- Shopping Bag ( 0 items )
"Special Ops has brought some of the best speakers and researchers of computer security together to cover what you need to know to survive in ...
Ships from: STERLING HEIGHTS, MI
Usually ships in 1-2 business days
Ships from: Sausalito, CA
Usually ships in 1-2 business days
Ships from: Chatham, NJ
Usually ships in 1-2 business days
"Special Ops has brought some of the best speakers and researchers of computer security together to cover what you need to know to survive in today’s net."
—Jeff Moss, President & CEO, Black Hat, Inc.
"Special Ops brings perspective from today’s best computer security minds into a single, enormously informative book."
—Mike Schiffman, Director of Security Architecture, @stake, Inc., and Author of Building Open Source Network Security Tools and The Hacker’s Challenge Series
Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle provides solutions for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? Have you considered the damage that could be done by recently laid-off or disgruntled employees, contractors and consultants, building security guards, cleaning staff, and of course the unsecured wireless network? This is the one book you need to defend the soft, chewy center of internal networks.
Erik Pace Birkholz with David Litchfield, Mark Burnett, Chip Andrews, Jim McBee, Roelof Temmingh, Haroon Meer, Tim Mullen, Eric Schultze, Hal Flynn, Vitaly Osipov, and Norris L. Johnson
Foundstone Authors: John Bock, Earl Crane, Mike O'Dea,and Brian Kenyon, Matt Ploessel, James C. Foster
Foreword by: Stuart McClure
Special Ops: Internal Network Security Guide is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? This book attacks the problem of the soft, chewy center in internal networks. We use a two-pronged approach-Tactical and Strategic-to give readers a complete guide to internal penetration testing. Content includes the newest vulnerabilities and exploits, assessment methodologies, host review guides, secure baselines and case studies to bring it all together. We have scoured the Internet and assembled some of the best to function as Technical Specialists and Strategic Specialists. This creates a diversified project removing restrictive corporate boundaries. The unique style of this book will allow it to cover an incredibly broad range of topics in unparalleled detail. Chapters within the book will be written using the same concepts behind software development. Chapters will be treated like functions within programming code, allowing the authors to call on each other's data. These functions will supplement the methodology when specific technologies are examined thus reducing the common redundancies found in other security books.
This book is designed to be the "one-stop shop" for security engineers who want all their information in one place. The technical nature of this may be too much for middle management; however technical managers can use the book to help them understand the challenges faced by the engineers who support their businesses.
OUnprecedented Team of Security Luminaries. Led by Foundstone Principal Consultant, Erik Pace Birkholz, each of thecontributing authors on this book is a recognized superstar in their respective fields. All are highly visible speakers and consultants and their frequent presentations at major industry events such as the Black Hat Briefings and the 29th Annual Computer Security Institute Show in November, 2002 will provide this book with a high-profile launch.
OThe only all-encompassing book on internal network security. Windows 2000, Windows XP, Solaris, Linux and Cisco IOS and their applications are usually running simultaneously in some form on most enterprise networks. Other books deal with these components individually, but no other book provides a comprehensive solution like Special Ops. This book's unique style will give the reader the value of 10 books in 1
In the fast-paced, caffeine-powered, and sometimes reckless world of computer security, the security analogy of a “hard crunchy outside and soft chewy inside,” a staple of the security community today, is uncannily apropos as we spend millions to protect and fortify the outside perimeter network and nary spend a dime to address internal threats. However, as convenient as it may be to leave internal systems free from controls, it’s a disaster once someone “bites” through to that unprotected inside; consider, too, the potential damage (whether intentional or not) that could be generated by those employees or partners who have legitimate access to the center. Lackadaisical attention to the soft and chewy inside could compromise your security at any time. The authors of Special OPs: Host and Network Security for Microsoft, UNIX, and Oracle immerse you in this analogy of intranet security and “the soft chewy inside” so frequently neglected in today’s security oration. In this book, you will find the critical pieces to securing your vital internal systems from attackers (both friend and foe) and a near complete picture to understanding your internal security risk.
The task of securing the inside of your organization is daunting and unenviable: so many systems, so many vulnerabilities, so little time. You must manage a myriad of system frailties and control the day-to-day cyber mayhem. You must be able to allocate your meager IT security resources to the battles that matter most. You may feel you cannot possibly do it all. At the end of the day, if the right assets are not secure from the right risks with the right measures, you might wonder what you really are accomplishing. Motion does not equal progress, and effort does not equal execution. Although you may be keeping everything under control in the short run, eventually some breach will test that control. Management does not care about how many vulnerabilities exist, how difficult they are to fix, or how diversely controlled they are; all they care about is an accurate answer to the questions “Are we secure?” and “Are we getting better?” If you cannot answer those vital questions in the positive, eventually you and your company will cease to thrive.
This book emphasizes a process that will help you answer those questions affirmatively, by teaching you first how to identify and understand your assets, your vulnerabilities, and the threats that face you, and then how to best protect those assets against those threats. Much of this approach can be attributed to Pareto’s Principle, or the 80/20 Rule. This law is often applied to computer security with the phrase “80 percent of the risk is represented by 20 percent of the vulnerabilities.” Simply stated, focus on correcting the few most vital flaws and you will reduce the vast majority of your risk.
Following this principle requires two things: first, that the quality of the data collection is solid, and second, that your methods of analyzing that data are equally solid.
The first variable in collecting solid data, asset inventory, is one of the most underestimated drivers of security. Understanding what assets exist, where they are located (for example, from what country, to what building, and in what room), and what criticality and value they hold, is vitally important in calculating your security risk and can help you create a stellar security management program.
The second variable involves identifying vulnerabilities. The ability to derive an accurate vulnerability picture of your enterprise is critical to collecting clean baseline data. To do this, you must reduce false positives (reporting vulnerabilities present when there actually are none) and eliminate false negatives (not reporting a vulnerability present when there actually is one).
The final variable is in understanding the threats to your system. A vulnerability by itself is not a critical risk—only when a hacker takes that vulnerability, writes a solid exploit, and begins using it does it become a critical risk. To understand the nature of the threats most relevant to you, you need to know the current activities of the underground, how they work and communicate, and how they eventually exploit known weaknesses. Without understanding those threats, your data (that is, your assets and known vulnerabilities) does not exist in a context of security management.
Only when your data collection has enabled you to understand the threats to your system can you go about the task of securing it. This book provides you with the tools and techniques that can help you analyze your data and determine the vital fixes necessary to harden the “chewy inside” of your network according to Pareto’s Principle. You will never be 100 percent secure from attackers, but you can be 100 percent sure that you are applying your resources to the battles that will matter the most.
Data for its own sake holds little value. Too many trees have died in the service of security vulnerability reports that attempt to provide a “complete picture of your risk.” In actuality, those reports often provide little beyond a confusing mix of irrelevant or conflicting concerns, combined with an avalanche of unqualified data. Without an effective, dynamic, robust interface to your data, and without acting upon Pareto’s Principle, you may never shore up your true internal risk.
The definition of insanity is doing the same thing over and over again while expecting a different result—so if you’ve been caught in the vicious cycle of generating too much unfiltered data, don’t let the failures of the past go unheeded. Read this book, heed its warnings, and take steps to effectively manage your security today.
Posted May 6, 2003
A cool book with an attitude is what this is. Complete, no-nonsense coverage of securing IIS, attacking/defending Oracle, DNS, UNIX, SQL Server. Great info on wireless LANs. I bought it for the IIS coverage and have found almost every chapter useful. If I had a bigger staff I would cut the book into pieces and assign each person a chapter to read, memorize, and implement. But I don't, so I bought three copies and the 5 of us will share... So worth the money.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.