To some a brand-new forum for the freedom of speech, the Internet is also the most up-to-date way to gather intelligence. Brilliant hackers like Kevin Mitnik—modern-day “pirates”—pose real security threats to government and industry. Cyberwars explores a dangerous new world where international terrorists plot their attacks and are tracked by secret service organizations on-line, drug traffickers do business and launder money, and electronic economic espionage is the order of the day. Examining efforts to police on-line communication and content, Guisnel assesses the implications of pervasive surveillance for the inherently democratic medium of the Internet. As these issues are the focus of ongoing debates in government and the private sector, Cyberwars couldn’t be more timely.
As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective.
Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents.
Continue reading “Building an Intelligence-Led Security Program”
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, Second Edition, provides the most in-depth guide to forensic investigations involving Windows Registry. This book is one-of-a-kind, giving the background of the Registry to help users develop an understanding of the structure of registry hive files, as well as information stored within keys and values that can have a significant impact on forensic investigations. Tools and techniques for post mortem analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry. This second edition continues a ground-up approach to understanding so that the treasure trove of the Registry can be mined on a regular and continuing basis.Named a Best Digital Forensics Book by InfoSec ReviewsPacked with real-world examples using freely available open source toolsProvides a deep explanation and understanding of the Windows Registry―perhaps the least understood and employed source of information within Windows systemsIncludes a companion website that contains the code and author-created tools discussed in the bookFeatures updated, current tools and techniquesContains completely updated content throughout, with all new coverage of the latest versions of Windows
Although the use of data mining for security and malware detection is quickly on the rise, most books on the subject provide high-level theoretical discussions to the near exclusion of the practical aspects. Breaking the mold, Data Mining Tools for Malware Detection provides a step-by-step breakdown of how to develop data mining tools for malware detection. Integrating theory with practical techniques and experimental results, it focuses on malware detection applications for email worms, malicious code, remote exploits, and botnets.
The authors describe the systems they have designed and developed: email worm detection using data mining, a scalable multi-level feature extraction technique to detect malicious executables, detecting remote exploits using data mining, and flow-based identification of botnet traffic by mining multiple log files. For each of these tools, they detail the system architecture, algorithms, performance results, and limitations.
Continue reading “Data Mining Tools for Malware Detection”
Pick up where certification exams leave off. With this practical, in-depth guide to the entire network infrastructure, you’ll learn how to deal with real Cisco networks, rather than the hypothetical situations presented on exams like the CCNA. Network Warrior takes you step by step through the world of routers, switches, firewalls, and other technologies based on the author's extensive field experience. You'll find new content for MPLS, IPv6, VoIP, and wireless in this completely revised second edition, along with examples of Cisco Nexus 5000 and 7000 switches throughout.
Topics include:An in-depth view of routers and routingSwitching, using Cisco Catalyst and Nexus switches as examplesSOHO VoIP and SOHO wireless access point design and configurationIntroduction to IPv6 with configuration examplesTelecom technologies in the data-networking world, including T1, DS3, frame relay, and MPLSSecurity, firewall theory, and configuration, as well as ACL and authenticationQuality of Service (QoS), with an emphasis on low-latency queuing (LLQ)IP address allocation, Network Time Protocol (NTP), and device failures