Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSCP: A High-Speed Introduction to the Exam Domains William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+

Published byGervase Cummings Modified over 8 years ago

Similar presentations

Presentation on theme: "SSCP: A High-Speed Introduction to the Exam Domains William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+"— Presentation transcript:

1 SSCP: A High-Speed Introduction to the Exam Domains William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+ slater@billslater.com Domain 7 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips

2 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 2 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Agenda Domain Definition Types and Characteristics of Malicious Code Malicious Code Protection Types of Malicious Code Protection Products Conclusion

3 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 3 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Domain Definition

4 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 4 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP A Taxonomy of Malicious Programs

5 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 5 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Virus History from Soloman and Slade 1992 - Michelangelo, DAME, & VCL 1996 - Boza, Concept, Laroux, & Staog 1998 - Strange Brew & Back Orifice 1999 - Melissa, Corner, Tristate, & Bubbleboy 2000 - DDoS, Love Letter, Liberty (Palm), Streams, & Pirus Source: http://www.cknow.com/vtutor/vthistory.htm

6 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 6 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Categories of Malware Viruses Macros Worms

7 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 7 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Categories of Malware Source: http://www.nipc.gov - Cybernotes – Aug. 27, 2001

8 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 8 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Counting the Costs April 1999 – Melissa costs million$ May 2000 – “I Love You” costs about $11 Billion worldwide July 2001 – Code Red I August 2001 – Code Red II over $2 billion Software and virus signature updates Lost time and productivity Damage to IT assets and user data Lost time due to regular document and volume scanning Graphic From CNN.COM

9 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 9 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

10 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 10 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

11 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 11 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

12 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 12 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code The ILOVEYOU virus was actually a VBScript Worm

13 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 13 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

14 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 14 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

15 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 15 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

16 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 16 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

17 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 17 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code There are “kits”, programs, and websites to create viruses now.

18 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 18 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP The Mindset and Profile of the Malware Creators Intelligent Socially misfit Thrill-seeking Revengeful Aged 15 – 35 Male Access to networked computer assets Available time Graphic From IDG.NET Graphic From CNN.COM

19 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 19 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

20 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 20 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

21 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 21 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Code Red I

22 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 22 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

23 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 23 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

24 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 24 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types and Characteristics of Malicious Code

25 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 25 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Malicious Code Protection

26 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 26 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Malicious Code Protection

27 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 27 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Malicious Code Protection

28 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 28 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types of Malicious Code Protection Products McAfee Symantec Norton Anti-Virus

29 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 29 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Anecdotes 1996 Buy Anti-virus software Scan floppies to ensure they are not infected.

30 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 30 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Anecdotes 2004 Buy Anti-virus software The Networked and Internet-Accessible World is a LOT more complex. –Subscribe to Alerts via e-mail –Keep your operating systems patched –Learn about Home Firewalls –Learn about security –Learn about Wireless –Monitor the best security websites periodically.

31 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 31 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Prevention Awareness, knowledge about MALWARE and especially Social Engineering Identify the key people to fight malware attacks Commercial Products Firewalls Application of Vendor “Hotfixes” and Service Packs Policies

32 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 32 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Attacks: How and Why They Happen Known Weaknesses Social Engineering

33 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 33 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP After Your IT Assets Are Infected: Dealing with Attacks Know Your IT Assets Well Assess the problem Assemble a SWAT team to assist Get the word out Quarantine Disinfect or rebuild Test and Review Place back on the network

34 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 34 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP What’s a Mother To Do? Anonymizer.com allows anonymous browsing Use Virus Protection Software Use Internet Firewall Software Exercise Extreme Caution Use SPAM Elimination Services Never allow a provider or service or vendor to disseminate information about you Be careful how you register your business or personal information when you register a domain name.

35 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 35 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Future Directions Malware Creators – Getting Smarter and Larger in Number Government – More vulnerable Business - More vulnerable Cyber-Terrorism is real and looming Graphic From CNN.COM

36 NE Blackout of 2003 Foretelling of Future Hacker Attacks?

37

38

39

40

41 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 41 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Quotes “I used to say that the security problem was going to get worse before it would get better. Now I just think it’s going to get worse.” Jeff Moss, Founder of Def Con From PC World magazine, May 2001

42 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 42 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Quotes “The intent behind it was to make money rather than some teenager trying to bring down the Internet a little bit to make a name for himself.” Bryson Gordon senior product manager consumer security division of McAfee Security August 29, 2003 “Teekid” In 2004, “Teekid” was sentences to two years in Federal Prison for creating a virus using a virus kit website.

43 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 43 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Quotes “If you are getting on the Internet without an anti-virus program and firewall, you are essentially a crash dummy sitting in front of your computer.” Bryson Gordon senior product manager consumer security division of McAfee Security August 29, 2003

44 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 44 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Conclusion Malware is an unfortunate reality of today’s modern networked computing environment Malware creators will continue to devise nasty software, and it will get worse Knowledge, education, diligence, vigilance, and rapid deployment of the right resources are the keys to winning this war against Malware SSCPs and CISSPs should know a fair amount about Malware

45 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 45 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Questions and Answers

46 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 46 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Good Sources of Information Computer Emergency Response Team National Infrastructure Protection Center (great free documents!) SANS Institute CERT.ORG NIPC.GOV SANS.ORG

47 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 47 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Good Sources of Information Trusecure eEye Network Associates Virus Myths SARC (Symantec Anti-Virus Research Center) TUSECURE.COM Eeye.com NETWORKASSOCIATES.COM VMYTHS.COM SYMANTEC.COM

48 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 48 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Hansche, S., Berti, J. and Hare, C. (2004). Official (ISC)2 Guide to the CISSP Exam. Boca Raton, FL: Auerbach Publications. Isaac, D. S. and Isaac, M. J. (2003). The SSCP Prep Guide. Indianapolis, IN: Wiley Publishing. Harris, S. (2003). All-In-One CISSP Certification Exam Guide, second edition. Emeryville, CA: Osborne McGraw-Hill. Middleton, B. (2005). Cyber Crime Investigator’s Field Guide, second edition. Auerbach Publications: Boca Raton, FL. Pfleeger, C. P. and Pfleeger, S. L. (2003). Security in Computing, Third Edition. Upper Saddle River, NJ: Prentice Hall. Schneir, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source Code in C, second edition. New York: John Wiley & Sons. Shema. M. and Johnson, B. C. (2004). Anti-Hacker Tool Kit, second edition. New York, NY: Osborne McGraw-Hill. Stallings, W. (2000). Network Security Essentials: Applications and Standards. Upper Saddle River, NJ: Prentice Hall. Wyler, N. (editor), et al. (2005). Aggressive Network Defense. Rockland, MA: Syngress.

49 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 49 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Alexander, M. (1996). The Underground Guide to Computer Security. Reading, MA: Addison- Wesley Publishing Company. Allen, J. H. (2001). The CERT Guide to System and Network Security Practices. Boston, MA: Addison-Wesley. Anonymous. (1997). Maximum Security: A Hacker’s Guide to Protecting Your Internet Site and Network. Indianapolis, IN: SAMS. Atkins, D. et al. (1996). Internet Security Professional Reference. Indianapolis, IN: New Riders. Banks, M. A. (1997). Web Psychos, Stalkers, and Pranksters: How to Protect Yourself in Cyberspace. Scottsdale, AZ: Coriolis Group Books. Bernstein, T. (1996). Internet Security for Business. New York: John Wiley & Sons. Bott, E. and Siechert, C. (2003). Microsoft Windows Security for Windows XP and Windows 2000 Inside Out. Redmond, WA: Microsoft Press. Bragg, R. (2001). Windows 2000 Security. Indianapolis, IN: New Riders Publishing. Bragg, R. (2003). Implementing and Administrating Security in a Windows 2000 Network. Indianapolis, IN: Que Corporation. Bragg, R. (2004). MCSE Self-Paced Training Kit (Exam 70-298): Designing Security for a Microsoft Windows Server 2003 Network:. Redmond, WA: Microsoft Press. Brenton, C. and Hunt, C. (2003). Mastering Network Security. Alameda, CA: SYBEX, Inc. Brin, D. (1998). The Transparent Society. Reading, MA: Addison-Wesley. Burger, R. (1988). Computer Viruses: A High-Tech Disease. Grand Rapids, MI: Abacus. Casey, E. (2000). Digital Evidence and Forensic Science, Computers and the Internet. San Diego, CA: Academic Press. Casey, E. [Ed.]. (2002). Handbook of Computer Crime Investigation: Forensic Tools and Technology. San Diego: Academic Press. Cavazos, E. and Morin, G. (1994). Cyber-Space and the Law: Your Rights and Duties in the On- Line World. Cambridge, MA: MIT Press. Chapman, D. B. and Zwicky, E. D. (1995). Building Internet Firewalls. Sebastopol, CA: O’Reilly & Associates.

50 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 50 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Cheswick, W. R. and Bellovin, S. M. (1994). Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA: Addison-Wesley Publishing Company. Cohen, F. B. (1994). A Short Course on Computer Viruses, second edition. New York: John Wiley & Sons, Inc. Cole, E. (2002). Hackers Beware: Defending Your Network From the Wily Hacker. Indianapolis, IN: New Riders Publishing. Cooper, F., et al. (1995). Implementing Internet Security. Indianapolis, IN: New Riders. Cox, P. and Sheldon, T. (2001). Windows 2000 Security Handbook. Berkely, CA: Osborne McGraw-Hill. Crume, J. (2000). Inside Internet Security: What Hackers Don’t Want You to Know. Harlow, England: Addison- Wesley. Davis, P. T. (1994). Complete LAN Security and Control. New York: Windcrest/McGraw-Hill. Denning, P. J. [Ed.]. (1990). Computers Under Attack: Intruders, Worms and Viruses. Reading, MA: Addison- Wesley Publishing Company. Dunham, K. (2000). Bigelow’s Virus Troubleshooting Pocket Reference. New York: McGraw-Hill. Dyson, E. (1997). Release 2.0: A Design for Living in the Digital Age. New York: Broadway Books. Ellis, J. and Speed, T. (2001). The Internet Security Guidebook. San Diego, CA: Academic Press. Escamilla, T. (1998). Intrusion Detection: Network Security Beyond the Firewall. New York: John Wiley. Fadia, A. (2003). Network Security: A Hacker’s Perspective. Cincinnati, OH: Premier Press. Frackman, A., Martin, R., and Ray, C. (2002). Internet and Online Privacy: A Legal and Business Guide. New York: ALM Publishing. Galbreath, N. (2002). Crytography for Internet and Database Applications. Indianapolis, IN: Wiley Publishing. Garfinkel, S. (1995). PGP: Pretty Good Privacy. Sebastopol, CA: O’Reilly & Associates, Inc. Gaskin, J. (1997). Corporate Politics and the Internet: Connection Without Controversy. Upper Saddle River, NJ: Prentice Hall. Goncalves, M. (1998). Firewalls Complete. New York: McGraw-Hill. Goncalves, M. et al. (1997). Internet Privacy Kit. Indianapolis, IN: Que. Govanus, G. and King, R. (2000). MCSE Windows 2000 Network Security Design Study Guide. Alameda, CA: SYBEX, Inc. Hafner, K. and Markoff, J. (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York: Simon and Schuster. Hall, Eric A. (2000). Internet Core Protocols: The Definitive Guide. Sebastopol, CA: O’Reilly & Associates. Hansche, S., Berti, J. and Hare, C. (2004). Official (ISC)2 Guide to the CISSP Exam. Boca Raton, FL: Auerbach Publications.

51 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 51 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Harris, S. (2002). Mike Meyers’ CISSP Certification Passport. Berkely, CA: Osborne McGraw-Hill. Haynes, C. (1990). The Computer Virus Protection Book. Alameda, CA: SYBEX, Inc. Hills, M. (1997). Intranet Business Strategies. New York: John Wiley & Sons, Inc. Hoffman, L. J. [Ed.] (1990). Rogue Programs: Viruses, Worms, and Trojan Horses. New York: Van Nostrand Reinhold. Hoffman, L. J. (1977). Modern Methods for Computer Security and Privacy. Englewood Cliffs, NJ: Prentice-Hall. Honeypot Project, (2002). Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community. Boston, MA: Addison-Wesley. Horton, M, and Mugge, C. (2003). Hack Notes Network Security Portable Reference. Berkeley, CA: Osborne McGraw-Hill. Hughes, L. J. (1995). Actually Useful Internet Security Techniques. Indianapolis, IN: New Riders Publishing. Icove, D., et al. (1995). Computer Crime: A Crimefighter’s Handbook. Sebastopol, CA: O’Reilly & Associates. Internet Security Systems, Inc. (2000). Microsoft Windows 2000 Security Technical Reference. Redmond, WA: Microsoft Press. Jaworski, J. and Perrone, P. (2000). Java Security Handbook. Indianapolis, IN: SAMS. Kaeo, M. (2004). Designing Network Security, second edition. Indianapolis, IN: Cisco Press. Kaspersky, K. (2003). Hacker Disassembling Uncovered. Wayne, PA: A-List, LLC. Kelly, K. (1994). Out of Control. Reading, MA: Addison-Wesley. Knightmare. (1994). Secrets of a Super Hacker. Port Townsend, WA: Loompanics Unlimited. Krauss, L. I. And McGahan, A. (1979). Computer Fraud and Countermeasures. Englewood Cliffs, NJ: Prentice-Hall. Kruse, W. G. and Heiser, J. G. (2002). Computer Forensics: Incident Response Essentials. Boston, MA: Addison- Wesley Publishing Company. LaMacchia, B. A. and Sebastian, L. (2002)..NET Framework Security. Indianapolis, IN: Addison-Wesley Publishing Company. Landreth, B. (1985). Out of the Inner Cirle: A Hacker’s Guide to Computer Security. Bellvue, WA: Microsoft Press. Lane, C. A. (1997). Naked in Cyberspace. Wilton, CT: Pemberton, Press. Larson, E. and Stephens, B. (2000). Administrating Web Servers, Security, & Maintenance. Upper Saddle River, NJ: Prentice Hall. Levy, S. (1984). Hackers: Heroes of the Computer Revolution. Garden City, NY: Anchor Press/Doubleday. Ludwig, M.A. (1990). The Little Black Book of Computer Viruses: Volume One The Basic Tehcnology. Tucson, AZ: American Eagle Publishing, Inc.

52 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 52 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Ludwig, M.A. (1993). Computer Viruses, Artificial Life and Evolution: The Little Black Book of Computer Viruses Volume II. Tucson, AZ: American Eagle Publishing, Inc. Lundell, A. (1989). Virus! The Secret World of Computer Invaders that Breed and Destroy. Chicago, IL: Contemporary Books. Mandia, K. and Prosise, C. (2001). Incident Response: Investigating Computer Crime. Berkely, CA: Osborne McGraw-Hill. Mao, Wenbo. (2004). Modern Cryptography: Theory and Practice. Upper Saddle River, NJ: Prentice Hall. Marcella, A. J. and Greenfield, R. S. [Editors]. (2002). Cyber Forensics: A Field Manual for Collecting, Examining, and Preseving Evidence of Computer Crimes. Boca Raton, FL: Auerbach Publications. McAfee, J. and Haynes, C. (1989). Computer Viruses, Worms, Data Diddlers, Killer Programs and Other Threats to Your System: What They Are, How They Work, and How To Defend Your PC, MAC, or Mainframe. New York: St. Martin’s Press. McClure, S., Scanbray, J. and Kurtz, G. (2003). Hacking Exposed: Network Security Secrets and Solutions, fourth edition. Berkeley, CA: Osborne McGraw-Hill. McClure, S., Scanbray, J. and Kurtz, G. (2001). Hacking Exposed: Network Security Secrets and Solutions, third edition. Berkeley, CA: Osborne McGraw-Hill. McClure, S., Scanbray, J. and Kurtz, G. (2001). Hacking Exposed: Network Security Secrets and Solutions, second edition. Berkeley, CA: Osborne McGraw-Hill. McLean, I. (2000). Windows 2000 Security Little Black Book. Scottsdale, AZ:Coriolis Group. McNamara, J. (2003). Secrets of Computer Espionage. Indianapolis, IN: Wiley Publishing, Inc. Meinel, C. P. (1999). The Happy Hacker, third edition. Show Low, AZ: American Eagle Publishing, Inc. Mitnick, K., and Simon, W. (2002). The Art of Deception: Controlling the Human Element of Security. Indianapolis, IN: Wiley Publishing. Nichols, R. K., Ryan, D., and Ryan, J. C. H. (2000). Defending Your Digital Assets Against Hackers, Crackers, Spies & Thieves. New York: McGraw-Hill.

53 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 53 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Noonan, W. J. (2004). Hardening Network Infrastructure. Emeryville, CA: Osborne McGraw-Hill. Norberg, S. (2001). Securing Windows 2000 Servers for the Internet. Beijing, China: O’Reilly & Associates. Northcutt, S., et al. (2001). Intrusion Signature and Analysis. Indianapolis, IN: New Riders Publishing. Northcutt, S., et al. (2003). Inside Network Perimeter Security. Indianapolis, IN: New Riders. Northrup, T. and Thomas, O. (2004). MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a Microsoft Windows Server 2003 Network. Redmond, WA: Microsoft Press. O’Reilly & Associates [Ed.]. (1997). The Harvard Conference on the Internet and Society. Cambridge, MA: Harvard University Press. Peikari, C. and Chuvakin, A. (2004). Security Warrior. Sebastopol, CA: O’Reilly & Associates, Inc. Peltier, T. and Howard, P. D. (2002). The Total CISSP Exam Prep Book: Practice Questions, Answers and Exam Taking Tips and Techiques. Pfleeger, C. P. and Pfleeger, S. L. (2003). Security in Computing, Third Edition. Upper Saddle River, NJ: Prentice Hall. Pistoia, M., et al. (1999). Java 2 Network Security, second edition. Upper Saddle River, NJ: Prentice Hall. Power, R, (2000). Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace. Indianapolis, IN: Que Corporation. Ranum, M. J. (2004). The Myth of Homeland Security. Indianapolis, IN: Wiley Publishing, Inc. Roberts, R. (1988). Computer Viruses. Greensboro, NC: Computer! Books. Rose, L. (1995). NetLaw: Your Rights in the Online World. Berkely, CA: Osborne McGraw-Hill. Rose, L. and Wallace, J. (1992). SysLaw, second edition. Winona, MN: PC Information Group. Russell, R., et al. (2003). Stealing the Network: How to Own the Box. Rockland, MA: Syngress Publishing. Scanbray, J. and McClure, S. (2001). Hacking Windows 2000 Exposed. Berkeley, CA: Osborne McGraw-Hill. Schiffman, M. (2001). Hacker’s Challenge: Test Your Incident Response Skills Using 20 Useful Scenarios. New York: Osborne McGraw-Hill. Schiffman, M., et al. (2003). Hacker’s Challenge 2: Test Your Network Security and Forensic Skills. New York: Osborne McGraw-Hill. Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World. New York: John Wiley & Sons. Schneir, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source Code in C, second edition. New York: John Wiley & Sons. Schneir, B. (2003). Beyond Fear: Thinking Sensibly About Security In An Uncertain World. New York: Copernicus Books.

54 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 54 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Schwartau, W. (2000). Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption. New York: Thunder’s Mouth Press. Sheldon, T. (1997). Windows NT Security Handbook. Berkely, CA: Osborne McGraw-Hill. Sherman, C. and Price, G. (2001). The Invisible Web: Uncovering Information Sources Serach Engines Can’t See. Medford, NJ: Information Today, Inc. Siyan, K. and Hare, C. (1995). Internet Firewalls and Network Security. Indianapolis, IN: New Riders Publishing. Skoudis, E. (2002). Counter Hack: A Step-By-Step Guide to Computer Attacks and Effective Defenses. Upper Saddle River, NJ: Prentice Hall. Slade, R. (1996). Robert Slade’s Guide to Computer Viruses: How to Avoid Them, How to Get Rid of Them, and How to Get Help. New York: Springer-Verlag. Slater, W. F., III. (1979). Unauthorized Access: A Computer Security Problem. An unpublished research paper submitted to Professor John D. Goebel, J.D., as part of the fulfillment of the requirements of Business Law, ACCTG 973c, in an MA in Business Management program, Fall Semester 1979 at then University of Nebraska at Lincoln, Lincoln, NE. Smith, B. et al. (2003). Microsoft Security Resource Kit. Redmond, WA: Microsoft Press. Smith, R. E. (1997). Internet Cryptography. Reading, MA: Addison-Wesley. Solomon, A. and Kay, T. (1994). Dr. Solomon’s PC Anti-Virus Book. Oxford, England: New-Tech. Sonnenreich, W. and Yates, T. (2000). Building Linux and OpenBSD Firewalls. New York: John Wiley & Sons. Spitzner, L. (2003). Honeypots: Tracking Hackers. Boston, MA: Addison-Wesley Publishing Company. Stallings, W. (2000). Network Security Essentials: Applications and Standards. Upper Saddle River, NJ: Prentice Hall. Stang, D. J. and Moon, S. (1994). Network Security Secrets. San Mateo, CA: IDG Books Worldwide, Inc. Stein, L. D. (1998). Web Security: A Step-by-Step Reference Guide. Reading, MA: Addison-Wesley Publishing Company. Sterling, B. (1992). The Hacker Crackdown. New York: Bantum Books. Strebe, M. and Perkins, C. (2002). Firewalls 24Seven, second edition. San Francisco: Sybex. Syngress. [Ed.] (2000). E-Mail Virus Protection Handbook. Rockland, MA: Syngress.

55 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 55 of ___ Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Taylor, E. (2000). Networking Handbook. New York: McGraw-Hill. Tipton, H. F. and Krause, M. [Editors]. (2004). Information Security Management Handbook, fifth edition. Boca Raton, FL: Auerbach Publications, Inc. Tittel, E., Chapple, M., and Stewart, J. M. (2003). CISSP Certified Information System Security Professional Study Guide. Alameda, CA: SYBEX, Inc. Vacca, J. (1996). Internet Security Secrets. Foster City, CA: IDG Books Worldwide. Vacca, J. (2002). Computer Forensics: Computer Crime Scene Investigation. Hingham, MA: Charles River Media. Van Wyk, K. R. and Forno, R. (2001). Incident Response. Sebastopol, CA: O’Reilly & Associates. Wang, W. (2003). Steal This Computer Book 3: What They Won’t Tell You About the Internet. San Francisco: No Starch Press. Wolff, M. [Ed.]. (1996). Your Personal Netspy: How You Can Access the Facts and Cover Your Tracks. New York: Wolff New Media. Young, S. and Aitel, D. (2004). The Hacker’s Handbook: The Strategy Behind Breaking into and Defening Networks. Boca Raton, FL: Auerbach Publishing. Zwicky, E. D., Chapman, D. B. and Cooper, S. (1995). Building Internet Firewalls, second edition. Sebastopol, CA: O’Reilly & Associates.

Download ppt "SSCP: A High-Speed Introduction to the Exam Domains William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Computer Virus Presented by Cora Banks MOT-19 Ms.Cross.

Computer Virus Presented by Cora Banks MOT-19 Ms.Cross.
Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.

Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google