in-depth (2007)

Santos, Omar [VerfasserIn]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9781587053320 , 1587053322

Language: English

Keywords: Computer networks ; Security measures ; Electronic books ; local

Abstract: End-to-End Network Security Defense-in-Depth Best practices for assessing and improving network defenses and responding to security incidents Omar Santos Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity-all blurring the boundaries between the network and perimeter. End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds. End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters. Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks. "Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies." -Bruce Murphy, Vice President, World Wide Security Practices, Cisco Omar Santos is a senior network security engineer at Cisco®. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizatio...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9781587053320/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

6

Online Resource

Cisco NAC appliance : enforcing host security with clean access (2007)

Heary, Jamey [VerfasserIn]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9781587053061 , 1587053063

Language: English

Keywords: Computer networks ; Security measures ; Computers ; Access control ; Electronic books ; local

Abstract: Cisco NAC Appliance Enforcing Host Security with Clean Access Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance Jamey Heary, CCIE® No. 7680 Contributing authors: Jerry Lin, CCIE No. 6469, Chad Sullivan, CCIE No. 6493, and Alok Agrawal With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past. Cisco® Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy. Jamey Heary, CCIE® No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP®, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. Understand why network attacks and intellectual property losses can originate from internal network hosts Examine different NAC Appliance design options Build host security policies and assign the appropriate network access privileges for various user roles Streamline ...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9781587053061/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

7

Online Resource

Cisco ASA, PIX, and FWSM firewall handbook (2007)

Hucaby, Dave [VerfasserIn]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9781587054570 , 1587054574

Language: English

Edition: 2nd ed.

Keywords: Computer networks ; Security measures ; Firewalls (Computer security) ; Electronic books ; local

Abstract: Cisco ASA, PIX, and FWSM Firewall Handbook , Second Edition, is a guide for the most commonly implemented features of the popular Cisco® firewall security solutions. Fully updated to cover the latest firewall releases, this book helps you to quickly and easily configure, integrate, and manage the entire suite of Cisco firewall products, including ASA, PIX®, and the Catalyst® Firewall Services Module (FWSM). Organized by families of features, this book helps you get up to speed quickly and efficiently on topics such as file management, building connectivity, controlling access, firewall management, increasing availability with failover, load balancing, logging, and verifying operation. Sections are marked by shaded tabs for quick reference, and information on each feature is presented in a concise format, with background, configuration, and example components. Whether you are looking for an introduction to the latest ASA, PIX, and FWSM devices or a complete reference for making the most out of your Cisco firewall deployments, Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition, helps you achieve maximum protection of your network resources. "Many books on network security and firewalls settle for a discussion focused primarily on concepts and theory. This book, however, goes well beyond these topics. It covers in tremendous detail the information every network and security administrator needs to know when configuring and managing market-leading firewall products from Cisco." -Jason Nolet, Vice President of Engineering, Security Technology Group, Cisco David Hucaby, CCIE® No. 4594, is a lead network engineer for the University of Kentucky, where he works with health-care networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. He was one of the beta reviewers of the ASA 8.0 operating system software. Learn about the various firewall models, user interfaces, feature sets, and configuration methods Understand how a Cisco firewall inspects traffic Configure firewall interfaces, routing, IP addressing services, and IP multicast support Maintain security contexts and flash and configuration files, manage users, and monitor firewalls with SNMP Authenticate, authorize, and maintain accounting records for firewall users Control access through the firewall by implementing transparent and routed firewall modes, address translation, and traffic shunning Define security policies that identify and act on various types of traffic with th...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9781587054570/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

8

Online Resource

Cisco firewall technology (2007)

Mason, Andrew [VerfasserIn]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 1587053292 , 9781587053290

Language: English

Keywords: Computer networks ; Security measures ; Firewalls (Computer security) ; Electronic books ; local

Abstract: Cisco Firewall Technologies (Digital Short Cut) Andrew Mason ISBN-10: 1-58705-329-2 ISBN-13: 978-1-58705-329-0 Cisco Firewall Technologies provides you with a no-nonsense, easy-to-read guide to different types of firewall technologies along with information on how these technologies are represented in the Cisco® firewall product family. The main Cisco products covered are the IOS® Firewall, the PIX® Firewall, and the ASA. The majority of focus for the Short Cut will be on the ASA and emphasis will be placed upon the latest functionality released in version 7.2. The Short Cut also provides a walkthrough for configuring the ASA using the Adaptive Security Device Manager (ASDM), the GUI management and configuration tool provided with the ASA. The Short Cut presents you with the background information and product knowledge to make qualified decisions about the type of firewall technology that best fits your working environment. This is a Cisco technology focused Short Cut, so the emphasis will be solely on Cisco firewall products. Table of Contents: Chapter 1: Firewall Technologies Chapter 2: Cisco Firewall Technologies Chapter 3: Advancements in the ASA About the Author: Andrew Mason, CCIE® No. 7144, is a networking and security consultant based in the UK. He holds various industry certifications including CCIE, CISSP, and CEH. Andrew has 15 years experience in the IT industry, working in Internet security for the past several. He is involved daily in the design and implementation of security deployments for numerous clients based upon Cisco technology. About the Technical Editor: David Hucaby, CCIE No. 4594, is a lead network engineer for the University of Kentucky, where he works with healthcare networks based on the Cisco Catalyst®, ASA/PIX/FWSM security, and VPN product lines. David was one of the beta reviewers of the PIX Firewall 7.0 operating system software. David has a B.S. and M.S. in electrical engineering from the University of Kentucky and has worked in the IT field for 19 years. He lives in Kentucky with his wife Marci and two daughters.

URL: https://learning.oreilly.com/library/view/-/9781587053290/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

9

Online Resource

Network security assessment (2007)

McNab, Chris [VerfasserIn] 1980-

Sebastopol, Calif. : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780596510305 , 0596510306

Language: English

Edition: 2nd ed.

Keywords: Computer networks ; Security measures ; Electronic books ; local

Abstract: How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, military, and commercial networks. With this book, you can adopt, refine, and reuse this testing model to design and deploy networks that are hardened and immune from attack. Network Security Assessment demonstrates how a determined attacker scours Internet-based networks in search of vulnerable components, from the network to the application level. This new edition is up-to-date on the latest hacking techniques, but rather than focus on individual issues, it looks at the bigger picture by grouping and analyzing threats at a high-level. By grouping threats in this way, you learn to create defensive strategies against entire attack categories, providing protection now and into the future. Network Security Assessment helps you assess: Web services, including Microsoft IIS, Apache, Tomcat, and subsystems such as OpenSSL, Microsoft FrontPage, and Outlook Web Access (OWA) Web application technologies, including ASP, JSP, PHP, middleware, and backend databases such as MySQL, Oracle, and Microsoft SQL Server Microsoft Windows networking components, including RPC, NetBIOS, and CIFS services SMTP, POP3, and IMAP email services IP services that provide secure inbound network access, including IPsec, Microsoft PPTP, and SSL VPNs Unix RPC services on Linux, Solaris, IRIX, and other platforms Various types of application-level vulnerabilities that hacker tools and scripts exploit Assessment is the first step any organization should take to start managing information risks correctly. With techniques to identify and assess risks in line with CESG CHECK and NSA IAM government standards, Network Security Assessment gives you a precise method to do just that.

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780596510305/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

10

Online Resource

Hacking for dummies (2007)

Beaver, Kevin [VerfasserIn]

Hoboken, N.J. : Wiley Pub. | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780470052358 , 047005235X

Language: English

Pages: xx, 388 p , ill. , 24 cm

Edition: 2nd ed.

Keywords: Computer security ; Computer networks ; Security measures ; Computer hackers ; Electronic books ; local

Abstract: Are you worried about external hackers and rogue insiders breaking into your systems? Whether it's social engineering, network infrastructure attacks, or application hacking, security breaches in your systems can devastate your business or personal life. In order to counter these cyber bad guys, you must become a hacker yourself-an ethical hacker. Hacking for Dummies shows you just how vulnerable your systems are to attackers. It shows you how to find your weak spots and perform penetration and other security tests. With the information found in this handy, straightforward book, you will be able to develop a plan to keep your information safe and sound. You'll discover how to: Work ethically, respect privacy, and save your system from crashing Develop a hacking plan Treat social engineers and preserve their honesty Counter war dialing and scan infrastructures Understand the vulnerabilities of Windows, Linux, and Novell NetWare Prevent breaches in messaging systems, web applications, and databases Report your results and managing security changes Avoid deadly mistakes Get management involved with defending your systems As we enter into the digital era, protecting your systems and your company has never been more important. Don't let skepticism delay your decisions and put your security at risk. With Hacking For Dummies , you can strengthen your defenses and prevent attacks from every angle!

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780470052358/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

11

Online Resource

Security power tools (2007)

Burns, Bryan [MitwirkendeR]

Sebastopol, Calif. : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780596009632 , 0596009631

Language: English

Keywords: Computer networks ; Security measures ; Computer security ; Electronic books ; local

Abstract: What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms. Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits. Security Power Tools details best practices for: Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools .

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780596009632/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

12

Online Resource

The craft of system security (2007)

Smith, Sean W. [VerfasserIn] 1964- ; Marchesini, John [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321434838 , 0321434838

Language: English

Keywords: Computer security ; System design ; Computer networks ; Security measures ; Electronic books ; local

Abstract: "I believe The Craft of System Security is one of the best software security books on the market today. It has not only breadth, but depth, covering topics ranging from cryptography, networking, and operating systems--to the Web, computer-human interaction, and how to improve the security of software systems by improving hardware. Bottom line, this book should be required reading for all who plan to call themselves security practitioners, and an invaluable part of every university's computer science curriculum." --Edward Bonver, CISSP, Senior Software QA Engineer, Product Security, Symantec Corporation "Here's to a fun, exciting read: a unique book chock-full of practical examples of the uses and the misuses of computer security. I expect that it will motivate a good number of college students to want to learn more about the field, at the same time that it will satisfy the more experienced professional." --L. Felipe Perrone, Department of Computer Science, Bucknell University Whether you're a security practitioner, developer, manager, or administrator, this book will give you the deep understanding necessary to meet today's security challenges--and anticipate tomorrow's. Unlike most books, The Craft of System Security doesn't just review the modern security practitioner's toolkit: It explains why each tool exists, and discusses how to use it to solve real problems. After quickly reviewing the history of computer security, the authors move on to discuss the modern landscape, showing how security challenges and responses have evolved, and offering a coherent framework for understanding today's systems and vulnerabilities. Next, they systematically introduce the basic building blocks for securing contemporary systems, apply those building blocks to today's applications, and consider important emerging trends such as hardware-based security. After reading this book, you will be able to Understand the classic Orange Book approach to security, and its limitations Use operating system security tools and structures--with examples from Windows, Linux, BSD, and Solaris Learn how networking, the Web, and wireless technologies affect security Identify software security defects, from buffer overflows to development process flaws Understand cryptographic primitives and their use in secure systems Use best practice techniques for authenticating people and computer systems in diverse settings Use validation, standards, and testing to enhance confidence in a s...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780321434838/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

13

Online Resource

Exploiting online games : cheating massively distributed systems (2007)

Hoglund, Greg [VerfasserIn] ; McGraw, Gary [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780132271912 , 0132271915

Language: English

Keywords: Computer networks ; Security measures ; Electronic books ; local

Abstract: "Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first. "The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys." --Aviel D. Rubin, Ph.D. Professor, Computer Science Technical Director, Information Security Institute Johns Hopkins University "Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be." --Cade Metz Senior Editor PC Magazine "If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge." --Edward W. Felten, Ph.D. Professor of Computer Science and Public Affairs Director, Center for Information Technology Policy Princeton University "Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional. "Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge." ...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780132271912/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

14

Online Resource

Security monitoring with Cisco security MARS (2007)

Halleen, Gary [VerfasserIn] ; Kellogg, Greg [MitwirkendeR]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9781587052705 , 1587052709

Language: English

Keywords: Computer networks ; Security measures ; Computer security ; Evaluation ; Electronic books ; local

Abstract: Security Monitoring with Cisco Security MARS Threat mitigation system deployment Gary Halleen Greg Kellogg Networks and hosts are probed hundreds or thousands of times a day in an attempt to discover vulnerabilities. An even greater number of automated attacks from worms and viruses stress the same devices. The sheer volume of log messages or events generated by these attacks and probes, combined with the complexity of an analyst needing to use multiple monitoring tools, often makes it impossible to adequately investigate what is happening. Cisco® Security Monitoring, Analysis, and Response System (MARS) is a next-generation Security Threat Mitigation system (STM). Cisco Security MARS receives raw network and security data and performs correlation and investigation of host and network information to provide you with actionable intelligence. This easy-to-use family of threat mitigation appliances enables you to centralize, detect, mitigate, and report on priority threats by leveraging the network and security devices already deployed in a network, even if the devices are from multiple vendors. Security Monitoring with Cisco Security MARS helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face. Additionally, this book teaches you how to use the advanced features of the product, such as the custom parser, Network Admission Control (NAC), and global controller operations. Through the use of real-world deployment examples, this book leads you through all the steps necessary for proper design and sizing, installation and troubleshooting, forensic analysis of security events, report creation and archiving, and integration of the appliance with Cisco and third-party vulnerability assessment tools. "In many modern enterprise networks, Security Information Management tools are crucial in helping to manage, analyze, and correlate a mountain of event data. Greg Kellogg and Gary Halleen have distilled an immense amount of extremely valuable knowledge in these pages. By relying on the wisdom of Kellogg and Halleen embedded in this book, you will vastly improve your MARS deployment." -Ed Skoudis, Vice President of Security Strategy, Predictive Systems Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems as well as remote-access and routing/switching technology. Gary is a CISSP and ISSAP. His diligence was responsible for the first successful comput...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9781587052705/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

15

Online Resource

Endpoint security (2007)

Kadrich, Mark [VerfasserIn]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321436955 , 0321436954

Language: English

Keywords: Computer networks ; Security measures ; Computer security ; Electronic books ; local

Abstract: A Comprehensive, Proven Approach to Securing All Your Network Endpoints! Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough strategy to protecting all your endpoint devices, from desktops and notebooks to PDAs and cellphones. Drawing on powerful process control techniques, Kadrich shows how to systematically prevent and eliminate network contamination and infestation, safeguard endpoints against today's newest threats, and prepare yourself for tomorrow's attacks. As part of his end-to-end strategy, he shows how to utilize technical innovations ranging from network admission control to "trusted computing." Unlike traditional "one-size-fits-all" solutions, Kadrich's approach reflects the unique features of every endpoint, from its applications to its environment. Kadrich presents specific, customized strategies for Windows PCs, notebooks, Unix/Linux workstations, Macs, PDAs, smartphones, cellphones, embedded devices, and more. You'll learn how to: • Recognize dangerous limitations in conventional endpoint security strategies • Identify the best products, tools, and processes to secure your specific devices and infrastructure • Configure new endpoints securely and reconfigure existing endpoints to optimize security • Rapidly identify and remediate compromised endpoint devices • Systematically defend against new endpoint-focused malware and viruses • Improve security at the point of integration between endpoints and your network Whether you're a security engineer, consultant, administrator, architect, manager, or CSO, this book delivers what you've been searching for: a comprehensive endpoint security strategy that works. Mark Kadrich is President and CEO of The Security Consortium, which performs in-depth testing and evaluation of security products and vendors. As Senior Scientist for Sygate Technologies, he was responsible for developing corporate policies, understanding security trends, managing government certification programs, and evangelization. After Symantec acquired Sygate, Kadrich became Symantec's Senior Manager of Network and Endpoint Security. His 20 years' IT security experience encompasses systems level design, policy generation, endpoint security, risk management, and other key issues. Foreword Preface About the Author Chapter 1 Defini...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780321436955/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

16

Online Resource

Fuzzing : brute force vulnerabilty discovery (2007)

Sutton, Michael [VerfasserIn] 1973- ; Greene, Adam [MitwirkendeR] ; Amini, Pedram [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321446114 , 0321446119

Language: English

Keywords: Computer security ; Computer networks ; Security measures ; Computer software ; Development ; Electronic books ; local

Abstract: FUZZING Master One of Today's Most Powerful Techniques for Revealing Security Flaws! Fuzzing has evolved into one of today's most effective approaches to test software security. To "fuzz," you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers have relied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does. Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes: • Why fuzzing simplifies test design and catches flaws other methods miss • The fuzzing process: from identifying inputs to assessing "exploitability" • Understanding the requirements for effective fuzzing • Comparing mutation-based and generation-based fuzzers • Using and automating environment variable and argument fuzzing • Mastering in-memory fuzzing techniques • Constructing custom fuzzing frameworks and tools • Implementing intelligent fault detection Attackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software. Foreword xix Preface xxi Acknowledgments xxv About the Author xxvii P ARTI B ACKGROUND 1 Chapter 1 Vulnerability Discovery Methodologies 3 Chapter 2 What Is Fuzzing? 21 Chapter 3 Fuzzing Methods and Fuzzer Types 33 Chapter 4 Data Representation and Analysis 45 Chapter 5 Requirements for Effective Fuzzing 61 P ART II T ARGETS AND A UTOMATION 71 Chapter 6 Automation and Data Generation 73 Chapter 7 Environment Variable and Argument Fuzzing 89 Chapter 8 Environment Variable and Argument Fuzzing: Automation 103 Chapter 9 Web Application and Server Fuzzing 113 Chapter 10 Web Application and Server Fuzzing: Automation 137 Chapter 11 File Format Fuzzing 1...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780321446114/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

17

Online Resource

The art of software security assessment : identifying and preventing software vulnerabilities (2006)

Dowd, Mark [VerfasserIn] ; McDonald, John [MitwirkendeR] ; Schuh, Justin [MitwirkendeR]

Indianapolis, Ind. : Addison Wesley Professional | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0321444426 , 9780321444424

Language: English

Keywords: Computer security ; Computer software ; Development ; Computer networks ; Security measures ; Electronic books ; local

Abstract: "There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." - Halvar Flake, CEO and head of research, SABRE Security GmbH Note: This is now a 2 volume set which is shrink wrapped. The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications . Coverage includes • Code auditing: theory, practice, proven methodologies, and secrets of the trade • Bridging the gap between secure software design and post-implementation review • Performing architectural assessment: design review, threat modeling, and operational review • Identifying vulnerabilities related to memory management, data types, and malformed data • UNIX/Linux assessment: privileges, files, and processes • Windows-specific issues, including objects and the filesystem • Auditing interprocess communication, synchronization, and state • Evaluating network software: IP stacks, firewalls, and common application protocols • Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSU...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/0321444426/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

18

Online Resource

Cisco Network Admission Control (2006)

Helfrich, Denise [MitwirkendeR]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 1587052415 , 9781587052415

Language: English

Keywords: Computer networks ; Access control ; Computer networks ; Security measures ; Electronic books ; local

Abstract: Cisco Network Admission Control Volume I: NAC Framework Architecture and Design A guide to endpoint compliance enforcement Today, a variety of security challenges affect all businesses regardless of size and location. Companies face ongoing challenges with the fight against malware such as worms, viruses, and spyware. Today's mobile workforce attach numerous devices to the corporate network that are harder to control from a security policy perspective. These host devices are often lacking antivirus updates and operating system patches, thus exposing the entire network to infection. As a result, worms and viruses continue to disrupt business, causing downtime and continual patching. Noncompliant servers and desktops are far too common and are difficult to detect and contain. Locating and isolating infected computers is time consuming and resource intensive. Network Admission Control (NAC) uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. NAC allows network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of and even remediate noncompliant devices. Cisco Network Admission Control , Volume I, describes the NAC architecture and provides an in-depth technical description for each of the solution components. This book also provides design guidelines for enforcing network admission policies and describes how to handle NAC agentless hosts. As a technical primer, this book introduces you to the NAC Framework solution components and addresses the architecture behind NAC and the protocols that it follows so you can gain a complete understanding of its operation. Sample worksheets help you gather and organize requirements for designing a NAC solution. Denise Helfrich is a technical program sales engineer that develops and supports global online labs for the World Wide Sales Force Development at Cisco®. Lou Ronnau, CCIE® No. 1536, is a technical leader in the Applied Intelligence group of the Customer Assurance Security Practice at Cisco. Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco. Paul Forbes is a technical marketing engineer in the Office of the CTO, within the Security Technology Group at Cisco. Understand how the various NAC components work together to defend your network Learn how NAC operates and id...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/1587052415/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

19

Online Resource

SELinux by example : using security enhanced Linux (2006)

Mayer, Frank [VerfasserIn] 1961- ; MacMillan, Karl [MitwirkendeR] ; Caplan, David [MitwirkendeR]

Upper Saddle River, N.J. : Prentice Hall | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0131963694 , 9780131963696

Language: English

Keywords: Linux ; Operating systems (Computers) ; Computer networks ; Security measures ; Electronic books ; local

Abstract: SELinux: Bring World-Class Security to Any Linux Environment! SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel-and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions-it's easier than ever to take advantage of its benefits. SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies- including the powerful new Reference Policy -showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5. • Thoroughly understand SELinux's access control and security mechanisms • Use SELinux to construct secure systems from the ground up • Gain fine-grained control over kernel resources • Write policy statements for type enforcement, roles, users, and constraints • Use optional multilevel security to enforce information classification and manage users with diverse clearances • Create conditional policies that can be changed on-the-fly • Define, manage, and maintain SELinux security policies • Develop and write new SELinux security policy modules • Leverage emerging SELinux technologies to gain even greater flexibility • Effectively administer any SELinux system

Note: Includes index

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

20

Online Resource

Security threat mitigation and response : understanding Cisco security MARS (2006)

Tesch, Dale [VerfasserIn] ; Abelar, Greg [MitwirkendeR]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 1587052601 , 9781587052606

Language: English

Keywords: Computer networks ; Security measures ; Computer networks ; Access control ; Computer security ; Evaluation ; Electronic countermeasures ; Firewalls (Computer security) ; Internet ; Security measures ; Electronic books ; local

Abstract: Identify, manage, and counter security threats with the Cisco Security Monitoring, Analysis, and Response System Dale Tesch Greg Abelar While it is commonly understood that deploying network security devices is critical to the well-being of an organization's systems and data, all too often companies assume that simply having these devices is enough to maintain the integrity of network resources. To really provide effective protection for their networks, organizations need to take the next step by closely examining network infrastructure, host, application, and security events to determine if an attack has exploited devices on their networks. Cisco® Security Monitoring, Analysis, and Response System (Cisco Security MARS) complements network and security infrastructure investment by delivering a security command and control solution that is easy to deploy, easy to use, and cost-effective. Cisco Security MARS fortifies deployed network devices and security countermeasures, empowering you to readily identify, manage, and eliminate network attacks and maintain compliance. Security Threat Mitigation and Response helps you understand this powerful new security paradigm that reduces your security risks and helps you comply with new data privacy standards. This book clearly presents the advantages of moving from a security reporting system to an all-inclusive security and network threat recognition and mitigation system. You will learn how Cisco Security MARS works, what the potential return on investment is for deploying Cisco Security MARS, and how to set up and configure Cisco Security MARS in your network. "Dealing with gigantic amounts of disparate data is the next big challenge in computer security; if you're a Cisco Security MARS user, this book is what you've been looking for." -Marcus J. Ranum, Chief of Security, Tenable Security, Inc. Dale Tesch is a product sales specialist for the Cisco Security MARS product line for the Cisco Systems® United States AT Security team. Dale came to Cisco Systems through the acquisition of Protego Networks in February 2005. Since then, he has had the primary responsibilities of training the Cisco sales and engineering team on SIM systems and Cisco Security MARS and for providing advanced sales support to Cisco customers. Greg Abelar has been an employee of Cisco Systems since December 1996. He was an original member of the Cisco Technical Assistance Security team, helping to hire and train many of the team's e...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/1587052601/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

21

Online Resource

Deploying zone-based firewalls (2006)

Pepelnjak, Ivan [VerfasserIn]

Indianapolis, Ind. : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 1587053101 , 9781587053108

Language: English

Keywords: Computer networks ; Security measures ; Firewalls (Computer security) ; Electronic books ; local

Abstract: Deploying Zone-Based Firewalls (Digital Short Cut) Ivan Pepelnjak ISBN: 1-58705-310-1 Improved firewall policy configuration means network administrators can more easily understand the effect of firewall policies on network traffic. This functionality allows the grouping of physical and virtual interfaces into zones to simplify logical network topology. The creation of these zones enables the application of firewall policies on a zone-to-zone basis, instead of having to configure policies separately on each interface. With this functionality, configuration is easier to understand. Deploying Zone-Based Firewalls teaches you how to design and implement zone-based firewalls using new features introduced in Cisco IOS release 12.4T. This digital short cut, delivered in Adobe PDF format for quick and easy access, provides you with background information on IOS Firewall Stateful Inspection and Zone-based Policy Firewall configuration. The short cut then focuses on designing zone-based firewalls and deploying zone-based policies with the new Cisco IOS command-line interface (CLI). Common deployment scenarios are included to highlight proper use of this powerful Cisco IOS feature. Table of Contents: Chapter 1: Introduction to Zone-Based Firewalls Chapter 2: Typical Zone-Based Firewall Designs Chapter 3: Configuring Zone-Based Policy Firewalls in Cisco IOS Chapter 4: Case Study: Firewall with a Perimeter Network Chapter 5: Advanced Zone-Based Policy Firewall Configuration Chapter 6: Configuring Transparent Firewalls

URL: https://learning.oreilly.com/library/view/-/1587053101/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

22

Online Resource

Self-defending networks : the next generation of network security (2006)

De Capite, Duane [VerfasserIn]

Indianapolis, Ind : Cisco Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 1587052539 , 9781587052538

Language: English

Pages: 250 p , ill.

Keywords: Computer networks ; Security measures ; Electronic books ; local

Abstract: Protect your network with self-regulating network security solutions that combat both internal and external threats. Provides an overview of the security components used to design proactive network security Helps network security professionals understand what the latest tools and techniques can do and how they interact Presents detailed information on how to use integrated management to increase security Includes a design guide with step-by-step implementation instructions Self-Defending Networks: The Next Generation of Network Security helps networking professionals understand how to deploy an end-to-end, integrated network security solution. It presents a clear view of the various components that can be used throughout the network to not only monitor traffic but to allow the network itself to become more proactive in preventing and mitigating network attacks. This security primer provides unique insight into the entire range of Cisco security solutions, showing what each element is capable of doing and how all of the pieces work together to form an end-to-end Self-Defending Network. While other books tend to focus on individual security components, providing in-depth configuration guidelines for various devices and technologies, Self-Defending Networks instead presents a high-level overview of the entire range of technologies and techniques that comprise the latest thinking in proactive network security defenses. This book arms network security professionals with the latest information on the comprehensive suite of Cisco security tools and techniques. Network Admission Control, Network Infection Containment, Dynamic Attack Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated Security Management are all covered, providing the most complete overview of various security systems. It focuses on leveraging integrated management, rather than including a device-by-device manual to implement self-defending networks.

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/1587052539/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

23

Online Resource

Network security hacks (2006)

Lockhart, Andrew [VerfasserIn]

Sebastopol, Calif. : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0596527632 , 9780596527631

Language: English

Edition: 2nd ed.

Keywords: Computer networks ; Security measures ; Internet ; Security measures ; Computer security ; Electronic books ; local

Abstract: In the fast-moving world of computers, things are always changing. Since the first edition of this strong-selling book appeared two years ago, network security techniques and tools have evolved rapidly to meet new and more sophisticated threats that pop up with alarming regularity. The second edition offers both new and thoroughly updated hacks for Linux, Windows, OpenBSD, and Mac OS X servers that not only enable readers to secure TCP/IP-based services, but helps them implement a good deal of clever host-based security techniques as well. This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending and incident response. In fact, this "roll up your sleeves and get busy" security book features updated tips, tricks & techniques across the board to ensure that it provides the most current information for all of the major server software packages. These hacks are quick, clever, and devilishly effective.

Note: Includes index. - "Tips & tools for protecting your privacy"--Cover

URL: https://learning.oreilly.com/library/view/-/0596527632/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

24

Online Resource

Hunting security bugs (2006)

Gallagher, Tom [VerfasserIn] ; Jeffries, Bryan [MitwirkendeR] ; Landauer, Lawrence [MitwirkendeR]

Redmond, Wash. : Microsoft Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 073562187X , 9780735621879

Language: English

Keywords: Computer security ; Computer software ; Testing ; Computer networks ; Security measures ; Electronic books ; local

Abstract: Learn how to think like an attacker-and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released. Discover how to: Identify high-risk entry points and create test cases Test clients and servers for malicious request/response bugs Use black box and white box approaches to help reveal security vulnerabilities Uncover spoofing issues, including identity and user interface spoofing Detect bugs that can take advantage of your program's logic, such as SQL injection Test for XML, SOAP, and Web services vulnerabilities Recognize information disclosure and weak permissions issues Identify where attackers can directly manipulate memory Test with alternate data representations to uncover canonicalization issues Expose COM and ActiveX repurposing attacks PLUS-Get code samples and debugging tools on the Web

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/073562187X/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

25

Online Resource

Counter hack reloaded : a step-by-step guide to computer attacks and effective defenses (2005)

Skoudis, Ed [VerfasserIn] ; Liston, Tom [MitwirkendeR]

Upper Saddle River, N.J. : Prentice Hall Professional Technical Reference | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780131481046 , 0131481045

Language: English

Edition: 2nd ed.

Keywords: Computer networks ; Security measures ; Data protection ; Electronic books ; local

Abstract: "I finally get it! I used to hear words like rootkit, buffer overflow, and idle scanning, and they just didn't make any sense. I asked other people and they didn't seem to know how these things work, or at least they couldn't explain them in a way that I could understand. Counter Hack Reloaded is the clearest explanation of these tools I have ever seen. Thank you!" -Stephen Northcutt, CEO, SANS Institute "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." -Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "Ed Skoudis is a rare individual. He knows the innards of all the various systems, knows all the latest exploits and defenses, and yet is able to explain everything at just the right level. The first edition of Counter Hack was a fascinating read. It's technically intriguing and very clear. . . . A book on vulnerabilities, though, will get out of date, and so we definitely needed this updated and significantly rewritten second edition. This book is a wonderful overview of the field." -From the Foreword by Radia Perlman, series editor, The Radia Perlman Series in Computer Networking and Security; author of Interconnections ; and coauthor of Network Security: Private Communications in a Public World "What a great partnership! Ed Skoudis and Tom Liston share an uncanny talent for explaining even the most challenging security concepts in a clear and enjoyable manner. Counter Hack Reloaded is an indispensable resource for those who want to improve their defenses and understand the mechanics of computer attacks." -Lenny Zeltser, coauthor of Malware: Fighting Malicious Code "Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a 'must-have' and a 'must-read' for anyone remotely associated with computers and computer security." -Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery "In addition to having breadth of knowledge about and probing insights into network security, Ed Skoudis's real strength is in his ability to show complex topics in an understandable form. By the time he's done, what started off as a hopeless conglomeration of acronyms starts to sound comfortable and familiar. This book is your best source for understanding attack strategies, attack tools, and the defenses against bot...

Note: Includes bibliographical references and index

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

26

Online Resource

Inside network security assessment : guarding your IT infrastructure (2005)

Gregg, Michael [VerfasserIn] ; Kim, David [MitwirkendeR]

Indianapolis, Ind. : Sams | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0672328097

Language: English

Pages: 312 p

Keywords: Computer security ; Evaluation ; Methodology ; Computer networks ; Security measures ; Electronic books ; local

Abstract: As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessment: Guarding Your IT Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. The supporting website will also provide you with access to a variety of tools, checklists, and templates to make your job even easier. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment .

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/0672328097/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

27

Online Resource

Microsoft windows security resource kit (2005)

Smith, Ben [VerfasserIn] 1975- ; Komar, Brian [MitwirkendeR]

Redmond, Wash. : Microsoft Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0735621748 , 9780735621749

Language: English

Edition: 2nd ed.

Keywords: Microsoft Windows (Computer file) ; Computer security ; Computer networks ; Security measures ; Electronic books ; local

Abstract: Fully updated and revised, this official MICROSOFT RESOURCE KIT delivers the in-depth information and tools you need to plan and implement a comprehensive security-management strategy for Windows-based clients, servers, and networks.

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780735621749/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

28

Online Resource

Silence on the wire : a field guide to passive reconnaissance and indirect attacks (2005)

Zalewski, Michal [VerfasserIn]

San Francisco, Calif. : No Starch Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 1593270461 , 9781593270469

Language: English

Keywords: Computer networks ; Security measures ; Electronic books ; local

Abstract: There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems. Silence on the Wire dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/1593270461/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.