Hack I.T

Security Through Penetration Testing

T.J. Klevinsky, Scott Laliberte

512 pages, parution le 13/03/2002

Ajouter à une liste

Indisponible

Résumé

Penetration testing—in which professional, "white hat" hackers attempt to break through an organization's security defenses—has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.

Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.

Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system—before the real hackers attack.

Specific topics covered inthis book include:

Hacking myths
Potential drawbacks of penetration testing
Announced versus unannounced testing
Application-level holes and defenses
Penetration through the Internet, including zone transfer, sniffing, and port scanning
War dialing
Enumerating NT systems to expose security holes
Social engineering methods
Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
The Windows NT Resource kit
Port scanners and discovery tools
Sniffers and password crackers
Web testing tools
Remote control tools
Firewalls and intrusion detection systems
Numerous DoS attacks and tools

Contents

Preface.
Introduction.

1. Hacking Today.
2. Defining the Hacker.
3. Penetration For Hire.
4. Where the Exposures Lie.
5. Internet Penetration.
6. Dial-in Penetration.
7. Internal Penetration.
8. Social Engineering.
9. Unix Methods.
10. The Toolkit.
11. Automated Vulnerability Scanners.
12. Discovery Tools.
13. Port Scanning.
14. Sniffers.
15. Password Crackers.
16. Windows NT Tools.
17. Web Testing Tools.
18. Remote Control.
19. Intrusion Detection Systems.
20. Firewalls.
21. Denial of service.
22. Wrapping it UP.
23. Future Trends.

Appendix A: CD Directory.
Appendix B: Sans Top 10 List.

Index.

L'auteur - Scott Laliberte

Scott Laliberte is part of Ernst & Young's Security and Technology Solutions practice. He has extensive expertise in the areas of information systems security, network operations, and electronic commerce. He has led numerous penetration testing engagements for Fortune 500 companies and designs e-commerce architectures and security controls. He is also an instructor for the Ernst & Young's Extreme Hacking course.

Caractéristiques techniques

	PAPIER
Éditeur(s)	Addison Wesley
Auteur(s)	T.J. Klevinsky, Scott Laliberte
Parution	13/03/2002
Nb. de pages	512
Format	18,5 x 23,3
Couverture	Broché
Poids	1092g
Intérieur	Noir et Blanc
EAN13	9780201719567