Description

Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. The book consists of seven chapters that cover the following: (i) USB Hacksaw; (ii) the USB Switchblade; (iii) viruses and malicious codes; (iv) USB-based heap overflow; (v) the evolution of forensics in computer security; (vi) pod slurping; and (vii) the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements. This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency.

Key Features

  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable

Readership

Information security professionals of all levels; web application developers; recreational hackers

Table of Contents

About the Authors Introduction Chapter 1 USB Hacksaw     Sharing Away Your Future     Anatomy of the Attack          Universal Serial Bus          U3 and Flash Drive CD-ROM Emulation          Inside the Hacksaw Attack          Hacksaw Removal     What Is the Big Deal?          Regulators, Mount Up     Evolution of the Portable Platform          Portable Platforms          Hacksaw Development     Defending against This Attack     Summary     Endnotes Chapter 2 USB Switchblade     Passing Grades     Inside the Switchblade          Switchblade Tool Summaries          Switchblade Assembly     Why Should I Care?     Evolving Aspects          Privilege Elevation     Defensive Techniques          System Execution Prevention and USB Antidote          Biometrics and Token Security          Password Protection Practices          Windows Group Policy Options          Browser Settings and Screen Savers     Summary Chapter 3 USB-Based Virus/Malicious Code Launch     Invasive Species among Us          An Uncomfortable Presentation     Anatomy of the Attack          Malicious Code Methodologies          Autorun          How to Recreate the Attack     Evolution of the Attack     Why All the Fuss?          Botnets          Distributed Denial-of-Service Attacks          E-mail Spamming          Infecting New Hosts          Identity Theft          Transporting Illegal Software          Google AdSense and Advertisement Add-On Abuse     Defending against This Attack          Antimalware     Summary     Endnotes Chapter 4 USB Device Overflow     Overflow Overview     Analyzing This Attack          Device Drivers          Going with the Overflow          USB Development and the Hole in the Heap     Ever-Present Exposures     Overflow Outlook     Defensive Strategies          Drivers          Physical Protection Mechanisms     Summary     Endnote Chapter 5 RAM dump     Gadgets Gone Astray     Digital Forensic Acquisition Ex

Details

No. of pages:
256
Language:
English
Copyright:
© 2010
Published:
Imprint:
Syngress
Print ISBN:
9781597495530
Electronic ISBN:
9781597495547

About the authors

Brian Anderson

Brian Anderson started his security career as a USMC Military Police officer. During his tour in the USMC Brian also served as an instructor for weapons marksmanship, urban combat, building entry techniques and less than lethal munitions. He also took part in the Somalia humanitarian efforts and several training engagements in the Middle East. Brian’s technical experience began when he joined EDS where he became part of a leveraged team and specialized in infrastructure problem resolution, disaster recovery and design and security. His career progression was swift carrying him through security engineering and into architecture where he earned a lead role. Brian was a key participant in many high level security projects driven by HIPAA, PCI, SOX, FIPS and other regulatory compliance which included infrastructure dependent services, multi-tenant directories, IdM, RBAC, SSO, WLAN, full disk and removable media encryption, leveraged perimeter design and strategy. He has earned multiple certifications for client, server and network technologies. Brian has written numerous viewpoint and whitepapers for current and emerging technologies and is a sought out expert on matters of security, privacy and penetration testing. Brian is an avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.

Barbara Anderson

Barbara Anderson has worked in the information technology industry as a network and server security professional for over eleven years. During that time, she has been acting as a senior network security engineer who provides consulting and support for all aspects of network and security design. Barbara comes from a strong network security background and has extensive experience in enterprise design, implementation and life-cycle management. Barbara proudly served her country for over four years in the United States Air force and has enjoyed successful positions at EDS, SMU, Fujitsu, ACS and Fishnet Security. These experiences and interactions have allowed her to become an expert in enterprise security, product deployment and training.

Reviews

"Seven Deadliest USB Attacks provides real-world insight into issues a good deal of computer users don't even realize exist. The author's clear voice profiles attack scenarios, tools, as well as mitigation techniques. This book raises the right questions and provides the right answers" - Mirko Zorz, Editor in Chief of Help Net Security and (IN)SECURE Magazine