Hacking For Dummies

( 18 )

Overview

A new edition of the bestselling guide-now updated to cover the latest hacks and how to prevent them!

It's bad enough when a hack occurs-stealing identities, bank accounts, and personal information. But when the hack could have been prevented by taking basic security measures-like the ones described in this book-somehow that makes a bad situation even worse. This beginner guide to hacking examines some of the best security measures that exist ...

See more details below
Paperback
$26.85
BN.com price
(Save 10%)$29.99 List Price
Pick Up In Store

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (13) from $7.60   
  • New (8) from $7.60   
  • Used (5) from $8.20   

More About This Book

Overview

A new edition of the bestselling guide-now updated to cover the latest hacks and how to prevent them!

It's bad enough when a hack occurs-stealing identities, bank accounts, and personal information. But when the hack could have been prevented by taking basic security measures-like the ones described in this book-somehow that makes a bad situation even worse. This beginner guide to hacking examines some of the best security measures that exist and has been updated to cover the latest hacks for Windows 7 and the newest version of Linux.

Offering increased coverage of Web application hacks, database hacks, VoIP hacks, and mobile computing hacks, this guide addresses a wide range of vulnerabilities and how to identify and prevent them. Plus, you'll examine why ethical hacking is oftentimes the only way to find security flaws, which can then prevent any future malicious attacks.

  • Explores the malicious hackers's mindset so that you can counteract or avoid attacks completely
  • Covers developing strategies for reporting vulnerabilities, managing security changes, and putting anti-hacking policies and procedures in place
  • Completely updated to examine the latest hacks to Windows 7 and the newest version of Linux
  • Explains ethical hacking and why it is essential

Hacking For Dummies, 3rd Edition shows you how to put all the necessary security measures in place so that you avoid becoming a victim of malicious hacking.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
If you're not hacking your systems, rest assured: Someone else is. If you want your computers and networks to be more secure, you'll either have to find, pay, and trust a consultant -- or learn some basic hacking, and do it yourself. But most hacking books are written for...well, not you. What you need is this: a For Dummies book on hacking.

Finally, a book for not-especially-technical folks who want to know how vulnerable their systems really are. Can your people be tricked out of their passwords? Is your server physically safe? Can someone sit in your parking lot and read your wireless LAN traffic? Are your email systems protected? What about your web site? Kevin Beaver walks you through simple attacks you can perform. And if the results scare you, Beaver explains what to do about it. Step by step, in friendly, For Dummies English.Bill Camarda, from the December 2006 Read Only

Read More Show Less

Product Details

  • ISBN-13: 9780470550939
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 1/19/2010
  • Series: For Dummies Series
  • Edition number: 3
  • Pages: 408
  • Sales rank: 338,633
  • Product dimensions: 7.20 (w) x 9.10 (h) x 0.70 (d)

Meet the Author

Kevin Beaver is an independent information security consultant, expert witness, and speaker with more than 20 years of security experience. He specializes in performing information security assessments that support compliance and risk management. He is also coauthor of Hacking Wireless Networks For Dummies.
Read More Show Less

Read an Excerpt

http://catalogimages.wiley.com/images/db/pdf/9780470550939.excerpt.pdf
Read More Show Less

Table of Contents

Foreword.

Introduction.

Part I: Building the Foundation for Ethical Hacking.

Chapter 1: Introduction to Ethical Hacking.

Chapter 2: Cracking the Hacker Mindset.

Chapter 3: Developing Your Ethical Hacking Plan.

Chapter 4: Hacking Methodology.

Part II: Putting Ethical Hacking in Motion.

Chapter 5: Social Engineering.

Chapter 6: Physical Security.

Chapter 7: Passwords.

Part III: Hacking the Network.

Chapter 8: Network Infrastructure.

Chapter 9: Wireless LANs.

Part IV: Hacking Operating Systems.

Chapter 10: Windows.

Chapter 11: Linux.

Chapter 12: Novell NetWare.

Part V: Hacking Applications.

Chapter 13: Communication and Messaging Systems.

Chapter 14: Web Sites and Applications.

Chapter 15: Databases and Storage Systems.

Part VI: Ethical Hacking Aftermath.

Chapter 16: Reporting Your Results.

Chapter 17: Plugging Security Holes.

Chapter 18: Managing Security Changes.

Part VII: The Part of Tens.

Chapter 19: Ten Tips for Getting Upper Management Buy-In.

Chapter 20: Ten Reasons Hacking Is the Only Effective Way to Test.

Chapter 21: Ten Deadly Mistakes.

Appendix: Tools and Resources.

Index.

Read More Show Less

First Chapter

Hacking For Dummies

By Kevin Beaver

John Wiley & Sons

ISBN: 0-7645-5784-X

Chapter One

Introduction to Ethical Hacking

In This Chapter

* Understanding hacker objectives

* Outlining the differences between ethical hackers and malicious hackers

* Examining how the ethical hacking process has come about

* Understanding the dangers that your computer systems face

* Starting the ethical hacking process

This book is about hacking ethically - the science of testing your computers and network for security vulnerabilities and plugging the holes you find before the bad guys get a chance to exploit them.

Although ethical is an often overused and misunderstood word, the Merriam-Webster dictionary defines ethical perfectly for the context of this book and the professional security testing techniques that I cover - that is, conforming to accepted professional standards of conduct. IT practitioners are obligated to perform all the tests covered in this book aboveboard and only after permission has been obtained by the owner(s) of the systems - hence the disclaimer in the introduction.

How Hackers Beget Ethical Hackers

We've all heard of hackers. Many of us have even suffered the consequences of hacker actions. So who are these hackers? Why is it important to know about them? The next few sections give you the lowdown on hackers.

Defining hacker

Hacker is a word that has two meanings:

  •   Traditionally, a hacker is someone who likes to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically.
  •   Recently, hacker has taken on a new meaning - someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). Crackers break into (crack) systems with malicious intent. They are out for personal gain: fame, profit, and even revenge. They modify, delete, and steal critical information, often making other people miserable.

The good-guy (white-hat) hackers don't like being in the same category as the bad-guy (black-hat) hackers. (These terms come from Western movies where the good guys wore white cowboy hats and the bad guys wore black cowboy hats.) Whatever the case, most people give hacker a negative connotation.

Many malicious hackers claim that they don't cause damage but instead are altruistically helping others. Yeah, right. Many malicious hackers are electronic thieves.

REMEMBER

In this book, I use the following terminology:

  •   Hackers (or bad guys) try to compromise computers.
  •   Ethical hackers (or good guys) protect computers against illicit entry.

Hackers go for almost any system they think they can compromise. Some prefer prestigious, well-protected systems, but hacking into anyone's system increases their status in hacker circles.

Ethical Hacking 101

You need protection from hacker shenanigans. An ethical hacker possesses the skills, mindset, and tools of a hacker but is also trustworthy. Ethical hackers perform the hacks as security tests for their systems.

TIP

If you perform ethical hacking tests for customers or simply want to add another certification to your credentials, you may want to consider the ethical hacker certification Certified Ethical Hacker, which is sponsored by EC-Council. See eccouncil.org/CEH.htm for more information.

Ethical hacking - also known as penetration testing or white-hat hacking - involves the same tools, tricks, and techniques that hackers use, but with one major difference: Ethical hacking is legal. Ethical hacking is performed with the target's permission. The intent of ethical hacking is to discover vulnerabilities from a hacker's viewpoint so systems can be better secured. It's part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors' claims about the security of their products are legitimate.

To hack your own systems like the bad guys, you must think like they think. It's absolutely critical to know your enemy; see Chapter 2 for details.

Understanding the Need to Hack Your Own Systems

To catch a thief, think like a thief. That's the basis for ethical hacking.

The law of averages works against security. With the increased numbers and expanding knowledge of hackers combined with the growing number of system vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in some way. Protecting your systems from the bad guys - and not just the generic vulnerabilities that everyone knows about - is absolutely critical. When you know hacker tricks, you can see how vulnerable your systems are.

Hacking preys on weak security practices and undisclosed vulnerabilities. Firewalls, encryption, and virtual private networks (VPNs) can create a false feeling of safety. These security systems often focus on high-level vulnerabilities, such as viruses and traffic through a firewall, without affecting how hackers work. Attacking your own systems to discover vulnerabilities is a step to making them more secure. This is the only proven method of greatly hardening your systems from attack. If you don't identify weaknesses, it's a matter of time before the vulnerabilities are exploited.

As hackers expand their knowledge, so should you. You must think like them to protect your systems from them. You, as the ethical hacker, must know activities hackers carry out and how to stop their efforts. You should know what to look for and how to use that information to thwart hackers' efforts.

TIP

You don't have to protect your systems from everything. You can't. The only protection against everything is to unplug your computer systems and lock them away so no one can touch them - not even you. That's not the best approach to information security. What's important is to protect your systems from known vulnerabilities and common hacker attacks.

It's impossible to buttress all possible vulnerabilities on all your systems. You can't plan for all possible attacks - especially the ones that are currently unknown. However, the more combinations you try - the more you test whole systems instead of individual units - the better your chances of discovering vulnerabilities that affect everything as a whole.

Don't take ethical hacking too far, though. It makes little sense to harden your systems from unlikely attacks. For instance, if you don't have a lot of foot traffic in your office and no internal Web server running, you may not have as much to worry about as an Internet hosting provider would have. However, don't forget about insider threats from malicious employees!

Your overall goals as an ethical hacker should be as follows:

  •   Hack your systems in a nondestructive fashion.
  •   Enumerate vulnerabilities and, if necessary, prove to upper management that vulnerabilities exist.
  •   Apply results to remove vulnerabilities and better secure your systems.

Understanding the Dangers Your Systems Face

It's one thing to know that your systems generally are under fire from hackers around the world. It's another to understand specific attacks against your systems that are possible. This section offers some well-known attacks but is by no means a comprehensive listing. That requires its own book: Hack Attacks Encyclopedia, by John Chirillo (Wiley Publishing, Inc.).

Many information-security vulnerabilities aren't critical by themselves. However, exploiting several vulnerabilities at the same time can take its toll. For example, a default Windows OS configuration, a weak SQL Server administrator password, and a server hosted on a wireless network may not be major security concerns separately. But exploiting all three of these vulnerabilities at the same time can be a serious issue.

Nontechnical attacks

Exploits that involve manipulating people - end users and even yourself - are the greatest vulnerability within any computer or network infrastructure. Humans are trusting by nature, which can lead to social-engineering exploits. Social engineering is defined as the exploitation of the trusting nature of human beings to gain information for malicious purposes. I cover social engineering in depth in Chapter 5.

Other common and effective attacks against information systems are physical. Hackers break into buildings, computer rooms, or other areas containing critical information or property. Physical attacks can include dumpster diving (rummaging through trash cans and dumpsters for intellectual property, passwords, network diagrams, and other information).

Network-infrastructure attacks

Hacker attacks against network infrastructures can be easy, because many networks can be reached from anywhere in the world via the Internet. Here are some examples of network-infrastructure attacks:

  •   Connecting into a network through a rogue modem attached to a computer behind a firewall
  •   Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS
  •   Flooding a network with too many requests, creating a denial of service (DoS) for legitimate requests
  •   Installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text
  •   Piggybacking onto a network through an insecure 802.11b wireless configuration

Operating-system attacks

Hacking operating systems (OSs) is a preferred method of the bad guys. OSs comprise a large portion of hacker attacks simply because every computer has one and so many well-known exploits can be used against them.

Occasionally, some operating systems that are more secure out of the box - such as Novell NetWare and the flavors of BSD UNIX - are attacked, and vulnerabilities turn up. But hackers prefer attacking operating systems like Windows and Linux because they are widely used and better known for their vulnerabilities.

Here are some examples of attacks on operating systems:

  •   Exploiting specific protocol implementations
  •   Attacking built-in authentication systems
  •   Breaking file-system security
  •   Cracking passwords and encryption mechanisms

Application and other specialized attacks

Applications take a lot of hits by hackers. Programs such as e-mail server software and Web applications often are beaten down:

  •   Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are frequently attacked because most firewalls and other security mechanisms are configured to allow full access to these programs from the Internet.
  •   Malicious software (malware) includes viruses, worms, Trojan horses, and spyware. Malware clogs networks and takes down systems.
  •   Spam (junk e-mail) is wreaking havoc on system availability and storage space. And it can carry malware.

Ethical hacking helps reveal such attacks against your computer systems. Parts II through V of this book cover these attacks in detail, along with specific countermeasures you can implement against attacks on your systems.

Obeying the Ethical Hacking Commandments

Every ethical hacker must abide by a few basic commandments. If not, bad things can happen. I've seen these commandments ignored or forgotten when planning or executing ethical hacking tests. The results weren't positive.

Working ethically

The word ethical in this context can be defined as working with high professional morals and principles. Whether you're performing ethical hacking tests against your own systems or for someone who has hired you, everything you do as an ethical hacker must be aboveboard and must support the company's goals. No hidden agendas are allowed!

Trustworthiness is the ultimate tenet. The misuse of information is absolutely forbidden. That's what the bad guys do.

Respecting privacy

Treat the information you gather with the utmost respect. All information you obtain during your testing - from Web-application log files to clear-text passwords - must be kept private. Don't use this information to snoop into confidential corporate information or private lives. If you sense that someone should know there's a problem, consider sharing that information with the appropriate manager.

TIP

Involve others in your process. This is a "watch the watcher" system that can build trust and support your ethical hacking projects.

Not crashing your systems

One of the biggest mistakes I've seen when people try to hack their own systems is inadvertently crashing their systems. The main reason for this is poor planning. These testers have not read the documentation or misunderstand the usage and power of the security tools and techniques.

You can easily create DoS conditions on your systems when testing. Running too many tests too quickly on a system causes many system lockups. I know because I've done this! Don't rush things and assume that a network or specific host can handle the beating that network scanners and vulnerability-assessment tools can dish out.

TIP

Many security-assessment tools can control how many tests are performed on a system at the same time. These tools are especially handy if you need to run the tests on production systems during regular business hours.

You can even create an account or system lockout condition by social engineering someone into changing a password, not realizing that doing so might create a system lockout condition.

The Ethical Hacking Process

Like practically any IT or security project, ethical hacking needs to be planned in advance. Strategic and tactical issues in the ethical hacking process should be determined and agreed upon. Planning is important for any amount of testing - from a simple password-cracking test to an all-out penetration test on a Web application.

Formulating your plan

Approval for ethical hacking is essential. Make what you're doing known and visible - at least to the decision makers. Obtaining sponsorship of the project is the first step. This could be your manager, an executive, a customer, or even yourself if you're the boss. You need someone to back you up and sign off on your plan. Otherwise, your testing may be called off unexpectedly if someone claims they never authorized you to perform the tests.

Continues...

Excerpted from Hacking For Dummies by Kevin Beaver Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Read More Show Less

Customer Reviews

Average Rating 3.5
( 18 )
Rating Distribution

5 Star

(8)

4 Star

(3)

3 Star

(2)

2 Star

(4)

1 Star

(1)

Your Rating:

Review Guidelines
Add Recommendations
Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 18 Customer Reviews

  • Anonymous

    Posted April 4, 2012

    i wrill Im almost lik iron man now

    : )

    2 out of 4 people found this review helpful.

    Was this review helpful? Yes  NoThank you for your feedback.   Report this reviewThank you, this review has been flagged.

  • Anonymous

    Posted November 21, 2012

    Rkg

    Dbdjej

    1 out of 4 people found this review helpful.

    Was this review helpful? Yes  NoThank you for your feedback.   Report this reviewThank you, this review has been flagged.

  • Posted August 22, 2009

    more from this reviewer

    Helpful but not quite there

    I loved this book in almost every way for learning the basic's of network security and testing it. But for anyone who plans to use this book maliciously, good luck. It's designed so as to not tell you what to do to infiltrate a system, just how to check if it can be infiltrated. Also, i feel this book makes to many assumptions on the reader skill, maybe i am an idiot but i didn't know what he was talk about half the time so i would have to Google it.

    1 out of 2 people found this review helpful.

    Was this review helpful? Yes  NoThank you for your feedback.   Report this reviewThank you, this review has been flagged.

  • Anonymous

    Posted May 18, 2004

    Great Guide to protecting your network!

    Hacking for Dummies does a great job explaining how to protect your network from the bad guys. I can take the information I've learned and put it to work at my job immediately.

    1 out of 1 people found this review helpful.

    Was this review helpful? Yes  NoThank you for your feedback.   Report this reviewThank you, this review has been flagged.

  • Anonymous

    Posted January 3, 2013

    Kevin baker

    I love u. U inspired me to pursue my technological dreams again. I had the skill but i got lazy. Thank u sooo much for making this. I dn know how o thank u.

    Was this review helpful? Yes  NoThank you for your feedback.   Report this reviewThank you, this review has been flagged.

  • Anonymous

    Posted March 10, 2012

    I will pay you $10 if you buy this book for me

    Buy for me $10

    0 out of 4 people found this review helpful.

    Was this review helpful? Yes  NoThank you for your feedback.   Report this reviewThank you, this review has been flagged.

  • Anonymous

    Posted February 10, 2011

    No text was provided for this review.

  • Anonymous

    Posted March 19, 2011

    No text was provided for this review.

  • Anonymous

    Posted August 8, 2011

    No text was provided for this review.

  • Anonymous

    Posted March 17, 2011

    No text was provided for this review.

  • Anonymous

    Posted July 18, 2011

    No text was provided for this review.

  • Anonymous

    Posted August 30, 2011

    No text was provided for this review.

  • Anonymous

    Posted May 28, 2011

    No text was provided for this review.

  • Anonymous

    Posted June 28, 2011

    No text was provided for this review.

  • Anonymous

    Posted September 19, 2011

    No text was provided for this review.

  • Anonymous

    Posted April 27, 2011

    No text was provided for this review.

  • Anonymous

    Posted May 8, 2011

    No text was provided for this review.

  • Anonymous

    Posted October 12, 2011

    No text was provided for this review.

Sort by: Showing all of 18 Customer Reviews
If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)