Hacking

Who Should Read This Book?

If you want to hack other people’s computer systems maliciously, this book is not for you.

Disclaimer: If you choose to use the information in this book to hack or break
into computer systems maliciously in an unauthorized fashion, you’re on your own. Neither I, as the author, nor anyone else associated with this book shall be liable or responsible for any unethical or criminal choices that you may make and execute using the methodologies and tools that I describe. This book is intended solely for the IT professional to test information security in an authorized fashion.

Okay, now that that’s out of the way, time for the good stuff! This book is for you if you’re a network administrator, information-security manager, security consultant, or someone interested in finding out more about legally and ethi¬cally hacking your own or a customer’s information systems to make them more secure.

As the ethical hacker performing well-intended information-security assess¬ments, you can detect and point out security holes that may otherwise be overlooked. If you’re performing these tests on your own systems, the infor¬mation you uncover in your tests can help you win over management and prove that information security should be taken seriously. Likewise, if you’re performing these tests for your customers, you can help find security holes that can be plugged before malicious hackers have a chance to exploit them.

The information in this book helps you stay on top of the security game and enjoy the fame and glory that comes with helping your organization and cus¬tomers prevent bad things from happening to their information.

How This Book Is Organized

This book is organized into eight parts — six regular chapter parts, a Part of Tens, and a part with appendixes. These parts are modular, so you can jump around from one part to another as needed. Each chapter provides practical methodologies and best practices you can utilize as part of your ethical hack¬ing efforts, including checklists and references to specific tools you can use, as well as resources on the Internet.

Part I: Building the Foundation for Ethical Hacking

This part covers the fundamental aspects of ethical hacking. It starts with an overview of the value of ethical hacking and what you should and shouldn’t do during the process. You get inside the hacker’s mindset and discover how to plan your ethical hacking efforts. This part covers the steps involved in the ethical hacking process, including how to choose the proper tools.

Part II: Putting Ethical Hacking in Motion

This part gets you rolling with the ethical hacking process. It covers several well-known hack attacks, including social engineering and cracking pass¬words, to get your feet wet. The techniques presented are some of the most widely used hack attacks. This part covers the human and physical elements of security, which tend to be the weakest links in any information-security program. After you plunge into these topics, you’ll know the tips and tricks required to perform common general hack attacks against your systems, as well as specific countermeasures to keep your information systems secure.

Part III: Network Hacking

Starting with the larger network in mind, this part covers methods to test your systems for various well-known network infrastructure vulnerabilities. From weaknesses in the TCP/IP protocol suite to wireless network insecuri¬ties, you find out how networks are compromised using specific methods of flawed network communications, along with various countermeasures that you can implement to keep from becoming a victim. This part also includes case studies on some of the network hack attacks that are presented.

Part IV: Operating System Hacking

Practically all operating systems have well-known vulnerabilities that hackers often use. This part jumps into hacking three widely used operating systems: Windows, Linux, and NetWare. The hacking methods include scanning your operating systems for vulnerabilities and enumerating the specific hosts to gain detailed information. This part also includes information on exploiting well-known vulnerabilities in these operating systems, taking over operating systems remotely, and specific countermeasures that you can implement to make your operating systems more secure. This part also includes case stud¬ies on operating-system hack attacks.

Part V: Application Hacking

Application security is gaining more visibility in the information-security arena these days. An increasing number of attacks are aimed directly at various applications, which are often able to bypass firewalls, intrusion-detection systems, and antivirus software. This part discusses hacking specific appli¬cations, including coverage on malicious software and messaging systems, along with practical countermeasures that you can put in place to make your applications more secure.
One of the most common network attacks is on Web applications. Practically every firewall lets Web traffic into and out of the network, so most attacks are against the millions of Web applications available to almost anyone. This part covers Web application hack attacks, countermeasures, and some application hacking case studies for real-world security testing scenarios.

Part VI: Ethical Hacking Aftermath

After you’ve performed your ethical hack attacks, what do you do with the information you’ve gathered? Shelve it? Show it off? How do you move for¬ward? This part answers all these questions and more. From developing reports for upper management to remediating the security flaws that you dis¬cover to establishing procedures for your ongoing ethical hacking efforts, this part brings the ethical hacking process full circle. This information not only ensures that your effort and time are well spent, but also is evidence that information security is as an essential element for success in any busi¬ness that depends on computers and information technology.

Part VII: The Part of Tens

This part contains tips to help ensure the success of your ethical hacking program. You find out how to get upper management to buy into your ethical hacking program so you can get going and start protecting your systems. This part also includes the top ten ethical hacking mistakes to avoid and my top ten tips for ethical hacking success.

Part VIII: Appendixes

This part includes two appendixes that cover ethical hacking reference mate¬rials. This includes a one-stop reference listing of ethical hacking tools and resources, as well as information on the Hacking For Dummies Web site.

Read Comments To Download