Blackjacking: Security Threats to Blackberry, PDA's, and Cell

<< Buy This Book on Amazon >>

收藏推荐:

图书介绍

*******************************************************************************

Blackjacking: Security Threats to Blackberry, PDA's, and Cell Phones in the Enterprise

*******************************************************************************

-------------------------------------------------------------------------------

General Information

-------------------------------------------------------------------------------

Type.................: Ebook

Part Size............: 10,977,260 bytes

-------------------------------------------------------------------------------

Post Information

-------------------------------------------------------------------------------

Posted by............: ~tqw~

-------------------------------------------------------------------------------

Release Notes

-------------------------------------------------------------------------------

The latest vulnerability that could be punching holes in your network security?

All those BlackBerrys, PDAs, and cellphones you've been doling out. You know how

computers and servers can be attacked, and you know how to protect them. But do

you know how these new devices can be attacked -- or as the jargon goes,

"blackjacked"? Do you know what to do about it? You'd better: Blackjacking was

the number one topic at this year's DefCon security conference. Fortunately,

there's now a start-to-finish guide to these attacks and countermeasures: Daniel

V. Hoffman's Blackjacking. If you're a network administrator or security

specialist, this is one book you owe it to yourself to read.

Hoffman starts by categorizing the threats, revealing how hackers can target the

infrastructure you've built to support mobile email and voice services, and how

PDA syncing offers a new way for hackers to attack your desktops and notebooks.

You'll learn how to revamp both your mind-set and your security strategies to

more effectively protect today's diverse non-PC devices. Then, armed with your

new mind-set, you'll get to work. Hoffman walks you through several specific

BlackBerry attacks, showing how each can be deterred, and offering a complete

BlackBerry security checklist. Next, he does the same for PocketPCs and Palm

devices, calling attention to software that can be part of your overall security

solution.

Many IT professionals don't think of cell phones as vectors for attack, but

nowadays they run software, display confidential email, and exchange enterprise

data. Hoffman shows how they can be compromised via malware, Bluetooth

connections, spoofing, and physical tampering, and offers guidance on preventing

all that bad stuff. Just something else to worry about -- but better to worry

about it now, before it's too late.

Chapter 1 Understanding the Threats.

Quantifying the Threat.

The Malware Threat.

Direct Attack.

Data-Communication Interception.

Authentication Spoofing and Sniffing.

Physical Compromise.

Mobile Device Enterprise Infrastructure.

PC and LAN Connectivity.

Fundamental Changes in Security Strategy.

Protecting the Mobile Device Itself.

Enforcing Compliance on the Mobile Device.

Addressing Security Deficiencies Automatically.

Implementing Layered Security.

Controlling and Protecting Data.

Things to Remember.

Chapter 2 Understanding the Devices.

BlackBerrys.

BlackBerry Business Phones.

BlackBerry Handheld Devices.

BlackBerry-Enabled Devices.

Pocket PCs.

Dell Axim Pocket PCs.

HP Pocket PCs.

Palm Pocket PCs.

Motorola Pocket PC.

Palm Handhelds.

Palm Smartphones.

Cell Phones.

Symbian OS Cell Phones.

Non?Symbian OS Cell Phones.

Things to Remember.

Chapter 3 Exploiting BlackBerry Devices.

Malware Is Threatening Your BlackBerry.

Analyzing a Malware Attack.

Gathering Information.

Setting Up for the Attack and Covering His Tracks.

Launching the Attack.

Protecting Against This Attack.

Learning about New Vulnerabilities.

BlackBerry Antivirus Software.

Attacking a BlackBerry Directly.

Attacking via IP Address.

Attacking via Malware.

Antimalware Applications.

Enterprise-Grade Firewall with IDS/IPS.

The BlackBerry Firewall.

Ensuring the Device Has the Latest Updates.

Educating Users about Risks.

Intercepting BlackBerry Communication.

What Data Is Being Transmitted?

How Is Data Being Transmitted?

Carrier Internet Access.

Bluetooth.

The BlackBerry Wi-Fi Interface.

Physically Compromising a BlackBerry by Spoofing and Intercepting

Authentication.

How Physical Compromise Happens.

Preventing Physical Compromise.

Protecting a Stand-Alone BlackBerry.

Preventing Unauthorized Access.

The Truth About Wiping A Lost or Stolen BlackBerry.

Implementing Content Protection.

Spoofing and Intercepting Authentication.

BlackBerry Security Checklist.

Things to Remember.

Chapter 4 Hacking the Supporting BlackBerry Infrastructure.

Good and Bad: A Conduit to Your LAN.

Understanding the BlackBerry Infrastructure.

BlackBerry Infrastructure Components.

Infrastructure Design Considerations.

Attacking the BlackBerry Infrastructure.

The Attacker?s Side of the Story.

Insecure Server Configuration.

Insecure Topology.

BBProxy.

Things to Remember.

Chapter 5 Protecting Your PC and LAN from BlackBerrys.

Controlling Data Is Critical.

How Companies Lose Control of Data.

How to Control Data.

Create and Communicate a Formal Policy.

Enforce Security Policies with Available Technology.

Threats from BlackBerry-Provided Internet Access.

Internet Attack.

The Attacker?s Side of the Story.

Preventing the Attack.

Stay Up-to-Date with Patches.

Use a Personal Firewall.

Controlling Data Coming from a BlackBerry.

Analyze the Data Coming from the BlackBerry.

Analyze the Data as It Resides on the BlackBerry.

Control Which Devices Can Connect to Your Enterprise PCs.

Things to Remember.

Chapter 6 Exploiting PDAs.

Corrupting Your PDA with Malware.

Backdoor Malware for the Pocket PC.

Other PDA Malware.

PDA Antimalware Programs.

Kaspersky Security for PDAs.

JSJ Antivirus.

Trend Micro Mobile Security.

Symantec AntiVirus for Handhelds.

McAfee VirusScan Mobile.

Targeting a PDA Directly.

Finding a PDA.

Making a PDA Stealthy.

PDA Firewall Applications.

Trend Micro Mobile Security (for PDA).

Airscanner Mobile Firewall (for Pocket PC).

Intercepting PDA Communication.

Surfing the Internet at Public Wi-Fi Hotspots.

Using IM and Checking Email at Public Wi-Fi Hotspots.

Using Virtual Private Networks (VPN) to Secure Data.

PDA Authentication Spoofing and Interception.

Sniffing Email Authentication.

Stealing Credentials with Access Point (AP) Phishing.

Intercepting Authentication via SSL Man-in-the-Middle.

Compromising the PDA Physically.

Controlling Access to the PDA.

Palm PDA Security.

Pocket-PC Security.

Encrypting Data on the PDA.

Palm PDA Encryption.

Pocket-PC Encryption.

Things to Remember.

Chapter 7 Hacking the Supporting PDA Infrastructure.

Connecting a PDA to the LAN Is Good and Bad.

You Get What You Pay For.

Strengthen the Wireless Infrastructure.

Using PDA VPN Clients to Protect the Infrastructure.

Be Smart about Providing Access.

Protect Credentials ? Protect the Infrastructure.

Control Access to Email with VPN Clients.

Things to Remember.

Chapter 8 Protecting Your PC and LAN from PDAs.

Connecting PDAs to Enterprise Resources.

Transferring Data with a Pocket PC.

Transferring Data with a Palm Device.

Why Transferring Data Is a Problem.

PDAs May Be Contagious.

Good Intentions, Bad Results.

Anatomy of an Infection.

Infection by a Pocket PC.

Infection by a Palm Device.

Preventing PDAs from Bringing Malware into the Enterprise.

Ensure PCs Are Using Antivirus Software Properly.

Ensure All PDAs Contain Antivirus Software.

Control Whether PDAs Can Connect to PCs.

Centralized Management Tools for the PDA.

Things to Remember.

Chapter 9 Exploiting Cell Phones.

Cell-Phone Malware.

The King of All Cell-Phone Malware?

FlexiSpy: Trojan or Valid Software?

Other Cell-Phone Malware.

Stopping Cell-Phone Malware.

Trend Micro Mobile Security for Symbian.

Symantec Mobile Security for Symbian.

F-Secure Mobile Security.

Stealing Data via Bluetooth.

Discovering a Cell Phone via Bluetooth.

Attacking a Cell Phone via Bluetooth.

Preventing Bluetooth Attacks.

Intercepting Cell-Phone Communication.

Physical Compromise and Cell-Phone Authentication Spoofing.

A Real-World Example.

Analyzing Physical Tampering.

Preventing Physical Tampering.

Spoofing Authentication with a Cell Phone.

Things to Remember.

Chapter 10 Protecting the Enterprise PC and LAN from Cell Phones.

Cell Phones May Bring in Malware.

How It Happens.

How to Stop the Attack.

Exposing Enterprise Email.

A Creative Way to Access Enterprise Email.

Prevent Email Forwarding.

Exporting Enterprise Data and Clandestine Data Gathering.

Mobile Phone Tools.

Clandestine Information Gathering.

Things to Remember.

Index.

Product Details

* ISBN: 0470127546

* ISBN-13: 9780470127544

* Format: Paperback, 312pp

* Publisher: Wiley, John & Sons, Incorporated

* Pub. Date: April 2007

-------------------------------------------------------------------------------

Install Notes

-------------------------------------------------------------------------------

Adobe Acrobat Reader

Download this book from Usenet

Free register and download UseNext downloader, then you can free download from UseNet.

Download this book from Usenet!

使用Usenext下载

免费注册即可使用Usenext下载这本电子书！
Usenext是来自德国的下载软件，强大的共享网络搜索下载工具，免费注册后即可不限速下载150G 电子书，Audiobook等等~~赶快下载使用吧！

Copyright Disclaimer:
本站一切内容源于互联网搜索，禁止商用！请查看本页来源页面的版权声明。如有任何不妥请联系:ebookee[at]gmail.com，我们将在24小时内删除相关内容。

浏览量：220 添加时间：2008-01-05 18:46:35, 更新时间：2008-01-05 18:46:35, from internet