Halting the Hacker: A Practical Guide to Computer Security, 2/e
暫譯: 阻止駭客:電腦安全實用指南,第二版
Donald L. Pipkin
- 出版商: Prentice Hall
- 出版日期: 2002-09-05
- 售價: $1,580
- 貴賓價: 9.8 折 $1,548
- 語言: 英文
- 頁數: 384
- 裝訂: Paperback
- ISBN: 0130464163
- ISBN-13: 9780130464163
-
相關分類:
資訊安全、駭客 Hack
下單後立即進貨 (約5~7天)
買這商品的人也買了...
-
$1,205Advanced Programming in the UNIX Environment (Hardcover) -
SQL Server 2000 資料庫設計與系統管理$650$514 -
2002 嵌入式系統開發聖經$900$765 -
LPI Linux 資格檢定 (LPI Linux Certification in a Nutshell)$880$695 -
$1,029Operating System Concepts, 6/e (Windows XP Update) -
C++ 程式設計樣式揭密 (C++ Programming: With Design Patterns Revealed)$560$448 -
Web 好色-網頁色彩學$420$328 -
PHP & MySQL 完全架站攻略第二版$620$527 -
學 UML 的第1本書$280$218 -
ASP.NET 程式設計徹底研究$590$466 -
Windows Server 2003 系統建置篇$590$466 -
鳥哥的 Linux 私房菜-伺服器架設篇$750$638 -
鳥哥的 Linux 私房菜─基礎學習篇增訂版$560$476 -
osCommerce 購物網站架設實戰$550$468 -
Dreamweaver MX 2004 魔法書中文版$490$417 -
管理資訊系統, 3/e (Management Information Systems, 3/e)$650$637 -
SCJP‧SCJD 專業認證指南 (Sun Certified Programmer & Developer for Java 2 #310-305 與310-027)$850$723 -
Adobe Photoshop CS: One on One$1,620$1,539 -
專案管理實務入門-引導專案成功的52條準則$280$218 -
人月神話:軟體專案管理之道 (20 週年紀念版)(The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition, 2/e)$480$379 -
JSP 2.0 技術手冊$750$593 -
Postfix 技術手冊 (Postfix: The Definitive Guide)$720$569 -
建構嵌入式 Linux 系統$780$616 -
Flash MX 2004 ActionScript 語法參考詞典$580$452 -
Windows CE 嵌入式系統理論與實務$680$537
相關主題
商品描述
- Get into the hacker's mind—and outsmart him!
- Fully updated for the latest threats, tools, and countermeasures
- Systematically covers proactive, reactive, and preemptive security measures
- Detailed, step-by-step techniques for protecting HP-UX, Linux, and UNIX systems
"Takes on even more meaning now than the original edition!"
—Denny Georg, CTO, Information Technology, Hewlett-Packard
Secure your systems against today's attacks—and tomorrow's.
Halting the Hacker: A Practical Guide to Computer Security, Second Edition combines unique insight into the mind of the hacker with practical, step-by-step countermeasures for protecting any HP-UX, Linux, or UNIX system.
Top Hewlett-Packard security architect Donald L. Pipkin has updated this global bestseller for today's most critical threats, tools, and responses. Pipkin organizes this book around the processes hackers use to gain access, privileges, and control—showing you exactly how they work and the best ways to respond. Best of all, Pipkin doesn't just tell you what to do, but why. Using dozens of new examples, he gives you the skills and mindset to protect yourself against any current exploit—and attacks that haven't even been imagined yet.
- How hackers select targets, identify systems, gather information, gain access, acquire privileges, and avoid detection
- How multiple subsystems can be used in harmony to attack your computers and networks
- Specific steps you can take immediately to improve the security of any HP-UX, Linux, or UNIX system
- How to build a secure UNIX system from scratch—with specifics for HP-UX and Red Hat Linux
- Systematic proactive, reactive, and preemptive security measures
- Security testing, ongoing monitoring, incident response, and recovery—in depth
- Legal recourse: What laws are being broken, what you need to prosecute, and how to overcome the obstacles to successful prosecution
The accompanying CD-ROM contains an extensive library of HP-UX and Linux software tools for detecting and eliminating security problems and a comprehensive information archive on security-related topics.
Table of Contents
I: UNDERSTANDING HACKERS.
1. Who Hackers Are.
Internal Hackers. External Hackers. Categorizing Hackers. Demographics. Classified by Skill Level.
2. Hacker Motives.
Intellectually Motivated. Personally Motivated. Socially Motivated. Politically Motivated. Financially Motivated. Motivated by Ego.
3. What Hackers Do.
Modern Day Robin Hood. Digital Dillinger.
4. How Hackers Do What They Do.
Malicious Code. Modified Source Code. Exploiting Network Protocols. Exploiting Vulnerabilities. Password Crackers.
II. THE HACKING PROCESS.
5. Gathering Information.
Public Sources. People. Going On Site. Computer Systems. Security Experts. Other Hackers.
6. Limiting Information Disclosure.
Public Information Sources. Announcements. Restricting the Scope of the Service. Polling. Eavesdropping. Misinformation.
7. Gaining Access.
Back Doors. Anonymously. Active Sessions. Stolen Credentials. Subverting Protocols.
8. Limiting Access.
Physical System Access. Restricting Users. Over the Network. Restricting Services. File System Access.
9. Getting Credentials.
Identity Management. Account Management. Repositories. Monitoring the Network. Social Engineering. Monitoring User Input.
10. Controlling Authentication.
Authentication Management. Cracking Passwords. Finding Passwords in Clear Text. The Future of Passwords. Implementing Strong Authentication.
11. Gaining Privileges.
Having Another User Run a Program. Exploiting Permission Vulnerabilities. Exploiting Hardware Vulnerabilities. Exploiting Software Vulnerabilities.
12. Controlling Authorizations.
User Authorizations. Program Authorizations. Compartmentalization. Protecting Files. Exploiting Permission Vulnerabilities. Read-only File Systems.
13. Avoiding Detection.
Monitoring Connections. Monitoring Processes. Monitoring Information. Increasing Security. Not Making Tracks. Removing Tracks. Misdirection. Changing Time.
14: Increasing Monitoring.
Monitoring Files. Monitoring Users. Monitoring Resources. The Logging System. Consolidated Logging Server. Log File Monitoring.
III. LEGAL RECOURSE.
15. Computer Crimes.
Traditional Offenses Using Computers. Computer-specific Offenses. Intellectual Property Offenses. Content-related Offenses. Privacy Offenses.
16. Legal Prosecution.
Criminal Crime. Law Enforcement Agencies.
17. Obstacles to Prosecution.
Identifying the Hacker. Jurisdiction. Extradition. Evidence. Cost of Prosecution. Corporate Concerns. Personal Concerns.
18. Improving Successful Prosecution.
Enforcing Security Policy. Fair Notice. Marking Information. Proper Evidence Preservation. Trusted Time.
IV. HALTING THE HACKER.
19. Preparation.
Define What Needs Protection. Define How Much Protection Is Required. Define How Much Protection Is Afforded. Define What You Have. Define How to Protect It.
20. Installation.
Software Structure. Install Minimum Base Operating System. Remove Any Unneeded Software. Install Additional Products. Install Standard Patches. Install Security Patches. Remove Software Remnants.
21. Proactive Protection.
Remove What Is Not Needed. Disable What Is Not Used. Restrict the Rest. Host Hardening Systems.
22. Security Testing.
Evaluate Current Status. Compliance with Security Program. Integrity of Installed Software. Integrity of Configuration. Security Scanners.
23. Security Monitoring.
Monitoring for New Vulnerabilities. Intrusion Methods. Determining When a Security Incident Has Occurred. System Monitoring Techniques. Comprehensive Monitoring.
24. Reactive Security.
Review the Incident Response Plan. Preserve the State of the Computer. Report the Incident. Contain the Incident. Gathering Information. Countermeasures.
25. Recovery.
Assess the Scope. Setting Priorities. Secure the System. Repair the Vulnerability. System Recovery. Data Recovery. Monitor for Additional Signs of Attack. Restoration of Confidence.
26. Review.
Determine the Cost of the Incident. Evaluate the Response Plan. Improve the Safeguards. Update Detection. Process Improvement. Postmortem Documentation. Follow-up Communication.
Glossary.
Index.
About the CD-ROM.
Accessing the CD-ROM.
Using the CD-ROM.
商品描述(中文翻譯)
- 進入駭客的思維——並超越他!
- 完全更新以應對最新的威脅、工具和對策
- 系統性地涵蓋主動、反應和預防的安全措施
- 詳細的逐步技術,保護 HP-UX、Linux 和 UNIX 系統
「現在的意義比原版更深!」
—Denny Georg,惠普資訊科技首席技術官
保護您的系統免受當前和未來的攻擊。
《阻止駭客:計算機安全實用指南,第二版》結合了對駭客思維的獨特見解,以及保護任何 HP-UX、Linux 或 UNIX 系統的實用逐步對策。
惠普的首席安全架構師 Donald L. Pipkin 更新了這本全球暢銷書,以應對當今最關鍵的威脅、工具和應對措施。Pipkin 將本書組織圍繞駭客獲取訪問權限、特權和控制的過程——準確展示他們的運作方式以及最佳的應對方法。最重要的是,Pipkin 不僅告訴您該怎麼做,還告訴您為什麼這樣做。通過數十個新例子,他賦予您保護自己免受任何當前漏洞和尚未想像的攻擊的技能和心態。
- 駭客如何選擇目標、識別系統、收集信息、獲取訪問權限、獲得特權並避免被檢測
- 如何利用多個子系統協同攻擊您的計算機和網絡
- 您可以立即採取的具體步驟,以改善任何 HP-UX、Linux 或 UNIX 系統的安全性
- 如何從零開始構建安全的 UNIX 系統——包括 HP-UX 和 Red Hat Linux 的具體細節
- 系統性的主動、反應和預防安全措施
- 安全測試、持續監控、事件響應和恢復——深入探討
- 法律救濟:哪些法律被違反、您需要什麼來起訴,以及如何克服成功起訴的障礙
關於 CD-ROM
隨附的 CD-ROM 包含大量 HP-UX 和 Linux 軟體工具,用於檢測和消除安全問題,以及有關安全相關主題的綜合信息檔案。
**目錄**
I: 理解駭客
駭客環境。歷史觀點。駭客或破解者。
1. 駭客是誰。內部駭客。外部駭客。駭客分類。人口統計。按技能水平分類。
2. 駭客動機。智力驅動。個人驅動。社會驅動。政治驅動。經濟驅動。自我驅動。
3. 駭客的行為。現代的羅賓漢。數位迪倫傑。
4. 駭客如何做到他們所做的事。惡意代碼。修改過的源代碼。利用網絡協議。利用漏洞。密碼破解工具。
II. 駭客過程
選擇目標。識別要攻擊的系統。收集信息。獲取訪問權限。獲得特權。避免檢測。實現目標。
5. 收集信息。公共來源。人員。現場考察。計算機系統。安全專家。其他駭客。
6. 限制信息披露。公共信息來源。公告。限制服務範圍。輪詢。竊聽。錯誤信息。
7. 獲取訪問權限。後門。匿名。活動會話。被盜憑證。顛覆協議。
8. 限制訪問。物理系統訪問。限制用戶。通過網絡。限制服務。文件系統訪問。
9. 獲取憑證。身份管理。帳戶管理。存儲庫。監控網絡。社會工程。監控用戶輸入。
10. 控制身份驗證。身份驗證管理。破解密碼。查找明文密碼。密碼的未來。實施強身份驗證。
11. 獲得特權。讓其他用戶運行程序。利用權限漏洞。利用硬體漏洞。利用軟體漏洞。
12. 控制授權。用戶授權。程序授權。隔離。保護文件。利用權限漏洞。只讀文件系統。
13. 避免檢測。監控連接。監控過程。監控信息。提高安全性。不留下痕跡。清除痕跡。誤導。改變時間。
14. 增加監控。監控文件。監控用戶。監控資源。日誌系統。集中日誌伺服器。日誌文件監控。
III. 法律救濟
刑事指控。民事救濟。
15. 計算機犯罪。使用計算機的傳統罪行。計算機特定罪行。知識產權罪行。內容相關罪行。隱私罪行。
16. 法律起訴。刑事犯罪。執法機構。
17. 起訴障礙。識別駭客。管轄權。引渡。證據。起訴成本。企業關注。個人關注。
18. 改善成功起訴。執行安全政策。公平通知。標記信息。正確的證據保存。可信時間。
IV. 阻止駭客
主動安全措施。反應安全措施。
19. 準備。定義需要保護的內容。定義所需的保護程度。定義提供的保護程度。定義擁有的內容。定義如何保護它。
20. 安裝。軟體結構。安裝最小基礎操作系統。移除任何不需要的軟體。安裝附加產品。安裝標準補丁。安裝安全補丁。移除軟體殘留。
21. 主動保護。移除不需要的內容。禁用未使用的內容。限制其餘內容。主機加固系統。
22. 安全測試。評估當前狀態。遵循安全計劃。已安裝軟體的完整性。配置的完整性。安全掃描器。
23. 安全監控。監控新漏洞。入侵方法。確定何時發生安全事件。系統監控技術。全面監控。
24. 反應安全。檢查事件響應計劃。保留計算機狀態。報告事件。控制事件。收集信息。對策。
25. 恢復。評估範圍。設定優先級。保護系統。修復漏洞。系統恢復。數據恢復。監控額外的攻擊跡象。恢復信心。
26. 審查。確定事件的成本。評估響應計劃。改善保護措施。更新檢測。流程改進。事後文檔。後續溝通。
術語表。索引。關於 CD-ROM。訪問 CD-ROM。使用 CD-ROM。
