Title:
Hack I.T. : security through penetration testing
Personal Author:
Publication Information:
Boston, Mass. : Addison-Wesley, 2002
Physical Description:
1 CD-ROM ; 12 cm
ISBN:
9780201719567
General Note:
Also available in printed version : QA76.9.A25 K534 2003
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010062962 | CP 4319 | Computer File Accompanies Open Access Book | Compact Disc Accompanies Open Access Book | Searching... |
On Order
Summary
Summary
With carefully structured method targets, this course introduces only the most important French vocabulary and grammar and gets you speaking straight away. The learning programme aims to take only 35 minutes a day for six weeks and has fewer than 400 words to be learnt. The grammar has been pared down to the bare bones and is explained in simple English so you will not get bogged down by unnecessarily complicated structures that you will not need.
Author Notes
T.J. Klevinsky is part of Ernst & Young s Security and Technology Solutions practice, where he coordinates attack and penetration exercises for Fortune 500 corporations worldwide. He is also an instructor for the Ernst & Young s Extreme Hacking course. Additionally, T.J. is an instructor with SANS, where he teaches the course Contemporary Hacking Tools and Penetration Testing, a survey of recent security related software tools.
Scott Laliberte, CISSP, CISM, MBA, is a leader of Protiviti's Global Information Security Practice. He has extensive experience in the areas of information systems security, network operations, incident response, and e-commerce, and has served clients in many industries, including healthcare, life sciences, financial services, manufacturing, and other industries. Scott has led many security engagements, including attack and penetration studies, Web application security reviews, systems vulnerability assessments, wireless security reviews, and security systems implementation. In addition, he has led a number of incident response projects, which help organizations identify, stop, and recover from security incidents and attacks. He has spoken on information security topics for a variety of audiences and industries, including MIS Training Institute (MISTI), National Association of Financial Services Auditors (NAFSA), ISACA, IIA, and HCCA. He has been quoted as a security expert in the Financial Times, Securities Industries News, and elsewhere, and has authored numerous information security articles for a variety of publications.
Ajay Gupta, CISSP, founder and president of Gsecurity, is an expert on cyber security, secure architecture, and information privacy. Gsecurity provides cyber security and data privacy services to federal, state, and local governments, as well as commercial clients in the educational, financial, and health-care sectors.
Excerpts
Excerpts
Why write a book about hacking? The question is really whether a book about the techniques and tools used to break into a network would be beneficial to the information security community. We, the authors, believe that penetration testing is a valuable and effective means of identifying security holes and weaknesses in a network and computing environment. Understanding how others will try to break into a network offers considerable insight into the common pitfalls and misconfigurations that make networks vulnerable. This insight is essential to creating a comprehensive network security structure. Some may argue that providing this penetration-testing information gives script kiddies and hackers ammunition to better attack systems. However, script kiddies and hackers already have access to this information or have the time to find it--most of the material presented in this book is available from a variety of sources on the Internet. The problem is that the system and security administrators defending against attacks do not have the time or resources to research the sites necessary to compile this information. We decided to write this book to provide defenders with the information hackers already have. A hacker has to find only one hole to gain unauthorized access. The security group defending against the hackers needs to find all the holes to prevent unauthorized access. There is no tried-and-true training that can make everyone a security expert, but there are some baseline principles, skills, and tools that must be mastered to become proficient in this field. Our goal is to provide you with those skills in a manner that helps you to understand the structure and tools used and to begin developing your own style of penetration testing.The process described in this book is not the only way to perform a penetration test. We continue to evolve our own methodology to respond to new technologies and threats. This process has worked well for us in the past and continues to be a successful way to evaluate and test network security. Audience This book is intended for the security administrators, systems administrators, technology auditors, and other authorized representatives of companies that want to legitimately test their security posture and intrusion detection or incident response capabilities. In addition, other individuals who need to assess systems and network security may find the tools and techniques described in this book useful. It is designed as a beginner's book for enhancing network security through penetration testing. No previous knowledge of penetration testing is required, but an understanding of networking, TCP/IP, Windows NT/2000, network security, and UNIX is needed to be able to execute a penetration test. A word of caution: Although this book details the processes and tools for performing a penetration test, it does not describe how to do this without alerting network security devices. Many of these techniques will be detected and should not be performed without the written consent of the owners of the target systems. We intend for this book to be not a how-to hack manual but rather a framework for performing a systematic network security review. Intrusion detection mechanisms on most networks today have become very sophisticated and, if configured properly, can be used to track anyone practicing these techniques on a network. How to Use This Book The managers of an ever-growing number of companies are beginning to see information security as an issue requiring attention, showing how much of a threat they truly believe exists. In any case, whether you work as part of the security department of a large corporation or as a system administrator with security as part of your job description, knowing how to get into your network is one of the best ways to secure it. The first part of this book (Chapters 1-4) explains the roles and responsibilities of a penetrati Excerpted from Hack I. T.: Security Through Penetration Testing by T. J. Klevinsky, Scott Laliberte, Ajaya K. Gupta All rights reserved by the original copyright owners. Excerpts are provided for display purposes only and may not be reproduced, reprinted or distributed without the written permission of the publisher.Table of Contents
| Preface | p. xv |
| Introduction | p. xxi |
| Chapter 1 Hacking Today | p. 1 |
| Chapter 2 Defining the Hacker | p. 9 |
| 2.1 Hacker Skill Levels | p. 10 |
| 2.2 Information Security Consultants | p. 13 |
| 2.3 Hacker Myths | p. 14 |
| 2.4 Information Security Myths | p. 15 |
| Chapter 3 Penetration for Hire | p. 19 |
| 3.1 Ramifications of Penetration Testing | p. 20 |
| 3.2 Requirements for a Freelance Consultant | p. 21 |
| 3.3 Announced vs. Unannounced Penetration Testing | p. 25 |
| Chapter 4 Where the Exposures Lie | p. 29 |
| 4.1 Application Holes | p. 32 |
| 4.2 Berkeley Internet Name Domain (BIND) Implementations | p. 32 |
| 4.3 Common Gateway Interface (CGI) | p. 33 |
| 4.4 Clear Text Services | p. 33 |
| 4.5 Default Accounts | p. 34 |
| 4.6 Domain Name Service (DNS) | p. 34 |
| 4.7 File Permissions | p. 35 |
| 4.8 FTP and telnet | p. 35 |
| 4.9 ICMP | p. 36 |
| 4.10 IMAP and POP | p. 37 |
| 4.11 Modems | p. 37 |
| 4.12 Lack of Monitoring and Intrusion Detection | p. 38 |
| 4.13 Network Architecture | p. 38 |
| 4.14 Network File System (NFS) | p. 40 |
| 4.15 NT Ports 135-139 | p. 40 |
| 4.16 NT Null Connection | p. 40 |
| 4.17 Poor Passwords and User IDs | p. 41 |
| 4.18 Remote Administration Services | p. 43 |
| 4.19 Remote Procedure Call (RPC) | p. 43 |
| 4.20 sendmail | p. 44 |
| 4.21 Services Started by Default | p. 44 |
| 4.22 Simple Mail Transport Protocol (SMTP) | p. 45 |
| 4.23 Simple Network Management Protocol (SNMP) Community Strings | p. 45 |
| 4.24 Viruses and Hidden Code | p. 46 |
| 4.25 Web Server Sample Files | p. 47 |
| 4.26 Web Server General Vulnerabilities | p. 48 |
| 4.27 Monitoring Vulnerabilities | p. 48 |
| Chapter 5 Internet Penetration | p. 51 |
| 5.1 Network Enumeration/Discovery | p. 52 |
| 5.2 Vulnerability Analysis | p. 59 |
| 5.3 Exploitation | p. 65 |
| Case Study: Dual-Homed Hosts | p. 68 |
| Chapter 6 Dial-In Penetration | p. 71 |
| 6.1 War Dialing | p. 71 |
| 6.2 War Dialing Method | p. 72 |
| 6.3 Gathering Numbers | p. 75 |
| 6.4 Precautionary Methods | p. 77 |
| 6.5 War Dialing Tools | p. 78 |
| Case Study: War Dialing | p. 87 |
| Chapter 7 Internal Penetration Testing | p. 91 |
| 7.1 Scenarios | p. 92 |
| 7.2 Network Discovery | p. 93 |
| 7.3 NT Enumeration | p. 99 |
| 7.4 UNIX | p. 102 |
| 7.5 Searching for Exploits | p. 104 |
| 7.6 Sniffing | p. 105 |
| 7.7 Remotely Installing a Hacker Tool Kit | p. 107 |
| 7.8 Vulnerability Scanning | p. 108 |
| Case Study: Snoop the User Desktop | p. 109 |
| Chapter 8 Social Engineering | p. 113 |
| 8.1 The Telephone | p. 114 |
| 8.2 Dumpster Diving | p. 120 |
| 8.3 Desktop Information | p. 121 |
| 8.4 Common Countermeasures | p. 123 |
| Chapter 9 UNIX Methods | p. 125 |
| 9.1 UNIX Services | p. 127 |
| 9.2 Buffer Overflow Attacks | p. 136 |
| 9.3 File Permissions | p. 137 |
| 9.4 Applications | p. 140 |
| 9.5 Misconfigurations | p. 145 |
| 9.6 UNIX Tools | p. 146 |
| Case Study: UNIX Penetration | p. 154 |
| Chapter 10 The Tool Kit | p. 157 |
| 10.1 Hardware | p. 158 |
| 10.2 Software | p. 159 |
| 10.3 VMware | p. 161 |
| Chapter 11 Automated Vulnerability Scanners | p. 165 |
| 11.1 Definition | p. 165 |
| 11.2 Testing Use | p. 166 |
| 11.3 Shortfalls | p. 166 |
| 11.4 Network-Based and Host-Based Scanners | p. 168 |
| 11.5 Tools | p. 169 |
| 11.6 Network-Based Scanners | p. 171 |
| 11.7 Host-Based Scanners | p. 181 |
| 11.8 Pentasafe VigilEnt | p. 184 |
| 11.9 Conclusion | p. 186 |
| Chapter 12 Discovery Tools | p. 187 |
| 12.1 WS_Ping ProPack | p. 187 |
| 12.2 NetScanTools | p. 198 |
| 12.3 Sam Spade | p. 207 |
| 12.4 Rhino9 Pinger | p. 221 |
| 12.5 VisualRoute | p. 223 |
| 12.6 Nmap | p. 226 |
| 12.7 What's running | p. 228 |
| Chapter 13 Port Scanners | p. 229 |
| 13.1 Nmap | p. 229 |
| 13.2 7th Sphere Port Scanner | p. 237 |
| 13.3 Strobe | p. 238 |
| 13.4 SuperScan | p. 239 |
| Chapter 14 Sniffers | p. 243 |
| 14.1 Dsniff | p. 244 |
| 14.2 Linsniff | p. 246 |
| 14.3 Tcpdump | p. 247 |
| 14.4 BUTTSniffer | p. 248 |
| 14.5 SessionWall-3 (Now eTrust Intrusion Detection) | p. 249 |
| 14.6 AntiSniff | p. 251 |
| Chapter 15 Password Crackers | p. 255 |
| 15.1 LOphtCrack | p. 255 |
| 15.2 pwdump2 | p. 263 |
| 15.3 John the Ripper | p. 264 |
| 15.4 Cain | p. 266 |
| 15.5 ShowPass | p. 267 |
| Chapter 16 Windows NT Tools | p. 271 |
| 16.1 Net Use | p. 271 |
| 16.2 Null Connection | p. 272 |
| 16.3 Net View | p. 273 |
| 16.4 Nltest | p. 275 |
| 16.5 Nbtstat | p. 276 |
| 16.6 epdump | p. 277 |
| 16.7 Netdom | p. 278 |
| 16.8 Getmac | p. 279 |
| 16.9 Local Administrators | p. 280 |
| 16.10 Global ("Domain Admins") | p. 280 |
| 16.11 Usrstat | p. 281 |
| 16.12 DumpSec | p. 282 |
| 16.13 user2Sid/sid2User | p. 286 |
| 16.14 NetBIOS Auditing Tool (NAT) | p. 287 |
| 16.15 SMBGrind | p. 289 |
| 16.16 Srvcheck | p. 291 |
| 16.17 Srvinfo | p. 291 |
| 16.18 AuditPol | p. 292 |
| 16.19 Regdmp | p. 293 |
| 16.20 Somarsoft DumpReg | p. 295 |
| 16.21 Remote | p. 297 |
| 16.22 Netcat | p. 298 |
| 16.23 SC | p. 300 |
| 16.24 AT | p. 301 |
| 16.25 FPipe | p. 302 |
| Case Study: Weak Passwords | p. 304 |
| Case Study: Internal Penetration to Windows | p. 310 |
| Chapter 17 Web-Testing Tools | p. 315 |
| 17.1 Whisker | p. 316 |
| 17.2 SiteScan | p. 318 |
| 17.3 THC Happy Browser | p. 319 |
| 17.4 wwwhack | p. 320 |
| 17.5 Web Cracker | p. 322 |
| 17.6 Brutus | p. 323 |
| Case Study: Compaq Management Agents Vulnerability | p. 325 |
| Chapter 18 Remote Control | p. 329 |
| 18.1 pcAnywhere | p. 330 |
| 18.2 Virtual Network Computing | p. 335 |
| 18.3 NetBus | p. 338 |
| 18.4 Back Orifice 2000 | p. 344 |
| Chapter 19 Intrusion Detection Systems | p. 347 |
| 19.1 Definition | p. 347 |
| 19.2 IDS Evasion | p. 350 |
| 19.3 Pitfalls | p. 356 |
| 19.4 Traits of Effective IDSs | p. 356 |
| 19.5 IDS Selection | p. 362 |
| Chapter 20 Firewalls | p. 369 |
| 20.1 Definition | p. 369 |
| 20.2 Monitoring | p. 370 |
| 20.3 Configuration | p. 372 |
| 20.4 Change Control | p. 372 |
| 20.5 Firewall Types | p. 373 |
| 20.6 Network Address Translation | p. 375 |
| 20.7 Evasive Techniques | p. 376 |
| 20.8 Firewalls and Virtual Private Networks | p. 379 |
| Case Study: Internet Information Server Exploit--MDAC | p. 380 |
| Chapter 21 Denial-of-Service Attacks | p. 383 |
| 21.1 Resource Exhaustion Attacks | p. 386 |
| 21.2 Port Flooding | p. 390 |
| 21.3 SYN Flooding | p. 391 |
| 21.4 IP Fragmentation Attacks | p. 393 |
| 21.5 Distributed Denial-of-Service Attacks | p. 396 |
| 21.6 Application-Based DoS Attacks | p. 405 |
| 21.7 Concatenated DoS Tools | p. 412 |
| 21.8 Summary | p. 416 |
| Chapter 22 Wrapping It Up | p. 419 |
| 22.1 Countermeasures | p. 420 |
| 22.2 Keeping Current | p. 423 |
| Chapter 23 Future Trends | p. 433 |
| 23.1 Authentication | p. 433 |
| 23.2 Encryption | p. 437 |
| 23.3 Public Key Infrastructure | p. 438 |
| 23.4 Distributed Systems | p. 438 |
| 23.5 Forensics | p. 439 |
| 23.6 Government Regulation | p. 440 |
| 23.7 Hacking Techniques | p. 441 |
| 23.8 Countermeasures | p. 442 |
| 23.9 Cyber-Crime Insurance | p. 442 |
| Appendix A CD-ROM Contents | p. 445 |
| Appendix B The Twenty Most Critical Internet Security Vulnerabilities--The Experts' Consensus | p. 451 |
| Index | p. 497 |
