Cyber Security Essentials /
Cyber Security Essentials /
- Boca Raton : Auerbach Publications, 2011.
- 342 pages: illustrations; 24 cm.
Cover
Half title
Title Page
Copyright Page
Table of Contents
A Note from the Executive Editors
About the Authors
Contributors
Chapter 1 Cyber Security Fundamentals
1.1 Network and Security Concepts
1.1.1 Information Assurance Fundamentals
1.1.1.1 Authentication
1.1.1.2 Authorization
1.1.1.3 Nonrepudiation
1.1.1.4 Confidentiality
1.1.1.5 Integrity
1.1.1.6 Availability
1.1.2 Basic Cryptography
1.1.3 Symmetric Encryption
1.1.3.1 Example of Simple Symmetric Encryption with Exclusive OR (XOR)
1.1.3.2 Improving upon Stream Ciphers with Block Ciphers
1.1.4 Public Key Encryption
1.1.5 The Domain Name System (DNS)
1.1.5.1 Security and the DNS
1.1.6 Firewalls
1.1.6.1 History Lesson
1.1.6.2 What’s in a Name?
1.1.6.3 Packet-Filtering Firewalls
1.1.6.4 Stateful Firewalls
1.1.6.5 Application Gateway Firewalls
1.1.6.6 Conclusions
1.1.7 Virtualization
1.1.7.1 In the Beginning, There Was Blue …
1.1.7.2 The Virtualization Menu
1.1.7.3 Full Virtualization
1.1.7.4 Getting a Helping Hand from the Processor
1.1.7.5 If All Else Fails, Break It to Fix It
1.1.7.6 Use What You Have
1.1.7.7 Doing It the Hard Way
1.1.7.8 Biting the Hand That Feeds
1.1.7.9 Conclusion
1.1.8 Radio-Frequency Identification
1.1.8.1 Identify What?
1.1.8.2 Security and Privacy Concerns
1.2 Microsoft Windows Security Principles
1.2.1 Windows Tokens
1.2.1.1 Introduction
1.2.1.2 Concepts behind Windows Tokens
1.2.1.3 Access Control Lists
1.2.1.4 Conclusions
1.2.2 Window Messaging
1.2.2.1 Malicious Uses of Window Messages
1.2.2.2 Solving Problems with Window Messages
1.2.3 Windows Program Execution
1.2.3.1 Validation of Parameters
1.2.3.2 Load Image, Make Decisions
1.2.3.3 Creating the Process Object
1.2.3.4 Context Initialization
1.2.3.5 Windows Subsystem Post Initialization
1.2.3.6 Initial Thread … Go!
1.2.3.7 Down to the Final Steps
1.2.3.8 Exploiting Windows Execution for Fun and Profit
1.2.4 The Windows Firewall
References
Chapter 2 Attacker Techniques and Motivations
2.1 How Hackers Cover Their Tracks (Antiforensics)
2.1.1 How and Why Attackers Use Proxies
2.1.1.1 Types of Proxies
2.1.1.2 Detecting the Use of Proxies
2.1.1.3 Conclusion
2.1.2 Tunneling Techniques
2.1.2.1 HTTP
2.1.2.2 DNS
2.1.2.3 ICMP
2.1.2.4 Intermediaries, Steganography, and Other Concepts
2.1.2.5 Detection and Prevention
2.2 Fraud Techniques
2.2.1 Phishing, Smishing, Vishing, and Mobile Malicious Code
2.2.1.1 Mobile Malicious Code
2.2.1.2 Phishing against Mobile Devices
2.2.1.3 Conclusions
2.2.2 Rogue Antivirus
2.2.2.1 Following the Money: Payments
2.2.2.2 Conclusion
2.2.3 Click Fraud
2.2.3.1 Pay-per-Click
2.2.3.2 Click Fraud Motivations
2.2.3.3 Click Fraud Tactics and Detection
2.2.3.4 Conclusions
2.3 Threat Infrastructure
2.3.1 Botnets
2.3.2 Fast-Flux
2.3.3 Advanced Fast-Flux
References
Chapter 3 Exploitation
3.1 Techniques to Gain a Foothold
3.1.1 Shellcode
3.1.2 Integer Overflow Vulnerabilities
3.1.3 Stack-Based Buffer Overflows
3.1.3.1 Stacks upon Stacks
3.1.3.2 Crossing the Line
3.1.3.3 Protecting against Stack-Based Buffer Overflows
3.1.3.4 Addendum: Stack-Based Buffer Overflow Mitigation
3.1.4 Format String Vulnerabilities
3.1.5 SQL Injection
3.1.5.1 Protecting against SQL Injection
3.1.5.2 Conclusion
3.1.6 Malicious PDF Files
3.1.6.1 PDF File Format
3.1.6.2 Creating Malicious PDF Files
3.1.6.3 Reducing the Risks of Malicious PDF Files
3.1.6.4 Concluding Comments
3.1.7 Race Conditions
3.1.7.1 Examples of Race Conditions
3.1.7.2 Detecting and Preventing Race Conditions
3.1.7.3 Conclusion
3.1.8 Web Exploit Tools
3.1.8.1 Features for Hiding
3.1.8.2 Commercial Web Exploit Tools and Services
3.1.8.3 Updates, Statistics, and Administration
3.1.8.4 Proliferation of Web Exploit Tools Despite Protections
3.1.9 DoS Conditions
3.1.10 Brute Force and Dictionary Attacks
3.1.10.1 Attack
3.2 Misdirection, Reconnaissance, and Disruption Methods
3.2.1 Cross-Site Scripting (XSS)
3.2.2 Social Engineering
3.2.3 WarXing
3.2.4 DNS Amplification Attacks
3.2.4.1 Defeating Amplification
References
Chapter 4 Malicious Code
4.1 Self-Replicating Malicious Code
4.1.1 Worms
4.1.2 Viruses
4.2 Evading Detection and Elevating Privileges
4.2.1 Obfuscation
4.2.2 Virtual Machine Obfuscation
4.2.3 Persistent Software Techniques
4.2.3.1 Basic Input–Output System (BIOS)/Complementary Metal-Oxide Semiconductor (CMOS) and Master Boot Record (MBR) Malicious Code
4.2.3.2 Hypervisors
4.2.3.3 Legacy Text Files
4.2.3.4 Autostart Registry Entries
4.2.3.5 Start Menu “Startup” Folder
4.2.3.6 Detecting Autostart Entries
4.2.4 Rootkits
4.2.4.1 User Mode Rootkits
4.2.4.2 Kernel Mode Rootkits
4.2.4.3 Conclusion
4.2.5 Spyware
4.2.6 Attacks against Privileged User Accounts and Escalation of Privileges
4.2.6.1 Many Users Already Have Administrator Permissions
4.2.6.2 Getting Administrator Permissions
4.2.6.3 Conclusion
4.2.7 Token Kidnapping
4.2.8 Virtual Machine Detection
4.2.8.1 Fingerprints Everywhere!
4.2.8.2 Understanding the Rules of the Neighborhood
4.2.8.3 Detecting Communication with the Outside World
4.2.8.4 Putting It All Together
4.2.8.5 The New Hope
4.2.8.6 Conclusion
4.3 Stealing Information and Exploitation
4.3.1 Form Grabbing
4.3.2 Man-in-the-Middle Attacks
4.3.2.1 Detecting and Preventing MITM Attacks
4.2.3.2 Conclusion
4.3.3 DLL Injection
4.3.3.1 Windows Registry DLL Injection
4.3.3.2 Injecting Applications
4.3.3.3 Reflective DLL Injections
4.3.3.4 Conclusion
4.3.4 Browser Helper Objects
4.3.4.1 Security Implications
References
Chapter 5 Defense and Analysis Techniques
5.1 Memory Forensics
5.1.1 Why Memory Forensics Is Important
5.1.2 Capabilities of Memory Forensics
5.1.3 Memory Analysis Frameworks
5.1.4 Dumping Physical Memory
5.1.5 Installing and Using Volatility
5.1.6 Finding Hidden Processes
5.1.7 Volatility Analyst Pack
5.1.8 Conclusion
5.2 Honeypots
5.3 Malicious Code Naming
5.3.1 Concluding Comments
5.4 Automated Malicious Code Analysis Systems
5.4.1 Passive Analysis
5.4.2 Active Analysis
5.4.3 Physical or Virtual Machines
5.5 Intrusion Detection Systems
References
Chapter 6 iDefense Special File Investigation Tools
Index
Cyber Security Essentials
The sophisticated methods used in recent high-profile cyber incidents have driven many to need to understand how such security issues work. Demystifying the complexity often associated with information assurance, Cyber Security Essentials provides a clear understanding of the concepts behind prevalent threats, tactics, and procedures. To accomplish this, the team of security professionals from VeriSign’s iDefense® Security Intelligence Services supply an extensive review of the computer security landscape. Although the text is accessible to those new to cyber security, its comprehensive nature makes it ideal for experts who need to explain how computer security works to non-technical staff. Providing a fundamental understanding of the theory behind the key issues impacting cyber security, the book: Covers attacker methods and motivations, exploitation trends, malicious code techniques, and the latest threat vectors Addresses more than 75 key security concepts in a series of concise, well-illustrated summaries designed for most levels of technical understanding Supplies actionable advice for the mitigation of threats Breaks down the code used to write exploits into understandable diagrams This book is not about the latest attack trends or botnets. It’s about the reasons why these problems continue to plague us. By better understanding the logic presented in these pages, readers will be prepared to transition to a career in the growing field of cyber security and enable proactive responses to the threats and attacks on the horizon.
9780815351429
005.8 / GRA
Cover
Half title
Title Page
Copyright Page
Table of Contents
A Note from the Executive Editors
About the Authors
Contributors
Chapter 1 Cyber Security Fundamentals
1.1 Network and Security Concepts
1.1.1 Information Assurance Fundamentals
1.1.1.1 Authentication
1.1.1.2 Authorization
1.1.1.3 Nonrepudiation
1.1.1.4 Confidentiality
1.1.1.5 Integrity
1.1.1.6 Availability
1.1.2 Basic Cryptography
1.1.3 Symmetric Encryption
1.1.3.1 Example of Simple Symmetric Encryption with Exclusive OR (XOR)
1.1.3.2 Improving upon Stream Ciphers with Block Ciphers
1.1.4 Public Key Encryption
1.1.5 The Domain Name System (DNS)
1.1.5.1 Security and the DNS
1.1.6 Firewalls
1.1.6.1 History Lesson
1.1.6.2 What’s in a Name?
1.1.6.3 Packet-Filtering Firewalls
1.1.6.4 Stateful Firewalls
1.1.6.5 Application Gateway Firewalls
1.1.6.6 Conclusions
1.1.7 Virtualization
1.1.7.1 In the Beginning, There Was Blue …
1.1.7.2 The Virtualization Menu
1.1.7.3 Full Virtualization
1.1.7.4 Getting a Helping Hand from the Processor
1.1.7.5 If All Else Fails, Break It to Fix It
1.1.7.6 Use What You Have
1.1.7.7 Doing It the Hard Way
1.1.7.8 Biting the Hand That Feeds
1.1.7.9 Conclusion
1.1.8 Radio-Frequency Identification
1.1.8.1 Identify What?
1.1.8.2 Security and Privacy Concerns
1.2 Microsoft Windows Security Principles
1.2.1 Windows Tokens
1.2.1.1 Introduction
1.2.1.2 Concepts behind Windows Tokens
1.2.1.3 Access Control Lists
1.2.1.4 Conclusions
1.2.2 Window Messaging
1.2.2.1 Malicious Uses of Window Messages
1.2.2.2 Solving Problems with Window Messages
1.2.3 Windows Program Execution
1.2.3.1 Validation of Parameters
1.2.3.2 Load Image, Make Decisions
1.2.3.3 Creating the Process Object
1.2.3.4 Context Initialization
1.2.3.5 Windows Subsystem Post Initialization
1.2.3.6 Initial Thread … Go!
1.2.3.7 Down to the Final Steps
1.2.3.8 Exploiting Windows Execution for Fun and Profit
1.2.4 The Windows Firewall
References
Chapter 2 Attacker Techniques and Motivations
2.1 How Hackers Cover Their Tracks (Antiforensics)
2.1.1 How and Why Attackers Use Proxies
2.1.1.1 Types of Proxies
2.1.1.2 Detecting the Use of Proxies
2.1.1.3 Conclusion
2.1.2 Tunneling Techniques
2.1.2.1 HTTP
2.1.2.2 DNS
2.1.2.3 ICMP
2.1.2.4 Intermediaries, Steganography, and Other Concepts
2.1.2.5 Detection and Prevention
2.2 Fraud Techniques
2.2.1 Phishing, Smishing, Vishing, and Mobile Malicious Code
2.2.1.1 Mobile Malicious Code
2.2.1.2 Phishing against Mobile Devices
2.2.1.3 Conclusions
2.2.2 Rogue Antivirus
2.2.2.1 Following the Money: Payments
2.2.2.2 Conclusion
2.2.3 Click Fraud
2.2.3.1 Pay-per-Click
2.2.3.2 Click Fraud Motivations
2.2.3.3 Click Fraud Tactics and Detection
2.2.3.4 Conclusions
2.3 Threat Infrastructure
2.3.1 Botnets
2.3.2 Fast-Flux
2.3.3 Advanced Fast-Flux
References
Chapter 3 Exploitation
3.1 Techniques to Gain a Foothold
3.1.1 Shellcode
3.1.2 Integer Overflow Vulnerabilities
3.1.3 Stack-Based Buffer Overflows
3.1.3.1 Stacks upon Stacks
3.1.3.2 Crossing the Line
3.1.3.3 Protecting against Stack-Based Buffer Overflows
3.1.3.4 Addendum: Stack-Based Buffer Overflow Mitigation
3.1.4 Format String Vulnerabilities
3.1.5 SQL Injection
3.1.5.1 Protecting against SQL Injection
3.1.5.2 Conclusion
3.1.6 Malicious PDF Files
3.1.6.1 PDF File Format
3.1.6.2 Creating Malicious PDF Files
3.1.6.3 Reducing the Risks of Malicious PDF Files
3.1.6.4 Concluding Comments
3.1.7 Race Conditions
3.1.7.1 Examples of Race Conditions
3.1.7.2 Detecting and Preventing Race Conditions
3.1.7.3 Conclusion
3.1.8 Web Exploit Tools
3.1.8.1 Features for Hiding
3.1.8.2 Commercial Web Exploit Tools and Services
3.1.8.3 Updates, Statistics, and Administration
3.1.8.4 Proliferation of Web Exploit Tools Despite Protections
3.1.9 DoS Conditions
3.1.10 Brute Force and Dictionary Attacks
3.1.10.1 Attack
3.2 Misdirection, Reconnaissance, and Disruption Methods
3.2.1 Cross-Site Scripting (XSS)
3.2.2 Social Engineering
3.2.3 WarXing
3.2.4 DNS Amplification Attacks
3.2.4.1 Defeating Amplification
References
Chapter 4 Malicious Code
4.1 Self-Replicating Malicious Code
4.1.1 Worms
4.1.2 Viruses
4.2 Evading Detection and Elevating Privileges
4.2.1 Obfuscation
4.2.2 Virtual Machine Obfuscation
4.2.3 Persistent Software Techniques
4.2.3.1 Basic Input–Output System (BIOS)/Complementary Metal-Oxide Semiconductor (CMOS) and Master Boot Record (MBR) Malicious Code
4.2.3.2 Hypervisors
4.2.3.3 Legacy Text Files
4.2.3.4 Autostart Registry Entries
4.2.3.5 Start Menu “Startup” Folder
4.2.3.6 Detecting Autostart Entries
4.2.4 Rootkits
4.2.4.1 User Mode Rootkits
4.2.4.2 Kernel Mode Rootkits
4.2.4.3 Conclusion
4.2.5 Spyware
4.2.6 Attacks against Privileged User Accounts and Escalation of Privileges
4.2.6.1 Many Users Already Have Administrator Permissions
4.2.6.2 Getting Administrator Permissions
4.2.6.3 Conclusion
4.2.7 Token Kidnapping
4.2.8 Virtual Machine Detection
4.2.8.1 Fingerprints Everywhere!
4.2.8.2 Understanding the Rules of the Neighborhood
4.2.8.3 Detecting Communication with the Outside World
4.2.8.4 Putting It All Together
4.2.8.5 The New Hope
4.2.8.6 Conclusion
4.3 Stealing Information and Exploitation
4.3.1 Form Grabbing
4.3.2 Man-in-the-Middle Attacks
4.3.2.1 Detecting and Preventing MITM Attacks
4.2.3.2 Conclusion
4.3.3 DLL Injection
4.3.3.1 Windows Registry DLL Injection
4.3.3.2 Injecting Applications
4.3.3.3 Reflective DLL Injections
4.3.3.4 Conclusion
4.3.4 Browser Helper Objects
4.3.4.1 Security Implications
References
Chapter 5 Defense and Analysis Techniques
5.1 Memory Forensics
5.1.1 Why Memory Forensics Is Important
5.1.2 Capabilities of Memory Forensics
5.1.3 Memory Analysis Frameworks
5.1.4 Dumping Physical Memory
5.1.5 Installing and Using Volatility
5.1.6 Finding Hidden Processes
5.1.7 Volatility Analyst Pack
5.1.8 Conclusion
5.2 Honeypots
5.3 Malicious Code Naming
5.3.1 Concluding Comments
5.4 Automated Malicious Code Analysis Systems
5.4.1 Passive Analysis
5.4.2 Active Analysis
5.4.3 Physical or Virtual Machines
5.5 Intrusion Detection Systems
References
Chapter 6 iDefense Special File Investigation Tools
Index
Cyber Security Essentials
The sophisticated methods used in recent high-profile cyber incidents have driven many to need to understand how such security issues work. Demystifying the complexity often associated with information assurance, Cyber Security Essentials provides a clear understanding of the concepts behind prevalent threats, tactics, and procedures. To accomplish this, the team of security professionals from VeriSign’s iDefense® Security Intelligence Services supply an extensive review of the computer security landscape. Although the text is accessible to those new to cyber security, its comprehensive nature makes it ideal for experts who need to explain how computer security works to non-technical staff. Providing a fundamental understanding of the theory behind the key issues impacting cyber security, the book: Covers attacker methods and motivations, exploitation trends, malicious code techniques, and the latest threat vectors Addresses more than 75 key security concepts in a series of concise, well-illustrated summaries designed for most levels of technical understanding Supplies actionable advice for the mitigation of threats Breaks down the code used to write exploits into understandable diagrams This book is not about the latest attack trends or botnets. It’s about the reasons why these problems continue to plague us. By better understanding the logic presented in these pages, readers will be prepared to transition to a career in the growing field of cyber security and enable proactive responses to the threats and attacks on the horizon.
9780815351429
005.8 / GRA