Seven Deadliest USB Attacks
- ISBN-10:
- 1597495530
- ISBN-13:
- 9781597495530
- Pub. Date:
- 04/22/2010
- Publisher:
- Elsevier Science
- ISBN-10:
- 1597495530
- ISBN-13:
- 9781597495530
- Pub. Date:
- 04/22/2010
- Publisher:
- Elsevier Science
Seven Deadliest USB Attacks
Buy New
$26.95Buy Used
$20.96-
-
SHIP THIS ITEM
Temporarily Out of Stock Online
Please check back later for updated availability.
-
Overview
The book provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. There are seven chapters that cover the following: USB Hacksaw; the USB Switchblade; viruses and malicious codes; USB-based heap overflow; the evolution of forensics in computer security; pod slurping; and the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements.
This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It will be a valuable resource for information security professionals of all levels, as well as web application developers and recreational hackers.
Product Details
ISBN-13: | 9781597495530 |
---|---|
Publisher: | Elsevier Science |
Publication date: | 04/22/2010 |
Series: | Seven Deadliest Attacks |
Pages: | 256 |
Product dimensions: | 7.40(w) x 9.10(h) x 0.80(d) |
About the Author
Brian’s technical experience began when he joined EDS where he became part of a leveraged team and specialized in infrastructure problem resolution, disaster recovery and design and security. His career progression was swift carrying him through security engineering and into architecture where he earned a lead role. Brian was a key participant in many high level security projects driven by HIPAA, PCI, SOX, FIPS and other regulatory compliance which included infrastructure dependent services, multi-tenant directories, IdM, RBAC, SSO, WLAN, full disk and removable media encryption, leveraged perimeter design and strategy. He has earned multiple certifications for client, server and network technologies. Brian has written numerous viewpoint and whitepapers for current and emerging technologies and is a sought out expert on matters of security, privacy and penetration testing. Brian is an avid security researcher with expertise in reverse engineering focusing on vulnerabilities and exploits and advising clients on proper remediation.
Barbara Anderson has worked in the information technology industry as a network and server security professional for over eleven years. During that time, she has been acting as a senior network security engineer who provides consulting and support for all aspects of network and security design. Barbara comes from a strong network security background and has extensive experience in enterprise design, implementation and life-cycle management.
Barbara proudly served her country for over four years in the United States Air force and has enjoyed successful positions at EDS, SMU, Fujitsu, ACS and Fishnet Security. These experiences and interactions have allowed her to become an expert in enterprise security, product deployment and training.
Table of Contents
About the Authors ix
Introduction xi
Chapter 1 USB Hacksaw 1
Sharing Away your Future 2
Anatomy of the Attack 5
Universal Serial Bus 5
U3 and Flash Drive CD-ROM Emulation 5
Inside the Hacksaw Attack 6
Hacksaw Removal 17
What is the Big Deal? 17
Regulators, Mount Up 18
Evolution of the Portable Platform 20
Portable Platforms 20
Hacksaw Development 22
Defending against This Attack 23
Summary 26
Endnotes 26
Chapter 2 USB Switchblade 27
Passing Grades 28
Inside the Switchblade 31
Switchblade Tool Summaries 32
Switchblade Assembly 38
Why Should I Care? 51
Evolving Aspects 52
Privilege Elevation 54
Defensive Techniques 54
System Execution Prevention and USB Antidote 55
Biometrics and Token Security 57
Password Protection Practices 57
Windows Group Policy Options 60
Browser Settings and Screen Savers 61
Summary 63
Chapter 3 USB-Based Virus/Malicious Code Launch 65
Invasive Species among Us 66
An Uncomfortable Presentation 67
Anatomy of the Attack 69
Malicious Code Methodologies 69
Autorun 74
How to Recreate the Attack 79
Evolution of the Attack 85
Why all the Fuss? 88
Botnets 88
Distributed Denial-of-Service Attacks 88
E-mail Spamming 88
Infecting New Hosts 89
Identity Theft 89
Transporting Illegal Software 89
Google AdSense and Advertisement Add-On Abuse 89
Defending against this Attack 90
Antimalware 92
Summary 96
Endnotes 96
Chapter 4 USB Device Overflow 97
Overflow Overview 97
Analyzing this Attack 99
Device Drivers 99
Going with the Overflow 100
USB Development and the Hole in the Heap 103
Ever-Present Exposures 105
Overflow Outlook 106
Defensive Strategies 107
Drivers 107
Physical Protection Mechanisms 114
Summary 115
Endnote 116
Chapter 5 RAM dump 117
Gadgets Gone Astray 118
Digital Forensic Acquisition Examination 118
Computer Online Forensic Evidence Extractor or Detect and Eliminate Computer-Assisted Forensics? 119
Memory Gatherings 120
Reconstructing the Attack 122
Mind your Memory 133
Advancements in Memory Analysis 136
ManTech DD 136
Additional Analysis Tools 140
Future Memories 141
The Room with an Evil View 141
Hindering the Gatherers 143
Security Framework, Programs, and Governance 143
Trackers and Remote Management 145
BIOS Features 147
Trustless Execution Technology and Module Platform 148
Enhancing the Encryption Experience 149
BitLocker and TrueCrypt 150
Summary 151
Endnotes 151
Chapter 6 Pod Slurping 153
Attack of the Data Snatchers 154
Anatomy of a Slurp 155
How to Recreate the Attack 156
Risky Business 157
Pod Proliferation 158
Advancements in This Attack 159
Breaking Out of Jobs' Jail 160
Mitigating Measures 170
Put your Clients on a Data Diet 170
Hijacking an iPhone 173
Summary 175
Endnotes 176
Chapter 7 Social Engineering and USB come Together for a Brutal Attack 177
Brain Games 178
Hacking the Wetware 179
Reverse Social Engineering 179
Penetration of a Vulnerable Kind 180
Elevated Hazards 204
Legitimate Social Engineering Concerns 205
Generations of Influences 206
USB Multipass 208
Thwarting These Behaviors 208
Security Awareness and Training 208
Behavioral Biometrics 210
Windows Enhancements 211
Summary 216
Overview 216
Endnotes 217
Index 219
What People are Saying About This
Know what you are up against; discover what the deadliest USB attacks are and how to defend against them!