9781597491099

Hack the Stack

by ; ; ; ; ;
  • ISBN13:

    9781597491099

  • ISBN10:

    1597491098

  • Format: Paperback
  • Copyright: 2006-12-27
  • Publisher: Elsevier Science
  • Purchase Benefits
  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $54.95 Save up to $1.37
  • Buy New
    $53.58
    Add to Cart Free Shipping

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The eBook copy of this book is not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Summary

This book looks at network security in a new and refreshing way. It guides readers step-by-step through the "stack" -- the seven layers of a network. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found at that layer. The book even includes a chapter on the mythical eighth layer: The people layer. This book is designed to offer readers a deeper understanding of many common vulnerabilities and the ways in which attackers exploit, manipulate, misuse, and abuse protocols and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they occur. What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that may be monitored that would have alerted users of an attack. * Remember being a child and wanting to take something apart, like a phone, to see how it worked? This book is for you then as it details how specific hacker tools and techniques accomplish the things they do. * This book will not only give you knowledge of security tools but will provide you the ability to design more robust security solutions * Anyone can tell you what a tool does but this book shows you how the tool works

Table of Contents

Foreword xxv
Extending OSI to Network Security
1(26)
Introduction
2(1)
Our Approach to This Book
2(6)
Tools of the Trade
2(1)
Protocol Analyzers
2(1)
Intrusion Detection Systems
3(1)
Organization of This Book
4(1)
The People Layer
5(1)
The Application Layer
6(1)
The Presentation Layer
6(1)
The Session Layer
6(1)
The Transport Layer
6(1)
The Network Layer
7(1)
The Data Link Layer
7(1)
The Physical Layer
7(1)
Common Stack Attacks
8(5)
The People Layer
8(1)
The Application Layer
8(2)
The Session Layer
10(1)
The Transport Layer
10(1)
The Data Link Layer
11(1)
The Physical Layer
11(2)
Mapping OSI to TCP/IP
13(3)
Countermeasures Found in Each Layer
14(2)
The Current State of IT Security
16(3)
Physical Security
17(1)
Communications Security
17(1)
Signal Security
17(1)
Computer Security
18(1)
Network Security
18(1)
Information Security
19(1)
Using the Information in This Book
19(4)
Vulnerability Testing
20(1)
Security Testing
20(1)
Finding and Reporting Vulnerabilities
21(2)
Summary
23(1)
Solutions Fast Track
23(2)
Frequently Asked Questions
25(2)
The Physical Layer
27(42)
Introduction
28(1)
Defending the Physical Layer
28(19)
Design Security
29(1)
Perimeter Security
30(1)
Fencing
31(1)
Gates, Guards, and Grounds Design
32(1)
Facility Security
33(1)
Entry Points
34(2)
Access Control
36(2)
Device Security
38(1)
Identification and Authentication
39(2)
Computer Controls
41(1)
Mobile Devices and Media
41(3)
Communications Security
44(1)
Bluetooth
44(2)
802.11 Wireless Protocols
46(1)
Attacking the Physical Layer
47(17)
Stealing Data
48(1)
Data Slurping
48(1)
Lock Picks
49(5)
Wiretapping
54(1)
Scanning and Sniffing
54(1)
The Early History of Scanning and Sniffing
54(1)
Modern Wireless Vulnerabilities
55(2)
Hardware Hacking
57(1)
Bypassing Physical Controls
58(1)
Modifying Hardware
59(5)
Layer 1 Security Project
64(1)
One-Way Data Cable
64(1)
Summary
65(1)
Solutions Fast Track
66(1)
Frequently Asked Questions
67(2)
Layer 2: The Data Link Layer
69(34)
Introduction
70(1)
Ethernet and the Data Link Layer
70(3)
The Ethernet Frame Structure
71(1)
Understanding MAC Addressing
72(1)
Identifying Vendor Information
72(1)
Performing Broadcast and Multicast
73(1)
Examining the EtherType
73(1)
Understanding PPP and SLIP
73(2)
Examining SLIP
73(1)
Examining PPP
74(1)
Working with a Protocol Analyzer
75(7)
Writing BPFs
77(1)
Examining Live Traffic
78(1)
Filtering Traffic, Part Two
79(3)
Understanding How ARP Works
82(2)
Examining ARP Packet Structure
82(2)
Attacking the Data Link Layer
84(7)
Passive versus Active Sniffing
85(1)
ARP Poisoning
85(2)
ARP Flooding
87(1)
Routing Games
87(1)
Sniffing Wireless
88(1)
Netstumbler
88(1)
Kismet
88(1)
Cracking WEP
89(1)
Wireless Vulnerabilities
90(1)
Conducting Active Wireless Attacks
90(1)
Jamming Attacks
91(1)
MITM Attacks
91(1)
Defending the Data Link Layer
91(1)
Securing Your Network from Sniffers
91(2)
Using Encryption
91(1)
Secure Shell (SSH)
92(1)
Secure Sockets Layers (SSL)
92(1)
PGP and S/MIME
92(1)
Switching
93(1)
Employing Detection Techniques
93(2)
Local Detection
93(1)
Network Detection
94(1)
DNS Lookups
94(1)
Latency
94(1)
Driver Bugs
94(1)
Network Monitor
95(1)
Using Honeytokens
95(1)
Data Link Layer Security Project
95(1)
Using the Auditor Security Collection to Crack WEP
95(4)
Cracking WEP with the Aircrack Suite
96(2)
Cracking WPA with CoWPAtty
98(1)
Summary
99(1)
Solutions Fast Track
99(2)
Frequently Asked Questions
101(2)
Layer 3: The Network Layer
103(48)
Introduction
104(1)
The IP Packet Structure
104(14)
Identifying IP's Version
106(1)
Type of Service
107(3)
Total Length
110(1)
Datagram ID Number
110(1)
Fragmentation
111(1)
Time to Live (TTL)
112(3)
Protocol Field
115(1)
Checksum
116(1)
IP Address
116(1)
IP Options
116(2)
The ICMP Packet Structure
118(5)
ICMP Basics
118(1)
ICMP Message Types and Format
118(1)
Common ICMP Messages
119(1)
Destination Unreachable
120(1)
Traceroute
121(1)
Path MTU Discovery
122(1)
Redirects
122(1)
Attacking the Network Layer
123(17)
IP Attacks
124(1)
Spoofing
124(1)
Fragmentation
124(2)
Passive Fingerprinting
126(3)
p0f---a Passive Fingerprinting Tool
129(2)
IP's Role in Port Scanning
131(2)
ICMP Attacks
133(1)
Covert Channels
133(3)
ICMP Echo Attacks
136(1)
Port Scanning
136(1)
OS Fingerprinting
137(1)
DoS Attacks and Redirects
137(1)
Router and Routing Attacks
138(1)
Network Spoofing
139(1)
Defending the Network Layer
140(3)
Securing IP
140(1)
Securing ICMP
140(1)
Securing Routers and Routing Protocols
141(1)
Address Spoofing
142(1)
Network Layer Security Project
143(3)
Ptunnel
143(2)
ACKCMD
145(1)
Summary
146(1)
Solutions Fast Track
146(3)
Frequently Asked Questions
149(2)
Layer 4: The Transport Layer
151(54)
Introduction
152(1)
Connection--Oriented versus Connectionless Protocols
152(1)
Connection--Oriented Protocols
152(1)
Connectionless Protocols
153(1)
Why Have Both Kinds of Protocols?
153(1)
Protocols at the Transport Layer
153(9)
UDP
154(1)
TCP
155(1)
Source and Destination Ports
156(1)
Source Sequence Number and Acknowledgment Sequence Number
157(1)
Data Offset
158(1)
Control Bits
158(1)
Window Size
159(1)
Checksum
159(1)
Urgent Pointer
160(1)
How TCP Sessions Begin and End
160(1)
TCP Session Startup
160(1)
TCP Session Teardown
161(1)
The Hacker's Perspective
162(1)
Some Common Attacks
163(1)
Scanning the Network
163(10)
Port Scanning Overview
164(1)
TCP Scan Variations
165(1)
Nmap Basics
165(2)
Nmap: The Most Well Known Scanning Tool
167(3)
Amap
170(2)
Scanrand
172(1)
Operating System Fingerprinting
173(8)
How OS Discovery Works
174(2)
Xprobe2
176(3)
OS Fingerprinting with Nmap
179(2)
Detecting Scans on Your Network
181(3)
Snort Rules
182(1)
The Snort User Interface---Basic Analysis and Security Engine
182(1)
Defending the Transport Layer
183(1)
How the SSL Protocol Operates
184(3)
Phase 1
184(1)
Phase 2
185(1)
Phase 3
185(1)
How SSL Appears on the Network
185(2)
SSL/TLS Summary
187(1)
Transport Layer Project---Setting Up Snort
187(13)
Getting Started
188(1)
Install Fedora Core 4
188(2)
Install Supporting Software
190(10)
Summary
200(1)
Solutions Fast Track
200(2)
Frequently Asked Questions
202(3)
Layer 5: The Session Layer
205(36)
Introduction
206(1)
Attacking the Session Layer
206(21)
Observing a SYN Attack
206(3)
Session Hijacking
209(4)
Session Hijacking Tools
213(3)
Domain Name System (DNS) Poisoning
216(2)
Sniffing the Session Startup
218(1)
Authentication
219(1)
Authenticating with Password Authentication Protocol
219(1)
Authenticating with the Challenge Handshake Authentication Protocol
219(1)
Authenticating with Local Area Network Manager and NT LAN Manager
220(1)
Authenticating with NTLMv2
220(1)
Authenticating with Kerberos
220(1)
Tools Used for Sniffing the Session Startup
221(2)
Observing a RST Attack
223(1)
Defeating Snort at the Session Layer
224(3)
Defending the Session Layer
227(5)
Mitigating DoS Attacks
227(1)
Preventing Session Hijacking
228(1)
Selecting Authentication Protocols
229(2)
Defending Against RST Attacks
231(1)
Detecting Session Layer Attacks
232(1)
Port Knocking
232(1)
Session Layer Security Project
232(5)
Using Snort to Detect Malicious Traffic
233(4)
Summary
237(1)
Solutions Fast Track
237(2)
Frequently Asked Questions
239(2)
Layer 6: The Presentation Layer
241(44)
Introduction
242(1)
The Structure of NetBIOS and SMB
242(3)
Attacking the Presentation Layer
245(21)
NetBIOS and Enumeration
245(2)
Exploiting the IPC$ Share
247(3)
Sniffing Encrypted Traffic
250(3)
Attacking Kerberos
253(4)
Tools to Intercept Traffic
257(9)
Defending the Presentation Layer
266(8)
Encryption
266(2)
The Role of IPSec
268(4)
Protecting E-mail
272(1)
Secure/Multipurpose Internet Mail Extensions
272(1)
Tightening NetBIOS Protections
273(1)
Presentation Layer Security Project
274(6)
Subverting Encryption and Authentication
274(6)
Summary
280(1)
Solutions Fast Track
280(2)
Frequently Asked Questions
282(1)
Notes
283(2)
Layer 7: The Application Layer
285(68)
Introduction
286(1)
The Structure of FTP
286(6)
FTP Protocol Overview
286(2)
FTP Example
288(3)
FTP Security Issues
291(1)
Analyzing Domain Name System and Its Weaknesses
292(7)
DNS Message Format
292(3)
The DNS Lookup Process
295(1)
The DNS Hierarchy
296(1)
Caching
296(1)
Zones and Zone Transfers
297(1)
DNS Utilities
297(1)
DNS Security Issues
298(1)
Other Insecure Application Layer Protocols
299(4)
Simple Mail Transfer Protocol
299(1)
SMTP Protocol Overview
299(1)
SMTP Security Issues
300(1)
Telnet
301(1)
Protocol Overview
302(1)
Security Issues
302(1)
Other Protocols
302(1)
Attacking the Application Layer
303(33)
Attacking Web Applications
303(1)
SQL Injection
303(1)
Code Injection
304(1)
Cross-Site Scripting
305(2)
Directory Traversal Attacks
307(1)
Information Disclosure
307(1)
Authentication and Access Control Vulnerabilities
308(1)
CGI Vulnerabilities
308(1)
Attacking DNS
308(1)
Information Gathering
309(1)
DNS Cache Poisoning
309(1)
DNS Cache Snooping
310(1)
MITM Attacks
311(2)
Buffer Overflows
313(1)
Stack Overflows
314(6)
Heap Overflows
320(1)
Integer Overflows
320(1)
Exploiting Buffer Overflows
321(3)
Reverse Engineering Code
324(1)
Executable File Formats
325(2)
Black-Box Analysis
327(2)
White-Box Analysis
329(3)
Application Attack Platforms
332(1)
Metasploit Exploitation Framework
333(3)
Other Application Attack Tools
336(1)
Defending the Application Layer
336(10)
SSH
336(1)
SSH Protocol Architecture
336(2)
Common Applications of SSH
338(1)
Pretty Good Privacy
339(1)
How PGP Works
339(1)
Key Distribution
340(1)
Securing Software
340(1)
Building Secure Software
340(1)
Security Testing Software
341(2)
Hardening Systems
343(3)
Vulnerability Scanners
346(1)
Nessus
346(1)
Application-Layer Security Project: Using Nessus to Secure the Stack
347(3)
Analyzing the Results
348(2)
Summary
350(1)
Solutions Fast Track
350(2)
Frequently Asked Questions
352(1)
Layer 8: The People Layer
353(48)
Introduction
354(1)
Attacking the People Layer
354(21)
Social Engineering
355(1)
In Person
355(10)
Phone
365(1)
Fax
366(1)
Internet
367(1)
Phreaking
367(1)
Phreak Boxes
367(2)
Wiretapping
369(1)
Stealing
369(1)
Cell Phones
369(2)
World Wide Web, E-mail, and Instant Messaging
371(1)
Trojan Horses and Backdoors
372(1)
Disguising Programs
372(1)
Phishing
372(1)
Domain Name Spoofing
373(1)
Secure Web Sites
374(1)
Defending the People Layer
375(15)
Policies, Procedures, and Guidelines
375(2)
Person--to--Person Authentication
377(1)
Data Classification and Handling
377(1)
Education, Training, and Awareness Programs
378(1)
Education
379(2)
Training
381(1)
Security Awareness Programs
381(1)
Evaluating
382(1)
Testing
382(1)
Monitoring and Enforcement
383(1)
Periodic Update of Assessment and Controls
383(1)
Regulatory Requirements
383(1)
Privacy Laws
383(3)
Corporate Governance Laws
386(4)
Making the Case for Stronger Security
390(5)
Risk Management
390(1)
Asset Identification and Valuation
390(2)
Threat Assessment
392(2)
Impact Definition and Quantification
394(1)
Control Design and Evaluation
395(1)
Residual Risk Management
395(1)
People Layer Security Project
395(3)
Orangebox Phreaking
396(2)
Summary
398(1)
Solutions Fast Track
398(1)
Frequently Asked Questions
399(2)
Appendix A Risk Mitigation: Securing the Stack
401(22)
Introduction
402(1)
Physical
402(1)
Data Link
403(1)
Network
404(1)
Transport
405(1)
Session
405(1)
Presentation
406(1)
Application
406(14)
People
420(2)
Summary
422(1)
Index 423

Rewards Program

Write a Review