rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780849308888

The Hacker's Handbook: The Strategy Behind Breaking into and Defending Networks

by ;
  • ISBN13:

    9780849308888

  • ISBN10:

    0849308887

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2003-11-24
  • Publisher: Auerbach Public

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

List Price: $140.00 Save up to $40.25
  • Rent Book $99.75
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 3-5 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

How To: Textbook Rental

Looking to rent a book? Rent The Hacker's Handbook: The Strategy Behind Breaking into and Defending Networks [ISBN: 9780849308888] for the semester, quarter, and short term or search our site for other textbooks by Young; Susan. Renting a textbook can save you up to 90% from the cost of buying.

Summary

The Hackera??s Handbook: The Strategy Behind Breaking Into and Defending Networks, moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders. This book is divided into three parts. Part I introduces programming, protocol, and attack concepts.A Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration. Each section provides a a??patha?? to hacking/security Web sites and other resources that augmentexisting content. Referencing these supplemental and constantly-updated resources ensures that this volume remains timely and enduring. By informing IT professionals how to think like hackers, this book serves as a valuable weapon in the fight to protect digital assets.

Table of Contents

1 Introduction: The Chess Game 1(12)
Book Structure
4(11)
Chapter 2. Case Study in Subversion
4(1)
Chapter 3. Know Your Opponent
5(1)
Chapter 4. Anatomy of an Attack
5(1)
Chapter 5. Your Defensive Arsenal
6(1)
Chapter 6. Programming
6(1)
Chapter 7. IP and Layer 2 Protocols
7(1)
Chapter 8. The Protocols
7(1)
Chapter 9. Domain Name System (DNS)
7(1)
Chapter 10. Directory Services
8(1)
Chapter 11. Simple Mail Transfer Protocol (SMTP)
8(1)
Chapter 12. Hypertext Transfer Protocol (HTTP)
9(1)
Chapter 13. Database Hacking
9(1)
Chapter 14. Malware and Viruses
9(1)
Chapter 15. Network Hardware
10(1)
Chapter 16. Consolidating Gains
10(1)
Chapter 17. After the Fall
11(1)
Chapter 18. Conclusion
12(1)
PART I FOUNDATION MATERIAL 13(2)
2 Case Study in Subversion 15(16)
Dalmedica
15(2)
The Dilemma
17(6)
The Investigation
23(8)
3 Know Your Opponent 31(26)
Terminology
31(6)
Script Kiddy
32(1)
Cracker
33(1)
White Hat Hacker
34(1)
Black Hat Hacker
35(1)
Hacktivism
35(1)
Professional Attackers
36(1)
History
37(9)
Computer Industry and Campus
37(2)
System Administration
39(1)
Home Computers
39(1)
Home Computers: Commercial Software
40(2)
Home Computers: The BBS
42(2)
Phone Systems
44(2)
Ethics and Full Disclosure
46(4)
Opponents Inside
50(4)
The Hostile Insider
50(3)
Corporate Politics
53(1)
Conclusion
54(3)
4 Anatomy of an Attack 57(46)
Overview
58(1)
Reconnaissance
58(1)
Social Engineering and Site Reconnaissance
59(1)
Internet Reconnaissance
60(4)
Internet Search Engines and Usenet Tools
62(1)
Financial Search Tools, Directories, Yellow Pages, and Other Sources
63(1)
IP and Network Reconnaissance
64(4)
Registrar and whois Searches
65(1)
Network Registrar Searches (ARIN)
66(2)
DNS Reconnaissance
68(4)
Mapping Targets
72(1)
War Dialing
72(1)
Network Mapping (ICMP)
73(6)
ICMP Queries
74(2)
TCP Pings: An Alternative to ICMP
76(1)
Traceroute
76(2)
Additional Network Mapping Tools
78(1)
Port Scanning
79(5)
TCP and UDP Scanning
80(1)
Banner Grabbing
80(1)
Packet Fragmentation Options
81(1)
Decoy Scanning Capabilities
82(1)
Ident Scanning
82(1)
FTP Bounce Scanning
82(1)
Source Port Scanning
83(1)
Stack Fingerprinting Techniques
83(1)
Vulnerability Scanning (Network-Based OS and Application Interrogation)
84(4)
Researching and Probing Vulnerabilities
88(1)
System/Network Penetration
88(8)
Account (Password) Cracking
89(1)
Application Attacks
90(1)
Cache Exploits
90(1)
File System Hacking
91(1)
Hostile and Self-Replicating Code
91(1)
Programming Tactics
92(1)
Process Manipulation
92(1)
Shell Hacking
92(1)
Session Hijacking
93(1)
Spoofing
93(1)
State-Based Attacks
94(1)
Traffic Capture (Sniffing)
95(1)
Trust Relationship Exploitation
95(1)
Denial-of-Service
96(1)
Consolidation
97(1)
Security
98(5)
Notes
98(2)
References
100(1)
Texts
101(1)
Web References
101(2)
5 Your Defensive Arsenal 103(86)
The Defensive Arsenal
104(15)
Access Controls
104(13)
Network Access Controls (Firewalls)
104(6)
State Management Attacks on Firewalls
110(2)
Firewall Ruleset and Packet Filter Reconnaissance
112(1)
IP Spoofing to Circumvent Network Access Controls
113(2)
Denial-of-Service
115(1)
Packet Fragmentation Attacks
116(1)
Application Level Attacks
117(1)
System Access Controls
117(2)
Host-Based Firewalls
117(1)
Operating System Access Controls and Privilege Management
118(1)
Authentication
119(34)
IP Authentication
121(1)
Password Authentication
121(2)
Account/Password Cracking
121(2)
Eavesdropping Attacks
123(3)
Password Guessing Attacks
126(1)
Token-Based Authentication
126(1)
Session Authentication
127(6)
Session Authentication Scheme Cracking
127(1)
Generation of Counterfeit Session Auth Credentials
128(1)
Session ID Brute-Forcing
129(2)
Session Auth Eavesdropping
131(1)
Session Auth/ID Stealing or "Hijacking"
132(1)
Client Session/ID Theft
133(1)
Cryptographic (Key-Based) Authentication
133(6)
Key Transfer and Key Management Vulnerabilities
139(4)
Key Transfer Vulnerabilities
139(1)
Key Management Vulnerabilities (Public Key Infrastructure)
139(4)
Key Binding and Impersonation Vulnerabilities
143(1)
Dictionary and Brute-Force Attacks against Weak Secrets
143(1)
Centralized Authentication Servers
143(7)
RADIUS
143(3)
TACACS
146(2)
Kerberos
148(2)
Human Authentication (Biometrics)
150(3)
Resource Controls
153(2)
Nonrepudiation
155(2)
Digital Signatures (and Digital Certificates)
155(2)
Privacy
157(16)
Virtual Private Network (VPN)
159(6)
Session and Protocol Encryption
165(7)
Secure Sockets Layer (SSL)
165(2)
Certificate and Impersonation Attacks (SSL)
167(1)
Cryptographic Weaknesses (SSL)
168(1)
Attacks against the Handshake Protocol (SSL)
169(1)
SSL Man-in-the-Middle Attacks
169(1)
Man-in-the-Middle Attack Version Rollback (SSL)
170(1)
Viruses, Worms, and other Application Issues (SSL)
170(1)
Secure Shell (SSH) Cryptographic
170(2)
File System Encryption
172(1)
Intrusion Detection
173(9)
Network-Based and Host-Based IDS
174(1)
Anomaly-Based (Behavior-Based) IDS
174(3)
Signature-Based (Knowledge-Based) DDB
177(1)
IDS Hacking Exploits
178(3)
Address Spoofing or Proxying
178(1)
Attacking the IDS
178(1)
Denial-of-Service
179(1)
Instigating Active Events
179(1)
Nondefault Evasion and Pattern Change Evasion
179(1)
Packet Fragmentation and "Session Splicing"
179(1)
Port Scan Evasion
180(1)
TCP Session Synchronization Attacks
180(1)
URL Encoding (Unicode and Hex Attacks)
180(1)
Web Evasion Techniques
181(1)
File System Integrity Checkers
181(1)
Security Information Management
182(1)
Data Integrity
182(7)
Application Proxies
183(1)
Content Assurance (Antivirus, Content Scanning)
183(1)
Notes
184(2)
References
186(1)
Texts
186(1)
Web References
186(3)
6 Programming 189(40)
Languages
189(1)
Speed and Security Trade-Offs
190(4)
Native Compiled Code: C/C++/Assembly
191(1)
Bytecode/Just in Time Compiled Code ("Managed" Code): C#/Java
191(1)
Interpreted (Usually Compiled into Byte Codes at Runtime): Perl, Python (Scripting Languages), PHP, Visual Basic, .ASP, Lisp, JSP (Web Languages)
192(2)
Language-Specific Flaws and Strategic Ways to Protect against Them
194(1)
The Basics of Buffer Overflows and Other Memory Allocation Errors
194(1)
History
195(10)
Basic Stack Overflows
195(3)
Options for the Hacker after a Stack Overflow
198(1)
So What Is a Stack Canary?
199(1)
Heap Overflows
200(1)
Format String Bugs
201(2)
Integer Overflows
203(1)
Signal Races on UNIX
203(1)
What Is Shellcode?
203(2)
Interpreter Bugs
205(1)
File Name Canonicalization
205(1)
Logic Error War Stories
206(1)
Platform-Specific Programming Security Issues
207(1)
Windows NT Compared to UNIX
207(1)
Types of Applications
207(3)
Web Applications
209(1)
Cross-Site Scripting Vulnerabilities
210(1)
Java J2EE
211(1)
Traditional ASP
211(1)
.Net
212(1)
LAMP
212(2)
Remote Procedure Calling
212(2)
Creating an RPC Program
214(1)
Special Cases
214(2)
Setuid Applications on UNIX
214(1)
DCOM Services
215(1)
Auditing Techniques
216(7)
Tools That Aid Source Auditing
216(3)
Tools That Aid Reverse Engineering
219(1)
Fuzzing Audit Tools
220(1)
Web Security Audit Tools
221(1)
General Security Tools
222(1)
Encryption and Authentication
223(1)
Layered Defenses
224(1)
Platform-Specific Defenses (Security through Security and Security through Obscurity)
224(2)
Nonexecutable Stack
225(1)
Using a Different Platform Than Expected
225(1)
File System User Access Controls
226(1)
Process Logging
226(1)
The Insider Problem, Backdoors, and Logic Bombs
226(1)
Buying an Application Assessment
227(1)
Conclusion
228(1)
References
228(1)
7 IP and Layer 2 Protocols 229(42)
Layer 2 Protocols
231(8)
Address Resolution Protocol (ARP)
231(6)
Protocol
231(2)
Hacking Exploits
233(2)
Security (Mapping ARP Exploits to ARP Defenses)
235(1)
Static ARP Entries on Internet Gateways and Firewalls
236(1)
Network Management
236(1)
ARP Monitoring
236(1)
Port-Level Security
237(1)
Reverse Address Resolution Protocol (RARP)
237(2)
Protocol
237(1)
Hacking Exploits
237(1)
Security (Defenses for RARP-Related Attacks: DHCP, BOOTP)
237(1)
Assignment of Static IP Addresses to Clients
238(1)
Use of DHCP/BOOTP MAC Controls
238(1)
ARP Monitoring
238(1)
Port-Level Security
239(1)
Layer 3 Protocols
239(32)
IP Protocol
239(33)
Protocol
239(2)
Hacking Exploits
241(19)
IP Eavesdropping (Packet Sniffing)
241(2)
IP Spoofing
243(7)
IP Session Hijacking (Man-in-the-Middle Attacks)
250(4)
IP Packet Fragmentation Attacks
254(1)
ICMP-Based Fragmentation Attacks
256(1)
Tiny Fragment Attacks
257(1)
Overlapping Fragment Attacks
258(2)
IP Covert Tunneling
260(1)
Security (Mapping IP Exploits to IP Defenses)
260(7)
Tools and Techniques to Detect Promiscuous Mode Packet Sniffers
261(1)
System Audits to Identify NICs in Promiscuous Mode
262(1)
System Hardening Procedures to Inhibit Sniffer Installation
262(1)
Inspection of Systems for Signs of Rootkit Compromise
262(1)
Institution of Switched Network
262(1)
Institution of ARP Monitoring
263(1)
Institution of Traffic Encryption
263(1)
Implementation of Strong Authentication
264(1)
Institution of Spoof Protection at Firewalls and Access Control Devices
265(1)
Patch TCP/IP Implementations
265(1)
Deny Source Routing at Gateways and Firewalls
266(1)
Deny ICMP Redirects at Gateways and Firewalls
266(1)
Deter the Use of IP Addresses for Authentication or Construction of Trust Relationships
266(1)
Implement ARP Controls
266(1)
Monitor Network Traffic Using Network and Host-based IDS
266(1)
Restrict ICMP Traffic into and out of a Protected Network
267(1)
Patch Firewalls and Intrusion Detection Systems against Packet Fragmentation Attacks
267(1)
Notes
267(1)
References
268(1)
Texts
268(1)
Request for Comments (RFCs)
268(1)
White Papers and Web References
268(3)
8 The Protocols 271(40)
Layer 3 Protocols
272(16)
Internet Control Message Protocol (ICMP)
272(16)
Protocol
272(1)
Hacking Exploits
273(12)
ICMP-Based Denial-of-Service
273(6)
ICMP Network Reconnaissance
279(2)
ICMP Time Exceeded
281(1)
ICMP Access Control Enumeration
282(2)
ICMP Stack Fingerprinting
284(1)
ICMP Covert Tunneling
285(1)
Security
285(3)
Deny ICMP Broadcasts
285(1)
Network Controls against ICMP Packet Flooding
286(1)
IP Spoofing Defenses
287(1)
Patch TCP/IP Implementations against ICMP Denial-of-Service and ICMP Typing
287(1)
Monitor Network Traffic Using Network and Host-Based Intrusion Detection Systems (IDSs)
287(1)
Restriction of Specific ICMP Message Types
288(1)
Monitor ICMP Activity at Firewalls and Intrusion Detection Systems
288(1)
Layer 4 Protocols
288(25)
Transmission Control Protocol (TCP)
288(15)
Protocol
288(2)
Hacking Exploits
290(11)
Covert TCP
290(4)
TCP Denial-of-Service
294(2)
TCP Sequence Number Prediction (TCP Spoofing and Session Hijacking)
296(1)
TCP Stack Fingerprinting
297(1)
TCP State-Based Attacks
298(3)
Security
301(2)
Network Controls against TCP Packet Flooding
301(1)
IP Spoofing Defenses
302(1)
Patch TCP/IP Implementations against TCP Denial-of-Service, TCP Stack Fingerprinting, and TCP Sequence Number Prediction
302(1)
Monitor Network Traffic Using Network and Host-Based IDS Systems
302(1)
Activation of SYN Flood Protection on Firewalls and Perimeter Gateways
302(1)
Implement Stateful Firewalling
303(1)
User Datagram Protocol (UDP)
303(5)
Protocol
303(1)
Hacking Exploits
304(2)
Covert UDP
304(1)
UDP Denial-of-Service
304(2)
UDP Packet Inspection Vulnerabilities
306(1)
Security
306(15)
Disable Unnecessary UDP Services
306(1)
Network Controls against UDP Packet Flooding
307(1)
IP Spoofing Defenses
308(1)
Patch TCP/IP Implementations against UDP Denial-of-Service
308(1)
Monitor Network Traffic Using Network and Host-Based IDS Systems
308(1)
Implement Stateful Firewalling
308(1)
Notes
308(1)
References
309(1)
Texts
309(1)
Request for Comments (RFCs)
309(1)
White Papers and Web References
309(2)
PART II SYSTEM AND NETWORK PENETRATION 311(2)
9 Domain Name System (DNS) 313(38)
The DNS Protocol
314(7)
DNS Protocol and Packet Constructs (Packet Data Hacking)
314(1)
DNS Vulnerabilities
315(6)
DNS Exploits and DNS Hacking
321(15)
Protocol-Based Hacking
321(9)
Reconnaissance
321(4)
DNS Registration Information
322(1)
Name Server Information
322(1)
IP Address and Network Topology Data
322(1)
Information on Key Application Servers
323(2)
Protocol-Based Denial-of-Service
325(3)
Dynamic DNS (DDNS) Hacking
328(2)
Application-Based Attacks
330(3)
Buffer Overflows (Privileged Server Access, Denial-of-Service)
330(1)
Exploiting the DNS Trust Model
331(12)
DNS Registration Attacks
331(1)
DNS Spoofing
332(1)
Cache Poisoning
333(2)
DNS Hijacking
335(1)
DNS Security and Controls
336(8)
Mapping Exploits to Defenses
336(2)
Defensive Strategy
338(1)
Configuration Audit and Verification Tools
338(1)
DDNS Security
338(2)
Name Server Redundancy
340(1)
DNSSEC: Authentication and Encryption of DNS Data
340(3)
Name Server Software Upgrade(s)
343(1)
Network and Name Server Monitoring and Intrusion Detection
343(1)
Berkeley Internet Name Daemon (BIND) Logging Controls
343(1)
Microsoft Windows 2000 DNS Logging Controls
344(1)
Patches and Service Packs
345(1)
Server-Side Access Controls
345(1)
Split-Level DNS Topologies (and DNS Proxying)
345(4)
Split-Level DNS Topology
347(1)
System and Service Hardening
347(2)
Notes
349(1)
References
350(1)
Texts
350(1)
Request for Comments (RFCs)
350(1)
Mailing Lists and Newsgroups
350(1)
Web References
350(1)
10 Directory Services 351(60)
What Is a Directory Service?
352(1)
Components of a Directory
352(2)
Schema
352(1)
Leaf Object
353(1)
Container Object
353(1)
Namespace
353(1)
Directory Information Tree
353(1)
Directory Information Base (DIB)
353(1)
Directory Features
354(1)
Directory Security
354(1)
Single Sign On
355(1)
Uses for Directory Systems
355(2)
Directory-Enabled Networking
355(1)
Linked Provisioning
355(1)
Global Directory
356(1)
Public Key Infrastructure
356(1)
Directory Models
357(2)
Physical vs. Logical
357(1)
Flat vs. Hierarchical
358(1)
X.500 Directory
359(11)
X.500 Schema
360(1)
X.500 Partitions
361(1)
X.500 Objects and Naming
362(1)
A Word about Aliases
363(1)
X.500 Back-End Processes
364(2)
Directory Information Tree
364(1)
Directory Information Base
364(1)
Replication
364(1)
Agents and Protocols
365(1)
X.500 Directory Access
366(1)
X.500 Security
367(1)
Authentication
367(10)
Simple Authentication
367(1)
Strong Authentication
368(1)
Access Control
368(1)
Rights
369(1)
Summary
369(1)
Lightweight Directory Access Protocol (LDAP)
370(9)
LDAP Schema
373(1)
LDAP Partitions
374(1)
LDAP Objects and Naming
374(2)
LDAP Queries
376(1)
LDAP Data Interchange Format (LDIF)
377(1)
LDAP Security
377(2)
Authentication
377(1)
Anonymous Access
377(1)
Simple Authentication
377(1)
Simple Authentication with Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
378(1)
Simple Authentication and Security Layer (SASL)
378(1)
Access Control
378(1)
Summary
379(1)
Active Directory
379(15)
Windows NT
380(2)
Windows 2000 Schema
382(1)
Windows 2000 Partitions
382(1)
Windows 2000 Objects and Naming
382(2)
The Domain
382(1)
The Tree
383(1)
The Forest
383(1)
The Forest Root Domain
384(1)
Naming Standards and Resolution in Windows 2000
384(3)
Active Directory Back-End Processes
387(2)
The Directory Information Base (DIB)
387(1)
Replication
387(1)
The Global Catalog
388(1)
Windows 2000 Security
389(3)
Authentication
389(1)
Kerberos
389(2)
NTLM
391(1)
Access Control
392(2)
Exploiting LDAP
394(17)
Sun ONE Directory Server 5.1
395(4)
Microsoft Active Directory
399(10)
Summary
409(1)
Future Directions
409(1)
Further Reading
410(1)
11 Simple Mail Transfer Protocol (SMTP) 411(52)
The SMTP Protocol
412(7)
SMTP Protocol and Packet Constructs (Packet Data Hacking)
412(5)
SMTP Vulnerabilities
417(1)
SMTP Protocol Commands and Protocol Extensions
417(2)
Protocol Commands
417(2)
Protocol Extensions
419(1)
SMTP Exploits and SMTP Hacking
419(31)
SMTP Protocol Attacks
419(13)
Account Cracking
419(9)
Eavesdropping and Reconnaissance
428(4)
ESMTP and Command Set Vulnerabilities
432(10)
Protocol-Based Denial-of-Service
432(4)
Mail Bombing
433(1)
Mail Spamming
434(2)
Man-in-the-Middle Attacks
436(1)
Application-Based Attacks
436(10)
Malicious Content (MIME Attacks)
436(5)
Buffer Overflows (Privileged Server Access)
441(1)
Worms and Automated Attack Tools
442(2)
Application-Based Denial-of-Service
444(2)
Attacks on the Mail Trust Model
446(3)
Mail Spoofing
446(2)
Identity Impersonation
448(1)
Attacks on Data Integrity
449(1)
Delivery Status Notification Manipulation
449(1)
SMTP Security and Controls
450(13)
Mapping Exploits to Defenses
450(1)
Defensive Strategy
450(10)
Antispam/Antirelay Controls
450(4)
Antivirus and Content Scanning
454(1)
Client-Side Access Controls
454(1)
Content or Code Signing
455(1)
Delivery Status Notification Controls
455(1)
Disable Vulnerable ESMTP and SMTP Commands
456(1)
Disable Vulnerable MIME Types
456(1)
Network and SMTP Server Monitoring, Intrusion Detection
456(1)
Patches and Service Packs
457(1)
Separation of SMTP and Intranet Account Databases
457(1)
Server-Side Access Controls
458(1)
Server Redundancy
458(1)
SMTP Header Stripping and Parsing
458(1)
SMTP Source Routing Controls
458(1)
Split SMTP Topology
458(1)
System and Service Hardening
458(2)
Transport Layer Security, Secure Socket Layer Security
460(1)
Notes
460(1)
References
461(1)
Texts
461(1)
Request for Comments (RFCs)
461(1)
White Papers and Web References
462(1)
12 Hypertext Transfer Protocol (HTTP) 463(40)
The HTTP Protocol
464(4)
HTTP Protocol and Packet Constructs (Packet Data Hacking)
464(2)
HTTP Vulnerabilities
466(1)
HTTP Protocol Methods (and Associated Vulnerabilities)
466(2)
HTTP Exploits and HTTP Hacking
468(24)
HTTP Protocol Attacks
469(9)
Eavesdropping and Reconnaissance
469(6)
Account Cracking
475(2)
Basic Access Authentication
477(1)
Digest Access Authentication
477(1)
HTTP Method Vulnerabilities
478(1)
Content Vulnerabilities
478(1)
Caching Exploits
478(4)
Cache Poisoning
479(1)
Man-in-the-Middle Attacks
480(1)
Unauthorized Retrieval of Cache Data and Cache Monitoring
480(1)
Denial-of-Service
481(1)
Protocol-Based Denial-of-Service
481(1)
Application-Based Attacks
482(6)
Buffer Overflows (Privileged Server Access, Denial-of-Service)
482(2)
Directory Traversal Attacks
484(3)
Application-Based Denial-of-Service
487(1)
Attacks on the HTTP Trust Model
488(4)
State-Based Attacks (Session ID Hacking)
488(3)
HTTP Spoofing/HTTP Redirection
491(1)
Man-in-the-Middle Attacks (Session Hijacking)
492(1)
HTTP Security and Controls
492(11)
Mapping Exploits to Defenses
493(1)
Defensive Strategy
493(8)
Caching Controls and Cache Redundancy
493(1)
Disable Vulnerable HTTP Methods
494(1)
HTTP Header Stripping
494(1)
Implementation of HTTP Digest Access Authentication
494(3)
Load Balancing and Server Redundancy
497(1)
Network and HTTP Server Monitoring, Intrusion Detection
497(2)
Patches and Service Packs
499(1)
Security for Financial Transactions
499(1)
Server-Side Access Controls
500(1)
System and Service Hardening
500(1)
Transport Layer Security or Secure Socket Layer Security
501(1)
Notes
501(1)
References
501(1)
Texts
501(1)
Request for Comments (RFC5)
502(1)
Web References
502(1)
13 Database Hacking and Security 503(26)
Introduction
503(1)
Enumeration of Weaknesses
503(2)
SQL Injection
505(2)
Introduction
505(1)
Phases of SQL Injection
506(1)
Hacking Microsoft SQL Server
507(4)
Overflows in Microsoft SQL Server
507(1)
You Had Me at Hello
507(1)
SQL Server Resolver Service Stack Overflow
508(1)
Microsoft SQL Server Postauth Vulnerabilities
509(1)
Microsoft SQL Server SQL Injection
509(1)
A Note on Attacking Cold Fusion Web Applications
510(1)
Default Accounts and Configurations
510(1)
Hacking Oracle
511(5)
Buffer Overflows in Oracle Servers
512(1)
SQL Injection on Oracle
513(1)
Default User Accounts
514(1)
Tools and Services for Oracle Assessments
514(2)
Other Databases
516(1)
Connecting Backwards
516(1)
Demonstration and Examples
516(12)
Phase 1. Discovery
517(3)
Phase 2. Reverse Engineering the Vulnerable Application
520(4)
Phase 3. Getting the Results of Arbitrary Queries
524(4)
Conclusions
528(1)
14 Malware and Viruses 529(22)
Ethics Again
532(1)
Target Platforms
532(1)
Script Malware
533(1)
Learning Script Virus Basics with Anna Kournikova
534(1)
Binary Viruses
534(12)
Binary File Viruses
536(4)
Binary Boot Viruses
540(2)
Hybrids
542(1)
Binary Worms
543(3)
Worst to Come
546(1)
Adware Infections
547(2)
Conclusion
549(2)
Notes
549(2)
15 Network Hardware 551(52)
Overview
551(1)
Network Infrastructure
552(2)
Routers
552(1)
Switches
552(1)
Load-Balancing Devices
553(1)
Remote Access Devices
553(1)
Wireless Technologies
554(1)
Network Infrastructure Exploits and Hacking
554(35)
Device Policy Attacks
555(2)
Installation Policy
555(1)
Acceptable Use Policy
556(1)
Access Policy
556(1)
Configuration Storage Policy
556(1)
Patch or Update Policy
557(1)
Denial-of-Service
557(2)
Device Obliteration
557(1)
Configuration Removal or Modification
557(1)
Sending Crafted Requests
558(1)
Physical Device Theft
558(1)
Environmental Control Modification
558(1)
Resource Expenditure
559(1)
Diagnostic Port Attack
559(1)
Sequence (SYN) Attack
559(1)
Land Attack
559(1)
Bandwidth Expenditure
560(1)
Broadcast (Smurf) Attacks
560(1)
Other ICMP-Related Attacks
560(2)
Redirects
560(1)
ICMP Router Discovery Protocol (IDRP) Attack
561(1)
Ping O'Death
561(1)
Squelch
561(1)
Fragmented ICMP
561(1)
Network Mapping Exploits
562(1)
Ping
562(1)
Traceroute
563(1)
Broadcast Packets
563(1)
Information Theft
563(2)
Network Sniffing
564(1)
Hijacking Attacks
564(1)
Spoofing
565(1)
Address Spoofing
565(1)
TCP Sequence Attacks
565(1)
Media Access (MAC) Address Exploits
565(1)
Password or Configuration Exploits
566(2)
Default Passwords or Configurations
567(1)
No Passwords
567(1)
Weak Passwords
567(1)
Dictionary Password Attacks
567(1)
Brute-Force Attacks
568(1)
Logging Attacks
568(2)
Log Modification
569(1)
Log Deletion
569(1)
Log Rerouting
569(1)
Spoofed Event Management
570(1)
Network Ports and Protocols Exploits and Attacks
570(2)
Telnet
570(1)
BOOTP
571(1)
Finger
571(1)
Small Services
572(1)
Device Management Attacks
572(1)
Authentication
572(1)
Console Access
572(1)
Modem Access (AUX)
573(1)
Management Protocols
573(2)
Web (HTTP[S])
573(1)
Telnet
573(1)
SSH (Version 1)
574(1)
TFTP
574(1)
SNMP
574(1)
Device Configuration Security Attacks
575(1)
Passwords
575(1)
Remote Loading (Network Loads)
576(1)
Router-Specific Exploits
576(4)
Routing Protocol Attacks
576(1)
Authentication
577(1)
IRDP Attacks
577(1)
Cisco Discovery Protocol (CDP)
577(1)
Classless Routing
577(1)
Source Routing
578(1)
Route Table Attacks
578(1)
Modification
579(1)
Poisoning
579(1)
ARP Table Attacks
579(1)
Modification
579(1)
Poisoning
579(1)
Man-in-the-Middle Attack
580(1)
Access-Control Lists Attacks
580(1)
Switch-Specific Exploits
580(1)
ARP Table
581(1)
Modification
581(1)
Poisoning
581(1)
Man-in-the-Middle Attack
581(1)
Media Access (MAC) Address Exploits
581(2)
Changing a Host's MAC
582(1)
Duplicate MAC Addresses
582(1)
Load-Balancing Device - Specific Exploits
583(1)
Remote Access Device - Specific Exploits
583(1)
Weak User Authentication
583(1)
Same Account and Login Multiple Devices
584(1)
Shared Login Credentials
584(1)
Home User System Exploitation
584(1)
Wireless Technology- Specific Exploits
585(4)
Interception and Monitoring
585(1)
Jamming
586(1)
Insertion
586(1)
Rogue Access Points
586(1)
Unauthorized Clients
586(1)
Client-to-Client Attacks
587(1)
Media Access (MAC) Address
587(1)
Duplicate IP Address
587(1)
Improper Access Point Configuration
588(2)
Service Set Identifier (SSID)
588(1)
Default SSID
588(1)
SSID Broadcasting
588
Wired Equivalent Privacy (WEP) Exploits
508(81)
Network Infrastructure Security and Controls
589(16)
Defensive Strategy
589(1)
Routing Protocol Security Options
589(1)
Management Security Options
590(1)
Operating System Hardening Options
590(9)
Protecting Running Services
590(2)
Hardening of the Box
592(3)
Explicitly Shut Down All Unused Interfaces
592(1)
Limit or Disable In-Band Access (via Telnet, SSH.SNMDP, Etc.)
592(1)
Reset All Default Passwords
593(1)
Use Encrypted Passwords
594(1)
Use Remote AAA Authentication
594(1)
Use Access Lists to Protect Terminal, SNMP,TFTP Ports
595(1)
Remote Login (Telnet) Service
595(1)
SNMP Service
595(1)
Routing Services
595(2)
Limit Use of SNMP
596(1)
Limit Use of Internal Web Servers Used for Configuration
596(1)
Disable Cisco Discovery Protocol (CDP) on Cisco Gear Outside of the Firewall
596(1)
Do Not Leak Info in Banners
596(1)
Keep Up-to-Date on Security Fixes for Your Network Infratructure Devices
597(1)
DoS and Packet Flooding Controls
597(11)
Use IP Address Spoofing Controls
597(1)
Watch for Traffic Where the Source and Destination Addresses Are the Same
597(1)
Enforce Minimum Fragment Size to Protect against Tiny Fragment Attack, Overlapping Fragment Attack, and Teardrop Attack
598(1)
Disable IP Unreachables on External Interfaces
598(1)
Disable ICMP Redirects on External Interfaces
598(1)
Disable Proxy ARP
598(1)
Disable IP Directed Broadcasts (SMURF Attacks)
598(1)
Disable Small Services (No Service Small-Servers UDP and No Service Small-Servers TCP)
598(1)
Disable IP Source Routing (No IP Source-Route)
598(1)
Use Traffic Shaping (Committed Access Rate) Tools
598(1)
Configuration Audit and Verification Tools
599(1)
Wireless Network Controls
599(2)
Notes
601(1)
References
601(1)
Tools
601(1)
Request for Comments (RFCs)
602(1)
White Paper
602(1)
Web References
602(1)
PART III CONSOLIDATION 603(2)
16 Consolidating Gains 605(122)
Overview
606(1)
Consolidation (OS and Network Facilities)
607(86)
Account and Privilege Management Facilities
608(9)
Account Cracking
608(2)
SMBCapture
610(2)
Active Directory Privilege Reconnaissance and Hacking
612(1)
Built-In/Default Accounts, Groups, and Associated Privileges
612(1)
Finger Service Reconnaissance
613(1)
Kerberos Hacking and Account Appropriation
613(1)
Keystroke Logging
613(2)
LDAP Hacking and LDAP Reconnaissance
615(1)
Polling the Account Database
615(2)
Social Engineering
617(1)
Trojanized Login Programs
617(1)
File System and I/O Resources
617(7)
File System and Object Privilege Identification
618(6)
File System (Operating System) Hacking
624(15)
File Sharing Exploits
627(1)
NFS (IP) Spoofing
627(7)
SMBRelay
634(1)
File Handle/File Descriptor Hacking
635(2)
File System Device and I/O Hacking
637(1)
File System Exploitation through Application Vulnerabilities
637(2)
Application-Based File System Hacking
639(1)
Extended File System Functionality and File System Hacking
639(1)
Service and Process Management Facilities
640(1)
Processes, Services, and Privilege Identification
641(213)
Starting/Stopping Services and Executing with Specific Privileges
650(2)
API, Operating System, and Application Vulnerabilities
652(202)
Buffer Overflows, Format String, and Other Application Attack
854
Debugging Processes and Memory Manipulation
655(6)
Inter-Process Communication (IPC), Named Pipe, and Named Socket Hacking
657(4)
Devices and Device Management Facilities
661(1)
Devices and Device Management Hacking
662(1)
Keystroke Logging
662(1)
Packet Sniffing
662(1)
Libraries and Shared Libraries
662(7)
Library (and Shared Library) Hacking
664(5)
Shell Access and Command Line Facilities
669(3)
Shell Hacking
670(2)
Registry Facilities (NT/2000)
672(202)
Registry Hacking
672(202)
Client Software
874(3)
Client Software Appropriation
874(3)
Listeners and Network Services
877
Account/Privilege Appropriation via a Vulnerable Network Service
877
NetBIOS/SMB Reconnaissance
677(5)
Network Information Service (NIS) Reconnaissance
682(6)
NIS Hacking
685(3)
SNMP Reconnaissance
688(2)
Network Trust Relationships
690(3)
Account Cracking
692(1)
IP Spoofing
692(1)
Token Capture and Impersonation
692(1)
Application/Executable Environment
693(1)
Consolidation (Foreign Code)
693(21)
Trojans
694(4)
Backdoors (and Trojan Backdoors)
698(2)
Backdoor Listeners
700(2)
Backdoor Applications
702(5)
Rootkits
707(3)
Kernel-Level Rootkits
710(4)
Security
714(1)
Mapping Exploits to Defenses
715(10)
Notes
722(3)
References and System Hardening References
725(1)
Texts
725(1)
Web References
725(1)
System Hardening References
725(2)
Windows NT/2000
725(1)
UNIX Platforms
726(1)
17 After the Fall 727(66)
Logging, Auditing, and IDS Evasion
729(31)
Logging and Auditing Evasion
729(15)
Windows NT/2000 Logging/Auditing Evasion
731(19)
IP Spoofing
738(1)
Account Masquerading
738(1)
Deletion/Modification of Log File Entries
739(4)
Deletion of Log Files
743(1)
Disabling Logging
743(1)
Controlling What Is Logged
743(1)
Manipulation of Audit Options
743(1)
Deletion or Update of Audit Files
744(1)
UNIX Platforms
744(6)
UNIX Logging/Auditing Evasion
750(3)
IP Spoofing
750(1)
Account Masquerading
750(1)
Deletion/Modification of Log File Entries
751(1)
Deletion of Log Files
751(1)
Disabling Log Files
752(1)
Controlling What Is Logged
752(1)
Manipulation of Audit and Accounting Options
752(1)
Deletion or Update of Audit Files
753(1)
Routers (Cisco)
753(3)
AAA Protocols (RADIUS, TACACS)
756(1)
Centralized Logging Solutions (Syslog)
757(2)
IP Spoofing
758(1)
Account Masquerading
758(1)
Deletion/Modification of Log File Entries
759(1)
Deletion of Log Files
759(1)
Disabling Log Files
759(1)
Controlling What Is Logged
759(1)
IDS Evasion
759(1)
Forensics Evasion
760(25)
Environment Sanitization
763(1)
Sanitizing History Files
763(1)
Sanitizing Cache Files
763(1)
File Hiding and File System Manipulation
764(15)
Operating System File Hiding Techniques
765(9)
Alternate Data Streams (NT/2000/XP)
774(1)
Steganography
775(2)
Cryptography
777(2)
Covert Network Activities
779(6)
Covert TCP
779(2)
"Normalizing" Traffic (Covert Shells)
781(2)
ICMP Covert Tunneling
783(2)
Investigative, Forensics, and Security Controls
785(4)
Mapping Exploits to Defenses
785(4)
Centralized Logging and Archival of Log File Data
785(2)
Centralized Reporting and Data Correlation
787(1)
Encryption of Local Log File Data
787(1)
Establishment of Appropriate Access Controls for Log Files
787(1)
Implementation of Tools for Remote Monitoring of Log Files
788(1)
Patches and Software Updates
788(1)
Process Monitoring for Logging Services
789(1)
Regular File System Audits
789(1)
Strict Management of Audit and Accounting-Related Privileges
789(1)
Traffic Encryption for Syslog Packet Data
789(1)
Notes
789(4)
References
791(1)
Texts
791(1)
Web References
792(1)
18 Conclusion 793(32)
Conclusion: Case Study in Subversion
795(27)
Dalmedica's Perspective
817(1)
Access Points
817(2)
Bastion Hosts
819(1)
Reconnaissance Activity
820(1)
Target Systems
821(1)
Conclusion (Final Thoughts)
822(3)
References
823(1)
Areas of Focus
823(1)
General Hacking and Security Resources
823(1)
Authentication Technologies
823(1)
Cryptography
823(1)
DNS and Directory Services
824(1)
Network Management
824(1)
Route/Switch Infrastructures
824(1)
Storage Networking
824(1)
Voice over IP
824(1)
Wireless Networks
824(1)
Notes
824(1)
Index 825

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program