Profile for Mario Camilien > Reviews

Browse

Mario Camilien's Profile

Customer Reviews: 4
Top Reviewer Ranking: 14,129,355
Helpful Votes: 7




Community Features
Review Discussion Boards
Top Reviewers

Guidelines: Learn more about the ins and outs of Your Profile.

Reviews Written by
Mario Camilien RSS Feed

Show:  
Page: 1
pixel
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
by Thomas Wilhelm
Edition: Paperback
Price: $37.86
24 used & new from $14.00

5 of 5 people found the following review helpful
4.0 out of 5 stars Ninja Hacking - Unconventional Penetration Testing Tactics and Techniques, May 10, 2011
Book Title: Ninja Hacking - Unconventional Penetration Testing Tactics and Techniques
ISBN-978-1-59749-588-2
Reviewer: Mario Camilien, CISSP
Authors: Thomas Wilhelm and Jason Andress

Ninja hacking will continue to be a very good reference book. The process of using Social Engineering as a tool to exploit human weaknesses will continue to be enhanced. There are many ways Social Engineering attacks can be crafted. Attacks are often successful because attackers exploit our human frailties. Social Engineers are often playing on peoples' fear, vanity, and curiosity. The authors have pinpointed those areas in many good examples such the ones outlined below:

- loss of job
- loss of insurance
- mergers
- current events
- academic achievements

After reading the Ninja hacking book, one will come to the conclusion that human's ability to use techniques to accomplish a stated objective is limitless. One must never assume and rely on pre-conceived notions about individuals, locations, and organizations. The methods are not new. Social Engineering is the process of using technology as vehicle to revive and enhancing old tactics.

Mario Camilien, CISSP
Comment Comment (1) | Permalink | Most recent comment: Aug 13, 2012 11:16 AM PDT


Seven Deadliest Unified Communications Attacks (Seven Deadliest Attacks)
Seven Deadliest Unified Communications Attacks (Seven Deadliest Attacks)
Price: $13.99

1 of 1 people found the following review helpful
4.0 out of 5 stars Seven Deadliest Unified Communications Attacks, April 3, 2011
Book Title: Seven Deadliest Unified Communications Attacks
ISBN-978-1-59749-547-9
Reviewer: Mario Camilien, CISSP
Author: Dan York

Attacks against communications systems have always been challenges that societies throughout the ages have tried to withstand in order to survive. The parallel exists between early societies and those of today. To remain a successful entity - a stable communications system was -- and still is -- a basic tenet of survival.

Successful attacks against communications systems, such as roads, waterways, caves, and today's digital media have always been detrimental. Empires such as the Romans --understood that notion well. Their ability to communicate effectively without hindrance, allowed them to succeed in the operations of state, commerce, and the dispatching of armies to the Mediterranean world, North Africa and the Iberian Peninsula. Well protected communications channels allowed the Roman armies to campaign as far East as Parthia -- known today as Iran. The Romans knew that any denial of service (DOS) was a hindrance, and did their utmost best to ensure that all lines of communications remained open. That's not to say -- establishing a secure communication system was an easy task. The Romans believed that "communication was what held their society together ". For that reason the Roman Empire put best security practices in place to protect their communications system. They maintained a protective security posture that incorporated adaptability to emerging threats. They saw all risks as potential dangers to established polity or areas of controls. In today's terms we call it a domain or a unified communications system.

In the seven Deadliest Unified Communications (UC) Attacks, Author Dan York takes a close look at the various components which make up today's Communications Ecosystem. As the author puts it, the digital world is ending geography as we know it. Those who are bent on attacking communications systems live by their own rules - come from anywhere --and think differently. They have no configuration management, and no security plan, in others words --they are not overburdened by an organization structure of checks and balances.

As outlined by Dan York, the digital world has changed the ways systems are interconnected. It is no longer a domain controlled by few providers (such as AT&T, Verizon, and the various states owned telecommunications system such the PTT in France), where the rules of engagement are known and interconnectivities among systems are well established. We now live in a world dominated by heterogeneous endpoint devices which are no longer isolated to their own servers and systems. They are interlinked with a vast number of disparate systems. Systems are distributed and federated in a way that dictates a challenging security posture. Attacks against an existing communications system can be initiated from anywhere in the world.

Again, as demonstrated by the early Romans, stable forms of communications remain the foundation for any successful society. However, Dan York states, " Today communication infrastructure is much more complex. You don't only have to worry about your PBX and wiring, you also have to worry about e-mail servers, Web Servers, business systems, desktop PCs...Oh, and of course the underlying network infrastructure". As narrated times and times by the Author " there are dangers associated with the UC Ecosystems.

Chapter by chapter the author takes the reader and describes the various dangers such as protocol fuzzing, denial of service attacks, misuse of legitimate Session Initiated Protocol SIP) Signaling, registration erasure or modification, spam for internet telephony (SPIT), Toll fraud and so on. Just like technologies continue to evolve and so are the threats. Those attacks will continue to grow as unified communications continue to expand and interconnect. In closing, the author accomplished the objectives of bringing to the reader the reality that securing digital infractrures will be challenging. As he stated: " Complexity is the enemy of security in that the more complex a system becomes, the harder it is to secure".

Mario Camilien, CISSP

References:
1. Gestures and Acclamations in Ancient Rome, Aldrete, Gregory
2. French public administration of postal services and telecommunications

3. The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP). The protocol can be used for creating, modifying and terminating two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams. The modification can involve changing addresses or ports, inviting more participants, and adding or deleting media streams. Other feasible application examples include video conferencing, streaming multimedia distribution, instant messaging, presence information, file transfer and online games. From From Wikipedia)


Seven Deadliest Social Network Attacks (Seven Deadliest Attacks)
Seven Deadliest Social Network Attacks (Seven Deadliest Attacks)
by Carl Timm
Edition: Paperback
Price: $24.62
41 used & new from $2.90

1 of 1 people found the following review helpful
5.0 out of 5 stars Seven Deadliest Social Network Attacks, March 6, 2011
Book Title: Seven Deadliest Social Network Attacks
ISBN-10: 159749545X; ISBN-13: 978-1597495455
Reviewer: Mario Camilien, CISSP
Authors: Carl Tim and Richard Perez

Just like the Peloponnesian battles which reshaped the Ancient Greek world, as narrated by Greek historian Thucydides -- social network attacks are on the verge of doing the same thing in a greater proportion that transcends borders, and nationalities. In the Seven Social Network Attacks, Authors Carl Tim and Richard Perez illustrate an evolution aided by technological advancement that is far greater than the Athenian and the Spartans could have imagined in their enduring treacherous Peloponnesian wars. Carl and Richard have successfully established chapter by chapter how the tools of deception are made easier with the emergence of Social Media. Malware and Infrastructure attacks such as denial of service (DOS), cross-site scripting, cross-site request forgery, phishing, evil twin are today's weapons of choice to those who use social networks to conduct unauthorized activities.

The motives vary, and no system is fully protected from these persistent attacks. As stated by Carl and Richard, all level of professional management must see the benefits of a better understanding of threats and attacks that can be performed within social networks, " whether within the workplace , usage of smart phone, cybercafé, or from within the home" .

The attacks initiated by technological know-how and the cross-pollination of ideas are making it easier for those whose intentions are to cause havoc. Malware applications can easily be downloaded and for a price --anyone bent on conducting unauthorized transactions can get powerful payloads. The continuing objective is to dupe the online users to activities which they did not plan.

Carl and Richard also reiterated that: "Since the beginning of time, people have been conned cleverly into relinquishing something of themselves in ways that appear, at the surface, to be harmless. Unfortunately for many it's not until afterwards they are painfully aware of the harm that they caused themselves by being duped into relinquishing something about themselves that may seemed harmless at the time." As illustrated by the authors, those "people" have fallen prey to a phishing attack or other social engineering schemes.

Again - what is at stake --are attacks that seek economic gains, identity thefts and the continuous desire by some to collect data for unscrupulous purposes. The floodgates are now open and what can we do as organizations to address and stem the flow of attacks that are continuous, and which originate from anywhere. There are options such as rate limit and black hole filtering that will relieve any environment temporarily from attacks such as denial of service. Again -- these solutions are temporary - more robust mitigating techniques will need to be applied. However, as stated by the authors, true mitigating solutions of DOS must be with the implementation of Distributed denial of service (DDOS) tools such as CISCO Guard, Intruguard, and Netscreen. Many Internet Service Providers (ISPs) also offer these types of services. The book is a good reference for various security mitigation strategies, it covers areas that address security issues related to Twitter, MySpace, Facebook , cyber bullying, workplace bullying, and provides a future outlook to physical threats on social networks.

Upon completion of the book, one can continue to use it as guidance for establishing policies such as acceptable use of social network. One will also gain a better understanding of the various network deception tools and the adverse impact that they can have in our daily lives. Defending against technological or human based deception is not easy. It is not one solution that will fix the problem; it is a myriad of best security practices that need to be in place. The authors concluded the book with the following statement: "Our fascination with technology is a double edge sword. As we push the pedal for individualism, it has often unexpected negative recourse to our personal privacy." With this book, the authors have contributed to a sound understanding of some of the underlying issues that we face in exposing ourselves and organizations to the opportunities offered by social networks.

Mario Camilien, CISSP, CHSS, SCNP
Information Security Analyst


Securing the Borderless Network: Security for the Web 2.0 World
Securing the Borderless Network: Security for the Web 2.0 World
by Tom Gillis
Edition: Paperback
Price: $38.77
40 used & new from $0.01

4.0 out of 5 stars WEB security for the Web 2.0 work., January 30, 2011
Verified Purchase(What's this?)
WEB security for the Web 2.0 work.

This book takes the reader immediately to an area that is revolutionizing the way we conduct business. The author walks us from the evolution of Firewall and the impact that each new technology such as Cloud Computing, portable devices have on the business environment. It is not only a book that looks at the various technological advancement, it also advocates the social and business benefits of shifting technological paradigms. As illustrated by the author, Tom Gillis --"Change creates winners and losers. The basic principle of Darwinism suggests that is not the strongest species that survive, not the most intelligent, but the most adaptive to change". The book Security for the Web 2.0 world is a testament of things to come, and cautiously remind us of "irrational exuberance" of the past and present.

Mario Camilien, CISSP, CHSS, SCNP
Information Security Analyst


Page: 1