Cover image for Hacker Techniques, Tools, and Incident Handling, 3rd Edition

Hacker Techniques, Tools, and Incident Handling, 3rd Edition

Author Michael G. Solomon , Sean-Philip Oriyano
Release Date: 2018/09/01
ISBN: 9781284147810
Topic:
0%
131
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

Hacker Techniques, Tools, and Incident Handling, Third Edition begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. It goes on to review the technical overview of hacking: how attacks target networks and the methodology they follow. The final section studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on the Web. Written by subject matter experts, with numerous real-world examples, Hacker Techniques, Tools, and Incident Handling, Third Edition provides readers with a clear, comprehensive introduction to the many threats on our Internet environment and security and what can be done to combat them.

Book Description

Hacker Techniques, Tools, and Incident Handling, Third Edition begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. It goes on to review the technical overview of hacking: how attacks target networks and the methodology they follow. The final section studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on the Web. Written by subject matter experts, with numerous real-world examples, Hacker Techniques, Tools, and Incident Handling, Third Edition provides readers with a clear, comprehensive introduction to the many threats on our Internet environment and security and what can be done to combat them.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Contents
  5. Preface
  6. Acknowledgments
  7. About the Authors
  8. CHAPTER 1 Hacking: The Next Generation
    1. Profiles and Motives of Different Types of Hackers
      1. Controls
      2. The Hacker Mindset
      3. Motivation
    2. A Look at the History of Computer Hacking
    3. Ethical Hacking and Penetration Testing
      1. The Role of Ethical Hacking
      2. Ethical Hackers and the C-I-A Triad
    4. Common Hacking Methodologies
    5. Performing a Penetration Test
    6. The Role of the Law and Ethical Standards
  9. CHAPTER 2 TCP/IP Review
    1. Exploring the OSI Reference Model
    2. The Role of Protocols
      1. Layer 1: Physical Layer
      2. Layer 2: Data Link Layer
      3. Layer 3: Network Layer
      4. Layer 4: Transport Layer
      5. Layer 5: Session Layer
      6. Layer 6: Presentation Layer
      7. Layer 7: Application Layer
      8. Mapping the OSI Model to Functions and Protocols
    3. TCP/IP: A Layer-by-Layer Review
      1. Physical or Network Access Layer
      2. Network or Internet Layer
      3. Host-to-Host Layer
      4. Application Layer
  10. CHAPTER 3 Cryptographic Concepts
    1. Cryptographic Basics
      1. Authentication
      2. Integrity
      3. Nonrepudiation
      4. Symmetric and Asymmetric Cryptography
      5. Cryptographic History
    2. What Is an Algorithm or Cipher?
    3. Symmetric Encryption
    4. Asymmetric Encryption
      1. Digital Signatures
    5. Purpose of Public Key Infrastructure
      1. The Role of Certificate Authorities (CAs)
      2. PKI Attacks
    6. Hashing
    7. Common Cryptographic Systems
    8. Cryptanalysis
    9. Future Forms of Cryptography
  11. CHAPTER 4 Physical Security
    1. Basic Equipment Controls
      1. Hard Drive and Mobile Device Encryption
      2. Fax Machines and Printers
      3. Voice over IP (VoIP)
    2. Physical Area Controls
      1. Fences
      2. Perimeter Intrusion Detection and Assessment System (PIDAS)
      3. Gates
      4. Bollards
    3. Facility Controls
      1. Doors, Mantraps, and Turnstiles
      2. Walls, Ceilings, and Floors
      3. Windows
      4. Guards and Dogs
      5. Construction
    4. Personal Safety Controls
      1. Lighting
      2. Alarms and Intrusion Detection
      3. Closed-Circuit TV (CCTV)/Remote Monitoring
    5. Physical Access Controls
      1. Locks
      2. Lock Picking
      3. Tokens and Biometrics
    6. Avoiding Common Threats to Physical Security
      1. Natural, Human, and Technical Threats
      2. Physical Keystroke Loggers and Sniffers
      3. Wireless Interception and Rogue Access Points
    7. Defense in Depth
  12. CHAPTER 5 Footprinting Tools and Techniques
    1. The Information-Gathering Process
    2. The Information on a Company Website
    3. Discovering Financial Information
    4. Google Hacking
    5. Exploring Domain Information Leakage
      1. Manual Registrar Query
      2. Automatic Registrar Query
      3. Whois
      4. Nslookup
      5. Internet Assigned Numbers Authority (IANA)
      6. Determining a Network Range
    6. Tracking an Organization’s Employees
    7. Exploiting Insecure Applications
    8. Using Social Networks
    9. Using Basic Countermeasures
  13. CHAPTER 6 Port Scanning
    1. Determining the Network Range
    2. Identifying Active Machines
      1. Wardialing
      2. Wardriving and Related Activities
      3. Pinging
      4. Port Scanning
    3. Mapping Open Ports
      1. Nmap
      2. SuperScan
      3. Scanrand
      4. THC-Amap
    4. OS Fingerprinting
      1. Active OS Fingerprinting
      2. Passive OS Fingerprinting
    5. Mapping the Network
    6. Analyzing the Results
  14. CHAPTER 7 Enumeration and Computer System Hacking
    1. Windows Basics
      1. Controlling Access
      2. Users
      3. Groups
      4. Security Identifiers
    2. Commonly Attacked and Exploited Services
    3. Enumeration
      1. How to Perform Enumeration Tasks
      2. NULL Session
      3. Working with nbtstat
      4. SuperScan
      5. Angry IP Scanner
      6. SNScan
    4. System Hacking
    5. Types of Password Cracking
      1. Passive Online Attacks
      2. Active Online Attacks
      3. Offline Attacks
      4. Nontechnical Attacks
    6. Using Password Cracking
      1. Privilege Escalation
      2. Planting Backdoors
    7. Using PsTools
    8. Rootkits
    9. Covering Tracks
      1. Disabling Auditing
      2. Data Hiding
  15. CHAPTER 8 Wireless Vulnerabilities
    1. The Importance of Wireless Security
      1. Emanations
      2. Common Support and Availability
      3. A Brief History of Wireless Technologies
      4. 802.11
      5. 802.11b
      6. 802.11a
      7. 802.11g
      8. 802.11n
      9. 802.11ac
      10. Other 802.11 Variants
      11. Other Wireless Technologies
    2. Working with and Securing Bluetooth
      1. Bluetooth Security
    3. Working with Wireless LANs
      1. CSMA/CD Versus CSMA/CA
      2. Role of APs
      3. Service Set Identifier (SSID)
      4. Association with an AP
      5. The Importance of Authentication
      6. Working with RADIUS
      7. Network Setup Options
    4. Threats to Wireless LANs
      1. Wardriving
      2. Misconfigured Security Settings
      3. Unsecured Connections
      4. Rogue APs
      5. Promiscuous Clients
      6. Wireless Network Viruses
      7. Countermeasures
    5. Internet of Things (IoT)
    6. Wireless Hacking Tools
      1. NetStumbler
      2. The inSSIDer Program
    7. Protecting Wireless Networks
      1. Default AP Security
      2. Placement
      3. Dealing with Emanations
      4. Dealing with Rogue APs
      5. Use Protection for Transmitted Data
      6. MAC Filtering
  16. CHAPTER 9 Web and Database Attacks
    1. Attacking Web Servers
      1. Categories of Risk
      2. Vulnerabilities of Web Servers
      3. Improper or Poor Web Design
      4. Buffer Overflow
      5. Denial of Service (DoS) Attack
      6. Distributed Denial of Service (DDoS) Attack
      7. Banner Information
      8. Permissions
      9. Error Messages
      10. Unnecessary Features
      11. User Accounts
      12. Structured Query Language (SQL) Injections
    2. Examining a SQL Injection
    3. Vandalizing Web Servers
      1. Input Validation
      2. Cross-Site Scripting (XSS) Attack
      3. Anatomy of Web Applications
      4. Insecure Logon Systems
      5. Scripting Errors
      6. Session Management Issues
      7. Encryption Weaknesses
    4. Database Vulnerabilities
      1. Database Types
      2. Vulnerabilities
      3. Locating Databases on the Network
      4. Database Server Password Cracking
      5. Locating Vulnerabilities in Databases
      6. Out of Sight, Out of Mind
    5. Cloud Computing
  17. CHAPTER 10 Malware
    1. Malware
      1. Malware’s Legality
      2. Types of Malware
      3. Malware’s Targets
    2. Viruses and How They Function
      1. Viruses: A History
      2. Types of Viruses
      3. Prevention Techniques
    3. Worms and How They Function
      1. How Worms Work
      2. Stopping Worms
      3. The Power of Education
      4. Antivirus and Firewalls
    4. Significance of Trojans
      1. Methods to Get Trojans onto a System
      2. Targets of Trojans
      3. Known Symptoms of an Infection
    5. Detection of Trojans and Viruses
      1. Vulnerability Scanners
      2. Antivirus/Anti-Malware
    6. Trojan Tools
    7. Distribution Methods
      1. Using Wrappers to Install Trojans
    8. Trojan Construction Kits
    9. Backdoors
    10. Covert Communication
      1. The Role of Keystroke Loggers
      2. Software
      3. Port Redirection
    11. Spyware
      1. Methods of Infection
      2. Bundling with Software
    12. Adware
    13. Scareware
    14. Ransomware
  18. CHAPTER 11 Sniffers, Session Hijacking, and Denial of Service Attacks
    1. Sniffers
      1. Passive Sniffing
      2. Active Sniffing
      3. Sniffing Tools
      4. What Can Be Sniffed?
    2. Session Hijacking
      1. Identifying an Active Session
      2. Seizing Control of a Session
      3. Session Hijacking Tools
      4. Thwarting Session Hijacking Attacks
      5. Denial of Service (DoS) Attacks
      6. Categories of DoS Attacks
      7. Tools for DoS Attacks
    3. Distributed Denial of Service (DDoS) Attacks
      1. Some Characteristics of DDoS Attacks
      2. Tools for DDoS Attacks
    4. Botnets and the Internet of Things (IoT)
  19. CHAPTER 12 Linux and Penetration Testing
    1. Linux
    2. Introducing Kali Linux
    3. Some of the Basics of Working with Linux
      1. A Look at the Interface
      2. Basic Linux Navigation
      3. Important Linux Directories
      4. Commonly Used Commands
      5. The Basic Command Structure of Linux
    4. Live CDs
      1. Special-Purpose Live CDs/DVDs
    5. Virtual Machines
  20. CHAPTER 13 Social Engineering
    1. What Is Social Engineering?
    2. Types of Social Engineering Attacks
      1. Phone-Based Attacks
      2. Dumpster Diving
      3. Shoulder Surfing
      4. Attacks Through Social Media
      5. Persuasion/Coercion
      6. Reverse Social Engineering
    3. Technology and Social Engineering
      1. Your Browser as a Defense Against Social Engineering
      2. Other Good Practices for Safe Computing
    4. Best Practices for Passwords
      1. Know What the Web Knows About You
      2. Creating and Managing Your Passwords
      3. Invest in a Password Manager
      4. Social Engineering and Social Networking
      5. Questions to Ask Before You Post
      6. An Overview of the Risks in Social Networking
    5. Social Networking in a Corporate Setting
      1. Particular Concerns in a Corporate Setting
      2. Facebook Security
  21. CHAPTER 14 Incident Response
    1. What Is a Security Incident?
    2. The Incident Response Process
      1. Incident Response Policies, Procedures, and Guidelines
      2. Phases of an Incident and Response
      3. Incident Response Team
    3. Incident Response Plans
      1. The Role of Business Continuity Plans
      2. Recovering Systems
      3. Business Impact Analysis
    4. Planning for Disaster and Recovery
      1. Testing and Evaluation
      2. Preparation and Staging of Testing Procedures
      3. Frequency of Tests
      4. Analysis of Test Results
    5. Evidence Handling and Administration
      1. Evidence Collection Techniques
      2. Security Reporting Options and Guidelines
    6. Requirements of Regulated Industries
  22. CHAPTER 15 Defensive Technologies
    1. Defense in Depth
    2. Intrusion Detection Systems
      1. IDS Components
      2. Components of a NIDS
      3. Components of a HIDS
      4. Setting Goals
      5. Accountability
      6. Limitations of an IDS
      7. Investigation of an Event
      8. Analysis of Information Collected
      9. Intrusion Prevention Systems
    3. The Purpose of Firewalls
      1. How Firewalls Work
      2. Firewall Methodologies
      3. Limitations of a Firewall
      4. Implementing a Firewall
      5. Authoring a Firewall Policy
    4. Honeypots/Honeynets
      1. Goals of Honeypots
      2. Legal Issues
    5. The Role of Controls
      1. Administrative Controls
      2. Technical Controls
      3. Physical Controls
    6. Security Best Practices
      1. Security Information and Event Management (SIEM)
      2. Sources for Guidance
  23. APPENDIX A Answer Key
  24. APPENDIX B Standard Acronyms
  25. Glossary of Key Terms
  26. References
  27. Index
18.191.157.186