From the Inside Flap
- Section 1: Basic Hacking
- Section 2: Current Methods
- Section 3: Additional Items on the Plate
- Section 4: Old School
- Section 5: Computer Forensics
From the Back Cover
"Ajay and Scott take an interesting approach in filling Defend I.T. with case studies and using them to demonstrate important security principles. This approach works well and is particularly valuable in the security space, where companies and consultants are often hesitant to discuss true security incidents for potential embarrassment and confidentiality reasons. Defend I.T. is full of engaging stories and is a good read."
--Fyodor, author of the Nmap Security Scanner and Insecure.Org
"Defend I.T. answers reader demand for scenario-driven examples. Security professionals will be able to look at these case studies and relate them to their own experiences. That sets this book apart."
--Lance Hayden, Cisco Systems
"This is an exciting book! It's like reading several mysteries at once from different viewpoints, with the added benefit of learning forensic procedures along the way. Readers will benefit from the procedures, and the entertaining presentation is a real plus."
--Elizabeth Zinkann, Equilink Consulting
The battle between IT professionals and those who use the Internet for destructive purposes is raging--and there is no end in sight. Reports of computer crime and incidents from the CERT Coordination Center at Carnegie Mellon University more than double each year and are expected to rise. Meanwhile, viruses and worms continue to take down organizations for days.
Defend I.T.: Security by Example draws on detailed war stories to identify what was done right and what was done wrong in actual computer-security attacks, giving you the opportunity to benefit from real experiences. Approaches to securing systems and networks vary widely from industry to industry and organization to organization. By examining a variety of real-life incidents companies are too embarrassed to publicly share, the authors explain what could have been done differently to avoid the losses incurred--whether creating a different process for incident response or having better security countermeasures in place to begin with.
Inside, you'll find in-depth case studies in a variety of categories:
- Basic Hacking: Blackhat bootcamp, including mapping a network, exploiting vulnerable architecture, and launching denial-of-service attacks
- Current Methods: The latest in malicious deeds, including attacks on wireless networks, viruses and worms, and compromised Web servers
- Additional Items on the Plate: Often overlooked security measures such as developing a security policy, intrusion-detection systems, disaster recovery, and government regulations
- Old School: Classic means of compromising networks--war dialing and social engineering
- Forensics: How to investigate industrial espionage, financial fraud, and network intrusion
Aimed at both information-security professionals and network administrators, Defend I.T. shows you how to tap the best computer-security practices and industry standards to deter attacks and better defend networks.
About the Author
Ajay Gupta, CISSP, founder and president of Gsecurity, is an expert on cyber security, secure architecture, and information privacy. Gsecurity provides cyber security and data privacy services to federal, state, and local governments, as well as commercial clients in the educational, financial, and health-care sectors.
Scott Laliberte, CISSP, CISM, MBA, is a leader of Protiviti’s Global Information Security Practice. He has extensive experience in the areas of information systems security, network operations, incident response, and e-commerce, and has served clients in many industries, including healthcare, life sciences, financial services, manufacturing, and other industries. Scott has led many security engagements, including attack and penetration studies, Web application security reviews, systems vulnerability assessments, wireless security reviews, and security systems implementation. In addition, he has led a number of incident response projects, which help organizations identify, stop, and recover from security incidents and attacks. He has spoken on information security topics for a variety of audiences and industries, including MIS Training Institute (MISTI), National Association of Financial Services Auditors (NAFSA), ISACA, IIA, and HCCA. He has been quoted as a security expert in the Financial Times, Securities Industries News, and elsewhere, and has authored numerous information security articles for a variety of publications.
Excerpt. © Reprinted by permission. All rights reserved.
Microsoft introduced Visual Basic, Scripting Edition--commonly known as VBScript--in the mid-'90s, positioning it as a native replacement for Windows' aging command-line batch language, which was based on Microsoft's earliest operating system, MS-DOS. VBScript was intended to be easy to learn, powerful, and flexible. The language was included as an add-on to Windows 95 and Windows NT 4.0, was an optional installation component included in Windows 98, and was included in all editions of Windows Me, Windows 2000, Windows XP, and Windows Server 2003.
Software developers immediately seized upon VBScript for Web programming, particularly in Active Server Pages, Microsoft's rapid-development programming framework for the Web. However, Windows administrators--one of VBScript's initial target audiences--were left cold. VBScript seemed to be much more complicated than administrators' beloved MS-DOS-based batch language, and many didn't see the need to learn an entirely new batch language.
When Windows 2000 and Active Directory came along, however, administrators found that Windows administration had become a great deal more complex. Suddenly, administrators were searching for Resource Kit and other utilities that offered automated administration, especially for repetitive tasks. Active Directory enabled the use of VBScript for logon and logoff scripts, which seemed to promise more advanced use environment manipulation. At around the same time, Microsoft's naivete in releasing a powerful language like VBScript with absolutely no security controls resulted in a huge wave of high-impact VBScript-based viruses, forcing administrators to lock down their environments and remove VBScript as an option both for viruses and for administrative tools.
As a regular speaker at some of the country's top technical conferences that focus on Windows technologies, including MCP TechMentor, the past few years I've given half- and full-day sessions on VBScripting for Windows administrators, and the sessions have been incredibly popular. In these sessions, I try to provide just enough VBScript experience to make scripting possible, and then concentrate on accomplishing common administrative tasks with VBScript. I also cover the security concerns of VBScript and provide administrators with the means for safely using VBScript in their environments. This book is essentially a written form of those sessions, greatly expanded with more coverage of Windows Management Instrumentation and other advanced topics, and with more coverage of VBScript security issues and resolutions.
I'm not out to turn you into a programmer. In fact, one of the real successes of VBScript is that you don't need to be a programmer to use it. Most of what you'll be doing in this book involves using VBScript to tell Windows to do things for you; you'll be able to ignore much of VBScript's complexity, using it as a sort of electronic glue to combine various operating system functions.
Who Should Read This Book?
The only assumption I have about you is that you already know how to administer some version of Microsoft Windows. You'll find that most of the material in this book is suitable for Windows NT, Windows 2000, and Windows Server 2003 environments, and it will continue to be useful through future versions of Windows. I do not assume that you have any background in programming, and I'm not going to give you a programming background.
You should have a desire to learn how to use what I call "the batch language of the twenty-first century" and a wish to move away from clumsier--and often more complex--batch files based on the MS-DOS batch language. Although some folks like to refer to batch files as scripts, I don't; and when you see how easy and flexible VBScript is, you'll understand why!
How to Use This Book
You can read this book in order from the Introduction to the Appendix. However, if you already have some experience with VBScript, or if you just want to dive right into the more complete example scripts, you can skip around as much as you like. I've organized this book in the same way that I organize my live VBScripting sessions at conferences, so you may feel that it's some time before you really get into the meat of scripting. I assure you, though, that each example in this book--starting in Chapter 1--is focused on Windows administration. You'll get your feet wet right away!
I've also included In This Chapter elements at the start of each chapter and Coming Up elements at the end of each chapter. These are brief paragraphs that are intended to help set the stage and help you decide if you need to read a particular chapter or not. They'll also help you decide which chapter to read next based on your individual needs and interests. I hope that these elements--along with the cross-references I've included in each chapter--will help you zip straight to the scripting information that you need most.
To help you decide where to start, here's a brief overview of each chapter.
Part I: Introduction to Windows Administrative Scripting
Part I serves as an introduction to the world of scripting and provides you with a methodology for approaching administrative tasks from a scripting standpoint. One of the most difficult parts about producing new scripts from scratch is the "Where do I start?" factor, and I'll provide you with a framework for figuring that out every time.
Chapter 1: Scripting Concepts and Terminology
As I've already implied, administrative scripting isn't hard-core programming. Instead, it's using VBScript as a sort of electronic glue to secure various bits of the Windows operating system together. In this chapter, I'll introduce you to those various bits and set the stage with some basic terminology that you'll use throughout this book.
Chapter 2: Running Scripts
Writing a script isn't much fun if you can't run the script, and so this chapter will focus on the technologies used to execute scripts. You might be surprised to learn how many different Microsoft products support scripting. In this chapter, I'll show you how far your scripting skills can really take you. I'll also introduce you to some scripting tools that can make writing and debugging scripts a bit easier.
Chapter 3: The Components of a Script
In this chapter, I'll present a complete administrative script, and then break it down line-by-line to explain its various components. Although this chapter isn't necessary to learning administrative scripting, it will help you write scripts that are more reliable and easier to troubleshoot.
Chapter 4: Designing a Script
As I've mentioned already, one of the toughest aspects about scripting can be figuring out where to start. In this chapter, I'll provide you with a framework that you can use as a starting point for every new scripting project. I'll also introduce you to some concepts that many scripting books ignore, such as planning for errors and creating a useful "resource kit" of script components that you can reuse throughout your scripting projects.
Part II: VBScript Tutorial
Here's your official crash course to the VBScript language: just enough to make administration via script a possibility! The best part is that I won't use the trite "Hello, world" examples that books for software developers often start out with. Instead, I'll make every example useful to you as a Windows administrator. That means you'll be producing simple, useful scripts at the same time you're learning VBScript. What could be better?
Chapter 5: Functions, Objects, Variables, and More
In this chapter, I'll show you the basic building blocks of any script and introduce you to some sample scripts that use each building block in a particular administrative task. This is really the meat of administrative scripting, and you'll be able to write useful scripts when you're finished with this chapter.
Chapter 6: Input and Output
You can make your scripts more flexible by adding the ability to dynamically change computer, user, and domain names, along with other information. In this chapter, I'll show you how your script can collect information it needs to run and dynamically alter itself to take advantage of that information.
Chapter 7: Manipulating Numbers
This chapter will explain how scripts can manipulate numbers, making it easier to create scripts that work with numeric data, such as user account data. I'll also introduce you to VBScript's numeric data handling and conversion commands, putting you on the path to some great scripting techniques.
Chapter 8: Manipulating Strings
Strings--a fancy word for text data--are at the heart of most scripting tasks. In this chapter, I'll show you how VBScript deals with strings and how you can easily integrate them into your scripts.
Chapter 9: Manipulating Other Types of Data
Aside from text and numbers, your scripts may need to deal with dates, times, bytes, and other forms of data to accomplish specific administrative tasks. In this chapter, I'll show you how VBScript handles these other data types and how you can use them in your own scripts.
Chapter 10: Controlling the Flow of Execution
The best administrative scripts can respond to changing conditions with internal logic, called control-of-flow. In this chapter, I'll show you how your scripts can be made to evaluate various conditions and respond accordingly, perform repetitive tasks, and much more.
Chapter 11: Built-in Scripting Objects
Much of VBScript's power comes from its capability to join various operating system objects, and in this chapter, I'll introduce you to your first set of those objects. You'll learn how to manipulate network information, map drives, and much...