Syngress Force Emerging Threat Analysis

Description

A One-Stop Reference Containing the Most Read Topics in the Syngress Security Library

This Syngress Anthology Helps You Protect Your Enterprise from Tomorrow’s Threats Today

This is the perfect reference for any IT professional responsible for protecting their enterprise from the next generation of IT security threats. This anthology represents the “best of this year’s top Syngress Security books on the Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats likely to be unleashed in the near future..

* From Practical VoIP Security, Thomas Porter, Ph.D. and Director of IT Security for the FIFA 2006 World Cup, writes on threats to VoIP communications systems and makes recommendations on VoIP security.
* From Phishing Exposed, Lance James, Chief Technology Officer of Secure Science Corporation, presents the latest information on phishing and spam.
* From Combating Spyware in the Enterprise, Brian Baskin, instructor for the annual Department of Defense Cyber Crime Conference, writes on forensic detection and removal of spyware.
* Also from Combating Spyware in the Enterprise, About.com’s security expert Tony Bradley covers the transformation of spyware.
* From Inside the SPAM Cartel, Spammer-X shows how spam is created and why it works so well.
* From Securing IM and P2P Applications for the Enterprise, Paul Piccard, former manager of Internet Security Systems' Global Threat Operations Center, covers Skype security.
* Also from Securing IM and P2P Applications for the Enterprise, Craig Edwards, creator of the IRC security software IRC Defender, discusses global IRC security.
* From RFID Security, Brad “Renderman Haines, one of the most visible members of the wardriving community, covers tag encoding and tag application attacks.
* Also from RFID Security, Frank Thornton, owner of Blackthorn Systems and an expert in wireless networks, discusses management of RFID security.
* From Hack the Stack, security expert Michael Gregg covers attacking the people layer.
* Bonus coverage includes exclusive material on device driver attacks by Dave Maynor, Senior Researcher at SecureWorks.

* The “best of this year: Human, Malware, VoIP, Device Driver, RFID, Phishing, and Spam threats
* Complete Coverage of forensic detection and removal of spyware, the transformation of spyware, global IRC security, and more
* Covers secure enterprise-wide deployment of hottest technologies including Voice Over IP, Pocket PCs, smart phones, and more

Cover 2
Contents 18
Foreword 32
Part I VoIP 34
- Chapter 1 Threats to VoIP Communications Systems By Thomas Porter 36
  - Introduction 37
  - Denial-of-Service or VoIP Service Disruption 37
  - Call Hijacking and Interception 45
  - H.323-Specific Attacks 53
  - SIP-Specific Attacks 54
- Chapter 2 Validate Existing Security Infrastructure for VoIP By Thomas Porter 60
  - Introduction 61
  - Security Policies and Processes 62
  - Physical Security 74
  - Server Hardening 78

Cover 2
Contents 18
Foreword 32
Part I VoIP 34
- Chapter 1 Threats to VoIP Communications Systems By Thomas Porter 36
  - Introduction 37
  - Denial-of-Service or VoIP Service Disruption 37
  - Call Hijacking and Interception 45
  - H.323-Specific Attacks 53
  - SIP-Specific Attacks 54
- Chapter 2 Validate Existing Security Infrastructure for VoIP By Thomas Porter 60
  - Introduction 61
  - Security Policies and Processes 62
  - Physical Security 74
  - Server Hardening 78
  - Supporting Services 91
  - Unified Network Management 96
- Chapter 3 Recommendations for VoIP Security By Thomas Porter 106
  - Introduction 107
  - Reuse Existing Security Infrastructure Wisely 108
  - Confirm User Identity 112
  - Active Security Monitoring 115
  - Logically Segregate VoIP from Data Traffic 117
- Chapter 4 Skype Security By Paul Piccard 136
  - Introduction 137
  - Skype Architecture 138
  - Features and Security Information 140
  - Malicious Code 146
  - Client Security 147
- Part II Malware 156
  - Chapter 5 The Transformation of Spyware By Tony Bradley 158
    - Introduction 159
    - The Humble Beginnings 159
    - Spyware in the Twenty-First Century 167
    - The Future of Spyware 171
  - Chapter 6 Spyware and the Enterprise Network By Jeremy Faircloth 176
    - Introduction 177
    - Keystroke Loggers 178
    - Trojan Encapsulation 188
    - Spyware and Backdoors 192
  - Chapter 7 Global IRC Security By Craig Edwards 200
    - DDoS Botnets Turned Bot-Armies 201
    - Introduction 201
    - Information Leakage 208
    - Copyright Infringement 209
    - Transfer of Malicious Files 212
    - Firewall/IDS Information 216
  - Chapter 8 Forensic Detection and Removal of Spyware By Brian Baskin 222
    - Introduction 223
    - Manual Detection Techniques 223
    - Detection and Removal Tools 241
    - Enterprise Removal Tools 268
  - Part III Phishing and Spam 278
    - Chapter 9 Go Phish! By Lance James 280
      - Introduction 281
      - The Impersonation Attack 283
      - The Forwarding Attack 303
      - The Popup Attack 309
    - Chapter 10 E-Mail: The Weapon of Mass Delivery By Lance James 322
      - Introduction 323
      - E-Mail Basics 323
    - Chapter 11 How Spam Works By Spammer X 368
      - The Business of Spam 369
      - Who Am I? 369
      - Spam in the Works: A Real-World Step-by-Step Example 371
    - Chapter 12 Sending Spam By Spammer X 382
      - The Required Mindset to Send Spam 383
      - Methods of Sending Spam 384
    - Chapter 13 Your E-mail: Digital Gold By Spammer X 416
      - What Does Your E-mail Address Mean to a Spammer? 417
      - Hackers and Spammers: Their United Partnership 419
      - Harvesting the Crumbs of the Internet 422
      - Mass Verification 430
    - Chapter 14 Creating the Spam Message and Getting It Read By Spammer X 438
      - Jake Calderon? Who Are You? 439
    - Part IV RFID 464
      - Chapter 15 RFID Attacks: Tag Encoding Attacks By Brad “Renderman” Haines 466
        
        The SpeedPass 467
        
        Introduction 467
        
        Case Study: John Hopkins vs. SpeedPass 467
      - Chapter 16 RFID Attacks: Tag Application Attacks By Brad “Renderman” Haines 480
        
        Chip Clones—Fraud and Theft 481
        
        MIM 481
        
        Tracking: Passports/Clothing 486
        
        Chip Cloning > Fraud 490
        
        Disruption 492
      - Chapter 17 RFID Attacks: Securing Communications Using RFID Middleware By Anand M. Das 494
        
        RFID Middleware Introduction 495
        
        Attacking Middleware with the Air Interface 506
        
        Understanding Security Fundamentals and Principles of Protection 511
        
        Addressing Common Risks and Threats 524
        
        Securing RFID Data Using Middleware 527
        
        Using DES in RFID Middleware for Robust Encryption 529
        
        Using Stateful Inspection in the Application Layer Gateway For Monitoring RFID Data Streams 530
        
        Providing Bulletproof Security Using Discovery, Resolution, and Trust Services in AdaptLink™ 532
      - Chapter 18 RFID Security: Attacking the Backend By Hersh Bhargava 536
        
        Introduction 537
        
        Overview of Backend Systems 537
        
        Data Attacks 539
        
        Virus Attacks 541
        
        RFID Data Collection Tool— Backend Communication Attacks 543
        
        Attacks on ONS 544
      - Chapter 19 Management of RFID Security By Frank Thornton 548
        
        Introduction 549
        
        Risk and Vulnerability Assessment 549
        
        Risk Management 552
        
        Threat Management 554
      - Part V Non-Traditional Threats 558
        
        Chapter 20 Attacking The People Layer By Michael Gregg and Ron Bandes 560
        
        Attacking the People Layer 561
        
        Defending the People Layer 583
        
        Making the Case for Stronger Security 598
        
        People Layer Security Project 605
        
        Chapter 21 Device Driver Auditing By David Maynor 610
        
        Introduction 611
        
        Why Should You Care? 611
        
        What Is a Device Driver? 614
        
        Index 630

Author's affiliation

Robert Graham: Chief Scientist of Internet Security Systems,

From Mischief to Malicious

Description

TOC

Reviews (0)

Author's affiliation