Hands-On Ethical Hacking and Network Defense

by ; ;
  • ISBN13:


  • ISBN10:


  • Edition: 1st
  • Format: Paperback
  • Copyright: 2012-04-17
  • Publisher: Cengage Learning PTR

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
  • eCampus.com Device Compatibility Matrix

    Click the device icon to install or view instructions

    Apple iOS | iPad, iPhone, iPod
    Android Devices | Android Tables & Phones OS 2.2 or higher | *Kindle Fire
    Windows 10 / 8 / 7 / Vista / XP
    Mac OS X | **iMac / Macbook
    Enjoy offline reading with these devices
    Apple Devices
    Android Devices
    Windows Devices
    Mac Devices
    iPad, iPhone, iPod
    Our reader is compatible
    Android 2.2 +
    Our reader is compatible
    Kindle Fire
    Our reader is compatible
    10 / 8 / 7 / Vista / XP
    Our reader is compatible
    Our reader is compatible
List Price: $39.33 Save up to $7.87
  • Rent Book $31.46
    Add to Cart Free Shipping


    7-Day eTextbook Access 7-Day eTextbook Access


Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


Learn the art of ethical hacking and security testing with HANDS-ON ETHICAL HACKING AND NETWORK DEFENSE. Covering the tools and techniques ethical hackers and security testers use to assess and protect computer networks, this book will help you develop the critical thinking skills and creativity essential to becoming a knowledgeable, efficient computer security professional. It provides practical knowledge in computer programming, documentation of security tests, and ethical and legal ramifications. It also covers the basics of programming with C, HTML and Perl as they relate to network and computer security--and Web applications, wireless networks, and TCP/IP as well. With the continued rise in credit card and identification theft as well as cyber terrorism and corporate espionage, trained network security professionals are more important than ever. Let the step-by-step approach of HANDS-ON ETHICAL HACKING AND NETWORK DEFENSE teach you the techniques and methodologies of security testing.

Author Biography

Michael T. Simpson is president/senior consultant of MTS Consulting, inc., specializing in network security and network design. Mike's certifications include CEH, CISSP, Security+, OSSTMM Professional Security Tester [OPST], OSSTMM Professional Security Analyst [0PSA], MCSE, MCDBA, MCSD, MCT, and OCP. He has authored or co-authored eight books and has more than twenty-four years of industry experience, including fifteen years with the Department of Defense [DoD], where he designed and configured computer networks and served as an Oracle database administrator, UNIX administrator, and information systems security officer [ISSO]. Kent Backman's expertise is in intrusion analysis, network vulnerability assessment, and opensource solution engineering. His interest and skill in ethical hacking developed while managing Web servers for Fortune 500 companies. An analyst for many security incident response teams, Kent spent several years in Baghdad as part of the advisory team to the Iraq Ministry of Defense, specializing in network security and Linux engineering. He holds RHCT, MCSA, CISSP, and CEH certifications and is a network security consultant in Honolulu. James (Jim) Corley has more than twenty-five years of experience in IT as a systems analyst, network engineer, and security professional. He worked for the DoD for nine years as a database administrator and information systems security officer. For the past sixteen years, Jim has been a consultant to the DoD on dozens of IT programs supporting both classified and unclassified voice, video, and data systems. He has been a Certified Information Systems Security Professional [CISSP] since 2002.

Table of Contents

Introductionp. xvii
Methods for Running BackTrack Linuxp. xxiii
Ethical Hacking Overviewp. 1
Introduction to Ethical Hackingp. 2
The Role of Security and Penetration Testersp. 2
Penetration-Testing Methodologiesp. 4
Certification Programs for Network Security Personnelp. 6
What You Can Do Legallyp. 10
Laws of the Landp. 11
Is Port Scanning Legal?p. 13
Federal Lawsp. 15
What You Cannot Do Legallyp. 17
Get It in Writingp. 17
Ethical Hacking in a Nutshellp. 18
Chapter Summaryp. 19
TCP/IP Concepts Reviewp. 21
Overview of TCP/IPp. 22
The Application Layerp. 22
The Transport Layerp. 24
The Internet Layerp. 34
IP Addressingp. 34
Planning IP Address Assignmentsp. 37
IPv6 Addressingp. 38
Overview of Numbering Systemsp. 39
Reviewing the Binary Numbering Systemp. 39
Reviewing the Octal Numbering Systemp. 42
Reviewing the Hexadecimal Numbering Systemp. 43
Chapter Summaryp. 44
Network and Computer Attacksp. 47
Malicious Software (Malware)p. 48
Virusesp. 48
Macro Virusesp. 54
Wormsp. 56
Trojan Programsp. 57
Spywarep. 58
Adwarep. 60
Protecting Against Malware Attacksp. 60
Educating Your Usersp. 61
Intruder Attacks on Networks and Computersp. 62
Denial-of-Service Attacksp. 63
Distributed Denial-of-Service Attacksp. 63
Buffer Overflow Attacksp. 64
Ping of Death Attacksp. 66
Session Hijackingp. 66
Addressing Physical Securityp. 67
Keyloggersp. 67
Behind Locked Doorsp. 69
Chapter Summaryp. 70
Footprinting and Social Engineeringp. 73
Using Web Tools for Footprintingp. 73
Conducting Competitive Intelligencep. 76
Analyzing a Company's Web Sitep. 77
Using Other Footprinting Toolsp. 79
Using E-mail Addressesp. 81
Using HTTP Basicsp. 82
Other Methods of Gathering Informationp. 86
Using Domain Name System Zone Transfersp. 88
Introduction to Social Engineeringp. 90
The Art of Shoulder Surfingp. 93
The Art of Dumpster Divingp. 96
The Art of Piggybackingp. 97
Phishingp. 98
Chapter Summaryp. 100
Port Scanningp. 101
Introduction to Port Scanningp. 102
Types of Port Scansp. 103
Using Port-Scanning Toolsp. 105
Nmapp. 105
Unicornscanp. 106
Nessus and OpenVASp. 107
Conducting Ping Sweepsp. 108
Fpingp. 109
Hpingp. 109
Crafting IP Packetsp. 110
Understanding Scriptingp. 112
Scripting Basicsp. 112
Chapter Summaryp. 115
Enumerationp. 117
Introduction to Enumerationp. 118
Enumerating Windows Operating Systemsp. 118
NetBIOS Basicsp. 118
NetBIOS Enumeration Toolsp. 124
Additional Enumeration Toolsp. 125
Enumerating the NetWare Operating Systemp. 133
NetWare Enumeration Toolsp. 134
Enumerating the *nix Operating Systemp. 139
UNIX Enumerationp. 140
Chapter Summaryp. 143
Programming for Security Professionalsp. 145
Introduction to Computer Programmingp. 146
Programming Fundamentalsp. 146
Learning the C Languagep. 150
Anatomy of a C Programp. 151
Understanding HTML Basicsp. 159
Creating a Web Page with HTMLp. 160
Understanding Perlp. 163
Background on Perlp. 163
Understanding the Basics of Perlp. 166
Understanding the BLT of Perlp. 168
Understanding Object-Oriented Programming Conceptsp. 172
Components of Object-Oriented Programmingp. 172
An Overview of Rubyp. 177
Chapter Summaryp. 179
Desktop and Server OS Vulnerabilitiesp. 181
Windows OS Vulnerabilitiesp. 181
Windows File Systemsp. 183
Remote Procedure Callp. 184
NetBIOSp. 185
Server Message Blockp. 186
Common Internet File Systemp. 186
Null Sessionsp. 188
Web Servicesp. 188
SQL Serverp. 188
Buffer Overflowsp. 189
Passwords and Authenticationp. 189
Tools for Identifying Vulnerabilities in Windowsp. 191
Built-in Windows Toolsp. 191
Best Practices for Hardening Windows Systemsp. 196
Patching Systemsp. 197
Antivirus Solutionsp. 198
Enable Logging and Review Logs Regularlyp. 198
Disable Unused Services and Filtering Portsp. 198
Other Security Best Practicesp. 199
Linux OS Vulnerabilitiesp. 200
Sambap. 201
Tools for Identifying Linux Vulnerabilitiesp. 202
More Countermeasures Against Linux Attacksp. 208
Chapter Summaryp. 210
Embedded Operating Systems: The Hidden Threatp. 213
Introduction to Embedded Operating Systemsp. 214
Windows and Other Embedded Operating Systemsp. 216
Other Proprietary Embedded OSsp. 218
*Nix Embedded OSsp. 220
Vulnerabilities of Embedded OSsp. 222
Embedded OSs Are Everywherep. 224
Embedded OSs Are Networkedp. 224
Embedded OSs Are Difficult to Patchp. 225
Embedded OSs Are in Networking Devicesp. 226
Embedded OSs Are in Network Peripheralsp. 227
Supervisory Control and Data Acquisition Systemsp. 230
Cell Phones, Smartphones, and PDAsp. 230
Rootkitsp. 231
Best Practices for Protecting Embedded OSsp. 232
Chapter Summaryp. 233
Hacking Web Serversp. 235
Understanding Web Applicationsp. 236
Web Application Componentsp. 236
Using Scripting Languagesp. 245
Connecting to Databasesp. 250
Understanding Web Application Vulnerabilitiesp. 252
Application Vulnerabilities and Countermeasuresp. 253
Assessing Web Applicationsp. 258
Tools for Web Attackers and Security Testersp. 265
Web Toolsp. 265
Chapter Summaryp. 271
Hacking Wireless Networksp. 273
Understanding Wireless Technologyp. 273
Components of a Wireless Networkp. 274
Understanding Wireless Network Standardsp. 282
The 802.11 Standardp. 282
An Overview of Wireless Technologiesp. 285
Additional IEEE 802.11 Projectsp. 286
Understanding Authenticationp. 288
The 802.1X Standardp. 288
Understanding Wardrivingp. 293
How It Worksp. 293
Understanding Wireless Hackingp. 297
Tools of the Tradep. 297
Countermeasures for Wireless Attacksp. 298
Chapter Summaryp. 300
Cryptographyp. 303
Understanding Cryptography Basicsp. 303
History of Cryptographyp. 304
Understanding Symmetric and Asymmetric Algorithmsp. 305
Symmetric Algorithmsp. 307
Asymmetric Algorithmsp. 311
Digital Signaturesp. 313
Sensitive Data Encryptionp. 315
Hashing Algorithmsp. 315
Understanding Public Key Infrastructurep. 317
Components of PKIp. 317
Understanding Cryptography Attacksp. 322
Birthday Attackp. 323
Mathematical Attacksp. 323
Brute-Force Attackp. 324
Man-in-the-Middle Attackp. 324
Dictionary Attackp. 325
Replay Attackp. 325
Understanding Password Crackingp. 326
Chapter Summaryp. 329
Network Protection Systemsp. 331
Understanding Routersp. 331
Understanding Routing Protocolsp. 332
Understanding Basic Hardware Routersp. 333
Understanding Access Control Listsp. 339
Understanding Firewallsp. 340
Understanding Firewall Technologyp. 341
Implementing a Firewallp. 344
Understanding the Cisco Adaptive Security Appliance Firewallp. 345
Using Configuration and Risk Analysis Tools for Firewalls and Routersp. 348
Understanding Intrusion Detection and Prevention Systemsp. 349
Network-Based and Host-Based IDSs and IPSsp. 350
Web Filteringp. 351
Security Incident Response Teamsp. 352
Understanding Honeypotsp. 352
How Honeypots Workp. 353
Chapter Summaryp. 355
Legal Resourcesp. 359
Resourcesp. 375
Virtualization and Ethical Hackingp. 387
Virtualization and Security Testingp. 387
Virtualization Vulnerabilitiesp. 388
Installing and Using Virtualization Softwarep. 389
Overview of VMware Serverp. 391
Downloading and Installing VMware Serverp. 392
Creating a Virtual Machine and Installing a Guest OSp. 393
Configuring Networking Optionsp. 400
Configuring Hardware Optionsp. 401
Installing VMware Toolsp. 402
Glossaryp. 405
Indexp. 421
Table of Contents provided by Ingram. All Rights Reserved.

Rewards Program

Write a Review