The stories about phishing attacks against banks are so true-to-life, it's chilling." --Joel Dubin, CISSP, Microsoft MVP in SecurityEvery day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out inHacker's Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you'll get a detailed analysis of how the experts solved each incident.

David Pollino leads research focusing on wireless and security technologies.

Mike Schiffman, CISSP, holds a research role at Cisco Systems, Inc., and serves on the advisory boards of Qualys, IMG Universal,Vigilant, and Sensory Networks.

Bill Pennington, CISSP, CCNA, manages research and development at WhiteHat Security, Inc.

Tony Bradley, CISSP-ISSAP, is a Fortune 100 security architect and consultant who has written for several computer security–related magazines and websites.

Foreword

xix

Acknowledgments

xxi

Introduction

xxiii

Part I Challenges

To Catch a Phish

3

(12)

Industry: Financial Services

Prevention Complexity: Moderate

Attack Complexity: Moderate

Mitigation Complexity: High

Owning the Pharm

15

(12)

Industry: Pharmaceutical

Prevention Complexity: Low

Attack Complexity: High

Mitigation Complexity: Moderate

Big Bait, Big Phish

27

(10)

Industry: E-commerce

Prevention Complexity: Medium

Attack Complexity: Hard

Mitigation Complexity: Hard

Shooting Phish in a Barrel

37

(10)

Industry: Public Relations

Prevention Complexity: Moderate

Attack Complexity: Moderate

Mitigation Complexity: Moderate

Too Few Secrets

47

(12)

Industry: Financial Services

Prevention Complexity: Moderate

Attack Complexity: Moderate

Mitigation Complexity: Moderate

Upgraded or ``Owned?''

59

(10)

Industry: Internet Service Provider

Prevention Complexity: Medium

Attack Complexity: Low

Mitigation Complexity: High

Pale Blue Glow

69

(8)

Industry: Banking and Finance

Prevention Complexity: Moderate

Attack Complexity: Easy

Mitigation Complexity: Moderate

Crossing the Line

77

(10)

Industry: Internet and Retail

Prevention Complexity: Medium

Attack Complexity: Medium

Mitigation Complexity: Medium to High

The Root of the Problem

87

(8)

Industry: Publishing

Prevention Complexity: Moderate

Attack Complexity: Moderate

Mitigation Complexity: Moderate

Firewall Insights

95

(8)

Industry: Small Bank

Prevention Complexity: Medium

Attack Complexity: Low

Mitigation Complexity: High

Peter LemonJello's ``A Series of Unfortunate Events''

103

(12)

Industry: Finance

Prevention Complexity: Easy

Attack Complexity: Medium

Mitigation Complexity: Easy

Share and Share Alike

115

(16)

Industry: Online Retail

Prevention Complexity: Moderate

Attack Complexity: Low

Mitigation Complexity: Low

The Holy Grail

131

(10)

Industry: Financial

Prevention Complexity: Moderate

Attack Complexity: High

Mitigation Complexity: Moderate

Open Source

141

(12)

Industry: Small Business

Prevention Complexity: Moderate

Attack Complexity: Easy

Mitigation Complexity: Easy

Cup of Chai

153

(14)

Industry: E-commerce

Prevention Complexity: Moderate

Attack Complexity: High

Mitigation Complexity: Moderate

Love Plus One

167

(12)

Industry: E-commerce

Prevention Complexity: Easy

Attack Complexity: Low

Mitigation Complexity: High

Bullet the Blue Sky

179

(10)

Industry: E-commerce

Prevention Complexity: High

Attack Complexity: Hard

Mitigation Complexity: Easy

The Insider III

189

(12)

Industry: Financial Institution

Prevention Complexity: Low

Attack Complexity: Low

Mitigation Complexity: Moderate

Jumping Someone Else's Train

201

(22)

Industry: Pharmaceutical

Prevention Complexity: Easy

Attack Complexity: Low

Mitigation Complexity: Low

The Not-So-Usual Suspects

223

(132)

Industry: Financial

Prevention Complexity: Moderate

Attack Complexity: High

Mitigation Complexity: Moderate

Part II Solutions

To Catch a Phish

235

(4)

Owning the Pharm

239

(6)

Big Bait, Big Phish

245

(6)

Shooting Phish in a Barrel

251

(6)

Too Few Secrets

257

(6)

Upgraded or ``Owned?''

263

(6)

Pale Blue Glow

269

(6)

Crossing the Line

275

(4)

The Root of the Problem

279

(12)

Firewall Insights

291

(4)

Peter Lemon Jello's ``A Series of Unfortunate Events''

295

(4)

Share and Share Alike

299

(8)

The Holy Grail

307

(8)

Open Source

315

(6)

Cup of Chai

321

(6)

Love Plus One

327

(4)

Bullet the Blue Sky

331

(6)

The Insider III

337

(6)

Jumping Someone Else's Train

343

(4)

The Not-So-Usual Suspects

347

(8)

Index

355

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Amazon no longer offers textbook rentals. We do!

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

Hacker's Challenge 3 20 Brand New Forensic Scenarios & Solutions

9780072263046

0072263040

Supplemental Materials

Summary

Author Biography

Table of Contents

Supplemental Materials

Rewards Program