Seven Deadliest USB Attacks

Seven Deadliest USB Attacks

1st Edition - April 22, 2010

Write a review

  • Authors: Brian Anderson, Barbara Anderson
  • eBook ISBN: 9781597495547

Purchase options

Purchase options
DRM-free (EPub, PDF, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. If you need to keep up with the latest hacks, attacks, and exploits effecting USB technology, then this book is for you. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency. The book provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. There are seven chapters that cover the following: USB Hacksaw; the USB Switchblade; viruses and malicious codes; USB-based heap overflow; the evolution of forensics in computer security; pod slurping; and the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements. This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It will be a valuable resource for information security professionals of all levels, as well as web application developers and recreational hackers.

Key Features

  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable

Readership

Information security professionals of all levels; web application developers; recreational hackers

Table of Contents


  • About the Authors

    Introduction

    Chapter 1 USB Hacksaw

        Sharing Away Your Future

        Anatomy of the Attack

             Universal Serial Bus

             U3 and Flash Drive CD-ROM Emulation

             Inside the Hacksaw Attack

             Hacksaw Removal

        What Is the Big Deal?

             Regulators, Mount Up

        Evolution of the Portable Platform

             Portable Platforms

             Hacksaw Development

        Defending against This Attack

        Summary

        Endnotes

    Chapter 2 USB Switchblade

        Passing Grades

        Inside the Switchblade

             Switchblade Tool Summaries

             Switchblade Assembly

        Why Should I Care?

        Evolving Aspects

             Privilege Elevation

        Defensive Techniques

             System Execution Prevention and USB Antidote

             Biometrics and Token Security

             Password Protection Practices

             Windows Group Policy Options

             Browser Settings and Screen Savers

        Summary

    Chapter 3 USB-Based Virus/Malicious Code Launch

        Invasive Species among Us

             An Uncomfortable Presentation

        Anatomy of the Attack

             Malicious Code Methodologies

             Autorun

             How to Recreate the Attack

        Evolution of the Attack

        Why All the Fuss?

             Botnets

             Distributed Denial-of-Service Attacks

             E-mail Spamming

             Infecting New Hosts

             Identity Theft

             Transporting Illegal Software

             Google AdSense and Advertisement Add-On Abuse

        Defending against This Attack

             Antimalware

        Summary

        Endnotes

    Chapter 4 USB Device Overflow

        Overflow Overview

        Analyzing This Attack

             Device Drivers

             Going with the Overflow

             USB Development and the Hole in the Heap

        Ever-Present Exposures

        Overflow Outlook

        Defensive Strategies

             Drivers

             Physical Protection Mechanisms

        Summary

        Endnote

    Chapter 5 RAM dump

        Gadgets Gone Astray

        Digital Forensic Acquisition Examination

             Computer Online Forensic Evidence Extractor or Detect and Eliminate Computer-Assisted Forensics?

             Memory Gatherings

             Reconstructing the Attack

        Mind Your Memory

        Advancements in Memory Analysis

             ManTech DD

             Additional Analysis Tools

             Future Memories

             The Room with an Evil View

        Hindering the Gatherers

             Security Framework, Programs, and Governance

             Trackers and Remote Management

             BIOS Features

             Trustless Execution Technology and Module Platform

             Enhancing the Encryption Experience

             BitLocker and TrueCrypt

        Summary

        Endnotes

    Chapter 6 Pod Slurping

        Attack of the Data Snatchers

        Anatomy of a Slurp

             How to Recreate the Attack

        Risky Business

             Pod Proliferation

        Advancements in This Attack

             Breaking Out of Jobs’ Jail

        Mitigating Measures

             Put Your Clients on a Data Diet

             Hijacking an iPhone

        Summary

        Endnotes

    Chapter 7 Social Engineering and USB Come Together for a Brutal Attack

        Brain Games

        Hacking the Wetware

             Reverse Social Engineering

             Penetration of a Vulnerable Kind

        Elevated Hazards

             Legitimate Social Engineering Concerns

        Generations of Influences

             USB Multipass

        Thwarting These Behaviors

             Security Awareness and Training

             Behavioral Biometrics

             Windows Enhancements

        Summary

        Overview

        Endnotes

    Index






Product details

  • No. of pages: 256
  • Language: English
  • Copyright: © Syngress 2010
  • Published: April 22, 2010
  • Imprint: Syngress
  • eBook ISBN: 9781597495547

About the Authors

Brian Anderson

Brian Anderson started his security career as a USMC Military Police officer. During his tour in the USMC Brian also served as an instructor for weapons marksmanship, urban combat, building entry techniques and less than lethal munitions. He also took part in the Somalia humanitarian efforts and several training engagements in the Middle East.

Brian’s technical experience began when he joined EDS where he became part of a leveraged team and specialized in infrastructure problem resolution, disaster recovery and design and security. His career progression was swift carrying him through security engineering and into architecture where he earned a lead role. Brian was a key participant in many high level security projects driven by HIPAA, PCI, SOX, FIPS and other regulatory compliance which included infrastructure dependent services, multi-tenant directories, IdM, RBAC, SSO, WLAN, full disk and removable media encryption, leveraged perimeter design and strategy. He has earned multiple certifications for client, server and network technologies. Brian has written numerous viewpoint and whitepapers for current and emerging technologies and is a sought out expert on matters of security, privacy and penetration testing. Brian is an avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.

Affiliations and Expertise

An avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.

Barbara Anderson

Barbara Anderson has worked in the information technology industry as a network and server security professional for over eleven years. During that time, she has been acting as a senior network security engineer who provides consulting and support for all aspects of network and security design. Barbara comes from a strong network security background and has extensive experience in enterprise design, implementation and life-cycle management.

Barbara proudly served her country for over four years in the United States Air force and has enjoyed successful positions at EDS, SMU, Fujitsu, ACS and Fishnet Security. These experiences and interactions have allowed her to become an expert in enterprise security, product deployment and training.

Affiliations and Expertise

CCSP, CISSP, CCNP, CCDP

Ratings and Reviews

Write a review

There are currently no reviews for "Seven Deadliest USB Attacks"