Hacker's Challenge 3 - Review at Amazon

Book Description

The ultimate test of hacking skills for IT security professionals

This unique volume helps you determine if you have what it takes to keep hackers out of your network. Twenty brand-new, real-life security incidents test computer forensics and response skills--all in an entertaining and informative style. The latest security topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS hacks, wireless hacks,VoIP hacks,Windows, Mac OS X, UNIX/Linux, and much more!

Each challenge unfolds like a chapter from a novel and includes details of the incident—how the break-in was detected, evidence, and background such as log files and network diagrams--and is followed by a series of questions for you to solve. Detailed solutions for all the challenges are included in the second part of the book.

From the Back Cover

The stories about phishing attacks against banks are so true-to-life, it’s chilling.” --Joel Dubin, CISSP, Microsoft MVP in Security

Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker’s Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you’ll get a detailed analysis of how the experts solved each incident.

Exerpt from “Big Bait, Big Phish”:

The Challenge: “Could you find out what’s going on with the gobi web server? Customer order e-mails aren’t being sent out, and the thing’s chugging under a big load…” Rob e-mailed the development team reminding them not to send marketing e-mails from the gobi web server…. “Customer service is worried about some issue with tons of disputed false orders….” Rob noticed a suspicious pattern with the “false” orders: they were all being delivered to the same P.O. box…He decided to investigate the access logs. An external JavaScript file being referenced seemed especially strange, so he tested to see if he could access it himself…. The attacker was manipulating the link parameter of the login.pl application. Rob needed to see the server side script that generated the login.pl page to determine the purpose….

The Solution: After reviewing the log files included in the challenge, propose your assessment: What is the significance of the attacker’s JavaScript file? What was an early clue that Rob missed that might have alerted him to something being amiss? What are some different ways the attacker could have delivered the payload? Who is this attack ultimately targeted against? Then, turn to the experts' answers to find out what really happened.

About the Author

David Pollino leads research focusing on wireless and security technologies.

Mike Schiffman, CISSP, holds a research role at Cisco Systems, Inc., and serves on the advisory boards of Qualys, IMG Universal,Vigilant, and Sensory Networks.

Bill Pennington, CISSP, CCNA, manages research and development at WhiteHat Security, Inc.

Tony Bradley, CISSP-ISSAP, is a Fortune 100 security architect and consultant who has written for several computer security–related magazines and websites.