Cyber Commander’s Handbook

Cyber Commander's HandbookThe global reliance on computers, networks and systems continues to grow. As our dependency grows so do the threats that target our military s Command, Control, Communications, Computers, Intelligence, Surveillance, Reconnaissance (C4ISR) systems as well as the operational components and electronic controls for our critical infrastructure. Over the past decade we have experienced a substantial rise in the complexity and sophistication of cyber attacks as well as a frightening increase in the impact of some of the attacks. Every computer is a potential cyber weapon waiting to be loaded and used by extremists, criminals, terrorists and rogue nation states. As the world becomes more and more dependent on computers and information technology, the greater the risk of cyber attacks. Government and military leaders now face this fact and our critical systems and infrastructure remain at great risk! This risk has made the ability to defend these critical systems and direct cyber attacks core capabilities required for the modern military. In the age of cyber conflict, leaders need to understand the weapons and strategies used to wage this rapidly evolving type of warfare. This handbook will provide the background needed to understand the new world of cyber warfare, define the tools and techniques for offensive and defensive action, and provide insight into the strategies behind building a dynamic and relevant cyber warfare capability.

Price: $29.95

Instituto Sagres does lecture on Cyber Intelligence

Instituto Sagres gave the lecture “The Intelligence and Cyber Power”. The event occurred on 19 September 2012 and was part of the Cyber Intelligence Symposium, organized by the Brazilian Army Intelligence School (EsIMEx).

The approach is an analogy with the rise of Air Power and its Theories, as well as Air Forces, from the invention of the balloon, by priest Bartolomeu de Gusmão, to the present day, under the focus of Intelligence for military use. Examines aspects of the emergence of Air Power Theories and as in its early days the air vector was seen only as a tool for Intelligence, without any military value as stated by Marshal Foch in 1910, notably with use only for the (Aerial) Reconnaissance, replacing the cavalry and later seen as a replacement to the high spots on the ground, as the Military Doctrine of the time. In this analogy, we have uncovered a probable metric for chronology of emergent Cyber Power in function of the use of the Fifth Dimension: Cyberspace; until then only seen as a source of Intelligence, without any military value. The author leads the audience to question at what timeline point, in the use of Cyberspace, we would be: at the time of the Duque de Caxias balloons (or American Civil War) or UAV? The speaker brings to reflect the questioning of how far away we are from what could be Cyber Power Theories and Cyber Forces (the next Force among Armed Forces) and how Intelligence has and will have a key role in this evolution.

View the original article here

USAF Cyberspace Operations Doctrine Document – AFDD 3-12

USAF Cyberspace Operations Doctrine Document - AFDD 3-12AFDD 3-12 is the US Air Force’s foundational doctrine publication for Air Force operations in, through, and from the cyberspace domain. It defines Cyberspace Superiority and speaks to US Air Force support of maintaining Cyberspace Superiority, a common military function.

“Today, we live in a globally-networked society that is increasingly dependent upon cyberspace access and security. Our ability to gain and maintain superiority in cyberspace has become essential to our ability to deliver global reach, power, and vigilance. As an integral member of the joint warfighting team, the Air Force is committed to growing, sustaining, and presenting highly skilled and well-equipped forces to joint force commanders who can deliver decisive effects in, from, and through cyberspace, while assuring our mission against an asymmetric cyber threat.

Freedom of action in the cyberspace domain enables our command, control, communication, computers, intelligence, surveillance, and reconnaissance capabilities. Our modern defenses, industrial base, and global commerce, as well as that of our nation’s enemies, depend on free use of land, sea, air, space, and cyberspace. Leverage in cyberspace affords influence and control across all other domains. This leverage increases our forces’ access, speed, reach, stealth, and precision.

Controlling the portions of cyberspace integral to our mission is a fundamental prerequisite to effective operations across the range of military operations. While we appreciate the power that cyber-enabled capabilities add, we also maintain a healthy respect for the asymmetric power that cyberspace affords our adversaries. We must maintain a constant commitment to educate, train, and equip our Airman to prevail in the contested domain of cyberspace.

In the past decade, technological advances have provided the means to generate decisive and magnified effects in domains that traditionally could only be achieved via kinetic means. We must continually adapt our operating concepts to leverage emerging cyberspace capabilities to ensure the Air Force maintains the decisive advantage over our adversaries.”

MAURICE H. FORSYTH
Major General, USAF
Commander, LeMay Center for Doctrine
Development and Education

Download AFDD 3-12

 

Penetration Testing and Network Defense

Penetration Testing and Network DefenseThe practical guide to simulating, detecting, and responding to network attacks

  • Create step-by-step testing plans
  • Learn to perform social engineering and host reconnaissance
  • Evaluate session hijacking methods
  • Exploit web server vulnerabilities
  • Detect attempts to breach database security
  • Use password crackers to obtain access information
  • Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
  • Scan and penetrate wireless networks
  • Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
  • Test UNIX, Microsoft, and Novell servers for vulnerabilities
  • Learn the root cause of buffer overflows and how to prevent them
  • Perform and prevent Denial of Service attacks

Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.

Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.

Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.

Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.

“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”

–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®

Price: $67.00

Click here to buy from Amazon

Metasploit: The Penetration Tester’s Guide

Metasploit - A Penetration Tester GuideThe Metasploit Framework is a powerful suite of tools that security researchers use to investigate and resolve potential network and system vulnerabilities. Metasploit: The Penetration Tester‘s Guide shows readers how to assess networks by using Metasploit to launch simulated attacks that expose weaknesses in their security. The book begins with the basics of information security and Metasploit, then proceeds to general and advanced techniques for penetration testing, including network reconnaissance and enumeration, server- and client-side attacks, devastating wireless attacks, and even targeted social engineering attacks. Whether readers are looking to secure their own networks or discover holes in others’, Metasploit is the definitive guide to penetration testing with this dynamic and flexible framework.

Price: $49.95

Click here to buy from Amazon