Hacking / by Kevin Beaver, CISSP.
Record details
- ISBN: 1119872197 : PAP
- ISBN: 9781119872191 : PAP
- ISBN: 9781119872191
- ISBN: 1119872197
- Physical Description: xii, 396 pages : illustrations ; 24 cm
- Edition: 7th edition.
- Publisher: Hoboken, NJ : John Wiley & Sons, Inc., [2022]
- Copyright: ©2022
Content descriptions
General Note: | Previous edition: 2018. |
Bibliography, etc. Note: | Includes bibliographical references and index. |
Formatted Contents Note: | pt. I. Building the foundation for security testing. Introduction to vulnerability and penetration testing ; Cracking the hacker mindset ; Developing your security testing plan ; Hacking methodology -- pt. II. Putting security testing in motion. Information gathering ; Social engineering ; Physical security ; Passwords -- pt. III. Hacking network hosts. Network infrastructure systems ; Wireless networks ; Mobile devices -- pt. IV. Hacking operating systems. Windows ; Linux and macOS -- pt. V. Hacking applications. Communication and messaging systems ; Web applications and mobile apps ; Databases and storage systems -- pt. VI. Security testing aftermath. Reporting your results ; Plugging your security holes ; Managing security processes -- pt. VII. The part of tens. Ten tips for getting security buy-in ; Ten reasons hacking is the only effective way to test ; Ten deadly mistakes ; Appendix: tools and resources. |
Search for related items by subject
Subject: | Computer security. Computer networks > Security measures. Hackers. |
Search for related items by series
Available copies
- 3 of 4 copies available at Bibliomation.
- 2 of 3 copies available at Bridgeport Public Library. (Show)
Holds
- 0 current holds with 4 total copies.
Show Only Available Copies
Location | Call Number / Copy Notes | Barcode | Shelving Location | Status | Due Date |
---|---|---|---|---|---|
Beardsley Branch - Bridgeport | 005.8 BEAVER (Text) | 34000151363348 | Adult Nonfiction | Available | - |
Burroughs-Saden Main - Bridgeport | 005.8 BEAVER (Text) | 34000151332541 | Adult Nonfiction | Checked out | 04/12/2024 |
East Side Branch - Bridgeport | 005.8 BEAVER (Text) | 34000151324308 | Adult Nonfiction | Available | - |
Ridgefield Library | 005.8 BEA (Text) | 34010150973401 | Adult Nonfiction | Available | - |
Loading...
Hacking for Dummies
Click an element below to view details:
Table of Contents
Hacking for Dummies
Section | Section Description | Page Number |
---|---|---|
Introduction | p. 1 | |
About This Book | p. 2 | |
Foolish Assumptions | p. 2 | |
Icons Used in This Book | p. 3 | |
Beyond the Book | p. 4 | |
Where to Go from Here | p. 4 | |
Part 1 | Building the Foundation for Security Testing | p. 5 |
Chapter 1 | Introduction to Vulnerability and Penetration Testing | p. 7 |
Straightening Out the Terminology | p. 7 | |
Hacker | p. 8 | |
Malicious user | p. 9 | |
Recognizing How Malicious Attackers Beget Ethical Hackers | p. 10 | |
Vulnerability and penetration testing versus auditing | p. 11 | |
Policy considerations | p. 11 | |
Compliance and regulatory concerns | p. 12 | |
Understanding the Need to Hack Your Own Systems | p. 12 | |
Understanding the Dangers Your Systems Face | p. 14 | |
Nontechnical attacks | p. 14 | |
Network infrastructure attacks | p. 15 | |
Operating system attacks | p. 15 | |
Application and other specialized attacks | p. 15 | |
Following the Security Assessment Principles | p. 16 | |
Working ethically | p. 16 | |
Respecting privacy | p. 17 | |
Not crashing your systems | p. 17 | |
Using the Vulnerability and Penetration Testing Process | p. 18 | |
Formulating your plan | p. 18 | |
Selecting tools | p. 21 | |
Executing the plan | p. 22 | |
Evaluating results | p. 24 | |
Moving on | p. 24 | |
Chapter 2 | Cracking the Hacker Mindset | p. 25 |
What You're Up Against | p. 25 | |
Who Breaks into Computer Systems | p. 28 | |
Hacker skill levels | p. 28 | |
Hacker motivations | p. 30 | |
Why They Do It | p. 31 | |
Planning and Performing Attacks | p. 34 | |
Maintaining Anonymity | p. 36 | |
Chapter 3 | Developing Your Security Testing Plan | p. 37 |
Establishing Your Goals | p. 38 | |
Determining Which Systems to Test | p. 40 | |
Creating Testing Standards | p. 43 | |
Timing your tests | p. 43 | |
Running specific tests | p. 44 | |
Conducting blind versus knowledge assessments | p. 45 | |
Picking your location | p. 46 | |
Responding to vulnerabilities you find | p. 47 | |
Making silly assumptions | p. 47 | |
Selecting Security Assessment Tools | p. 48 | |
Chapter 4 | Hacking Methodology | p. 49 |
Setting the Stage for Testing | p. 49 | |
Seeing What Others See | p. 51 | |
Scanning Systems | p. 52 | |
Hosts | p. 53 | |
Open ports | p. 53 | |
Determining What's Running on Open Ports | p. 54 | |
Assessing Vulnerabilities | p. 56 | |
Penetrating the System | p. 58 | |
Part 2 | Putting Security Testing in Motion | p. 59 |
Chapter 5 | Information Gathering | p. 61 |
Gathering Public Information | p. 61 | |
Social media | p. 62 | |
Web search | p. 62 | |
Web crawling | p. 63 | |
Websites | p. 64 | |
Mapping the Network | p. 65 | |
WHOIS | p. 65 | |
Privacy policies | p. 66 | |
Chapter 6 | Social Engineering | p. 69 |
Introducing Social Engineering | p. 69 | |
Starting Your Social Engineering Tests | p. 71 | |
Knowing Why Attackers Use Social Engineering | p. 71 | |
Understanding the Implications | p. 72 | |
Building trust | p. 73 | |
Exploiting the relationship | p. 74 | |
Performing Social Engineering Attacks | p. 77 | |
Determining a goal | p. 77 | |
Seeking information | p. 77 | |
Social Engineering Countermeasures | p. 82 | |
Policies | p. 82 | |
User awareness and training | p. 83 | |
Chapter 7 | Physical Security | p. 87 |
Identifying Basic Physical Security Vulnerabilities | p. 88 | |
Pinpointing Physical Vulnerabilities in Your Office | p. 89 | |
Building infrastructure | p. 90 | |
Utilities | p. 91 | |
Office layout and use | p. 93 | |
Network components and computers | p. 95 | |
Chapter 8 | Passwords | p. 99 |
Understanding Password Vulnerabilities | p. 100 | |
Organizational password vulnerabilities | p. 101 | |
Technical password vulnerabilities | p. 101 | |
Cracking Passwords | p. 102 | |
Cracking passwords the old-fashioned way | p. 103 | |
Cracking passwords with high-tech tools | p. 106 | |
Cracking password-protected files | p. 115 | |
Understanding other ways to crack passwords | p. 116 | |
General Password Cracking Countermeasures | p. 121 | |
Storing passwords | p. 122 | |
Creating password policies | p. 122 | |
Taking other countermeasures | p. 124 | |
Securing Operating Systems | p. 126 | |
Windows | p. 126 | |
Linux and Unix | p. 127 | |
Part 3 | Hacking Network Hosts | p. 129 |
Chapter 9 | Network Infrastructure Systems | p. 131 |
Understanding Network Infrastructure Vulnerabilities | p. 132 | |
Choosing Tools | p. 133 | |
Scanners and analyzers | p. 134 | |
Vulnerability assessment | p. 134 | |
Scanning, Poking, and Prodding the Network | p. 135 | |
Scanning ports | p. 135 | |
Scanning SNMP | p. 141 | |
Grabbing banners | p. 143 | |
Testing firewall rules | p. 144 | |
Analyzing network data | p. 146 | |
The MAC-daddy attack | p. 153 | |
Testing denial of service attacks | p. 157 | |
Detecting Common Router, Switch, and Firewall Weaknesses | p. 161 | |
Finding unsecured interfaces | p. 161 | |
Uncovering issues with SSL and TLS | p. 162 | |
Putting Up General Network Defenses | p. 162 | |
Chapter 10 | Wireless Networks | p. 165 |
Understanding the Implications of Wireless Network Vulnerabilities | p. 166 | |
Choosing Your Tools | p. 166 | |
Discovering Wireless Networks | p. 168 | |
Checking for worldwide recognition | p. 168 | |
Scanning your local airwaves | p. 169 | |
Discovering Wireless Network Attacks and Taking Countermeasures | p. 171 | |
Encrypted traffic | p. 173 | |
Countermeasures against encrypted traffic attacks | p. 177 | |
Wi-Fi Protected Setup | p. 179 | |
Countermeasures against the WPS PIN flaw | p. 181 | |
Rogue wireless devices | p. 181 | |
Countermeasures against rogue wireless devices | p. 185 | |
MAC spoofing | p. 185 | |
Countermeasures against MAC spoofing | p. 189 | |
Physical security problems | p. 189 | |
Countermeasures against physical security problems | p. 190 | |
Vulnerable wireless workstations | p. 190 | |
Countermeasures against vulnerable wireless workstations | p. 191 | |
Default configuration settings | p. 191 | |
Countermeasures against default configuration settings exploits | p. 191 | |
Chapter 11 | Mobile Devices | p. 193 |
Sizing Up Mobile Vulnerabilities | p. 193 | |
Cracking Laptop Passwords | p. 194 | |
Choosing your tools | p. 194 | |
Applying countermeasures | p. 198 | |
Cracking Phones and Tablets | p. 199 | |
Cracking iOS passwords | p. 200 | |
Taking countermeasures against password cracking | p. 203 | |
Part 4 | Hacking Operating Systems | p. 205 |
Chapter 12 | Windows | p. 207 |
Introducing Windows Vulnerabilities | p. 208 | |
Choosing Tools | p. 209 | |
Free Microsoft tools | p. 209 | |
All-in-one assessment tools | p. 210 | |
Task-specific tools | p. 210 | |
Gathering Information About Your Windows Vulnerabilities | p. 211 | |
System scanning | p. 211 | |
NetBIOS | p. 214 | |
Detecting Null Sessions | p. 217 | |
Mapping | p. 217 | |
Gleaning information | p. 218 | |
Countermeasures against null-session hacks | p. 221 | |
Checking Share Permissions | p. 222 | |
Windows defaults | p. 222 | |
Testing | p. 223 | |
Exploiting Missing Patches | p. 224 | |
Using Metasploit | p. 225 | |
Countermeasures against missing patch vulnerability exploits | p. 231 | |
Running Authenticated Scans | p. 231 | |
Chapter 13 | Linux and macOS | p. 233 |
Understanding Linux Vulnerabilities | p. 234 | |
Choosing Tools | p. 235 | |
Gathering Information About Your System Vulnerabilities | p. 235 | |
System scanning | p. 235 | |
Countermeasures against system scanning | p. 238 | |
Finding Unneeded and Unsecured Services | p. 240 | |
Searches | p. 240 | |
Countermeasures against attacks on unneeded services | p. 242 | |
Securing the .rhosts and hosts.equiv Files | p. 244 | |
Hacks using the hosts.equiv and .rhosts files | p. 244 | |
Countermeasures against .rhosts and hosts.equiv file attacks | p. 245 | |
Assessing the Security of NFS | p. 247 | |
NFS hacks | p. 247 | |
Countermeasures against NFS attacks | p. 248 | |
Checking File Permissions | p. 248 | |
File permission hacks | p. 248 | |
Countermeasures against file permission attacks | p. 248 | |
Finding Buffer Overflow Vulnerabilities | p. 250 | |
Attacks | p. 250 | |
Countermeasures against buffer overflow attacks | p. 250 | |
Checking Physical Security | p. 251 | |
Physical security hacks | p. 251 | |
Countermeasures against physical security attacks | p. 251 | |
Performing General Security Tests | p. 252 | |
Patching | p. 253 | |
Distribution updates | p. 254 | |
Multiplatform update managers | p. 255 | |
Part 5 | Hacking Applications | p. 257 |
Chapter 14 | Communication and Messaging Systems | p. 259 |
Introducing Messaging System Vulnerabilities | p. 259 | |
Recognizing and Countering Email Attacks | p. 260 | |
Email bombs | p. 261 | |
Banners | p. 264 | |
SMTP attacks | p. 266 | |
General best practices for minimizing email security risks | p. 275 | |
Understanding VoIP | p. 276 | |
VoIP vulnerabilities | p. 277 | |
Countermeasures against VoIP vulnerabilities | p. 282 | |
Chapter 15 | Web Applications and Mobile Apps | p. 283 |
Choosing Your Web Security Testing Tools | p. 284 | |
Seeking Out Web Vulnerabilities | p. 285 | |
Directory traversal | p. 285 | |
Countermeasures against directory traversals | p. 289 | |
Input-filtering attacks | p. 290 | |
Countermeasures against input attacks | p. 297 | |
Default script attacks | p. 299 | |
Countermeasures against default script attacks | p. 299 | |
Unsecured login mechanisms | p. 300 | |
Countermeasures against unsecured login systems | p. 303 | |
Performing general security scans for web application vulnerabilities | p. 304 | |
Minimizing Web Security Risks | p. 305 | |
Practicing security by obscurity | p. 305 | |
Putting up firewalls | p. 306 | |
Analyzing source code | p. 306 | |
Uncovering Mobile App Flaws | p. 307 | |
Chapter 16 | Databases and Storage Systems | p. 309 |
Diving Into Databases | p. 309 | |
Choosing tools | p. 310 | |
Finding databases on the network | p. 310 | |
Cracking database passwords | p. 311 | |
Scanning databases for vulnerabilities | p. 312 | |
Following Best Practices for Minimizing Database Security Risks | p. 313 | |
Opening Up About Storage Systems | p. 314 | |
Choosing tools | p. 315 | |
Finding storage systems on the network | p. 315 | |
Rooting out sensitive text in network files | p. 316 | |
Following Best Practices for Minimizing Storage Security Risks | p. 319 | |
Part 6 | Security Testing Aftermath | p. 321 |
Chapter 17 | Reporting Your Results | p. 323 |
Pulling the Results Together | p. 323 | |
Prioritizing Vulnerabilities | p. 325 | |
Creating Reports | p. 327 | |
Chapter 18 | Plugging Your Security Holes | p. 329 |
Turning Your Reports into Action | p. 329 | |
Patching for Perfection | p. 330 | |
Patch management | p. 331 | |
Patch automation | p. 331 | |
Hardening Your Systems | p. 332 | |
Assessing Your Security Infrastructure | p. 334 | |
Chapter 19 | Managing Security Processes | p. 337 |
Automating the Security Assessment Process | p. 337 | |
Monitoring Malicious Use | p. 338 | |
Outsourcing Security Assessments | p. 340 | |
Instilling a Security-Aware Mindset | p. 342 | |
Keeping Up with Other Security Efforts | p. 343 | |
Part 7 | The Part of Tens | p. 345 |
Chapter 20 | Ten Tips for Getting Security Buy-In | p. 347 |
Cultivate an Ally and a Sponsor | p. 347 | |
Don't Be a FUDdy-Duddy | p. 348 | |
Demonstrate That the Organization Can't Afford to Be Hacked | p. 348 | |
Outline the General Benefits of Security Testing | p. 349 | |
Show How Security Testing Specifically Helps the Organization | p. 350 | |
Get Involved in the Business | p. 350 | |
Establish Your Credibility | p. 351 | |
Speak on Management's Level | p. 351 | |
Show Value in Your Efforts | p. 352 | |
Be Flexible and Adaptable | p. 352 | |
Chapter 21 | Ten Reasons Hacking Is the Only Effective Way to Test | p. 353 |
The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods | p. 353 | |
IT Governance and Compliance Are More Than High-Level Audits | p. 354 | |
Vulnerability and Penetration Testing Complements Audits and Security Evaluations | p. 354 | |
Customers and Partners Will Ask How Secure Your Systems Are | p. 354 | |
The Law of Averages Works Against Businesses | p. 355 | |
Security Assessments Improve Understanding of Business Threats | p. 355 | |
If a Breach Occurs, You Have Something to Fall Back On | p. 355 | |
In-Depth Testing Brings Out the Worst in Your Systems | p. 356 | |
Combined Vulnerability and Penetration Testing Is What You Need | p. 356 | |
Proper Testing Can Uncover Overlooked Weaknesses | p. 356 | |
Chapter 22 | Ten Deadly Mistakes | p. 357 |
Not Getting Approval | p. 357 | |
Assuming That You Can Find All Vulnerabilities | p. 358 | |
Assuming That You Can Eliminate All Vulnerabilities | p. 358 | |
Performing Tests Only Once | p. 359 | |
Thinking That You Know It All | p. 359 | |
Running Your Tests Without Looking at Things from a Hacker's Viewpoint | p. 359 | |
Not Testing the Right Systems | p. 360 | |
Not Using the Right Tools | p. 360 | |
Pounding Production Systems at the Wrong Time | p. 360 | |
Outsourcing Testing and Not Staying Involved | p. 361 | |
Appendix: Tools and Resources | p. 363 | |
Index | p. 379 |