Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
27
result(s) for
"Liska, Allan"
Sort by:
NTP security : a quick-start guide
\"Learn the risks associated with Network Time Protocol (NTP) security and how to minimize those risks in daily deployment. Disruption of NTP services can interrupt communication between servers on the network and take an entire network offline. Beyond disrupting communication, flaws in the NTP daemon itself can make servers vulnerable to external attack--attacks that often go unnoticed. NTP is being used more frequently in Distributed Denial of Service (DDoS) attacks. It is a User Datagram Protocol (UDP) with encryption schemes that are not often used or are poorly implemented, making it susceptible to spoofing. Despite all of the security challenges, the fact is that NTP is critical to most modern networks. It is one of those \"set it and forget it\" protocols that network administrators and even security professionals don't understand in depth. However, an attacker who does understand the security flaws can wreak havoc on an insecure network. NTP Security: A Quick-Start Guide provides a deeper understanding of the protocol itself and how to deploy a strategy using the protocol throughout a network in a secure manner. Your security team will be able to provide better guidance to the system and network teams who will then be able to better manage the day-to-day implementation. This succinct resource offers practical guidance to an underserved topic (actually, not served at all). Coverage includes: an understanding of NTP and the importance of time synchronization in modern networks; issues in NTP security, including an analysis of NTP traffic; a review of the vulnerabilities and flaws in the protocol; practical solutions for securing NTP and building a robust infrastructure; effective alternatives to NTP\"--Back cover.
Book
Building an Intelligence-Led Security Program
As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective.Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents.The problem with current efforts is that many security practitioners don't know how to properly implement an intelligence-led program, or are afraid that it is out of their budget. Building an Intelligence-Led Security Program is the first book to show how to implement an intelligence-led program in your enterprise on any budget. It will show you how to implement a security information a security information and event management system, collect and analyze logs, and how to practice real cyber threat intelligence. You'll learn how to understand your network in-depth so that you can protect it in the best possible way.Provides a roadmap and direction on how to build an intelligence-led information security program to protect your company.Learn how to understand your network through logs and client monitoring, so you can effectively evaluate threat intelligence.Learn how to use popular tools such as BIND, SNORT, squid, STIX, TAXII, CyBox, and splunk to conduct network intelligence.
eBook
Ransomware : defending against digital extortion
\"The biggest online threat to businesses and consumers today is ransomware, a category of malware that can encrypt your computer files until you pay a ransom to unlock them. With this practical book, you'll learn how easily ransomware can infect your system and what steps you can take to stop the attack before it sets foot in your network. Security experts Allan Liska and Timothy Gallo explain how the success of these attacks has spawned not only several variants of ransomware, but also a litany of ever-changing ways they're delivered to targets. You'll learn pragmatic methods for responding quickly to a ransomware attack, as well as how to protect yourself from becoming infected in the first place\"--Back cover.
Book
Chapter 8 - CERTs, ISACs, and intelligence-sharing communities
Outside of the world of data feeds, there are a number of excellent sources of information that can provide broad, sector specific, and even company-specific information that can be used to produce finished intelligence within an organization. This chapter provides an overview of some of those sources.
Book Chapter
Chapter 1 - Understanding the threat
This chapter provides a 40-year encapsulation of cyber attacks, starting with the first computer worm and working through to large scale DDoS attacks, the chapter reviews the history of network security threats, what the current state is and what is to come.
Book Chapter
Chapter 2 - What is intelligence?
This chapter begins by identifying a useful definition of intelligence before delving into the intelligence cycle and the different types of intelligence. The chapter also discusses the transformation of intelligence into a profession, separated from political influence. It ends by touching on some of the great masters of intelligence throughout the ages.
Book Chapter
Chapter 9 - Advanced intelligence capabilities
This chapter provides a high-level overview of three advanced security techniques: malware analysis, honeypots, and intrusion deception systems. Each technique is given an overview, discussing the pros and cons of implementing the solution and how they can improve the intelligence of the organization.
Book Chapter
Chapter 6 - External intelligence sources
The goal of this chapter is to help security teams fuse external information to their internal intelligence cycle. In addition to fusing intelligence into day-to-day security services, the chapter also covers using intelligence to inform incident response and zero-day threats. Finally, the chapter also touches on YARA and CRITs.
Book Chapter
Chapter 7 - Fusing internal and external intelligence
This chapter covers the fusing of internal and external intelligence to present a singular view of the threats an organization may face. Whether that singular view is presented through training or via threat intelligence specific protocols into a Threat Intelligence Management Platform or a Big Data solution, the goal is to make the view of internal and external data indistinguishable.
Book Chapter