Combinatorial Designs for Authentication and Secrecy Codes is a succinct in-depth review and tutorial of a subject that promises to lead to major advances in computer and communication security. This monograph provides a tutorial on combinatorial designs, which gives an overview of the theory. Furthermore, the application of combinatorial designs to authentication and secrecy codes is described in depth. This close relationship of designs with cryptography and information security was first revealed in Shannon's seminal paper on secrecy systems. The authors bring together in one source foundational and current contributions concerning design-theoretic constructions and characterizations of authentication and secrecy codes.

Master the skills necessary to launch and complete a successful computer investigation with the updated fourth edition of this popular book, GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS. This resource guides readers through conducting a high-tech investigation, from acquiring digital evidence to reporting its findings. Updated coverage includes new software and technologies as well as up-to-date reference sections, and content includes how to set up a forensics lab, how to acquire the proper and necessary tools, and how to conduct the investigation and subsequent digital analysis. It is appropriate for students new to the field, or as a refresher and technology update for professionals in law enforcement, investigations, or computer security. The book features free downloads of the latest forensic software, so readers can become familiar with the tools of the trade.

Nearly forty percent of the world's 1 billion+ Internet users are wireless. It's a truly staggering fact to think that the majority of these wireless implementations are fundamentally insecure, leaving users and private data at risk.
Many wireless proprietors think that the convenience of wireless outweighs the possible risk of insecure impelentation, or that secure wireless is far too complicated to worry about deploying.
"SonicWALL(r) Secure Wireless Networks Integrated Solutions Guide" provides a systematic approach to creating secure wireless networks, using the Plan, Design, Implement, and Optimize model. This introduction to wireless network security is both comprehensive and easy to understand. Using straightforward language, this book describes deployment best practices, what SonicWALL security appliances do, and how they interoperate within an existing or new network. It begins with brief overviews of the theory of risk management, the history of wireless networks, and today s top five wireless threats. Real-world case studies highlight wireless solution business drivers for education, healthcare, retail and hospitality, and government agencies, as well as their respective regulatory compliance requirements. SonicWALL believes that the days of being forced to accept inherent risk in wireless networking are over. By using modern security standards and sound network design methods, your wireless network should be just as secure as your wired network.
Wireless networks can be made as secure as wired networks, and deploying this type of security can be far less complicated than you think. In this book, and through their massive product offerings, SonicWALL gives you (the secure wireless network hopeful) all of the planning, implementation, and optimizing tools you need to do wireless. Securely.
* Official guide from SonicWALL
* Written by SonicWALL engineers and documentation specialists
* Appropriate for all audiences, from the small proprietor to the enterprise IT specialist
* A complete reference to plan, design, implement, and optimize a secure wireless network with SonicWALL's extensive wireless product offerings"

The security field evolves rapidly becoming broader and more complex each year. The common thread tying the field together is the discipline of management. The Best Damn Security Manager's Handbook Period has comprehensive coverage of all management issues facing IT and security professionals and is an ideal resource for those dealing with a changing daily workload.
Coverage includes Business Continuity, Disaster Recovery, Risk Assessment, Protection Assets, Project Management, Security Operations, and Security Management, and Security Design & Integration.
Compiled from the best of the Syngress and Butterworth Heinemann libraries and authored by business continuity expert Susan Snedaker, this volume is an indispensable addition to a serious security professional's toolkit.
* An all encompassing book, covering general security management issues and providing specific guidelines and checklists
* Anyone studying for a security specific certification or ASIS certification will find this a valuable resource
* The only book to cover all major IT and security management issues in one place: disaster recovery, project management, operations management, and risk assessment

This book provides IT security professionals with the information (hardware, software, and procedural requirements) needed to create, manage and sustain a digital forensics lab and investigative team that can accurately and effectively analyze forensic data and recover digital evidence, while preserving the integrity of the electronic evidence for discovery and trial.
IDC estimates that the U.S. market for computer forensics will be grow from $252 million in 2004 to $630 million by 2009. Business is strong outside the United States, as well. By 2011, the estimated international market will be $1.8 billion dollars. The Techno Forensics Conference, to which this book is linked, has increased in size by almost 50% in its second year; another example of the rapid growth in the digital forensics world.
The TechnoSecurity Guide to Digital Forensics and E-Discovery features:
* Internationally known experts in computer forensics share their years of experience at the forefront of digital forensics
* Bonus chapters on how to build your own Forensics Lab
* 50% discount to the upcoming Techno Forensics conference for everyone
who purchases a book

This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.
This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF s capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.
. A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations
. The Metasploit Framework is the most popular open source exploit platform, and there are no competing books
. The book's companion Web site offers all of the working code and exploits contained within the book"

Software forensics -- analyzing program code to track, identify, and prosecute computer virus perpetrators -- has emerged as one of the most promising and technically challenging aspects of information management and security.

This is a technical tutorial that thoroughly examines the programming tools, investigative and analysis methods, and legal implications of the complex evidence chain. Also included are eye-opening case studies, including the famous Enron case, and sample code from real criminal investigations.

Written by a security consultant whose clients include the Canadian Government, Software Forensics covers:



* Basic concepts

* Hackers, crackers, and phreaks

* Objects of analysis: text strings, source code, machine code

* User interfaces and commands

* Program structures and versions

* Virus families

* Function indicators

* Stylistic analysis

* and much more

There is no better or faster way for programmers, security analysts and consultants, security officers in the enterprise, application developers, lawyers, judges, and anyone else interested in software forensics to get up to speed on forensic programming tools and methods and the nature of cyber evidence.

This book is an easy-to-read guide to using IPCop in a variety of different roles within the network. The book is written in a very friendly style that makes this complex topic easy and a joy to read. It first covers basic IPCop concepts, then moves to introduce basic IPCop configurations, before covering advanced uses of IPCop. This book is for both experienced and new IPCop users. IPCop is a powerful, open source, Linux based firewall distribution for primarily Small Office Or Home (SOHO) networks, although it can be used in larger networks. It provides most of the features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way. This book is an easy introduction to this popular application. After introducing and explaining the foundations of firewalling and networking and why they're important, the book moves on to cover using IPCop, from installing it, through configuring it, to more advanced features, such as configuring IPCop to work as an IDS, VPN and using it for bandwidth management. While providing necessary theoretical background, the book takes a practical approach, presenting sample configurations for home users, small businesses, and large businesses. The book contains plenty of illustrative examples. Chapter 1 briefly introduces some firewall and networking concepts. The chapter introduces the roles of several common networking devices and explains how firewalls fit into this. Chapter 2 introduces the IPCop package itself, discussing how IPCop's red/orange/blue/green interfaces fit into a network topology. It then covers the configuration of IPCop in other common roles, such as those of a web proxy, DHCP, DNS, time, and VPN server. Chapter 3 covers three sample scenarios where we learn how to deploy IPCop, how IPCop interfaces connect to each other and to the network as a whole. Chapter 4 covers installing IPCop. It outlines the system configuration required to run IPCop, and explains the configuration required to get IPCop up and running. In Chapter 5, we will learn how to employ the various tools IPCop provides us with to administrate, operate, troubleshoot, and monitor our IPCop firewall Chapter 6 starts off with explaining the need for an IDS in our system and then goes on to explain how to use the SNORT IDS with IPCop. Chapter 7 introduces the VPN concept and explains how to set up an IPSec VPN configuration for a system. Special focus is laid on configuring the blue zone - a secured wireless network augmenting the security of a wireless segment, even one already using WEP or WPA. Chapter 8 demonstrates how to manage bandwidth using IPCop making use of traffic shaping techniques and cache management. The chapter also covers the configuration of the Squid web proxy and caching system. Chapter 9 focuses on the vast range of add-ons available to configure IPCop to suit our needs. We see how to install add-ons and then learn more about common add-ons like SquidGuard, Enhanced Filtering, Blue Access, LogSend, and CopFilter. Chapter 10 covers IPCop security risks, patch management and some security and auditing tools and tests. Chapter 11 outlines the support IPCop users have in the form of mailing lists and IRC. The book is suitable for anyone interested in securing their networks with IPCop - from those new to networking and firewalls, to networking and IT Professionals with previous experience of IPCop. No knowledge of Linux or IPCop is required.

The only guide for software developers who must learn and implement cryptography safely and cost effectively.
The book begins with a chapter that introduces the subject of cryptography to the reader. The second chapter discusses how to implement large integer arithmetic as required by RSA and ECC public key algorithms The subsequent chapters discuss the implementation of symmetric ciphers, one-way hashes, message authentication codes, combined authentication and encryption modes, public key cryptography and finally portable coding practices. Each chapter includes in-depth discussion on memory/size/speed performance trade-offs as well as what cryptographic problems are solved with the specific topics at hand.
* The author is the developer of the industry standard cryptographic suite of tools called LibTom
* A regular expert speaker at industry conferences and events on this development
* The book has a companion Web site with over 300-pages of text on implementing multiple precision arithmetic

This is the first of two books serving as an expanded and up-dated version of Windows Server 2003 Security Infrastructures for Windows 2003 Server R2 and SP1 & SP2. The authors choose to encompass this material within two books in order to illustrate the intricacies of the different paths used to secure MS Windows server networks.
Since its release in 2003 the Microsoft Exchange server has had two important updates, SP1 and SP2. SP1, allows users to increase their security, reliability and simplify the administration of the program. Within SP1, Microsoft has implemented R2 which improves identity and access management across security-related boundaries. R2 also improves branch office server management and increases the efficiency of storage setup and management. The second update, SP2 minimizes spam, pop-ups and unwanted downloads. These two updated have added an enormous amount of programming security to the server software.
* Covers all SP1 and SP2 updates
* Details strategies for patch management
* Provides key techniques to maintain security application upgrades and updates

Essential Computer Security provides the vast home user and small office computer market with the information they must know in order to understand the risks of computing on the Internet and what they can do to protect themselves.
Tony Bradley is the Guide for the About.com site for Internet Network Security. In his role managing the content for a site that has over 600,000 page views per month and a weekly newsletter with 25,000 subscribers, Tony has learned how to talk to people, everyday people, about computer security. Intended for the security illiterate, Essential Computer Security is a source of jargon-less advice everyone needs to operate their computer securely.
* Written in easy to understand non-technical language that novices can comprehend
* Provides detailed coverage of the essential security subjects that everyone needs to know
* Covers just enough information to educate without being overwhelming

The book covers a decade of work with some of the largest commercial and government agencies around the world in addressing cyber security related to malicious insiders (trusted employees, contractors, and partners). It explores organized crime, terrorist threats, and hackers. It addresses the steps organizations must take to address insider threats at a people, process, and technology level.
Today's headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats, and terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16-year-old hacker. We are talking about insiders like you and me, trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anyone in an organization's building or networks that possesses some level of trust.
* Full coverage of this hot topic for virtually every global 5000 organization, government agency, and individual interested in security.
* Brian Contos is the Chief Security Officer for one of the most well known, profitable and respected security software companies in the U.S.-ArcSight.

This is the only book that covers all the topics that any budding security manager needs to know This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks.
These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory.
Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: Design the organization chart of his new security organization Design and implement policies and strategies Navigate his way through jargon filled meetings Understand the design flaws of his E-commerce and DMZ infrastructure
* A clearly defined guide to designing the organization chart of a new security organization and how to implement policies and strategies
* Navigate through jargon filled meetings with this handy aid
* Provides information on understanding the design flaws of E-commerce and DMZ infrastructure"

A firewall is as good as its policies and the security of its VPN connections. The latest generation of firewalls offers a dizzying array of powerful options; they key to success is to write concise policies that provide the appropriate level of access while maximizing security.
This book covers the leading firewall products: Cisco PIX, Check Point NGX, Microsoft ISA Server, Juniper s NetScreen Firewall, and SonicWall. It describes in plain English what features can be controlled by a policy, and walks the reader through the steps for writing the policy to fit the objective. Because of their vulnerability and their complexity, VPN policies are covered in more depth with numerous tips for troubleshooting remote connections.
. The only book that focuses on creating policies that apply to multiple products.
. Included is a bonus chapter on using Ethereal, the most popular protocol analyzer, to monitor and analyze network traffic.
. Shows what features can be controlled by a policy, and walks you through the steps for writing the policy to fit the objective at hand"

Information Security: Contemporary Cases Addresses Fundamental Information Security Concepts In Realistic Scenarios. Through A Series Of Substantive Cases, Different Aspects Of Information Security Are Addressed By Real Organizations. The Organizations Include Kraft Foods, Advo, IBM, SRA, Aetna, The FBI, And The Yale New Haven Center For Emergency Preparedness And Disaster Response. Case Topics Include Data Protection, Integrating IT And Physical Security, Contingency Planning, Disaster Recovery, Network Security, Hardware Design, Encryption, Standards Compliance, Tracking Intruders, And Training And Awareness Programs. This Casebook Will Enable Students To Develop The Practical Understanding Needed For Today's Information Security And Information Assurance Profession.

Implementing cryptography requires integers of significant magnitude to resist cryptanalytic attacks. Modern programming languages only provide support for integers which are relatively small and single precision. The purpose of this text is to instruct the reader regarding how to implement efficient multiple precision algorithms.
Bignum math is the backbone of modern computer security algorithms. It is the ability to work with hundred-digit numbers efficiently using techniques that are both elegant and occasionally bizarre. This book introduces the reader to the concept of bignum algorithms and proceeds to build an entire library of functionality from the ground up. Through the use of theory, pseudo-code and actual fielded C source code the book explains each and every algorithm that goes into a modern bignum library. Excellent for the student as a learning tool and practitioner as a reference alike BigNum Math is for anyone with a background in computer science who has taken introductory level mathematic courses. The text is for students learning mathematics and cryptography as well as the practioner who needs a reference for any of the algorithms documented within.
* Complete coverage of Karatsuba Multiplication, the Barrett Algorithm, Toom-Cook 3-Way Multiplication, and More
* Tom St Denis is the developer of the industry standard cryptographic suite of tools called LibTom.
* This book provides step-by-step exercises to enforce concepts

Cryptography is the study of methods to transform information from its original comprehensible form into a scrambled incomprehensible form, such that its content can only be disclosed to some qualified persons. In the past, cryptography helped ensure secrecy in important communications, such as those of spies, military leaders, and diplomats. In recent decades, it has expanded in two main ways: firstly, it provides mechanisms for more than just keeping secrets through schemes like digital signatures, digital cash, etc; secondly, cryptography is used by almost all computer users as it is embedded into the infrastructure for computing and telecommunications. Cryptography ensures secure communications through confidentiality, integrity, authenticity and non-repudiation. Cryptography has evolved over the years from Julius Cesar's cipher, which simply shifts the letters of the words a fixed number of times, to the sophisticated RSA algorithm, which was invented by Ronald L. Rivest, Adi Shamir and Leonard M. Adleman, and the elegant AES cipher (Advanced Encryption Standard), which was invented by Joan Daemen and Vincent Rijmen. The need for fast but secure cryptographic systems is growing bigger. Therefore, dedicated hardware for cryptography is becoming a key issue for designers. With the spread of reconfigurable hardware such as FPGAs, embedded cryptographic hardware became cost-effective. Nevertheless, it is worthy to note that nowadays, even hardwired cryptographic algorithms are not safe. Attacks based on power consumption and electromagnetic Analysis, such as SPA, DPA and EMA have been successfully used to retrieve secret information stored in cryptographic devices. Besides performance in terms of area and throughput, designer of embedded cryptographic hardware must worry about the leakage of their implementations. The content of this book is divided into three main parts, which are focused on new trends in cryptographic hardware, arithmetic and factoring.

A fascinating work on the history and development of cryptography, from the Egyptians to WWII. Many of the earliest books, particularly those dating back to the 1900s and before, are now extremely scarce and increasingly expensive. Hesperides Press are republishing these classic works in affordable, high quality, modern editions, using the original text and artwork Contents Include - The Beginings of Cryptography - From the Middle Ages Onwards - Signals, Signs, And Secret Languages - Commercial Codes - Military Codes and Ciphers - Types of Codes and Ciphers - Methods of Deciphering - Bibliography

Take network security to the next level!This book has never before published advanced security techniques and step-by-step instructions showing how to defend against devastating vulnerabilities to systems and network infrastructure.Just about every day the media is reporting another hard-core hack against some organisation. It was reported mid-March that hackers had taken over one of Lexis Nexis' databases gaining access to the personal files of as many as 32,000 people. Extreme Exploits provides advanced methodologies and solutions needed to defend against sophisticated exploits by showing them how to use the latest advanced security tools. The book teaches you how little-known vulnerabilities have been successfully exploited in the real world and have wreaked havoc on large-scale networks.

User passwords are the keys to the network kingdom, yet most users choose overly simplistic passwords (like password) that anyone could guess, while system administrators demand impossible to remember passwords littered with obscure characters and random numerals.
Every computer user must face the problems of password security. According to a recent British study, passwords are usually obvious: around 50 percent of computer users select passwords based on names of a family member, spouse, partner, or a pet. Many users face the problem of selecting strong passwords that meet corporate security requirements. Too often, systems reject user-selected passwords because they are not long enough or otherwise do not meet complexity requirements. This book teaches users how to select passwords that always meet complexity requirements.
A typical computer user must remember dozens of passwords and they are told to make them all unique and never write them down. For most users, the solution is easy passwords that follow simple patterns. This book teaches users how to select strong passwords they can easily remember.
* Examines the password problem from the perspective of the administrator trying to secure their network
* Author Mark Burnett has accumulated and analyzed over 1,000,000 user passwords and through his research has discovered what works, what doesn't work, and how many people probably have dogs named Spot
* Throughout the book, Burnett sprinkles interesting and humorous password ranging from the Top 20 dog names to the number of references to the King James Bible in passwords

This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the Top 10 list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.
Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of log file. This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.
* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network
* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site.
* Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks"

LOCK IN PDA SECURITY:

* Let an IT security expert help you assess the PDA threat to your business

* Learn what you must do to lock out dangers -- password theft, viruses, electronic eavesdropping, mobile code and wireless vulnerabilities, data corruption, device loss and theft, and other risks

* Maximize and protect the value of increasingly capable personal digital assistants to your organization

DOWNSIZE PDA RISKS. SUPERSIZE PDA REWARDS.

PDAs have moved into the workplace. More than 25 million of them will soon be accessing company networks. Are you prepared? If you’re an information technology or business executive, the time is right to size up the unique security risks these small, portable devices pose. This essential primer for those deploying, managing or using PDAs in the workplace will help you understand and address the challenges presented by this emerging set of technologies. Written by respected IT security experts, PDA Security, shows you how to:

* Assess the level of threat posed by PDAs in your organization

* Develop a measured and enforceable policy response to minimize the risk

* Understand the technical issues and defend against the threats PDAs pose to privacy, theft of sensitive information, system corruption, and other issues of network and data misuse

* Analyze secure solutions for all major handhelds -- Palm, PocketPC, and RIM

* Examine a case study on securing Palm for the work environment

* Learn why solutions almost always involve the operating system

* Discover what White-Hat Hacking reveals about vulnerabilities

* Find profitable ways to integrate PDAs into business plans and networks, while downsizing risks

* Get an insider’s preview of the future of handhelds -- the PCs of the early twenty-first century

With a Foreword by Rebecca Bace, internationally renowned intrusion-detection and network-security specialist and former member of the United States Department of Defense National Security Agency (NSA).

For ongoing news and original content on PDA security, related Web sites, and a calendar of related events, visit www.pdasecurity-book.com

Network Security Evaluation provides a methodology for conducting technical security evaluations of all the critical components of a target network. The book describes how the methodology evolved and how to define the proper scope of an evaluation, including the consideration of legal issues that may arise during the evaluation. More detailed information is given in later chapters about the core technical processes that need to occur to ensure a comprehensive understanding of the network's security posture.
Ten baseline areas for evaluation are covered in detail. The tools and examples detailed within this book include both Freeware and Commercial tools that provide a detailed analysis of security vulnerabilities on the target network. The book ends with guidance on the creation of customer roadmaps to better security and recommendations on the format and delivery of the final report.
* There is no other book currently on the market that covers the National Security Agency's recommended methodology for conducting technical security evaluations
* The authors are well known in the industry for their work in developing and deploying network security evaluations using the NSA IEM
* The authors also developed the NSA's training class on this methodology

Take a proactive approach to enterprise network security by implementing preventive measures against attacks before they occur. Written by a team of IT security specialists, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Whether you're working on a Windows, UNIX, wireless, or mixed network, you'll get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan. With coverage of all major platforms and applications, this book is an essential security tool for on-the-job IT professionals. Features a four-part hardening methodology:

Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on network, data, and software access, storage, and communications Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing How to Succeed at Hardening Network Security--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

John Mallery is a Managing Consultant at BKD, LLP, and a veteran security specialist.

Jason Zann, CISSP, is an Information Security Consultant for DST Systems.

Patrick Kelly, CISSP, CCSE, MCSE, MCP+I, is an Information Assurance Engineer for ComGlobal Systems, Inc.

Paul Love, MS Network Security, CISSP, CISM, CISA, is a Security Manager with a large financial institution.

Wesley Noonan, MCSE, CCNA, CCDA, NNCSS, Security+, is aSenior Network Consultant for Collective Technologies, LLC.

Eric S. Seagren, CISSP, ISSAP, SCNP, CCNA, CNE, MCP+I, MCSE, is an IT architect, designing secure, scalable, and redundant networks.

Rob Kraft is the director of software development for KCX, Inc. Mark O'Neil is the CTO of Vordel and principal author of "Web Services Security."

Series Editor and author Roberta Bragg, CISSP, MCSE: Security, Security+, writes a column for Redmond Magazine and writes the weekly Security Watch newsletter. She is the author of "Hardening Windows Systems" and several other information security books.

"A must-read for anyone in security. One of the best security books available." . --Tony Bradley, CISSP, About.com.

"Authoritative.Even readers of earlier editions will find critical new insight on the more modern attacks." --From the Foreword by Gene Hodges, President of McAfee.

"A cross between a spy novel and a tech manual." --Mark A. Kellner, "Washington Times,"

"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." Bill Machrone, "PC Magazine,"

"With every edition this book keeps getting better and better. I can recommend it to anyone interested in computer security, as it will certainly give you a real-world course on the subject." Mirko Zorz, Net-security.org.

The fifth edition of this world-renowned security reference offers completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using the proven "Hacking Exposed" methodology, the book shows you, step by step, how to locate and patch system vulnerabilities and explains what you need to know to stay vigilant in today's 24x7 digital world. .

. New and Updated Material: . New chapter on hacking code, with contributions by Michael Howard, covering the ways flaws get introduced into software and how best to prevent them. New Windows hacks including RPCSS (Blaster), LSASS (Sasser), and PCT (Download.ject) buffer overflow exploits. Updated denial of service chapter with descriptions of large scale zombie attacks and practical countermeasures. Coverage of new web hacking tools and techniques including HTTP response splitting and automated vulnerability scanners. New content on remote connectivityincluding VoIP hacking. New coverage of web and e-mail client hacking, including the latest Internet Explorer exploits, phishing, spyware, rootkits, and bots. New hacks and countermeasures using Google as a reconnaissance tool. An updated footprinting chapter that deals with changes regarding finding information from Internet databases. Brand new case studies covering relevant and timely security attacks including Google, wireless, UNIX/Linux, and Mac OS X hacks.