You are previewing Hacking For Dummies, 5th Edition.
O'Reilly logo
Hacking For Dummies, 5th Edition

Book Description

Learn to hack your own system to protect against malicious attacks from outside

Is hacking something left up to the bad guys? Certainly not! Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your system to better protect your network against malicious attacks. This revised text helps you recognize any vulnerabilities that are lurking in your system, allowing you to fix them before someone else finds them. Penetration testing, vulnerability assessments, security best practices, and other aspects of ethical hacking are covered in this book, including Windows 10 hacks, Linux hacks, web application hacks, database hacks, VoIP hacks, and mobile computing hacks. Additionally, you have access to free testing tools and an appendix detailing valuable tools and resources.

Ethical hacking entails thinking like the bad guys to identify any vulnerabilities that they might find in your system—and fixing them before they do. Also called penetration testing, ethical hacking is essential to keeping your system, and all of its data, secure. Understanding how to perform effective ethical hacking can improve the safety of your network.

  • Defend your system—and all of the data it holds—against the latest Windows 10 and Linux hacks
  • Develop an effective ethical hacking plan that keeps your system safe
  • Protect your web applications, databases, laptops, and smartphones by going beyond simple hacking strategies
  • Leverage the latest testing tools and techniques when using ethical hacking to keep your system secure

Hacking For Dummies, 5th Edition is a fully updated resource that guides you in hacking your own system to protect it—and it will become your go-to reference when ethical hacking is on your to-do list.

Table of Contents

    1. Cover
    2. Foreword
    3. Introduction
      1. Who Should Read This Book?
      2. About This Book
      3. How to Use This Book
      4. What You Don’t Need to Read
      5. Foolish Assumptions
      6. How This Book Is Organized
      7. Icons Used in This Book
      8. Where to Go from Here
    4. Part I: Building the Foundation for Security Testing
      1. Chapter 1: Introduction to Ethical Hacking
        1. Straightening Out the Terminology
        2. Recognizing How Malicious Attackers Beget Ethical Hackers
        3. Understanding the Need to Hack Your Own Systems
        4. Understanding the Dangers Your Systems Face
        5. Obeying the Ethical Hacking Principles
        6. Using the Ethical Hacking Process
      2. Chapter 2: Cracking the Hacker Mindset
        1. What You’re Up Against
        2. Who Breaks into Computer Systems
        3. Why They Do It
        4. Planning and Performing Attacks
        5. Maintaining Anonymity
      3. Chapter 3: Developing Your Ethical Hacking Plan
        1. Establishing Your Goals
        2. Determining Which Systems to Hack
        3. Creating Testing Standards
        4. Selecting Security Assessment Tools
      4. Chapter 4: Hacking Methodology
        1. Setting the Stage for Testing
        2. Seeing What Others See
        3. Scanning Systems
        4. Determining What’s Running on Open Ports
        5. Assessing Vulnerabilities
        6. Penetrating the System
    5. Part II: Putting Security Testing in Motion
      1. Chapter 5: Information Gathering
        1. Gathering Public Information
        2. Mapping the Network
      2. Chapter 6: Social Engineering
        1. Introducing Social Engineering
        2. Starting Your Social Engineering Tests
        3. Why Attackers Use Social Engineering
        4. Understanding the Implications
        5. Performing Social Engineering Attacks
        6. Social Engineering Countermeasures
      3. Chapter 7: Physical Security
        1. Identifying Basic Physical Security Vulnerabilities
        2. Pinpointing Physical Vulnerabilities in Your Office
      4. Chapter 8: Passwords
        1. Understanding Password Vulnerabilities
        2. Cracking Passwords
        3. General Password Cracking Countermeasures
        4. Securing Operating Systems
    6. Part III: Hacking Network Hosts
      1. Chapter 9: Network Infrastructure Systems
        1. Understanding Network Infrastructure Vulnerabilities
        2. Choosing Tools
        3. Scanning, Poking, and Prodding the Network
        4. Detecting Common Router, Switch, and Firewall Weaknesses
        5. Putting Up General Network Defenses
      2. Chapter 10: Wireless Networks
        1. Understanding the Implications of Wireless Network Vulnerabilities
        2. Choosing Your Tools
        3. Discovering Wireless Networks
        4. Discovering Wireless Network Attacks and Taking Countermeasures
      3. Chapter 11: Mobile Devices
        1. Sizing Up Mobile Vulnerabilities
        2. Cracking Laptop Passwords
        3. Cracking Phones and Tablets
    7. Part IV: Hacking Operating Systems
      1. Chapter 12: Windows
        1. Introducing Windows Vulnerabilities
        2. Choosing Tools
        3. Gathering Information About Your Windows Vulnerabilities
        4. Detecting Null Sessions
        5. Checking Share Permissions
        6. Exploiting Missing Patches
        7. Running Authenticated Scans
      2. Chapter 13: Linux
        1. Understanding Linux Vulnerabilities
        2. Choosing Tools
        3. Gathering Information About Your Linux Vulnerabilities
        4. Finding Unneeded and Unsecured Services
        5. Securing the .rhosts and hosts.equiv Files
        6. Assessing the Security of NFS
        7. Checking File Permissions
        8. Finding Buffer Overflow Vulnerabilities
        9. Checking Physical Security
        10. Performing General Security Tests
        11. Patching Linux
    8. Part V: Hacking Applications
      1. Chapter 14: Communication and Messaging Systems
        1. Introducing Messaging System Vulnerabilities
        2. Recognizing and Countering E-Mail Attacks
        3. Understanding Voice over IP
      2. Chapter 15: Web Applications and Mobile Apps
        1. Choosing Your Web Security Testing Tools
        2. Seeking Out Web Vulnerabilities
        3. Minimizing Web Security Risks
        4. Uncovering Mobile App Flaws
      3. Chapter 16: Databases and Storage Systems
        1. Diving Into Databases
        2. Following Best Practices for Minimizing Database Security Risks
        3. Opening Up About Storage Systems
        4. Following Best Practices for Minimizing Storage Security Risks
    9. Part VI: Security Testing Aftermath
      1. Chapter 17: Reporting Your Results
        1. Pulling the Results Together
        2. Prioritizing Vulnerabilities
        3. Creating Reports
      2. Chapter 18: Plugging Security Holes
        1. Turning Your Reports into Action
        2. Patching for Perfection
        3. Hardening Your Systems
        4. Assessing Your Security Infrastructure
      3. Chapter 19: Managing Security Processes
        1. Automating the Ethical Hacking Process
        2. Monitoring Malicious Use
        3. Outsourcing Security Assessments
        4. Instilling a Security-Aware Mindset
        5. Keeping Up with Other Security Efforts
    10. Part VII: The Part of Tens
      1. Chapter 20: Ten Tips for Getting Security Buy-In
        1. Cultivate an Ally and a Sponsor
        2. Don’t Be a FUDdy Duddy
        3. Demonstrate How the Organization Can’t Afford to Be Hacked
        4. Outline the General Benefits of Security Testing
        5. Show How Security Testing Specifically Helps the Organization
        6. Get Involved in the Business
        7. Establish Your Credibility
        8. Speak on Management’s Level
        9. Show Value in Your Efforts
        10. Be Flexible and Adaptable
      2. Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test
        1. The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods
        2. IT Governance and Compliance Are More than High-Level Checklist Audits
        3. Hacking Complements Audits and Security Evaluations
        4. Customers and Partners Will Ask, ‘How Secure Are Your Systems?’
        5. The Law of Averages Works Against Businesses
        6. Security Assessments Improve the Understanding of Business Threats
        7. If a Breach Occurs, You Have Something to Fall Back On
        8. In-Depth Testing Brings Out the Worst in Your Systems
        9. Combining the Best of Penetration Testing and Vulnerability Assessments Is What You Need
        10. Proper Testing Can Uncover Weaknesses That Might Go Overlooked for Years
      3. Chapter 22: Ten Deadly Mistakes
        1. Not Getting Prior Approval
        2. Assuming You Can Find All Vulnerabilities During Your Tests
        3. Assuming You Can Eliminate All Security Vulnerabilities
        4. Performing Tests Only Once
        5. Thinking You Know It All
        6. Running Your Tests Without Looking at Things from a Hacker’s Viewpoint
        7. Not Testing the Right Systems
        8. Not Using the Right Tools
        9. Pounding Production Systems at the Wrong Time
        10. Outsourcing Testing and Not Staying Involved
      4. Appendix: Tools and Resources
        1. Advanced Malware
        2. Bluetooth
        3. Certifications
        4. Databases
        5. Denial of Service Protection
        6. Exploits
        7. General Research Tools
        8. Hacker Stuff
        9. Keyloggers
        10. Laws and Regulations
        11. Linux
        12. Live Toolkits
        13. Log Analysis
        14. Messaging
        15. Miscellaneous
        16. Mobile
        17. Networks
        18. Password Cracking
        19. Patch Management
        20. Security Education and Learning Resources
        21. Security Methods and Models
        22. Social Enginering and Phishing
        23. Source Code Analysis
        24. Statistics
        25. Storage
        26. System Hardening
        27. User Awareness and Training
        28. Voice over IP
        29. Vulnerability Databases
        30. Websites and Applications
        31. Windows
        32. Wireless Networks
    11. About the Author
    12. Cheat Sheet
    13. Connect with Dummies
    14. End User License Agreement