SHOPPING CART $0.00
free shipping on orders over $35*
BUYBACK CART Buyback Cart Total Buyback Cart Total
free shipping on buybacks!
loading

    Seven Deadliest Microsoft Attacks

    ISBN-10: 1597495514
    ISBN-13: 9781597495516
    Author(s): Rob Kraus, Mike Borkin, Brian Barber, Naomi Alpern
    Buy it from: $31.10

    Order within the next: to receive same day shipping!

    Loading
    Customers Also Bought

    Publisher: Elsevier Science & Technology Books
    Binding: Paperback
    Pages: 192
    Size: 7.75" wide x 9.25" long x 0.75" tall
    Weight: 0.880
    Language: English

    Stacy Prowell is a senior member of the CERT technical staff, and chief scientist of STAR*Lab. He is an expert in the function-theoretic foundations of software, and is currently conducting research and development for function extraction technology. Prowell has managed both commercial and academic software development projects and consulted on design, development, and testing of applications ranging from consumer electronics to medical scanners, from small embedded real-time systems to very large distributed applications. Prior to joining the SEI in 2005, Prowell was a research professor at the University of Tennessee. To support wider adoption of rigorous methods in industry, he started the Experimentation, Simulation, and Prototyping (ESP) project at the University of Tennessee, which develops software libraries and tools to support application of model-based testing and sequence-based specification. Software developed by this program is in use by over 30 organizations. Prior to working at the university, he served as a consultant in the software industry. His research interests include rigorous software specification methods, automated statistical testing, and function-theoretic analysis of program behavior. Prowell holds a PhD in Computer Science from the University of Tennessee and is a member of the ACM, IEEE, and Sigma Xi.Rob Kraus (CISSP, C|EH, MCSE) is a Remote Security Services Supervisor with Digital Defense, Inc. He currently performs offensive-based security assessments consisting of penetration testing, vulnerability assessment, social engineering, wireless and VoIP penetration testing, and vulnerability research. Rob's background includes contracting as a security analyst for AT&T as well as provisioning and testing OC-192 fiber-optic networks while employed with Nortel Networks. He also speaks at information security conferences and universities in an effort to keep the information security community informed of current security trends and attack methodologies.Mike Borkin (MCSE, GSEC Gold) is an internationally recognized author and speaker in the area of IT security where he focuses mostly on data protection strategies, Microsoft security, and security architecture/engineering best practices. In addition to contributing articles related to security to magazines and speaking engagements for groups such as SANS and The Open Group in both the US and Europe, Mike is also the Co-Author of Vista Security for Dummies.

    Acknowledgments
    About the Authors
    Introduction
    Windows Operating System – Password Attacks
    Windows Passwords Overview
    Security Accounts Manager
    System Key (SYSKEY)
    LAN Manager Hash
    NT Hash
    LSA Secrets
    Password and Lockout Policies
    How Windows Password Attacks Work
    Dangers with Windows Password Attacks
    Obtaining Password Hashes
    Pass the Hash
    Timed Attacks to Circumvent Lockouts
    LSA Secrets
    Future of Windows Password Attacks
    Defenses against Windows Password Attacks
    Defense-in-Depth Approach
    Microsoft and Third-Party Software Patching
    Logical Access Controls
    Logging Security Events
    Implementing Password and Lockout Policies
    Disable LM Hash Storage for Domain and Local Systems
    SYSKEY Considerations
    Summary
    Active Directory – Escalation of Privilege
    Escalation of Privileges Attack Anatomy
    Dangers with Privilege Escalation Attacks
    Escalation through Batch Scripts
    Attacking Customer Confidence
    Horizontal Escalation
    Future of Privilege Escalation Attacks
    Defenses against Escalation of Privilege Attacks
    First Defensive Layer: Stop the Enemy at the Gate
    Second Defensive Layer: Privileges Must Be Earned
    Third Defensive Layer: Set the Rules for the Playground
    Fourth Defensive Layer: You'll Need That Secret Decoder Ring
    Summary
    Endnotes
    SQL Server – Stored Procedure Attacks
    How Stored Procedure Attacks Work
    Initiating Access
    Accessing Stored Procedures
    Dangers Associated with a Stored Procedure Attack
    Understanding Stored Procedure Vulnerabilities
    Adding a Local Administrator
    Keeping Sysadmin-Level Access
    Attacking with SQL Injection
    The Future of Stored Procedure Attacks
    Defenses against Stored Procedure Attacks
    First Defensive Layer: Eliminating First-Layer Attacks
    Second Defensive Layer: Reduce the First-Layer Attack Surface
    Third Defensive Layer: Reducing Second-Layer Attacks
    Fourth Defensive Layer: Logging, Monitoring, and Alerting
    Identifying Vital Attack Events
    Fifth Defensive Layer: Limiting the Impacts of Attacks
    Summary
    Endnotes
    Exchange Server – Mail Service Attacks
    How Mail Service Attacks Work
    Mail Flow Architecture
    Attack Points
    Dangers Associated with Mail Service Attacks
    Directory Harvest Attacks
    SMTP Auth Attacks
    Mail Relay Attacks
    The Future of Mail Service Attacks
    Defenses against Mail Service Attacks
    Defense in the Perimeter Network
    Defense on the Internal Network
    Supporting Services
    Summary
    Office – Macros and ActiveX
    Macro and Client-Side Attack Anatomy
    Macro Attacks
    ActiveX Attacks
    Dangers Associated with Macros and ActiveX
    Metasploit Reverse TCP Connection
    ActiveX Attack via Malicious Website
    Future of Macro and ActiveX Attacks
    Macro and ActiveX Defenses
    Deploy Network Edge Strategies
    Using Antivirus and Antimalware
    Update Frequently
    Using Office Security Settings
    Working Smart
    Summary
    Endnote
    Internet Information Services – Web Service Attacks
    Microsoft IIS Overview
    File Transfer Protocol Publishing Service
    WebDAV Extension
    ISAPI
    How IIS Attacks Work
    Dangers with IIS Attacks
    Dangerous HTTP Methods
    FTP Anonymous Access
    Directory Browsing
    Future of IIS Attacks
    Defenses Against IIS Attacks
    Disable Unused Services
    Default Configurations
    Account Security
    Patch Management
    Logging
    Segregate IIS
    Penetration Testing
    URLScan
    IIS Lockdown
    Summary
    SharePoint – Multi-tier Attacks
    How Multi-tier Attacks Work
    Multi-tier Attack Anatomy
    Dangers with Multi-tier Attacks
    Leveraging Operating System Vulnerabilities
    Indirect Attacks
    How Multi-tier Attacks Will Be Used in the, Future
    Defenses against Multi-tier Attacks
    First Defensive Layer: Failure to Plan = Plan to Fail
    Second Defensive Layer: Leave No Hole Unpatched
    Third Defensive Layer: Form the Protective Circle
    Summary
    Endnotes
    Index

    Buy it from $31.10

    Please choose a buying option

    Your Price:
    You save:
    Buy It Now
    what's this?
    Rush Rewards U
    Members Receive:
    coins
    coins
    You have reached 400 XP and carrot coins. That is the daily max!
    ×
    Free shipping on orders over $35*

    *A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

    Learn more about the TextbookRush Marketplace.

    ×