Your email was sent successfully. Check your inbox.

An error occurred while sending the email. Please try again.

Proceed reservation?

Export
Filter
  • Safari Tech Books Online  (57)
  • Computer security  (57)
Datasource
Material
Language
Years
  • 1
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: p. cm
    DDC: 005.8
    Keywords: Computer security ; Electronic books ; local
    Abstract: "When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies "McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor "McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing. Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of Risk management frameworks and processes Code review using static analysis tools Architectural risk analysis Penetration testing Security testing Abuse case development In addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs. Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 2
    Online Resource
    Online Resource
    San Jose, Calif. ; : Novell Press | Boston, MA :Safari,
    Language: English
    Pages: xvii, 533 p. , ill. ; , 23 cm
    Edition: 3rd ed. /
    DDC: 005.8
    Keywords: Linux (Computer file) ; Computer security ; Electronic books ; local
    Abstract: An Internet-connected Linux machine is in a high-risk situation. Linux Firewalls, Third Edition details security steps that any sized implementation--from home use to enterprise level--might take to protect itself from potential remote attackers. As with the first two editions, this book is especially useful for its explanations of iptables, packet filtering, and firewall optimization along with some advanced concepts including customizing the Linux kernel to enhance security.The third edition, while distribution neutral, has been updated for the current Linux Kernel and provides code examples for Red Hat, SUSE, and Debian implementations. Don't miss out on the third edition of the critically acclaimed Linux Firewalls .
    Note: Previous ed.: published as by Robert L. Ziegler. Indianapolis, Ind.: New Riders, 2001
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 3
    Language: English
    Pages: xviii, 714 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer security ; Electronic books ; local
    Abstract: Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them. But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computerinteraction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research. Security & Usability groups 34 essays into six parts: Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic. Authentication Mechanisms-- techniques for identifying and authenticating computer users. Secure Systems--how system software can deliver or destroy a secure user experience. Privacy and Anonymity Systems--methods for allowing people to control the release of personal information. Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability. The ...
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 4
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: p. cm
    DDC: 005.8
    Keywords: Microsoft Windows (Computer file) ; Computer security ; Computers ; Access control ; Electronic books ; local
    Abstract: "It's imperative that everybody working in the field of cyber-security read this book to understand the growing threat of rootkits." --Mark Russinovich, editor, Windows IT Pro / Windows & .NET Magazine "This material is not only up-to-date, it defines up-to-date. It is truly cutting-edge. As the only book on the subject, Rootkits will be of interest to any Windows security researcher or security programmer. It's detailed, well researched and the technical information is excellent. The level of technical detail, research, and time invested in developing relevant examples is impressive. In one word: Outstanding." --Tony Bautts, Security Consultant; CEO, Xtivix, Inc. "This book is an essential read for anyone responsible for Windows security. Security professionals, Windows system administrators, and programmers in general will want to understand the techniques used by rootkit authors. At a time when many IT and security professionals are still worrying about the latest e-mail virus or how to get all of this month's security patches installed, Mr. Hoglund and Mr. Butler open your eyes to some of the most stealthy and significant threats to the Windows operating system. Only by understanding these offensive techniques can you properly defend the networks and systems for which you are responsible." --Jennifer Kolde, Security Consultant, Author, and Instructor "What's worse than being owned? Not knowing it. Find out what it means to be owned by reading Hoglund and Butler's first-of-a-kind book on rootkits. At the apex the malicious hacker toolset--which includes decompilers, disassemblers, fault-injection engines, kernel debuggers, payload collections, coverage tools, and flow analysis tools--is the rootkit. Beginning where Exploiting Software left off, this book shows how attackers hide in plain sight. "Rootkits are extremely powerful and are the next wave of attack technology. Like other types of malicious code, rootkits thrive on stealthiness. They hide away from standard system observers, employing hooks, trampolines, and patches to get their work done. Sophisticated rootkits run in such a way that other programs that usually monitor machine behavior can't easily detect them. A rootkit thus provides insider access only to people who know that it is running and available to accept commands. Kernel rootkits can hide files and running processes to provide a backdoor into the target machine. "Understanding the ultimate attacker's tool provides ...
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 5
    Online Resource
    Online Resource
    Harlow : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxxi, 347 p. , ill. ; , 24 cm. +
    DDC: 005.8
    Keywords: Business enterprises ; Computer networks ; Security measures ; Computer security ; Electronic books ; local
    Abstract: Praise for J.C. Cannon's Privacy "A wonderful exploration of the multifaceted work being done to protect the privacy of users, clients, companies, customers, and everyone in between." -Peter Wayner, author of Translucent Databases "Cannon provides an invaluable map to guide developers through the dark forest created by the collision of cutting-edge software development and personal privacy." -Eric Fredericksen, Sr. Software Engineer, PhD., Foundstone, Inc. "Cannon's book is the most comprehensive work today on privacy for managers and developers. I cannot name any technical areas not covered. No practitioners should miss it." -Ray Lai, Principal Engineer, Sun Microsystems, Inc., co-author of Core Security Patterns and author of J2EE Platform Web Services "Every developer should care deeply about privacy and this is the best book I've read on the subject. Get it, read it, and live it." -Keith Ballinger, Program Manager, Advanced Web Services, Microsoft "J.C. Cannon's book demonstrates that information and communication technology can contribute in a significant way to restoring individual privacy and raises more awareness of the complexity and importance of this societal problem." -Dr. John J. Borking, Former Commissioner and Vice-President of the Dutch Data Protection Authority "If you are planning, implementing, coding, or managing a Privacy campaign in your company or your personal computing, there is no more relevant reference. J.C. Cannon nails the issues." -Rick Kingslan, CISSP, Microsoft MVP-Windows Server: Directory Services and Right Management, West Corporation "It's often been said that security is a process, not a product. Privacy is no different! Unlike other privacy books, J.C. Cannon's book has something valuable to convey to everyone involved in the privacy process, from executives to designers and developers, many of whom aren't thinking about privacy but should be." -Keith Brown, Co-founder of Pluralsight and author of The .NET Developer's Guide to Windows Security and Programming Windows Security "J.C. Cannon's new book on electronic privacy is an important addition to the available works in this emerging field of study and practice. Through many humorous (and occasionally frightening) examples of privacy gone wrong, J.C. helps you better understand how to protect your privacy and how to build privacy awareness into your organization and its development process. Keenly illustrating both the pros and cons of various privacy-e...
    Note: Includes bibliographical references (p. 319-326) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 6
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxix, 412 p. , ill. ; , 23 cm
    DDC: 005.8
    Keywords: Computer crimes ; Prevention ; Computer hackers ; Computer networks ; Security measures ; Computer security ; Electronic books ; local
    Abstract: Stories about hacking, stolen credit card numbers, computer viruses, and identity theft are all around us, but what do they really mean to us? The goal of this book, quite simply, is to help educate people on the issues with high-tech crimes. High-Tech Crimes Revealed: Cyberwar Stories from the Digital Front demystifies the risks and realities of high-tech crimes. Demystifying these crimes and raising the awareness of users of technology will make people smarter and safer, and that will make all of us safer in the long run. Steven Branigan shares the inside details of real cases he worked on in his various roles in law-enforcement, information technology, and security. The result is a comprehensive, accessible look at how digital crimes are discovered, what techniques the criminals use and why, and (in some cases) how they can be brought to justice. Inside, you'll find extensive information on Actual hacker investigations, including the harm caused and how the criminals were tracked and caught The ins and outs of identity theft, a rapidly growing crime with potential for serious damage Using the criminology and psychology of hackers to detect and deter attacks The risks associated with various technologies Do's and don'ts for high-tech criminal investigations This easily understandable book will take you beyond hearing about high-tech crimes to actually understanding how and why they happen-and what can be done to protect yourself. "Most books on this topic impart knowledge in the form of techniques and methods. This book differs in that it imparts Steven Branigan's experience in the field, and real case studies in which problems are framed and effective solutions are crafted. In this respect this book imparts not only knowledge, but Steve's experience and wisdom as well." -Mike Tarrani, Independent Consultant "Steven Branigan provides a gripping account of what's involved in investigating computer crime. I strongly recommend this book to any security practitioner or anyone with an interest in computer security." -Michael Nickle, Lead Consultant, VeriSign "Being on the inside of several high-tech busts has given Steven Branigan the ability to make this book intriguing enough to keep high-tech types interested, while also doing a superb job of demystifying these real-life cases in a way that anyone can read and enjoy." -David Kensiski, Director of Operations, InfiniRoute Networks "The modern high-tech industry brought new things to our lives. B...
    Note: Includes bibliographical references (p. [389]-395) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 7
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxxii, 747 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer security ; Electronic books ; local
    Abstract: In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments. Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company. Coverage includes Confidentiality, integrity, and availability Operational issues, cost-benefit and risk analyses, legal and human factors Planning and implementing effective access control Defining security, confidentiality, and integrity policies Using cryptography and public-key systems, and recognizing their limits Understanding and using authentication: from passwords to biometrics Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more Controlling information flow through systems and networks Assuring security throughout the system lifecycle Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention Applying security principles to networks, systems, users, and programs Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 8
    Online Resource
    Online Resource
    Sebastopol, CA ; : O'Reilly Media | Boston, MA :Safari,
    Language: English
    Pages: xii, 177 p. , ill. ; , 26 cm
    Edition: 1st ed.
    DDC: 005.8
    Keywords: Computer security ; Computers ; Access control ; Data protection ; Identity theft ; Electronic books ; local
    Abstract: From the moment you're born, you enter the data stream-from birth certificates to medical records to what you bought on Amazon last week. As your dossier grows, so do the threats, from identity thieves to government snoops to companies who want to sell you something. Computer Privacy Annoyances shows you how to regain control of your life. You'll learn how to keep private information private, stop nosy bosses, get off that incredibly annoying mailing list, and more. Unless you know what data is available about you and how to protect it, you're a sitting duck. Computer Privacy Annoyances is your guide to a safer, saner, and more private life. Written by privacy pro Dan Tynan, and based on interviews with privacy experts from all over the globe, Computer Privacy Annoyances serves up real-world advice in bite-sized portions that will help you stop the snoops in their tracks. The book even addresses non-computing threats, from telemarketer-cum-stalkers, thieves at your mailbox, nosy folks in your HR department, cell phone eavesdroppers, and more. The key areas covered include: Privacy at Home Privacy on the Net Privacy at Work Privacy in Public Privacy and Uncle Sam Privacy in the Future Daniel Tynan has written about Internet privacy and security for nearly a decade. His work has appeared in more than 40 national publications. As executive editor at PC World , Tynan edited a special issue on Internet Privacy that won a Grand Neal Award and was a finalist for a National Magazine Award. He has won more than a dozen other honors, including nine Neals, four Maggies, and two Computer Press Association Awards.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 9
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxviii, 1142 p. , ill. ; , 24 cm
    DDC: 005.4/476
    Keywords: Microsoft Windows server ; Computer security ; Operating systems (Computers) ; Electronic books ; local
    Abstract: "Once again, Roberta Bragg proves why she is a leading authority in the security field! It's clear that Roberta has had a great deal of experience in real-world security design and implementation. I'm grateful that this book provides clarity on what is often a baffling subject!" James I. Conrad, MCSE 2003, Server+, Certified Ethical Hacker Jamesaccusource.net "Full of relevant and insightful information. Certain to be a staple reference book for anyone dealing with Windows Server 2003 security. Roberta Bragg's Windows Server 2003 Security is a MUST read for anyone administering Windows Server 2003." Philip Cox, Consultant, SystemExperts Corporation phil.cox@systemexperts.com "Few people in the security world understand and appreciate every aspect of network security like Roberta Bragg. She is as formidable a security mind as I have ever met, and this is augmented by her ability to communicate the concepts clearly, concisely, and with a rapier wit. I have enjoyed working with Roberta more than I have on any of the other 20 some odd books to which I have contributed. She is a giant in the field of network security." Bob Reinsch bob.reinsch@fosstraining.com " Windows Server 2003 Security explains why you should do things and then tells you how to do it! It is a comprehensive guide to Windows security that provides the information you need to secure your systems. Read it and apply the information." Richard Siddaway, MCSE rsiddaw@hotmail.com "Ms. Bragg's latest book is both easy to read and technically accurate. It will be a valuable resource for network administrators and anyone else dealing with Windows Server 2003 security." Michael VonTungeln, MCSE, CTT mvontung@yahoo.com "I subscribe to a number of newsletters that Roberta Bragg writes and I have 'always' found her writing to be perfectly focused on issues I 'need' to know in my workplace when dealing with my users. Her concise writing style and simple solutions bring me back to her columns time after time. When I heard she had written a guide on Windows 2003 security, I 'had' to have it. Following her guidance on deployment, her advice on avoiding common pitfalls, and her easy to follow guidelines on how to lock down my network and user environments (those darned users!) has me (and my clients) much more comfortable with our Win2k3 Server deployments. From AD to GPO's to EFS, this book covers it all." Robert Laposta, MCP, MCSA, MCSE, Io Network Services, Sierra Vista AZrob.laposta@cox.net "R...
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 10
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Prentice Hall Professional Technical Reference | Boston, MA :Safari,
    Language: English
    Pages: p. cm
    DDC: 005.8
    Keywords: Computer security ; Data protection ; Electronic books ; local
    Abstract: The Definitive Guide to Protecting Enterprise Data Your enterprise data is your most critical asset. If it's compromised, your business can be destroyed. Don't let that happen-leverage today's state-of-the-art strategies, best practices, and technologies and protect your critical information. In Data Protection and Information Lifecycle Management , leading industry consultant Tom Petrocelli presents a systematic, coherent approach to planning and implementing cost-effective data protection. This book introduces Information Lifecycle Management (ILM), a powerful new strategy for managing enterprise information based on its value over time. The author explains emerging techniques for protecting storage systems and storage networks, and for integrating storage security into your overall security plan. He also presents new technical advances and opportunities to improve existing data-protection processes, including backup/restore, replication, and remote copy. Coverage includes A complete, unique framework for considering and planning data protection Understanding storage technology from the standpoint of data protection Architecting more effective backup/restore solutions Using remote copy and replication to keep data synchronized and support immediate failover to hot sites Leveraging core computer security concepts and strategies to protect your most critical data Securing your entire storage infrastructure, not just servers Using policy-driven data protection and Data Lifecycle Management (DLM) to improve security and reduce cost Using ILM to identify your highest-value data and choose the right ways to protect it Data Protection and Information Lifecycle Management is an indispensable resource for IT executives who must plan and implement strategies for data protection; administrators who must protect data on a day-to-day basis; and product managers, consultants, and marketers responsible for crafting superior data-security solutions.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 11
    Online Resource
    Online Resource
    Sebastopol, Calif. ; : O'Reilly Media | Boston, MA :Safari,
    Language: English
    Pages: xiii, 324 p. , ill. ; , 24 cm
    Edition: 1st ed.
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Computers ; Access control ; Electronic books ; local
    Abstract: If you're an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it's a fight that may never end. Fortunately, there are a number of open source security tools that give you a leg up in the battle.Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus.This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function.Some of the topics covered include: Writing your own network sniffers and packet injection tools Writing plugins for Nessus, Ettercap, and Nikto Developing exploits for Metasploit Code analysis for web applications Writing kernel modules for security applications, and understanding rootkits While many books on security are either tediously academic or overly sensational, Network Security Tools takes an even-handed and accessible approach that will let you quickly review the problem and implement new, practical solutions--without reinventing the wheel. In an age when security is critical, Network Security Tools is the resource you want at your side when locking down your network.
    Note: "Writing, hacking, and modifying security tools"--Cover. - Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 12
    Online Resource
    Online Resource
    Sebastopol, CA : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xiii, 238 p. , ill. ; , 24 cm
    Keywords: Linux ; Computer security ; Electronic books ; local
    Abstract: The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source. SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system. The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include: A readable and concrete explanation of SELinux concepts and the SELinux security model Installation instructions for numerous distributions Basic system and user administration A detailed dissection of the SELinux policy language Examples and guidelines for altering and adding policies With SELinux , a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 13
    Online Resource
    Online Resource
    Sebastopol, CA : O'Reilly Media | Boston, MA :Safari,
    Language: English
    Pages: xiii, 270 p. , ill. ; , 24 cm
    Edition: 1st ed.
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Computers ; Access control ; Electronic books ; local
    Abstract: If you are a network administrator, you're under a lot of pressure to ensure that mission-critical systems are completely safe from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is an essential--but often overwhelming--challenge. Snort, the defacto open source standard of intrusion detection tools, is capable of performing real-time traffic analysis and packet logging on IP network. It can perform protocol analysis, content searching, and matching. Snort can save countless headaches; the new Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT.Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday, such as: installation optimization logging alerting rules and signatures detecting viruses countermeasures detecting common attacks administration honeypots log analysis But the Snort Cookbook offers far more than quick cut-and-paste solutions to frustrating security issues. Those who learn best in the trenches--and don't have the hours to spare to pore over tutorials or troll online for best-practice snippets of advice--will find that the solutions offered in this ultimate Snort sourcebook not only solve immediate problems quickly, but also showcase the best tips and tricks they need to master be security gurus--and still have a life.
    Note: "Solutions and examples for Snort administrators"--Cover. - Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 14
    Online Resource
    Online Resource
    Sebastopol, CA : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xiv, 445 p. , ill. ; , 23 cm
    Edition: 1st ed.
    Keywords: FreeBSD ; OpenBSD ; Computer security ; Operating systems (Computers) ; Electronic books ; local
    Abstract: FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms.There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure.FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems.Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate.Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 15
    Online Resource
    Online Resource
    Indianapolis, Ind. : Cisco Press | Boston, MA :Safari,
    Language: English
    Pages: xxiii, 381 p. , ill. ; , 23 cm
    Keywords: Computer networks ; Security measures ; Computer security ; Computer security ; United States ; Management ; Data protection ; Data protection ; Management ; Electronic books ; local
    Abstract: Understand the total cost of ownership and return on investment for network security solutions Understand what motivates hackers and how to classify threats Learn how to recognize common vulnerabilities and common types of attacks Examine modern day security systems, devices, and mitigation techniques Integrate policies and personnel with security equipment to effectively lessen security risks Analyze the greater implications of security breaches facing corporations and executives today Understand the governance aspects of network security to help implement a climate of change throughout your organization Learn how to qualify your organization's aversion to risk Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilities The Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organization's risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board. Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow fin...
    Note: "Understand the total cost of ownership and return on investment for network security solutions"--Cover. - Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 16
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxvii, 713 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer security ; Computer viruses ; Electronic books ; local
    Abstract: "Of all the computer-related books I've read recently, this one influenced my thoughts about security the most. There is very little trustworthy information about computer viruses. Peter Szor is one of the best virus analysts in the world and has the perfect credentials to write this book." -Halvar Flake, Reverse Engineer, SABRE Security GmbH Symantec's chief antivirus researcher has written the definitive guide to contemporary virus threats, defense techniques, and analysis tools. Unlike most books on computer viruses, The Art of Computer Virus Research and Defense is a reference written strictly for white hats: IT and security professionals responsible for protecting their organizations against malware. Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more. Szor presents the state-of-the-art in both malware and protection, providing the full technical detail that professionals need to handle increasingly complex attacks. Along the way, he provides extensive information on code metamorphism and other emerging techniques, so you can anticipate and prepare for future threats. Szor also offers the most thorough and practical primer on virus analysis ever published-addressing everything from creating your own personal laboratory to automating the analysis process. This book's coverage includes Discovering how malicious code attacks on a variety of platforms Classifying malware strategies for infection, in-memory operation, self-protection, payload delivery, exploitation, and more Identifying and responding to code obfuscation threats: encrypted, polymorphic, and metamorphic Mastering empirical methods for analyzing malicious code-and what to do with what you learn Reverse-engineering malicious code with disassemblers, debuggers, emulators, and virtual machines Implementing technical defenses: scanning, code emulation, disinfection, inoculation, integrity checking, sandboxing, honeypots, behavior blocking, and much more Using worm blocking, host-based intrusion prevention, and network-level defense strategies © Copyright Pearson Education. All rights reserved.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 17
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Prentice Hall Professional Technical Reference | Boston, MA :Safari,
    Language: English
    Pages: p. cm
    DDC: 005.8
    Keywords: Computer security ; Java (Computer program language) ; Electronic books ; local
    Abstract: Praise for Core Security Patterns Java provides the application developer with essential security mechanisms and support in avoiding critical security bugs common in other languages. A language, however, can only go so far. The developer must understand the security requirements of the application and how to use the features Java provides in order to meet those requirements. Core Security Patterns addresses both aspects of security and will be a guide to developers everywhere in creating more secure applications. --Whitfield Diffie, inventor of Public-Key Cryptography A comprehensive book on Security Patterns, which are critical for secure programming. --Li Gong, former Chief Java Security Architect, Sun Microsystems, and coauthor of Inside Java 2 Platform Security As developers of existing applications, or future innovators that will drive the next generation of highly distributed applications, the patterns and best practices outlined in this book will be an important asset to your development efforts. --Joe Uniejewski, Chief Technology Officer and Senior Vice President, RSA Security, Inc. This book makes an important case for taking a proactive approach to security rather than relying on the reactive security approach common in the software industry. --Judy Lin, Executive Vice President, VeriSign, Inc. Core Security Patterns provides a comprehensive patterns-driven approach and methodology for effectively incorporating security into your applications. I recommend that every application developer keep a copy of this indispensable security reference by their side. --Bill Hamilton, author of ADO.NET Cookbook , ADO.NET in a Nutshell , and NUnit Pocket Reference As a trusted advisor, this book will serve as a Java developers security handbook, providing applied patterns and design strategies for securing Java applications. --Shaheen Nasirudheen, CISSP,Senior Technology Officer, JPMorgan Chase Like Core J2EE Patterns , this book delivers a proactive and patterns-driven approach for designing end-to-end security in your applications. Leveraging the authors strong security experience, they created a must-have book for any designer/developer looking to create secure applications. --John Crupi, Distinguished Engineer, Sun Microsystems, coauthor of Core J2EE Patterns Core Security Patterns is the hands-on practitioners guide to building robust end-to-end security into J2EE™ enterprise applications, Web services, identity management, service provisionin...
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 18
    Online Resource
    Online Resource
    Indianapolis, IN : Cisco Press | Boston, MA :Safari,
    Language: English
    Pages: xxiii, 745 p. , ill. ; , 24 cm
    Edition: 2nd ed.
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Internet ; Security measures ; Electronic books ; local
    Abstract: A practical guide to creating a secure network infrastructure Understand basic cryptography and security technologies Identify the threats and common attacks to a network infrastructure Learn how to create a security policy Find out how to recover from a security breach Study specific implementation scenarios for securing your network environment Learn about advances in security technologies Designing Network Security, Second Edition , is a practical guide designed to help you understand the fundamentals of securing your corporate network infrastructure. This book takes a comprehensive look at underlying security technologies, the process of creating a security policy, and the practical requirements necessary to implement a corporate security policy. You will gain a thorough understanding of basic cryptography, the most widely deployed security technologies, and key emerging security technologies. You will be able to guide the architecture and implementation of a security policy for a corporate environment by knowing possible threats and vulnerabilities and understanding the steps required to perform a risk management assessment. Through the use of specific configuration examples, you will learn about the features required in network infrastructure equipment to implement the given security policy, including securing the internal corporate infrastructure, Internet access, and the remote access environment. This new edition includes coverage of new security features including SSH on routers, switches, and the PIX(r) Firewall; enhancements to L2TP and IPSec; Cisco(r) LEAP for wireless networks; digital certificates; advanced AAA functionality; and Cisco Intrusion Detection System features and products. Additional practical examples include current security trends using VPN, wireless, and VoIP networking examples. This book is part of the Networking Technology Series from Cisco Press(r), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 19
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Prentice Hall PTR | Boston, MA :Safari,
    Language: English
    Pages: xx, 252 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Biometric identification ; Computer networks ; Security measures ; Computer security ; Electronic books ; local
    Abstract: The complete guide to implementing biometric security solutions for your network Network security has become the latter-day equivalent of oxymoronic terms like "jumbo shrimp" and "exact estimate." Newspaper headlines are routinely peppered with incidents of hackers thwarting the security put forth by the government and the private sector. As with any new technology, the next evolution of network security has long languished in the realm of science fiction and spy novels. It is now ready to step into the reality of practical application. In Biometrics for Network Security , biometrics security expert Paul Reid covers a variety of biometric options, ranging from fingerprint identification to voice verification to hand, face, and eye scanning. Approaching the subject from a practitioner's point of view, Reid describes guidelines, applications, and procedures for implementing biometric solutions for your network security systems. Coverage includes: An introduction to authentication technologies and biometrics Dealing with privacy issues Biometric technologies, including finger, hand geometry, handwriting, iris, retina, voice, and face Security concerns related to biometrics, including attempts to spoof or fake results Deployment of biometric security systems, including vendor selection and roll out procedures Real-life case studies For security, system, and network administrators and managers, as well as anyone who is interested in the application of cutting-edge biometric technology, Biometrics for Network Security will prove an indispensable addition to your library!
    Note: Includes bibliographical references (p. 239-241) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 20
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xv, 392 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Microsoft Windows (Computer file) ; Computer security ; Microsoft .NET ; Electronic books ; local
    Abstract: "As usual, Keith masterfully explains complex security issues in down-to-earth and easy-to-understand language. I bet you'll reach for this book often when building your next software application." --Michael Howard, coauthor, Writing Secure Code "When it comes to teaching Windows security, Keith Brown is 'The Man.' In The .NET Developer's Guide to Windows Security, Keith has written a book that explains the key security concepts of Windows NT, Windows 2000, Windows XP, and Windows Server 2003, and teaches you both how to apply them and how to implement them in C# code. By organizing his material into short, clear snippets, Brown has made a complicated subject highly accessible." --Martin Heller, senior contributing editor at Byte.com and owner of Martin Heller & Co. "Keith Brown has a unique ability to describe complex technical topics, such as security, in a way that can be understood by mere mortals (such as myself). Keith's book is a must read for anyone attempting to keep up with Microsoft's enhancements to its security features and the next major version of .NET." --Peter Partch, principal software engineer, PM Consulting "Keith's book is a collection of practical, concise, and carefully thought out nuggets of security insight. Every .NET developer would be wise to keep a copy of this book close at hand and to consult it first when questions of security arise during application development." --Fritz Onion, author of Essential ASP.NET with Examples in C# The .NET Developer's Guide to Windows Security is required reading for .NET programmers who want to develop secure Windows applications. Readers gain a deep understanding of Windows security and the know-how to program secure systems that run on Windows Server 2003, Windows XP, and Windows 2000. Author Keith Brown crystallizes his application security expertise into 75 short, specific guidelines. Each item is clearly explained, cross-referenced, and illustrated with detailed examples. The items build on one another until they produce a comprehensive picture of what tools are available and how developers should use them. The book highlights new features in Windows Server 2003 and previews features of the upcoming version 2.0 of the .NET Framework. A companion Web site includes the source code and examples used throughout the book. Topics covered include: Kerberos authentication Access control Impersonation Network security Constrained delegation Protocol transition Securing enterprise servi...
    Note: Includes bibliographical references (p. 379-380) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 21
    Online Resource
    Online Resource
    Beijing ; : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xv, 298 , ill. ; , 23 cm
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Internet ; Security measures ; Electronic books ; local
    Abstract: To the uninitiated, the title may seem like an oxymoron: after all, aren't hacks what network security is supposed to prevent? But if you're network administrator, this book's title not only makes sense; it makes a lot of sense. You know that a busy administrator needs a hatful of devilishly effective security hacks to keep your 12-hour days from becoming all-nighters. Network Security Hacks is not a long-winded treatise on security theory. Instead, this information packed little book provides 100 quick, practical, and clever things to do to help make your Linux, UNIX, or Windows networks more secure today. This compendium of security hacks doesn't just cover securing TCP/IP-based services, but also provides intelligent host-based security techniques. Loaded with concise but powerful examples of applied encryption, intrusion detection, logging, trending, and incident response, Network Security Hacks will demonstrate effective methods for defending your servers and networks from a variety of devious and subtle attacks. Network Security Hacks show how to detect the presence (and track every keystroke) of network intruders, methods for protecting your network and data using strong encryption, and even techniques for laying traps for would-be system crackers. Important security tools are presented, as well as clever methods for using them to reveal real, timely, useful information about what is happening on your network. O'Reilly's Hacks Series reclaims the term "hacking" for the good guys--innovators who use their ingenuity to solve interesting problems, explore and experiment, unearth shortcuts, and create useful tools. Network Security Hacks lives up to reputation the Hacks series has earned by providing the "roll-up-your sleeves and get-it-done" hacks that most network security tomes don't offer. Every hack can be read in just a few minutes but will save hours of searching for the right answer. Using just one of these amazing hacks will make this slim book's price seem like a remarkable deal. The other 99 make Network Security Hacks absolutely invaluable.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 22
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: p. cm
    DDC: 005.8
    Keywords: Computer security ; Electronic books ; local
    Abstract: When an intruder, worm, virus, or automated attack succeeds in targeting a computer system, having specific controls and a response plan in place can greatly lessen losses. Accordingly, businesses are realizing that it is unwise to invest resources in preventing computer-related security incidents without equal consideration of how to detect and respond to such attacks and breaches. The Effective Incident Response Team is the first complete guide to forming and managing a Computer Incident Response Team (CIRT). In this book, system and network administrators and managers will find comprehensive information on establishing a CIRT's focus and scope, complete with organizational and workflow strategies for maximizing available technical resources. The text is also a valuable resource for working teams, thanks to its many examples of day-to-day team operations, communications, forms, and legal references. IT administrators and managers must be prepared for attacks on any platform, exploiting any vulnerability, at any time. The Effective Incident Response Team will guide readers through the critical decisions involved in forming a CIRT and serve as a valuable resource as the team evolves to meet the demands of ever-changing vulnerabilities. Inside, readers will find information on: Formulating reactive or preventative operational strategy Forming, training, and marketing the CIRT Selecting penetration-testing, intrusion-detection, network-monitoring, and forensics tools Recognizing and responding to computer incidents and attacks, including unauthorized access, denial-of-service attacks, port scans, and viruses Tracking, storing, and counting incident reports and assessing the cost of an incident Working with law enforcement and the legal community Benefiting from shared resources Scrutinizing closed incidents to further prevention Offering services such as user-awareness training, vulnerability and risk assessments, penetration testing, and architectural reviews Communicating the CIRT's return on investment through management reporting 0201761750B10062003
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 23
    Online Resource
    Online Resource
    Beijing ; : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xvi, 269 p. , ill. ; , 23 cm
    Edition: 1st ed.
    Keywords: Snort (Computer file) ; Computer networks ; Security measures ; Computer security ; Computers ; Access control ; Electronic books ; local
    Abstract: Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders.Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you?Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools . This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs. Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices.Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts. Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.
    Note: "Intrusion detection with open source tools"--Cover. - Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 24
    Online Resource
    Online Resource
    Upper Saddle River, N.J. : Prentice Hall PTR | Boston, MA :Safari,
    Language: English
    Pages: xxvi, 426 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: JavaBeans ; Computer security ; Java (Computer program language) ; Servlets ; Web services ; Electronic books ; local
    Abstract: J2EE developers have an extraordinary array of powerful options for securing their Web services, Web applications, EJB components and RMI objects. Now, expert Java architect Pankaj Kumar helps developers make sense of Java's increasingly rich security APIs, tools, patterns, and best practices-showing how to use each of them in the right place, at the right time, and in the right way. Kumar covers every significant J2SE and J2EE security mechanism, presenting practical implementation techniques for the entire J2EE project lifecycle: analysis, design, development, deployment and operations. The book's example-rich coverage includes: Implementing cryptography with the JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension) security APIs Building PKI systems with Java: implementing X.509 certificates, Certification Authorities, Certificate Revocation Lists, and repositories Java security managers, policy files, and JAAS: implementing access control based on code origin, code signer and user credentials Securing the wire: Using SSL and the JSSE API to secure data exchange over unprotected networks Ensuring XML message integrity, authentication, and confidentiality with the standards: XML Signature & XML Encryption using the VeriSign TSIK, and Infomosaic SecureXML libraries Addressing security issues in RMI-based distributed applications Developing and deploying servlets and EJBs for authenticated and secure access Securing Web services with transport- and message-based security: SSL for transport-based and WS Security for message-based security Covering security aspects of best-of-breed products: Apache Tomcat, Apache Axis, and BEA WebLogic Server.
    Note: Includes bibliographical references (p. 413-414) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 25
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxviii, 349 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Electronic books ; local
    Abstract: "Ajay and Scott take an interesting approach in filling Defend I.T. with case studies and using them to demonstrate important security principles. This approach works well and is particularly valuable in the security space, where companies and consultants are often hesitant to discuss true security incidents for potential embarrassment and confidentiality reasons. Defend I.T. is full of engaging stories and is a good read." --Fyodor, author of the Nmap Security Scanner and Insecure.Org " Defend I.T. answers reader demand for scenario-driven examples. Security professionals will be able to look at these case studies and relate them to their own experiences. That sets this book apart." --Lance Hayden, Cisco Systems "This is an exciting book! It's like reading several mysteries at once from different viewpoints, with the added benefit of learning forensic procedures along the way. Readers will benefit from the procedures, and the entertaining presentation is a real plus." --Elizabeth Zinkann, Equilink Consulting The battle between IT professionals and those who use the Internet for destructive purposes is raging--and there is no end in sight. Reports of computer crime and incidents from the CERT Coordination Center at Carnegie Mellon University more than double each year and are expected to rise. Meanwhile, viruses and worms continue to take down organizations for days. Defend I.T.: Security by Example draws on detailed war stories to identify what was done right and what was done wrong in actual computer-security attacks, giving you the opportunity to benefit from real experiences. Approaches to securing systems and networks vary widely from industry to industry and organization to organization. By examining a variety of real-life incidents companies are too embarrassed to publicly share, the authors explain what could have been done differently to avoid the losses incurred--whether creating a different process for incident response or having better security countermeasures in place to begin with. Inside, you'll find in-depth case studies in a variety of categories: Basic Hacking: Blackhat bootcamp, including mapping a network, exploiting vulnerable architecture, and launching denial-of-service attacks Current Methods: The latest in malicious deeds, including attacks on wireless networks, viruses and worms, and compromised Web servers Additional Items on the Plate: Often overlooked security measures such as developing a security policy, intrusio...
    Note: Includes bibliographical references (p. 321-326) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 26
    Language: English
    Pages: p. cm
    Edition: 2nd ed.
    DDC: 005.8
    Keywords: Computer security ; Java (Computer program language) ; Electronic books ; local
    Abstract: Inside Java™ 2 Platform Security , the definitive and comprehensive guide to the Java security platform, has been thoroughly updated to reflect key additions and revisions to Java security technologies currently in use by leading technology companies. This second edition, penned by the Java experts at Sun Microsystems, provides a detailed look into the central workings of the Java security architecture and describes tools and techniques for successful implementation on even the most demanding network computing environment. While Java has always provided a stronger security model than other platforms, this book reviews all the methods and practices required to improve security without sacrificing functionality. With tips on how to customize, extend, and refine the Java security architecture, users will have everything they need to protect their information assets from both external and internal threats. This book's in-depth coverage encompasses security architecture, deployment, customization, new developments, and much more. Security fundamentals Secure class loading Specifying fine-grained security policy Enforcing security policy with AccessController, SecurityManager, and more Digital certificates, certification paths, signed code, JAAS, and other authentication measures Java-based cryptography with code examples JSSE, Java GSS-API, and RMI for network security Previews of other platforms for security, including Java Card, J2ME and Jini Designed for both the system administrator and software practitioner, this book delivers vital knowledge for building and maintaining a secure system using the Java 2 platform. With detailed code and usage examples throughout, Inside Java™ 2 Platform Security, Second Edition , is an indispensable resource for all platform security needs. The Java™ Series is supported, endorsed, and authored by the creators of the Java technology at Sun Microsystems, Inc. It is the official place to go for complete, expert, and definitive information on Java technology. The books in this Series provide the inside information you need to build effective, robust, and portable applications and applets. The Series is an indispensable resource for anyone targeting the Java™ 2 platform.
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 27
    Online Resource
    Online Resource
    Upper Saddle River, NJ : Prentice Hall PTR | Boston, MA :Safari,
    Language: English
    Pages: xxii, 647 p. , ill. ; , 23 cm
    Series Statement: Prentice Hall series in computer networking and distributed systems
    DDC: 005.8
    Keywords: Computer crimes ; Computer networks ; Security measures ; Computer security ; Electronic books ; local
    Abstract: Reveals how attackers install malicious code and how they evade detection Shows how you can defeat their schemes and keep your computers and network safe! Details viruses, worms, backdoors, Trojan horses, RootKits, and other threats Explains how to handle today's threats, with an eye on handling the threats to come "This is a truly outstanding book-enormous technical wealth and beautifully written." -Warwick Ford "Ed does it again, piercing the veil of mystery surrounding many of the more technical aspects of computer security!" -Harlan Carvey, CISSP "This book is entertaining and informative, while justifiably scaring you. Luckily it also tells you how to protect yourself, but makes you realize it's going to be a permanent spy-vs-spy struggle." -Radia Perlman, Distinguished Engineer, Sun Microsystems Keep control of your systems out of the hands of unknown attackers Ignoring the threat of malware is one of the most reckless things you can do in today's increasingly hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network, and data-all without your knowledge! Written for computer pros and savvy home users by computer security expert Edward Skoudis, Malware: Fighting Malicious Code covers everything you need to know about malware, and how to defeat it! This book devotes a full chapter to each type of malware-viruses, worms, malicious code delivered through Web browsers and e-mail clients, backdoors, Trojan horses, user-level RootKits, and kernel-level manipulation. You'll learn about the characteristics and methods of attack, evolutionary trends, and how to defend against each type of attack. Real-world examples of malware attacks help you translate thought into action, and a special defender's toolbox chapter shows how to build your own inexpensive code analysis lab to investigate new malware specimens on your own. Throughout, Skoudis' clear, engaging style makes the material approachable and enjoyable to learn. This book includes: Solutions and examples that cover both UNIX® and Windows® Practical, time-tested, real-world actions you can take to secure your systems Instructions for building your own inexpensive malware code analysis lab so you can get familiar with attack and defensive tools harmlessly! Malware: Fighting Malicious Code is intended for system administrators, network personnel, security personnel, savvy home compu...
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 28
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxiii, 581 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer security ; Java (Computer program language) ; Electronic books ; local
    Abstract: Enterprise Java™ Security: Building Secure J2EE™ Applications provides application developers and programmers with the know-how they need to utilize the latest Java security technologies in building secure enterprise infrastructures. Written by the leading Java security experts at IBM, this comprehensive guide covers the current status of the Java™ 2 Platform, Enterprise Edition (J2EE), and Java™ 2 Platform, Standard Edition (J2SE™), security architectures and offers practical solutions and usage patterns to address the challenges of Java security. To aid developers who need to build secure J2EE applications, Enterprise Java™ Security covers at length the J2EE security technologies, including the security aspects of servlets, JavaServer Pages(TM) (JSP™), and Enterprise JavaBeans™ (EJB™)-technologies that are at the core of the J2EE architecture. In addition, the book covers Web Services security. Examples and sample code are provided throughout the book to give readers a solid understanding of the underlying technology. The relationship between Java and cryptographic technologies is covered in great detail, including: Java Cryptography Architecture (JCA) Java Cryptography Extension (JCE) Public-Key Cryptography Standards (PKCS) Secure/Multipurpose Internet Mail Extensions (S/MIME) Java Secure Socket Extension (JSSE)
    Note: Includes bibliographical references (p. 563) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 29
    Online Resource
    Online Resource
    Indianapolis, Ind. : Sams | Boston, MA :Safari,
    Language: English
    Pages: xx, 340 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Computers ; Access control ; Electronic books ; local
    Abstract: With over 100,000 installations, the Snort open-source network instrusion detection system is combined with other free tools to deliver IDS defense to medium - to small-sized companies, changing the tradition of intrusion detection being affordable only for large companies with large budgets. Until now, Snort users had to rely on the official guide available on snort.org. That guide is aimed at relatively experience snort administrators and covers thousands of rules and known exploits. The lack of usable information made using Snort a frustrating experience. The average Snort user needs to learn how to actually get their systems up-and-running. Snort Intrusion Detection provides readers with practical guidance on how to put Snort to work. Opening with a primer to intrusion detection and Snort, the book takes the reader through planning an installation to building the server and sensor, tuning the system, implementing the system and analyzing traffic, writing rules, upgrading the system, and extending Snort.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 30
    Online Resource
    Online Resource
    Redmond, Wash. : Microsoft Press | Boston, MA :Safari,
    Language: English
    Keywords: Microsoft Visual BASIC ; BASIC (Computer program language) ; Computer security ; Microsoft .NET ; Electronic books ; local
    Abstract: This resource provides best practices, step-by-step code walk-throughs, and concise explanations of key security terms, issues, and jargon to help developers create and run secure code with Visual Basic.
    Note: Includes index. - Includes link to companion web site. - Title from title screen
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 31
    Online Resource
    Online Resource
    Beijing ; : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xx, 202 p. , ill. ; , 23 cm
    DDC: 005.8
    Keywords: Computer security ; Electronic books ; local
    Abstract: Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate. Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. Secure Coding , by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle: Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software. Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed. Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security analysis). Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow. Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems. Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why...
    Note: Includes bibliographical references (p. 185-194) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 32
    Online Resource
    Online Resource
    Indianapolis, Ind. : Sams | Boston, MA :Safari,
    Language: English
    Pages: xxiii, 945 p. , ill. ; , 23 cm. +
    Edition: 4th ed.
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Electronic books ; local
    Abstract: Maximum Security, Fourth Edition provides updated, comprehensive, platform-by-platform coverage of security issues, and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. This book provides information for security administrators and others interested in computer and network security and provides them with techniques to take steps to protect their systems.
    Note: Includes bibliographical references (p. [731]-759) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 33
    Language: English
    Pages: xxix, 954 p. , ill. ; , 24 cm
    Edition: 3rd ed.
    DDC: 005.8
    Keywords: UNIX (Computer file) ; Computer security ; Internet ; Congresses ; Operating systems (Computers) ; Electronic books ; local
    Abstract: When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more. Practical Unix & Internet Security consists of six parts: Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security. Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security. Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems, and the importance of secure programming. Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing. Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security. Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research. Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.
    Note: Includes bibliographical references (p. 873-895) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 34
    Online Resource
    Online Resource
    Boston, MA : ProQuest Information and Learning Company | Boston, MA :Safari,
    Language: English
    Parallel Title: Erscheint auch als
    Keywords: Computer security ; Cryptography ; Microsoft .NET ; Electronic books ; local
    Abstract: Learn how to make your .NET applications secure! Security and cryptography, while always an essential part of the computing industry, have seen their importance increase greatly in the last several years. Microsoft's .NET Framework provides developers with a powerful new set of tools to make their applications secure. NET Security and Cryptography is a practical and comprehensive guide to implementing both the security and the cryptography features found in the .NET platform. The authors provide numerous clear and focused examples in both C# and Visual Basic .NET, as well as detailed commentary on how the code works. They cover topics in a logical sequence and context, where they are most relevant and most easily understood. All of the sample code is available online at . This book will allow developers to: Develop a solid basis in the theory of cryptography, so they can understand how the security tools in the .NET Framework function Learn to use symmetric algorithms, asymmetric algorithms, and digital signatures Master both traditional encryption programming as well as the new techniques of XML encryption and XML signatures Learn how these tools apply to ASP.NET and Web Services security
    Note: ELECTRONIC BOOK. - From: ProQuest--Title screen. - Title from title screen. - Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 35
    Online Resource
    Online Resource
    Upper Saddle River, N.J. : Prentice Hall | Boston, MA :Safari,
    Language: English
    Pages: xxi, 309 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer security ; Electronic books ; local
    Abstract: "This is a really good book ... it spells out the motherhood and apple pie of information security in a highly readable way." -Warwick Ford, CTO, VeriSign, Inc. "An excellent security read! Breaks down a complex concept into a simple and easy-to-understand concept." -Vivek Shivananda, President Redefine your organization's information security Learn to think and act like a top security guru! Understand the founding principles of security itself and make better decisions Make your security solutions more effective, easily manageable, and less costly! Make smarter, more informed security decisions for your company Organizations today commit ever-increasing resources to information security, but are scarcely more secure than they were four or five years ago! By treating information security like an ordinary technological practice-that is, by throwing money, a handful of the latest technologies, and a lineup of gurus at the problem-they invariably wind up with expensive, but deeply flawed, solutions. The only way out of this trap is to change one's way of thinking about security: to grasp the reasoning, philosophy, and logic that underlie all successful security efforts. In Inside the Security Mind: Making the Tough Decisions , security expert Kevin Day teaches you how to approach information security the way the top gurus do-as an art, rather than a collection of technologies. By applying this discipline, your solutions will be more secure and less burdensome in time, expense, and effort. The first part of the book explains the practice of breaking security decisions down into a set of simple rules. These rules may then be applied to make solid security decisions in almost any environment. In the second part, Day uses a series of practical examples to illustrate exactly how the discipline works in practice. Additional material covers: Designing an enterprise security plan, including perimeter/firewall and Internal defenses, application, system, and hardware security Ongoing security measures-recurring audits, vulnerability maintenance, logging and monitoring, and incident response, plus risk assessment Choosing between open source and proprietary solutions; and wired, wireless, and virtual private networks This book is essential reading for anyone working to keep information secure. Technical and non-technical IT professionals alike can apply Day's concepts and strategies to become security gurus, while seasoned practitioners will benefit from th...
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 36
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xli, 1084 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer security ; Electronic books ; local
    Abstract: "This is an excellent text that should be read by every computer security professional and student." -Dick Kemmerer, University of California, Santa Barbara. "This is the most complete book on information security theory, technology, and practice that I have encountered anywhere!" -Marvin Schaefer, Former Chief Scientist, National Computer Security Center, NSA This highly anticipated book fully introduces the theory and practice of computer security. It is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference filled with valuable information for even the most seasoned practitioner. In this one extraordinary volume the author incorporates concepts from computer systems, networks, human factors, and cryptography. In doing so, he effectively demonstrates that computer security is an art as well as a science. Computer Security: Art and Science includes detailed discussions on: The nature and challenges of computer security The relationship between policy and security The role and application of cryptography The mechanisms used to implement policies Methodologies and technologies for assurance Vulnerability analysis and intrusion detection Computer Security discusses different policy models, and presents mechanisms that can be used to enforce these policies. It concludes with examples that show how to apply the principles discussed in earlier sections, beginning with networks and moving on to systems, users, and programs. This important work is essential for anyone who needs to understand, implement, or maintain a secure network or computer system. 0201440997B10252002
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 37
    Online Resource
    Online Resource
    Upper Saddle River, N.J. : Prentice Hall PTR | Boston, MA :Safari,
    Language: English
    Pages: xxix, 746 p. , ill. ; , 24 cm
    Edition: 3rd ed.
    DDC: 005.8
    Keywords: Computer security ; Data protection ; Privacy, Right of ; Electronic books ; local
    Abstract: The classic guide to information security-fully updated for the latest attacks and countermeasures Security in Computing, Third Edition systematically demonstrates how to control failures of confidentiality, integrity, and availability in applications, databases, operating systems, and networks alike. This sweeping revision of the field's classic guide to computer security reflects today's entirely new generation of network- and Internet-based threats and vulnerabilities, and offers practical guidance for responding to them. Updated to cover wireless security, intrusion detection, AES, DRM, biometrics, honeypots, online privacy, and more Security in Internet-based, distributed, desktop and traditional centralized applications New attacks, including scripted vulnerability probing, denial of service, and buffer overflows-with symptoms and cures Clear, accessible introduction to cryptography-without sophisticated math Up-to-the-minute explanations of digital signatures, certificates, and leading-edge quantum cryptography Thoroughly revamped coverage of software engineering practices designed to enhance program security Expanded coverage of risk management, contingency planning, and security policies Detailed presentation of protection in general-purpose and trusted operating systems Extensive pedagogical resources: end-of-chapter reviews and exercises, lists of key terms, and authoritative references Exceptionally clear and easy to understand, the book covers not only technical issues, but also law, privacy, ethics, and the physical and administrative aspects of security. The companion website (http://www.phptr.com/pfleeger/) contains additional information, book updates, and instructor's resources.
    Note: Includes bibliographical references (p. 691-725) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 38
    Online Resource
    Online Resource
    Indianapolis, Ind. : New Riders | Boston, MA :Safari,
    Language: English
    Pages: xx, 385 p. , ill. ; , 24 cm
    Edition: 1st ed.
    DDC: 005.8
    Keywords: Mac OS ; Computer networks ; Security measures ; Computer security ; Macintosh (Computer) ; Security measures ; Operating systems (Computers) ; Electronic books ; local
    Abstract: Mac OS X now operates on a UNIX engine. As such it is much more powerful than previous operating systems. It is now a multitasking, multithreaded, multi-user, and multiprocessor system with enhanced interoperability with other systems. Along with that increased power comes increased security vulnerability. Part I introduces readers to the basics of OS X security. Part II addresses system security beginning at the client workstation level. This section addresses UNIX-specific information such as permissions, executables, and network protocols and the related security concerns. Part III covers network security. The chapters in this section will cover security for internet services, file sharing, and network protection systems. Part IV addresses enterprise security using a variety of tools (Kerberos, NetInfo, and Rendezvous) as well as workstation configurations to illustrate how OS X Server and OS X inter-operate. The final section addresses auditing and forensics and what to do when an OS X network is compromised. This section teaches readers to audit systems painlessly and effectively and how to investigate and handle incidents.
    Note: Includes bibliographical references (p. 361-369) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 39
    Online Resource
    Online Resource
    Redmond, Wash. : Microsoft Press | Boston, MA :Safari,
    Language: English
    Pages: xxviii, 768 p. , ill. ; , 23 cm
    Edition: 2nd ed.
    DDC: 005.8
    Keywords: Computer security ; Data encryption (Computer science) ; Electronic books ; local
    Abstract: Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process-from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors-two battle-scarred veterans who have solved some of the industry's toughest security problems-provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft .NET security, and Microsoft ActiveX development, plus practical checklists for developers, testers, and program managers.
    Note: Includes bibliographical references (p. 741-745) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 40
    Online Resource
    Online Resource
    Beijing ; : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xxv, 762 p. , ill. ; , 24 cm
    Edition: 1st ed.
    DDC: 005.13/3
    Keywords: C (Computer program language) ; C++ (Computer program language) ; Computer security ; Computer software ; Development ; Electronic books ; local
    Abstract: Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn: How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems How to properly SSL-enable applications How to create secure channels for client-server communication without SSL How to integrate Public Key Infrastructure (PKI) into applications Best practices for using cryptography properly Techniques and strategies for properly validating input to programs How to launch programs securely How to use file access mechanisms properly Techniques for protecting applications from reverse engineering The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.
    Note: "Covers Unix and Windows"--Cover. - "Recipes for cryptography, authentication, networking, input validation & more"--Cover. - Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 41
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxxi, 492 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Web sites ; Security measures ; Electronic books ; local
    Abstract: "Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..." --From the Foreword by William C. Boni, Chief Information Security Officer, Motorola "Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why." --Lance Spitzner, Founder, The Honeynet Project Whether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed ), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense. Features include: Overview of the Web and what hackers go after Complete Web application security methodologies Detailed analysis of hack techniques Countermeasures What to do at development time to eliminate vulnerabilities New case studies and eye-opening attack scenarios Advanced Web hacking concepts, methodologies, and tools "How Do They Do It?" sections show how and why different attacks succeed, including: Cyber graffiti and Web site defacements e-Shoplifting Database access and Web applications Java™ application servers; how to harden your Java™ Web Server Impersonation and session hijacking Buffer overflows, the most wicked of attacks Automated attack tools and worms Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques. Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks. 0201761769B07192002
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 42
    Online Resource
    Online Resource
    Boston : New Riders | Boston, MA :Safari,
    Language: English
    Pages: xv, 274 p. , ill. ; , 23 cm
    Edition: 1st ed.
    DDC: 005.8
    Keywords: Solaris (Computer file) ; Computer security ; Electronic books ; local
    Abstract: Solaris 8 Security covers all the concepts and issues Solaris 8 administrators need to know in order to make and keep their Solaris 8 systems secure. This includes not only Solaris 8 security tools and features, but such subjects as cryptography and defenses against known attacks and vulnerabilities. Readers learn practical, command-level defenses, such as: How to configure a secure DNS server What to do with /etc/inet/inetd.conf How to make IPsec work Why DES fails How to identify and prevent system compromises How not to configure sendmail How to automate security checkups The book provides a proactive approach to security. Coverage includes intrusion detection systems, network-level filtering, firewalls and other network-level systems.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 43
    Online Resource
    Online Resource
    Boston, MA : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxiii, 532 p. ; , 24 cm
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Data encryption (Computer science) ; XML (Document markup language) ; Electronic books ; local
    Abstract: Extensible Markup Language (XML) is the environment of choice for creating many of today's technologically sophisticated and security-sensitive Web applications. With Secure XML, developers now have the hands-on guide they need to combine a strong foundation in XML with proven, practical techniques for enabling the secure transmission of data across the Web. Broad-based and comprehensive, Secure XML fully documents every feature and issue involved with XML security. Opening with a complete introduction to XML, the book then provides detailed coverage of authentication, canonicalization, keying, encryption, algorithms, and more. Notes, background information, guidelines, and "soapbox," or heretical comments, expand on the book's practical focus throughout. In all, this book features the most comprehensive roadmap to digital security and XML encryption available. Topics covered in-depth include: XML basics-documents, namespaces, structures, DTDs and schemas, and stylesheets XPath, XPointer, and SOAP Digital cryptography basics--secret and public key ciphers, asymmetric keys, digital signatures, and certificates XML canonicalization, signatures, and authentication XML encryption Key management and combining encryption with signatures Cryptographic algorithms and noncryptographic algorithms Detailed and practical, this book provides reliable solutions for securing XML and for safeguarding information flow across today's sophisticated Web. 0201756056B06262002
    Note: Includes bibliographical references (p.495-506) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 44
    Language: English
    Pages: xiv, 699 p. , ill. ; , 23 cm
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Internet ; Security measures ; Electronic books ; local
    Abstract: Privacy Defended: Protecting Yourself Online is a comprehensive book that melds detailed, how-to information on PC hardware and operating system security within the context of protecting one's privacy in a digital world. It is designed for individuals who are serious about their privacy and who also want an accessible, one-stop source of practical information. The book offers clear discussion of privacy issues as they affect everyday users of digital devices, covering all current and near-future devices and technologies that pose privacy risks to users.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 45
    Online Resource
    Online Resource
    Indianapolis, Ind. : New Riders | Boston, MA :Safari,
    Language: English
    Pages: xvii, 778 p. , ill. ; , 23 cm
    Edition: 1st ed.
    DDC: 005.8
    Keywords: Computer hackers ; Computer security ; Electronic books ; local
    Abstract: Hackers Beware starts with a roadmap of the various areas of hacking but quickly delves into the details of how specific attacks work and how to protect against them. Since most attacks we hear about either occur or are perceived to come from hackers, people are very interested "in how they do that" - the techniques hackers use to break into systems. Hackers Beware is unique in that it gives specific exploits, exactly how they work and how to protect against them. This book will help readers understand what security threats they are up against and what they need to do to protect against them. Some books cover this from a high level but do not get into the details of specific exploits and cover it in a case by case fashion. This book will cover the complete picture. It will not only describe how an exploit works but present the signature of the attack, what to look for on a network and how to protect against it.
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 46
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xvii, 793 p. , ill. ; , 23 cm
    DDC: 005.8
    Keywords: Computer security ; Microsoft .NET Framework ; Electronic books ; local
    Abstract: In 1997, Microsoft embarked on a "bet the company" strategy that was to reinvent the way the company did business. Even before its release, .NET made major strides in reinventing the way that software developers viewed the software they wrote. Now that it is released, .NET and the .NET Framework will change the software development process for good. .NET Framework Security provides the ultimate high-end comprehensive reference to all of the new security features available in .NET. Through extensive code samples and step-by-step walkthroughs of configuration techniques, the reader is taken deep into the world of secure applications. Demonstrations of creating custom procedures and a full explanation of each aspect separate this book from many other "lecture books." Many of the concepts expressed in this book are not only viable in .NET, but on the Internet in general. These factors combined make this the one reference that every developer and system administrator should have. .NET Framework Security provides An extensive introduction to explanation of Code Access Security, the powerful new security system shipping in the .NET Framework Information on how to write and test safe applications using the .NET Framework Extensive coverage on how to effectively administer .NET Framework security In-depth introduction to the cryptography library shipping in the .NET Framework, including an introduction to XML digital signatures An overview of all of the new security features available in .NET Code samples that can be used to implement security on your own Web site or application Step-by-step guidelines for modifying the various configuration files associated with .NET, and an explanation of the elements involved Instructions for all of the aspects of security in the CLR and what it means How to use ASP.NET to create a secure application Explanations for using the CryptoAPI libraries to create your own custom functionality Guidelines on how to create secure network applications as well as applications that exist on the Internet Detailed examples of how to establish security parameters in IIS that relate to ASP.NET Instructions for administering .NET applications hosted in IE 067232184XB04232002
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 47
    Language: English
    Pages: xxiv, 512 p. , ill. ; , 24 cm. + 1 CD-ROM (4 3/4 in.)
    DDC: 005.8
    Keywords: Computer security ; Computers ; Access control ; Testing ; Electronic books ; local
    Abstract: "This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art." --From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information. Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included. Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack. Specific topics covered in this book include: Hacking myths Potential drawbacks of penetration testing Announced versus unannounced testing Application-level holes and defenses Penetration through the Internet, including zone transfer, sniffing, and port scanning War dialing Enumerating NT systems to expose security holes Social engineering methods Unix-specific vulnerabilities, such as RPC and buffer overflow attacks The Windows NT Resource kit Port scanners and discovery tools Sniffers and password crackers Web testing tools Remote control tools Firewalls and intrusion detection systems Numerous DoS attacks and tools 0201719568B01042002
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 48
    Online Resource
    Online Resource
    [United States] : IBM International Technical Support Organization | Boston, MA :Safari,
    Language: English
    Pages: xvi, 540 p. " , ill. ; , 23 cm
    Edition: 1st ed.
    DDC: 005.8
    Keywords: WebSphere ; Computer security ; Electronic books ; local
    Abstract: This IBM Redbook provides IT Architects, IT Specialists, application designers, application developers, application assemblers, application deployers and consultants with information necessary to design, develop and deploy secure e-business applications using WebSphere Application Server V5. Part 1, WebSphere security provides a detailed overview of WebSphere Application Server V5 Security. It starts with J2EE security, then goes into details about the modules and components of a J2EE enterprise application; it also covers programmatic security techniques. The last chapter in this part shows all the security-related administrative items in WebSphere Application Server V5. Part 2, End-to-end security offers details about end-to-end security solutions where WebSphere Application Server V5 is part of an enterprise solution. You will find an introduction to Patterns for e-business, in which security is in focus. A very important chapter in this part will discuss the integration between WebSphere Application Server V5 and Tivoli Access Manager. Finally, the Appendixes provide additional information related to chapters in the previous two parts and also describe the sample application available with the book.
    Note: "December 2002.". - Includes bibliographical references (p. 525-527) and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 49
    Online Resource
    Online Resource
    Indianapolis, Ind. : New Riders Pub. | Boston, MA :Safari,
    Language: English
    Pages: xvii, 490 p. , ill. ; , 23 cm
    Edition: 3rd ed.
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Internet ; Security measures ; Electronic books ; local
    Abstract: The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. New to this edition is coverage of packet dissection, IP datagram fields, forensics, and snort filters.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 50
    Online Resource
    Online Resource
    Boston : Addison-Wesley | Boston, MA :Safari,
    Language: English
    Pages: xxvi, 452 p. ill. ; , 24 cm. +
    DDC: 005.8
    Keywords: Computer hackers ; Computer security ; Firewalls (Computer security) ; Electronic books ; local
    Abstract: "The text is comprehensive, an honest survey of every honeypot technology I had ever heard of and a number I read about for the first time." --Stephen Northcutt, The SANS Institute "One of the great byproducts of Lance's work with honeypots and honeynets is that he's helped give us a much clearer picture of the hacker in action." --From the Foreword by Marcus J. Ranum "From the basics of shrink-wrapped honeypots that catch script kiddies to the detailed architectures of next-generation honeynets for trapping more sophisticated bad guys, this book covers it all....This book really delivers new information and insight about one of the most compelling information security technologies today." --Ed Skoudis, author of Counter Hack, SANS instructor, and Vice President of Security Strategy for Predictive Systems Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Implementing a honeypot provides you with an unprecedented ability to take the offensive against hackers. Whether used as simple "burglar alarms," incident response systems, or tools for gathering information about hacker motives and tactics, honeypots can add serious firepower to your security arsenal. Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter™, Honeyd, Homemade honeypots, ManTrap®, and Honeynets. Honeypots also includes a chapter dedicated to legal issues surrounding honeypot use. Written with the guidance of three legal experts, this section explores issues of privacy, entrapment, and liability. The book also provides an overview of the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen/Trap Statute, with an emphasis on how each applies to honeypots. With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own. Security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable. 0321108957B08282002
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 51
    Online Resource
    Online Resource
    Indianapolis, Ind. : Sams Pub. | Boston, MA :Safari,
    Language: English
    Pages: xxiii, 861 p. ; , 23 cm. +
    Edition: 3rd ed.
    DDC: 005.8
    Keywords: Computer networks ; Security measures ; Computer security ; Electronic books ; local
    Abstract: Maximum Security, Third Edition provides comprehensive, platform-by-platform coverage of security issues and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. In one book, security managers and others interested in computer and network security can learn everything the hackers already know, and then take steps to protect their systems.
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 52
    Online Resource
    Online Resource
    Sebastopol, CA : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xvi, 599 p. , ill. ; , 24 cm
    Edition: 2nd ed.
    Series Statement: The Java series
    DDC: 005.8
    Keywords: Computer security ; Java (Computer program language) ; Electronic books ; local
    Abstract: One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need. Java Security, 2nd Edition, focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration.The book is intended primarily for programmers who want to write secure Java applications. However, it is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 53
    Online Resource
    Online Resource
    Sebastopol, CA : O'Reilly & Associates | Boston, MA :Safari,
    Language: English
    Pages: xviii, 522 p. , ill. ; , 24 cm
    Edition: 1st ed.
    DDC: 005.8/4
    Keywords: Computer security ; Computer viruses ; Electronic books ; local
    Abstract: Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing malicious code. The idea that someone could write malicious code and spread it to 60 million computers in a matter of hours is no longer a fantasy. The good news is that there are effective ways to thwart Windows malicious code attacks, and author Roger Grimes maps them out in Malicious Mobile Code: Virus Protection for Windows. His opening chapter on the history of malicious code and the multi-million dollar anti-virus industry sets the stage for a comprehensive rundown on today's viruses and the nuts and bolts of protecting a system from them. He ranges through the best ways to configure Windows for maximum protection, what a DOS virus can and can't do, what today's biggest threats are, and other important and frequently surprising information. For example, how many people know that joining a chat discussion can turn one's entire computer system into an open book? Malicious Mobile Code delivers the strategies, tips, and tricks to secure a system against attack. It covers: The current state of the malicious code writing and cracker community How malicious code works, what types there are, and what it can and cannot do Common anti-virus defenses, including anti-virus software How malicious code affects the various Windows operating systems, and how to recognize, remove, and prevent it Macro viruses affecting MS Word, MS Excel, and VBScript Java applets and ActiveX controls Enterprise-wide malicious code protection Hoaxes The future of malicious mobile code and how to combat such code These days, when it comes to protecting both home computers and company networks against malicious code, the stakes are higher than ever. Malicious Mobile Code is the essential guide for securing a system from catastrophic loss.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 54
    Online Resource
    Online Resource
    Indianapolis, Ind. : Sams | Boston, MA :Safari,
    Language: English
    Pages: xvii, 743 p. , ill. ; , 24 cm. +
    DDC: 005.8
    Keywords: Linux ; Computer security ; Electronic books ; local
    Abstract: Maximum Linux Security: A Hacker's Guide to Protecting Your Linux Server and Workstation is designed for system administrators, managers, or Linux users who wish to protect their Linux servers and workstations from unauthorized intrusions and other external threats to their systems' integrity. Written by an experienced hacker--someone who knows which systems are vulnerable and how crackers get into them--this unique guide to Linux security identifies existing and potential security holes and faults, and then describes how to go about fixing them.
    Note: Includes bibliographical references and index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 55
    Online Resource
    Online Resource
    Indianapolis, Ind. : Que | Boston, MA :Safari,
    Language: English
    Pages: 722 p. , ill. ; , 24 cm
    DDC: 005.8
    Keywords: Microsoft Windows (Computer file) ; Computer security ; Electronic books ; local
    Abstract: Windows 2000 Security Handbook covers NTFS fault tolerance, Kerberos authentication, Windows 2000 intruder detection and writing secure applications for Windows 2000.
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 56
    Online Resource
    Online Resource
    Indianapolis, IN : SAMS Publishing | Boston, MA :Safari,
    Language: English
    Pages: xiv, 534 p. , ill. ; , 23 cm
    DDC: 005.8
    Keywords: Computer security ; Java (Computer program language) ; Electronic books ; local
    Abstract: This book is a comprehensive guide to Java security issues. It assumes you are an experienced Java programmer, but have little experience with creating secure applications. This book covers formulating and enacting a network security policy to protect end-users, building e-commerce and database applications that can safely exchange secure information over networks and the Internet, cryptography, digital signatures, key management, and distributed computing: CORBA, RMI, and servlets.
    Note: Includes index
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
  • 57
    Online Resource
    Online Resource
    Cambridge ; : O'Reilly | Boston, MA :Safari,
    Language: English
    Pages: xv, 454 p. , ill. ; , 24 cm
    Edition: 1st ed.
    Series Statement: The Java series
    DDC: 005.8
    Keywords: Computer security ; Java (Computer program language) ; Electronic books ; local
    Abstract: Java's most striking claim is that it provides a secure programming environment. However, despite lots of discussion, few people understand precisely what Java's claims mean and how it backs up those claims. Java Security is an in-depth exploration aimed at developers, network administrators, and anyone who needs to work with or understand Java's security mechanisms. It discusses in detail what security does and doesn't mean, what Java's default security policies are, and how to create and implement your own policies. In doing so, Java Security provides detailed coverage of security managers, class loaders, the access controller, and much of the java.security package. It discusses message digests, certificates, and digital signatures, showing you how to use Java's facilities for signing classes or to implement your own signature facility. It shows you how to write a class loader that recognizes signed classes, verifies the signature, and cooperates with a security manager to grant additional privileges. It also discusses the problem of managing cryptographic keys and shows you how to implement your own key management systems. Java Security is an essential book for everyone using Java in real-world software. If you're deploying software written in Java, you need to know how to grant your classes the privileges they need, without granting privileges to untrusted classes. You need to know how to protect your systems against intrusion and corruption. Java provides the tools; this book shows you how to use them.
    Library Location Call Number Volume/Issue/Year Availability
    BibTip Others were also interested in ...
Close ⊗
This website uses cookies and the analysis tool Matomo. More information can be found here...