You are previewing Hack Proofing Your Network 2E, 2nd Edition.
O'Reilly logo
Hack Proofing Your Network 2E, 2nd Edition

Book Description

A new edition the most popular Hack Proofing book around!
IT professionals who want to run secure networks, or build secure software, need to know about the methods of hackers. The second edition of the best seller Hack Proofing Your Network, teaches about those topics, including:
· The Politics, Laws of Security, Classes of Attack, Methodology, Diffing, Decrypting, Brute Force, Unexpected Input, Buffer Overrun, Sniffing, Session Hijacking, Spoofing, Server Holes, Client Holes, Trojans and Viruses, Reporting Security Problems, Choosing Secure Systems

The central idea of this book is that it's better for you to find the holes in your network than it is for someone else to find them, someone that would use them against you. The complete, authoritative guide to protecting your Windows 2000 Network.

Updated coverage of an international bestseller and series flagship
Covers more methods of attack and hacker secrets
Interest in topic continues to grow - network architects, engineers and administrators continue to scramble for security books
Written by the former security manager for Sybase and an expert witness in the Kevin Mitnick trials
· A great addition to the bestselling "Hack Proofing..." series
· Windows 2000 sales have surpassed those of Windows NT
· Critical topic. The security of an organization's data and communications is crucial to its survival and these topics are notoriously difficult to grasp
· Unrivalled web support at www.solutions@syngress.com

Table of Contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Solutions@syngress.com
  5. Copyright
  6. Acknowledgments
  7. Contributors
  8. From the First Edition
  9. Technical Editor and Contributor
  10. Foreword v 1.5
  11. About the Web Site
  12. Foreword v 1.0
  13. Chapter 1: How To Hack
    1. Introduction
    2. What We Mean by “Hack”
    3. Knowing What To Expect in the Rest of This Book
    4. Understanding the Current Legal Climate
    5. Summary
    6. Frequently Asked Questions
  14. Chapter 2: The Laws of Security
    1. Introduction
    2. Knowing the Laws of Security
    3. Client-Side Security Doesn’t Work
    4. You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
    5. Malicious Code Cannot Be 100 Percent Protected against
    6. Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
    7. Firewalls Cannot Protect You 100 Percent from Attack
    8. Any IDS Can Be Evaded
    9. Secret Cryptographic Algorithms Are Not Secure
    10. If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding
    11. Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
    12. In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
    13. Security through Obscurity Does Not Work
    14. Summary
    15. Frequently Asked Questions
  15. Chapter 3: Classes of Attack
    1. Introduction
    2. Identifying and Understanding the Classes of Attack
    3. Identifying Methods of Testing for Vulnerabilities
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  16. Chapter 4: Methodology
    1. Introduction
    2. Understanding Vulnerability Research Methodologies
    3. The Importance of Source Code Reviews
    4. Reverse Engineering Techniques
    5. Black Box Testing
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  17. Chapter 5: Diffing
    1. Introduction
    2. What Is Diffing?
    3. Exploring Diff Tools
    4. Troubleshooting
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  18. Chapter 6: Cryptography
    1. Introduction
    2. Understanding Cryptography Concepts
    3. Learning about Standard Cryptographic Algorithms
    4. Understanding Brute Force
    5. Knowing When Real Algorithms Are Being Used Improperly
    6. Understanding Amateur Cryptography Attempts
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  19. Chapter 7: Unexpected Input
    1. Introduction
    2. Understanding Why Unexpected Data Is Dangerous
    3. Finding Situations Involving Unexpected Data
    4. Using Techniques to Find and Eliminate Vulnerabilities
    5. Utilizing the Available Safety Features in Your Programming Language
    6. Using Tools to Handle Unexpected Data
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  20. Chapter 8: Buffer Overflow
    1. Introduction
    2. Understanding the Stack
    3. Understanding the Stack Frame
    4. Learning about Buffer Overflows
    5. Creating Your First Overflow
    6. Learning Advanced Overflow Techniques
    7. Advanced Payload Design
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  21. Chapter 9: Format Strings
    1. Introduction
    2. Understanding Format String Vulnerabilities
    3. Why and Where Do Format String Vulnerabilities Exist?
    4. How Can They Be Fixed?
    5. How Format String Exploits Work
    6. What to Overwrite
    7. Examining a Vulnerable Program
    8. Testing with a Random Format String
    9. Writing a Format String Exploit
    10. Summary
    11. Solutions Fast Track
    12. Frequently Asked Questions
  22. Chapter 10: Sniffing
    1. Introduction
    2. What Is Sniffing?
    3. What to Sniff?
    4. Popular Sniffing Software
    5. Advanced Sniffing Techniques
    6. Exploring Operating System APIs
    7. Taking Protective Measures
    8. Employing Detection Techniques
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  23. Chapter 11: Session Hijacking
    1. Introduction
    2. Understanding Session Hijacking
    3. Examining the Available Tools
    4. Playing MITM for Encrypted Communications
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  24. Chapter 12: Spoofing: Attacks on Trusted Identity
    1. Introduction
    2. What It Means to Spoof
    3. Background Theory
    4. The Evolution of Trust
    5. Establishing Identity within Computer Networks
    6. Capability Challenges
    7. Desktop Spoofs
    8. Impacts of Spoofs
    9. Down and Dirty: Engineering Spoofing Systems
    10. Summary
    11. Solution Fast Track
    12. Frequently Asked Questions
  25. Chapter 13: Tunneling
    1. Introduction
    2. Strategic Constraints of Tunnel Design
    3. Designing End-to-End Tunneling Systems
    4. Open Sesame: Authentication
    5. Command Forwarding: Direct Execution for Scripts and Pipes
    6. Port Forwarding: Accessing Resources on Remote Networks
    7. When in Rome: Traversing the Recalcitrant Network
    8. Not In Denver, Not Dead: Now What?
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  26. Chapter 14: Hardware Hacking
    1. Introduction
    2. Understanding Hardware Hacking
    3. Opening the Device: Housing and Mechanical Attacks
    4. Analyzing the Product Internals: Electrical Circuit Attacks
    5. What Tools Do I Need?
    6. Example: Hacking the iButton Authentication Token
    7. Example: Hacking the NetStructure 7110 E-commerce Accelerator
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  27. Chapter 15: Viruses, Trojan Horses, and Worms
    1. Introduction
    2. How Do Viruses, Trojans Horses, and Worms Differ?
    3. Anatomy of a Virus
    4. Dealing with Cross-platform Issues
    5. Proof that We Need to Worry
    6. Creating Your Own Malware
    7. How to Secure Against Malicious Software
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  28. Chapter 16: IDS Evasion
    1. Introduction
    2. Understanding How Signature-Based IDSs Work
    3. Using Packet Level Evasion
    4. Using Application Protocol Level Evasion
    5. Using Code Morphing Evasion
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  29. Chapter 17: Automated Security Review and Attack Tools
    1. Introduction
    2. Learning about Automated Tools
    3. Using Automated Tools for Penetration Testing
    4. Knowing When Tools Are Not Enough
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  30. Chapter 18: Reporting Security Problems
    1. Introduction
    2. Understanding Why Security Problems Need to Be Reported
    3. Determining When and to Whom to Report the Problem
    4. Deciding How Much Detail to Publish
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  31. Index