You are previewing Hackers Beware.
O'Reilly logo
Hackers Beware

Book Description

Hackers Beware starts with a roadmap of the various areas of hacking but quickly delves into the details of how specific attacks work and how to protect against them. Since most attacks we hear about either occur or are perceived to come from hackers, people are very interested "in how they do that" - the techniques hackers use to break into systems. Hackers Beware is unique in that it gives specific exploits, exactly how they work and how to protect against them. This book will help readers understand what security threats they are up against and what they need to do to protect against them. Some books cover this from a high level but do not get into the details of specific exploits and cover it in a case by case fashion. This book will cover the complete picture. It will not only describe how an exploit works but present the signature of the attack, what to look for on a network and how to protect against it.

Table of Contents

  1. Copyright
  2. About the Author
  3. About the Technical Reviewers
  4. Acknowledgments
  5. Tell Us What You Think
  6. Introduction
  7. Introduction
    1. The Golden Age of Hacking
    2. How Bad Is the Problem?
    3. What Are Companies Doing?
    4. What Should Companies Be Doing?
    5. Defense in Depth
    6. Purpose of This Book
    7. Legal Stuff
    8. What’s Covered In This Book
    9. Summary
  8. How and Why Hackers Do It
    1. What Is an Exploit?
    2. The Attacker’s Process
    3. The Types of Attacks
    4. Categories of Exploits
    5. Routes Attackers Use to Get In
    6. Goals Attackers Try to Achieve
    7. Summary
  9. Information Gathering
    1. Steps for Gathering Information
    2. Information Gathering Summary
    3. Red Teaming
    4. Summary
  10. Spoofing
    1. Why Spoof?
    2. Types of Spoofing
    3. Summary
  11. Session Hijacking
    1. Spoofing versus Hijacking
    2. Types of Session Hijacking
    3. TCP/IP Concepts
    4. Detailed Description of Session Hijacking
    5. ACK Storms
    6. Programs That Perform Hijacking
    7. Dangers Posed by Hijacking
    8. Protecting Against Session Hijacking
    9. Summary
  12. Denial of Service Attacks
    1. What Is a Denial of Service Attack?
    2. What Is a Distributed Denial of Service Attack?
    3. Why Are They Difficult to Protect Against?
    4. Types of Denial of Service Attacks
    5. Tools for Running DOS Attacks
    6. Tools for Running DDOS Attacks
    7. Preventing Denial of Service Attacks
    8. Preventing Distributed Denial of Service Attacks
    9. Summary
  13. Buffer Overflow Attacks
    1. What Is a Buffer Overflow?
    2. How Do Buffer Overflows Work?
    3. Types of Buffer Overflow Attacks
    4. Why Are So Many Programs Vulnerable?
    5. Sample Buffer Overflow
    6. Protecting Our Sample Application
    7. Ten Buffer Overflow Attacks
    8. Protection Against Buffer Overflow Attacks
    9. Summary
  14. Password Security
    1. Typical Attack
    2. The Current State of Passwords
    3. History of Passwords
    4. Future of Passwords
    5. Password Management
    6. Password Attacks
    7. Summary
  15. Microsoft NT Password Crackers
    1. Where Are Passwords Stored in NT?
    2. How Does NT Encrypt Passwords?
    3. All Passwords Can Be Cracked (NT Just Makes It Easier)
    4. NT Password-Cracking Programs
    5. Comparison
    6. Extracting Password Hashes
    7. Protecting Against NT Password Crackers
    8. Summary
  16. UNIX Password Crackers
    1. Where Are the Passwords Stored in UNIX?
    2. How Does UNIX Encrypt Passwords?
    3. UNIX Password-Cracking Programs
    4. Comparison
    5. Protecting Against UNIX Password Crackers
    6. Summary
  17. Fundamentals of Microsoft NT
    1. Overview of NT Security
    2. Availability of Source Code
    3. NT Fundamentals
    4. Summary
  18. Specific Exploits for NT
    1. Exploits for NT
    2. Summary
  19. Fundamentals of UNIX
    1. Linux
    2. Vulnerable Areas of UNIX
    3. UNIX Fundamentals
    4. Summary
  20. Specific Exploits for UNIX
    1. UNIX Exploits
    2. Summary
  21. Preserving Access
    1. Backdoors and Trojans
    2. Rootkits
    3. NT Backdoors
    4. Summary
  22. Covering the Tracks
    1. How To Cover One’s Tracks
    2. Summary
  23. Other Types of Attacks
    1. Bind 8.2 NXT Exploit
    2. Cookies Exploit
    3. SNMP Community Strings
    4. Sniffing and Dsniff
    5. PGP ADK Exploit
    6. Cisco IOS Password Vulnerability
    7. Man-in-the-Middle Attack Against Key Exchange
    8. HTTP Tunnel Exploit
    9. Summary
  24. SANS Top 10
    1. The SANS Top 10 Exploits
    2. Commonly Probed Ports
    3. Determining Vulnerabilities Against the SANS Top 10
    4. Summary
  25. Putting It All Together
    1. Attack Scenarios
    2. Summary
  26. Summary
    1. Security Cannot Be Ignored
    2. General Tips for Protecting a Site
    3. Things Will Get Worse Before They Get Better
    4. What Does the Future Hold?
    5. Conclusion
  27. References
    1. Hacker/Security Related URLs
    2. Hacker/Security Tools
    3. General Security Related Sites