Client-Side Attacks and Defense (Paperback)

Individuals wishing to attack a company's network have found a new path of least resistance-the end user. A client- side attack is one that uses the inexperience of the end user to create a foothold in the user's machine and therefore the network. Client-side attacks are everywhere and hidden in plain sight. Common hiding places are malicious Web sites and spam. A simple click of a link will allow the attacker to enter. This book presents a framework for defending your network against these attacks in an environment where it might seem impossible.

The most current attacks are discussed along with their delivery methods, such as browser exploitation, use of rich Internet applications, and file format vulnerabilities. The severity of these attacks is examined along with defences against them, including antivirus and anti-spyware, intrusion detection systems, and end-user education.

• Design and implement your own attack, and test methodologies derived from the approach and framework presented by the authors
• Learn how to strengthen your network's host- and network-based defense against attackers' number one remote exploit-the client-side attack
• Defend your network against attacks that target your company's most vulnerable asset-the end user

企業網絡的攻擊者已經找到了一條新的最易受攻擊的途徑-最終用戶。客戶端攻擊是利用最終用戶的經驗不足，在用戶的機器和網絡中建立立足點的攻擊。客戶端攻擊無處不在，卻又隱藏在明顯的地方。常見的藏身之處包括惡意網站和垃圾郵件。只需點擊一個鏈接，攻擊者就能進入。本書提供了一個在看似不可能的環境中保護您的網絡免受這些攻擊的框架。

本書討論了最新的攻擊方式，以及它們的傳遞方法，如瀏覽器利用、豐富的互聯網應用程序和文件格式漏洞。我們還對這些攻擊的嚴重性進行了分析，並提出了相應的防禦措施，包括防病毒和反間諜軟件、入侵檢測系統和最終用戶教育。

本書還提供了以下內容：
- 設計和實施您自己的攻擊，並測試根據作者提供的方法和框架衍生出的方法論
- 學習如何加強您的網絡主機和基於網絡的防禦，以對抗攻擊者的主要遠程攻擊-客戶端攻擊
- 保護您的網絡免受針對公司最脆弱資產-最終用戶的攻擊