You want to see Official (Isc)2 Guide to the CISSP CBK  or Shon Harris' CISSP All-In-One 4th Edition before you buy!!!!!!!!!!

Here is the site:

(Isc)2 http://www.google.com/books?id=RbihG-YALUkC&printsec=frontcover&lr=&sig=0avz6Znsnia1UlHqJ7FirwUw49w#PPP1,M1

Shon Harris'  http://www.google.com/books?id=tMmm-h0bRgIC&printsec=frontcover&lr=&sig=S0IDoA1W1uuxK2KizX6MVKSGXRM

I am reading right now Computer Security Handbook by Seymour Bosworth (Editor), Michel E. Kabay (Editor). I think this is the best book for Master level research.
 

Sorry for the confused. My point was CISSP is the best so far but if you don’t have CISSP get a Computer Science degree. It will help you a lot to understand how management and psychology work in IT department. 

Trust me CISSP is the best and one of the professional certification in this world. I am doing double masters (MBA-INFOSEC and Master of Science in Security Engineer). Whatever you do in your life, first get a degree then the certificates. I always follow these two girls one is Laura Chappell and the other is Shon Harris.

Good book for research . Please add these two more
The Art of Computer Virus Research and Defense ... by Peter Szor
Malware: Fighting Malicious Code ... by Ed Skoudis


 

"Adversaries are developing key hardware and software for the United States Department of Defense. The Defense Science Board Task Force (dsbt) issued a September 2007 report warning, “The United States must now confront—and plan for—the reality that adversaries may well be supplying the key hardware and software on which the U.S. bases its military and economic superiority.” The primary fear is that foreign-developed security software may come preprogrammed with backdoors and malicious code that would allow hackers to steal information or sabotage the system.

Because it is cheaper to do so, the U.S. has outsourced much of its government software development, including Department of Security software, to foreign nations—primarily India, China and Russia. While the U.S. saves money in this arrangement, it is likely to pay in national security.
 
“While the United States still has preeminence in computer science, Asia is rapidly gaining,” the report says. “The United States retains a pool of talented computer scientists and engineers, but the natural tendency of the industry is to seek the lowest cost supply of talent. In recent years that has been primarily in India, while China and Russia are on the rise.”
 
A generation ago, America’s adversaries were wary of U.S.-developed software because they knew it might be used as a weapon against them. Now the tables have turned. Task force chairman Robert Lucky said in an introductory letter to the dsbt report that low-level malicious technologies have already infiltrated sensitive, yet unclassified, Department of Defense systems.
 
"The ease with which foreign-developed software could be hacked by the developer nation’s computer scientists could well leave the United States vulnerable to attack. “Globalization of software development, where some of the United States adversaries are writing the code the [Department of Defense] will depend upon in war, creates a rich opportunity to damage or destroy elements of the war fighter’s capability,” the report says.
 
The United States’ reliance on foreign computer security systems may prove to be the seeds of its downfall. As Trumpet editor in chief Gerald Flurry has written, “We could lose the next war before we even begin, if somebody breaks our military codes.”

http://www.astalavista.com

Thx. Don for mention Wireshark. I am very fan with Laura Chappell’s Master Library and also I took a class call TCP/IP before I graduated in computer science. from DeVry. I already have all her tools and it's great. Here is the web site http://www.packet-level.com/. You can get a free for trial Master Library  it cost $995.00. I tell you it will help you a lot plus if you have AirPcap and AirPcap Tx versions you all set for your life. Here is another I love http://www.cacetech.com/. 

I was a good fan ASTALAVISTA.com. It was good three years ago. I think all same anywhere you. Just repeate again and again. Just read this book "IT Security Interviews Exposed".
Here is some few website:
http://www.hackerscenter.com/
http://www.lame-warez.com/index4.html   

What a great tools. Back|track still number one in the list so far. I cant wait to see what's new. 

It's free member until November 17th. The Download links are valid until 17th of November 2007. Security Toolbox DVD 4.0 with a lot useful information’s and tools for free. Just get a member then download all 4 rar then try!!!!!!!!!!!! You will love it. I like Astalavista.com for good resource.

http://www.astalavista.com

If you know how to use Google you will have some FUN. I think this is a good site you can learn some cool stuff!


http://www.scribd.com/

Also try this and boot from cd:

http://www.wifiway.org/

try this or use google (you have to know how to use google HACKING). Google is the best tools I ever had but you have to know how to use.


 
http://www.smallnetbuilder.com/content/view/24244/98/

or

http://www.astalavista.com/

This is just a beginner video.  I know I don’t have money to buy tools for learn. You can learn without spending money. Please let me know how much you like.
 "The more you read the more you learn" somebody said that

I said the more you play or crash the more you learn -Kurt

-peace

1) Socket Programming Basics
http://www.security-freak.net/sockets/socket-programming.html

2) Packet Sniffing using Raw Sockets
http://www.security-freak.net/raw-sockets/raw-sockets.html

3) Packet Injection using Raw Sockets
http://www.security-freak.net/packet-injection/packet-injection.html

4) Architecture of A Proactive Security Tool
http://www.security-freak.net/architecture/architecture.html

5) Encryption Basics using RC4
http://www.security-freak.net/encryption/encryption-rc4.html

6) How do WORMS work?
http://www.security-freak.net/worms/worms.html

7) Madwifi-NG Wireless Driver Compilation Basics
http://www.security-freak.net/tools/sohail/madwifi-driver-building/madwifi-driver-presentation.html
http://www.security-freak.net/tools/sohail/madwifi-compilation-1/madwifi-compilation.html
http://www.security-freak.net/tools/sohail/madwifi-compilation-2/madwifi-compilation-2.html
http://www.security-freak.net/tools/sohail/madwifi-compilation-3/madwifi-compilation-3.html
http://www.security-freak.net/tools/sohail/wireshark-wireless/wireshark-wireless.html

Tutorials on commonly used Security Tools
http://www.security-freak.net/tools/nmap/nmap.html
http://www.security-freak.net/tools/dig/dig.html
http://www.security-freak.net/tools/nc/nc.html
http://www.security-freak.net/tools/amit/airdecap-ng/airdecap-ng.html
http://www.security-freak.net/tools/ngrep/ngrep.html
http://www.security-freak.net/tools/wireshark/wireshark.html
http://www.security-freak.net/tools/nbtscan/nbtscan.html
http://www.security-freak.net/tools/amit/airodump-ng/airodump-ng.html
http://www.security-freak.net/tools/amit/airodump-ng/airodump-ng.html
http://www.security-freak.net/tools/amit/pcap2air-airbase/pcap2air.html
http://www.security-freak.net/tools/amit/pcap2air-airbase/pcap2air.html
http://www.security-freak.net/tools/amit/prism-strip/prism-strip-airbase.html
http://www.security-freak.net/tools/amit/simple-replay-airbase/simple-replay.html

 

Packet Capture and Traffic Analysis
This session is intended to help new or beginning network administrators learn how to use packet capture software for basic network troubleshooting and traffic analysis. It will cover both installation and use of packet capture software and the fundamentals of basic network traffic analysis, including identifying communication issues, monitoring network performance, verifying network security and tracking communication transactions.

Objectives
Define traffic analysis
Identify reasons for traffic analysis
Your responsibilities
Packet capture software
Installation
Capture packets
Analyze packets
What Is Traffic Analysis?

“Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network.”– Orebaugh, Angela. Ethereal Packet Sniffing. Rockland, MA: Syngress Publishing, Inc., 2004.

Note: Traffic analysis, network analysis, protocol analysis, packet analysis and packet sniffing all typically refer to the same thing.

Reasons to Analyze Traffic
Legitimate
Identify network or communication issues
Monitor network performance
Verify network security
Track communication transactions
Log network traffic
Discover source of unwanted traffic
Discover compromised workstations
Ensure users are adhering to AUP
Illegitimate
Capture passwords
Capture network information
Read confidential information
Determine network information
Back to Top

What do you need to know?
You don't have to be an expert. You can get a good idea of what might be causing a network problem simply by looking at the packets.

You do need to know the following information for your network: – Network layout - network diagram
– Server information
– Application information
– IP address information


You also need to have a basic understanding of network communication: – Protocols (TCP/IP, HTTP, DNS)
– MAC addresses
– IP addresses
– TCP is connection-oriented
– UDP is connectionless


Ethernet breaks information into packets. Each packet has a header with important information, such as source and destination.

Packets are sent and only the destination device responds.

MAC addresses and IP addresses can be spoofed.

How Packet Capture Works
Collects packets without modifying them.Promiscuous mode - Receives all traffic, not just traffic for that machine.


You can only capture traffic from the network you are on. - Flat network
- Switched network
- Port mirroring 


Your Responsibilities
Notify administration and users.

Add a disclaimer to your AUP.
"For security or maintenance purposes, equipment and network traffic may be monitored at any time."

Back to Top

Network Analyzers -- What's Available?
SecurityFocus
www.securityfocus.org/tools/category/4

Differences are usually in the features.

EtherPeek
Windows 2000/NT Server Network Monitor
Network Associates Sniffer and SnifferPro
Network Instruments Observer
Ethereal
Packetyzer
Features can include:

Number of protocols supported
User interface
Graphing and statistical analysis
Expert analysis features
Ethereal
Features:

Free (Open source software)
Runs on multiple platforms
Supports over 480 protocols
Reads capture files from other products (MS Network Monitor, TCPdump, Sniffer, Novell Lanalyzer)
Installation
Installation is a two step process.

WinPcap
Ethereal
Note: Ethereal may be installed without WinPcap, but only saved capture files can be read.

WinPcap installation
WinPcap: the Free Packet Capture Architecture for Windows
http://winpcap.polito.it
Also found at Ethereal ( http://www.ethereal.com)

Download and run the executable (WinPcap 3.0 for Windows).
Follow the instructions on the screen.
Note: You must have rights to install new drivers and be logged in as administrator or have administrative rights.

By default, WinPcap installs in C:\Program Files\WinPCap\.

Install Ethereal
Ethereal
http://www.ethereal.com

Download and run the executable (Ethereal-setup-0.10.2.exe).
Follow the instructions on screen.
Note: The first time you execute Ethereal (or any other WinPcap-based application) you must be logged in with administrative rights so the driver will be installed on the system.

By default Ethereal installs to C:\Program Files\Ethereal\.

Ethereal's Main Window
Menu bar
Tool bar
Summary Window or Packet View (top)
Protocol Detail or Tree View (middle)
Data View (bottom)
Filter Bar
Information Field
Summary Window
One-line summary of each packet. Default fields include:

No.
Time
Source
Destination
Protocol
Info
Note: You can change the default fields under Edit > Preferences.

Back to Top

Time Display Options
View/Time Display Format

Time of day
Date and time of day
Seconds since beginning of capture
Seconds since previous frame
Note: Only one option can be selected at a time.

Depending on your reasons for packet capture, you may want to change this parameter.

Protocol Detail
Detailed decode of the packet highlighted in the Summary Window. It displays a one-line summary of each layer in the protocol stack.

Example: Frame, Ethernet II, Internet Protocol, Transmission Control Protocol

Data View
Displays raw data of the packet highlighted in the Summary Window in hexadecimal and ASCII format.

Displays data in two rows.

Bytes corresponding to those highlighted in the Summary Window are also highlighted in the Data View window.

Note: Not all bytes are conveniently displayable in ASCII.

Menu Bar
File
Edit
View
Capture
Analyze
Statistics
Help
Tool Bar
Start a new live capture
Open a capture file
Save this capture file
Close this capture file
Capturing Packets
Determine where to place the sniffer on your network. What are you trying to accomplish?

If you are on a switched network and there is a problem, pick a segment where you can capture traffic related to the problem. Note: Remember you must be on the same segment.

Capture menu – Start
Capture Preferences menu
Back to Top

Capture Preferences Menu
Capture Interface. Select your preferred capture interface. Default value: first non-loopback interface.
Capture packets in promiscuous mode. If this option is not set to promiscuous mode, you will only capture packets going to or from your own computer.
Limit each packet to ____ bytes. Capture only the specified portion of the packet.
Capture Filter. Specify a capture filter. Default value: no filter


Capture File File. Specify the file name to use when you save the capture. Default value: blank.


Capture Limits
Stop capture after __ packets.
Stop capture after __ kilobytes.
Stop capture after __ seconds.


Display Options
Update list of packets in real time. Selected captures are displayed in the packet list pane in real time.
Automatic scrolling. Selected captures will scroll the packet list pane so you are always looking at the last packet captured.


Name Resolution
Enable MAC name resolution. Translates the first three bytes into Manufacturer Name
Enable network name resolution. Translates the IP address into DNS domain name. (Note: Triggers DNS lookup requests.)
Enable transport name resolution. Translates port numbers into protocols.

Back to Top

Analyze Packets
What information do you want to retrieve?
Traffic from a specific IP address
Unauthorized protocols (FTP)
Top talkers
Traffic to a specific Internet address
Specific data
Follow TCP streams
Highlight TCP packet/select Follow TCP Stream. Displays data as the application layer would see it.

Filters
Configuring filters is outside the scope of this presentation.

Ethereal has the ability to use both capture and display filters. Capture filters sort traffic being captured.
Display filters sort traffic that is already captured.


Packetyzer
Packetyzer is a Windows interface for Ethereal.

Network Chemistry. Packetyzer - Packet Analyzer for Windows. 2004.
http://www.networkchemistry.com/products/packetyzer/

Distributed with WinPcap and Ethereal

Free

Unauthorized Packet Capture
Can you protect your network?

Use switches

Encryption - SSH
- IPSec
- PGP (e-mail)

Back to Top

Follow-up Assignment
Download and install Ethereal.

Formulate a “capture statement.” What do you want to find out?


Do you want to identify what traffic is crossing your network?
Identify unauthorized protocols?
Identify top talkers?
Other?
Create a network diagram and determine the best place to capture traffic that is related to your “statement.”

Create and save three capture files.

Limit capture files to 1000 packets.
Capture network traffic during different times of the day.
Analyze the traffic you captured.

What protocols do you see?
Can you find any unauthorized traffic?
Can you identify the two top talkers?
Follow a TCP stream (HTTP) and save it as a file.
Write a brief description of what you found through network analysis.

 
Hacker
A person who stretches the capabilities of computer systems

Hacking
Rapid or reverse engineering of existing software to make it better

Cracker
A person who uses his hacking skills for offensive purposes

Ethical Hacker
A person who uses his hacking skills for defensive purposes
Threat A potential violation of security

Vulnerability
Existence of a weakness within a system that can lead to an exploit

Target of Evaluation
A system that is identified as requiring security evaluation
Attack an action that violates security
Exploit
The exploitation of a vulnerability to cause an attack Hacker Classes
Black Hats
Also known as Crackers
The Bad Guys
Excellent Computing Knowledge
Use hacking for corrupt purposes
White Hats Security Analysts
Use Hacking for defensive purposes
Gray Hats
Individuals who work both offensively and defensively at different times
Elements of Security

Phase 1 - Reconnaissance
Also known as Footprinting
Preparatory Phase
Gather information on ToE
Phases
Active
Ping ICMP Probing the network
Traceroute
Detects accessible hosts
Detects open ports
Passive
Sniffing
Information Gathering
DNS Information
Sam Spade
RIPE/ARIN

Phase 2 - Scanning
Pre Attack Phase
Scans network with information gathered during Phase 1 - Recon
Subtopic
Use Technologies
War Diallers
nMap Scanners
Vulnerability Scanners
eEye
ISS
GFI

Phase 3 - Gaining Access
Start of the True Attack Phase
Exploit a vulnerability found in a resource identified in the scanning phase

Phase 4 - Maintaining Access
Retention of ownership
Important for the hacker to regain use of the system
Installation of Rootkits, Trojans, and backdoors are common

Phase 5 - Covering Tracks
Action taken to extend misuse of systems without being detected
Steganography, tunneling
Altering log files
Security Testing
Black Box
Testing with no Prior Knowledge of the network infrastructure
White Box
Testing with knowledge of the network infrastructure