| |
| |
Introduction | |
| |
| |
Methods for Running BackTrack Linux | |
| |
| |
| |
Ethical Hacking Overview | |
| |
| |
Introduction to Ethical Hacking | |
| |
| |
The Role of Security and Penetration Testers | |
| |
| |
Penetration-Testing Methodologies | |
| |
| |
Certification Programs for Network Security Personnel | |
| |
| |
What You Can Do Legally | |
| |
| |
Laws of the Land | |
| |
| |
Is Port Scanning Legal? | |
| |
| |
Federal Laws | |
| |
| |
What You Cannot Do Legally | |
| |
| |
Get It in Writing | |
| |
| |
Ethical Hacking in a Nutshell | |
| |
| |
Chapter Summary | |
| |
| |
| |
TCP/IP Concepts Review | |
| |
| |
Overview of TCP/IP | |
| |
| |
The Application Layer | |
| |
| |
The Transport Layer | |
| |
| |
The Internet Layer | |
| |
| |
IP Addressing | |
| |
| |
Planning IP Address Assignments | |
| |
| |
IPv6 Addressing | |
| |
| |
Overview of Numbering Systems | |
| |
| |
Reviewing the Binary Numbering System | |
| |
| |
Reviewing the Octal Numbering System | |
| |
| |
Reviewing the Hexadecimal Numbering System | |
| |
| |
Chapter Summary | |
| |
| |
| |
Network and Computer Attacks | |
| |
| |
Malicious Software (Malware) | |
| |
| |
Viruses | |
| |
| |
Macro Viruses | |
| |
| |
Worms | |
| |
| |
Trojan Programs | |
| |
| |
Spyware | |
| |
| |
Adware | |
| |
| |
Protecting Against Malware Attacks | |
| |
| |
Educating Your Users | |
| |
| |
Intruder Attacks on Networks and Computers | |
| |
| |
Denial-of-Service Attacks | |
| |
| |
Distributed Denial-of-Service Attacks | |
| |
| |
Buffer Overflow Attacks | |
| |
| |
Ping of Death Attacks | |
| |
| |
Session Hijacking | |
| |
| |
Addressing Physical Security | |
| |
| |
Keyloggers | |
| |
| |
Behind Locked Doors | |
| |
| |
Chapter Summary | |
| |
| |
| |
Footprinting and Social Engineering | |
| |
| |
Using Web Tools for Footprinting | |
| |
| |
Conducting Competitive Intelligence | |
| |
| |
Analyzing a Company's Web Site | |
| |
| |
Using Other Footprinting Tools | |
| |
| |
Using E-mail Addresses | |
| |
| |
Using HTTP Basics | |
| |
| |
Other Methods of Gathering Information | |
| |
| |
Using Domain Name System Zone Transfers | |
| |
| |
Introduction to Social Engineering | |
| |
| |
The Art of Shoulder Surfing | |
| |
| |
The Art of Dumpster Diving | |
| |
| |
The Art of Piggybacking | |
| |
| |
Phishing | |
| |
| |
Chapter Summary | |
| |
| |
| |
Port Scanning | |
| |
| |
Introduction to Port Scanning | |
| |
| |
Types of Port Scans | |
| |
| |
Using Port-Scanning Tools | |
| |
| |
Nmap | |
| |
| |
Unicornscan | |
| |
| |
Nessus and OpenVAS | |
| |
| |
Conducting Ping Sweeps | |
| |
| |
Fping | |
| |
| |
Hping | |
| |
| |
Crafting IP Packets | |
| |
| |
Understanding Scripting | |
| |
| |
Scripting Basics | |
| |
| |
Chapter Summary | |
| |
| |
| |
Enumeration | |
| |
| |
Introduction to Enumeration | |
| |
| |
Enumerating Windows Operating Systems | |
| |
| |
NetBIOS Basics | |
| |
| |
NetBIOS Enumeration Tools | |
| |
| |
Additional Enumeration Tools | |
| |
| |
Enumerating the NetWare Operating System | |
| |
| |
NetWare Enumeration Tools | |
| |
| |
Enumerating the *nix Operating System | |
| |
| |
UNIX Enumeration | |
| |
| |
Chapter Summary | |
| |
| |
| |
Programming for Security Professionals | |
| |
| |
Introduction to Computer Programming | |
| |
| |
Programming Fundamentals | |
| |
| |
Learning the C Language | |
| |
| |
Anatomy of a C Program | |
| |
| |
Understanding HTML Basics | |
| |
| |
Creating a Web Page with HTML | |
| |
| |
Understanding Perl | |
| |
| |
Background on Perl | |
| |
| |
Understanding the Basics of Perl | |
| |
| |
Understanding the BLT of Perl | |
| |
| |
Understanding Object-Oriented Programming Concepts | |
| |
| |
Components of Object-Oriented Programming | |
| |
| |
An Overview of Ruby | |
| |
| |
Chapter Summary | |
| |
| |
| |
Desktop and Server OS Vulnerabilities | |
| |
| |
Windows OS Vulnerabilities | |
| |
| |
Windows File Systems | |
| |
| |
Remote Procedure Call | |
| |
| |
NetBIOS | |
| |
| |
Server Message Block | |
| |
| |
Common Internet File System | |
| |
| |
Null Sessions | |
| |
| |
Web Services | |
| |
| |
SQL Server | |
| |
| |
Buffer Overflows | |
| |
| |
Passwords and Authentication | |
| |
| |
Tools for Identifying Vulnerabilities in Windows | |
| |
| |
Built-in Windows Tools | |
| |
| |
Best Practices for Hardening Windows Systems | |
| |
| |
Patching Systems | |
| |
| |
Antivirus Solutions | |
| |
| |
Enable Logging and Review Logs Regularly | |
| |
| |
Disable Unused Services and Filtering Ports | |
| |
| |
Other Security Best Practices | |
| |
| |
Linux OS Vulnerabilities | |
| |
| |
Samba | |
| |
| |
Tools for Identifying Linux Vulnerabilities | |
| |
| |
More Countermeasures Against Linux Attacks | |
| |
| |
Chapter Summary | |
| |
| |
| |
Embedded Operating Systems: The Hidden Threat | |
| |
| |
Introduction to Embedded Operating Systems | |
| |
| |
Windows and Other Embedded Operating Systems | |
| |
| |
Other Proprietary Embedded OSs | |
| |
| |
*Nix Embedded OSs | |
| |
| |
Vulnerabilities of Embedded OSs | |
| |
| |
Embedded OSs Are Everywhere | |
| |
| |
Embedded OSs Are Networked | |
| |
| |
Embedded OSs Are Difficult to Patch | |
| |
| |
Embedded OSs Are in Networking Devices | |
| |
| |
Embedded OSs Are in Network Peripherals | |
| |
| |
Supervisory Control and Data Acquisition Systems | |
| |
| |
Cell Phones, Smartphones, and PDAs | |
| |
| |
Rootkits | |
| |
| |
Best Practices for Protecting Embedded OSs | |
| |
| |
Chapter Summary | |
| |
| |
| |
Hacking Web Servers | |
| |
| |
Understanding Web Applications | |
| |
| |
Web Application Components | |
| |
| |
Using Scripting Languages | |
| |
| |
Connecting to Databases | |
| |
| |
Understanding Web Application Vulnerabilities | |
| |
| |
Application Vulnerabilities and Countermeasures | |
| |
| |
Assessing Web Applications | |
| |
| |
Tools for Web Attackers and Security Testers | |
| |
| |
Web Tools | |
| |
| |
Chapter Summary | |
| |
| |
| |
Hacking Wireless Networks | |
| |
| |
Understanding Wireless Technology | |
| |
| |
Components of a Wireless Network | |
| |
| |
Understanding Wireless Network Standards | |
| |
| |
The 802.11 Standard | |
| |
| |
An Overview of Wireless Technologies | |
| |
| |
Additional IEEE 802.11 Projects | |
| |
| |
Understanding Authentication | |
| |
| |
The 802.1X Standard | |
| |
| |
Understanding Wardriving | |
| |
| |
How It Works | |
| |
| |
Understanding Wireless Hacking | |
| |
| |
Tools of the Trade | |
| |
| |
Countermeasures for Wireless Attacks | |
| |
| |
Chapter Summary | |
| |
| |
| |
Cryptography | |
| |
| |
Understanding Cryptography Basics | |
| |
| |
History of Cryptography | |
| |
| |
Understanding Symmetric and Asymmetric Algorithms | |
| |
| |
Symmetric Algorithms | |
| |
| |
Asymmetric Algorithms | |
| |
| |
Digital Signatures | |
| |
| |
Sensitive Data Encryption | |
| |
| |
Hashing Algorithms | |
| |
| |
Understanding Public Key Infrastructure | |
| |
| |
Components of PKI | |
| |
| |
Understanding Cryptography Attacks | |
| |
| |
Birthday Attack | |
| |
| |
Mathematical Attacks | |
| |
| |
Brute-Force Attack | |
| |
| |
Man-in-the-Middle Attack | |
| |
| |
Dictionary Attack | |
| |
| |
Replay Attack | |
| |
| |
Understanding Password Cracking | |
| |
| |
Chapter Summary | |
| |
| |
| |
Network Protection Systems | |
| |
| |
Understanding Routers | |
| |
| |
Understanding Routing Protocols | |
| |
| |
Understanding Basic Hardware Routers | |
| |
| |
Understanding Access Control Lists | |
| |
| |
Understanding Firewalls | |
| |
| |
Understanding Firewall Technology | |
| |
| |
Implementing a Firewall | |
| |
| |
Understanding the Cisco Adaptive Security Appliance Firewall | |
| |
| |
Using Configuration and Risk Analysis Tools for Firewalls and Routers | |
| |
| |
Understanding Intrusion Detection and Prevention Systems | |
| |
| |
Network-Based and Host-Based IDSs and IPSs | |
| |
| |
Web Filtering | |
| |
| |
Security Incident Response Teams | |
| |
| |
Understanding Honeypots | |
| |
| |
How Honeypots Work | |
| |
| |
Chapter Summary | |
| |
| |
| |
Legal Resources | |
| |
| |
| |
Resources | |
| |
| |
| |
Virtualization and Ethical Hacking | |
| |
| |
Virtualization and Security Testing | |
| |
| |
Virtualization Vulnerabilities | |
| |
| |
Installing and Using Virtualization Software | |
| |
| |
Overview of VMware Server | |
| |
| |
Downloading and Installing VMware Server | |
| |
| |
Creating a Virtual Machine and Installing a Guest OS | |
| |
| |
Configuring Networking Options | |
| |
| |
Configuring Hardware Options | |
| |
| |
Installing VMware Tools | |
| |
| |
Glossary | |
| |
| |
Index | |