You are previewing Hacking For Dummies® 3rd Edition.
O'Reilly logo
Hacking For Dummies® 3rd Edition

Book Description

A new edition of the bestselling guide-now updated to cover the latest hacks and how to prevent them!

It's bad enough when a hack occurs-stealing identities, bank accounts, and personal information. But when the hack could have been prevented by taking basic security measures-like the ones described in this book-somehow that makes a bad situation even worse. This beginner guide to hacking examines some of the best security measures that exist and has been updated to cover the latest hacks for Windows 7 and the newest version of Linux.

Offering increased coverage of Web application hacks, database hacks, VoIP hacks, and mobile computing hacks, this guide addresses a wide range of vulnerabilities and how to identify and prevent them. Plus, you'll examine why ethical hacking is oftentimes the only way to find security flaws, which can then prevent any future malicious attacks.

  • Explores the malicious hackers's mindset so that you can counteract or avoid attacks completely

  • Covers developing strategies for reporting vulnerabilities, managing security changes, and putting anti-hacking policies and procedures in place

  • Completely updated to examine the latest hacks to Windows 7 and the newest version of Linux

  • Explains ethical hacking and why it is essential

Hacking For Dummies, 3rd Edition shows you how to put all the necessary security measures in place so that you avoid becoming a victim of malicious hacking.

Table of Contents

  1. Copyright
  2. About the Author
  3. Author's Acknowledgments
  4. Publisher's Acknowledgments
  5. Foreword
  6. Introduction
    1. Who Should Read This Book?
    2. About This Book
    3. How to Use This Book
    4. What You Don't Need to Read
    5. Foolish Assumptions
    6. How This Book Is Organized
      1. Part I: Building the Foundation for Ethical Hacking
      2. Part II: Putting Ethical Hacking in Motion
      3. Part III: Hacking the Network
      4. Part IV: Hacking Operating Systems
      5. Part V: Hacking Applications
      6. Part VI: Ethical Hacking Aftermath
      7. Part VII: The Part of Tens
    7. Icons Used in This Book
    8. Where to Go from Here
  7. I. Building the Foundation for Ethical Hacking
    1. 1. Introduction to Ethical Hacking
      1. 1.1. Straightening Out the Terminology
        1. 1.1.1. Defining hacker
        2. 1.1.2. Defining malicious user
      2. 1.2. Recognizing How Malicious Attackers Beget Ethical Hackers
        1. 1.2.1. Ethical hacking versus auditing
        2. 1.2.2. Policy considerations
        3. 1.2.3. Compliance and regulatory concerns
      3. 1.3. Understanding the Need to Hack Your Own Systems
      4. 1.4. Understanding the Dangers Your Systems Face
        1. 1.4.1. Nontechnical attacks
        2. 1.4.2. Network infrastructure attacks
        3. 1.4.3. Operating system attacks
        4. 1.4.4. Application and other specialized attacks
      5. 1.5. Obeying the Ethical Hacking Commandments
        1. 1.5.1. Working ethically
        2. 1.5.2. Respecting privacy
        3. 1.5.3. Not crashing your systems
      6. 1.6. Using the Ethical Hacking Process
        1. 1.6.1. Formulating your plan
        2. 1.6.2. Selecting tools
        3. 1.6.3. Executing the plan
        4. 1.6.4. Evaluating results
        5. 1.6.5. Moving on
    2. 2. Cracking the Hacker Mindset
      1. 2.1. What You're Up Against
      2. 2.2. Who Breaks into Computer Systems
      3. 2.3. Why They Do It
      4. 2.4. Planning and Performing Attacks
      5. 2.5. Maintaining Anonymity
    3. 3. Developing Your Ethical Hacking Plan
      1. 3.1. Establishing Your Goals
      2. 3.2. Determining Which Systems to Hack
      3. 3.3. Creating Testing Standards
        1. 3.3.1. Timing
        2. 3.3.2. Specific tests
        3. 3.3.3. Blind versus knowledge assessments
        4. 3.3.4. Location
        5. 3.3.5. Reacting to vulnerabilities you find
        6. 3.3.6. Silly assumptions
      4. 3.4. Selecting Security Assessment Tools
    4. 4. Hacking Methodology
      1. 4.1. Setting the Stage for Testing
      2. 4.2. Seeing What Others See
        1. 4.2.1. Gathering public information
          1. 4.2.1.1. Web search
          2. 4.2.1.2. Web crawling
          3. 4.2.1.3. Web sites
        2. 4.2.2. Mapping the network
          1. 4.2.2.1. Whois
          2. 4.2.2.2. Google Groups
          3. 4.2.2.3. Privacy policies
      3. 4.3. Scanning Systems
        1. 4.3.1. Hosts
        2. 4.3.2. Open ports
      4. 4.4. Determining What's Running on Open Ports
      5. 4.5. Assessing Vulnerabilities
      6. 4.6. Penetrating the System
  8. II. Putting Ethical Hacking in Motion
    1. 5. Social Engineering
      1. 5.1. Social Engineering 101
      2. 5.2. Before You Start
      3. 5.3. Why Attackers Use Social Engineering
      4. 5.4. Understanding the Implications
      5. 5.5. Performing Social Engineering Attacks
        1. 5.5.1. Phishing for information
          1. 5.5.1.1. Using the Internet
          2. 5.5.1.2. Dumpster diving
          3. 5.5.1.3. Phone systems
        2. 5.5.2. Building trust
        3. 5.5.3. Exploiting the relationship
          1. 5.5.3.1. Deceit through words and actions
          2. 5.5.3.2. Deceit through technology
      6. 5.6. Social Engineering Countermeasures
        1. 5.6.1. Policies
        2. 5.6.2. User awareness and training
    2. 6. Physical Security
      1. 6.1. Physical Security Vulnerabilities
      2. 6.2. What to Look For
        1. 6.2.1. Building infrastructure
          1. 6.2.1.1. Attack points
          2. 6.2.1.2. Countermeasures
        2. 6.2.2. Utilities
          1. 6.2.2.1. Attack points
          2. 6.2.2.2. Countermeasures
        3. 6.2.3. Office layout and usage
          1. 6.2.3.1. Attack points
          2. 6.2.3.2. Countermeasures
        4. 6.2.4. Network components and computers
          1. 6.2.4.1. Attack points
          2. 6.2.4.2. Countermeasures
    3. 7. Passwords
      1. 7.1. Password Vulnerabilities
        1. 7.1.1. Organizational password vulnerabilities
        2. 7.1.2. Technical password vulnerabilities
      2. 7.2. Cracking Passwords
        1. 7.2.1. Cracking passwords the old-fashioned way
          1. 7.2.1.1. Social engineering
            1. 7.2.1.1.1. Techniques
            2. 7.2.1.1.2. Countermeasures
          2. 7.2.1.2. Shoulder surfing
            1. 7.2.1.2.1. Techniques
            2. 7.2.1.2.2. Countermeasures
          3. 7.2.1.3. Inference
          4. 7.2.1.4. Weak authentication
            1. 7.2.1.4.1. Bypassing authentication
            2. 7.2.1.4.2. Countermeasures
        2. 7.2.2. High-tech password cracking
          1. 7.2.2.1. Password-cracking software
          2. 7.2.2.2. Dictionary attacks
          3. 7.2.2.3. Brute-force attacks
          4. 7.2.2.4. Rainbow attacks
          5. 7.2.2.5. Cracking Windows passwords with pwdump3 and John the Ripper
          6. 7.2.2.6. Cracking UNIX passwords with John the Ripper
          7. 7.2.2.7. Cracking Windows passwords using rainbow tables with ophcrack
          8. 7.2.2.8. Checking for null/blank passwords in NetWare
        3. 7.2.3. Password-protected files
          1. 7.2.3.1. Cracking files
          2. 7.2.3.2. Countermeasures
        4. 7.2.4. Other ways to crack passwords
          1. 7.2.4.1. Keystroke logging
            1. 7.2.4.1.1. Logging tools
            2. 7.2.4.1.2. Countermeasures
          2. 7.2.4.2. Weak password storage
            1. 7.2.4.2.1. Searching
            2. 7.2.4.2.2. Countermeasures
          3. 7.2.4.3. Network analyzer
            1. 7.2.4.3.1. Testing
            2. 7.2.4.3.2. Countermeasures
          4. 7.2.4.4. Weak BIOS passwords
            1. 7.2.4.4.1. Countermeasures
          5. 7.2.4.5. Weak passwords in limbo
            1. 7.2.4.5.1. Weaknesses
            2. 7.2.4.5.2. Countermeasures
          6. 7.2.4.6. Password-reset programs
            1. 7.2.4.6.1. Tools
            2. 7.2.4.6.2. Countermeasures
      3. 7.3. General Password-Cracking Countermeasures
        1. 7.3.1. Storing passwords
        2. 7.3.2. Policy considerations
        3. 7.3.3. Other considerations
      4. 7.4. Securing Operating Systems
        1. 7.4.1. Windows
        2. 7.4.2. Linux and UNIX
  9. III. Hacking the Network
    1. 8. Network Infrastructure
      1. 8.1. Network Infrastructure Vulnerabilities
      2. 8.2. Choosing Tools
        1. 8.2.1. Scanners and analyzers
        2. 8.2.2. Vulnerability assessment
      3. 8.3. Scanning, Poking, and Prodding
        1. 8.3.1. Port scanners
          1. 8.3.1.1. Ping sweeping
          2. 8.3.1.2. Using port scanning tools
            1. 8.3.1.2.1. SuperScan
            2. 8.3.1.2.2. Nmap
            3. 8.3.1.2.3. NetScanTools Pro
          3. 8.3.1.3. Countermeasures against ping sweeping and port scanning
        2. 8.3.2. SNMP scanning
          1. 8.3.2.1. Vulnerabilities
          2. 8.3.2.2. Countermeasures against SNMP attacks
        3. 8.3.3. Banner grabbing
          1. 8.3.3.1. telnet
          2. 8.3.3.2. Countermeasures against banner-grabbing attacks
        4. 8.3.4. Firewall rules
          1. 8.3.4.1. Testing
            1. 8.3.4.1.1. Netcat
            2. 8.3.4.1.2. Traffic IQ Pro
            3. 8.3.4.1.3. Firewalk
          2. 8.3.4.2. Countermeasures against firewall rulebase vulnerabilities
        5. 8.3.5. Network analyzers
          1. 8.3.5.1. Network analyzer programs
          2. 8.3.5.2. Countermeasures against network protocol vulnerabilities
            1. 8.3.5.2.1. Physical security
            2. 8.3.5.2.2. Network analyzer detection
        6. 8.3.6. The MAC-daddy attack
          1. 8.3.6.1. ARP spoofing
          2. 8.3.6.2. Using Cain & Abel for ARP poisoning
          3. 8.3.6.3. MAC address spoofing
            1. 8.3.6.3.1. UNIX-based systems
            2. 8.3.6.3.2. Windows
          4. 8.3.6.4. Countermeasures against ARP poisoning and MAC address spoofing attacks
        7. 8.3.7. Denial of service
          1. 8.3.7.1. DoS attacks
          2. 8.3.7.2. Testing
          3. 8.3.7.3. Countermeasures against DoS attacks
      4. 8.4. Common Router, Switch, and Firewall Weaknesses
        1. 8.4.1. Unsecured interfaces
        2. 8.4.2. IKE weaknesses
      5. 8.5. General Network Defenses
    2. 9. Wireless LANs
      1. 9.1. Understanding the Implications of Wireless Network Vulnerabilities
      2. 9.2. Choosing Your Tools
      3. 9.3. Wireless LAN Discovery
        1. 9.3.1. Checking for worldwide recognition
        2. 9.3.2. Scanning your local airwaves
      4. 9.4. Wireless Network Attacks and Countermeasures
        1. 9.4.1. Encrypted traffic
        2. 9.4.2. Countermeasures against encrypted traffic attacks
        3. 9.4.3. Rogue wireless devices
        4. 9.4.4. Countermeasures against rogue wireless devices
        5. 9.4.5. MAC spoofing
        6. 9.4.6. Countermeasures against MAC spoofing
        7. 9.4.7. Queensland DoS attack
        8. 9.4.8. Countermeasures against DoS attacks
        9. 9.4.9. Physical security problems
        10. 9.4.10. Countermeasures against physical security problems
        11. 9.4.11. Vulnerable wireless workstations
        12. 9.4.12. Countermeasures against vulnerable wireless workstations
        13. 9.4.13. Default configuration settings
        14. 9.4.14. Countermeasures against default configuration settings exploits
  10. IV. Hacking Operating Systems
    1. 10. Windows
      1. 10.1. Windows Vulnerabilities
      2. 10.2. Choosing Tools
        1. 10.2.1. Free Microsoft tools
        2. 10.2.2. All-in-one assessment tools
        3. 10.2.3. Task-specific tools
      3. 10.3. Information Gathering
        1. 10.3.1. System scanning
          1. 10.3.1.1. Testing
          2. 10.3.1.2. Countermeasures against system scanning
        2. 10.3.2. NetBIOS
          1. 10.3.2.1. Hacks
            1. 10.3.2.1.1. Unauthenticated enumeration
            2. 10.3.2.1.2. Shares
          2. 10.3.2.2. Countermeasures against NetBIOS attacks
      4. 10.4. Null Sessions
        1. 10.4.1. Mapping
        2. 10.4.2. Gleaning information
          1. 10.4.2.1. net view
          2. 10.4.2.2. Configuration and user information
          3. 10.4.2.3. NetUsers
        3. 10.4.3. Countermeasures against null session hacks
      5. 10.5. Share Permissions
        1. 10.5.1. Windows defaults
          1. 10.5.1.1. Windows 2000/NT
          2. 10.5.1.2. Windows XP
        2. 10.5.2. Testing
      6. 10.6. Missing Patch Exploitation
        1. 10.6.1. Using Metasploit
        2. 10.6.2. Countermeasures against missing patch vulnerability exploits
      7. 10.7. Authenticated Scans
    2. 11. Linux
      1. 11.1. Linux Vulnerabilities
      2. 11.2. Choosing Tools
      3. 11.3. Information Gathering
        1. 11.3.1. System scanning
        2. 11.3.2. Countermeasures against system scanning
      4. 11.4. Unneeded and Unsecured Services
        1. 11.4.1. Searches
          1. 11.4.1.1. Vulnerabilities
          2. 11.4.1.2. Tools
        2. 11.4.2. Countermeasures against attacks on unneeded services
          1. 11.4.2.1. Disabling unneeded services
            1. 11.4.2.1.1. inetd.conf
            2. 11.4.2.1.2. chkconfig
          2. 11.4.2.2. Access control
      5. 11.5. .rhosts and hosts.equiv Files
        1. 11.5.1. Hacks using the .rhosts and hosts.equiv files
          1. 11.5.1.1. hosts.equiv
          2. 11.5.1.2. .rhosts
        2. 11.5.2. Countermeasures against .rhosts and hosts.equiv file attacks
          1. 11.5.2.1. Disabling commands
          2. 11.5.2.2. Blocking access
      6. 11.6. NFS
        1. 11.6.1. NFS hacks
        2. 11.6.2. Countermeasures against NFS attacks
      7. 11.7. File Permissions
        1. 11.7.1. File permission hacks
        2. 11.7.2. Countermeasures against file permission attacks
          1. 11.7.2.1. Manual testing
          2. 11.7.2.2. Automatic testing
      8. 11.8. Buffer Overflows
        1. 11.8.1. Attacks
        2. 11.8.2. Countermeasures against buffer-overflow attacks
      9. 11.9. Physical Security
        1. 11.9.1. Physical security hacks
        2. 11.9.2. Countermeasures against physical security attacks
      10. 11.10. General Security Tests
      11. 11.11. Patching Linux
        1. 11.11.1. Distribution updates
        2. 11.11.2. Multiplatform update managers
    3. 12. Novell NetWare
      1. 12.1. NetWare Vulnerabilities
      2. 12.2. Choosing Tools
      3. 12.3. Getting Started
        1. 12.3.1. Server access methods
        2. 12.3.2. Port scanning
      4. 12.4. Authentication
        1. 12.4.1. rconsole
          1. 12.4.1.1. rconsole attacks
          2. 12.4.1.2. Countermeasures against rconsole attacks
        2. 12.4.2. Server-console access
        3. 12.4.3. Intruder detection
          1. 12.4.3.1. Testing for intruders
          2. 12.4.3.2. Countermeasures against intruders
        4. 12.4.4. Testing for rogue NLMs
          1. 12.4.4.1. Modules command
          2. 12.4.4.2. Tcpcon
          3. 12.4.4.3. Admin utilities
        5. 12.4.5. Countermeasures against rogue NLM attacks
          1. 12.4.5.1. Documentation
          2. 12.4.5.2. Unauthorized logins
        6. 12.4.6. Cleartext packets
          1. 12.4.6.1. Packet capture
          2. 12.4.6.2. Countermeasures against packet capture
      5. 12.5. Solid Practices for Minimizing NetWare Security Risks
        1. 12.5.1. Rename admin
        2. 12.5.2. Disable eDirectory browsing
          1. 12.5.2.1. NetWare Administrator
          2. 12.5.2.2. Novell ConsoleOne
        3. 12.5.3. Remove bindery contexts
        4. 12.5.4. Audit the system
        5. 12.5.5. TCP/IP parameters
        6. 12.5.6. Patch
  11. V. Hacking Applications
    1. 13. Communication and Messaging Systems
      1. 13.1. Messaging System Vulnerabilities
      2. 13.2. E-Mail Attacks
        1. 13.2.1. E-mail bombs
          1. 13.2.1.1. Attachments
            1. 13.2.1.1.1. Attacks using e-mail attachments
            2. 13.2.1.1.2. Countermeasures against e-mail attachment attacks
          2. 13.2.1.2. Connections
            1. 13.2.1.2.1. Attacks using floods of e-mails
            2. 13.2.1.2.2. Countermeasures against connection attacks
          3. 13.2.1.3. Automated e-mail security controls
        2. 13.2.2. Banners
          1. 13.2.2.1. Gathering information
          2. 13.2.2.2. Countermeasures against banner attacks
        3. 13.2.3. SMTP attacks
          1. 13.2.3.1. Account enumeration
            1. 13.2.3.1.1. Attacks using account enumeration
            2. 13.2.3.1.2. Countermeasures against account enumeration
          2. 13.2.3.2. Relay
            1. 13.2.3.2.1. Automatic testing
            2. 13.2.3.2.2. Manual testing
            3. 13.2.3.2.3. Countermeasures against SMTP relay attacks
          3. 13.2.3.3. E-mail header disclosures
            1. 13.2.3.3.1. Testing
            2. 13.2.3.3.2. Countermeasures against header disclosures
          4. 13.2.3.4. Capturing traffic
          5. 13.2.3.5. Malware
            1. 13.2.3.5.1. EICAR test string
            2. 13.2.3.5.2. GFI's Email Security Testing Zone
        4. 13.2.4. General best practices for minimizing e-mail security risks
          1. 13.2.4.1. Software solutions
          2. 13.2.4.2. Operating guidelines
      3. 13.3. Instant Messaging
        1. 13.3.1. IM vulnerabilities
          1. 13.3.1.1. Sharing files
          2. 13.3.1.2. Log files
        2. 13.3.2. Countermeasures against IM vulnerabilities
          1. 13.3.2.1. Detecting IM traffic
          2. 13.3.2.2. Maintenance and configuration
      4. 13.4. Voice over IP
        1. 13.4.1. VoIP vulnerabilities
          1. 13.4.1.1. Scanning for vulnerabilities
          2. 13.4.1.2. Capturing and recording voice traffic
        2. 13.4.2. Countermeasures against VoIP vulnerabilities
    2. 14. Web Sites and Applications
      1. 14.1. Choosing Your Web Application Tools
      2. 14.2. Web Vulnerabilities
        1. 14.2.1. Directory traversal
          1. 14.2.1.1. Crawlers
          2. 14.2.1.2. Google
        2. 14.2.2. Countermeasures against directory traversals
        3. 14.2.3. Input filtering attacks
          1. 14.2.3.1. Buffer overflows
          2. 14.2.3.2. URL manipulation
          3. 14.2.3.3. Hidden field manipulation
          4. 14.2.3.4. Code injection and SQL injection
          5. 14.2.3.5. Cross-site scripting
        4. 14.2.4. Countermeasures against input attacks
        5. 14.2.5. Default script attacks
        6. 14.2.6. Countermeasures against default script attacks
        7. 14.2.7. Unsecured login mechanisms
        8. 14.2.8. Countermeasures against unsecured login systems
        9. 14.2.9. General security scans for Web application vulnerabilities
      3. 14.3. Best Practices for Minimizing Web Security Risks
        1. 14.3.1. Obscurity
        2. 14.3.2. Firewalls
        3. 14.3.3. Source code analysis
    3. 15. Databases and Storage Systems
      1. 15.1. Databases
        1. 15.1.1. Choosing tools
        2. 15.1.2. Finding databases on the network
        3. 15.1.3. Cracking database passwords
        4. 15.1.4. Scanning databases for vulnerabilities
      2. 15.2. Best Practices for Minimizing Database Security Risks
      3. 15.3. Storage Systems
        1. 15.3.1. Choosing tools
        2. 15.3.2. Finding storage systems on the network
        3. 15.3.3. Rooting out sensitive text in network files
      4. 15.4. Best Practices for Minimizing Storage Security Risks
  12. VI. Ethical Hacking Aftermath
    1. 16. Reporting Your Results
      1. 16.1. Pulling the Results Together
      2. 16.2. Prioritizing Vulnerabilities
      3. 16.3. Reporting Methods
    2. 17. Plugging Security Holes
      1. 17.1. Turning Your Reports into Action
      2. 17.2. Patching for Perfection
        1. 17.2.1. Patch management
        2. 17.2.2. Patch automation
          1. 17.2.2.1. Commercial tools
          2. 17.2.2.2. Free tools
      3. 17.3. Hardening Your Systems
      4. 17.4. Assessing Your Security Infrastructure
    3. 18. Managing Security Changes
      1. 18.1. Automating the Ethical Hacking Process
      2. 18.2. Monitoring Malicious Use
      3. 18.3. Outsourcing Ethical Hacking
      4. 18.4. Instilling a Security-Aware Mindset
      5. 18.5. Keeping Up with Other Security Issues
  13. VII. The Part of Tens
    1. 19. Ten Tips for Getting Upper Management Buy-In
      1. 19.1. Cultivate an Ally and Sponsor
      2. 19.2. Don't Be a FUDdy Duddy
      3. 19.3. Demonstrate How the Organization Can't Afford to Be Hacked
      4. 19.4. Outline the General Benefits of Ethical Hacking
      5. 19.5. Show How Ethical Hacking Specifically Helps the Organization
      6. 19.6. Get Involved in the Business
      7. 19.7. Establish Your Credibility
      8. 19.8. Speak on Management's Level
      9. 19.9. Show Value in Your Efforts
      10. 19.10. Be Flexible and Adaptable
    2. 20. Ten Reasons Hacking Is the Only Effective Way to Test
      1. 20.1. The Bad Guys Are Thinking Bad Thoughts, Using Good Tools, and Developing New Attack Methods
      2. 20.2. IT Governance and Compliance Is More Than High-Level Checklist Audits
      3. 20.3. Ethical Hacking Complements Audits and Security Evaluations
      4. 20.4. Someone's Going to Ask How Secure Your Systems Are
      5. 20.5. The Law of Averages Is Working Against Businesses
      6. 20.6. Ethical Hacking Creates a Better Understanding of What the Business Is Up Against
      7. 20.7. If a Breach Occurs, You Have Something to Fall Back On
      8. 20.8. Ethical Hacking Brings Out the Worst in Your Systems
      9. 20.9. Ethical Hacking Combines the Best of Penetration Testing and Vulnerability Testing
      10. 20.10. Ethical Hacking Can Uncover Operational Weaknesses That Might Go Overlooked For Years
    3. 21. Ten Deadly Mistakes
      1. 21.1. Not Getting Prior Approval in Writing
      2. 21.2. Assuming That You Can Find All Vulnerabilities during Your Tests
      3. 21.3. Assuming That You Can Eliminate All Security Vulnerabilities
      4. 21.4. Performing Tests Only Once
      5. 21.5. Thinking That You Know It All
      6. 21.6. Running Your Tests without Looking at Things from a Hacker's Viewpoint
      7. 21.7. Not Testing the Right Systems
      8. 21.8. Not Using the Right Tools
      9. 21.9. Pounding Production Systems at the Wrong Time
      10. 21.10. Outsourcing Testing and Not Staying Involved
    4. A. Tools and Resources
      1. A.1. Bluetooth
      2. A.2. Certifications
      3. A.3. Databases
      4. A.4. Exploit Tools
      5. A.5. General Research Tools
      6. A.6. Hacker Stuff
      7. A.7. Keyloggers
      8. A.8. Laws and Regulations
      9. A.9. Linux
      10. A.10. Live Toolkits
      11. A.11. Log Analysis
      12. A.12. Messaging
      13. A.13. Miscellaneous Tools
      14. A.14. NetWare
      15. A.15. Networks
      16. A.16. Password Cracking
      17. A.17. Patch Management
      18. A.18. Security Education and Learning Resources
      19. A.19. Security Methods and Models
      20. A.20. Source Code Analysis
      21. A.21. Storage
      22. A.22. System Hardening
      23. A.23. User Awareness and Training
      24. A.24. Voice over IP
      25. A.25. Vulnerability Databases
      26. A.26. Web Applications
      27. A.27. Windows
      28. A.28. Wireless Networks