Seven Deadliest USB Attacks
1st Edition
Description
Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. If you need to keep up with the latest hacks, attacks, and exploits effecting USB technology, then this book is for you. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency.
The book provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. There are seven chapters that cover the following: USB Hacksaw; the USB Switchblade; viruses and malicious codes; USB-based heap overflow; the evolution of forensics in computer security; pod slurping; and the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements.
This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It will be a valuable resource for information security professionals of all levels, as well as web application developers and recreational hackers.
Key Features
- Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
- Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
- Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable
Readership
Information security professionals of all levels; web application developers; recreational hackers
Table of Contents
About the Authors
Introduction
Chapter 1 USB Hacksaw
Sharing Away Your Future
Anatomy of the Attack
Universal Serial Bus
U3 and Flash Drive CD-ROM Emulation
Inside the Hacksaw Attack
Hacksaw Removal
What Is the Big Deal?
Regulators, Mount Up
Evolution of the Portable Platform
Portable Platforms
Hacksaw Development
Defending against This Attack
Summary
Endnotes
Chapter 2 USB Switchblade
Passing Grades
Inside the Switchblade
Switchblade Tool Summaries
Switchblade Assembly
Why Should I Care?
Evolving Aspects
Privilege Elevation
Defensive Techniques
System Execution Prevention and USB Antidote
Biometrics and Token Security
Password Protection Practices
Windows Group Policy Options
Browser Settings and Screen Savers
Summary
Chapter 3 USB-Based Virus/Malicious Code Launch
Invasive Species among Us
An Uncomfortable Presentation
Anatomy of the Attack
Malicious Code Methodologies
Autorun
How to Recreate the Attack
Evolution of the Attack
Why All the Fuss?
Botnets
Distributed Denial-of-Service Attacks
E-mail Spamming
Infecting New Hosts
Identity Theft
Transporting Illegal Software
Google AdSense and Advertisement Add-On Abuse
Defending against This Attack
Antimalware
Summary
Endnotes
Chapter 4 USB Device Overflow
Overflow Overview
Analyzing This Attack
Device Drivers
Going with the Overflow
USB Development and the Hole in the Heap
Ever-Present Exposures
Overflow Outlook
Defensive Strategies
Drivers
Physical Protection Mechanisms
Summary
Endnote
Chapter 5 RAM dump
Gadgets Gone Astray
Digital Forensic Acquisition Examination
Computer Online Forensic Evidence Extractor or Detect and Eliminate Computer-Assisted Forensics?
Memory Gatherings
Reconstructing the Attack
Mind Your Memory
Advancements in Memory Analysis
ManTech DD
Additional Analysis Tools
Future Memories
The Room with an Evil View
Hindering the Gatherers
Security Framework, Programs, and Governance
Trackers and Remote Management
BIOS Features
Trustless Execution Technology and Module Platform
Enhancing the Encryption Experience
BitLocker and TrueCrypt
Summary
Endnotes
Chapter 6 Pod Slurping
Attack of the Data Snatchers
Anatomy of a Slurp
How to Recreate the Attack
Risky Business
Pod Proliferation
Advancements in This Attack
Breaking Out of Jobs’ Jail
Mitigating Measures
Put Your Clients on a Data Diet
Hijacking an iPhone
Summary
Endnotes
Chapter 7 Social Engineering and USB Come Together for a Brutal Attack
Brain Games
Hacking the Wetware
Reverse Social Engineering
Penetration of a Vulnerable Kind
Elevated Hazards
Legitimate Social Engineering Concerns
Generations of Influences
USB Multipass
Thwarting These Behaviors
Security Awareness and Training
Behavioral Biometrics
Windows Enhancements
Summary
Overview
Endnotes
Index
Details
- No. of pages:
- 256
- Language:
- English
- Copyright:
- © Syngress 2010
- Published:
- 22nd April 2010
- Imprint:
- Syngress
- eBook ISBN:
- 9781597495547
- Paperback ISBN:
- 9781597495530
About the Author
Brian Anderson
Brian Anderson started his security career as a USMC Military Police officer. During his tour in the USMC Brian also served as an instructor for weapons marksmanship, urban combat, building entry techniques and less than lethal munitions. He also took part in the Somalia humanitarian efforts and several training engagements in the Middle East.
Brian’s technical experience began when he joined EDS where he became part of a leveraged team and specialized in infrastructure problem resolution, disaster recovery and design and security. His career progression was swift carrying him through security engineering and into architecture where he earned a lead role. Brian was a key participant in many high level security projects driven by HIPAA, PCI, SOX, FIPS and other regulatory compliance which included infrastructure dependent services, multi-tenant directories, IdM, RBAC, SSO, WLAN, full disk and removable media encryption, leveraged perimeter design and strategy. He has earned multiple certifications for client, server and network technologies. Brian has written numerous viewpoint and whitepapers for current and emerging technologies and is a sought out expert on matters of security, privacy and penetration testing. Brian is an avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.
Affiliations and Expertise
An avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.
Barbara Anderson
Barbara Anderson has worked in the information technology industry as a network and server security professional for over eleven years. During that time, she has been acting as a senior network security engineer who provides consulting and support for all aspects of network and security design. Barbara comes from a strong network security background and has extensive experience in enterprise design, implementation and life-cycle management.
Barbara proudly served her country for over four years in the United States Air force and has enjoyed successful positions at EDS, SMU, Fujitsu, ACS and Fishnet Security. These experiences and interactions have allowed her to become an expert in enterprise security, product deployment and training.
Affiliations and Expertise
CCSP, CISSP, CCNP, CCDP
Reviews
"Seven Deadliest USB Attacks provides real-world insight into issues a good deal of computer users don't even realize exist. The author's clear voice profiles attack scenarios, tools, as well as mitigation techniques. This book raises the right questions and provides the right answers" - Mirko Zorz, Editor in Chief of Help Net Security and (IN)SECURE Magazine