A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.
The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren't impressed, and don't hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. --David Wall
Topics covered: Security vulnerabilities of operating systems, applications, and network devices Administrative procedures that will help defeat them Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls
From Book News, Inc.
This text unveils the methods hackers use to break into systems, networks, and software, and suggest steps administrators can take to secure their computers at the different layers. The fourth edition covers the latest hacking methods and adds a chapter on 802.11 wireless networks. The DVD-ROM contains a video presentation with PowerPoint slides.Copyright © 2004 Book News, Inc., Portland, OR
Book Description
“The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure.” --Bill Machrone, PC Magazine
This brand-new edition of the best-selling security book covers all the latest hacks and countermeasures and includes a bonus DVD with the authors’ famous “Hacking Exposed Live” presentation!
Book Info
Covers all the latest hacks and counter measures and includes a bonus DVD with the author's famous 'Hacking Exposed Live' presentation! Softcover. Previous edition c:2001.
From the Inside Flap
"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." --Bill Machrone, PC Magazine "Reading this book is better than hiring those Sneakers guys to break into your network to tell you where the open doors are, and it doesn't cost nearly as much." --Professional Certification magazine "A great practical guide for administrators and an eminently readable expose on hacking that should smooth the way for sensible executive policies to protect corporate networks." --Cameron Sturdevant, eWeek "Will tell you more about what hackers have done and can--and can't--do than anything else I have seen....Chock full of tips on countermeasures and just plain usability tricks. Recommended." --Jerry Pournelle, BYTE Magazine "For almost any computer book, you can find a clone. But not this one.... A one-of-a-kind study of the art of breaking in." --UNIX Review New and Updated Material: * Each part opens with a brand new case study based on real security scenarios * Brand new chapter covers the latest 802.11 Wireless networking security attacks and countermeasures * New strategies for proactively defending against dial-up, PBX, voicemail, and VPN hacks * Completely rewritten enumeration chapter including new SQL Server discovery tools, Windows XP/.NET Server countermeasures, Novell exploits, and network discovery using BGP * New techniques for gaining unauthorized access to Windows 9x/Me/NT/2000/XP, Novell 6, UNIX, and Linux * Up-to-date countermeasures for preventing the exploitation of proxy and packet filtering firewall vulnerabilities * Web hacking chapter completely revised and updated to cover the latest platform-specific vulnerabilities from Apache to IIS, current techniques including cross-site scripting, fuzzing, and SQL injection attacks, and all of the latest tools from Achilles to Nikto * Hacking Exposed Live! video presentation on DVD
From the Back Cover
"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." --Bill Machrone, PC Magazine
"Reading this book is better than hiring those Sneakers guys to break into your network to tell you where the open doors are, and it doesn't cost nearly as much." --Professional Certification magazine
"A great practical guide for administrators and an eminently readable expose on hacking that should smooth the way for sensible executive policies to protect corporate networks." --Cameron Sturdevant, eWeek
"Will tell you more about what hackers have done and can--and can't--do than anything else I have seen....Chock full of tips on countermeasures and just plain usability tricks. Recommended." --Jerry Pournelle, BYTE Magazine
"For almost any computer book, you can find a clone. But not this one.... A one-of-a-kind study of the art of breaking in." --UNIX Review
New and Updated Material: Each part opens with a brand new case study based on real security scenarios Brand new chapter covers the latest 802.11 Wireless networking security attacks and countermeasures New strategies for proactively defending against dial-up, PBX, voicemail, and VPN hacks Completely rewritten enumeration chapter including new SQL Server discovery tools, Windows XP/.NET Server countermeasures, Novell exploits, and network discovery using BGP New techniques for gaining unauthorized access to Windows 9x/Me/NT/2000/XP, Novell 6, UNIX, and Linux Up-to-date countermeasures for preventing the exploitation of proxy and packet filtering firewall vulnerabilities Web hacking chapter completely revised and updated to cover the latest platform-specific vulnerabilities from Apache to IIS, current techniques including cross-site scripting, fuzzing, and SQL injection attacks, and all of the latest tools from Achilles to Nikto
Hacking Exposed Live! video presentation on DVD
About the Author
Stuart McClure is the co-author of all four editions of Hacking Exposed as well as Hacking Exposed Windows 2000. Stuart co-authored "Security Watch," a weekly column in InfoWorld addressing topical security issues, exploits, and vulnerabilities. He is the President/CTO of Foundstone, Inc. Prior to co-founding Foundstone, Stuart was a Senior Manager with Ernst & Young's Security Profiling Services Group, responsible for project management, attack and penetration reviews, and technology evaluations. Stuart trains Foundstone's Ultimate Hacking course, and Hacking Exposed Live for conferences such as Networld + InterOp, Black Hat, RSA, CSI, among others.
Joel Scambray, CISSP is the co-author of all four editions of Hacking Exposed as well as Hacking Exposed Web Applications and Hacking Exposed Windows 2000. Joel co-authored "Security Watch," a weekly column in InfoWorld. Joel is the author of Microsoft's "Ask Us About…Security" Monthly Column. He also taught Foundstone's Ultimate Hacking Windows course.
George Kurtz, CISSP is the co-author of all four editions of Hacking Exposed as well as Hacking Exposed Linux. He is the CEO of Foundstone, a cutting edge security solutions provider. Mr. Kurtz has significant experience with intrusion detection and firewall technologies, incident response procedures, and remote access solutions. As CEO and co-founder of Foundstone, Mr. Kurtz provides a unique combination of business acumen and technical security know-how.
Hacking Exposed: Network Security Secrets and Solutions, Fourth Edition FROM OUR EDITORS
The Barnes & Noble Review
The creator of the No. 1 open source network intrusion detection system called a previous edition of Hacking Exposed "the Encyclopedia Britannica of computer security." We suspect he'll find the Fourth Edition even more indispensable. So will you.
This book is a classic. The first three editions have sold more than 300,000 copies. And the authors are, quite simply, legends in their field.
Stuart McClure is president/CTO and George Kurtz is CEO of Foundstone, one of the world's top IT security consultancies; McClure formerly led attack/penetration reviews and security technology evaluations for Ernst & Young. Joel Scambray has taught Foundstone's Ultimate Hacking Windows course, writes Microsoft's "Ask Us About Security" monthly column, and co-wrote both Hacking Exposed Web Applications and Hacking Exposed Windows 2000.
Think they're resting on their laurels? No way. This book is packed with new attacks, exploits, and countermeasures, as well as updated information on everything from viruses to web hacks. If you're concerned about it (or should be), you'll find it covered here.
For instance, the book's Windows coverage has been thoroughly revamped, benefiting from the insider's expertise of coauthor Joel Scambray, who's now Senior Director of Security for Microsoft's MSN. (He's even added coverage of the forthcoming Windows Server 2003).
The coverage of web hacking has also been massively updated, reflecting a wide range of creative new techniques hackers have come up with to enter or disrupt web sites.
For example, there's Cross-Site Scripting (XSS), wherein web apps gather user data they can use maliciously, typically via fake hyperlinks that contain malicious elements that have been encoded so as not to look suspicious. XSS attacks have allowed hackers to hijack accounts, change user settings, and steal or "poison" cookies.
The authors also discuss "fuzzing" response handlers to identify web server vulnerabilities such as format string or buffer/heap overflows; and "SQL injection" attacks, in which users enter weird text strings into your forms -- and those strings execute SQL directly against your database. (Maybe even deleting entire tables. Fun, huh?)
Hacking Exposed, Fourth Edition also updates its coverage of hacking (and protective) tools. For example, the authors introduce Nikto, a web server scanner that can test web servers for more than 1,550 dangerous files and CGIs and report on over 180 products; and Achilles, a full-featured proxy server optimized for testing the security of web applications. There's also thoroughly updated information on Apache, reflecting the latest versions.
As in previous editions, the authors have organized Hacking Exposed into four sections. First, you'll "case the establishment." That begins with "footprinting" -- identifying what can easily be discovered about your (or someone else's) IP infrastructure. You'll scan to identify live hosts and running services; then probe the services you've identified more fully for known weaknesses, a procedure known as "enumeration."
In Part II, you'll walk through system hacking techniques and countermeasures for Windows 9x/Me, Windows XP/2000/NT, Unix/Linux, databases, and NetWare. Incidentally, while NetWare doesn't get the hype it once did, there are still more than 4.5 million NetWare servers out there -- and many of them have moved onto IP, making them fair game for web hackers. Many NetWare servers are shockingly unprotected, still relying on the discredited "security through obscurity" approach. If you're running NetWare, this chapter could save your business.
Part III focuses on network hacking -- everything from an entirely new chapter on wireless security to updated coverage of dial-up, PBX, voicemail, and VPN hacking, firewalls, and Denial of Service attacks. Finally, in Part IV, the authors turn to application hacking -- including techniques for controlling software remotely; hacking Internet users, and more.
Perhaps this edition's most exciting new feature is a full hour of CD-ROM video from the authors' incredibly popular Hacking Exposed LIVE! seminars. These events have drawn SRO crowds at events ranging from Networld+Interop to Black Hat. Folks come running out of them grabbing their cell phones, calling in immediate configuration changes to their network administrators. That's how crucial this information is. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.
FROM THE PUBLISHER
"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." --Bill Machrone, PC Magazine
This brand-new edition of the best-selling security book covers all the latest hacks and countermeasures and includes a bonus DVD with the authors' famous "Hacking Exposed Live" presentation!
Stuart McClure is the coauthor of all four editions of Hacking Exposed as well as of Hacking Exposed Windows 2000. Stuart co-authored "Security Watch," a weekly column in InfoWorld addressing topical security issues, exploits, and vulnerabilities. He is the President/CTO of Foundstone, Inc. Prior to co-founding Foundstone, Stuart was a Senior Manager with Ernst & Young's Security Profiling Services Group, responsible for project management, attack and penetration reviews, and technology evaluations. Stuart trains Foundstone's Ultimate Hacking course, and Hacking Exposed Live for conferences such as Networld + InterOp, Black Hat, RSA, CSI, among others.
Joel Scambray, CISSP, is the co-author of all four editions of Hacking Exposed as well as of Hacking Exposed Web Applications and Hacking Exposed Windows 2000. Joel co-authored "Security Watch," a weekly column in InfoWorld. Joel is the author of Microsoft's "Ask Us About ... Security" Monthly Column. He also taught Foundstone's Ultimate Hacking Windows course.
George Kurtz, CISSP, is the co-author of all four editions of Hacking Exposed and of both editions of Hacking Linux Exposed. He is the CEO of Foundstone, a cutting edge security solutions provider. Mr. Kurtz has significant experience with intrusion detection and firewall technologies, incident response procedures, and remote access solutions. As CEO and co-founder of Foundstone, George provides a unique combination of business acumen and technical security know-how.
SYNOPSIS
"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." Bill Machrone, PC Magazine
"Reading this book is better than hiring those Sneakers guys to break into your network to tell you where the open doors are, and it doesn't cost nearly as much." Professional Certification magazine
"A great practical guide for administrators and an eminently readable expose on hacking that should smooth the way for sensible executive policies to protect corporate networks." Cameron Sturdevant, eWeek
"Will tell you more about what hackers have done and canand can'tdo than anything else I have seen....Chock full of tips on countermeasures and just plain usability tricks. Recommended." Jerry Pournelle, BYTE Magazine
"For almost any computer book, you can find a clone. But not this one.... A one-of-a-kind study of the art of breaking in." UNIX Review
New and Updated Material: Each part opens with a brand new case study based on real security scenarios Brand new chapter covers the latest 802.11 Wireless networking security attacks and countermeasures New strategies for proactively defending against dial-up, PBX, voicemail, and VPN hacks Completely rewritten enumeration chapter including new SQL Server discovery tools, Windows XP/.NET Server countermeasures, Novell exploits, and network discovery using BGP New techniques for gaining unauthorized access to Windows 9x/Me/NT/2000/XP, Novell 6, UNIX, and Linux Up-to-date countermeasures for preventing the exploitation of proxy and packet filtering firewall vulnerabilities Web hacking chapter completely revised and updated to cover the latest platform-specific vulnerabilities from Apache to IIS, current techniques including cross-site scripting, fuzzing, and SQL injection attacks, and all of the latest tools from Achilles to Nikto
Hacking Exposed Live! video presentation on DVD