Hacking Exposed: Network Security Secrets and Solutions, Fourth Edition

Hacking Exposed: Network Security Secrets and Solutions, Fourth Edition

by Stuart McClure, Joel Scambray, George Kurtz
     
 
"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." --Bill Machrone, PC Magazine

This brand-new edition of the best-selling security book covers all the latest hacks and countermeasures and includes a bonus DVD with the authors' famous "Hacking Exposed Live"

Overview

"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." --Bill Machrone, PC Magazine

This brand-new edition of the best-selling security book covers all the latest hacks and countermeasures and includes a bonus DVD with the authors' famous "Hacking Exposed Live" presentation!

Stuart McClure is the coauthor of all four editions of Hacking Exposed as well as of Hacking Exposed Windows 2000. Stuart co-authored "Security Watch," a weekly column in InfoWorld addressing topical security issues, exploits, and vulnerabilities. He is the President/CTO of Foundstone, Inc. Prior to co-founding Foundstone, Stuart was a Senior Manager with Ernst & Young's Security Profiling Services Group, responsible for project management, attack and penetration reviews, and technology evaluations. Stuart trains Foundstone's Ultimate Hacking course, and Hacking Exposed Live for conferences such as Networld + InterOp, Black Hat, RSA, CSI, among others.

Joel Scambray, CISSP, is the co-author of all four editions of Hacking Exposed as well as of Hacking Exposed Web Applications and Hacking Exposed Windows 2000. Joel co-authored "Security Watch," a weekly column in InfoWorld. Joel is the author of Microsoft's "Ask Us About ... Security" Monthly Column. He also taught Foundstone's Ultimate Hacking Windows course.

George Kurtz, CISSP, is the co-author of all four editions of Hacking Exposed and of both editions of Hacking Linux Exposed. He is the CEO of Foundstone, a cutting edge security solutions provider. Mr. Kurtz has significant experience with intrusion detection and firewall technologies, incident response procedures, and remote access solutions. As CEO and co-founder of Foundstone, George provides a unique combination of business acumen and technical security know-how.

Editorial Reviews

The Barnes & Noble Review
The creator of the No. 1 open source network intrusion detection system called a previous edition of Hacking Exposed "the Encyclopedia Britannica of computer security." We suspect he'll find the Fourth Edition even more indispensable. So will you.

This book is a classic. The first three editions have sold more than 300,000 copies. And the authors are, quite simply, legends in their field.

Stuart McClure is president/CTO and George Kurtz is CEO of Foundstone, one of the world's top IT security consultancies; McClure formerly led attack/penetration reviews and security technology evaluations for Ernst & Young. Joel Scambray has taught Foundstone's Ultimate Hacking Windows course, writes Microsoft's "Ask Us About Security" monthly column, and co-wrote both Hacking Exposed Web Applications and Hacking Exposed Windows 2000.

Think they're resting on their laurels? No way. This book is packed with new attacks, exploits, and countermeasures, as well as updated information on everything from viruses to web hacks. If you're concerned about it (or should be), you'll find it covered here.

For instance, the book's Windows coverage has been thoroughly revamped, benefiting from the insider's expertise of coauthor Joel Scambray, who's now Senior Director of Security for Microsoft's MSN. (He's even added coverage of the forthcoming Windows Server 2003).

The coverage of web hacking has also been massively updated, reflecting a wide range of creative new techniques hackers have come up with to enter or disrupt web sites.

For example, there's Cross-Site Scripting (XSS), wherein web apps gather user data they can use maliciously, typically via fake hyperlinks that contain malicious elements that have been encoded so as not to look suspicious. XSS attacks have allowed hackers to hijack accounts, change user settings, and steal or "poison" cookies.

The authors also discuss "fuzzing" response handlers to identify web server vulnerabilities such as format string or buffer/heap overflows; and "SQL injection" attacks, in which users enter weird text strings into your forms -- and those strings execute SQL directly against your database. (Maybe even deleting entire tables. Fun, huh?)

Hacking Exposed, Fourth Edition also updates its coverage of hacking (and protective) tools. For example, the authors introduce Nikto, a web server scanner that can test web servers for more than 1,550 dangerous files and CGIs and report on over 180 products; and Achilles, a full-featured proxy server optimized for testing the security of web applications. There's also thoroughly updated information on Apache, reflecting the latest versions.

As in previous editions, the authors have organized Hacking Exposed into four sections. First, you'll "case the establishment." That begins with "footprinting" -- identifying what can easily be discovered about your (or someone else's) IP infrastructure. You'll scan to identify live hosts and running services; then probe the services you've identified more fully for known weaknesses, a procedure known as "enumeration."

In Part II, you'll walk through system hacking techniques and countermeasures for Windows 9x/Me, Windows XP/2000/NT, Unix/Linux, databases, and NetWare. Incidentally, while NetWare doesn't get the hype it once did, there are still more than 4.5 million NetWare servers out there -- and many of them have moved onto IP, making them fair game for web hackers. Many NetWare servers are shockingly unprotected, still relying on the discredited "security through obscurity" approach. If you're running NetWare, this chapter could save your business.

Part III focuses on network hacking -- everything from an entirely new chapter on wireless security to updated coverage of dial-up, PBX, voicemail, and VPN hacking, firewalls, and Denial of Service attacks. Finally, in Part IV, the authors turn to application hacking -- including techniques for controlling software remotely; hacking Internet users, and more.

Perhaps this edition's most exciting new feature is a full hour of CD-ROM video from the authors' incredibly popular Hacking Exposed LIVE! seminars. These events have drawn SRO crowds at events ranging from Networld+Interop to Black Hat. Folks come running out of them grabbing their cell phones, calling in immediate configuration changes to their network administrators. That's how crucial this information is. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

Product Details

ISBN-13:
9780072227420
Publisher:
McGraw-Hill Companies, The
Publication date:
02/25/2003
Series:
Hacking Exposed
Edition description:
Older Edition
Pages:
784
Product dimensions:
7.36(w) x 9.18(h) x 1.64(d)

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >