Who says that tech books have to be boring and technical and, heck, non-fiction? Definitely not the people behind Stealing the Network from Syngress.
Meant to inspire security and technology pros alike to wonder and muse on the what ifs of security vulnerabilities, Stealing the Network exercises the imagination in hopes of sparking real life solutions. With contributions from security consultants, technical directors, security engineers and specialists with impressive lists of accomplishments, Stealing the Network is a truly creative bunch of “stories that are fictional, with technology that is real.”
Whether you’re into ethical hacking or IT security, you’ll find the stories not only entertaining and thought-provoking, but also valuable in their recommendations and specificity regarding what programs and systems the fictional hackers are using. Though the stories are fictional, they are set in the real world and are described with great accuracy. Screenshots, graphs and titled sections make for easy reading and navigation. The authors of these ten stories come from the IT security world, and thus their characters and scenarios are familiar and relatable, like the narrator from Ryan Russell and Timothy Mullen’s “The Worm Turns”:
Rarely do people like me want to chitchat about what we do in general terms. We live in a world of minute detail, machine-language code, operating system calls, and compiler quirks. Most of the time, we would rather keep to ourselves and do independent study, unless we’re having trouble with something specific or want someone to double-check our work.
In his foreword to the book, Jeff Moss, founder of Black Hat and DEFCON, defends the purpose of the book: “You could argue it provides a roadmap for criminal hackers, but I say it does something else: It provides a glimpse into the creative minds of some of today’s best hackers, and even the best hackers will tell you that the game is a mental one.”
Want a chance to win this unique book? Share your own hacking scenario – fictional or otherwise – and what can be learned from it. Leave your story in the comments section or email me at Melanie@ITKnowledgeExchange.com.
Check out our list of top network security books for more ideas on some great reading. Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.
Think Cisco, HP and other blue chip mainstays were the winners in 2010’s IT industry? Think again. The Motley Fool’s Eric Bleeker took a look at the top 10 networking and electronic stocks in 2010, and the winners were smart, savvy and small. Small enough that if you don’t live and breathe networking and IT, you probably haven’t heard of them.
The year’s winner was Acme Packet, which does session border control for enterprise and telecom, saw a 400.3% return in 2010, a boost that accompanied the migration to all-IP networks. More familiar companies like Riverbed Technology and Radware also had boom years, as far as the stock prices were concerned.
What drove the high valuations? In 2010, the network mattered more than ever, and HP and Cisco’s feuding left ample opportunities for smaller players to get a chance to sell their message (or partner with a bigger player) as IT managers began sorting out the new landscape.
But 2011 could see this chaotic market calm down, as Bleeker writes:
In the past, major IT firms had largely left the networking space to its 800-pound gorilla, Cisco, to control. However, after Cisco’s decision to create a server system that competed directly with many of its partners, companies like Hewlett-Packard and Dell have increasingly cast an eye to their own networking solutions. Much the same as storage, we’re seeing some smaller companies creating very advanced technology to fill niches not covered by industry giants like Cisco and Juniper. Will the mega-cap tech companies stalking networking go on a buyout spree that’s similar to what was seen in storage last year? I wouldn’t rule out a laundry list of buyouts across networking in 2011.
Nobody wants to be the guy sending out a mass email to members saying, “If you’ve registered an account on any of our websites, then it’s best to assume that your username and password were included among the leaked data.”
But that’s exactly what Gawker Media had to do after its sites were hacked last weekend. Thomas Plunkett, CTO of Gawker Media, pointed out a source code vulnerability as the window hackers used to access user data including passwords, an editor wiki, and email accounts among other things. Once much of the user data was posted on sites such as Pirate Bay, Gawker had to warn its users to change their log ins for other sites using the same password.
One of the lessons learned from the brouhaha? Continued »
Data loss prevention software, or DLP, has long been a hot topic among security professionals for a while, but it’s always been a bit of a mercurial target: How do you lock down data while still making it accessible enough to be useful? The short answer: You can’t. Remove CD drives, install the right software, regularly audit your weaknesses and you can still be a victim.
But that doesn’t mean that WikiLeaks is the “canary in the coal mine” for DLP techniques. In fact, it’s going to receive more attention and more thought than ever (we picked it as one of our top 5 trends for 2011), but the hard truth is that security is about mitigating risk, not eliminating it. It’s not a message your CEO wants to hear, but acknowledging that systems are imperfect and breachable is the first step towards recovery, as they say.
Even the National Security Agency reportedly has acknowledged the fact, and if the world’s spookiest spooks can’t stop breaches, how can your company? From Reuters:
The U.S. government’s main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard.
“The most sophisticated adversaries are going to go unnoticed on our networks,” she said.
“There’s no such thing as ‘secure’ any more,” Debora Plunkett of the National Security Agency said on Thursday amid U.S. anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks.
So much for holiday cheer.
Last week, we went ahead and made our first round of 2011 IT tech trends, from tablets to big data. Now we present what we think will be the real big drivers for change in IT tech. Have something else to add? Let us know in the comments!
If IT Knowledge Exchange‘s Network Security month has sparked an interest in learning more, then you’ve come to the right place for some network security reading. We scoured the Internet, the forums and the search sites for network security reading materials vital to your success and understanding. So, without further ado…
It’s always fun to get new things, but before you go plugging all those enterprise holiday gifts into your data center, be sure you have them optimized for security. Server hardening is essentially creating a security baseline before introducing new machines that haven’t been configured with security as a priority to the mix. IT Knowledge Exchange recently moved its servers from hosted to in-house, replacing all of our hardware with brand new servers, so this is a subject we’ve been dealing with firsthand. After moving our infrastructure to our Tier1 data center and adding some redundancy, we were curious as to what our users are doing in their own data centers. We asked our members and here’s what we got:
In the aftermath of the latest installment of the WikiLeaks saga, at least one company is coming out clean and happy: TeleCommunication Systems Inc., a provider of military-grade technology, was awarded a $49M contract with the Department of Defense. The Mission: Provide technology training to the government’s cyber security workforce. (Can anyone cough and simultaneously say, “After the fact”?)
The partnership with the DoD comes directly from the higher-ups, with support from Obama’s government workforce development effort and Cyber Security Coordinator Howard Schmidt backing the deal. Part of the five-year contract, which includes five option periods, is TCS’s Art of Exploitation University program, launched in May. The Annapolis-based company’s AoE University has already enrolled 1,500 students since its launch, teaching the gamut from computer network security, information assurance, network defense, penetration testing, forensics analysis to cyber intelligence. Hopefully the hands-on learning and real-life simulations will include the proper response to burning Lady Gaga CDs?
As 2010 comes barreling to an end, we decided it would be a good idea to take a breath, take a look back, and try and identify the key IT trends coming around the corner at us in 2011. It’s true, 2010 has already been such a huge year in IT: Oracle acquiring Sun, everyone jumping on the tablet bandwagon (Has RIM ever developed a product line so quickly?), the endless Mark Hurd drama … and we have a feeling next year isn’t going to be any quieter. So here’s what we see down the pipe. Have some ideas of your own? Think mine are off? E-mail at Michael@ITKnowledgeExchange.com.
Network security is one of those topics where everyone has an opinion, but there’s no way to know what’s right until you try it. We’ve tried to alleviate the need to frantically practice trial-and-error on every last network security product for the enterprise by polling IT Knowledge Exchange members. And here’s what you had to say: Continued »