did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780072260816

Hacking Exposed 5th Edition

by
  • ISBN13:

    9780072260816

  • ISBN10:

    0072260815

  • Edition: 5th
  • Format: Paperback
  • Copyright: 4/19/2005
  • Publisher: McGraw-Hill Osborne Media
  • View Upgraded Edition
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $49.99
  • Digital
    $49.99
    Add to Cart

    DURATION
    PRICE

Supplemental Materials

What is included with this book?

Summary

This new edition of Hacking Exposed features completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using real-world case studies, renowned security experts Stuart McClure, Joel Scambray, and George Kurtz explain how hackers exploit network security holes and what IT professionals can do to recognize and block oncoming attacks. Coverage includes:Code hacking methods and countermeasuresNew exploits for Windows 2003 Server, UNIX/Linux, Cisco, Apache, and Web and wireless applicationsLatest DDoS techniques -- zombies, Blaster, MyDoomAll new class of vulnerabilities -- HTTP Response SplittingInternet client attacks, including phishing

Author Biography

Stuart McClure (Ladera Ranch, CA) is Senior Vice President of Risk Management Engineering for McAfee, where he is responsible for driving product strategy and marketing for the McAfee Foundstone family of risk mitigation and management solutions. McAfee Foundstone saves countless millions in revenue and hours annually in recovering from hacker attacks, viruses, worms, and malware. Prior to his role at McAfee, Stuart was founder, president, and chief technology officer at Foundstone, Inc., which was acquired by McAfee in October 2004.

Widely recognized for his extensive and in-depth knowledge of security products, Stuart is considered one of the industry's leading authorities in information security today. A published and acclaimed security visionary, he brings many years of technology and executive leadership to McAfee Foundstone, along with profound technical, operational, and financial experience. At Foundstone, Stuart leads both product vision and strategy, and holds operational responsibilities for all technology development, support, and implementation. During his tenure, annual revenues grew over 100 percent every year since the company's inception in 1999.

In 1999, he took the lead in authoring Hacking Exposed: Network Security Secrets & Solutions, the best-selling computer-security book ever, with over 500,000 copies sold to date. Stuart also coauthored Hacking Exposed: WIndows 2000 (McGraw-Hill/Osborne, 2001) and Web Hacking: Attacks and Defense (Addison-Wesley, 2002).

Prior to Foundstone, Stuart held a variety of leadership positions in security and IT management, with Ernst & Young's National Security Profiling Team, two years as an industry analyst with InfoWorld's Test Center, five years as director of IT with both state and local California governments, two years as owner of an IT consultancy, and two years in IT with the University of Colorado, Boulder.

Stuary holds a bachelor's degree in psychology and philosophy, with an emphasis in computer science applications, from the University of Colorado, Boulder. He later earned numerous ceritifications, including ISC2's CISSP, Novell's CNE, and Check Point's CCSE.

Joel Scambray (Woodinville, WA) is Senior Director of Security for Microsoft's MSN.

George Kurtz (Conto de Caza, CA) is Senior Vice President of Risk Managemnt for McAfee.

They are all best-selling authors of all four previous editions of Hacking Exposed. McClure and Scambray also co-authored Hacking Exposed Windows 2000 and Hacking Exposed Windows Server 2003. Scambray co-authored Hacking Exposed Web Applications and Kurtz contributed to Hacking Exposed Linux.

Table of Contents

Foreword xvii
Acknowledgments xix
Introduction xxi
Part I Casing the Establishment
Case Study: Googling Your Way to Insecurity
2(3)
Footprinting
5(36)
What Is Footprinting?
6(2)
Why Is Footprinting Necessary?
6(2)
Internet Footprinting
8(32)
Step 1: Determine the Scope of Your Activities
8(1)
Step 2: Get Proper Authorization
8(1)
Step 3: Publicly Available Information
8(10)
Step 4: WHOIS & DNS Enumeration
18(14)
Step 5: DNS Interrogation
32(5)
Step 6: Network Reconnaissance
37(3)
Summary
40(1)
Scanning
41(36)
Determining If the System Is Alive
42(9)
Determining Which Services Are Running or Listening
51(17)
Scan Types
52(2)
Identifying TCP and UDP Services Running
54(6)
Windows-Based Port Scanners
60(6)
Port Scanning Breakdown
66(2)
Detecting the Operating System
68(8)
Active Stack Fingerprinting
69(4)
Passive Stack Fingerprinting
73(3)
Summary
76(1)
Enumeration
77(62)
Basic Banner Grabbing
79(2)
Enumerating Common Network Services
81(52)
Summary
133(3)
Part II System Hacking
Case Study: I Have a Mac---I Must Be Secure!
136(3)
Hacking Windows
139(72)
Overview
141(1)
What's Not Covered
142(1)
Unauthenticated Attacks
142(31)
Proprietary Windows Networking Protocol Attacks
143(22)
Windows Internet Service Implementations
165(8)
Authenticated Attacks
173(26)
Privilege Escalation
173(2)
Pilfering
175(11)
Remote Control and Back Doors
186(4)
Port Redirection
190(2)
General Countermeasures to Authenticated Compromise
192(4)
Covering Tracks
196(3)
Windows Security Features
199(10)
Keeping Up with Patches
199(1)
Group Policy
200(2)
IPSec
202(1)
runas
203(1)
.NET Framework
204(1)
Windows Firewall
205(1)
The Encrypting File System (EFS)
205(1)
Windows XP Service Pack 2
206(2)
Coda: The Burden of Windows Security
208(1)
Summary
209(2)
Hacking UNIX
211(82)
The Quest for Root
212(1)
A Brief Review
212(1)
Vulnerability Mapping
213(1)
Remote Access vs. Local Access
213(1)
Remote Access
214(47)
Data-Driven Attacks
218(12)
I Want My Shell
230(5)
Common Types of Remote Attacks
235(26)
Local Access
261(15)
After Hacking Root
276(14)
Rootkit Recovery
289(1)
Summary
290(3)
Remote Connectivity and VoIP Hacking
293(58)
Preparing to Dial Up
294(2)
War-Dialing
296(17)
Hardware
296(1)
Legal Issues
297(1)
Peripheral Costs
298(1)
Software
298(15)
Brute-force Scripting---The Homegrown Way
313(12)
PBX Hacking
325(4)
Voicemail Hacking
329(6)
Virtual Private Network (VPN) Hacking
335(4)
Voice over IP Attacks
339(6)
Most Common Attacks
340(5)
Summary
345(3)
Part III Network Hacking
Case Study: Wireless Insecurities
348(3)
Network Devices
351(56)
Discovery
352(4)
Detection
352(4)
Autonomous System Lookup
356(3)
Normal traceroute
357(1)
traceroute with ASN Information
357(1)
show ip bgp
358(1)
Public Newsgroups
359(1)
Service Detection
360(5)
Network Vulnerability
365(40)
OSI Layer 1
366(2)
OSI Layer 2
368(1)
Switch Sniffing
369(12)
OSI Layer 3
381(2)
dsniff
383(3)
Misconfigurations
386(7)
Route Protocol Hacking
393(11)
Management Protocol Hacking
404(1)
Summary
405(2)
Wireless Hacking
407(56)
Wireless Footprinting
408(17)
Equipment
409(16)
Wireless Scanning and Enumeration
425(12)
Wireless Sniffers
426(4)
Wireless Monitoring Tools
430(7)
Identifying Wireless Network Defenses and Countermeasures
437(5)
SSID
438(2)
MAC Access Control
440(2)
Gaining Access (Hacking 802.11)
442(6)
MAC Access Control
444(2)
Attacks Against the WEP Algorithm
446(1)
Securing WEP
447(1)
Tools That Exploit WEP Weaknesses
448(5)
LEAP Attacks
453(3)
Denial of Service (DoS) Attacks
456(1)
An 802.1x Overview
457(1)
Additional Resources
458(2)
Summary
460(3)
Firewalls
463(24)
Firewall Landscape
464(1)
Firewall Identification
465(7)
Advanced Firewall Discovery
469(3)
Scanning Through Firewalls
472(5)
Packet Filtering
477(3)
Application Proxy Vulnerabilities
480(4)
WinGate Vulnerabilities
482(2)
Summary
484(3)
Denial of Service Attacks
487(24)
Common DoS Attack Techniques
489(9)
Old-School DoS: Vulnerabilities
490(1)
Modern DoS: Capacity Depletion
491(7)
DoS Countermeasures
498(9)
A Quick Note on Practical Goals
498(1)
Resisting DoS
499(4)
Detecting DoS
503(1)
Responding to DoS
504(3)
Summary
507(3)
Part IV Software Hacking
Case Study: Only the Elite
510(1)
Hacking Code
511(24)
Common Exploit Techniques
512(11)
Buffer Overflows and Design Flaws
512(6)
Input Validation Attacks
518(5)
Common Countermeasures
523(11)
People: Changing the Culture
523(1)
Process: Security in the Development Lifecycle (SDL)
524(8)
Technology
532(1)
Recommended Further Reading
533(1)
Summary
534(1)
Web Hacking
535(38)
Web Server Hacking
536(10)
Sample Files
538(1)
Source Code Disclosure
539(1)
Canonicalization Attacks
539(1)
Server Extensions
540(2)
Buffer Overflows
542(2)
Web Server Vulnerability Scanners
544(2)
Web Application Hacking
546(26)
Finding Vulnerable Web Apps with Google
546(1)
Web Crawling
547(2)
Web Application Assessment
549(12)
Common Web Application Vulnerabilities
561(11)
Summary
572(1)
Hacking the Internet User
573(86)
Internet Client Vulnerabilities
574(49)
A Brief History of Internet Client Hacking
575(4)
JavaScript and Active Scripting
579(1)
Cookies
580(1)
Cross-Site Scripting (XSS)
581(1)
Cross-Frame/Domain Vulnerabilities
582(1)
SSL Attacks
583(3)
Payloads and Drop Points
586(1)
E-mail Hacking
587(4)
Instant Messaging (IM)
591(1)
Microsoft Internet Client Exploits and Countermeasures
592(8)
General Microsoft Client-Side Countermeasures
600(13)
Why Not Use Non-Microsoft Clients?
613(2)
Non-Microsoft Internet Clients
615(4)
Online Services
619(4)
Socio-Technical Attacks: Phishing and Identity Theft
623(5)
Phishing Techniques
624(4)
Annoying and Deceptive Software: Spyware, Adware, and Spam
628(6)
Common Insertion Techniques
629(1)
Blocking, Detecting, and Cleaning Annoying and Deceptive Software
630(4)
Malware
634(12)
Malware Variants and Common Techniques
634(8)
Detecting and Cleaning Malware
642(4)
Physical Security for End Users
646(1)
Summary
647(4)
Part V Appendixes
A Ports
651(6)
B Top 14 Security Vulnerabilities
657(2)
Index 659

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program