Limit search to available items
Book Cover
E-book

Title Vulnerability analysis and defense for the Internet / by Abhishek Singh (editor) ; [with contributions by] Baibhav Singh and Hirosh Joseph
Published New York : Springer, [2008]
©2008
Online access available from:
Springer eBooks    View Resource Record  

Copies

Description 1 online resource (xvi, 254 pages) : illustrations
Series Advances in information security ; 37
Advances in information security ; 37
Contents Cover -- TOC Table of Contents -- CH 1.0 Wireless Security -- 1.1 Introduction -- 1.2 Wired Equivalent Privacy protocol -- 1.2.1 Analysis of WEP flaws -- 1.2.2 Key Stream Reuse -- 1.2.3 Message Modification -- 1.2.4 Message Injection -- 1.2.5 Authentication Spoofing -- 1.2.6 IP Redirection -- 1.2.7 Wireless Frame Generation -- 1.2.8 Encryption Cracking Tools -- 1.2.9 Retrieving the WEP keys from Client Host -- 1.2.10 Traffic Inection Tools -- 1.2.11 802.1x Cracking Tools -- 1.2.12 Wireless DoS Attacks -- 1.2.13 Attack against the 802.11i implementations -- 1.3 Prevention and Modifications -- 1.3.1 TKIP: temporal Key Integrity Protocol -- 1.3.2 AES -- CCMP -- 1.4 Prevention Method using Detection Devices -- 1.5 Conclusion -- CH 2.0 Vulnerability Analysis for Mail Protocols -- 2.1 Introduction -- 2.2 Format String Specifiers -- 2.2.1 Format String Vulnerability -- 2.2.1.1 Format String Denial of Service Attack -- 2.2.1.2 Format String Vulnerability Reading Attack -- 2.2.1.3 Format String Vulnerability Writing Attack -- 2.2.1.4 Preventive Measures for Format String vulnerability -- 2.3 Buffer Overflow Attack -- 2.3.1 Buffer Overflow Prevention -- 2.4 Directory Traversal Attacks -- 2.4.1 Remote Detection -- 2.5 False Positive in Remote Detection for Mail Traffic -- 2.5.1 False Positive in case of SMTP Traffic -- 2.5.2 False Positive in case of IMAP Traffic -- 2.6 Conclusion -- CH 3.0 Vulnerability Analysis for FTP and TFTP -- 3.1 Introduction -- 3.1.1 Buffer Overflow in FTP -- 3.1.2 Directory Traversal Attack in FTP -- 3.2 TFTP Vulnerability Analysis -- 3.2.1 Vulnerability Analysis -- 3.3 Conclusion -- CH 4.0 Vulnerability Analysis for HTTP -- 4.1 Introduction -- 4.2 XSS Attack -- 4.2.1 Prevention against Cross Site Scripting Attacks -- 4.3 SQL Injection Attacks -- 4.3.1 SQL Injection Case Study -- 4.3.2 Preventive Measures -- 4.3.3 Other Preventive Measures -- 4.4 MS DoS Device Name Vulnerability -- 4.4.1 Prevention from DoS Device Name Vulnerability -- 4.5 False Positive in HTTP -- 4.6 Evasion of HTTP Signatures -- 4.7 Conclusion -- CH 5.0 Vulnerability Analysis for DNS and DHCP -- 5.1 Introduction of DNS Protocol -- 5.1.1 Vulnerabilities in a DNS Protocol -- 5.1.2 False Positives in a DNS Protocol -- 5.2 Introduction of DHCP -- 5.2.1 Vulnerabilities in DHCP -- 5.2.2 False Positive in DHCP -- 5.3 Conclusion -- CH 6.0 Vulnerability Analysis for LDAP and SNMP -- 6.1 Introduction -- 6.2 ASN and BER Encoding -- 6.3 BER implementation for LDAP -- 6.3.1 Threat Analysis for Directory Services -- 6.4 SNMP -- 6.4.1 Vulnerability Analysis for SNMP -- 6.5 Conclusion -- CH 7.0 Vulnerability Analysis for RPC -- 7.1 Introduction -- 7.2 RPC Message Protocol -- 7.3 NDR Format -- 7.4 Port Mapper -- 7.5 False Positive for SMB RPC Protocol -- 7.6 Evasion in RPC -- 7
Summary "Vulnerability Analysis and Defense for the Internet provides packet captures, flow charts and detailed analysis of a protocol and concepts of Reverse Engineering, which enables a user to identify whether an application/protocol is vulnerable and how the vulnerability affects the software. If an application is vulnerable, then a user will be able to understand the complexity, and the theory behind the vulnerability. This edited volume contributed by world leaders in this field, also provides psuedo code for effective signatures to prevent vulnerabilities and case studies where the latest exploits are discussed." "Vulnerability Analysis and Defense for the Internet is designed for a professional audience composed of practitioners and researchers in industry. This book is also useful as an advanced-level secondary text book in computer science."--Jacket
Notes Print version record
Subject Computer security.
Computer networks -- Security measures -- Evaluation.
Computer crimes -- Prevention.
Form Electronic book
Author Singh, Abhishek, 1976-
Singh, Baibhav.
Joseph, Hirosh.
LC no. 2007941398
ISBN 9780387743905
0387743901
9780387743899 (hbk.)
0387743898 (hbk.)