An unimaginably vast amount of data is now generated by our on-line lives and businesses, At the same time, our ability to store, manage, analyse, and exploit this data is becoming ever more sophisticated. This Very Short Introduction maps out the technology, and also the range of possibilities, challenges, and ethical questions it raises.
´´Hacking´´ ist die Kunst, kreativ Probleme zu lösen - vom Entwickeln einer unkonventionellen Programmierlösung bis hin zum Aufdecken von Sicherheitslöchern in einem schlampig entworfenen Programm. Viele Menschen bezeichnen sich als Hacker, aber nur wenige besitzen das eigentlich notwendige Hintergrundwissen. Jon Erickson zeigt nicht, wie man sich existierende Exploits beschafft und diese einsetzt, sondern vermittelt detailliert, wie Hacking-Techniken und Exploits tatsächlich funktionieren. Dazu führt er aus einer Hacker-Perspektive in die Grundlagen der Programmiersprache C ein und erklärt die wesentlichen Aspekte der Computersicherheit in den drei eng zusammenhängenden Bereichen Programmierung, Vernetzung und Kryptografie. Mit der beiliegenden Live-CD und den darauf enthaltenen Beispielen können Sie die neu erworbenen Kenntnisse auch gleich praktisch anwenden. Nach der Lektüre werden Sie u.a. verstehen: - wie man in C, Assembler und mit Shell-Skripten programmiert, - wie manden Hauptspeicher durch Buffer Overflows und Format-String-Angriffe korrumpiert, - wie man Prozessor-Register und Hauptspeicher mit einem Debugger untersucht und so die Programmabläufe nachvollzieht, - wie man gängige Sicherheitsbarrieren - z.B. Intrusion-Detection-Systeme - überlistet, - wie man sich mit Port-Binding Zugang zu fremden Servern verschafft, - wie man Netzwerkverkehr umleitet und TCP-Verbindungen übernimmt. Mit der beiliegenden Live-CD und den darauf enthaltenen Beispielen können Sie die neu erworbenen Kenntnisse gleich praktisch anwenden. In der zweiten Auflage wurden alle Kapitel aktualisiert und erweitert, insbesondere die Einführung in die grundlegenden Funktionsweise eines Computers.
This modern treatment of computer vision focuses on learning and inference in probabilistic models as a unifying theme. It shows how to use training data to learn the relationships between the observed image data and the aspects of the world that we wish to estimate, such as the 3D structure or the object class, and how to exploit these relationships to make new inferences about the world from new image data. With minimal prerequisites, the book starts from the basics of probability and model fitting and works up to real examples that the reader can implement and modify to build useful vision systems. Primarily meant for advanced undergraduate and graduate students, the detailed methodological presentation will also be useful for practitioners of computer vision. - Covers cutting-edge techniques, including graph cuts, machine learning and multiple view geometry - A unified approach shows the common basis for solutions of important computer vision problems, such as camera calibration, face recognition and object tracking - More than 70 algorithms are described in sufficient detail to implement - More than 350 full-color illustrations amplify the text - The treatment is self-contained, including all of the background mathematics - Additional resources at www.computervisionmodels.com
Kein funktionsfähiges Unternehmensnetzwerk kann so abgeschottet werden, daß es hundertprozentige Sicherheit bietet. Gern wird übersehen, daß es aber nicht nur von außen erreichbar ist, auch durch Mitarbeiter sind ungewollte Zugriffe möglich. Es ist deshalb unabdingbar, Netzwerk und Anwendungen in regelmäßigen Abständen anhand simulierter Angriffe auf bekannte und unbekannte Sicherheitslücken zu untersuchen. Dieses Buch ist ein systematischer Leitfaden für solche Penetration-Tests und richtet sich an Security Consultants, die sich in die Materie einarbeiten müssen oder Kenntnisse vertiefen wollen. Einleitend klärt es die administrativen Voraussetzungen für ein professionelles Vorgehen vor Ort. Die ausführlichen Kapitel zu - Footprinting - Mapping und Application Mapping - Portscanning - OS- und Application Fingerprinting - Denial of Service liefern detaillierte technische Anleitungen für die kontrollierte Durchführung von Angriffen. Dabei wird auch beschrieben, wie Firewalls umgangen werden und welche Schwachstellen mit Exploits ausgenutzt werden können. Die Themen: - Organisation von Sicherheitsüberprüfungen - Footprinting: Informationen über Personen zusammensuchen - Zielnetzwerke auswerten: Adressen ermitteln, Verkehr abhören, Medien erkennen - Mapping: Aktive Systeme erkennen - Portscanning: Wo lauschen die Dienste? - Application Mapping: Welche Dienste stehen zur Verfügung? - OS Fingerprinting: Welches Betriebssystem ist im Einsatz? - Application Fingerprinting: Welche Anwendungen liegen vor? - Denial of Service: Überlastung und Fragmentierung - Firewalls erkennen und umgehen - Schwachstellen und unbekannte Fehler suchen - Sicherheitslücken mit Exploits ausnutzen
- This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application - New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking ´´unbreakable´´ software packages such as McAfee´s Entercept, Mac OS X, XP, Office 2003, and Vista - Also features the first-ever published information on exploiting Cisco´s IOS, with content that has never before been explored - The companion Web site features downloadable code files The black hats have kept up with security enhancements. Have you? In the technological arena, three years is a lifetime. Since the first edition of this book was published in 2004, built-in security measures on compilers and operating systems have become commonplace, but are still far from perfect. Arbitrary-code execution vulnerabilities still allow attackers to run code of their choice on your system--with disastrous results. In a nutshell, this book is about code and data and what happens when the two become confused. You´ll work with the basic building blocks of security bugs--assembler, source code, the stack, the heap, and so on. You´ll experiment, explore, and understand the systems you´re running--and how to better protect them. * Become familiar with security holes in Windows, Linux, Solaris, Mac OS X, and Cisco´s IOS * Learn how to write customized tools to protect your systems, not just how to use ready-made ones * Use a working exploit to verify your assessment when auditing a network * Use proof-of-concept exploits to rate the significance of bugs in software you´re developing * Assess the quality of purchased security products by performing penetration tests based on the information in this book * Understand how bugs are found and how exploits work at the lowest level
See how privileges, passwords, vulnerabilities, and exploits can be leveraged as an attack vector and breach any organization. Cyber attacks continue to increase in volume and sophistication. It is not a matter of if , but when your organization will be breached. Attackers target the perimeter network, but in recent years have refocused their efforts on the path of least resistance: users and their privileges. In decades past an entire enterprise might be sufficiently managed through just a handful of credentials. Today´s environmental complexity means privileged credentials are needed for a multitude of different account types (from domain admin and sysadmin to workstations with admin rights), operating systems (Windows, Unix, Linux, etc.), directory services, databases, applications, cloud instances, networking hardware, Internet of Things (IoT), social media, and more. When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats. There is not one silver bullet to provide the protection you need against all vectors and stages of an attack. And while some new and innovative solutions will help protect against or detect the initial infection, they are not guaranteed to stop 100% of malicious activity. The volume and frequency of privilege-based attacks continues to increase and test the limits of existing security controls and solution implementations. Privileged Attack Vector s details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organizations must adopt to protect against a breach, protect against lateral movement, and improve the ability to detect hacker activity or insider threats in order to mitigate the impact. What You´ll Learn Know how identities, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack Implement defensive and auditing strategies to mitigate the threats and risk Understand a 12-step privileged account management Implementation plan Consider deployment and scope, including risk, auditing, regulations, and oversight solutions Who This Book Is For Security management professionals, new security professionals, and auditors looking to understand and solve privileged escalation threats
Delve into your data for the key to success Data mining is quickly becoming integral to creating value and business momentum. The ability to detect unseen patterns hidden in the numbers exhaustively generated by day-to-day operations allows savvy decision-makers to exploit every tool at their disposal in the pursuit of better business. By creating models and testing whether patterns hold up, it is possible to discover new intelligence that could change your business´s entire paradigm for a more successful outcome. Data Mining for Dummies shows you why it doesn´t take a data scientist to gain this advantage, and empowers average business people to start shaping a process relevant to their business´s needs. In this book, you´ll learn the hows and whys of mining to the depths of your data, and how to make the case for heavier investment into data mining capabilities. The book explains the details of the knowledge discovery process including: * Model creation, validity testing, and interpretation * Effective communication of findings * Available tools, both paid and open-source * Data selection, transformation, and evaluation Data Mining for Dummies takes you step-by-step through a real-world data-mining project using open-source tools that allow you to get immediate hands-on experience working with large amounts of data. You´ll gain the confidence you need to start making data mining practices a routine part of your successful business. If you´re serious about doing everything you can to push your company to the top, Data Mining for Dummies is your ticket to effective data mining.
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester´s Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you´ve built your foundation for penetration testing, you ll learn the Framework´s conventions, interfaces, and module system as you launch simulated attacks. You ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to: Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXp
Multi-agent systems are claimed to be especially suited to the development of software systems that are decentralized, can deal flexibly with dynamic conditions, and are open to system components that come and go. This is why they are used in domains such as manufacturing control, automated vehicles, and e-commerce markets. Danny Weyns´ book is organized according to the postulate that ´´developing multi-agent systems is 95% software engineering and 5% multi-agent systems theory.´´ He presents a software engineering approach for multi-agent systems that is heavily based on software architecture - with, for example, tailored patterns such as ´´situated agent´´, ´´virtual environment´´, and ´´selective perception´´ - and on middleware for distributed coordination - with programming abstractions such as ´´views´´ and ´´roles.´´ Next he shows the feasibility and applicability of this approach with the development of an automated transportation system consisting of a number of automatic guided vehicles transporting loads in an industrial setting. Weyns puts the development of multi-agent systems into a larger perspective with traditional software engineering approaches. With this, he opens up opportunities to exploit the body of knowledge developed in the multi-agent systems community to tackle some of the difficult challenges of modern-day software systems, such as decentralized control, location-awareness, self-adaption, and large-scale. Thus his book is of interest for both researchers and industrial software engineers who develop applications in areas such as distributed control systems and mobile applications where such requirements are of crucial importance.
For computer-security courses that are taught at the undergraduate level and that have as their sole prerequisites an introductory computer science sequence (e.g., CS 1/CS 2). A new Computer Security textbook for a new generation of IT professionals. Unlike most other computer security textbooks available today, Introduction to Computer Security, 1e does NOT focus on the mathematical and computational foundations of security, and it does not assume an extensive background in computer science. Instead it looks at the systems, technology, management, and policy side of security, and offers students fundamental security concepts and a working knowledge of threats and countermeasures with ?just-enough? background in computer science. The result is a presentation of the material that is accessible to students of all levels. Features + Benefits Accessible to the general-knowledge reader. Authors Goodrich and Tamassia recognize that prerequisites for an extensive background in CS and mathematics are not only unnecessary for learning but also arguably contribute to a reduction in enrollments and a shortage of computer-security experts. Therefore, the authors assume only the most basic of prerequisite knowledge in computing, making this text suitable for beginning computer science majors, as well as computer science minors and non-majors. Teaches general principles of computer security from an applied viewpoint. In this new text, the authors cover specific computer security topics while providing necessary material on the foundations of computing needed to understand these topics. As a result, students learn about vital computer security topics such as access control, firewalls, and viruses as well as a variety of fundamental computer-science concepts like algorithms, operating systems, networking, and programming languages. Topics covered include: o Common cyberattacks including viruses, worms, Trojan horses, password crackers, keystroke loggers, denial of service, spoofing, and phishing. o Techniques for identifying and patching vulnerabilities in machines and networks as well methods for detecting and repairing infected systems. o Fundamental building blocks of secure systems such as encryption, fingerprints, digital signatures and basic cryptographic protocols. o Human and social aspects of computer security, including usability, interfaces, copyright, digital rights management, social engineering, and ethical issues. A practical introduction that will prepare students for careers in a variety of fields. This text encourages students to think about security issues and to deploy security mechanisms early in designing software applications or in making software purchase/ deployment decisions. This skill will be appreciated by future employers--who may include corporations in the financial, healthcare and technology sectors--for whom the security of software applications is a critical requirement. The material in the text will also provide readers with a clear understanding of the security ramifications of using computers and the Internet in their daily lives (e.g., for online banking and shopping), as well as the potential threats to individual privacy (as seen in recent debates on electronic voting, for example), and possibly to democracy itself, that may arise from inappropriate use of computer security technology. Projects The authors provide a collection of creative, hands-on projects at three levels of difficulty that can be used both in computer security and computer security-related courses. A wide set of options will allow instructors to customize the projects to suit a variety of learning modes and lab resources. In each project, students are given a realistic, though simplified, version of a working system with multiple vulnerabilities and a list of allowed attack vectors. They may be asked to work in ?break-it? mode, which will require students to attack a system by developing exploits that take advantage of the discovered vulnerabilities, or they may be asked to work in ?fix-it? mode in which the student hardens the system by developing mechanisms for removing or mitigating the vulnerabilities. SUPPLEMENTS A collection of slide presentations created by the authors each suitable for a one-hour lecture, covering all the course topics. The presentations will include links to relevant resources on the web and will have extensive notes. The slide presentations have been created in a standard file format compatible