Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
Security+: The Foundation for Solid Network and Information Security
The focus of this white paper is to introduce the Security+ certification and the foundation for a career in Information security as well as data networking it can provide. We will cover: • Historical overview • How times have changed • The War on Terror—information terror that is! • Real-world data about the CompTIA Security+ • The focus of the certification • Key benefits for becoming CompTIA Security+ certified:
8/29/2018 4:40:43 PM +00:00
Security Operations Guide for Windows 2000 Server
Tham khảo sách 'security operations guide for windows 2000 server', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
8/29/2018 4:40:42 PM +00:00
E-mail Security in the Wakmail Wake of Recent Malicious Code Incidents
This document contains possible recommended settings for the system Registry. You can severely impair or disable a Windows NT System with incorrect changes or accidental deletions when using a Registry editor (Regedt32.exe or Regedit.exe) to change the system configuration. Currently, there is no “undo” command for deletions within the Registry. Registry editor prompts you to confirm the deletions if “Confirm on Delete” is selected from the options menu. When you delete a key, the message does not include the name of the key you are deleting. Therefore, check your selection carefully before proceeding....
8/29/2018 4:40:41 PM +00:00
Guide to the Secure ConfiguratGuide Configuration and Administration of Microsoft Exchange
This document describes how to more securely install, configure, and administer the Microsoft Exchange Server and associated clients. The focus of these documents is Exchange Server 5.0 and 5.5, the Exchange Client, and the Outlook 97 and Outlook 98 clients. Please note that discussions regarding Exchange Server 5.5 assume service pack 1 (or later) has been installed. Exchange 2000 and Outlook 2000 guidance is under development. This document is intended for the reader who is already very familiar with Microsoft Exchange but needs to understand how to install, configure, and administer the product in a more secure manner. The information presented here is written in a direct and concise...
8/29/2018 4:40:41 PM +00:00
Microsoft Office 97 Executable Content Security Risks and Countermeasures
This paper provides an analysis of each application, including techniques for embedding executable content or mobile code within each application. Each analysis summarizes the executable content threat, provides examples of embedding executable content within each application, and outlines possible countermeasures to protect the user against executable content attacks.
8/29/2018 4:40:41 PM +00:00
E-mail Virus Protection Handbook
One of the lessons I learned early in life is to never confess the stupid things that I have done in public—unless there’s a good punch line at the end of the story. Well, there is really no punch line at the end of the story I am about to tell you, but I am going to tell it anyway, because it helps introduce some of the key issues and concepts involved when securing e-mail clients and servers.
8/29/2018 4:40:41 PM +00:00
Hack Proofing E-Commerce Site
Security in the virtual world of the Internet is even more confusing than in the real world we inhabit. Buzzwords and marketing hype only serve to add to the puzzle.Vendors and free products abound, but according to the experts, the Internet world is becoming more dangerous every day. How can that be? How can all these solutions from so many directions not solve even the basic problems? The answer is not simple because the problems are so complex. Security is difficult to create and maintain. Security is messy.The problem is that the online world was built around a system of protocols and rules, but unfortunately, those rules are not...
8/29/2018 4:40:41 PM +00:00
HACK PROOFING YOUR NETWORK: INTERNET TRADECRAFT
This is a book about hacking. It’s not a novel about a set of elusive cyberpunks, it’s a do-it-yourself manual. Are we trying to tell you how to break into other people’s systems? No, we’re trying to help you make your own systems more secure by breaking into them yourself. Yes, this has the side effect that you might learn how to break into someone else’s system as well, and therein lies much of the controversy surrounding hacking.
8/29/2018 4:40:41 PM +00:00
Hack Proofing: Your Web Applications
Tham khảo sách 'hack proofing: your web applications', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
8/29/2018 4:40:41 PM +00:00
Hack Proofing Your Wireless Network
When the concept of a network without wires was first suggested more than two decades ago, it sparked the imagination of scientists, product vendors, and users around the globe eager for the convenience and flexibility of a free roaming connection. Unfortunately, as the variety of wireless solutions began to emerge, anticipation turned to disappointment.The first wave of solutions proved inadequate for the networking, portability, and security needs of a changing IT environment. While this has largely continued to be the case throughout the 1990s with most cell-based and office local area network (LAN)-based wireless technology deployments, great strides have been made specifically over the last two years to address...
8/29/2018 4:40:41 PM +00:00
Using Your Sybex Electronic Book
M icrosoft’s new Microsoft Certified Systems Engineer (MCSE) for Windows 2000 is the premier certification for computer industry professionals. Covering the core technologies around which Microsoft’s future will be built, the new MCSE certification is a powerful credential for career advancement.
8/29/2018 4:40:41 PM +00:00
Mission Critical! Internet Security
Internetworking security has become a very big issue in recent months. Companies who went through corporate life thinking, “it will never happen to me” suddenly found themselves the victim of some sort of attack on their network. High profile companies are most certainly a bigger target for several reasons, including the notoriety the hacker receives for damaging their network or Web site, and the amount of financial damage that can be done by bringing down a successful e-commerce site. Recent attacks easily racked up 100 million dollars in damage....
8/29/2018 4:40:41 PM +00:00
Cisco Guide to Security Specialist’s PIX Firewall
In an age when our society relies so heavily on electronic communication, the need for information security is imperative. Given the value and confidential nature of the information that exists on today’s networks, CIOs are finding that an investment in security is not only extremely beneficial but also absolutely necessary. Corporations are realizing the need to create and enforce an information security policy. As a result, IT professionals are constantly being challenged to secure their networks by installing firewalls and creating Virtual Private Networks (VPNs) that provide secure, encrypted communications over the Internet’s vulnerable public infrastructure....
8/29/2018 4:40:39 PM +00:00
Intrusion Detection Patterns and Analysis
Of course, everyone has their favorite resources on the Net, we encourage you to take some time to give these a try and if you find something really super that isn’t listed here, let us know about it. These URLs are listed to provide you with some very useful information pertaining to the different types of Intrusion Detection software that are available for download, as well to provide some resources for discovering the latest news on common vulnerabilities, etc.
8/29/2018 4:40:36 PM +00:00
Intrusion Detection Patterns
This slide shows an overview of the topics we will cover. If you see patterns in these categories that are not included in this course, we hope you will send them to intrusion@sans.org so they can be added to the collection. Keep in mind that intrusion detection is easy when you know the answer, when it is a familiar pattern; however, it can be hard and frustrating when you do not know the answer.
8/29/2018 4:40:36 PM +00:00
Intrusion Detection Patterns 2
Take a look at the destination port in the first log entry on the slide. Port 22 means Secure Shell (SSH), right? Not quite, since in this case the transport protocol is UDP, which is not generally used for SSH traffic. A UDP port 22 connection attempt, especially when followed by an almost immediate connection to UDP port 5632 is almost always indicative of a pcAnywhere probe.
8/29/2018 4:40:36 PM +00:00
Coordinated Attacks
In our final section we are going to examine data from multiple sources. We will begin by introducing the notion of attackers working together; then we will discuss defenders working together. From an attacker’s standpoint, there are two primary advantages to coordinated or distributed attacks:
8/29/2018 4:40:36 PM +00:00
SANS GIAC Information Security KickStart Glossary of Terms
Access Control: Mechanism(s) used to restrict access to an object. ACL Access Control List. A list of resources and the permissions or authorizations allowed. Active Code/Active Content: Generic term for software delivered via the world Wide Web that executes directly on the user's computer. Alert: A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events.
8/29/2018 4:40:36 PM +00:00
Hacking from a network: SYN flood and TCP Sequence number prediction attacks
Greetings. This is the oldie, but goody section of the course. This next section is important for a number of reasons. If you think about it, attacks occur in stages. In general the attacker has to perform reconnaissance to hone in on the target, to find the weaknesses. Then there will be an initial attack, this is often minimal, in the book Network Intrusion Detection we referred to this as the “grappling hook”. Finally, the attacker completes the kill. This attack shows each of these stages. This attack took 16 seconds to complete. When we were discussing automated response, we used 16 seconds as a measuring rod....
8/29/2018 4:40:36 PM +00:00
Introduction to the basic approaches and issues of Intrusion Detection
We will begin our discussion by talking about false positives and false negatives, which are ever present factors in the life of an intrusion analyst. We will then discuss the notion of Events of Interest (EOI), and their relevance to the event analysis process. We will also go over techniques for judging the severity of a particular event. Additionally, we will propose a way to handle long term conditions that might result from a prolonged exposure to attacks.
8/29/2018 4:40:36 PM +00:00
Indications and Warnings Correlation
Welcome to the second half of the network based intrusion detection tutorial, where we will discuss more advanced analysis techniques based on Indications and Warnings as well as correlation. For every attack that really gets our attention, there are twenty or thirty probes or mapping attempts. Some of the common efforts are DNS zone transfers, DNS queries, SNMP queries, portmapper access attempts, and NetBIOS name lookups.
8/29/2018 4:40:36 PM +00:00
Traffic Analysis Techniques 1
Traffic Analysis is a set of techniques for arranging and visualizing data so that patterns and relations can be identified, tagged or tracked. This course serves as a primer for taking logfiles of virtually any format, organizing the data and performing the analysis.
8/29/2018 4:40:36 PM +00:00
Intrusion Detection The Big Picture
NukeNabber can be considered a personal host intrusion detector for stand-alone PC’s, which will notify you of attempted connections to user-defined ports. Legion can be quite hard to find. Most other vulnerability scanners also now look for unprotected shares. In the back of your materials are additional references. (Editor’s note: for students taking this course online, the Glossary is included as a separate download file. – JEK)
8/29/2018 4:40:35 PM +00:00
Intrusion Detection The Big Picture – Part III
While insider attacks may cause more damage (because the attacker knows the system assets and what to target), insiders are also usually addressed by traditional security and audit. An insider has a much greater chance of being caught, since you know where they live. So while damaging, insider attacks are infrequent (because of the high risks of detection and arrest or dismissal), by contrast, it is extremely difficult to track and prosecute attackers arriving over the Internet. And because of the perception of low risk, attacks are a daily or hourly occurrence....
8/29/2018 4:40:35 PM +00:00
Information Assurance Foundations
This slide shows the main topics we are going to cover. We will discuss the threats that are arrayed against our computer systems. To focus that discussion, we will be concerned with some of the more famous attacks that have occurred. Now, information assurance can get really complex, but these kinds of problems decompose nicely.
8/29/2018 4:40:35 PM +00:00
IP Behavior
Specifically, we will present an introduction to tcpdump and tcpdump output. We will cover tcp concepts that are the foundations of how tcp communicates. We will look at fragmentation in IP datagrams to see what is happening at the datagram level. Finally, we will examine stimulus and response. How does a host respond to certain traffic under varying circumstances? This will assist you in understanding what normal responses look like.
8/29/2018 4:40:35 PM +00:00
Intrusion Detection Overview and Trends in Internet Attacks
An important lesson to share is that you should always test attack tools in a lab environment -- never on a live network. Over the years I have been amazed at how well I can break networks simply by scanning them. Needless to say, the owners of the networks are not always overjoyed, and it is great to be able to demonstrate that I tested them in a lab BEFORE I let them loose on a live, production network.
8/29/2018 4:40:35 PM +00:00
GIAC Basic Security Policy
I have never ceased to be amazed by the fact that you can’t take a class in information security without being told to do this or the other thing in accordance with “your security policy”. But nobody ever explains what policy is, or how to write or evaluate it. This is why we have begun this research and educational project into security policy.
8/29/2018 4:40:35 PM +00:00
The Little Black Book of Computer Viruses
This is the first in a series of three books about computer viruses. In these volumes I want to challenge you to think in new ways about viruses, and break down false concepts and wrong ways of thinking, and go on from there to discuss the relevance of computer viruses in today’s world. These books are not a call to a witch hunt, or manuals for protecting yourself from viruses. On the contrary, they will teach you how to design viruses, deploy them, and make them better. All three volumes are full of source code for viruses, including both new and well known varieties....
8/29/2018 4:40:35 PM +00:00
L0phtCrack
L0phtCrack (zero, not the letter O) is an NT password auditing tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operating system. The operating system does not store the user passwords in their original clear-text form for security reasons. The actual user passwords are encrypted because they are sensitive information that can be used to impersonate any user, including the Administrator of the operating system.
8/29/2018 4:40:35 PM +00:00