Special OPS: Host and Network Security for Microsoft, Unix and Oracle

Overview

"Special Ops is an adrenaline-pumping tour of the most critical security weaknesses present on most any corporate network today..."
—Joel Scambray, Senior Director, Microsoft’s MSN, and Co-Author, Hacking Exposed Fourth Edition, Windows 2000, and Web Hacking Editions


"Special Ops has brought some of the best speakers and researchers of computer security together to cover what you need to know to survive in ...

See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (21) from $1.99   
  • New (7) from $37.43   
  • Used (14) from $0.00   
Close
Sort by
Page 1 of 1
Showing 1 – 4 of 7
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$37.43
Seller since 2010

Feedback rating:

(55)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
"New, ships through UPS and DHL. Excellent customer service. Satisfaction guaranteed!! "

Ships from: STERLING HEIGHTS, MI

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$48.43
Seller since 2014

Feedback rating:

(0)

Condition: New
Hardcover New in new dust jacket. Brand New US edition, 3-5 days shipping!

Ships from: Sausalito, CA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$50.44
Seller since 2014

Feedback rating:

(290)

Condition: New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$60.00
Seller since 2014

Feedback rating:

(181)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing 1 – 4 of 7
Close
Sort by
Sending request ...

Overview

"Special Ops is an adrenaline-pumping tour of the most critical security weaknesses present on most any corporate network today..."
—Joel Scambray, Senior Director, Microsoft’s MSN, and Co-Author, Hacking Exposed Fourth Edition, Windows 2000, and Web Hacking Editions


"Special Ops has brought some of the best speakers and researchers of computer security together to cover what you need to know to survive in today’s net."
—Jeff Moss, President & CEO, Black Hat, Inc.

"Special Ops brings perspective from today’s best computer security minds into a single, enormously informative book."
—Mike Schiffman, Director of Security Architecture, @stake, Inc., and Author of Building Open Source Network Security Tools and The Hacker’s Challenge Series

Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle provides solutions for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? Have you considered the damage that could be done by recently laid-off or disgruntled employees, contractors and consultants, building security guards, cleaning staff, and of course the unsecured wireless network? This is the one book you need to defend the soft, chewy center of internal networks.

Erik Pace Birkholz with David Litchfield, Mark Burnett, Chip Andrews, Jim McBee, Roelof Temmingh, Haroon Meer, Tim Mullen, Eric Schultze, Hal Flynn, Vitaly Osipov, and Norris L. Johnson

Foundstone Authors: John Bock, Earl Crane, Mike O'Dea,and Brian Kenyon, Matt Ploessel, James C. Foster

Foreword by: Stuart McClure

Special Ops: Internal Network Security Guide is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? This book attacks the problem of the soft, chewy center in internal networks. We use a two-pronged approach-Tactical and Strategic-to give readers a complete guide to internal penetration testing. Content includes the newest vulnerabilities and exploits, assessment methodologies, host review guides, secure baselines and case studies to bring it all together. We have scoured the Internet and assembled some of the best to function as Technical Specialists and Strategic Specialists. This creates a diversified project removing restrictive corporate boundaries. The unique style of this book will allow it to cover an incredibly broad range of topics in unparalleled detail. Chapters within the book will be written using the same concepts behind software development. Chapters will be treated like functions within programming code, allowing the authors to call on each other's data. These functions will supplement the methodology when specific technologies are examined thus reducing the common redundancies found in other security books.

This book is designed to be the "one-stop shop" for security engineers who want all their information in one place. The technical nature of this may be too much for middle management; however technical managers can use the book to help them understand the challenges faced by the engineers who support their businesses.

OUnprecedented Team of Security Luminaries. Led by Foundstone Principal Consultant, Erik Pace Birkholz, each of thecontributing authors on this book is a recognized superstar in their respective fields. All are highly visible speakers and consultants and their frequent presentations at major industry events such as the Black Hat Briefings and the 29th Annual Computer Security Institute Show in November, 2002 will provide this book with a high-profile launch.
OThe only all-encompassing book on internal network security. Windows 2000, Windows XP, Solaris, Linux and Cisco IOS and their applications are usually running simultaneously in some form on most enterprise networks. Other books deal with these components individually, but no other book provides a comprehensive solution like Special Ops. This book's unique style will give the reader the value of 10 books in 1

Read More Show Less

Product Details

  • ISBN-13: 9781931836692
  • Publisher: Syngress Publishing
  • Publication date: 2/1/2003
  • Pages: 784
  • Product dimensions: 7.40 (w) x 9.12 (h) x 2.08 (d)

Table of Contents

Assessing Internal Network Security

Inventory and Exposure of Corporate Assets

Hunting for High Severity Vulnerabilities (HSV)

Attacking and Defending Windows XP Professional

Attacking and Defending Windows 2000

Securing Active Directory

Securing Exchange and Outlook Web Access

Attacking and Defending DNS

Attacking and Defending Microsoft Terminal Services

Securing IIS

Hacking Custom Web Applications

Attacking and Defending Microsoft SQL Server

Attacking and Defending Oracle

Attacking and Defending UNIX

Wireless LANs: Discovery and Defense

Network Architecture

Architecting the Human Factor

Creating Effective Corporate Security Policies
Read More Show Less

Foreword

Foreword

In the fast-paced, caffeine-powered, and sometimes reckless world of computer security, the security analogy of a “hard crunchy outside and soft chewy inside,” a staple of the security community today, is uncannily apropos as we spend millions to protect and fortify the outside perimeter network and nary spend a dime to address internal threats. However, as convenient as it may be to leave internal systems free from controls, it’s a disaster once someone “bites” through to that unprotected inside; consider, too, the potential damage (whether intentional or not) that could be generated by those employees or partners who have legitimate access to the center. Lackadaisical attention to the soft and chewy inside could compromise your security at any time. The authors of Special OPs: Host and Network Security for Microsoft, UNIX, and Oracle immerse you in this analogy of intranet security and “the soft chewy inside” so frequently neglected in today’s security oration. In this book, you will find the critical pieces to securing your vital internal systems from attackers (both friend and foe) and a near complete picture to understanding your internal security risk.

The task of securing the inside of your organization is daunting and unenviable: so many systems, so many vulnerabilities, so little time. You must manage a myriad of system frailties and control the day-to-day cyber mayhem. You must be able to allocate your meager IT security resources to the battles that matter most. You may feel you cannot possibly do it all. At the end of the day, if the right assets are not secure from the right risks with the right measures, you might wonder what you really are accomplishing. Motion does not equal progress, and effort does not equal execution. Although you may be keeping everything under control in the short run, eventually some breach will test that control. Management does not care about how many vulnerabilities exist, how difficult they are to fix, or how diversely controlled they are; all they care about is an accurate answer to the questions “Are we secure?” and “Are we getting better?” If you cannot answer those vital questions in the positive, eventually you and your company will cease to thrive.

This book emphasizes a process that will help you answer those questions affirmatively, by teaching you first how to identify and understand your assets, your vulnerabilities, and the threats that face you, and then how to best protect those assets against those threats. Much of this approach can be attributed to Pareto’s Principle, or the 80/20 Rule. This law is often applied to computer security with the phrase “80 percent of the risk is represented by 20 percent of the vulnerabilities.” Simply stated, focus on correcting the few most vital flaws and you will reduce the vast majority of your risk.

Note

At the turn of the last century, an Italian economist named Vilfredo Pareto made the observation that 20 percent of the people in Italy owned 80 percent of its wealth. This rather simplistic examination became the infamous Pareto’s Principle, or the 80/20 Rule.

Following this principle requires two things: first, that the quality of the data collection is solid, and second, that your methods of analyzing that data are equally solid.

The first variable in collecting solid data, asset inventory, is one of the most underestimated drivers of security. Understanding what assets exist, where they are located (for example, from what country, to what building, and in what room), and what criticality and value they hold, is vitally important in calculating your security risk and can help you create a stellar security management program.

The second variable involves identifying vulnerabilities. The ability to derive an accurate vulnerability picture of your enterprise is critical to collecting clean baseline data. To do this, you must reduce false positives (reporting vulnerabilities present when there actually are none) and eliminate false negatives (not reporting a vulnerability present when there actually is one).

The final variable is in understanding the threats to your system. A vulnerability by itself is not a critical risk—only when a hacker takes that vulnerability, writes a solid exploit, and begins using it does it become a critical risk. To understand the nature of the threats most relevant to you, you need to know the current activities of the underground, how they work and communicate, and how they eventually exploit known weaknesses. Without understanding those threats, your data (that is, your assets and known vulnerabilities) does not exist in a context of security management.

Only when your data collection has enabled you to understand the threats to your system can you go about the task of securing it. This book provides you with the tools and techniques that can help you analyze your data and determine the vital fixes necessary to harden the “chewy inside” of your network according to Pareto’s Principle. You will never be 100 percent secure from attackers, but you can be 100 percent sure that you are applying your resources to the battles that will matter the most.

Data for its own sake holds little value. Too many trees have died in the service of security vulnerability reports that attempt to provide a “complete picture of your risk.” In actuality, those reports often provide little beyond a confusing mix of irrelevant or conflicting concerns, combined with an avalanche of unqualified data. Without an effective, dynamic, robust interface to your data, and without acting upon Pareto’s Principle, you may never shore up your true internal risk.

The definition of insanity is doing the same thing over and over again while expecting a different result—so if you’ve been caught in the vicious cycle of generating too much unfiltered data, don’t let the failures of the past go unheeded. Read this book, heed its warnings, and take steps to effectively manage your security today.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted May 6, 2003

    A killer book with a killer author team!

    A cool book with an attitude is what this is. Complete, no-nonsense coverage of securing IIS, attacking/defending Oracle, DNS, UNIX, SQL Server. Great info on wireless LANs. I bought it for the IIS coverage and have found almost every chapter useful. If I had a bigger staff I would cut the book into pieces and assign each person a chapter to read, memorize, and implement. But I don't, so I bought three copies and the 5 of us will share... So worth the money.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)