Book description
Are you worried about external hackers and rogue insiders breaking into your systems? Whether it's social engineering, network infrastructure attacks, or application hacking, security breaches in your systems can devastate your business or personal life. In order to counter these cyber bad guys, you must become a hacker yourself—an ethical hacker.
Hacking for Dummies shows you just how vulnerable your systems are to attackers. It shows you how to find your weak spots and perform penetration and other security tests. With the information found in this handy, straightforward book, you will be able to develop a plan to keep your information safe and sound. You'll discover how to:
Work ethically, respect privacy, and save your system from crashing
Develop a hacking plan
Treat social engineers and preserve their honesty
Counter war dialing and scan infrastructures
Understand the vulnerabilities of Windows, Linux, and Novell NetWare
Prevent breaches in messaging systems, web applications, and databases
Report your results and managing security changes
Avoid deadly mistakes
Get management involved with defending your systems
As we enter into the digital era, protecting your systems and your company has never been more important. Don't let skepticism delay your decisions and put your security at risk. With Hacking For Dummies, you can strengthen your defenses and prevent attacks from every angle!
Table of contents
- Copyright
- About the Author
- Author's Acknowledgments
- Publisher's Acknowledgments
- Foreword
- Introduction
-
I. Building the Foundation for Ethical Hacking
- 1. Introduction to Ethical Hacking
- 2. Cracking the Hacker Mindset
- 3. Developing Your Ethical Hacking Plan
- 4. Hacking Methodology
-
II. Putting Ethical Hacking in Motion
- 5. Social Engineering
- 6. Physical Security
-
7. Passwords
- 7.1. Password Vulnerabilities
-
7.2. Cracking Passwords
- 7.2.1. Cracking passwords the old-fashioned way
-
7.2.2. High-tech password cracking
- 7.2.2.1. Password-cracking software
- 7.2.2.2. Dictionary attacks
- 7.2.2.3. Brute-force attacks
- 7.2.2.4. Rainbow attacks
- 7.2.2.5. Cracking Windows passwords with pwdump3 and John the Ripper
- 7.2.2.6. Cracking UNIX passwords with John the Ripper
- 7.2.2.7. Cracking Windows passwords using rainbow tables with ophcrack
- 7.2.2.8. Cracking Windows passwords using RainbowCrack Online
- 7.2.2.9. Checking for null passwords in NetWare
- 7.2.3. Password-protected files
- 7.2.4. Other ways to crack passwords
- 7.3. General Password-Cracking Countermeasures
- 7.4. Securing Operating Systems
-
III. Hacking the Network
- 8. War Dialing
- 9. Network Infrastructure
-
10. Wireless LANs
- 10.1. Understanding the Implications of Wireless Network Vulnerabilities
- 10.2. Choosing Your Tools
- 10.3. Wireless LAN Discovery
-
10.4. Wireless Network Attacks
- 10.4.1. Encrypted traffic
- 10.4.2. Countermeasures against encrypted traffic attacks
- 10.4.3. Rogue wireless devices
- 10.4.4. Countermeasures against rogue wireless devices
- 10.4.5. MAC spoofing
- 10.4.6. Countermeasures against MAC spoofing
- 10.4.7. Queensland DoS attack
- 10.4.8. Countermeasures against DoS attacks
- 10.4.9. Physical security problems
- 10.4.10. Countermeasures against physical security problems
- 10.4.11. Vulnerable wireless workstations
- 10.4.12. Countermeasures against vulnerable wireless workstations
- 10.4.13. Default configuration settings
- 10.4.14. Countermeasures against default configuration settings exploits
-
IV. Hacking Operating Systems
-
11. Windows
- 11.1. Windows Vulnerabilities
- 11.2. Choosing Tools
- 11.3. Information Gathering
- 11.4. RPC
- 11.5. Null Sessions
- 11.6. Share Permissions
- 11.7. Hardcore Vulnerability Exploitation
- 11.8. Authenticated Scans
- 12. Linux
- 13. Novell NetWare
-
11. Windows
-
V. Hacking Applications
-
14. Messaging Systems
- 14.1. Messaging System Vulnerabilities
-
14.2. E-Mail Attacks
- 14.2.1. E-mail bombs
- 14.2.2. Banners
- 14.2.3. SMTP attacks
- 14.2.4. General best practices for minimizing e-mail security risks
- 14.3. Instant Messaging
- 14.4. Voice over IP
-
15. Web Applications and Databases
- 15.1. Choosing Your Web Application Tools
-
15.2. Web Application Vulnerabilities
- 15.2.1. Unsecured login mechanisms
- 15.2.2. Countermeasures against unsecured login systems
- 15.2.3. Directory traversal
- 15.2.4. Countermeasures against directory traversals
- 15.2.5. Input filtering attacks
- 15.2.6. Countermeasures against input attacks
- 15.2.7. Memory attacks
- 15.2.8. Countermeasures against memory attacks
- 15.2.9. Default script attacks
- 15.2.10. Countermeasures against default script attacks
- 15.2.11. URL filter bypassing
- 15.2.12. Countermeasures against URL filter bypassing
- 15.2.13. General security scans for Web application vulnerabilities
- 15.3. Database Vulnerabilities
- 15.4. General Best Practices for Minimizing Security Risks
-
14. Messaging Systems
- VI. Ethical Hacking Aftermath
-
VII. The Part of Tens
-
19. Ten Tips for Getting Upper Management Buy-In
- 19.1. Cultivate an Ally and Sponsor
- 19.2. Don't Be a FUDdy Duddy
- 19.3. Demonstrate How the Organization Can't Afford to Be Hacked
- 19.4. Outline the General Benefits of Ethical Hacking
- 19.5. Show How Ethical Hacking Specifically Helps the Organization
- 19.6. Get Involved in the Business
- 19.7. Establish Your Credibility
- 19.8. Speak on Their Level
- 19.9. Show Value in Your Efforts
- 19.10. Be Flexible and Adaptable
-
20. Ten Deadly Mistakes
- 20.1. Not Getting Prior Approval in Writing
- 20.2. Assuming that You Can Find All Vulnerabilities during Your Tests
- 20.3. Assuming That You Can Eliminate All Security Vulnerabilities
- 20.4. Performing Tests Only Once
- 20.5. Thinking That You Know It All
- 20.6. Running Your Tests without Looking at Things from a Hacker's Viewpoint
- 20.7. Not Testing the Right Systems
- 20.8. Not Using the Right Tools
- 20.9. Pounding Production Systems at the Wrong Time
- 20.10. Outsourcing Testing and Not Staying Involved
-
19. Ten Tips for Getting Upper Management Buy-In
-
A. Tools and Resources
- A.1. Awareness and Training
- A.2. Bluetooth
- A.3. Certifications
- A.4. Dictionary Files and Word Lists
- A.5. Exploit Tools
- A.6. General Research Tools
- A.7. Hacker Stuff
- A.8. Linux
- A.9. Log Analysis
- A.10. Malware
- A.11. Messaging
- A.12. NetWare
- A.13. Networks
- A.14. Password Cracking
- A.15. Patch Management
- A.16. Source Code Analysis
- A.17. Security Standards
- A.18. Security Education
- A.19. Storage
- A.20. Risk Analysis and Threat Modeling
- A.21. Voice over IP
- A.22. War Dialing
- A.23. Web Applications and Databases
- A.24. Windows
- A.25. Wireless Networks
Product information
- Title: Hacking For Dummies®, 2nd Edition
- Author(s):
- Release date: October 2006
- Publisher(s): For Dummies
- ISBN: 9780470052358
You might also like
book
Computer Forensics For Dummies®
Uncover a digital trail of e-evidence by using the helpful, easy-to-understand information in Computer Forensics For …
book
Chained Exploits: Advanced Hacking Attacks from Start to Finish
The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them Nowadays, it’s rare …
book
Cyber Crime Fighters: Tales from the Trenches
“ Cyber Crime Fighters: Tales from the Trenches offers one of the most insightful views of …
video
Computer Forensics
This video based Computer Forensics training course expert Ric Messier will teach you how to get …