Trojans, Worms, and Spyware : A Computer Security Professional's Guide to Malicious Code (Paperback)
暫譯: 木馬、蠕蟲與間諜軟體:電腦安全專業人士的惡意程式指南 (平裝本)
Michael Erbschloe
- 出版商: Butterworth-Heineman
- 出版日期: 2004-11-01
- 定價: $1,470
- 售價: 2.7 折 $399
- 語言: 英文
- 頁數: 232
- 裝訂: Paperback
- ISBN: 0750678488
- ISBN-13: 9780750678483
-
相關分類:
資訊安全
立即出貨 (庫存 < 4)
買這商品的人也買了...
-
$1,029Fundamentals of Data Structures in C -
C++ Primer, 3/e 中文版$980$774 -
$970Introduction to Algorithms, 2/e -
專業 XML 程式設計第二版 (Professional XML, 2/e)$800$632 -
C++ Builder 6 完全攻略$690$587 -
ASP.NET 程式設計徹底研究$590$466 -
Microsoft Windows Server 2003 架站實務$580$458 -
JSP 2.0 技術手冊$750$593 -
Windows CE 嵌入式系統理論與實務$680$537 -
Computer Networking: A Top-Down Approach Featuring the Internet, 3/e平裝(美國版0321227352)$1,080$1,058 -
Linux 系統管理實務─自動化、備份救援、系統安全、叢集$780$616 -
ISA Server 2004 防火牆安裝與管理指南
$640$506 -
ASP.NET 徹底研究進階技巧─高階技巧與控制項實作$650$507 -
UML 精華第三版 : 標準物件模型語言 (UML Distilled, 3/e)$460$363 -
軟體測試理論與實作$520$406 -
Sniffer Pro 網路最佳化與故障排除手冊
$580$452 -
Linux iptables 技術實務─防火牆、頻寬管理、連線管制$620$490 -
敏捷軟體開發:原則、樣式及實務 (Agile Software Development: Principles, Patterns, and Practices)$780$616 -
軟體預先架構之美學 (Prefactoring)$580$458 -
鳥哥的 Linux 私房菜基礎學習篇, 2/e$780$663 -
Rootkits, Spyware/Adware, Keyloggers and Backdoors: Detection and Neutralization$1,400$1,330 -
Exploiting Online Games: Cheating Massively Distributed Systems (Paperback)$1,730$1,644 -
$990Digital Modeling of Material Appearance -
學徒模式-優秀軟體開發者的養成之路 (Apprenticeship Patterns: Guidance for the Aspiring Software Craftsman)$420$332 -
指標的藝術:程式設計最絢麗的星星, 2/e (平裝版)$580$458
商品描述
Description:
Trojans, Worms, and Spyware provides practical, easy to understand, and readily usable advice to help organizations to improve their security and reduce the possible risks of malicious code attacks. Despite the global downturn, information systems security remains one of the more in-demand professions in the world today. With the widespread use of the Internet as a business tool, more emphasis is being placed on information security than ever before. To successfully deal with this increase in dependence and the ever growing threat of virus and worm attacks, Information security and information assurance (IA) professionals need a jargon-free book that addresses the practical aspects of meeting new security requirements.
This book provides a comprehensive list of threats, an explanation of what they are and how they wreak havoc with systems, as well as a set of rules-to-live-by along with a system to develop procedures and implement security training. It is a daunting task to combat the new generation of computer security threats – new and advanced variants of Trojans, as well as spyware (both hardware and software) and “bombs” – and Trojans, Worms, and Spyware will be a handy must-have reference for the computer security professional to battle and prevent financial and operational harm from system attacks.
Table of Contents:
Preface
Dedication
Acknowledgements
Introduction
Chapter One: Malicious Code Overview
Why Malicious Code Attacks are Dangerous
The Impact of Malicious Code Attacks on Corporate Security
Why Malicious Code Attacks Work
Flaws in Software
Weaknesses in System and Network Configurations
Social Engineering
Human Error and Foolishness
Hackers, Thieves, and Spies
Action Steps to Combat Malicious Code Attacks
Chapter Two: Types of Malicious Code
Email Viruses
Trojans
Back Doors
Worms
Blended Threats
Time Bombs
Spy Ware
Ad Ware
Steal Ware
Action Steps to Combat Malicious Code Attacks
Chapter Three: Review of Malicious Code Incidents
Historic Tidbits
The Morris Worm
Melissa
Love Bug
Code Red(s)
SirCam
Nimda
Slammer
The Summer of 2003 Barrage of Blaster, Sobig and More
Early 2004 with MyDoom, Netsky and More
Action Steps to Combat Malicious Code Attacks
Chapter Four: Basic Steps to Combat Malicious Code
Understanding The Risks
Using Security Policies to Set Standards
System and Patch Updates
Establishing a Computer Incident Response Team
Training for IT Professionals
Training End Users
Applying Social Engineering Methods in an Organization
Working with Law Enforcement Agencies
Action Steps to Combat Malicious Code Attacks
Chapter Five: Organizing for Security, Prevention, and Response
Organization of the IT Security Function
Where Malicious Code Prevention fits Into the IT Security Function
Staffing for Malicious Code Prevention in IT
Budgeting for Malicious Code Prevention
Evaluating Products for Malicious Code Prevention
Establishing and Utilizing an Alert Systems
Establishing and Utilizing a Reporting System
Corporate Security and Malicious Code Incident Investigations
Action Steps to Combat Malicious Code Attacks
Chapter Six: Controlling Computer Behavior of Employees
Policies on Appropriate Use of Corporate Systems
Monitoring Employee Behavior
Site Blockers and Internet Filters
Cookie and Spyware Blockers
Pop Up Blockers
Controlling Downloads
SPAM Control
Action Steps to Combat Malicious Code Attacks
Chapter Seven: Responding to a Malicious Code Incident
The First Report of a Malicious Code Attack
The Confirmation Process
Mobilizing the Response Team
Notifying Management
Using an Alert system and Informing End-Users
Clean up and Restoration
Controlling and Capturing Malicious Code
Identifying the Source of Malicious Code
The Preservation of Evidence
When to Call Law Enforcement
Enterprise Wide Eradication
Returning to Normal Operations
Analyzing Lessons Learned
Action Steps to Combat Malicious Code Attacks
Chapter Eight: Model Training Program for End-Users
Explaining why The Training is Important
Explaining The Appropriate Use Policy for Computers and Networks
Explaining How the Help Desk and PC Support of the Organization Works
Covering the Basic Do’s and Don’ts of Computer Usage to Prevent Attacks
Providing Basic Information about Malicious Code
Explaining How it Identify Potentially Malicious Code
Explaining What Employees Should to do if They Suspect Code is Malicious
Explaining What Employees Should Expect From the IT Department During Incident Response.
Performing the Administrative Aspects of a Training Program
Action Steps to Combat Malicious Code Attacks
Chapter Nine: The Future of Malicious Code
Military Style Information Warfare
Open Source Information Warfare
Militancy and Social Action
Homeland Security Efforts
Action Steps to Combat Malicious Code Attacks
Index
Appendix A: Computer Security Resources
商品描述(中文翻譯)
**描述:**
《木馬、蠕蟲與間諜軟體》提供實用、易於理解且可立即使用的建議,幫助組織改善其安全性並降低惡意程式碼攻擊的潛在風險。儘管全球經濟下滑,資訊系統安全仍然是當今世界上需求較高的職業之一。隨著網際網路作為商業工具的廣泛使用,對資訊安全的重視程度比以往任何時候都要高。為了成功應對這種依賴性增加以及不斷增長的病毒和蠕蟲攻擊威脅,資訊安全和資訊保障(IA)專業人員需要一本不含行話的書籍,來解決滿足新安全要求的實際方面。
本書提供了一個全面的威脅清單,解釋了這些威脅是什麼以及它們如何對系統造成破壞,還提供了一套生活準則以及一個開發程序和實施安全培訓的系統。對抗新一代的電腦安全威脅——新型和高級的木馬變種,以及間諜軟體(包括硬體和軟體)和“炸彈”——是一項艱鉅的任務,而《木馬、蠕蟲與間諜軟體》將成為電腦安全專業人員在對抗和防止系統攻擊造成的財務和運營損害時的必備參考資料。
**目錄:**
前言
致謝
感謝詞
介紹
第一章:惡意程式碼概述
為什麼惡意程式碼攻擊是危險的
惡意程式碼攻擊對企業安全的影響
為什麼惡意程式碼攻擊有效
軟體中的缺陷
系統和網路配置中的弱點
社會工程
人為錯誤與愚蠢
駭客、小偷與間諜
對抗惡意程式碼攻擊的行動步驟
第二章:惡意程式碼的類型
電子郵件病毒
木馬
後門
蠕蟲
混合威脅
定時炸彈
間諜軟體
廣告軟體
盜竊軟體
對抗惡意程式碼攻擊的行動步驟
第三章:惡意程式碼事件回顧
歷史小知識
莫里斯蠕蟲
梅莉莎
愛情蟲
紅色代碼
SirCam
Nimda
Slammer
2003年夏季的Blaster、Sobig等攻擊潮
2004年初的MyDoom、Netsky等攻擊
對抗惡意程式碼攻擊的行動步驟
第四章:對抗惡意程式碼的基本步驟
了解風險
使用安全政策設置標準
系統和補丁更新
建立電腦事件響應小組
對IT專業人員進行培訓
對最終用戶進行培訓
在組織中應用社會工程方法
與執法機構合作
對抗惡意程式碼攻擊的行動步驟
第五章:為安全、預防和響應進行組織
IT安全功能的組織
惡意程式碼預防在IT安全功能中的位置
IT中惡意程式碼預防的人員配置
惡意程式碼預防的預算
評估惡意程式碼預防產品
建立和利用警報系統
建立和利用報告系統
企業安全與惡意程式碼事件調查
對抗惡意程式碼攻擊的行動步驟
第六章:控制員工的電腦行為
企業系統的適當使用政策
監控員工行為
網站封鎖器和網路過濾器
Cookie和間諜軟體封鎖器
彈出窗口封鎖器
控制下載
垃圾郵件控制
對抗惡意程式碼攻擊的行動步驟
第七章:對惡意程式碼事件的響應
惡意程式碼攻擊的首次報告
確認過程
動員響應小組
通知管理層
使用警報系統並通知最終用戶
清理和恢復
控制和捕獲惡意程式碼
識別惡意程式碼的來源
證據的保存
何時聯繫執法機構
全企業範圍的根除
恢復正常運作
分析經驗教訓
對抗惡意程式碼攻擊的行動步驟
第八章:最終用戶的模型培訓計劃
解釋為什麼培訓很重要
解釋電腦和網路的適當使用政策
解釋組織的幫助台和PC支持如何運作
涵蓋防止攻擊的電腦使用基本注意事項
提供有關惡意程式碼的基本信息
解釋如何識別潛在的惡意程式碼
解釋員工在懷疑程式碼惡意時應該怎麼做
解釋員工在事件響應期間應該期待IT部門提供什麼。
執行培訓計劃的行政方面
對抗惡意程式碼攻擊的行動步驟
第九章:惡意程式碼的未來
軍事風格的資訊戰
開源資訊戰
激進主義和社會行動
國土安全努力
對抗惡意程式碼攻擊的行動步驟
索引
附錄A:電腦安全資源
![Introduction to Networks Companion Guide (Ccnav7) [With Access Code]-cover](https://cf-assets2.tenlong.com.tw/ig/021/422/394/9780136633662.jpg?1743472468)
