This specific ISBN edition is currently not available.View all copies of this ISBN edition:
24371-7 To safeguard your company's data, think like a hacker! When it comes to computer security, your livelihood and your company's future are on the line. It's not enough to simply follow a security "cookbook" : you need to get into the mind of your adversary, the hacker. In Halting the Hacker, a leading Fortune 500 security consultant shows you the approaches and techniques hackers use to gain access, privileges, and control of your UNIX system. You'll learn to look at your system the way a hacker does, identifying potential vulnerabilities. You'll learn what specific countermeasures to take now. Even more important, you'll learn how to recognize and respond to future security concerns-before they become catastrophes.You'll discover: *How hackers transform minor oversights into major security breaches *How hackers cover their tracks while leaving "back doors" into your system *How to protect your system against disgruntled or dishonest insiders *How to detect break-ins-and what to do next Halting the Hacker even includes an exclusive CD-ROM software library of tools to detect and eliminate security problems, and a comprehensive information archive on security and hacker-related topics. If you're responsible for the security of a UNIX computer system, you're up against some extraordinarily smart and persistent adversaries. You need to even the odds. You need Halting the Hacker.
"synopsis" may belong to another edition of this title.
DONALD A. PIPKIN is a technical consultant for Hewlett-Packard specializing in security issues. His consulting clients include Fortune 500 leaders such as Chevron, Northern Telecom, Wal-Mart and Abbott Labs. He has also delivered security presentations for a wide variety of leading industry organizations.Excerpt. © Reprinted by permission. All rights reserved.:
This book is designed to give system and security managers insight into the mind of a hacker and to provide tools to fight both existing and yet-to-come system attacks. You will see that even seemingly harmless services can become valuable tools in the hands of a skilled hacker who uses them to search for weak points in a system.
What sets this book apart from the other security manuals on your shelf are the following features.
* It is written with a dual viewpoint: We look through the eyes of a potential intruder, and expose cracks in systems that can be widened to gain access or privileges, and we also take the system manager's viewpoint and explore methods of sealing those cracks. This dual viewpoint allows you to understand how a hacker thinks so you can block the intruder.
* Many security books use a cookbook approach, just telling you what ingredients you need to make the system secure without providing any understanding of why you use those particular tools. This book explains why and how a problem can be leveraged into a security breach and discusses how to fix it. Rather than discussing specific current software bugs, it provides you with an understanding of the nature of problems to such an extent that you will be able to recognize potential problems in the future whether or not they are discussed in security manuals. Specific security problems can be repaired through the use of specific procedures, but this is a short-term solution until the next breaches appear. Understanding the why of a problem is a skill you can use throughout your career.
* This book is organized by the processes hackers use to gain access, privileges and control of a computer system, instead of simply illustrating how to secure each software subsystem. This helps you understand how the different subsystems can be used in harmony to attack a computer, and how the changes you make in one system can affect another and leave you without a secure computer system.
* Several examples of actual events show real-world situations and how the tools in this book can be applied to resolve them.
* Special sidebars give background and historic information on subjects that remain confusing to many UNIX administrators.
The accompanying CD-ROM contains programs you can use immediately to detect and eliminate potential security problems. The CD-ROM also contains an information archive covering a number of security- and hacker-related topics.
Never in the history of computing has there been such a great opportunity for hackers to gain access to computers as there is today. The explosive growth of international networking, with the increasing number of computers and growing connectivity, has provided an ease of access to computers heretofore unknown. Additionally, companies are entering into new business arangements with partners that require greater sharing of information with individuals who are not employees. Organizations are also providing their employees with portable computers for "mobile computing" and with this growth of telecommuting, companies are opening new doors to the outside.
In addition, the falling prices and the increasing performance of computer equipment have made it possible for almost any hacker to afford a powerful computer system of his own and the increased availability of easy to use hacker tools can make anyone a hacker. At the same time, the trends toward downsizing from proprietary mainframes to open systems, the demand for the information on office PCs to be shared through servers, and the reduction of staff to contain costs have led to many systems with inexperienced managers, managing a greater number of systems with operating environments with which they are unfamiliar. The combination of ease of access with overworked and inexperienced system managers is a potentially explosive one.
This book is intended for system managers, security managers and others in the computer security field. There is a thin line between informing system managers and providing a guidebook for hackers. It is unavoidable that some will utilize this book to attempt to hack into systems. The information here is broadly available to those who know where to look for it. Unfortunately, all too often it is the hacker who knows where to look and those responsible for computer security who do not. System managers generally do not have the time or inclination to peruse the dark corners of the Internet for hacking information and tools and certainly they are not going to cruise the bulletin boards that are frequented by hackers.
This book will limit its discussion to the UNIX operating system. It is the largest segment of multiuser operating systems and many companies are migrating from mainframes and proprietary operating systems to UNIX because of the cost benefits of an open system. This often puts the system and security managers into unknown territory.
This book will not cover current bugs in software, since new ones appear as rapidly as others are found and repaired. However, it will discuss a few historic software bugs in the UNIX environment that have been repaired in current releases but remain on the hackers' hit list.
In the computer industry, security has mostly been an afterthought. It is often thought that putting security into programs that don't demand it will only get in the way. Most software systems have evolved from older systems and quite often large software systems actually incorporate code from many sources, written by many more authors. When you have software that does not have a single design, it is almost impossible to design security into it after the fact.
Computer security is a part of the larger field of corporate information security and has a significant effect on system availability. Data security encompasses all aspects of management of proprietary information, including information classification, ownership, appropriate access, use, handling and storage.
Vendors in the computer industry have spent a good deal of time and money addressing the other areas of data security and system availability. Most corporations have a disaster plan in place that has detailed contingency plans that cover fire, flood, and earthquake but rarely do they cover security-based disasters. Even though only 20 percent of corporate losses are from this threat, a tremendous amount of money and resources are spent each year to reduce the losses from physical disasters. However, few company disaster plans cover contingencies for the losses due to computer security incidents. Over 25 percent of corporate losses are a result of malicious activities, with the greatest share (80 percent) of these being the result of disgruntled or dishonest employees, the rest being the result of outside threats. These outside threats account for only five percent of corporate losses. However, this tiny percent gets the lion's share of the publicity. They can be much more damaging to the company's reputation than the actual damage they may cause to the data they compromise. The remaining 55 percent of data losses are the result of human error. This is caused by poorly trained or poorly supervised employees working on systems that they do not understand.
For so many years the computer industry has addressed security by burying its proverbial head in the sand, thinking that it can keep security by secrecy. Even today, many of the computer security discussion groups require proof that you are a corporate security manager. The theory seems to be that keeping hackers out of the discussions of known bugs will keep them from finding them. Given the number of bugs that are exploited by hackers before patches are made available, it seems that this strategy has been ineffective.
This book puts the hacker under the microscope to bring to light the common motives and basic methods that are used. In so doing it gives you, the system manager, the knowledge to apply security effort efficiently and effectively to secure systems now and into the future.
"About this title" may belong to another edition of this title.
Book Description Prentice Hall, 1996. Paperback. Condition: New. Seller Inventory # KSK-9780132437189
Book Description Condition: New. New. Seller Inventory # STRM-013243718x
Book Description Prentice Hall Ptr, 1996. Condition: New. book. Seller Inventory # M013243718X