Client-Side Attacks and Defense

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.

Autorentext

Sean-Philip Oriyano (CISSP, CNDA, CEH, MCSE) is a veteran of the Information Teechnology and engineering fields, working with a wide variety of organizations to deliver unique and innovative solutions. He has spent his time in the field working with nearly all aspects of IT and management with special emphasis on Information Security concepts, techniques, and practices. Sean is an advocate of strong security knowledge and practices, has workd with clients such as the U.S. Air Force, U.S. Navy, U.S. Army, and has been sought out to instruct at locations such as the U.S. Air Force Academy and Naval War College. Sean is an experienced content developer and technical writer who has published articles on the IT and Information Security fields. Sean counts IBM, Amazon, Autodesk, and Microsoft among his clients. Sean publishes content regularly and publishes this information on his web site at www.oriyano.com and shares his knowledge in his classes and lectures. Sean is a member of EC-Council, InfraGard, and BECCA.

Klappentext

Individuals that wish to attack a company s network have found a new path of least resistance, the end user. A client- side attack is one that uses the naivety of the end user to create a foothold in the user s machine and therefore the network. Client-side attacks are everywhere and hid in plain sight, common hiding places are malicious web sites and spam. A simple click of a link will allow the attacker to enter into the computer. This book presents a framework for defending your network against these attacks in an environment where it might seem impossible. A complete overview of the attacks currently active are discussed along with their delivery methods such as browser exploitation, use of rich internet applications, and file format vulnerabilities. Case studies are used to show the severity of these attacks and the actual defenses use can implement which include anti-virus and anti-spyware, intrusion detection, and end user education.

Zusammenfassung
Presents a framework for defending your network against attacks in an environment where it might seem impossible. This title discusses along with their delivery methods, such as browser exploitation, use of rich Internet applications, and file format vulnerabilities. It includes antivirus and anti-spyware, intrusion detection systems.

Inhalt
Introduction
Chapter 1: Background on Attacks
Chapter 2: A Closer Look at Client-Side Attacks
Chapter 3: A History of Web Browsers
Chapter 4: The Problem with Browsers
Chapter 5: Exploring and Exploiting Active Content
Chapter 6: Browser Defenses
Chapter 7: E-mail Client Attacks
Chapter 8: E-mail Client Defenses
Chapter 9: Web Applications
Chapter 10: Web Applications and Client Defenses
Chapter 11: Other Client-Side Attack Targets
Chapter 12: Malware
Chapter 13: Client-Side Countermeasures
Chapter 14: The Road Ahead