Book picks similar to
CISSP Study Guide by Eric Conrad
technology
information-security
security
reference
Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
Michal Zalewski - 2005
Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems.Silence on the Wire dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.
File System Forensic Analysis
Brian Carrier - 2005
Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed. Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools--including tools he personally developed. Coverage includes Preserving the digital crime scene and duplicating hard disks for dead analysis Identifying hidden data on a disk's Host Protected Area (HPA) Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques Analyzing the contents of multiple disk volumes, such as RAID and disk spanning Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.
JavaScript: The Definitive Guide
David Flanagan - 1996
This book is both an example-driven programmer's guide and a keep-on-your-desk reference, with new chapters that explain everything you need to know to get the most out of JavaScript, including:Scripted HTTP and Ajax XML processing Client-side graphics using the canvas tag Namespaces in JavaScript--essential when writing complex programs Classes, closures, persistence, Flash, and JavaScript embedded in Java applicationsPart I explains the core JavaScript language in detail. If you are new to JavaScript, it will teach you the language. If you are already a JavaScript programmer, Part I will sharpen your skills and deepen your understanding of the language.Part II explains the scripting environment provided by web browsers, with a focus on DOM scripting with unobtrusive JavaScript. The broad and deep coverage of client-side JavaScript is illustrated with many sophisticated examples that demonstrate how to:Generate a table of contents for an HTML document Display DHTML animations Automate form validation Draw dynamic pie charts Make HTML elements draggable Define keyboard shortcuts for web applications Create Ajax-enabled tool tips Use XPath and XSLT on XML documents loaded with Ajax And much morePart III is a complete reference for core JavaScript. It documents every class, object, constructor, method, function, property, and constant defined by JavaScript 1.5 and ECMAScript Version 3.Part IV is a reference for client-side JavaScript, covering legacy web browser APIs, the standard Level 2 DOM API, and emerging standards such as the XMLHttpRequest object and the canvas tag.More than 300,000 JavaScript programmers around the world have made this their indispensable reference book for building JavaScript applications."A must-have reference for expert JavaScript programmers...well-organized and detailed."-- Brendan Eich, creator of JavaScript
The Art of Computer Programming, Volume 1: Fundamental Algorithms
Donald Ervin Knuth - 1973
-Byte, September 1995 I can't begin to tell you how many pleasurable hours of study and recreation they have afforded me! I have pored over them in cars, restaurants, at work, at home... and even at a Little League game when my son wasn't in the line-up. -Charles Long If you think you're a really good programmer... read [Knuth's] Art of Computer Programming... You should definitely send me a resume if you can read the whole thing. -Bill Gates It's always a pleasure when a problem is hard enough that you have to get the Knuths off the shelf. I find that merely opening one has a very useful terrorizing effect on computers. -Jonathan Laventhol This first volume in the series begins with basic programming concepts and techniques, then focuses more particularly on information structures-the representation of information inside a computer, the structural relationships between data elements and how to deal with them efficiently. Elementary applications are given to simulation, numerical methods, symbolic computing, software and system design. Dozens of simple and important algorithms and techniques have been added to those of the previous edition. The section on mathematical preliminaries has been extensively revised to match present trends in research. Ebook (PDF version) produced by Mathematical Sciences Publishers (MSP), http: //msp.org
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
Clifford Stoll - 1989
citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up? Cliff Stoll's dramatic firsthand account is "a computer-age detective story, instantly fascinating [and] astonishingly gripping" (Smithsonian). Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name was "Hunter" -- a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases -- a one-man sting operation that finally gained the attention of the CIA...and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.
The Hacker Crackdown: Law and Disorder on the Electronic Frontier
Bruce Sterling - 1992
A journalist investigates the past, present, and future of computer crimes, as he attends a hacker convention, documents the extent of the computer crimes, and presents intriguing facts about hackers and their misdoings.
Fluent Python: Clear, Concise, and Effective Programming
Luciano Ramalho - 2015
With this hands-on guide, you'll learn how to write effective, idiomatic Python code by leveraging its best and possibly most neglected features. Author Luciano Ramalho takes you through Python's core language features and libraries, and shows you how to make your code shorter, faster, and more readable at the same time.Many experienced programmers try to bend Python to fit patterns they learned from other languages, and never discover Python features outside of their experience. With this book, those Python programmers will thoroughly learn how to become proficient in Python 3.This book covers:Python data model: understand how special methods are the key to the consistent behavior of objectsData structures: take full advantage of built-in types, and understand the text vs bytes duality in the Unicode ageFunctions as objects: view Python functions as first-class objects, and understand how this affects popular design patternsObject-oriented idioms: build classes by learning about references, mutability, interfaces, operator overloading, and multiple inheritanceControl flow: leverage context managers, generators, coroutines, and concurrency with the concurrent.futures and asyncio packagesMetaprogramming: understand how properties, attribute descriptors, class decorators, and metaclasses work"
Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door
Brian Krebs - 2014
Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies and countless viruses, phishing, and spyware attacks he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma" who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords, Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets.Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can—and do—hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too.Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime, before it's too late."Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals. His track record of scoops has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting."
Bloomberg Businessweek
Networking for Dummies
Doug Lowe - 2000
You'll discover the hottest topics for setting up a network at home or in the office.Popular For Dummies author Doug Lowe knows what the networking beginner is looking for, so to that end, he offers you networking fundamentals written in his easy-to-understand style and discusses topics such as Windows 7 and Windows Server 2008.Walks you through networking basics with valuable updates of the latest networking tools and trends Explains exactly what a network is and how to use it Demonstrates how to build a wired or wireless network Addresses securing, optimizing, and troubleshooting a network Discusses networking with all major operating systems Networking For Dummies, 9th Edition is the guide you need to start sharing resources and exchanging data today.
Dark Territory: The Secret History of Cyber War
Fred Kaplan - 2016
The general said it was. This set in motion the first presidential directive on computer security.The first use of cyber techniques in battle occurred in George H.W. Bush's Kuwait invasion in 1991 to disable Saddam's military communications. One year later, the NSA Director watched Sneakers, in which one of the characters says wars will soon be decided not by bullets or bombs but by information. The NSA and the Pentagon have been rowing over control of cyber weapons ever since.From the 1994 (aborted) US invasion of Haiti, when the plan was to neutralize Haitian air-defenses by making all the telephones in Haiti busy at the same time, to Obama's Defense Department 2015 report on cyber policy that spells out the lead role played by our offensive operation, Fred Kaplan tells the story of the NSA and the Pentagon as they explore, exploit, fight, and defend the US. Dark Territory reveals all the details, including the 1998 incident when someone hacked into major US military commands and it wasn't Iraq, but two teenagers from California; how Israeli jets bomb a nuclear reactor in Syria in 2007 by hacking into Syrian air-defense radar system; the time in 2014 when North Korea hacks Sony's networks to pressure the studio to cancel a major Hollywood blockbuster; and many more. Dark Territory is the most urgent and controversial topic in national defense policy.
Cryptography Engineering: Design Principles and Practical Applications
Niels Ferguson - 2010
Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography Shows you how to build cryptography into products from the start Examines updates and changes to cryptography Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Kim Zetter - 2014
The cause of their failure was a complete mystery.Five months later, a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were caught in a reboot loop—crashing and rebooting repeatedly. At first, technicians with the firm believed the malicious code they found on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a virus of unparalleled complexity and mysterious provenance and intent. They had, they soon learned, stumbled upon the world’s first digital weapon.Stuxnet, as it came to be known, was unlike any other virus or worm built before: It was the first attack that reached beyond the computers it targeted to physically destroy the equipment those computers controlled. It was an ingenious attack, jointly engineered by the United States and Israel, that worked exactly as planned, until the rebooting machines gave it all away. And the discovery of Stuxnet was just the beginning: Once the digital weapon was uncovered and deciphered, it provided clues to other tools lurking in the wild. Soon, security experts found and exposed not one but three highly sophisticated digital spy tools that came from the same labs that created Stuxnet. The discoveries gave the world its first look at the scope and sophistication of nation-state surveillance and warfare in the digital age.Kim Zetter, a senior reporter at Wired, has covered hackers and computer security since 1999 and is one of the top journalists in the world on this beat. She was among the first reporters to cover Stuxnet after its discovery and has authored many of the most comprehensive articles about it. In COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World’s First Digital Weapon, Zetter expands on this work to show how the code was designed and unleashed and how its use opened a Pandora’s Box, ushering in an age of digital warfare in which any country’s infrastructure—power grids, nuclear plants, oil pipelines, dams—is vulnerable to the same kind of attack with potentially devastating results. A sophisticated digital strike on portions of the power grid, for example, could plunge half the U.S. into darkness for weeks or longer, having a domino effect on all other critical infrastructures dependent on electricity.
Introducing Windows 8.1 for It Professionals
Ed Bott - 2013
It is offered for sale in print format as a convenience.Get a head start evaluating Windows 8.1 - with early technical insights from award-winning journalist and Windows expert Ed Bott. Based on the Windows 8.1 Preview release, this guide introduces new features and capabilities, with scenario-based advice on how Windows 8.1 can meet the needs of your business. Get the high-level overview you need to begin preparing your deployment now.Preview new features and enhancements, including:How features compare to Windows 7 and Windows XP The Windows 8.1 user experience Deployment Security features Internet Explorer 11 Delivering Windows apps Recovery options Networking and remote access Managing mobile devices Virtualization Windows RT 8.1
Security Engineering: A Guide to Building Dependable Distributed Systems
Ross J. Anderson - 2008
Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Chris Sanders - 2007
But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more Build customized capture and display filters Tap into live network communication Graph traffic patterns to visualize the data flowing across your network Use advanced Wireshark features to understand confusing packets Build statistics and reports to help you better explain technical network information to non-technical usersBecause net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.