Hands-On Ethical Hacking and Network Defense, Second Edition provides an in-depth understanding of how to effectively protect computer networks. This book describes the tools and penetration testing methodologies used by ethical hackers and provides a thorough discussion of what and who an ethical hacker is and how important they are in protecting corporate and government data from cyber attacks. Readers are provided with updated computer security resources that describe new vulnerabilities and innovative methods to protect networks. Also included is a thorough update of the federal and state computer crime laws, as well as changes in penalties for illegal computer hacking. With cyber-terrorism and corporate espionage threatening the fiber of our world, the need for trained network security professionals continues to grow. Hands-On Ethical Hacking and Network Defense, Second Edition provides a structured knowledge base to prepare readers to be security professionals who understand how to protect a network by using the skills and tools of an ethical hacker.
Essential Skills for Hackers is about the skills you need to be in the elite hacker family.
The book will mainly about two things: TCP/IP 101, and Protocol Analysis. The better the hacker, the more we will be able to master TCP/IP. Once the reader understands what TCP/IP is, what it looks like, the book will go into Protocol Analysis and how analyzing the protocol or, in a more general sense, looking at packets on the wire, we will be able to determine what exactly is taking place on a network. By doing this, readers can identify when something on the network doesn’t match what it should and, more importantly, can create any type of sequence of events or packets that they want on the network and see how the defenses or the machines that we send them to react.
Continue reading “Essential Skills for Hackers”
Electricity is vital to the commerce and daily functioning of United States. The modernization of the grid to accommodate today’s uses is leading to the incorporation of information processing capabilities for power system controls and operations monitoring. The “Smart Grid” is the name given to the evolving electric power network as new information technology systems and capabilities are incorporated. While these new components may add to the ability to control power flows and enhance the efficiency of grid operations, they also potentially increase the susceptibility of the grid to cyber (i.e., computer-related) attack since they are built around microprocessor devices whose basic functions are controlled by software programming. The potential for a major disruption or widespread damage to the nation’s power system from a large scale cyberattack has increased focus on the cybersecurity of the Smart Grid.
Federal efforts to enhance the cybersecurity of the electrical grid were emphasized with the recognition of cybersecurity as a critical issue for electric utilities in developing the Smart Grid. The Federal Energy Regulatory Commission (FERC) received primary responsibility for the reliability of the bulk power system from the Energy Policy Act of 2005. FERC subsequently designated the North American Electric Reliability Corporation (NERC) as the “Electric Reliability Organization” (ERO) with the responsibility of establishing and enforcing reliability standards. Compliance with reliability standards for electric utilities thus changed from a voluntary, peer-driven undertaking to a mandatory function. The Energy Independence and Security Act of 2007 (EISA) later added requirements for “a reliable and secure electricity infrastructure” with regard to Smart Grid development. NERC is also responsible for standards for critical infrastructure protection (CIP) which focus on planning and procedures for the physical security of the grid. Self-determination is a key part of the CIP reliability process. Utilities are allowed to self-identify what they see as “critical assets” under NERC regulations. Only “critical cyber assets” (i.e., as essential to the reliable operation of critical assets) are subject to CIP standards. FERC has directed NERC to revise the standards so that some oversight of the identification process for critical cyber assets was provided, but any revision is again subject to stakeholder approval. While reliability standards are mandatory, the ERO process for developing regulations is somewhat unusual in that the regulations are essentially being established by the entities who are being regulated. This may potentially be a conflict of interest, especially when cost of compliance is a concern, and acceptable standards may conceivably result from the option with the lowest costs. Since utility systems are interconnected in many ways, the system with the least protected network potentially provides the weakest point of access.
Continue reading “The Smart Grid and Cybersecurity – Regulatory Policy and Issues”
Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis exposes the latest electronic covert communication techniques used by cybercriminals, along with the needed investigative methods for identifying them. The book shows how to use the Internet for legitimate covert communication, while giving investigators the information they need for detecting cybercriminals who attempt to hide their true identity. Intended for practitioners and investigators, the book offers concrete examples on how to communicate securely, serving as an ideal reference for those who truly need protection, as well as those who investigate cybercriminals.Covers high-level strategies, what they can achieve, and how to implement themShows discovery and mitigation methods using examples, court cases, and moreExplores how social media sites and gaming technologies can be used for illicit communications activitiesExplores the currently in-use technologies such as TAILS and TOR that help with keeping anonymous online
How to Attack and Defend Your Website is a concise introduction to web security that includes hands-on web hacking tutorials. The book has three primary objectives: to help readers develop a deep understanding of what is happening behind the scenes in a web application, with a focus on the HTTP protocol and other underlying web technologies; to teach readers how to use the industry standard in free web application vulnerability discovery and exploitation tools – most notably Burp Suite, a fully featured web application testing tool; and finally, to gain knowledge of finding and exploiting the most common web security vulnerabilities.
This book is for information security professionals and those looking to learn general penetration testing methodology and how to use the various phases of penetration testing to identify and exploit common web protocols.
Continue reading “How to Attack and Defend Your Website”