With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.
You'll not only find valuable information on new hacks that attempt to exploit technical flaws, you'll also learn how attackers take advantage of individuals via social networking sites, and abuse vulnerabilities in wireless technologies and cloud infrastructures. Written by seasoned Internet security professionals, this book helps you understand the motives and psychology of hackers behind these attacks, enabling you to better prepare and defend against them.
- Learn how “inside out” techniques can poke holes into protected networks
- Understand the new wave of “blended threats” that take advantage of multiple application vulnerabilities to steal corporate data
- Recognize weaknesses in today's powerful cloud infrastructures and how they can be exploited
- Prevent attacks against the mobile workforce and their devices containing valuable data
- Be aware of attacks via social networking sites to obtain confidential information from executives and their assistants
- Get case studies that show how several layers of vulnerabilities can be used to compromise multinational corporations
Click here to buy from Amazon
The Internet has given rise to new opportunities for the public sector to improve efficiency and better serve constituents in the form of e-government. But with a rapidly growing user base globally and an increasing reliance on the Internet, digital tools are also exposing the public sector to new risks.
An accessible primer, Cybersecurity: Public Sector Threats and Responses focuses on the convergence of globalization, connectivity, and the migration of public sector functions online. It identifies the challenges you need to be aware of and examines emerging trends and strategies from around the world. Offering practical guidance for addressing contemporary risks, the book is organized into three sections:
- Global Trends—considers international e-government trends, includes case studies of common cyber threats and presents efforts of the premier global institution in the field
- National and Local Policy Approaches—examines the current policy environment in the United States and Europe and illustrates challenges at all levels of government
- Practical Considerations—explains how to prepare for cyber attacks, including an overview of relevant U.S. Federal cyber incident response policies, an organizational framework for assessing risk, and emerging trends
Also suitable for classroom use, this book will help you understand the threats facing your organization and the issues to consider when thinking about cybersecurity from a policy perspective.
Click here to buy from Amazon
Aos poucos, para enfrentar as necessidades de um mundo globalizado e tomado por redes de informação, o Estado brasileiro viu-se diante de uma série de fatores, em sua própria estrutura, que levou o país a criar uma estratégia, abrigando um modelo de articulação envolvendo todos os órgãos públicos em uma rede complexa, extensiva e intensiva. No livro, o autor comenta os principais passos que levaram o Estado brasileiro a acompanhar o que ocorre no espaço cibernético no país. Com uma linguagem acessível e informações preciosas e didáticas, o autor explica a evolução deste acompanhamento, partindo da sua percepção de que segurança e defesa do espaço cibernético brasileiro, até pouco tempo, não tinha um conjunto de ações e estratégias que validasse o compromisso do país com essa nova etapa de segurança das nações. O livro traz ainda as motivações de cada hacker e os mais diversos tipos de denominações para pessoas que se dedicam, de uma maneira ou de outra, a invadir soberanias institucionais. Raphael Mandarino é um dos primeiros pensadores brasileiros sobre o tema. A análise que desenvolveu neste livro é resultado de anos à frente de atividades que levaram o Brasil a ter um programa estratégico de segurança cibernética. Todo o esforço é para que as iniciativas de segurança da informação sejam uma ação integrada e não isolada.
Price: R$ 45.00
Click here to buy from Livraria Cultura
In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide.
From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.
Iranian officials have claimed that Stuxnet caused only minor damage to its nuclear program, yet the potential impact of this type of malicious software could be far-reaching. The discovery of the Stuxnet worm has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented. Congress may also consider the government’s role in protecting critical infrastructure and whether new authorities may be required for oversight.
Click here to buy from Amazon
A complete guide to understanding and fighting advanced persistent threats—today's most destructive risk to enterprise security
Reverse Deception: Organized Cyber Threat Counter-Exploitation explains how to identify advanced persistent threats (APTs), categorize them according to risk level, and prioritize your actions accordingly by applying expert, field-tested private- and government-sector methods (NSA, FBI, and DOD).
APTs cannot be seen, spread invisibly, and then continue to live in an enterprise network, undetected. In this one-of-a-kind book, the authors explain how to get—and stay—ahead of today's well-organized and extremely persistent brand of network enemies. The book describes the characteristics of malware and botnets, how they can morph, evade detection, and spin off decoys that live in-network, while appearing to have been cleaned up and debugged. This detailed guide then reveals how to detect the appearance of malicious code, decode the types of enemies they originate from, and finally, how to extricate malcode and deflect its future entry into networks.
Reverse Deception: Organized Cyber Threat Counter-Exploitation features:
- Full coverage of the #1 feared type of network attack today, the APT
- Descriptions of cyber espionage tactics seen in the U.S. and internationally, with comparisons of the types of countermeasures permissible by law in the U.S. and Asia versus less strict countries in Europe, the Middle East, and Africa
- Enthralling case studies and true stories from the authors' FBI, DOD, NSA, and private sector work
- Foreword by Fred Feer, a security professional with 40 years’ experience with the U.S. Army counterintelligence, CIA, RAND, and independent consulting
- Complete coverage of key aspects of deception, counter-deception, behavioral profiling, and security within the cyber realm
- Cat-and-mouse strategies from the best in the game—explains how to implement deception and disinformation techniques against a variety of incoming threats aimed at enticing adversaries out into the open
- A fresh perspective on innovative, field-tested ideas for successfully countering current digital threats—plus expected characteristics of the next threats to come
- Legal explanations of capabilities, limitations, and requirements for assisting law enforcement investigations
Deception Throughout History to Today; The Applications & Goals of Cyber Counterintelligence; The Missions and Outcomes of Criminal Profiling; Legal & Ethical Aspects of Deception; Attack Tradecraft; Operational Deception; Tools, Tactics & Procedures; Attack Attribution; Black Hat Motivators; Understanding Advanced Persistent Threats; When & When Not to Act; Implementation & Validation Tactics
Click here to buy from Amazon