Hack I.T. - Security Through Penetration Testing

Multimedia Set (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Multimedia Set)
  • All (19) from $1.99   
  • New (3) from $39.79   
  • Used (16) from $1.99   

Overview

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art."
--From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team

Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.

Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.

Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack.

Specific topics covered in this book include:

  • Hacking myths
  • Potential drawbacks of penetration testing
  • Announced versus unannounced testing
  • Application-level holes and defenses
  • Penetration through the Internet, including zone transfer, sniffing, and port scanning
  • War dialing
  • Enumerating NT systems to expose security holes
  • Social engineering methods
  • Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
  • The Windows NT Resource kit
  • Port scanners and discovery tools
  • Sniffers and password crackers
  • Web testing tools
  • Remote control tools
  • Firewalls and intrusion detection systems
  • Numerous DoS attacks and tools

0201719568B01042002

Read More Show Less

Editorial Reviews

From The Critics
Useful for security personnel (and hackers too?) this book offers a framework for penetration, and step-by-step instruction on the process. After introducing penetration testing and outlining its role in network security planning, the book describes the roles and responsibilities of a penetration testing professional, the motivations and strategies of hackers, potential system vulnerabilities, and avenues of attack. A companion CD-ROM contains security tools. The authors work for a security firm. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More Show Less

Product Details

  • ISBN-13: 9780201719567
  • Publisher: Addison-Wesley
  • Publication date: 2/28/2002
  • Pages: 544
  • Product dimensions: 7.32 (w) x 8.97 (h) x 1.33 (d)

Meet the Author

T.J. Klevinsky is part of Ernst & Young¿s Security and Technology Solutions practice, where he coordinates attack and penetration exercises for Fortune 500 corporations worldwide. He is also an instructor for the Ernst & Young¿s Extreme Hacking course. Additionally, T.J. is an instructor with SANS, where he teaches the course Contemporary Hacking Tools and Penetration Testing, a survey of recent security related software tools.

Scott Laliberte, CISSP, CISM, MBA, is a leader of Protiviti’s Global Information Security Practice. He has extensive experience in the areas of information systems security, network operations, incident response, and e-commerce, and has served clients in many industries, including healthcare, life sciences, financial services, manufacturing, and other industries. Scott has led many security engagements, including attack and penetration studies, Web application security reviews, systems vulnerability assessments, wireless security reviews, and security systems implementation. In addition, he has led a number of incident response projects, which help organizations identify, stop, and recover from security incidents and attacks. He has spoken on information security topics for a variety of audiences and industries, including MIS Training Institute (MISTI), National Association of Financial Services Auditors (NAFSA), ISACA, IIA, and HCCA. He has been quoted as a security expert in the Financial Times, Securities Industries News, and elsewhere, and has authored numerous information security articles for a variety of publications.

Ajay Gupta, CISSP, founder and president of Gsecurity, is an expert on cyber security, secure architecture, and information privacy. Gsecurity provides cyber security and data privacy services to federal, state, and local governments, as well as commercial clients in the educational, financial, and health-care sectors.

Read More Show Less

Read an Excerpt

Why write a book about hacking? The question is really whether a book about the techniques and tools used to break into a network would be beneficial to the information security community. We, the authors, believe that penetration testing is a valuable and effective means of identifying security holes and weaknesses in a network and computing environment. Understanding how others will try to break into a network offers considerable insight into the common pitfalls and misconfigurations that make networks vulnerable. This insight is essential to creating a comprehensive network security structure.

Some may argue that providing this penetration-testing information gives script kiddies and hackers ammunition to better attack systems. However, script kiddies and hackers already have access to this information or have the time to find it—most of the material presented in this book is available from a variety of sources on the Internet. The problem is that the system and security administrators defending against attacks do not have the time or resources to research the sites necessary to compile this information. We decided to write this book to provide defenders with the information hackers already have. A hacker has to find only one hole to gain unauthorized access. The security group defending against the hackers needs to find all the holes to prevent unauthorized access.

There is no tried-and-true training that can make everyone a security expert, but there are some baseline principles, skills, and tools that must be mastered to become proficient in this field. Our goal is to provide you with those skills in a manner that helps you to understand the structure and tools used and to begin developing your own style of penetration testing.The process described in this book is not the only way to perform a penetration test. We continue to evolve our own methodology to respond to new technologies and threats. This process has worked well for us in the past and continues to be a successful way to evaluate and test network security.

Audience

This book is intended for the security administrators, systems administrators, technology auditors, and other authorized representatives of companies that want to legitimately test their security posture and intrusion detection or incident response capabilities. In addition, other individuals who need to assess systems and network security may find the tools and techniques described in this book useful. It is designed as a beginner's book for enhancing network security through penetration testing. No previous knowledge of penetration testing is required, but an understanding of networking, TCP/IP, Windows NT/2000, network security, and UNIX is needed to be able to execute a penetration test.

A word of caution: Although this book details the processes and tools for performing a penetration test, it does not describe how to do this without alerting network security devices. Many of these techniques will be detected and should not be performed without the written consent of the owners of the target systems. We intend for this book to be not a how-to hack manual but rather a framework for performing a systematic network security review. Intrusion detection mechanisms on most networks today have become very sophisticated and, if configured properly, can be used to track anyone practicing these techniques on a network.

How to Use This Book

The managers of an ever-growing number of companies are beginning to see information security as an issue requiring attention, showing how much of a threat they truly believe exists. In any case, whether you work as part of the security department of a large corporation or as a system administrator with security as part of your job description, knowing how to get into your network is one of the best ways to secure it.

The first part of this book (Chapters 1-4) explains the roles and responsibilities of a penetration-testing professional and the motivation and styles of the hacking community. This information provides insight into why hacking has become so popular with the media and what difficulties are associated with protecting a network. The material is designed to provide background information to support the use of penetration testing as an important part of an overall network security plan. A penetration test not only tests the network's ability to protect information and other assets from unauthorized individuals but also can test the organization's ability to detect such intrusion attempts and its incident response capabilities. We also discuss some of the common pitfalls in technology and defenses that contribute to security weaknesses. A large portion of successful network security breeches could have been avoided if special attention had been given to these issues.

The second part of this book (Chapters 5-10) provides a structured framework for a penetration test. Penetration testing can be broken down into a series of steps that provide an efficient and comprehensive review of individual network segments. Whether the test is an internal or external review, the methodology follows the steps of discovery, scanning, and exploitation. This section outlines methods for finding the target network, identifying possible vulnerable services, exploiting weaknesses, and documenting the results. This methodology yields a test that is structured, efficient, and repeatable. In this section of the book we also introduce various tools that can be used to assist with this methodology. We briefly describe each tool's use and place in testing.

The third section of this book (Chapters 11-16) provides greater detail on the tools that can increase the speed and accuracy of a penetration test. This "tools and techniques" section is presented in a reference format so you can locate a tool by its role in testing and obtain the information necessary to begin using the tool or find the information necessary to do so. A large collection of tools have been released by commercial and open-source programmers that identify vulnerabilities in networks, applications, and/or services and should be used as part of an assessment. While most of them may be identified by an intrusion detection system, they can usually find exposures on your network faster than manual methods. We provide detailed explanations of each tool, including its basic usage and where to get updates. You will find that some programs are described in greater depth than others. We spend more time on the tools that we find more helpful or that reveal the most information. For ease of use, we obtained demo or freeware software for many of the tools covered and included them on the CD-ROM available with this book. This software is intended to give you the opportunity to become familiar with some of the more popular tools and to see which work best for you. This section is designed to help you pick out the right hardware, operating systems, and software to make a testing tool kit.

The last section of this book (Chapters 17-23) moves toward advanced techniques and application testing. You should review this section once you have created and are comfortable with your own tool kit. This section details methods that can be used to evade intrusion detection systems and firewalls, control hosts on target networks remotely, and test Web servers. It also includes a discussion on denial-of-service attacks and a section on how to keep up with the current trends and latest developments in information security. This section contains a list of Web sites and e-mail lists that we used in our research, as well as information on long-term countermeasures to improve security. Finally, we include a brief discussion about future trends within the information technology arena and the possible risks that these trends may produce.

At the end of some chapters are case studies that deal with some of the issues and tools discussed. The case studies detail steps we have followed in real-world penetration-testing engagements to help illustrate how all the pieces of penetration testing fit together. The samples we selected include internal, external, and dial-up testing and reflect different operating systems, vulnerabilities, and exploits in an attempt to demonstrate as many of the techniques discussed in the book as possible. In each case we keep anonymous the name, industry type, and any other information that could be used to identify the parties involved.

—T.J. Klevinsky
—Scott Laliberte
—Ajay Gupta

Read More Show Less

Table of Contents

Preface.

Introduction.

1. Hacking Today.

2. Defining the Hacker.

Hacker Skill Levels.

First-Tier Hackers.

Second-Tier Hackers.

Third-Tier Hackers.

Information Security Consultants.

Hacker Myths.

Information Security Myths.

3. Penetration for Hire.

Ramifications of Penetration Testing.

Requirements for a Freelance Consultant.

Skill Set.

Knowledge.

Tool Kit.

Hardware.

Record Keeping.

Ethics.

Announced vs. Unannounced Penetration Testing.

Definitions.

Pros and Cons of Both Types of Penetration Testing.

Documented Compromise.

4. Where the Exposures Lie.

Application Holes.

Berkeley Internet Name Domain (BIND) Implementations.

Common Gateway Interface (CGI).

Clear Text Services.

Default Accounts.

Domain Name Service (DNS).

File Permissions.

FTP and telnet.

ICMP.

IMAP and POP.

Modems

Lack of Monitoring and Intrusion Detection.

Network Architecture.

Network File System (NFS).

NT Ports 135n139.

NT Null Connection.

Poor Passwords and User IDs.

Remote Administration Services.

Remote Procedure Call (RPC).

sendmail.

Services Started by Default.

Simple Mail Transport Protocol (SMTP).

Simple Network Management Protocol (SNMP) Community Strings.

Viruses and Hidden Code.

Web Server Sample Files.

Web Server General Vulnerabilities.

Monitoring Vulnerabilities.

5. Internet Penetration.

Network Enumeration/Discovery.

Whois Query.

Zone Transfer.

Ping Sweeps.

Traceroute.

Vulnerability Analysis.

OS Identification.

Port Scanning.

Application Enumeration.

Internet Research.

Exploitation.

Case Study: Dual-Homed Hosts.

6. Dial-In Penetration.

War Dialing.

War Dialing Method.

Dialing

Login.

Login Screens.

Gathering Numbers.

Precautionary Methods.

War Dialing Tools.

ToneLoc.

THC-Scan.

TeleSweep.

PhoneSweep.

Case Study: War Dialing.

7. Internal Penetration Testing.

Scenarios.

Network Discovery.

NT Enumeration.

UNIX.

Searching for Exploits.

Sniffing.

Remotely Installing a Hacker Tool Kit.

Vulnerability Scanning.

Case Study: Snoop the User Desktop.

8. Social Engineering.

The Telephone.

Technical Support.

Disgruntled Customer.

Get Help Logging In.

Additional Methods.

Dumpster Diving.

Desktop Information.

Common Countermeasures.

9. UNIX Methods.

UNIX Services.

inetd Services.

r Services.

Remote Procedure Call Services.

Buffer Overflow Attacks.

File Permissions.

Applications.

Mail Servers.

Web Servers.

X Windows.

DNS Servers.

Misconfigurations.

UNIX Tools.

Datapipe.c.

QueSO.

Cheops.

nfsshell.

XSCAN.

Case Study: UNIX Penetration.

10. The Tool Kit.

Hardware.

Software.

Windows NT Workstation.

Linux.

VMware.

11. Automated Vulnerability Scanners.

Definition.

Testing Use.

Shortfalls.

Network-Based and Host-Based Scanners.

Tools.

Network-Based Scanners.

Network Associates CyberCop Scanner.

ISS Internet Scanner.

Nessus.

Symantec (Formerly Axent Technologies) NetRecon.

Bindview HackerShield (bv-control for Internet Security).

Host-Based Scanners.

Symantec (Formerly Axent Technologies) Enterprise Security Manager (ESM).

Pentasafe VigilEnt.

Conclusion.

12. Discovery Tools.

WS_Ping ProPack.

NetScanTools.

Sam Spade.

Rhino9 Pinger.

VisualRoute.

Nmap.

Whatis running.

13. Port Scanners.

Nmap.

7th Sphere Port Scanner.

Strobe.

SuperScan.

14. Sniffers.

Dsniff.

Linsniff.

Tcpdump.

BUTTSniffer.

SessionWall-3 (Now eTrust Intrusion Detection).

AntiSniff.

15. Password Crackers.

L0phtCrack.

pwdump2.

John the Ripper.

Cain.

ShowPass.

16. Windows NT Tools.

NET USE.

Null Connection.

NET VIEW.

NLTEST.

NBTSTAT.

epdump.

NETDOM.

Getmac.

Local Administrators.

Global (iDomain Adminsi).

Usrstat.

DumpSec.

user2Sid/sid2User.

NetBIOS Auditing Tool (NAT).

SMBGrind.

SRVCHECK.

SRVINFO.

AuditPol.

REGDMP.

Somarsoft DumpReg.

Remote.

Netcat.

SC.

AT.

FPipe.

Case Study: Weak Passwords.

Case Study: Internal Penetration to Windows.

17. Web-Testing Tools.

Whisker

SiteScan.

THC Happy Browser.

wwwhack.

Web Cracker.

Brutus.

Case Study: Compaq Management Agents Vulnerability.

18. Remote Control.

pcAnywhere.

Virtual Network Computing.

NetBus.

Back Orifice 2000.

19. Intrusion Detection Systems.

Definition.

IDS Evasion.

Stealth Port Scanning.

Aggressive Techniques.

Pitfalls.

Traits of Effective IDSs.

IDS Selection.

RealSecure

NetProwler.

Secure Intrusion Detection.

eTrust Intrusion Detection.

Network Flight Recorder.

Dragon.

Snort.

20. Firewalls.

Definition.

Monitoring.

Configuration.

Change Control.

Firewall Types.

Packet-Filtering Firewalls.

Stateful-Inspection Firewalls.

Proxy-Based Firewalls.

Network Address Translation.

Evasive Techniques.

Firewalls and Virtual Private Networks.

Case Study: Internet Information Server ExploitoMDAC.

21. Denial-of-Service Attacks.

Resource Exhaustion Attacks.

Papasmurf.

Trash2.

Igmpofdeath.c.

Fawx.

OBSD_fun.

Port Flooding.

Mutilate.

Pepsi5.

SYN Flooding.

Synful.

Synk4.

Naptha.

IP Fragmentation Attacks.

Jolt2.

Teardrop.

Syndrop.

Newtear.

Distributed Denial-of-Service Attacks.

Tribe Flood Network 2000.

Trin00.

Stacheldraht.

Usage.

Application-Based DoS Attacks.

Up Yours.

Wingatecrash.

WinNuke.

BitchSlap.

DOSNuke.

Shutup.

Web Server DoS Attacks.

Concatenated DoS Tools.

CyberCop.

ISS Internet Scanner.

Toast.

Spike.sh5.3.

Summary.

22. Wrapping It Up.

Countermeasures.

Keeping Current.

Web Sites.

Mailing Lists.

23. Future Trends.

Authentication.

Two- and Three-Factor Authentication.

Biometrics.

Token-Based Authentication.

Directory Services.

Encryption.

Public Key Infrastructure.

Distributed Systems.

Forensics.

Government Regulation.

Hacking Techniques.

Countermeasures.

Cyber-Crime Insurance.

Appendix A.

Appendix B. The Twenty Most Critical Internet Security Vulnerabilities—The Experts' Consensus.

Index. 0201719568T01172002

Read More Show Less

Preface

Why write a book about hacking? The question is really whether a book about the techniques and tools used to break into a network would be beneficial to the information security community. We, the authors, believe that penetration testing is a valuable and effective means of identifying security holes and weaknesses in a network and computing environment. Understanding how others will try to break into a network offers considerable insight into the common pitfalls and misconfigurations that make networks vulnerable. This insight is essential to creating a comprehensive network security structure.

Some may argue that providing this penetration-testing information gives script kiddies and hackers ammunition to better attack systems. However, script kiddies and hackers already have access to this information or have the time to find it--most of the material presented in this book is available from a variety of sources on the Internet. The problem is that the system and security administrators defending against attacks do not have the time or resources to research the sites necessary to compile this information. We decided to write this book to provide defenders with the information hackers already have. A hacker has to find only one hole to gain unauthorized access. The security group defending against the hackers needs to find all the holes to prevent unauthorized access.

There is no tried-and-true training that can make everyone a security expert, but there are some baseline principles, skills, and tools that must be mastered to become proficient in this field. Our goal is to provide you with those skills in a manner that helps you to understand the structure and tools used and to begin developing your own style of penetration testing.The process described in this book is not the only way to perform a penetration test. We continue to evolve our own methodology to respond to new technologies and threats. This process has worked well for us in the past and continues to be a successful way to evaluate and test network security.

Audience

This book is intended for the security administrators, systems administrators, technology auditors, and other authorized representatives of companies that want to legitimately test their security posture and intrusion detection or incident response capabilities. In addition, other individuals who need to assess systems and network security may find the tools and techniques described in this book useful. It is designed as a beginner's book for enhancing network security through penetration testing. No previous knowledge of penetration testing is required, but an understanding of networking, TCP/IP, Windows NT/2000, network security, and UNIX is needed to be able to execute a penetration test.

A word of caution: Although this book details the processes and tools for performing a penetration test, it does not describe how to do this without alerting network security devices. Many of these techniques will be detected and should not be performed without the written consent of the owners of the target systems. We intend for this book to be not a how-to hack manual but rather a framework for performing a systematic network security review. Intrusion detection mechanisms on most networks today have become very sophisticated and, if configured properly, can be used to track anyone practicing these techniques on a network.

How to Use This Book

The managers of an ever-growing number of companies are beginning to see information security as an issue requiring attention, showing how much of a threat they truly believe exists. In any case, whether you work as part of the security department of a large corporation or as a system administrator with security as part of your job description, knowing how to get into your network is one of the best ways to secure it.

The first part of this book (Chapters 1-4) explains the roles and responsibilities of a penetration-testing professional and the motivation and styles of the hacking community. This information provides insight into why hacking has become so popular with the media and what difficulties are associated with protecting a network. The material is designed to provide background information to support the use of penetration testing as an important part of an overall network security plan. A penetration test not only tests the network's ability to protect information and other assets from unauthorized individuals but also can test the organization's ability to detect such intrusion attempts and its incident response capabilities. We also discuss some of the common pitfalls in technology and defenses that contribute to security weaknesses. A large portion of successful network security breeches could have been avoided if special attention had been given to these issues.

The second part of this book (Chapters 5-10) provides a structured framework for a penetration test. Penetration testing can be broken down into a series of steps that provide an efficient and comprehensive review of individual network segments. Whether the test is an internal or external review, the methodology follows the steps of discovery, scanning, and exploitation. This section outlines methods for finding the target network, identifying possible vulnerable services, exploiting weaknesses, and documenting the results. This methodology yields a test that is structured, efficient, and repeatable. In this section of the book we also introduce various tools that can be used to assist with this methodology. We briefly describe each tool's use and place in testing.

The third section of this book (Chapters 11-16) provides greater detail on the tools that can increase the speed and accuracy of a penetration test. This "tools and techniques" section is presented in a reference format so you can locate a tool by its role in testing and obtain the information necessary to begin using the tool or find the information necessary to do so. A large collection of tools have been released by commercial and open-source programmers that identify vulnerabilities in networks, applications, and/or services and should be used as part of an assessment. While most of them may be identified by an intrusion detection system, they can usually find exposures on your network faster than manual methods. We provide detailed explanations of each tool, including its basic usage and where to get updates. You will find that some programs are described in greater depth than others. We spend more time on the tools that we find more helpful or that reveal the most information. For ease of use, we obtained demo or freeware software for many of the tools covered and included them on the CD-ROM available with this book. This software is intended to give you the opportunity to become familiar with some of the more popular tools and to see which work best for you. This section is designed to help you pick out the right hardware, operating systems, and software to make a testing tool kit.

The last section of this book (Chapters 17-23) moves toward advanced techniques and application testing. You should review this section once you have created and are comfortable with your own tool kit. This section details methods that can be used to evade intrusion detection systems and firewalls, control hosts on target networks remotely, and test Web servers. It also includes a discussion on denial-of-service attacks and a section on how to keep up with the current trends and latest developments in information security. This section contains a list of Web sites and e-mail lists that we used in our research, as well as information on long-term countermeasures to improve security. Finally, we include a brief discussion about future trends within the information technology arena and the possible risks that these trends may produce.

At the end of some chapters are case studies that deal with some of the issues and tools discussed. The case studies detail steps we have followed in real-world penetration-testing engagements to help illustrate how all the pieces of penetration testing fit together. The samples we selected include internal, external, and dial-up testing and reflect different operating systems, vulnerabilities, and exploits in an attempt to demonstrate as many of the techniques discussed in the book as possible. In each case we keep anonymous the name, industry type, and any other information that could be used to identify the parties involved.

--T.J. Klevinsky
--Scott Laliberte
--Ajay Gupta

0201719568P01172002

Read More Show Less

Customer Reviews

Average Rating 4.5
( 2 )
Rating Distribution

5 Star

(1)

4 Star

(1)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted February 24, 2003

    Great Book

    Found this book to be more informative than others in this field. From SQL injections to how to use an electron microscope to retrieve overwritten information, this book gives great detail in how to hack internal server systems. Chapter 3 is of particular importance to administrators. I recommend this book.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted April 13, 2002

    I liked this book

    The book makes a good case for using penetration testing (ethical hacking) as a part of the overall security program. And it is a good place to start in developing the skills and process for performing ethical hacking internally. Chapters 2.2 and 3 are must reads for any company who plans to hire someone to do a penetration test for them. I recommend this book....that's my two cents.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)