You are previewing Hacking Exposed 7: Network Security Secrets & Solutions.
O'Reilly logo
Hacking Exposed 7: Network Security Secrets & Solutions

Book Description

A fully updated edition of the world’s bestselling computer security book

Hacking Exposed 7: Network Security Secrets and Solutions is filled with all-new information on today's most devastating attacks and proven countermeasures. The book covers: advanced persistent threats; infrastructure hacks; industrial automation and embedded devices; wireless security; the new SCADA protocol hacks; Microsoft Windows Server 2010; Web 2.0; Ubuntu Linux; hardware; Cisco; RFID; malware; and more! The 7th Edition also features a new “5 Deployments” approach for the first time that provides five key actions for every countermeasure—focused on five areas of expertise:

1. Network Security

2. Server Security

3. Mobile Security

4. Endpoint Security

5. Web Security

Hacking Exposed 7 applies the authors’ internationally recognized and highly sought-after computer security methodologies, technical rigor, and from-the-trenches experience to making computer technology usage and deployments safer and more secure for businesses and consumers. It uncovers new, cutting-edge computer security issues.

New to This Edition

• Brand-new Advanced Persistent Threats chapter details the tricks and techniques used by hackers to inject malware into networks and establish botnets, and provides countermeasures to defend against these increasingly prevalent threats

• NEW Countermeasures Map is a first-time feature that visually guides you through the time-saving “one best” command that can be deployed to fight the greatest number of potential attacks

• Brand-new Embedded Systems Hacking chapter shows how hackers gain access to and control remote devices and provides countermeasures to defend against these hacks

• New content on SCADA protocols and updates to Web 2.0, hardware, Ubuntu Linux, Windows Server 2010, Cisco, RFID, data theft, and more

Praise for Previous Editions

“If there was an Encyclopedia Britannica of computer security, it would be Hacking Exposed.” --Marty Roesch, creator of the Snort tool

“Informational gold.” --Bruce Schneier, CTO, Counterpane Internet Security, Inc.

“Real security is proven by trying to break it, and few sources will show you how to do that better than Hacking Exposed” --Thomas Ptacek, Researcher at Arbor Networks

“If this book doesn't scare and motivate you to take security seriously, nothing will.” --AlephOne, Bugtraq Moderator

“The best just got better. More info, more up to date, and more timely than ever. The best full-disclosure security book you can buy.” - Simple Nomad, author of The Hack FAQ and Pandora

“A critical step to knowing your enemy is first understanding their tools. Hacking Exposed, Fifth Edition delivers just that...and more.” --Lance Spitzner, President and Founder of the Honeynet Project

Table of Contents

  1. Cover Page
  2. Hacking Exposed ™ 7: Network Security Secrets & Solutions
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Foreword
  7. Acknowledgments
  8. Introduction
  9. Part I Casing the Establishment
    1. Case Study
      1. IAAAS—It’s All About Anonymity, Stupid
      2. Tor-menting the Good Guys
    2. 1 Footprinting
      1. What Is Footprinting
        1. Why Is Footprinting Necessary
      2. Internet Footprinting
        1. Step 1: Determine the Scope of Your Activities
        2. Step 2: Get Proper Authorization
        3. Step 3: Publicly Available Information
        4. Step 4: WHOIS & DNS Enumeration
        5. Step 5: DNS Interrogation
        6. Step 6: Network Reconnaissance
      3. Summary
    3. 2 Scanning
      1. Determining If the System Is Alive
        1. ARP Host Discovery
        2. ICMP Host Discovery
        3. TCP/UDP Host Discovery
      2. Determining Which Services Are Running or Listening
        1. Scan Types
        2. Identifying TCP and UDP Services Running
      3. Detecting the Operating System
        1. Making Guesses from Available Ports
        2. Active Stack Fingerprinting
        3. Passive Stack Fingerprinting
      4. Processing and Storing Scan Data
        1. Managing Scan Data with Metasploit
      5. Summary
    4. 3 Enumeration
      1. Service Fingerprinting
      2. Vulnerability Scanners
      3. Basic Banner Grabbing
      4. Enumerating Common Network Services
      5. Summary
  10. Part II Endpoint and Server Hacking
    1. Case Study: International Intrigue
    2. 4 Hacking Windows
      1. Overview
        1. What’s Not Covered
      2. Unauthenticated Attacks
        1. Authentication Spoofing Attacks
        2. Remote Unauthenticated Exploits
      3. Authenticated Attacks
        1. Privilege Escalation
        2. Extracting and Cracking Passwords
        3. Remote Control and Back Doors
        4. Port Redirection
        5. Covering Tracks
        6. General Countermeasures to Authenticated Compromise
      4. Windows Security Features
        1. Windows Firewall
        2. Automated Updates
        3. Security Center
        4. Security Policy and Group Policy
        5. Microsoft Security Essentials
        6. The Enhanced Mitigation Experience Toolkit
        7. Bitlocker and the Encrypting File System
        8. Windows Resource Protection
        9. Integrity Levels, UAC, and PMIE
        10. Data Execution Prevention (DEP)
        11. Windows Service Hardening
        12. Compiler-based Enhancements
        13. Coda: The Burden of Windows Security
      5. Summary
    3. 5 Hacking UNIX
      1. The Quest for Root
        1. A Brief Review
        2. Vulnerability Mapping
        3. Remote Access vs. Local Access
      2. Remote Access
        1. Data-driven Attacks
        2. I Want My Shell
        3. Common Types of Remote Attacks
      3. Local Access
      4. After Hacking Root
        1. Rootkit Recovery
      5. Summary
    4. 6 Cybercrime and Advanced Persistent Threats
      1. What Is an APT
        1. Operation Aurora
        2. Anonymous
        3. RBN
      2. What APTs Are NOT
      3. Examples of Popular APT Tools and Techniques
      4. Common APTs Indicators
      5. Summary
  11. Part III Infrastructure Hacking
    1. Case Study: Read It and WEP
    2. 7 Remote Connectivity and VoIP Hacking
      1. Preparing to Dial Up
      2. Wardialing
        1. Hardware
        2. Legal Issues
        3. Peripheral Costs
        4. Software
      3. Brute-Force Scripting—The Homegrown Way
        1. A Final Note About Brute-Force Scripting
      4. PBX Hacking
      5. Voicemail Hacking
      6. Virtual Private Network (VPN) Hacking
        1. Basics of IPSec VPNs
        2. Hacking the Citrix VPN Solution
      7. Voice over IP Attacks
        1. Attacking VoIP
      8. Summary
    3. 8 Wireless Hacking
      1. Background
        1. Frequencies and Channels
        2. Session Establishment
        3. Security Mechanisms
      2. Equipment
        1. Wireless Adapters
        2. Operating Systems
        3. Miscellaneous Goodies
      3. Discovery and Monitoring
        1. Finding Wireless Networks
        2. Sniffing Wireless Traffic
      4. Denial of Service Attacks
      5. Encryption Attacks
        1. WEP
      6. Authentication Attacks
        1. WPA Pre-Shared Key
        2. WPA Enterprise
      7. Summary
    4. 9 Hacking Hardware
      1. Physical Access: Getting in the Door
      2. Hacking Devices
      3. Default Configurations
        1. Owned Out of the Box
        2. Standard Passwords
        3. Bluetooth
      4. Reverse Engineering Hardware
        1. Mapping the Device
        2. Sniffing Bus Data
        3. Sniffing the Wireless Interface
        4. Firmware Reversing
        5. ICE Tools
      5. Summary
  12. Part IV Application and Data Hacking
    1. Case Study
    2. 10 Web and Database Hacking
      1. Web Server Hacking
        1. Sample Files
        2. Source Code Disclosure
        3. Canonicalization Attacks
        4. Server Extensions
        5. Buffer Overflows
        6. Denial of Service
        7. Web Server Vulnerability Scanners
      2. Web Application Hacking
        1. Finding Vulnerable Web Apps with Google (Googledorks)
        2. Web Crawling
        3. Web Application Assessment
      3. Common Web Application Vulnerabilities
      4. Database Hacking
        1. Database Discovery
        2. Database Vulnerabilities
        3. Other Considerations
      5. Summary
    3. 11 Mobile Hacking
      1. Hacking Android
        1. Android Fundamentals
        2. Hacking Your Android
        3. Hacking Other Androids
        4. Android as a Portable Hacking Platform
        5. Defending Your Android
      2. iOS
        1. Know Your iPhone
        2. How Secure Is iOS
        3. Jailbreaking: Unleash the Fury!
        4. Hacking Other iPhones: Fury Unleashed!
      3. Summary
    4. 12 Countermeasures Cookbook
      1. General Strategies
        1. (Re)move the Asset
        2. Separation of Duties
        3. Authenticate, Authorize, and Audit
        4. Layering
        5. Adaptive Enhancement
        6. Orderly Failure
        7. Policy and Training
        8. Simple, Cheap, and Easy
      2. Example Scenarios
        1. Desktop Scenarios
        2. Server Scenarios
        3. Network Scenarios
        4. Web Application and Database Scenarios
        5. Mobile Scenarios
      3. Summary
  13. Part V Appendixes
    1. A Ports
    2. B Top 10 Security Vulnerabilities
    3. C Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks Countermeasures
    4. Countermeasures
  14. Index