Network Security and ISO 27001 / 17799 News
  Create an account
:: Home  ::  Downloads  ::  Your Account  ::  Forums  ::
Login
Nickname

Password

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
 
Site Navigation
· Home
· Contribute Story!
· Downloads
· Encyclopedia
· Feedback Form
· Forums
· Infosecurity
· Iso17799-FAQ
· Legal
· Maillists
· Newsfeeds
· RFCs
· Search
· Stories Archive
· Surveys
· Top 10
· Topics
· Web Links
· Your_Account
 
User Info
Welcome, Anonymous
Nickname
Password
(Register)
Membership:
Latest: REav
New Today: 0
New Yesterday: 0
Overall: 54703

People Online:
Visitors: 10
Members: 0
Total: 10
 
Who's Online
There are currently, 10 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
 
BS7799 and ISO 17799
The following resources should prove to be good starting points for the standards:

Theory & information:
BS7799 & ISO 27001
Official downloads:
BS7799, ISO 17799, ISO 27001
User group for both:
ISO 17799, ISO 27001

 
Survey
Have security issues stalled VoIP deployments within your company?

Yes
No



Results
Polls

Votes 140
 

Hacking Exposed

I am a senior engineer for managed network security operations, which includes conducting vulnerability assessments against client networks. I read this second edition to gain insights into ways to better assess a client's security posture, and also to understand some of the attacks I see while monitoring intrusion detection systems. Of the books I've read, Hacking Exposed remains the best guide to systematically assess and (if necessary) compromise hosts. By understanding black hat methods, defenders can better prepare for the tidal wave of exploits washing upon the networking shore. Parts I (Casing the Establishment), II (System Hacking), and III (Network Hacking) are a tour-de-force of attacker tools and techniques. While explaining how to penetrate systems, the authors spend a fair amount of time explaining how those systems work. From a system administration standpoint, these descriptions are pure gold. Since the authors are fairly operating system-agnostic, they show the pros and cons of Microsoft, UNIX, and Novell products in the harsh light of improved security. For example, the discussion of file handles, file descriptors, and signals in chapter 8 ("Hacking UNIX") helped me understand a little bit of UNIX's guts, while giving a security spin to file system operations. Thankfully, Hacking Exposed gives Microsoft operating systems plenty of attention. While recognizing that many of us dislike administering these systems, the authors provide helpful and solid chapters on Windows NT and Windows 2000. They also demonstrate many ways to use Windows as an attack platform. They convincingly show that if a scan can be performed in Linux, someone has developed a similar tool for Windows. My favorite issues in the book involved describing Windows rootkits (a recent development) and UNIX loadable kernel modules. On the negative side, I felt the book lost steam in section IV (Software Hacking), spending too much time repeating earlier material. Also, unless you're a relative newbie to security, you may become bored with the litany of historic deficiencies and required patches discussed in section IV. Overall, the second edition of Hacking Exposed remains a must-read book for security professionals. I recommend it as the sort of book one reads after gaining an overall sense of the security field and learning about TCP/IP. With those foundations in place, it's time to learn how black hats operate. If you're a system administrator, you'll learn how to fortify your network assets. If you're an intrusion detector, you'll learn what to watch for. If you're a pen-tester, you'll learn how to compromise hosts. Who could ask for more?

Added: August 14th 2003
Reviewer: Richard Bejtlich
Score:
Related Link: Purchase from Amazon
Hits: 3001
Language:

  

[ Back to Reviews Index | Post Comment ]

http://www.packetdefense.com. Network security and BS7799 / ISO 17799 / ISO 27001 News
2003 PacketDefense. Network Defense in Depth using ISO 27000
Web site engine's code is Copyright © 2003 by phpnuke dot org. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL.
Page Generation: 0.267 Seconds