Seven Deadliest USB Attacks - 1st Edition - ISBN: 9781597495530, 9781597495547

Seven Deadliest USB Attacks

1st Edition

Authors: Brian Anderson Barbara Anderson
eBook ISBN: 9781597495547
Paperback ISBN: 9781597495530
Imprint: Syngress
Published Date: 22nd April 2010
Page Count: 256
Tax/VAT will be calculated at check-out
26.95
15.99
19.95
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access


Description

Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. If you need to keep up with the latest hacks, attacks, and exploits effecting USB technology, then this book is for you. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency.

The book provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. There are seven chapters that cover the following: USB Hacksaw; the USB Switchblade; viruses and malicious codes; USB-based heap overflow; the evolution of forensics in computer security; pod slurping; and the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements.

This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It will be a valuable resource for information security professionals of all levels, as well as web application developers and recreational hackers.

Key Features

  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable

Readership

Information security professionals of all levels; web application developers; recreational hackers

Table of Contents


About the Authors

Introduction

Chapter 1 USB Hacksaw

Sharing Away Your Future

Anatomy of the Attack

Universal Serial Bus

U3 and Flash Drive CD-ROM Emulation

Inside the Hacksaw Attack

Hacksaw Removal

What Is the Big Deal?

Regulators, Mount Up

Evolution of the Portable Platform

Portable Platforms

Hacksaw Development

Defending against This Attack

Summary

Endnotes

Chapter 2 USB Switchblade

Passing Grades

Inside the Switchblade

Switchblade Tool Summaries

Switchblade Assembly

Why Should I Care?

Evolving Aspects

Privilege Elevation

Defensive Techniques

System Execution Prevention and USB Antidote

Biometrics and Token Security

Password Protection Practices

Windows Group Policy Options

Browser Settings and Screen Savers

Summary

Chapter 3 USB-Based Virus/Malicious Code Launch

Invasive Species among Us

An Uncomfortable Presentation

Anatomy of the Attack

Malicious Code Methodologies

Autorun

How to Recreate the Attack

Evolution of the Attack

Why All the Fuss?

Botnets

Distributed Denial-of-Service Attacks

E-mail Spamming

Infecting New Hosts

Identity Theft

Transporting Illegal Software

Google AdSense and Advertisement Add-On Abuse

Defending against This Attack

Antimalware

Summary

Endnotes

Chapter 4 USB Device Overflow

Overflow Overview

Analyzing This Attack

Device Drivers

Going with the Overflow

USB Development and the Hole in the Heap

Ever-Present Exposures

Overflow Outlook

Defensive Strategies

Drivers

Physical Protection Mechanisms

Summary

Endnote

Chapter 5 RAM dump

Gadgets Gone Astray

Digital Forensic Acquisition Examination

Computer Online Forensic Evidence Extractor or Detect and Eliminate Computer-Assisted Forensics?

Memory Gatherings

Reconstructing the Attack

Mind Your Memory

Advancements in Memory Analysis

ManTech DD

Additional Analysis Tools

Future Memories

The Room with an Evil View

Hindering the Gatherers

Security Framework, Programs, and Governance

Trackers and Remote Management

BIOS Features

Trustless Execution Technology and Module Platform

Enhancing the Encryption Experience

BitLocker and TrueCrypt

Summary

Endnotes

Chapter 6 Pod Slurping

Attack of the Data Snatchers

Anatomy of a Slurp

How to Recreate the Attack

Risky Business

Pod Proliferation

Advancements in This Attack

Breaking Out of Jobs’ Jail

Mitigating Measures

Put Your Clients on a Data Diet

Hijacking an iPhone

Summary

Endnotes

Chapter 7 Social Engineering and USB Come Together for a Brutal Attack

Brain Games

Hacking the Wetware

Reverse Social Engineering

Penetration of a Vulnerable Kind

Elevated Hazards

Legitimate Social Engineering Concerns

Generations of Influences

USB Multipass

Thwarting These Behaviors

Security Awareness and Training

Behavioral Biometrics

Windows Enhancements

Summary

Overview

Endnotes

Index






Details

No. of pages:
256
Language:
English
Copyright:
© Syngress 2010
Published:
Imprint:
Syngress
eBook ISBN:
9781597495547
Paperback ISBN:
9781597495530

About the Author

Brian Anderson

Brian Anderson started his security career as a USMC Military Police officer. During his tour in the USMC Brian also served as an instructor for weapons marksmanship, urban combat, building entry techniques and less than lethal munitions. He also took part in the Somalia humanitarian efforts and several training engagements in the Middle East.

Brian’s technical experience began when he joined EDS where he became part of a leveraged team and specialized in infrastructure problem resolution, disaster recovery and design and security. His career progression was swift carrying him through security engineering and into architecture where he earned a lead role. Brian was a key participant in many high level security projects driven by HIPAA, PCI, SOX, FIPS and other regulatory compliance which included infrastructure dependent services, multi-tenant directories, IdM, RBAC, SSO, WLAN, full disk and removable media encryption, leveraged perimeter design and strategy. He has earned multiple certifications for client, server and network technologies. Brian has written numerous viewpoint and whitepapers for current and emerging technologies and is a sought out expert on matters of security, privacy and penetration testing. Brian is an avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.

Affiliations and Expertise

An avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.

Barbara Anderson

Barbara Anderson has worked in the information technology industry as a network and server security professional for over eleven years. During that time, she has been acting as a senior network security engineer who provides consulting and support for all aspects of network and security design. Barbara comes from a strong network security background and has extensive experience in enterprise design, implementation and life-cycle management.

Barbara proudly served her country for over four years in the United States Air force and has enjoyed successful positions at EDS, SMU, Fujitsu, ACS and Fishnet Security. These experiences and interactions have allowed her to become an expert in enterprise security, product deployment and training.

Affiliations and Expertise

CCSP, CISSP, CCNP, CCDP

Reviews

"Seven Deadliest USB Attacks provides real-world insight into issues a good deal of computer users don't even realize exist. The author's clear voice profiles attack scenarios, tools, as well as mitigation techniques. This book raises the right questions and provides the right answers" - Mirko Zorz, Editor in Chief of Help Net Security and (IN)SECURE Magazine