Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
The focus of this white paper is to introduce the Security+ certification and the foundation for a career in
Information security as well as data networking it can provide.
We will cover:
• Historical overview
• How times have changed
• The War on Terror—information terror that is!
• Real-world data about the CompTIA Security+
• The focus of the certification
• Key benefits for becoming CompTIA Security+ certified:
8/29/2018 4:40:43 PM +00:00
Tham khảo sách 'security operations guide for windows 2000 server', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
8/29/2018 4:40:42 PM +00:00
This document contains possible recommended settings for the system
Registry. You can severely impair or disable a Windows NT System with
incorrect changes or accidental deletions when using a Registry editor
(Regedt32.exe or Regedit.exe) to change the system configuration. Currently,
there is no “undo” command for deletions within the Registry. Registry editor
prompts you to confirm the deletions if “Confirm on Delete” is selected from the
options menu. When you delete a key, the message does not include the name
of the key you are deleting. Therefore, check your selection carefully before
proceeding....
8/29/2018 4:40:41 PM +00:00
This document describes how to more securely install, configure, and administer the
Microsoft Exchange Server and associated clients. The focus of these documents is
Exchange Server 5.0 and 5.5, the Exchange Client, and the Outlook 97 and Outlook 98
clients. Please note that discussions regarding Exchange Server 5.5 assume service
pack 1 (or later) has been installed. Exchange 2000 and Outlook 2000 guidance is under
development.
This document is intended for the reader who is already very familiar with Microsoft
Exchange but needs to understand how to install, configure, and administer the product
in a more secure manner. The information presented here is written in a direct and
concise...
8/29/2018 4:40:41 PM +00:00
This paper provides an analysis of each application, including
techniques for embedding executable content or mobile code
within each application. Each analysis summarizes the executable
content threat, provides examples of embedding executable
content within each application, and outlines possible countermeasures
to protect the user against executable content attacks.
8/29/2018 4:40:41 PM +00:00
One of the lessons I learned early in life is to never confess the stupid
things that I have done in public—unless there’s a good punch line at
the end of the story. Well, there is really no punch line at the end of the
story I am about to tell you, but I am going to tell it anyway, because it
helps introduce some of the key issues and concepts involved when
securing e-mail clients and servers.
8/29/2018 4:40:41 PM +00:00
Security in the virtual world of the Internet is even more confusing
than in the real world we inhabit. Buzzwords and marketing hype only
serve to add to the puzzle.Vendors and free products abound, but
according to the experts, the Internet world is becoming more dangerous
every day. How can that be? How can all these solutions from so
many directions not solve even the basic problems?
The answer is not simple because the problems are so complex.
Security is difficult to create and maintain. Security is messy.The
problem is that the online world was built around a system of protocols
and rules, but unfortunately, those rules are not...
8/29/2018 4:40:41 PM +00:00
This is a book about hacking. It’s not a novel about a set of elusive
cyberpunks, it’s a do-it-yourself manual. Are we trying to tell you how
to break into other people’s systems? No, we’re trying to help you
make your own systems more secure by breaking into them yourself.
Yes, this has the side effect that you might learn how to break into
someone else’s system as well, and therein lies much of the controversy
surrounding hacking.
8/29/2018 4:40:41 PM +00:00
Tham khảo sách 'hack proofing: your web applications', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
8/29/2018 4:40:41 PM +00:00
When the concept of a network without wires was first suggested more than two
decades ago, it sparked the imagination of scientists, product vendors, and users
around the globe eager for the convenience and flexibility of a free roaming connection.
Unfortunately, as the variety of wireless solutions began to emerge, anticipation
turned to disappointment.The first wave of solutions proved inadequate
for the networking, portability, and security needs of a changing IT environment.
While this has largely continued to be the case throughout the 1990s with
most cell-based and office local area network (LAN)-based wireless technology
deployments, great strides have been made specifically over the last two years to
address...
8/29/2018 4:40:41 PM +00:00
M
icrosoft’s new Microsoft Certified Systems Engineer (MCSE)
for Windows 2000 is the premier certification for computer industry
professionals. Covering the core technologies around which Microsoft’s
future will be built, the new MCSE certification is a powerful credential for
career advancement.
8/29/2018 4:40:41 PM +00:00
Internetworking security has become a very big issue in recent months.
Companies who went through corporate life thinking, “it will never happen
to me” suddenly found themselves the victim of some sort of attack on
their network. High profile companies are most certainly a bigger target for
several reasons, including the notoriety the hacker receives for damaging
their network or Web site, and the amount of financial damage that can be
done by bringing down a successful e-commerce site. Recent attacks easily
racked up 100 million dollars in damage....
8/29/2018 4:40:41 PM +00:00
In an age when our society relies so heavily on electronic communication, the need
for information security is imperative. Given the value and confidential nature of the
information that exists on today’s networks, CIOs are finding that an investment in
security is not only extremely beneficial but also absolutely necessary. Corporations
are realizing the need to create and enforce an information security policy. As a
result, IT professionals are constantly being challenged to secure their networks by
installing firewalls and creating Virtual Private Networks (VPNs) that provide secure,
encrypted communications over the Internet’s vulnerable public infrastructure....
8/29/2018 4:40:39 PM +00:00
Of course, everyone has their favorite resources on the Net, we encourage you to take some time to
give these a try and if you find something really super that isn’t listed here, let us know about it.
These URLs are listed to provide you with some very useful information pertaining to the different
types of Intrusion Detection software that are available for download, as well to provide some
resources for discovering the latest news on common vulnerabilities, etc.
8/29/2018 4:40:36 PM +00:00
This slide shows an overview of the topics we will cover. If you see patterns in these categories that
are not included in this course, we hope you will send them to intrusion@sans.org so they can be
added to the collection. Keep in mind that intrusion detection is easy when you know the answer,
when it is a familiar pattern; however, it can be hard and frustrating when you do not know the
answer.
8/29/2018 4:40:36 PM +00:00
Take a look at the destination port in the first log entry on the slide. Port 22 means Secure Shell
(SSH), right? Not quite, since in this case the transport protocol is UDP, which is not generally used
for SSH traffic. A UDP port 22 connection attempt, especially when followed by an almost
immediate connection to UDP port 5632 is almost always indicative of a pcAnywhere probe.
8/29/2018 4:40:36 PM +00:00
In our final section we are going to examine data from multiple sources. We will begin by
introducing the notion of attackers working together; then we will discuss defenders working
together. From an attacker’s standpoint, there are two primary advantages to coordinated or
distributed attacks:
8/29/2018 4:40:36 PM +00:00
Access Control: Mechanism(s) used to restrict access to an object.
ACL Access Control List. A list of resources and the
permissions or authorizations allowed.
Active Code/Active Content: Generic term for software delivered via the world Wide
Web that executes directly on the user's computer.
Alert: A formatted message describing a circumstance relevant
to network security. Alerts are often derived from critical
audit events.
8/29/2018 4:40:36 PM +00:00
Greetings. This is the oldie, but goody section of the course. This next section is important for a
number of reasons.
If you think about it, attacks occur in stages. In general the attacker has to perform reconnaissance to
hone in on the target, to find the weaknesses. Then there will be an initial attack, this is often
minimal, in the book Network Intrusion Detection we referred to this as the “grappling hook”.
Finally, the attacker completes the kill. This attack shows each of these stages.
This attack took 16 seconds to complete. When we were discussing automated response, we used 16
seconds as a measuring rod....
8/29/2018 4:40:36 PM +00:00
We will begin our discussion by talking about false positives and false negatives, which are ever
present factors in the life of an intrusion analyst. We will then discuss the notion of Events of
Interest (EOI), and their relevance to the event analysis process. We will also go over techniques for
judging the severity of a particular event. Additionally, we will propose a way to handle long term
conditions that might result from a prolonged exposure to attacks.
8/29/2018 4:40:36 PM +00:00
Welcome to the second half of the network based intrusion detection tutorial, where we
will discuss more advanced analysis techniques based on Indications and Warnings as
well as correlation.
For every attack that really gets our attention, there are twenty or thirty probes or
mapping attempts. Some of the common efforts are DNS zone transfers, DNS queries,
SNMP queries, portmapper access attempts, and NetBIOS name lookups.
8/29/2018 4:40:36 PM +00:00
Traffic Analysis is a set of techniques for
arranging and visualizing data so that
patterns and relations can be identified,
tagged or tracked. This course serves as a
primer for taking logfiles of virtually any
format, organizing the data and performing
the analysis.
8/29/2018 4:40:36 PM +00:00
NukeNabber can be considered a personal host intrusion detector for stand-alone PC’s, which will
notify you of attempted connections to user-defined ports. Legion can be quite hard to find. Most other vulnerability scanners also now look for unprotected shares.
In the back of your materials are additional references. (Editor’s note: for students taking this
course online, the Glossary is included as a separate download file. – JEK)
8/29/2018 4:40:35 PM +00:00
While insider attacks may cause more damage (because the attacker knows the system assets and
what to target), insiders are also usually addressed by traditional security and audit. An insider has a
much greater chance of being caught, since you know where they live.
So while damaging, insider attacks are infrequent (because of the high risks of detection and arrest or
dismissal), by contrast, it is extremely difficult to track and prosecute attackers arriving over the
Internet. And because of the perception of low risk, attacks are a daily or hourly occurrence....
8/29/2018 4:40:35 PM +00:00
This slide shows the main topics we are going to cover. We will discuss the threats that are arrayed
against our computer systems. To focus that discussion, we will be concerned with some of the more
famous attacks that have occurred. Now, information assurance can get really complex, but these
kinds of problems decompose nicely.
8/29/2018 4:40:35 PM +00:00
Specifically, we will present an introduction to tcpdump and tcpdump output. We will cover tcp
concepts that are the foundations of how tcp communicates. We will look at fragmentation in IP
datagrams to see what is happening at the datagram level. Finally, we will examine stimulus and
response. How does a host respond to certain traffic under varying circumstances? This will assist
you in understanding what normal responses look like.
8/29/2018 4:40:35 PM +00:00
An important lesson to share is that you should always test attack tools in a lab environment --
never on a live network. Over the years I have been amazed at how well I can break networks
simply by scanning them. Needless to say, the owners of the networks are not always overjoyed, and
it is great to be able to demonstrate that I tested them in a lab BEFORE I let them loose on a live,
production network.
8/29/2018 4:40:35 PM +00:00
I have never ceased to be amazed by the fact that you can’t take a class in information security without
being told to do this or the other thing in accordance with “your security policy”. But nobody ever
explains what policy is, or how to write or evaluate it. This is why we have begun this research and
educational project into security policy.
8/29/2018 4:40:35 PM +00:00
This is the first in a series of three books about computer
viruses. In these volumes I want to challenge you to think in new
ways about viruses, and break down false concepts and wrong ways
of thinking, and go on from there to discuss the relevance of
computer viruses in today’s world. These books are not a call to a
witch hunt, or manuals for protecting yourself from viruses. On the
contrary, they will teach you how to design viruses, deploy them,
and make them better. All three volumes are full of source code for
viruses, including both new and well known varieties....
8/29/2018 4:40:35 PM +00:00
L0phtCrack (zero, not the letter O) is an NT password auditing tool. It will compute NT user
passwords from the cryptographic hashes that are stored by the NT operating system. The operating
system does not store the user passwords in their original clear-text form for security reasons. The
actual user passwords are encrypted because they are sensitive information that can be used to
impersonate any user, including the Administrator of the operating system.
8/29/2018 4:40:35 PM +00:00