LITMIR.BIZ

Up-to-the-minute observations from a world-famous security expert Bruce Schneier is known worldwide as the foremost authority and commentator on every security issue from cyber-terrorism to airport surveillance. This groundbreaking book features more than 160 commentaries on recent events including the Boston Marathon bombing, the NSA's ubiquitous surveillance programs, Chinese cyber-attacks, the privacy of cloud computing, and how to hack the Papal election. Timely as an Internet news report and always insightful, Schneier explains, debunks, and draws lessons from current events that are valuable for security experts and ordinary citizens alike. Bruce Schneier's worldwide reputation as a security guru has earned him more than 250,000 loyal blog and newsletter readers This anthology offers Schneier's observations on some of the most timely security issues of our day, including the Boston Marathon bombing, the NSA's Internet surveillance, ongoing aviation security issues, and Chinese cyber-attacks It features the author's unique take on issues involving crime, terrorism, spying, privacy, voting, security policy and law, travel security, the psychology and economics of security, and much more Previous Schneier books have sold over 500,000 copies Carry On: Sound Advice from Schneier on Security is packed with information and ideas that are of interest to anyone living in today's insecure world.

Подробнее

The first book to reveal and dissect the technical aspect of many social engineering maneuvers From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering. Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats. Examines social engineering, the science of influencing a target to perform a desired task or divulge information Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access Reveals vital steps for preventing social engineering threats Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

Подробнее

Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed, followed by a concise discussion of the core networking skills you need to have to gain a strong handle on the subject matter. Chapters conclude with review questions and suggested labs so you can measure your level of understanding of the chapter's content. Serves as an ideal resource for gaining a solid understanding of fundamental security concepts and skills Offers a straightforward and direct approach to security basics and covers anti-malware software products, firewalls, network topologies and devices, network ports, and more Reviews all the topics you need to know for taking the MTA 98-367 exam Provides an overview of security components, looks at securing access with permissions, addresses audit policies and network auditing, and examines protecting clients and servers If you're new to IT and interested in entering the IT workforce, then Microsoft Windows Security Essentials is essential reading.

Подробнее

Hands-on, practical guide to implementing SSL and TLS protocols for Internet security If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more. Coverage includes: Understanding Internet Security Protecting against Eavesdroppers with Symmetric Cryptography Secure Key Exchange over an Insecure Medium with Public Key Cryptography Authenticating Communications Using Digital Signatures Creating a Network of Trust Using X.509 Certificates A Usable, Secure Communications Protocol: Client-Side TLS Adding Server-Side TLS 1.0 Support Advanced SSL Topics Adding TLS 1.2 Support to Your TLS Library Other Applications of SSL A Binary Representation of Integers: A Primer Installing TCPDump and OpenSSL Understanding the Pitfalls of SSLv2 Set up and launch a working implementation of SSL with this practical guide.

Подробнее

Сегодня у нас специфическая тема, которая, в первую очередь, будет интересна владельцам новых ресурсов. Мы будем разговаривать об индексации сайта и как же её увеличивают. На самом деле это очень важная тема, особенно для молодых блогов. Здесь подготовлено 12 советов для Вашего сайта.

Подробнее

После того, как сайт уже создан, наступает второй этап его развития – генерация трафика. Трафик – это потоки тех людей, кто выполняет целевое действие. Если вы не будете заниматься вашим проектом, то люди о нем просто не смогут узнать и, соответственно, будут приносить деньги вашим конкурентам. Поэтому вопрос привлечения посетителей очень важен, и от него зачастую зависит то, сколько денег вы получаете с проекта.

Подробнее

Master Wireshark to solve real-world security problems If you don’t already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment. Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples. Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material. Lastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wireshark’s features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The book’s final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark. By the end of the book you will gain the following: Master the basics of Wireshark Explore the virtual w4sp-lab environment that mimics a real-world network Gain experience using the Debian-based Kali OS among other systems Understand the technical details behind network attacks Execute exploitation and grasp offensive and defensive activities, exploring them through Wireshark Employ Lua to extend Wireshark features and create useful scripts To sum up, the book content, labs and online material, coupled with many referenced sources of PCAP traces, together present a dynamic and robust manual for information security professionals seeking to leverage Wireshark.

Подробнее

CompTIA-approved, best-selling prep for CompTIA's Advanced Security Practitioner certification, updated for the CAS-002 exam CASP: CompTIA Advanced Security Practitioner Study Guide: CAS-002 is the updated edition of the bestselling book covering the CASP certification exam. CompTIA approved, this guide covers all of the CASP exam objectives with clear, concise, thorough information on crucial security topics. With practical examples and insights drawn from real-world experience, the book is a comprehensive study resource with authoritative coverage of key concepts. Exam highlights, end-of-chapter reviews, and a searchable glossary help with information retention, and cutting-edge exam prep software offers electronic flashcards and hundreds of bonus practice questions. Additional hands-on lab exercises mimic the exam's focus on practical application, providing extra opportunities for readers to test their skills. CASP is a DoD 8570.1-recognized security certification that validates the skillset of advanced-level IT security professionals. The exam measures the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments, as well as the ability to think critically and apply good judgment across a broad spectrum of security disciplines. This study guide helps CASP candidates thoroughly prepare for the exam, providing the opportunity to: Master risk management and incident response Sharpen research and analysis skills Integrate computing with communications and business Review enterprise management and technical component integration Experts predict a 45-fold increase in digital data by 2020, with one-third of all information passing through the cloud. Data has never been so vulnerable, and the demand for certified security professionals is increasing quickly. The CASP proves an IT professional's skills, but getting that certification requires thorough preparation. This CASP study guide provides the information and practice that eliminate surprises on exam day. Also available as a set, Security Practitoner & Crypotography Set, 9781119071549 with Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition.

Подробнее

Материал книги помогает разобраться в том, что обычно скрывается за терминами и шаблонными фразами «взлом электронной почты», «кибершпионаж» и «фишинг». Автор старался показать информационную безопасность как поле битвы с трех сторон: со стороны преступного сообщества, использующего информационные технологии, со стороны законодательства и правоохранительной системы и со стороны атакуемого. Книга включает практический взгляд на механизмы, используемые киберпреступниками, а также процесс формирования судебного производства и методов расследования таких преступлений. Приводимые методы атак подкрепляются примерами из реальной жизни. Углубленно разбираются механизмы получения незаконного доступа к учетным записям информационных ресурсов, в частности электронной почты. Акцентируется внимание на методе проведения фишинг-атак как наиболее эффективном на сегодняшний день инструменте получения паролей. Фишинг рассматривается как универсальный инструмент, находящий свое проявление в различных мошеннических и хакерских комбинациях, как с технической, так и с юридической стороны. Материал дает возможность пересмотреть и адекватно оценивать риски, эффективность используемых систем защиты, выстроить политику безопасности в соответствии с реальностью. Приводятся советы по предотвращению кибератак и алгоритм первоначальных действий, которые необходимо предпринимать при наступлении инцидента и которые направлены на фиксацию следов, эффективное расследование и взаимодействие с правоохранительными органами.

Подробнее

Learn to hack your own system to protect against malicious attacks from outside Is hacking something left up to the bad guys? Certainly not! Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your system to better protect your network against malicious attacks. This revised text helps you recognize any vulnerabilities that are lurking in your system, allowing you to fix them before someone else finds them. Penetration testing, vulnerability assessments, security best practices, and other aspects of ethical hacking are covered in this book, including Windows 10 hacks, Linux hacks, web application hacks, database hacks, VoIP hacks, and mobile computing hacks. Additionally, you have access to free testing tools and an appendix detailing valuable tools and resources. Ethical hacking entails thinking like the bad guys to identify any vulnerabilities that they might find in your system—and fixing them before they do. Also called penetration testing, ethical hacking is essential to keeping your system, and all of its data, secure. Understanding how to perform effective ethical hacking can improve the safety of your network. Defend your system—and all of the data it holds—against the latest Windows 10 and Linux hacks Develop an effective ethical hacking plan that keeps your system safe Protect your web applications, databases, laptops, and smartphones by going beyond simple hacking strategies Leverage the latest testing tools and techniques when using ethical hacking to keep your system secure Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your own system to protect it—and it will become your go-to reference when ethical hacking is on your to-do list.

Подробнее