Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting

Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and HoneypottingOne of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.

Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives.

Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.

About the Technologies

A sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.

Virtualization has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.

A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.

* The first book to collect a comprehensive set of all virtualization security tools and strategies in a single volume
* Covers all major virtualization platforms, including market leader VMware, Xen, and Microsoft's Hyper-V virtualization platform, a new part of Windows Server 2008 releasing in June 2008
* Breadth of coverage appeals to a wide range of security professionals, including administrators, researchers, consultants, and forensic

Price: $59.95

Click here to buy from Amazon

Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet

Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the InternetOriginally designed as neutral entities, computerized bots are increasingly being used maliciously by online criminals in mass spamming events, fraud, extortion, identity theft, and software theft. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet explores the rise of dangerous bots and exposes the nefarious methods of  “botmasters”. This valuable resource assists information security managers in understanding the scope, sophistication, and criminal uses of bots.

With sufficient technical detail to empower IT professionals, this volume provides in-depth coverage of the top bot attacks against financial and government networks over the last several years. The book presents exclusive details of the operation of the notorious Thr34t Krew, one of the most malicious bot herder groups in recent history. Largely unidentified by anti-virus companies, their bots spread globally for months, launching massive distributed denial of service (DDoS) attacks and warez (stolen software distributions). For the first time, this story is publicly revealed, showing how the botherders got arrested, along with details on other bots in the world today. Unique descriptions of the criminal marketplace – how criminals make money off of your computer – are also a focus of this exclusive book!

With unprecedented detail, the book goes on to explain step-by-step how a hacker launches a botnet attack, providing specifics that only those entrenched in the cyber-crime investigation world could possibly offer.

Authors Ken Dunham and Jim Melnick serve on the front line of critical cyber-attacks and countermeasures as experts in the deployment of geopolitical and technical bots. Their work involves advising upper-level government officials and executives who control some of the largest networks in the world. By examining the methods of Internet predators, information security managers will be better able to proactively protect their own networks from such attacks.

Price: $69.95

Click here to buy from Amazon

Botnet

BotnetBotnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software, but it can also refer to the network of computers using distributed computing software. While botnets are often named after their malicious software name, there are typically multiple botnets in operation using the same malicious software families, but operated by different criminal entities. While the term “botnet” can be used to refer to any group of bots, such as IRC bots, this word is generally used to refer to a collection of compromised computers running software, usually installed via drive-by downloads exploiting Web browser vulnerabilities, worms, Trojan horses, or backdoors, under a common command-and-control infrastructure.

Price: $52.00

Click here to buy from Amazon

Spies Against Armageddon

Spies Against ArmageddonA powerful, vivid history of Israel's intelligence services from the country's independence in 1948, right up to Stuxnet and the current Middle East crises, describing the roots of both the triumphs and the screw-ups. Chapter 1 is titled “Stopping Iran,” focused on nuclear threats, and then readers are taken through the entire history.

Price: $16.99

Click here to buy from Amazon

 

 

 

 

Computer Attack and Cyberterrorism

Computer Attack and CyberterrorismMany international terrorist groups now actively use computers and the Internet to communicate, and several may develop or acquire the necessary technical skills to direct a co-ordinated attack against computers in the United States. A cyberattack intended to harm the U.S. economy would likely target computers that operate the civilian critical infrastructure and government agencies. However, there is disagreement among some observers about whether a co-ordinated cyberattack against the U.S. critical infrastructure could be extremely harmful, or even whether computers operating the civilian critical infrastructure actually offer an effective target for furthering terrorists' goals. While there is no published evidence that terrorist organizations are currently planning a co-ordinated attack against computers, computer system vulnerabilities persist world-wide, and initiators of the random cyberattacks that plague computers on the Internet remain largely unknown. Reports from security organisations show that random attacks are now increasingly implemented through use of automated tools, called ‘bots', that direct large numbers of compromised computers to launch attacks through the Internet as swarms. The growing trend toward the use of more automated attack tools has also overwhelmed some of the current methodologies used for tracking Internet cyberattacks. This book provides background information for three types of attacks against computers (cyberattack, physical attack, and electromagnetic attack), and discusses related vulnerabilities for each type of attack.The book also describes the possible effects of a co-ordinated cyberattack, or computer network attack (CNA), against U.S. infrastructure computers, along with possible technical capabilities of international terrorists. Issues for Congress may include how could trends in cyberattacks be measured more effectively; what is appropriate guidance for DOD use of cyberweapons; should cybersecurity be combined with, or remain separate from, the physical security organization within DHS; how can commercial vendors be encouraged to improve the security of their products; and what are options to encourage U.S. citizens to follow better cybersecurity practices. Appendices to this book describe computer viruses, spyware, and ‘bot networks', and how malicious programs are used to enable cybercrime and cyberespionage. Also, similarities are drawn between planning tactics currently used by computer hackers and those used by terrorists groups for conventional attacks.

Price: $37.00

Click here to buy from Amazon