CIT-Application SoftwareSecurity - Information SecurityNEWINFORMATION ASSURANCE FOR THE ENTERPRISE:A ROADMAP TO INFORMATION SECURITYby Corey Schou, Idaho State University and Daniel Paul Shoemaker,University of Detroit Mercy2007 (March 2006) / Softcover / 560 pagesISBN-13: 978-0-07-225524-9 / MHID: 0-07-225524-2FEATURES• Written by the most authoritative voice on information security inboth academia and industry.• Introduces the concepts of information security, the securityassessment and the implementation of security via minimal technicalterminology and acronyms to appeal to a broader audience• Real world examples and case studies for illustrations.• End-of-chapter review includes summaries, key terms list,vocabulary quiz, multiple-choice test, true/false ques tions, andperhaps research projects as hands-on projects.• Instructor support includes instructor manual, test bank softwarewith hundreds of questions, PowerPoint® slides.CONTENTSPart I: The Organizational/Policy Domain: Ch. 1: Or ga ni za tion al Security Policyand Planning. Ch. 2: Defined and Doc u ment ed Infrastructure. Ch. 3: Educationand Awareness. Ch. 4: Asset Management. Ch. 5: Business Continuity. Ch. 6:Legal and Regulatory Com pli ance. Part II: The Man a ge ri al/Ad min is tra tive Domain:Ch. 7: Building Security Func tions Into Development. Ch. 8: Personnel Security.Ch. 9: Physical Security. Part III: The Operational/Technical Do main: Ch. 10:Access Control. Ch. 11: Operations Security. Ch. 12: Network Security. Ch. 13:Application and System Soft ware Security. Ch. 14: Op er a tion al Risk Assessmentand Audit. Part IV: The Community/Contextual Domain: Ch. 15: Ethics. Ch. 16:A Standard Im ple men ta tion Model. Glos sa ry. Index.HACKER'S CHALLENGE 3Third Editionby David Pollino, Bill Pennington, Tony Bradley, and HimanshuDwivedi2006 / Softcover / 400 pagesISBN-13: 978-0-07-226304-6 / MHID: 0-07-226304-0(Osborne Media Title)Professional BookCatch a Phish. Chapter 2: Owning the Pharm. Chapter 3: Big Bait, Big Phish.Chapter 4: Shooting Phish in a Barrel. Chapter 5: Too Few Secrets. Chapter 6:Upgraded or "Owned?" Chapter 7: Pale Blue Glow. Chapter 8: Crossing the Line.Chapter 9: The Root of the Problem. Chapter 10: Firewall Insights. Chapter 11:Peter LemonJello's "A Series of Unfortunate Events" Chapter 12: Share and ShareAlike. Chapter 13: The Holy Grail. Chapter 14: Open Source. Chapter 15: Cupof Chai. Chapter 16: Love Plus One. Chapter 17: Bullet in the Blue Sky. Chapter18: The Insider III. Chapter 19: Jumping Someone Else's Train. Chapter 20: TheNot-So-Usual Suspects. INDEX.Security - Network SecurityCWSP CERTIFIED WIRELESS SECURITYPROFESSIONAL OFFICIAL STUDY GUIDE (EXAMPW0-200)Second Editionby Tom Carpenter, Grant Moerschel, and Richard Dreger,Waveguard, Inc.2007 (September 2006) / Softcover / 592 pagesISBN-13: 978-0-07-226320-6 / MHID: 0-07-226320-2(Osborne Media Title)Professional BookThe ONLY official study guide for the industry-standardwireless security certification examCowritten by the creators of the exam and leading expertsin wireless security, CWSP Certified Wireless SecurityProfessional Official Study Guide, Second Edition, offerscomplete coverage of all the objectives for the vendor-neutralwireless network certification that focuses on the technologiesbehind the brands. The fully integrated study system includesnotes that reinforce and teach practical skills, step-by-stepexercises, chapter self-tests, and more than 150 practice examquestions.CONTENTSChapter 1: Wireless LAN Auditing Tools. Chapter 2: Gathering Information.Chapter 3: Unauthorized Access. Chapter 4: Denial of Service. Chapter 5:Legislation. Chapter 6: General Policy. Chapter 7: Functional Policy: Guidelines& Baselines. Chapter 8: Functional Policy: Design & Implementation. Chapter 9:Functional Policy: Monitoring & Response. Chapter 10: Securing the EnterpriseChapter 11: Authentication. Chapter 12: Authentication Framework Components.Chapter 13: Encryption. Chapter 14: WEP/WPA. Chapter 15: 802.11i. Chapter 16:Network and Application Layer VPN Technology. Chapter 17: Wireless Monitoringand Protection. Chapter 18: Wireless LAN Switches.Every day, hackers are devising new ways to break into yournetwork. Do you have what it takes to stop them? Find out inHacker’s Challenge 3. Inside, top-tier security experts offer 20brand-new, real-world network security incidents to test yourcomputer forensics and response skills. All the latest hot-buttontopics are covered, including phishing and pharming scams,internal corporate hacking, Cisco IOS, wireless, iSCSI storage,VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and muchmore. Each challenge includes a detailed explanation of theincident--how the break-in was detected, evidence and clues,technical background such as log files and network maps, anda series of questions for you to solve. In Part II, you’ll get adetailed analysis of how the experts solved each incident.CONTENTSPart I: Challenges. Chapter 1: To Catch a Phish. Chapter 2: Owning the Pharm.Chapter 3: Big Bait, Big Phish. Chapter 4: Shooting Phish in a Barrel. Chapter 5:Too Few Secrets. Chapter 6: Upgraded or "Owned?" Chapter 7: Pale Blue Glow.Chapter 8: Crossing the Line. Chapter 9: The Root of the Problem. Chapter 10:Firewall Insights. Chapter 11: Peter LemonJello's "A Series of Unfortunate Events"Chapter 12: Share and Share Alike. Chapter 13: The Holy Grail. Chapter 14: OpenSource. Chapter 15: Cup of Chai. Chapter 16: Love Plus One. Chapter 17: Bulletin the Blue Sky. Chapter 18: The Insider III. Chapter 19: Jumping Someone Else'sTrain. Chapter 20: The Not-So-Usual Suspects. Part II: Solutions. Chapter 1: To8161-86_CIT-Appication.indd 8111/15/06 5:08:48 PM
CIT-Application SoftwareHACKING EXPOSED WEB APPLICATIONSecond Editionby Joel Scambray, Mike Shema, and Caleb Sima2006 / Softcover / 520 pagesISBN-13: 978-0-07-226299-5 / MHID: 0-07-226299-0(Osborne Media Title)Professional BookDefend against the latest Web-based attacks by lookingat your Web applications through the eyes of a maliciousintruder. Fully revised and updated to cover the latest Webexploitation techniques, Hacking Exposed Web Applications,Second Edition shows you, step-by-step, how cyber-criminalstarget vulnerable sites, gain access, steal critical data, andexecute devastating attacks. All of the cutting-edge threats andvulnerabilities are covered in full detail alongside real-worldexamples, case studies, and battle-tested countermeasures fromthe authors' experiences as gray hat security professionals.CONTENTSChapter 1: Hacking Web Apps 101. Chapter 2: Profiling. Chapter 3: Hacking WebPlatforms. Chapter 4: Attacking Web Authentication. Chapter 5: Attacking WebAuthorization. Chapter 6: Input Validation Attacks. Chapter 7: Attacking WebDatastores. Chapter 8: Attacking XML Web Services. Chapter 9: Attacking WebApplication Management. Chapter 10: Hacking Web Clients. Chapter 11: Denialof-Service(DoS) Attacks. Chapter 12: Full-Knowledge Analysis. Chapter 13: WebApplication Security Scanners. Appendix A: Web Application Security Checklist.Appendix B: Web Hacking Tools And Techniques Cribsheet. Appendix C: UrlscanAnd Modsecurity. Appendix D: About The Companion Web Site. IndexHACKING EXPOSEDFifth EditionBy Stuart McClure, Joel Scambray, and George Kurtz2006 / 692 pages / SoftcoverISBN-13: 978-0-07-226081-6 / MHID: 0-07-226081-5(Osborne Media Title)Professional BookHere is the latest edition of international best-seller, HackingExposed. Using real-world case studies, renowned securityexperts Stuart McClure, Joel Scambray, and George Kurtzshow IT professionals how to protect computers and networksagainst the most recent security vulnerabilities. You’ll finddetailed examples of the latest devious break-ins and will learnhow to think like a hacker in order to thwart attacks. Coverageincludes:* Code hacking methods and countermeasures* New exploits for Windows 2003 Server, UNIX/Linux,Cisco, Apache, and Web and wireless applications* Latest DDoS techniques--zombies, Blaster, MyDoom* All new class of vulnerabilities–HTTP Response Splitting* and much moreNew to this edition* Proven, cohesive, coherent methodology showing how ahacker thinks, to better educate those securing all parts of a network* This edition continues the tradition of a one-stop securityinformation resource with dozens of professionally-vetted referencesand tips* New Web application hacking tools and techniques, aswell as new Internet client attacks, and more* New case studies based on Fortune 500 security practices* Companion web site will be available with the most up-todatesecurity informationCONTENTSPart I: Casing the Establishment. Chapter 1: Footprinting Chapter 2: ScanningChapter 3: Enumeration. Part II: System Hacking. Chapter 4: Hacking WindowsChapter 5: Hacking UNIX Chapter 6: Remote Connectivity and VoIP Hacking.Part III: Network Hacking. Chapter7: Network Devices Chapter 8: WirelessHacking Chapter 9: Firewalls Chapter 10: Denial of Service Attacks. Part IV:Software Hacking. Chapter 11: Hacking Code Chapter 12: Web Hacking Chapter13: Hacking the Internet User. Part V: Appendices. A: Ports. B: Top 14 SecurityVulnerabilities. IndexCOMPUTER SECURITY LAB MAN U ALby Vincent J Nestler, Wm. Arthur Conklin, University of Texas at SanAntonio and Gregory B White, Center for In fra struc ture As sur anceand Security, Uni ver si ty of Texas San Antonio2006 / Softcover / 320 pagesISBN-13: 978-0-07-225508-9 / MHID: 0-07-225508-0This lab manual provides a host of hands-on exercises that arethe perfect supplement to your computer security textbook.Over 40 lab projects build from basic networking skills toidentification of vulnerabilities, hardening of computer systems,and detection and incident response. This book reinforcesSecurity+ certification ob jec tives and prepares students towork in the real world by applying networking concepts tosolve real business problems. This lab manual is suitable toaccompany any security text book, but an appendix maps thelabs specifically for easy use with <strong>McGraw</strong>-<strong>Hill</strong> textbooks,Principles of <strong>Computer</strong> Se cu ri ty: Security+ and Beyond andFundamentals of Network Security.CONTENTSIntroduction: How to Use This Manual. Setting Up Lab Com put ers. MozillaLinks—Build ing a Web Page of Resources. Part 1: Network Basics Ping, Ipconfig,ARP: Viewing Network Traffic with Ethereal. Default Gateway, Routing/Netstat.Telnet, 3-way Hand shake. Sharing Folders. Net Command. FTP/Web/Netstat.SMTP Command Line. Setting Up Outlook Express. Project: Bring a <strong>Computer</strong>Up on the Network. Part 2: Vulnerability Assessment - Penetration Testing:Enumeration. Nmap. Superscan. Penetration Testing and Attacks. Sniffing Telnet.Sniffing and Spoofing Mail. Dsniff. Steganography. Keylogger (Scout). PasswordCracking—John the Ripper. Denial of Service Attack. SubSeven. VulnerabilityAs sess ment. NeWT. Project: Find and Attack a <strong>Computer</strong>. Part 3: Prevention - HostHardening and Secure Communications: Host Hardening. CIS Scanner. PatchManagement—Service Packs and Hotfixes. Security Templates. Bios Hardening.Turning Off Unneeded Ser vic es. Anti-Virus—AVG. Per son al Firewall—ZoneAlarm. Adaware. Configuring Internet Explorer. IIS Lockdown Wizard. SecureCommunicatons. Certificate Server 1. Certificate Server 2. FTP Configuration. SSH.MD5. SCP. PGP 1. VPN. Policy Writing. Training Plan. Project: Build and DefendAgainst an Attack. Part 4: Detection and Response: Intrusion De tec tion—Snort.Logs-1: Windows. Logs-2: Linux. Password Recovery. Live Forensics Analysis.Disk Duplication. Mail Logs. Backup and Re store. Fire CD. Project: Investigation.Part 5: Appendixes. Port Listing. Virtual PC TuningANTI-HACK ER TOOL KITThird Editionby Mike Shema2006 / 800 pages / SoftcoverISBN-13: 978-0-07-226287-2 / MHID: 0-07-226287-7(Osborne Media Title)Professional BookOrganized by category, Anti-Hacker Tool Kit, Third Editionprovides complete details on the latest and most criticalsecurity tools, explains their function, and demonstrates howto configure them to get the best results.* Completely revised to include the latest security tools,including wireless tools* New tips on how to configure the recent tools on Linux,Windows, and Mac OSX* New on the CD-ROM--Gnoppix, a complete Linux system,ClamAV anti-virus, Cain, a multi-function hacking tool, Bluetoothtools, protocol scanners, forensic tools, and more* New case studies in each chapter8261-86_CIT-Appication.indd 8211/15/06 5:08:49 PM