首页 [黑客大曝光(第6版)].Hacking.Exposed.6Th.Ed.pdf

[黑客大曝光(第6版)].Hacking.Exposed.6Th.Ed.pdf

[黑客大曝光(第6版)].Hacking.Exposed.6T…

上传者: 三少 2011-05-06 评分1 评论0 下载26 收藏0 阅读量1016 暂无简介 简介 举报

简介:本文档为《[黑客大曝光(第6版)].Hacking.Exposed.6Th.Edpdf》,可适用于IT书籍领域,主题内容包含HACKINGEXPOSED:NETWORKSECURITYSECRETSSOLUTIONSThispageintentionallyleftbla符等。

HACKINGEXPOSED:NETWORKSECURITYSECRETSSOLUTIONSThispageintentionallyleftblankHACKINGEXPOSED:NETWORKSECURITYSECRETSSOLUTIONSSTUARTMCCLUREJOELSCAMBRAYGEORGEKURTZNewYorkChicagoSanFranciscoLisbonLondonMadridMexicoCityMilanNewDelhiSanJuanSeoulSingaporeSydneyTorontoCopyrightbyTheMcGrawHillCompaniesAllrightsreservedExceptaspermittedundertheUnitedStatesCopyrightActof,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisherISBN:MHID:ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:,MHID:AlltrademarksaretrademarksoftheirrespectiveownersRatherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademarkWheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcapsMcGrawHilleBooksareavailableatspecialquantitydiscountstouseaspremiumsandsalespromotions,orforuseincorporatetrainingprogramsTocontactarepresentativepleasevisittheContactUspageatwwwmhprofessionalcomInformationhasbeenobtainedbyMcGrawHillfromsourcesbelievedtobereliableHowever,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGrawHill,orothers,McGrawHilldoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformationTERMSOFUSEThisisacopyrightedworkandTheMcGrawHillCompanies,Inc(“McGrawHill”)anditslicensorsreserveallrightsinandtotheworkUseofthisworkissubjecttothesetermsExceptaspermittedundertheCopyrightActofandtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGrawHill’spriorconsentYoumayusetheworkforyourownnoncommercialandpersonaluseanyotheruseoftheworkisstrictlyprohibitedYourrighttousetheworkmaybeterminatedifyoufailtocomplywiththesetermsTHEWORKISPROVIDED“ASIS”McGRAWHILLANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSEMcGrawHillanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedintheworkwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfreeNeitherMcGrawHillnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtherefromMcGrawHillhasnoresponsibilityforthecontentofanyinformationaccessedthroughtheworkUndernocircumstancesshallMcGrawHillandoritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamagesThislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwiseFormybeautifulboys,ilufaanmw…ForSamantha,lumlg…tml!!!StuartTomylittleRockBand:youaremyidolsJoelTomylovingfamily,Anna,Alexander,andAllegra,whoprovideinspiration,guidance,andunwaveringsupportTomymom,Victoria,forhelpingmedefinemycharacterandforteachingmetoovercomeadversityGeorgeviHackingExposed:NetworkSecuritySecretsSolutionsABOUTTHEAUTHORSStuartMcClure,CISSP,CNE,CCSEWidelyrecognizedforhisextensiveandindepthknowledgeofsecurityproducts,StuartMcClureisconsideredoneoftheindustry’sleadingauthoritiesininformationsecuritytodayAwellpublishedandacclaimedsecurityvisionary,McClurehasovertwodecadesoftechnologyandexecutiveleadershipwithprofoundtechnical,operational,andfinancialexperienceStuartMcClureisVicePresidentofOperationsandStrategyfortheRiskComplianceBusinessUnitatMcAfee,whereheisresponsibleforthehealthandadvancementofsecurityriskmanagementandcomplianceproductsandservicesolutionsIn,StuartMcClurewasExecutiveDirectorofSecurityServicesatKaiserPermanente,theworld’slargesthealthmaintenanceorganization,whereheoversawsecurityprofessionalsandwasresponsibleforsecuritycompliance,oversight,consulting,architecture,andoperationsIn,McCluretookoverthetopspotasSeniorVicePresidentofGlobalThreats,runningallofAVERTAVERTisMcAfee’svirus,malware,andattackdetectionsignatureandheuristicresponseteam,whichincludesoverofthesmartestprogrammers,engineers,andsecurityprofessionalsfromaroundtheworldHisteammonitoredglobalsecuritythreatsandprovidedfollowthesunsignaturecreationcapabilitiesAmonghismanytacticalresponsibilities,McClurewasalsoresponsibleforprovidingstrategicvisionandmarketingfortheteamstoelevatethevalueoftheirsecurityexpertiseintheeyesofthecustomerandthepublicAdditionally,hecreatedthesemiannualSageMagazine,asecuritypublicationdedicatedtomonitoringglobalthreatsPriortotakingovertheAVERTteam,StuartMcClurewasSeniorVicePresidentofRiskManagementProductDevelopmentatMcAfee,Inc,wherehewasresponsiblefordrivingproductstrategyandmarketingfortheMcAfeeFoundstonefamilyofriskmitigationandmanagementsolutionsPriortohisroleatMcAfee,McClurewasfounder,president,andchieftechnologyofficerofFoundstone,Inc,whichwasacquiredbyMcAfeeinOctoberfor$MAtFoundstone,McClureledboththeproductvisionandstrategyforFoundstone,aswellasoperationalresponsibilitiesforalltechnologydevelopment,support,andimplementationMcCluredroveannualrevenuesoverpercenteveryyearsincethecompany’sinceptioninMcClurewasalsotheauthorofthecompany’sprimarypatent#,,In,hecreatedandcoauthoredHackingExposed:NetworkSecuritySecretsSolutions,thebestsellingcomputersecuritybook,withover,copiessoldtodateThebookhasbeentranslatedintomorethanlanguagesandisrankedthe#computerbookeversoldpositioningitasoneofthebestsellingsecurityandcomputerbooksinhistoryMcClurealsocoauthoredHackingExposedWindows(McGrawHillProfessional)andWebHacking:AttacksandDefense(AddisonWesley)PriortoFoundstone,McClureheldavarietyofleadershippositionsinsecurityandITmanagement,withErnstYoung’sNationalSecurityProfilingTeam,twoyearsasanindustryanalystwithInfoWorld’sTestCenter,fiveyearsasdirectorofITforbothstateAbouttheAuthorsviiandlocalCaliforniagovernment,twoyearsasownerofhisownITconsultancy,andtwoyearsinITwiththeUniversityofColorado,BoulderMcClureholdsabachelor’sdegreeinpsychologyandphilosophy,withanemphasisincomputerscienceapplicationsfromtheUniversityofColorado,BoulderHelaterearnednumerouscertificationsincludingISC’sCISSP,Novell’sCNE,andCheckPoint’sCCSEJoelScambray,CISSPJoelScambrayiscofounderandCEOofConsciere,aproviderofstrategicsecurityadvisoryservicesHehasassistedcompaniesrangingfromnewlymintedstartupstomembersoftheFortuneinaddressinginformationsecuritychallengesandopportunitiesforoveradozenyearsScambray’sbackgroundincludesrolesasanexecutive,technicalconsultant,andentrepreneurHewasaseniordirectoratMicrosoftCorporation,whereheledMicrosoft’sonlineservicessecurityeffortsforthreeyearsbeforejoiningtheWindowsplatformandservicesdivisiontofocusonsecuritytechnologyarchitectureJoelalsocofoundedsecuritysoftwareandservicesstartupFoundstone,Inc,andhelpedleadittoacquisitionbyMcAfeefor$MHehasalsoheldpositionsasaManagerforErnstYoung,ChiefStrategyOfficerforLeviathan,securitycolumnistforMicrosoftTechNet,EditoratLargeforInfoWorldMagazine,anddirectorofITforamajorcommercialrealestatefirmJoelScambrayhascoauthoredHackingExposed:NetworkSecuritySecretsSolutionssincehelpingcreatethebookinHeisalsoleadauthoroftheHackingExposedWindowsandHackingExposedWebApplicationsseries(bothfromMcGrawHillProfessional)Scambraybringstremendousexperienceintechnologydevelopment,IToperationssecurity,andconsultingtoclientsrangingfromsmallstartupstotheworld’slargestenterprisesHehasspokenwidelyoninformationsecurityatforumsincludingBlackHat,I,andTheAsiaEuropeMeeting(ASEM),aswellasorganizationsincludingCERT,TheComputerSecurityInstitute(CSI),ISSA,ISACA,SANS,privatecorporations,andgovernmentagenciessuchastheKoreanInformationSecurityAgency(KISA),FBI,andtheRCMPScambrayholdsabachelor’sofsciencefromtheUniversityofCaliforniaatDavis,anMAfromUCLA,andheisaCertifiedInformationSystemsSecurityProfessional(CISSP)GeorgeKurtz,CISSP,CISA,CPAFormerCEOofFoundstoneandcurrentSeniorVicePresidentGeneralManagerofMcAfee’sRiskComplianceBusinessUnit,GeorgeKurtzisaninternationallyrecognizedsecurityexpert,author,andentrepreneur,aswellasafrequentspeakeratmostmajorindustryconferencesKurtzhasoveryearsofexperienceinthesecurityspaceandhashelpedhundredsoflargeorganizationsandgovernmentagenciestacklethemostdemandingsecurityproblemsHehasbeenquotedorfeaturedinmanymajorpublications,mediaoutlets,andtelevisionprograms,includingCNN,FoxNews,ABCWorldNews,AssociatedPress,USAToday,WallStreetJournal,TheWashingtonPost,Time,ComputerWorld,eWeek,CNET,andothersviiiHackingExposed:NetworkSecuritySecretsSolutionsGeorgeKurtziscurrentlyresponsiblefordrivingMcAfee’sworldwidegrowthintheRiskCompliancesegmentsInthisrole,hehashelpedtransformMcAfeefromapointproductcompanytoaproviderofSecurityRiskManagementandComplianceOptimizationsolutionsDuringhistenure,McAfeehassignificantlyincreaseditsoverallenterpriseaveragesellingprice(ASP)anditscompetitivedisplacementsKurtzformerlyheldthepositionofSVPofMcAfeeEnterprise,wherehewasresponsibleforhelpingtodrivethegrowthoftheenterpriseproductportfolioonaworldwidebasisPriortohisroleatMcAfee,KurtzwasCEOofFoundstone,Inc,whichwasacquiredbyMcAfeeinOctoberInhispositionasCEO,KurtzbroughtauniquecombinationofbusinessacumenandtechnicalsecurityknowhowtoFoundstoneHavingraisedover$millioninfinancing,KurtzpositionedthecompanyforrapidgrowthandtookthecompanyfromstartuptooverpeopleandinfouryearsKurtz’sentrepreneurialspiritpositionedFoundstoneasoneofthepremier“pureplay”securitysolutionsprovidersintheindustryPriortoFoundstone,KurtzservedasaseniormanagerandthenationalleaderofErnstYoung’sSecurityProfilingServicesGroupDuringhistenure,KurtzwasresponsibleformanagingandperformingavarietyofeCommercerelatedsecurityengagementswithclientsinthefinancialservices,manufacturing,retailing,pharmaceuticals,andhightechnologyindustriesHewasalsoresponsibleforcodevelopingthe“ExtremeHacking”coursePriortojoiningErnstYoung,hewasamanageratPriceWaterhouse,wherehewasresponsiblefordevelopingtheirnetworkbasedattackandpenetrationmethodologiesusedaroundtheworldUnderGeorgeKurtz’sdirection,heandFoundstonehavereceivednumerousawards,includingInc’s“TopCompanies,”SoftwareCouncilofSouthernCalifornia’s“SoftwareEntrepreneuroftheYear”and“SoftwareCEOoftheYear,”FastCompany’s“Fast,”AmericanElectronicsAssociation’s“OutstandingExecutive,”Deloitte’s“Fast,”ErnstYoung’s“EntrepreneuroftheYearFinalist,”OrangeCounty’s“HottestPeople,”andothersKurtzholdsabachelorofsciencedegreefromSetonHallUniversityHealsoholdsseveralindustrydesignations,includingCertifiedInformationSystemsSecurityProfessional(CISSP),CertifiedInformationSystemsAuditor(CISA),andCertifiedPublicAccountant(CPA)HewasrecentlygrantedPatent#,,“Systemandmethodfornetworkvulnerabilitydetectionandreporting”AdditionalpatentsarestillpendingAbouttheContributingAuthorsNathanSportsmanisaninformationsecurityconsultantwhoseexperienceincludespositionsatFoundstone,adivisionofMcAfeeSymantecSunMicrosystemsandDellOvertheyears,SportsmanhashadtheopportunitytoworkacrossallmajorverticalsandhisclientshaverangedfromWallStandSiliconValleytogovernmentintelligenceagenciesandrenownededucationalinstitutionsHisworkspansseveralservicelines,buthespecializesinsoftwareandnetworksecuritySportsmanisalsoafrequentpublicspeakerHehaslecturedonthelatesthackingtechniquesfortheNationalSecurityAgency,servedasaninstructorfortheUltimateHackingSeriesatBlackHat,andisaregularpresenterforvarioussecurityorganizationssuchasISSA,Infragard,andAbouttheAuthorsixOWASPSportsmanhasdevelopedseveralsecuritytoolsandwasacontributortotheSolarisSoftwareSecurityToolkit(SST)IndustrydesignationsincludetheCertifiedInformationSystemsSecurityProfessional(CISSP)andGIACCertifiedIncidentHandler(GCIH)Sportsmanholdsabachelor’sofscienceinelectricalandcomputerengineeringfromTheUniversityofTexasatAustinBradAntoniewiczistheleaderofFoundstone’snetworkvulnerabilityandassessmentpenetrationservicelinesHeisaseniorsecurityconsultantfocusingoninternalandexternalvulnerabilityassessments,webapplicationpenetration,firewallandrouterconfigurationreviews,securenetworkarchitectures,andwirelesshackingAntoniewiczdevelopedFoundstone’sUltimateHackingwirelessclassandteachesbothUltimateHackingWirelessandthetraditionalUltimateHackingclassesAntoniewiczhasspokenatmanyevents,authoredvariousarticlesandwhitepapers,anddevelopedmanyofFoundstone’sinternalassessmenttoolsJonMcClintockisaseniorinformationsecurityconsultantlocatedinthePacificNorthwest,specializinginapplicationsecurityfromdesignthroughimplementationandintodeploymentHehasovertenyearsofprofessionalsoftwareexperience,coveringinformationsecurity,enterpriseandserviceorientedsoftwaredevelopment,andembeddedsystemsengineeringMcClintockhasworkedasaseniorsoftwareengineeronAmazoncom’sInformationSecurityteam,whereheworkedwithsoftwareteamstodefinesecurityrequirements,assessapplicationsecurity,andeducatedevelopersaboutsecuritysoftwarebestpracticesPriortoAmazon,JondevelopedsoftwareformobiledevicesandlowleveloperatingsystemanddevicedriversHeholdsabachelor’sofscienceincomputersciencefromCaliforniaStateUniversity,ChicoAdamCecchettihasoversevenyearsofprofessionalexperienceasasecurityengineerandresearcherHeisaseniorsecurityconsultantforLeviathanSecurityGrouplocatedinthePacificNorthwestCecchettispecializesinhardwareandapplicationpenetrationtestingHehasledassessmentsfortheFortuneinavastarrayofverticalsPriortoconsulting,hewasaleadsecurityengineerforAmazoncom,IncCecchettiholdsamaster’sdegreeinelectricalandcomputerengineeringfromCarnegieMellonUniversityAbouttheTechReviewerMichaelPrice,researchmanagerforMcAfeeFoundstone,iscurrentlyresponsibleforcontentdevelopmentfortheMcAfeeFoundstoneEnterprisevulnerabilitymanagementproductInthisrole,PriceworkswithandmanagesaglobalteamofsecurityresearchersresponsibleforimplementingsoftwarechecksdesignedtodetectthepresenceofvulnerabilitiesonremotecomputersystemsHehasextensiveexperienceintheinformationsecurityfield,havingworkedintheareasofvulnerabilityanalysisandsecuritysoftwaredevelopmentforovernineyearsThispageintentionallyleftblankxiATAGLANCEPartICasingtheEstablishmentFootprintingScanningEnumerationPartIISystemHackingHackingWindowsHackingUnixPartIIIInfrastructureHackingRemoteConnectivityandVoIPHackingNetworkDevicesWirelessHackingHackingHardwarePartIVApplicationandDataHackingHackingCodeWebHackingHackingtheInternetUserxiiHackingExposed:NetworkSecuritySecretsSolutionsPartVAppendixesAPortsBTopSecurityVulnerabilitiesCDenialofService(DoS)andDistributedDenialofService(DDoS)AttacksIndexxiiiCONTENTSForewordxixAcknowledgmentsxxiPrefacexxiiiIntroductionxxvPartICasingtheEstablishmentCaseStudyIAAASIt’sAllAboutAnonymi

职业精品

现金采购管理制度.doc

材料采购及出入库管理制度.doc

日常采购管理流程.doc

采购管理.ppt

用户评论

0/200
    暂无评论
上传我的资料

精彩专题

相关资料换一换

资料评价:

/ 720
所需积分:5 立即下载

意见
反馈

返回
顶部