Hack I.T._ Security Through Penetration Testing.pdf

(12566 KB) Pobierz

I l@ve RuBoard

Front Matter

Table of Contents

About the Author

Examples

Hack I.T.: Security Through Penetration Testing

T. J. Klevinsky

Scott Laliberte

Ajay Gupta

Publisher: Addison Wesley

First Edition February 01, 2002

ISBN: 0-201-71956-8, 544 pages

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls,

contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and

error, as well as experience, and documented a previously unknown black art."

-From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team

Penetration testing--in which professional, "white hat" hackers attempt to break through an

organization’s security defenses--has become a key defense weapon in today’s information systems

security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent

true "black hat" hackers from compromising systems and exploiting proprietary information.

Hack I.T.introduces

penetration testing and its vital role in an overall network security plan. You will

learn about the roles and responsibilities of a penetration testing professional, the motivation and

strategies of the underground hacking community, and potential system vulnerabilities, along with

corresponding avenues of attack. Most importantly, the book provides a framework for performing

penetration testing and offers step-by-step descriptions of each stage in the process. The latest

information on the necessary hardware for performing penetration testing, as well as an extensive

reference on the available security tools, is included.

Comprehensive in scope

Hack I.T.

provides in one convenient resource the background, strategies,

techniques, and tools you need to test and protect your system--before the real hackers attack.

I l@ve RuBoard

I l@ve RuBoard

Hack I.T.: Security Through Penetration Testing

Foreword

Preface

Audience

Authors

How to Use This Book

Acknowledgments

Introduction

1. Hacking Today

2. Defining the Hacker

2.1 Hacker Skill Levels

2.2 Information Security Consultants

2.3 Hacker Myths

2.4 Information Security Myths

3. Penetration for Hire

3.1 Ramifications of Penetration Testing

3.2 Requirements for a Freelance Consultant

3.3 Announced vs. Unannounced Penetration Testing

4. Where the Exposures Lie

4.1 Application Holes

4.2 Berkeley Internet Name Domain ( BIND ) Implementations

4.3 Common Gateway Interface ( CGI )

4.4 Clear Text Services

4.5 Default Accounts

4.6 Domain Name Service ( DNS )

4.7 File Permissions

4.8 FTP and telnet

4.9 ICMP

4.10 IMAP and POP

4.11 Modems

4.12 Lack of Monitoring and Intrusion Detection

4.13 Network Architecture

4.14 Network File System ( NFS )

4.15 NT Ports 135?139

4.16 NT Null Connection

4.17 Poor Passwords and User IDs

4.18 Remote Administration Services

4.19 Remote Procedure Call ( RPC )

4.20 SENDMAIL

4.21 Services Started by Default

4.22 Simple Mail Transport Protocol ( SMTP )

4.23 Simple Network Management Protocol ( SNMP ) Community Strings

4.24 Viruses and Hidden Code

4.25 Web Server Sample Files

4.26 Web Server General Vulnerabilities

4.27 Monitoring Vulnerabilities

5. Internet Penetration

5.1 Network Enumeration/Discovery

5.2 Vulnerability Analysis

5.3 Exploitation

Case Study: Dual-Homed Hosts

6. Dial-In Penetration

6.1 War Dialing

6.2 War Dialing Method

6.3 Gathering Numbers

6.4 Precautionary Methods

6.5 War Dialing Tools

Case Study: War Dialing

7. Testing Internal Penetration

7.1 Scenarios

7.2 Network Discovery

7.3 NT Enumeration

7.4 UNIX

7.5 Searching for Exploits

7.6 Sniffing

7.7 Remotely Installing a Hacker Tool Kit

7.8 Vulnerability Scanning

Case Study: Snoop the User Desktop

8. Social Engineering

8.1 The Telephone

8.2 Dumpster Diving

8.3 Desktop Information

8.4 Common Countermeasures

9. UNIX Methods

9.1 UNIX Services

9.2 Buffer Overflow Attacks

9.3 File Permissions

9.4 Applications

9.5 Misconfigurations

9.6 UNIX Tools

Case Study: UNIX Penetration

10. The Tool Kit

10.1 Hardware

10.2 Software

10.3 VMware

11. Automated Vulnerability Scanners

11.1 Definition

11.2 Testing Use

11.3 Shortfalls

11.4 Network-Based and Host-Based Scanners

11.5 Tools

11.6 Network-Based Scanners

11.7 Host-Based Scanners

11.8 Pentasafe VigilEnt

11.9 Conclusion

12. Discovery Tools

12.1 WS_Ping ProPack

12.2 NetScanTools

12.3 Sam Spade

12.4 Rhino9 Pinger

12.5 VisualRoute

12.6 Nmap

12.7 What's running

13. Port Scanners

13.1 Nmap

13.2 7th Sphere Port Scanner

13.3 Strobe

13.4 SuperScan

Plik z chomika:

jacek_040

Inne pliki z tego folderu:

Exploiting Web-Based Applications - FREE Video Training Course PART 1.rar (506812 KB)
Exploiting Web-Based Applications - FREE Video Training Course PART 2.rar (933817 KB)
50 Android Hacks.pdf (3465 KB)
50 Reasons For Mastering Penetration Testing.azw3 (171 KB)
610.1 - Malware Analysis Fundamentals.pdf (31650 KB)

Hack I.T._ Security Through Penetration Testing.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: