Chris McNab

Last updated
Chris McNab
Born
Christopher Ross McNab

(1980-03-10) March 10, 1980 (age 41)
CitizenshipBritish, American
Alma mater Bristol Cathedral School
(Dropped out in 1997)
OccupationAuthor, computer hacker
Years active2000–present
Notable work
Network Security Assessment
Style Technical nonfiction
Height6 ft 4 in (193 cm)
Website O'Reilly Media — Chris McNab

Christopher Ross McNab (born March 10, 1980) is an author, computer hacker, and founder of AlphaSOC. McNab is best known for his Network Security Assessment books, which detail practical penetration testing tactics that can be adopted to evaluate the security of networks in-line with CESG CHECK, [1] PCI DSS, [2] and NIST SP 800-115 [3] standards.

He is not to be confused with Chris McNab, Welsh author, survivalist and military expert.

During 2012 and 2013, McNab undertook incident response work on behalf of organizations in California and Nevada targeted by Alexsey Belan [4] (currently on the FBI Cyber’s Most Wanted list). In 2011, McNab worked closely with the Attorney General of Guatemala under a United States Agency for International Development (USAID) project [5] to secure the computer networks that underpin the legal system within the country.

Bibliography

Related Research Articles

Information security Protecting information by mitigating information risks

Information Security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:

Motherboard Main printed circuit board (PCB) for a computing device

A motherboard is the main printed circuit board (PCB) in general-purpose computers and other expandable systems. It holds and allows communication between many of the crucial electronic components of a system, such as the central processing unit (CPU) and memory, and provides connectors for other peripherals. Unlike a backplane, a motherboard usually contains significant sub-systems, such as the central processor, the chipset's input/output and memory controllers, interface connectors, and other components integrated for general use.

Randal L. Schwartz American programmer and technology writer

Randal L. Schwartz, also known as merlyn, is an American author, system administrator and programming consultant.

Brute-force attack Cryptanalytic method for unauthorized users to access data

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

Expansion card Circuit board able to be connected to a computer system to add functionality

In computing, an expansion card is a printed circuit board that can be inserted into an electrical connector, or expansion slot on a computers motherboard, backplane or riser card to add functionality to a computer system.

Kevin Mitnick American computer security consultant, author, convicted criminal, and hacker

Kevin David Mitnick is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes.

Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

Simson Garfinkel

Simson L. Garfinkel is the US Census Bureau's Senior Computer Scientist for Confidentiality and Data Access. Previously, he was a computer scientist at the National Institute of Standards and Technology (2015-2017) and, prior to that, an associate professor at the Naval Postgraduate School in Monterey, California (2006-2015). In addition to his research, Garfinkel is a journalist, an entrepreneur, and an inventor; his work is generally concerned with computer security, privacy, and information technology.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the "computer underground".

Wireless security

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, or Wi-Fi Protected Access. WPA was a quick alternative to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Anton Chuvakin is a computer security specialist, currently a Research Director at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. Formerly he was a principal at Security Warrior Consulting. Previous positions included roles of a Director of PCI Compliance Solutions at Qualys, a U.S. Vulnerability management company, a Chief Logging Evangelist with LogLogic, a U.S. Log Management and Intelligence company and a Security Strategist with netForensics, a U.S. Security information management company.

Cracking a wireless network is defeating the security of a wireless local-area network. A commonly used wireless LAN is a Wi-Fi network. Wireless LANs have inherent security weaknesses from which wired networks are exempt.

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes.

Michael Gregg is an American computer security specialist, businessman and author/coauthor of several books, including as Build Your Own Network Security Lab and Inside Network Security Assessment. Gregg has served as an expert witness before congressional committee on cyber security and identity theft.

DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary with Agile software development; several DevOps aspects came from the Agile methodology.

Information security operations center Facility where enterprise information systems are monitored, assessed, and defended

An information security operations center is a facility where enterprise information systems are monitored, assessed, and defended.

Gradle Open source software build automation tool

Gradle is a build automation tool for multi-language software development. It controls the development process in the tasks of compilation and packaging to testing, deployment, and publishing. Supported languages include Java, C/C++, and JavaScript. The other, if not the major function of Gradle is to collect statistical data about the usage of software libraries around the globe.

The cyber security community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy. The following is a list of some of these stakeholders.

References