Maximum Security

Overview

Maximum Security, Fourth Edition provides updated, comprehensive, platform-by-platform coverage of security issues, and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. This book provides information for security administrators and others interested in computer and network security and provides them with techniques to take steps to protect their systems.

Author Biography:

Anonymous is an ...

See more details below
Available through our Marketplace sellers.
Other sellers (Other Format)
  • All (11) from $1.99   
  • New (1) from $33.41   
  • Used (10) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$33.41
Seller since 2014

Feedback rating:

(323)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

Maximum Security, Fourth Edition provides updated, comprehensive, platform-by-platform coverage of security issues, and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. This book provides information for security administrators and others interested in computer and network security and provides them with techniques to take steps to protect their systems.

Author Biography:

Anonymous is an experienced computer hacker who specializes in testing security of various networking platforms. He was convicted of a series of financial crimes in the late 1980s and now works as a writer, trainer, and security consultant.

Greg Shipley is CTO for Neohapsis, an information security consultancy. He is a contributing editor with Network Computing magazine.

Jonathan Feldman is a contributing editor with Network Computing magazine, where he writes a column and frequently contributes technical workshops.,/P>

Robert Blader works at the Naval Surface Warfare Center, where he performs intrusion detection, security training, and network forensics. He has contributed to SANS GIAC courses and SysAdmin magazine.

Chad Cook has worked for ten years in security, with emphasis on secure product architecture, network and operating system security, and new security technologies.

David Harley maintains a number of virus and security related information resources and writes regularly for Virus Bulletin.

Joe Jenkins is a system administrator/security consultant with NoWalls, Inc. and writes for magazines such as SecurityFocus.

L.J. Locher is a network adminstrator, programmer, and security consultant who has written articles for Windows 2000 Magazine.

Toby Miller is a security engineer for Advanced Systems Development and is the author of several papers published for SecurityFocus and the SANS Institute.

Brooke Paul works as an information technology and security consultant.

Nicholas Raba is a well-known expert on Macintosh security.

Gregory White is Vice President of profession services at SecureLogix, and is a former professor of computer science at the US Air Force Academy.

Read More Show Less

Editorial Reviews

From The Critics
Now in a completely updated third edition, Maximum Security: A Hacker's Guide To Protecting Your Internet Site And Network provides comprehensive, platform-by-platform coverage of security issues, and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. A complete and "user friendly" instruction and eference manual, security managers and others interested in computer and network security can learn everything the hackers already know, and then take steps to protect their systems. Very highly recommended for personal and professional computer security and safety reference collections. User Level: Intermediate-Advanced. 896 pp.
Read More Show Less

Product Details

  • ISBN-13: 9780672318719
  • Publisher: Sams
  • Publication date: 5/17/2001
  • Series: Sams Professional Series
  • Edition description: Older Edition
  • Edition number: 3
  • Pages: 896
  • Product dimensions: 7.37 (w) x 9.08 (h) x 1.98 (d)

Meet the Author

Anonymous is an experienced computer hacker who now works as a writer, trainer, and security consultant in California. He is the author of Maximum Linux Security: A Hacker's Guide to Protecting Your Linux Server and Workstation.

Greg Shipley is the lead security consultant for Chicago-based Neohapsis, Inc. He has extensive network and systems administration experience, and he currently specializes in penetration testing, breaking firewalls, evaluating intrusion detection systems, and performing vulnerability assessment. He is also a contributing editor for Network Computing magazine.

Read More Show Less

Read an Excerpt

Chapter 3: Building a Roadmap for Securing Your Enterprise

This chapter will arm you with the guidelines necessary to survive the information security onslaught. The odds are stacked in this battle, and not in the favor of the defenders. If there is to be any hope of coming out of the war victorious, you need a serious strategy. This chapter is designed to give you an introduction to that strategy in the form of an information security roadmap.

Proactive Versus Reactive Models

We have a saying in the consulting field in regard to IT security spending: "The easiest client to sell security services to is the one that just got attacked." Unfortunately, the statement is as sad as it is true. The simple fact of the matter is that most organizations only react to security threats, and, often times, those reactions come after the damage has already been done. For example, patching your legacy systems after an intruder has already stolen your customer records won't help regain consumer confidence. Starting a log monitoring effort after a contractor has sent your research and development data to an overseas competitor will not bring back your competitive advantage. Convincing executives to encrypt their high-value data after their laptops have already been stolen won't reverse their earlier mistakes.

Although all these tactics are positive and encouraged courses of action, they don't stop the problems before they occur. It is for this reason alone that, when operating in a catch-up mode, security programs will only be marginally successful at best. The key to a successful informa-tion security program resides in taking a pro-active stance towards security threats, and attempting to eliminate vulnerability points before they can be used against you. By defining and organizing the information security effort beforehand, organizations stand a chance against the seemingly endless onslaught of security threats in the world today.

This is, of course, easier said then done. However, if proactive security measures are done right, there is a light at the end of the tunnel. You'll want to perform the following tasks to launch a proactive security program:

  • Understand where the corporation's assets reside
  • Reduce the number of vulnerability and exposure points
  • Secure systems and infrastructure equipment
  • Develop, deploy, and enforce security policies
  • Develop, deploy, and enforce standardized OS configuration and lock-down documents
  • Train administrators, managers, and developers on relevant areas of information security
  • Implement an incident-response program
  • Implement a threat-identification effort
  • Implement a self-audit mechanism
  • Educate, educate, educate, and educate
By getting these efforts off the ground, you can help place your organization in the driver's seat, and help reduce the amount of time you spend chasing your tail.

Benchmarking Your Current Security Posture

Security administration is not about achieving some unobtainable goal of absolute security. Instead, it's about managing risk. There will never be "absolute" security when it comes to computing environments, but there are ways to effectively minimize risk levels through reducing the number of vulnerabilities.

The first thing most people do when they inherit the responsibility of securing an environment is panic. The second thing they usually do is attempt to ascertain the current state of affairs. Understanding the state of the terrain is essential before moves can be made to secure it. This is why most security efforts begin with an assessment of some sort. Whether this assessment comes from an outside third party, or through the use of well-trained internal staff, the follow-ing areas should be investigated:

  • The current state of the security policies
  • The current state of security on the network
  • The current state of the system security
  • The current state of security of network applications
  • The current state of employee awareness
  • The current state of management awareness
  • The current state of information security–training efforts
Often times, organizations hire outside consulting firms to assess either all of, or particular components of, the previous list. Although few organizations have all these efforts defined and operating efficiently, it's important to document the status of these efforts. Documentation can be used for a number of things later on, such as aiding in the production of status reports, benchmarking progress, gaining further security funding, and identifying areas that need the most help. Regardless of how it is done, or by whom, getting a good idea of where you presently are can help you define where you want to be headed.

This third edition of Maximum Security can be used to help with many of these needs. For example, Chapter 11 covers the selection of vulnerability assessment tools that can help iden-tify system security holes. Part VI, "Platforms and Security," can help with some of the details surrounding the securing of specific operating systems. Finally, Chapter 26, "Policies, Procedures, and Enforcement," can help with policy definition efforts.

Identifying Digital Assets

When presented with the term asset identification, most IT folks think of asset management, or asset tracking, in the literal sense of the term. Although tracking physical assets is important, rarely do organizations take the time to granularly identify or quantify the value associated with their digital assets. For example, an e-commerce delivery system might comprise a dozen Web servers, a few database servers, a merchant gateway, and various pieces of supporting infrastructure equipment. For example, let's say that a sample medium-sized e-commerce deployment runs around $400,000 in hardware. The machines and systems themselves have a book value that is easy enough to calculate. A little bit more difficult to identify might be the costs associated with a site-wide outage. One would have to calculate hourly or daily revenue losses, as well as the costs associated with expenses necessary to respond to the problem, and any other outage-based costs.

Drilling a little deeper into our example, let us also suppose that the customer records and the purchasing trend data for this e-commerce initiative are stored on a single, internal database server. Again, the financial value of the hardware is easy enough to identify and record. But what happens when that server is compromised, and its data is leaked to the public? There will then be some less tangible, but very important items at risk: consumer confidence, industry reputation, and perhaps even legal liability. So the value of the server, and the data on it, might be a lot higher then what was initially thought.

Why does this matter? Back to the concept of managing risks. In an ideal world, every server, network device, and piece of data would be sufficiently protected. Unfortunately, we don't live in that world. Reality states that we have to choose our battles wisely, as there are only a finite number of them that we can fight. By identifying key assets, and protecting those assets first, organizations can maximize the effectiveness of their risk mitigation efforts.

Readers should note that there have been entire books written on asset identification and data value classification, and how they relate to overall risk analysis. Although many of the areas of true risk analysis are outside the scope of this book, there are some basics areas to look at in the IT field that can help you get started. For example, the following areas are often classified as "high value":

  • Payroll information
  • Research and development data
  • Source code
  • Marketing strategies
  • Financial systems
  • Sales information
  • Customer data
  • Financial reports
  • Miscellaneous proprietary data...
Read More Show Less

Table of Contents

Part I: Setting the Stage ..... 1
1: Why This Book Was Written ..... 3
2: How to Use This Book ..... 21
Part II: Security Concepts ..... 33
3: Building a Roadmap for Securing Your Enterprise ..... 35
4: A Brief Primer on TCP/IP ..... 47
5: Hackers and Crackers ..... 69
6: The State of the Net: A World at War ..... 89
Part III: Hacking 101: The Tricks of the Trade ..... 115
7: Spoofing Attacks ..... 117
8: Hiding One's Identity ..... 133
9: Dispelling Some of the Myths ..... 163
Part IV: The Defender's Toolkit ..... 185
10: Firewalls ..... 187
11: Vulnerability Assessment Tools (Scanners) ..... 215
12: Intrusion Detection Systems (IDSs) ..... 227
13: Logging and Auditing Tools ..... 241
14: Password Crackers ..... 253
15: Sniffers ..... 279
Part V: Virtual Weapons of Mass Destruction ..... 299
16: Denial of Service Attacks ..... 301
17: Viruses and Worms ..... 323
18: Trojans ..... 351
Part VI: Platforms and Security ..... 375
19: Microsoft ..... 377
20: UNIX ..... 421
21: Novell ..... 503
22: Cisco Routers and Switches ..... 523
23: Macintosh ..... 537
24: VAX/VMS ..... 563
Part VII: Bringing It All Together ..... 579
25: Mining the Date Monster ..... 581
26: Policies, Procedures, and Enforcement ..... 595
27: Internal Security ..... 621
28: Network Architecture Considerations ..... 637
29: Secure Application Development, Languages, and Extensions ..... 663
Appendix A: Security Bibliography - Further Reading ..... 707
Appendix B: Internet 101 ..... 723
Appendix C: How to Get More Information ..... 737
Appendix D: Security Consultants ..... 761
Appendix E: Vendor Information and Security Standards ..... 799
Appendix F: What's on the CD-ROM ..... 821
Appendix G: Security Glossary ..... 827
Index ..... 843
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)