Roger A. Grimes - Böcker

Meet the world's top ethical hackers and explore the tools of the tradeHacking the Hacker takes you inside the world of cybersecurity to show you what goes on behind the scenes, and introduces you to the men and women on the front lines of this technological arms race. Twenty-six of the world's top white hat hackers, security researchers, writers, and leaders, describe what they do and why, with each profile preceded by a no-experience-necessary explanation of the relevant technology.  Dorothy Denning discusses advanced persistent threats, Martin Hellman describes how he helped invent public key encryption, Bill Cheswick talks about firewalls, Dr. Charlie Miller talks about hacking cars, and other cybersecurity experts from around the world detail the threats, their defenses, and the tools and techniques they use to thwart the most advanced criminals history has ever seen. Light on jargon and heavy on intrigue, this book is designed to be an introduction to the field; final chapters include a guide for parents of young hackers, as well as the Code of Ethical Hacking to help you start your own journey to the top.Cybersecurity is becoming increasingly critical at all levels, from retail businesses all the way up to national security. This book drives to the heart of the field, introducing the people and practices that help keep our world secure. Go deep into the world of white hat hacking to grasp just how critical cybersecurity isRead the stories of some of the world's most renowned computer security expertsLearn how hackers do what they do—no technical expertise necessaryDelve into social engineering, cryptography, penetration testing, network attacks, and moreAs a field, cybersecurity is large and multi-faceted—yet not historically diverse. With a massive demand for qualified professional that is only going to grow, opportunities are endless. Hacking the Hacker shows you why you should give the field a closer look.

Shows how to improve Windows desktop and server security by configuring default security before installing off-the-shelf security productsEducates readers about the most significant security threats, building the ultimate defense, operating system hardening, application security, and automating securityAs a security consultant, the author has an impressive record-of his clients, not one who followed his recommendations has suffered a virus, worm, Trojan, or successful hacker attack in the past five yearsThe companion Web site includes author-created custom security templates and group policies that will automate advice given in the book

Will your organization be protected the day a quantum computer breaks encryption on the internet? Computer encryption is vital for protecting users, data, and infrastructure in the digital age. Using traditional computing, even common desktop encryption could take decades for specialized ‘crackers’ to break and government and infrastructure-grade encryption would take billions of times longer. In light of these facts, it may seem that today’s computer cryptography is a rock-solid way to safeguard everything from online passwords to the backbone of the entire internet. Unfortunately, many current cryptographic methods will soon be obsolete. In 2016, the National Institute of Standards and Technology (NIST) predicted that quantum computers will soon be able to break the most popular forms of public key cryptography. The encryption technologies we rely on every day—HTTPS, TLS, WiFi protection, VPNs, cryptocurrencies, PKI, digital certificates, smartcards, and most two-factor authentication—will be virtually useless. . . unless you prepare. Cryptography Apocalypse is a crucial resource for every IT and InfoSec professional for preparing for the coming quantum-computing revolution. Post-quantum crypto algorithms are already a reality, but implementation will take significant time and computing power. This practical guide helps IT leaders and implementers make the appropriate decisions today to meet the challenges of tomorrow. This important book: Gives a simple quantum mechanics primerExplains how quantum computing will break current cryptographyOffers practical advice for preparing for a post-quantum worldPresents the latest information on new cryptographic methodsDescribes the appropriate steps leaders must take to implement existing solutions to guard against quantum-computer security threats Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto is a must-have guide for anyone in the InfoSec world who needs to know if their security is ready for the day crypto break and how to fix it.

Protect your organization from scandalously easy-to-hack MFA security “solutions” Multi-Factor Authentication (MFA) is spreading like wildfire across digital environments. However, hundreds of millions of dollars have been stolen from MFA-protected online accounts. How? Most people who use multifactor authentication (MFA) have been told that it is far less hackable than other types of authentication, or even that it is unhackable. You might be shocked to learn that all MFA solutions are actually easy to hack. That’s right: there is no perfectly safe MFA solution. In fact, most can be hacked at least five different ways. Hacking Multifactor Authentication will show you how MFA works behind the scenes and how poorly linked multi-step authentication steps allows MFA to be hacked and compromised. This book covers over two dozen ways that various MFA solutions can be hacked, including the methods (and defenses) common to all MFA solutions. You’ll learn about the various types of MFA solutions, their strengthens and weaknesses, and how to pick the best, most defensible MFA solution for your (or your customers') needs. Finally, this book reveals a simple method for quickly evaluating your existing MFA solutions. If using or developing a secure MFA solution is important to you, you need this book.  Learn how different types of multifactor authentication work behind the scenesSee how easy it is to hack MFA security solutions—no matter how secure they seemIdentify the strengths and weaknesses in your (or your customers’) existing MFA security and how to mitigateAuthor Roger Grimes is an internationally known security expert whose work on hacking MFA has generated significant buzz in the security world. Read this book to learn what decisions and preparations your organization needs to take to prevent losses from MFA hacking.

Avoid becoming the next ransomware victim by taking practical steps todayColonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day.In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks.In addition to walking you through the necessary technical preventative measures, this critical book will show you how to: Quickly detect an attack, limit the damage, and decide whether to pay the ransomImplement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damageLay down a secure foundation of cybersecurity insurance and legal protection to mitigate the disruption to your life and businessA must-read for cyber and information security professionals, privacy leaders, risk managers, and CTOs, Ransomware Protection Playbook is an irreplaceable and timely resource for anyone concerned about the security of their, or their organization's, data.

Keep valuable data safe from even the most sophisticated social engineering and phishing attacks Fighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture. Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against themEducate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they beginDiscover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreadingDevelop technology and security policies that protect your organization against the most common types of social engineering and phishingAnyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.

A transformative new approach to Internet security from an experienced industry expert Taming the Hacking Storm: A Framework for Defeating Hackers and Malware is a groundbreaking new roadmap to solving the ubiquitous Internet security issues currently plaguing countries, businesses, and individuals around the world. In easy-to-understand and non-technical language, author and cybersecurity veteran Roger Grimes describes the most prevalent threats to our online safety today and what ties them all together. He goes on to lay out a comprehensive and robust framework for combating that threat—one that rests on a foundation of identity verification—and explains exactly how to implement it in the real world. The author addresses each of the challenges, pitfalls, and roadblocks that might stand in the way of his solutions, offering practical ways to navigate, avoid, or counter those impediments. The book also includes: How to address peripheral security issues, including software and firmware vulnerabilitiesStrategies for addressing a lack of international agreement on the implementation of security standards and practicesThings you can do today to encourage the development of a more secure, trusted InternetAn insightful and original new approach to cybersecurity that promises to transform the way we all use the Internet, Taming the Hacking Storm is a must-read guide for cybersecurity practitioners, academic researchers studying Internet security, and members of the general public with an interest in tech, security, and privacy.

Malicious mobile code is a new term to describe all sorts of bad programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug have proved the experts wrong, attacking Windows computers when recipients do nothing more than open an email. Today, writing programs is easier than ever, and so is writing malicious code that will do destructive things. The idea that someone could write malicious code and spread it to 60 million computers in a matter of hours is no longer a fantasy. There are effective ways to thwart Windows malicious code attacks, and Roger Grimes maps them out in this book. His opening chapter on the history of malicious code and the multi-million dollar anti-virus industry sets the stage for a rundown on today's viruses and how to protect a system from them. He looks at ways to configure Windows for maximum protection, what a DOS virus can and cannot do, what today's biggest threats are and other important information.The book offers the strategies, tips, and tricks to secure a system against attack. It covers: the current state of the malicious code writing and cracker community in 2001; how malicious code works, what types there are, and what it can and cannot do; common anti-virus defenses, including anti-virus software; how malicious code affects the various Windows operating systems, and how to recognize, remove, and prevent them; macro viruses affecting MS Word, MS Excel, and VBScript; Java applets and ActiveX controls; enterprise-wide malicious code protection; hoaxes; and the future of computer malicious mobile code and how to combat it.