InfoSecurity 2008 Threat Analysis

  • Paul Schooping
  • By

    • Craig Schiller, CISO for Portland State University and President of Hawkeye Security Training, LLC
    • Seth Fogie, Vice President, Airscanner, Dallas, TX, USA
    • Colby DeRodeff, GCIA, GCNA Manager, Technical Marketing, ArcSight, Inc., CA
    • Michael Gregg, President, Superior Solutions, Inc.

    An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking. Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.
    View full description

    Audience

    * Co-branded Syngress and Infosecurity Magazine and featuring best of breed writers from both* Featured placement on Infosecurity.com, ads in Infosecurity print magazine (25K circ, 10K in U.S.), and in e-newsletter (15K circ)* Featured at Infosecurity booth at high traffic shows such as Infosecurity US, Infosecurity Canada, and Infosecurity Europe

 

Book information

  • Published: October 2007
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-224-9


Table of Contents


Foreword

Part I: Botnets

Chapter 1 Botnets: A Call to Action

Introduction

The Killer Web App

How Big is the Problem?

The Industry Responds

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Botnets Overview

What is a Botnet?

The Botnet Life Cycle

What Does a Botnet Do?

Botnet Economic

Summary

Solutions Fast Track

Frequently Asked Questions

Part II Cross Site Scripting Attacks

Chapter 3 Cross-site Scripting Fundamentals

Introduction

Web Application Security

XML and AJAX Introduction

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 XSS Theory

Introduction

Getting XSS'ed

DOM-based XSS in Detail

Redirection

CSRF

Flash, QuickTime, PDF, Oh My

HTTP Response Injection

Source vs. DHTML Reality

Bypassing XSS Length Limitations

XSS Filter Evasion

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 XSS Attack Methods

Introduction

History Stealing

Intranet Hacking

XSS Defacements

Summary

Solutions Fast Track

Frequently Asked Questions

References

Part III Physical and Logical Security Convergence

Chapter 6 Protecting Critical

Infrastructure: Process Control and SCADA

Introduction

Technology Background: Process Control Systems

Why Convergence?

Threats and Challenges

Conclusion

Chapter 7 Final Thought

Introduction

Final Thoughts from William Crower

Final Thoughts from Dan Dunkel

Final Thoughts from Brian Contos

Final Thoughts from Colby DeRodeoff

Part IV PCI Compliance

Chapter 8 Why PCi is Important

Introduction

What is PCI?

Overview of PCI Requirements

Risks and Consequences

Benefits of Compliance

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Protect Cardholder Data

Protecting Cardholder Data

PCI Requirement 3: Protect Stored Cardholder Data

PCI Requirement 4~Encrypt Transmission of Cardholder Data Across Open, Public Networks

Using Compensating Controls

Mapping Out a Strategy

The Absolute Essentials

Summary

Solutions Fast Track

Frequently Asked Questions

Part V Asterisk and VolP Hacking

Chapter 10 Understanding and Taking Advantage of VolP Protocols

Introduction

Your Voice to Data

Making Your Voice Smaller

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 11 Asterisk Hardware Ninjutsu

Introduction

Serial

Motion

Modems

Fun with Dialing

Legalities and Tips

Summary

Solutions Fast Track

Frequently Asked Questions

Part VI Hack the Stack

Chapter 12 Social Engineering

Introduction

Attacking the People Layer

Defending the People Layer

Making the Case for Stronger Security

People Layer Security Project

Summary

Solutions Fast Track

Frequently Asked Questions

Index