Hacking Exposed Network Security Secrets and Solutions

Name: Hacking Exposed Network Security Secrets and Solutions
Price: 5.97 USD
Availability: InStock
ISBN: 9780072127485

ISBN-10: 0072127481

ISBN-13: 9780072127485

Edition: 2nd 2001 (Revised)

Authors: Joel Scambray, George Kurtz, Stuart McClure

List price: $39.99

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $5.97

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

High-profile viruses and hacking incidents serve to highlight the dangers of system security breaches. This text provides network administrators with a reference for implementing and maintaining sound security policies.

Book details

List price: $39.99
Edition: 2nd
Copyright year: 2001
Publisher: McGraw-Hill Professional Publishing
Binding: Hardcover
Pages: 703
Size: 7.09" wide x 9.09" long x 1.69" tall
Weight: 3.168
Language: English

Joel Scambray, CISSP , is Chief Strategy Officer at Leviathan Security Group (leviathansecurity.com). His nearly 15 years of information security experience encompasses roles as a corporate leader (senior management positions at Microsoft and Ernst & Young), entrepreneur (co-founder of Foundstone), successful technical consultant for Fortune 500 firms, and internationally recognized speaker and author of multiple security books, including all five editions of Hacking Exposed: Network Security Secrets & Solutions . Stuart McClure, CISSP , an independent computer security consultant, is one of today's leading authorities on information security. He was SVP of Global Threats and Research for…



Foreword


Acknowledgments


Introduction



Casing the Establishment


Case Study: Target Acquisition



Footprinting


What Is Footprinting?


Why Is Footprinting Necessary?


Internet Footprinting



Determine the Scope of Your Activities



Network Enumeration



DNS Interrogation



Network Reconnaissance


Summary



Scanning


Scan Types


Identifying TCP and UDP Services Running


Windows-Based Port Scanners


Port Scanning Breakdown


Active Stack Fingerprinting


Passive Stack Fingerprinting


The Whole Enchilada: Automated Discovery Tools


Summary



Enumeration


Windows NT/2000 Enumeration


NT/2000 Network Resource Enumeration


NT/2000 User and Group Enumeration


NT/2000 Applications and Banner Enumeration


Let Your Scripts Do the Walking


Novell Enumeration


Browsing the Network Neighborhood


UNIX Enumeration


Summary



System Hacking


Case Study: Know Your Enemy



Hacking Windows 95/98 and ME


Win 9x Remote Exploits


Direct Connection to Win 9x Shared Resources


Win 9x Backdoor Servers and Trojans


Known Server Application Vulnerabilities


Win 9x Denial of Service


Win 9x Local Exploits


Windows Millennium Edition (ME)


Summary



Hacking Windows NT


Overview


Where We're Headed


What About Windows 2000?


The Quest for Administrator


Remote Exploits: Denial of Service and Buffer Overflows


Privilege Escalation


Consolidation of Power


Exploiting Trust


Sniffers


Remote Control and Back Doors


Port Redirection


General Countermeasures to Privileged Compromise


Rootkit: The Ultimate Compromise


Covering Tracks


Disabling Auditing


Clearing the Event Log


Hiding Files


Summary



Hacking Windows 2000


Footprinting


Scanning


Enumeration


Penetration


NetBIOS-SMB Password Guessing


Eavesdropping on Password Hashes


Attacks Against IIS 5


Remote Buffer Overflows


Denial of Service


Privilege Escalation


Pilfering


Grabbing the Win 2000 Password Hashes


The Encrypting File System (EFS)


Exploiting Trust


Covering Tracks


Disabling Auditing


Clearing the Event Log


Hiding Files


Back Doors


Startup Manipulation


Remote Control


Keystroke Loggers


General Countermeasures: New Windows Security Tools


Group Policy


Runas


Summary



Novell NetWare Hacking


Attaching but Not Touching


Enumerate Bindery and Trees


Opening the Unlocked Doors


Authenticated Enumeration


Gaining Admin


Application Vulnerabilities


Spoofing Attacks (Pandora)


Once You Have Admin on a Server


Owning the NDS Files


Log Doctoring


Console Logs


Further Resources


Web Sites (ftp://ftp.novell.com/pub/updates/nw/nw411/)


Usenet Groups


Summary



Hacking UNIX


The Quest for Root


A Brief Review


Vulnerability Mapping


Remote Access Versus Local Access


Remote Access


Data Driven Attacks


I Want My Shell


Common Types of Remote Attacks


Local Access


After Hacking Root


Trojans


Rootkit Recovery


Summary



Network Hacking


Case Study: Sweat the Small Stuff!



Dial-Up, PBX, Voicemail, and VPN Hacking


Wardialing


Hardware


Legal Issues


Peripheral Costs


Software


A Final Note


PBX Hacking


Virtual Private Network (VPN) Hacking


Summary



Network Devices


Discovery


Detection


SNMP


Back Doors


Default Accounts


Lower the Gates (Vulnerabilities)


Shared Versus Switched


Detecting the Media You're On


Passwords on a Silver Platter: Dsniff


Sniffing on a Network Switch


snmpsniff


Summary



Firewalls


Firewall Landscape


Firewall Identification


Advanced Firewall Discovery


Scanning Through Firewalls


Packet Filtering


Application Proxy Vulnerabilities


WinGate Vulnerabilities


Summary



Denial of Service (DoS) Attacks


Motivation of DoS Attackers


Types of DoS Attacks


Bandwidth Consumption


Resource Starvation


Programming Flaws


Routing and DNS Attacks


Generic DoS Attacks


Sites Under Attack


UNIX and Windows NT DoS


Remote DoS Attacks


Distributed Denial of Service Attacks


Local DoS Attacks


Summary



Software Hacking


Case Study: Using All the Dirty Tricks to Get In



Remote Control Insecurities


Discovering Remote Control Software


Connecting


Weaknesses


Revealed Passwords


Uploading Profiles


What Software Package Is the Best in Terms of Security?


pcAnywhere


ReachOut


Remotely Anywhere


Remotely Possible/ControlIT


Timbuktu


Virtual Network Computing (VNC)


Citrix


Summary



Advanced Techniques


Session Hijacking


Back Doors


Trojans


Subverting the System Environment: Rootkits and Imaging Tools


Social Engineering


Summary



Web Hacking


Web Pilfering


Finding Well-Known Vulnerabilities


Automated Scripts, for All Those "Script Kiddies"


Automated Applications


Script Inadequacies: Input Validation Attacks


Active Server Pages (ASP) Vulnerabilities


Buffer Overflows


Poor Web Design


Summary



Hacking the Internet User


Malicious Mobile Code


Microsoft ActiveX


Java Security Holes


Beware the Cookie Monster


Internet Explorer HTML Frame Vulnerabilities


SSL Fraud


Email Hacking


Mail Hacking 101


Executing Arbitrary Code Through Email


Outlook Address Book Worms


File Attachment Attacks


IRC Hacking


Napster Hacking with Wrapster


Global Countermeasures to Internet User Hacking


Keep Antivirus Signatures Updated


Guarding the Gateways


Summary



Appendixes



Ports



Top 14 Security Vulnerabilities



About the Companion Web Site


Novell


UNIX


Windows NT


Wordlists and Dictionaries


Wardialing


Enumeration Scripts


Index