Hacker's Challenge 3: 20 Brand New Forensic Scenarios &Amp; Solutions (V. 3): 20 Brand New Forensic Scenarios & Solutions (NETWORKING & COMM - OMG) - Softcover

The stories about phishing attacks against banks are so true-to-life, it's chilling." --Joel Dubin, CISSP, Microsoft MVP in Security

Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker's Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you'll get a detailed analysis of how the experts solved each incident.

Exerpt from "Big Bait, Big Phish"

The Challenge: "Could you find out what's going on with the gobi web server? Customer order e-mails aren't being sent out, and the thing's chugging under a big load..." Rob e-mailed the development team reminding them not to send marketing e-mails from the gobi web server.... "Customer service is worried about some issue with tons of disputed false orders...." Rob noticed a suspicious pattern with the "false" orders: they were all being delivered to the same P.O. box...He decided to investigate the access logs. An external JavaScript file being referenced seemed especially strange, so he tested to see if he could access it himself.... The attacker was manipulating the link parameter of the login.pl application. Rob needed to see the server side script that generated the login.pl page to determine the purpose....

The Solution: After reviewing the log files included in the challenge, propose your assessment: What is the significance of the attacker's JavaScript file? What was an early clue that Rob missed that might have alerted him to something being amiss? What are some different ways the attacker could have delivered the payload? Who is this attack ultimately targeted against? Then, turn to the experts' answers to find out what really happened.