Whether you use Linux, Unix, or Windows, this newly revised edition describes the essential practices previously handed down only from mentor to protege. This wonderfully lucid, often funny cornucopia of information introduces beginners to advanced frameworks valuable for their entire career, yet is structured to help even the most advanced experts through difficult projects.The book's four major sections build your knowledge with the foundational elements of system administration. These sections guide you through better techniques for upgrades and change management, catalog best practices for IT services, and explore various management topics. Chapters are divided into The Basics and The Icing. When you get the Basics right it makes every other aspect of the job easier--such as automating the right things first. The Icing sections contain all the powerful things that can be done on top of the basics to wow customers and managers.Inside, you'll find advice on topics such asThe key elements your networks and systems need in order to make all other services run better Building and running reliable, scalable services, including web, storage, email, printing, and remote access Creating and enforcing security policies Upgrading multiple hosts at one time without creating havoc Planning for and performing flawless scheduled maintenance windows Managing superior helpdesks and customer care Avoiding the -temporary fix- trap Building data centers that improve server uptime Designing networks for speed and reliability Web scaling and security issues Why building a backup system isn't about backups Monitoring what you have and predicting what you will need How technically oriented workers can maintain their job's technical focus (and avoid an unwanted management role) Technical management issues, including morale, organization building, coaching, and maintaining positive visibility Personal skill techniques, including secrets for getting more done each day, ethical dilemmas, managing your boss, and loving your job System administration salary negotiation It's no wonder the first edition received Usenix SAGE's 2005 Outstanding Achievement Award!This eagerly anticipated second edition updates this time-proven classic:Chapters reordered for easier navigationThousands of updates and clarifications based on reader feedbackPlus three entirely new chapters: Web Services, Data Storage, and Documentation

    This beginner-friendly book opens with some basics of programming and helps you navigate Kali Linux, an operating system that comes preloaded with useful computer security tools like Wireshark and Metasploit. You'll learn about gathering information on a target, social engineering, capturing network traffic, analyzing vulnerabilities, developing exploits, and more. Hands-on examples discuss even advanced topics like mobile device security and bypassing anti-virus software.

     Limited Time Offer: Buy CompTIA(R) A+ 220-801 and 220-802 Exam Cram and receive a 10% off discount code for the CompTIA A+ 220-801 and 220-802 exams. To receive your 10% off discount code:Register your product at pearsonITcertification.com/registerFollow the instructionsGo to your Account page and click on "Access Bonus Content" CompTIA(R) A+ 220-801 and 220-802 Exam Cram, Sixth Edition is the perfect study guide to help you pass CompTIA's A+ 220-801 and 220-802 exams. It provides coverage and practice questions for every exam topic, including substantial new coverage of Windows 7, new PC hardware, tablets, smartphones, and professional-level networking and security. The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Exam Alerts, Sidebars, and Notes interspersed throughout the text keep you focused on what you need to know. Cram Quizzes help you assess your knowledge, and the Cram Sheet tear card is the perfect last minute review. Covers the critical information you'll need to know to score higher on your CompTIA A+ 220-801 and 220-802 exams!Deploy and administer desktops and notebooks running Windows 7, Vista, or XPUnderstand, install, and troubleshoot motherboards, processors, and memoryTest and troubleshoot power-related problemsUse all forms of storage, including new Blu-ray and Solid State (SSD) devicesWork effectively with mobile devices, including tablets and smartphonesInstall, configure, and troubleshoot both visible and internal laptop componentsConfigure Windows components and applications, use Windows administrative tools, and optimize Windows systemsRepair damaged Windows environments and boot errorsWork with audio and video subsystems, I/O devices, and the newest peripheralsInstall and manage both local and network printersConfigure IPv4 and understand TCP/IP protocols and IPv6 changesInstall and configure SOHO wired/wireless networks and troubleshoot connectivityImplement secure authentication, prevent malware attacks, and protect data Companion CDThe companion CD contains a digital edition of the Cram Sheet and the powerful Pearson IT Certification Practice Test engine, complete with hundreds of exam-realistic questions and two complete practice exams. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Pearson IT Certifcation Practice Test Minimum System RequirementsWindows XP (SP3), WIndows Vista (SP2), or Windows 7Microsoft .NET Framework 4.0 ClientPentium-class 1 GHz processor (or equivalent)512 MB RAM650 MB disk space plus 50 MB for each downloaded practice exam David L. Prowse is an author, computer network specialist, and technical trainer. Over the past several years he has authored several titles for Pearson Education, including the well-received CompTIA A+ Exam Cram and CompTIA Security+ Cert Guide. As a consultant, he installs and secures the latest in computer and networking technology. He runs the website www.davidlprowse.com, where he gladly answers questions from students and readers.

    But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to:Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

    It is truly cutting-edge. As the only book on the subject, Rootkits will be of interest to any Windows security researcher or security programmer. It's detailed, well researched and the technical information is excellent. The level of technical detail, research, and time invested in developing relevant examples is impressive. In one word: Outstanding."--Tony Bautts, Security Consultant; CEO, Xtivix, Inc. "This book is an essential read for anyone responsible for Windows security. Security professionals, Windows system administrators, and programmers in general will want to understand the techniques used by rootkit authors. At a time when many IT and security professionals are still worrying about the latest e-mail virus or how to get all of this month's security patches installed, Mr. Hoglund and Mr. Butler open your eyes to some of the most stealthy and significant threats to the Windows operating system. Only by understanding these offensive techniques can you properly defend the networks and systems for which you are responsible."--Jennifer Kolde, Security Consultant, Author, and Instructor "What's worse than being owned? Not knowing it. Find out what it means to be owned by reading Hoglund and Butler's first-of-a-kind book on rootkits. At the apex the malicious hacker toolset--which includes decompilers, disassemblers, fault-injection engines, kernel debuggers, payload collections, coverage tools, and flow analysis tools--is the rootkit. Beginning where Exploiting Software left off, this book shows how attackers hide in plain sight."Rootkits are extremely powerful and are the next wave of attack technology. Like other types of malicious code, rootkits thrive on stealthiness. They hide away from standard system observers, employing hooks, trampolines, and patches to get their work done. Sophisticated rootkits run in such a way that other programs that usually monitor machine behavior can't easily detect them. A rootkit thus provides insider access only to people who know that it is running and available to accept commands. Kernel rootkits can hide files and running processes to provide a backdoor into the target machine."Understanding the ultimate attacker's tool provides an important motivator for those of us trying to defend systems. No authors are better suited to give you a detailed hands-on understanding of rootkits than Hoglund and Butler. Better to own this book than to be owned."--Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software (2004) and Building Secure Software (2002), both from Addison-Wesley "Greg and Jamie are unquestionably the go-to experts when it comes to subverting the Windows API and creating rootkits. These two masters come together to pierce the veil of mystery surrounding rootkits, bringing this information out of the shadows. Anyone even remotely interested in security for Windows systems, including forensic analysis, should include this book very high on their must-read list."--Harlan Carvey, author of Windows Forensics and Incident Recovery (Addison-Wesley, 2005) Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the world's leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection. Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. They teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers. After reading this book, readers will be able to Understand the role of rootkits in remote command/control and software eavesdropping Build kernel rootkits that can make processes, files, and directories invisible Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects Work with layered drivers to implement keyboard sniffers and file filters Detect rootkits and build host-based intrusion prevention software that resists rootkit attacks

    When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

    Topics include Linux command line basics, filesystems, networking, BASH basics, package management, logging, and the Linux kernel and drivers.If you're getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment.First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: - Cover your tracks by changing your network information and manipulating the rsyslog logging utility - Write a tool to scan for network connections, and connect and listen to wireless networks - Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email - Write a bash script to scan open ports for potential targets - Use and abuse services like MySQL, Apache web server, and OpenSSH - Build your own hacking tools, such as a remote video spy camera and a password crackerHacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers?

    The preeminent expert in his field, Mr.Black draws upon years of experience as president of both theInternational and American Software Testing Qualifications boardsto offer this extensive resource of all the standards, methods, andtools you'll need.The book covers core testing concepts and thoroughly examinesthe best test management practices and tools of leading hardwareand software vendors. Step-by-step guidelines and real-worldscenarios help you follow all necessary processes and avoidmistakes.Producing high-quality computer hardware and software requirescareful, professional testing; Managing the Testing Process, Third Edition explains how to achieve that by following adisciplined set of carefully managed and monitored practices andprocessesThe book covers all standards, methods, and tools you need forprojects large and smallPresents the business case for testing products and reviews theauthor's latest test assessmentsTopics include agile testing methods, risk-based testing, IEEEstandards, ISTQB certification, distributed and outsourced testing, and moreOver 100 pages of new material and case studies have been addedto this new editionIf you're responsible for managing testing in the real world, Managing the Testing Process, Third Edition is the valuablereference and guide you need.

    The book starts with the fundamentals -- what protocols do and how they work, how addresses and routing are used to move data through the network, how to set up your network connection -- and then covers, in detail, everything you need to know to exchange information via the Internet.Included are discussions on advanced routing protocols (RIPv2, OSPF, and BGP) and the gated software package that implements them, a tutorial on configuring important network services -- including DNS, Apache, sendmail, Samba, PPP, and DHCP -- as well as expanded chapters on troubleshooting and security. TCP/IP Network Administration is also a command and syntax reference for important packages such as gated, pppd, named, dhcpd, and sendmail.With coverage that includes Linux, Solaris, BSD, and System V TCP/IP implementations, the third edition contains:Overview of TCP/IP Delivering the data Network services Getting startedM Basic configuration Configuring the interface Configuring routing Configuring DNS Configuring network servers Configuring sendmail Configuring Apache Network security Troubleshooting Appendices include dip, ppd, and chat reference, a gated reference, a dhcpd reference, and a sendmail reference This new edition includes ways of configuring Samba to provide file and print sharing on networks that integrate Unix and Windows, and a new chapter is dedicated to the important task of configuring the Apache web server. Coverage of network security now includes details on OpenSSH, stunnel, gpg, iptables, and the access control mechanism in xinetd. Plus, the book offers updated information about DNS, including details on BIND 8 and BIND 9, the role of classless IP addressing and network prefixes, and the changing role of registrars.Without a doubt, TCP/IP Network Administration, 3rd Edition is a must-have for all network administrators and anyone who deals with a network that transmits data over the Internet.

    Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography Shows you how to build cryptography into products from the start Examines updates and changes to cryptography Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.

    Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    100% complete coverage of all objectives for exam RH302 Exam Readiness Checklist at the front of the book--you're ready for the exam when all objectives on the list are checked off Inside the Exam sections in every chapter highlight key exam topics covered Real-world exercises modeled after hands-on exam scenarios Two complete lab-based exams simulate the format, tone, topics, and difficulty of the real exam Bonus content (available for download) includes installation screen review, basic instructions for using VMware and Xen as testbeds, and paper and pencil versions of the lab exams Covers all RH302 exam topics, including: Hardware installation and configuration The boot process Linux filesystem administration Package management and Kickstart User and group administration System administration tools Kernel services and configuration Apache and Squid Network file sharing services (NFS, FTP, and Samba) Domain Name System (DNS) E-mail (servers and clients) Extended Internet Services Daemon (xinetd), the Secure package, and DHCP The X Window System Firewalls, SELinux, and troubleshooting

    It supports secure remote logins, secure file transfer between computers, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. Best of all, SSH is free, with feature-filled commercial versions available as well.SSH: The Secure Shell: The Definitive Guide covers the Secure Shell in detail for both system administrators and end users. It demystifies the SSH man pages and includes thorough coverage of:SSH1, SSH2, OpenSSH, and F-Secure SSH for Unix, plus Windows and Macintosh products: the basics, the internals, and complex applications.Configuring SSH servers and clients, both system-wide and per user, with recommended settings to maximize security.Advanced key management using agents, agent forwarding, and forced commands.Forwarding (tunneling) of TCP and X11 applications in depth, even in the presence of firewalls and network address translation (NAT).Undocumented behaviors of popular SSH implementations.Installing and maintaining SSH systems.Whether you're communicating on a small LAN or across the Internet, SSH can ship your data from "here" to "there" efficiently and securely. So throw away those insecure .rhosts and hosts.equiv files, move up to SSH, and make your network a safe place to live and work.

    Intermediate to advanced system administrators will find more than 100 tried-and-tested scripts they can copy and use immediately.Updated for PowerShell 3.0, this comprehensive cookbook includes hands-on recipes for common tasks and administrative jobs that you can apply whether you’re on the client or server version of Windows. You also get quick references to technologies used in conjunction with PowerShell, including format specifiers and frequently referenced registry keys to selected .NET, COM, and WMI classes.Learn how to use PowerShell on Windows 8 and Windows Server 2012Tour PowerShell’s core features, including the command model, object-based pipeline, and ubiquitous scriptingMaster fundamentals such as the interactive shell, pipeline, and object conceptsPerform common tasks that involve working with files, Internet-connected scripts, user interaction, and moreSolve tasks in systems and enterprise management, such as working with Active Directory and the filesystem

    Hosts behind the firewall have no defenses of their own, so when a host in the trusted zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile.Authors Evan Gilman and Doug Barth show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.Understand how the zero trust model embeds security within the system's operation, rather than layering it on topExamine the fundamental concepts at play in a zero trust network, including network agents and trust enginesUse existing technology to establish trust among the actors in a networkLearn how to migrate from a perimeter-based network to a zero trust network in productionExplore case studies of zero trust on the client side (Google) and on the server (PagerDuty)