Hack I.T. - Security Through Penetration Testing

Hack I.T. - Security Through Penetration Testing

4.5 2
by T. J. Klevinsky, Scott Laliberte, Ajay Gupta
     
 

ISBN-10: 0201719568

ISBN-13: 9780201719567

Pub. Date: 02/28/2002

Publisher: Addison-Wesley

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art."
--From the Foreword by Simple Nomad, Senior Security Analyst,

…  See more details below

Overview

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art."
--From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team

Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.

Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.

Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack.

Specific topics covered in this book include:

  • Hacking myths
  • Potential drawbacks of penetration testing
  • Announced versus unannounced testing
  • Application-level holes and defenses
  • Penetration through the Internet, including zone transfer, sniffing, and port scanning
  • War dialing
  • Enumerating NT systems to expose security holes
  • Social engineering methods
  • Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
  • The Windows NT Resource kit
  • Port scanners and discovery tools
  • Sniffers and password crackers
  • Web testing tools
  • Remote control tools
  • Firewalls and intrusion detection systems
  • Numerous DoS attacks and tools

0201719568B01042002

Read More

Product Details

ISBN-13:
9780201719567
Publisher:
Addison-Wesley
Publication date:
02/28/2002
Pages:
544
Product dimensions:
7.32(w) x 8.97(h) x 1.33(d)

Table of Contents

Preface.

Introduction.

1. Hacking Today.

2. Defining the Hacker.

Hacker Skill Levels.

First-Tier Hackers.

Second-Tier Hackers.

Third-Tier Hackers.

Information Security Consultants.

Hacker Myths.

Information Security Myths.

3. Penetration for Hire.

Ramifications of Penetration Testing.

Requirements for a Freelance Consultant.

Skill Set.

Knowledge.

Tool Kit.

Hardware.

Record Keeping.

Ethics.

Announced vs. Unannounced Penetration Testing.

Definitions.

Pros and Cons of Both Types of Penetration Testing.

Documented Compromise.

4. Where the Exposures Lie.

Application Holes.

Berkeley Internet Name Domain (BIND) Implementations.

Common Gateway Interface (CGI).

Clear Text Services.

Default Accounts.

Domain Name Service (DNS).

File Permissions.

FTP and telnet.

ICMP.

IMAP and POP.

Modems

Lack of Monitoring and Intrusion Detection.

Network Architecture.

Network File System (NFS).

NT Ports 135n139.

NT Null Connection.

Poor Passwords and User IDs.

Remote Administration Services.

Remote Procedure Call (RPC).

sendmail.

Services Started by Default.

Simple Mail Transport Protocol (SMTP).

Simple Network Management Protocol (SNMP) Community Strings.

Viruses and Hidden Code.

Web Server Sample Files.

Web Server General Vulnerabilities.

Monitoring Vulnerabilities.

5. Internet Penetration.

Network Enumeration/Discovery.

Whois Query.

Zone Transfer.

Ping Sweeps.

Traceroute.

Vulnerability Analysis.

OS Identification.

Port Scanning.

Application Enumeration.

Internet Research.

Exploitation.

Case Study: Dual-Homed Hosts.

6. Dial-In Penetration.

War Dialing.

War Dialing Method.

Dialing

Login.

Login Screens.

Gathering Numbers.

Precautionary Methods.

War Dialing Tools.

ToneLoc.

THC-Scan.

TeleSweep.

PhoneSweep.

Case Study: War Dialing.

7. Internal Penetration Testing.

Scenarios.

Network Discovery.

NT Enumeration.

UNIX.

Searching for Exploits.

Sniffing.

Remotely Installing a Hacker Tool Kit.

Vulnerability Scanning.

Case Study: Snoop the User Desktop.

8. Social Engineering.

The Telephone.

Technical Support.

Disgruntled Customer.

Get Help Logging In.

Additional Methods.

Dumpster Diving.

Desktop Information.

Common Countermeasures.

9. UNIX Methods.

UNIX Services.

inetd Services.

r Services.

Remote Procedure Call Services.

Buffer Overflow Attacks.

File Permissions.

Applications.

Mail Servers.

Web Servers.

X Windows.

DNS Servers.

Misconfigurations.

UNIX Tools.

Datapipe.c.

QueSO.

Cheops.

nfsshell.

XSCAN.

Case Study: UNIX Penetration.

10. The Tool Kit.

Hardware.

Software.

Windows NT Workstation.

Linux.

VMware.

11. Automated Vulnerability Scanners.

Definition.

Testing Use.

Shortfalls.

Network-Based and Host-Based Scanners.

Tools.

Network-Based Scanners.

Network Associates CyberCop Scanner.

ISS Internet Scanner.

Nessus.

Symantec (Formerly Axent Technologies) NetRecon.

Bindview HackerShield (bv-control for Internet Security).

Host-Based Scanners.

Symantec (Formerly Axent Technologies) Enterprise Security Manager (ESM).

Pentasafe VigilEnt.

Conclusion.

12. Discovery Tools.

WS_Ping ProPack.

NetScanTools.

Sam Spade.

Rhino9 Pinger.

VisualRoute.

Nmap.

Whatis running.

13. Port Scanners.

Nmap.

7th Sphere Port Scanner.

Strobe.

SuperScan.

14. Sniffers.

Dsniff.

Linsniff.

Tcpdump.

BUTTSniffer.

SessionWall-3 (Now eTrust Intrusion Detection).

AntiSniff.

15. Password Crackers.

L0phtCrack.

pwdump2.

John the Ripper.

Cain.

ShowPass.

16. Windows NT Tools.

NET USE.

Null Connection.

NET VIEW.

NLTEST.

NBTSTAT.

epdump.

NETDOM.

Getmac.

Local Administrators.

Global (iDomain Adminsi).

Usrstat.

DumpSec.

user2Sid/sid2User.

NetBIOS Auditing Tool (NAT).

SMBGrind.

SRVCHECK.

SRVINFO.

AuditPol.

REGDMP.

Somarsoft DumpReg.

Remote.

Netcat.

SC.

AT.

FPipe.

Case Study: Weak Passwords.

Case Study: Internal Penetration to Windows.

17. Web-Testing Tools.

Whisker

SiteScan.

THC Happy Browser.

wwwhack.

Web Cracker.

Brutus.

Case Study: Compaq Management Agents Vulnerability.

18. Remote Control.

pcAnywhere.

Virtual Network Computing.

NetBus.

Back Orifice 2000.

19. Intrusion Detection Systems.

Definition.

IDS Evasion.

Stealth Port Scanning.

Aggressive Techniques.

Pitfalls.

Traits of Effective IDSs.

IDS Selection.

RealSecure

NetProwler.

Secure Intrusion Detection.

eTrust Intrusion Detection.

Network Flight Recorder.

Dragon.

Snort.

20. Firewalls.

Definition.

Monitoring.

Configuration.

Change Control.

Firewall Types.

Packet-Filtering Firewalls.

Stateful-Inspection Firewalls.

Proxy-Based Firewalls.

Network Address Translation.

Evasive Techniques.

Firewalls and Virtual Private Networks.

Case Study: Internet Information Server ExploitoMDAC.

21. Denial-of-Service Attacks.

Resource Exhaustion Attacks.

Papasmurf.

Trash2.

Igmpofdeath.c.

Fawx.

OBSD_fun.

Port Flooding.

Mutilate.

Pepsi5.

SYN Flooding.

Synful.

Synk4.

Naptha.

IP Fragmentation Attacks.

Jolt2.

Teardrop.

Syndrop.

Newtear.

Distributed Denial-of-Service Attacks.

Tribe Flood Network 2000.

Trin00.

Stacheldraht.

Usage.

Application-Based DoS Attacks.

Up Yours.

Wingatecrash.

WinNuke.

BitchSlap.

DOSNuke.

Shutup.

Web Server DoS Attacks.

Concatenated DoS Tools.

CyberCop.

ISS Internet Scanner.

Toast.

Spike.sh5.3.

Summary.

22. Wrapping It Up.

Countermeasures.

Keeping Current.

Web Sites.

Mailing Lists.

23. Future Trends.

Authentication.

Two- and Three-Factor Authentication.

Biometrics.

Token-Based Authentication.

Directory Services.

Encryption.

Public Key Infrastructure.

Distributed Systems.

Forensics.

Government Regulation.

Hacking Techniques.

Countermeasures.

Cyber-Crime Insurance.

Appendix A.

Appendix B. The Twenty Most Critical Internet Security Vulnerabilities—The Experts' Consensus.

Index. 0201719568T01172002

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >

Hack I.T. - Security Through Penetration Testing 4.5 out of 5 based on 0 ratings. 2 reviews.
Guest More than 1 year ago
Found this book to be more informative than others in this field. From SQL injections to how to use an electron microscope to retrieve overwritten information, this book gives great detail in how to hack internal server systems. Chapter 3 is of particular importance to administrators. I recommend this book.
Guest More than 1 year ago
The book makes a good case for using penetration testing (ethical hacking) as a part of the overall security program. And it is a good place to start in developing the skills and process for performing ethical hacking internally. Chapters 2.2 and 3 are must reads for any company who plans to hire someone to do a penetration test for them. I recommend this book....that's my two cents.