Зарегистрироваться
Восстановить пароль
FAQ по входу

Oriyano Sean-Philip. Hacker Techniques, Tools, and Incident Handling

  • Файл формата pdf
  • размером 8,49 МБ
  • Добавлен пользователем
  • Отредактирован
Oriyano Sean-Philip. Hacker Techniques, Tools, and Incident Handling
Jones & Bartlett Learning, 2018. — 594 p. — ISBN 9781284147810.
Hacker Techniques, Tools, and Incident Handling, Third Edition begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. It goes on to review the technical overview of hacking: how attacks target networks and the methodology they follow. The final section studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on the Web. Written by subject matter experts, with numerous real-world examples, Hacker Techniques, Tools, and Incident Handling, Third Edition provides readers with a clear, comprehensive introduction to the many threats on our Internet environment and security and what can be done to combat them.
Contents
Cover
Title Page
Copyright Page
Contents
Preface
Acknowledgments
About the Authors
Hacking: The Next Generation
Profiles and Motives of Different Types of Hackers
Controls
The Hacker Mindset
Motivation
A Look at the History of Computer Hacking
Ethical Hacking and Penetration Testing
The Role of Ethical Hacking
Ethical Hackers and the C-I-A Triad
Common Hacking Methodologies
Performing a Penetration Test
The Role of the Law and Ethical Standards
TCP/IP Review
Exploring the OSI Reference Model
The Role of Protocols
Layer 1: Physical Layer
Layer 2: Data Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
Mapping the OSI Model to Functions and Protocols
TCP/IP: A Layer-by-Layer Review
Physical or Network Access Layer
Network or Internet Layer
Host-to-Host Layer
Application Layer
Cryptographic Concepts
Cryptographic Basics
Authentication
Integrity
Nonrepudiation
Symmetric and Asymmetric Cryptography
Cryptographic History
What Is an Algorithm or Cipher?
Symmetric Encryption
Asymmetric Encryption
Digital Signatures
Purpose of Public Key Infrastructure
The Role of Certificate Authorities (CAs)
PKI Attacks
Hashing
Common Cryptographic Systems
Cryptanalysis
Future Forms of Cryptography
Physical Security
Basic Equipment Controls
Hard Drive and Mobile Device Encryption
Fax Machines and Printers
Voice over IP (VoIP)
Physical Area Controls
Fences
Perimeter Intrusion Detection and Assessment System (PIDAS)
Gates
Bollards
Facility Controls
Doors, Mantraps, and Turnstiles
Walls, Ceilings, and Floors
Windows
Guards and Dogs
Construction
Personal Safety Controls
Lighting
Alarms and Intrusion Detection
Closed-Circuit TV (CCTV)/Remote Monitoring
Physical Access Controls
Locks
Lock Picking
Tokens and Biometrics
Avoiding Common Threats to Physical Security
Natural, Human, and Technical Threats
Physical Keystroke Loggers and Sniffers
Wireless Interception and Rogue Access Points
Defense in Depth
Footprinting Tools and Techniques
The Information-Gathering Process
The Information on a Company Website
Discovering Financial Information
Google Hacking
Exploring Domain Information Leakage
Manual Registrar Query
Automatic Registrar Query
Whois
Nslookup
Internet Assigned Numbers Authority (IANA)
Determining a Network Range
Tracking an Organization’s Employees
Exploiting Insecure Applications
Using Social Networks
Using Basic Countermeasures
Port Scanning
Determining the Network Range
Identifying Active Machines
Wardialing
Wardriving and Related Activities
Pinging
Port Scanning
Mapping Open Ports
Nmap
SuperScan
Scanrand
THC-Amap
OS Fingerprinting
Active OS Fingerprinting
Passive OS Fingerprinting
Mapping the Network
Analyzing the Results
Enumeration and Computer System Hacking
Windows Basics
Controlling Access
Users
Groups
Security Identifiers
Commonly Attacked and Exploited Services
Enumeration
How to Perform Enumeration Tasks
NULL Session
Working with nbtstat
SuperScan
Angry IP Scanner
SNScan
System Hacking
Types of Password Cracking
Passive Online Attacks
Active Online Attacks
Offline Attacks
Nontechnical Attacks
Using Password Cracking
Privilege Escalation
Planting Backdoors
Using PsTools
Rootkits
Covering Tracks
Disabling Auditing
Data Hiding
Wireless Vulnerabilities
The Importance of Wireless Security
Emanations
Common Support and Availability
A Brief History of Wireless Technologies
Other 802.11 Variants
Other Wireless Technologies
Working with and Securing Bluetooth
Bluetooth Security
Working with Wireless LANs
CSMA/CD Versus CSMA/CA
Role of APs
Service Set Identifier (SSID)
Association with an AP
The Importance of Authentication
Working with RADIUS
Network Setup Options
Threats to Wireless LANs
Wardriving
Misconfigured Security Settings
Unsecured Connections
Rogue APs
Promiscuous Clients
Wireless Network Viruses
Countermeasures
Internet of Things (IoT)
Wireless Hacking Tools
NetStumbler
The inSSIDer Program
Protecting Wireless Networks
Default AP Security
Placement
Dealing with Emanations
Dealing with Rogue APs
Use Protection for Transmitted Data
MAC Filtering
Web and Database Attacks
Attacking Web Servers
Categories of Risk
Vulnerabilities of Web Servers
Improper or Poor Web Design
Buffer Overflow
Denial of Service (DoS) Attack
Distributed Denial of Service (DDoS) Attack
Banner Information
Permissions
Error Messages
Unnecessary Features
User Accounts
Structured Query Language (SQL) Injections
Examining a SQL Injection
Vandalizing Web Servers
Input Validation
Cross-Site Scripting (XSS) Attack
Anatomy of Web Applications
Insecure Logon Systems
Scripting Errors
Session Management Issues
Encryption Weaknesses
Database Vulnerabilities
Database Types
Vulnerabilities
Locating Databases on the Network
Database Server Password Cracking
Locating Vulnerabilities in Databases
Out of Sight, Out of Mind
Cloud Computing
Malware
Malware
Malware’s Legality
Types of Malware
Malware’s Targets
Viruses and How They Function
Viruses: A History
Types of Viruses
Prevention Techniques
Worms and How They Function
How Worms Work
Stopping Worms
The Power of Education
Antivirus and Firewalls
Significance of Trojans
Methods to Get Trojans onto a System
Targets of Trojans
Known Symptoms of an Infection
Detection of Trojans and Viruses
Vulnerability Scanners
Antivirus/Anti-Malware
Trojan Tools
Distribution Methods
Using Wrappers to Install Trojans
Trojan Construction Kits
Backdoors
Covert Communication
The Role of Keystroke Loggers
Software
Port Redirection
Spyware
Methods of Infection
Bundling with Software
Adware
Scareware
Ransomware
Sniffers, Session Hijacking, and Denial of Service Attacks
Sniffers
Passive Sniffing
Active Sniffing
Sniffing Tools
What Can Be Sniffed?
Session Hijacking
Identifying an Active Session
Seizing Control of a Session
Session Hijacking Tools
Thwarting Session Hijacking Attacks
Denial of Service (DoS) Attacks
Categories of DoS Attacks
Tools for DoS Attacks
Distributed Denial of Service (DDoS) Attacks
Some Characteristics of DDoS Attacks
Tools for DDoS Attacks
Botnets and the Internet of Things (IoT)
Linux and Penetration Testing
Linux
Introducing Kali Linux
Some of the Basics of Working with Linux
A Look at the Interface
Basic Linux Navigation
Important Linux Directories
Commonly Used Commands
The Basic Command Structure of Linux
Live CDs
Special-Purpose Live CDs/DVDs
Virtual Machines
Social Engineering
What Is Social Engineering?
Types of Social Engineering Attacks
Phone-Based Attacks
Dumpster Diving
Shoulder Surfing
Attacks Through Social Media
Persuasion/Coercion
Reverse Social Engineering
Technology and Social Engineering
Your Browser as a Defense Against Social Engineering
Other Good Practices for Safe Computing
Best Practices for Passwords
Know What the Web Knows About You
Creating and Managing Your Passwords
Invest in a Password Manager
Social Engineering and Social Networking
Questions to Ask Before You Post
An Overview of the Risks in Social Networking
Social Networking in a Corporate Setting
Particular Concerns in a Corporate Setting
Facebook Security
Incident Response
What Is a Security Incident?
The Incident Response Process
Incident Response Policies, Procedures, and Guidelines
Phases of an Incident and Response
Incident Response Team
Incident Response Plans
The Role of Business Continuity Plans
Recovering Systems
Business Impact Analysis
Planning for Disaster and Recovery
Testing and Evaluation
Preparation and Staging of Testing Procedures
Frequency of Tests
Analysis of Test Results
Evidence Handling and Administration
Evidence Collection Techniques
Security Reporting Options and Guidelines
Requirements of Regulated Industries
Defensive Technologies
Defense in Depth
Intrusion Detection Systems
IDS Components
Components of a NIDS
Components of a HIDS
Setting Goals
Accountability
Limitations of an IDS
Investigation of an Event
Analysis of Information Collected
Intrusion Prevention Systems
The Purpose of Firewalls
How Firewalls Work
Firewall Methodologies
Limitations of a Firewall
Implementing a Firewall
Authoring a Firewall Policy
Honeypots/Honeynets
Goals of Honeypots
Legal Issues
The Role of Controls
Administrative Controls
Technical Controls
Physical Controls
Security Best Practices
Security Information and Event Management (SIEM)
Sources for Guidance
Answer Key
Standard Acronyms
Glossary of Key Terms
References
Index
  • Чтобы скачать этот файл зарегистрируйтесь и/или войдите на сайт используя форму сверху.
  • Регистрация