Home Page Icon
Home Page
Table of Contents for
End User License Agreement
Close
End User License Agreement
by Kevin Beaver
Hacking For Dummies, 5th Edition
Cover
Cover
Foreword
Introduction
Who Should Read This Book?
About This Book
How to Use This Book
What You Don’t Need to Read
Foolish Assumptions
How This Book Is Organized
Icons Used in This Book
Where to Go from Here
Part I: Building the Foundation for Security Testing
Chapter 1: Introduction to Ethical Hacking
Straightening Out the Terminology
Recognizing How Malicious Attackers Beget Ethical Hackers
Understanding the Need to Hack Your Own Systems
Understanding the Dangers Your Systems Face
Obeying the Ethical Hacking Principles
Using the Ethical Hacking Process
Chapter 2: Cracking the Hacker Mindset
What You’re Up Against
Who Breaks into Computer Systems
Why They Do It
Planning and Performing Attacks
Maintaining Anonymity
Chapter 3: Developing Your Ethical Hacking Plan
Establishing Your Goals
Determining Which Systems to Hack
Creating Testing Standards
Selecting Security Assessment Tools
Chapter 4: Hacking Methodology
Setting the Stage for Testing
Seeing What Others See
Scanning Systems
Determining What’s Running on Open Ports
Assessing Vulnerabilities
Penetrating the System
Part II: Putting Security Testing in Motion
Chapter 5: Information Gathering
Gathering Public Information
Mapping the Network
Chapter 6: Social Engineering
Introducing Social Engineering
Starting Your Social Engineering Tests
Why Attackers Use Social Engineering
Understanding the Implications
Performing Social Engineering Attacks
Social Engineering Countermeasures
Chapter 7: Physical Security
Identifying Basic Physical Security Vulnerabilities
Pinpointing Physical Vulnerabilities in Your Office
Chapter 8: Passwords
Understanding Password Vulnerabilities
Cracking Passwords
General Password Cracking Countermeasures
Securing Operating Systems
Part III: Hacking Network Hosts
Chapter 9: Network Infrastructure Systems
Understanding Network Infrastructure Vulnerabilities
Choosing Tools
Scanning, Poking, and Prodding the Network
Detecting Common Router, Switch, and Firewall Weaknesses
Putting Up General Network Defenses
Chapter 10: Wireless Networks
Understanding the Implications of Wireless Network Vulnerabilities
Choosing Your Tools
Discovering Wireless Networks
Discovering Wireless Network Attacks and Taking Countermeasures
Chapter 11: Mobile Devices
Sizing Up Mobile Vulnerabilities
Cracking Laptop Passwords
Cracking Phones and Tablets
Part IV: Hacking Operating Systems
Chapter 12: Windows
Introducing Windows Vulnerabilities
Choosing Tools
Gathering Information About Your Windows Vulnerabilities
Detecting Null Sessions
Checking Share Permissions
Exploiting Missing Patches
Running Authenticated Scans
Chapter 13: Linux
Understanding Linux Vulnerabilities
Choosing Tools
Gathering Information About Your Linux Vulnerabilities
Finding Unneeded and Unsecured Services
Securing the .rhosts and hosts.equiv Files
Assessing the Security of NFS
Checking File Permissions
Finding Buffer Overflow Vulnerabilities
Checking Physical Security
Performing General Security Tests
Patching Linux
Part V: Hacking Applications
Chapter 14: Communication and Messaging Systems
Introducing Messaging System Vulnerabilities
Recognizing and Countering E-Mail Attacks
Understanding Voice over IP
Chapter 15: Web Applications and Mobile Apps
Choosing Your Web Security Testing Tools
Seeking Out Web Vulnerabilities
Minimizing Web Security Risks
Uncovering Mobile App Flaws
Chapter 16: Databases and Storage Systems
Diving Into Databases
Following Best Practices for Minimizing Database Security Risks
Opening Up About Storage Systems
Following Best Practices for Minimizing Storage Security Risks
Part VI: Security Testing Aftermath
Chapter 17: Reporting Your Results
Pulling the Results Together
Prioritizing Vulnerabilities
Creating Reports
Chapter 18: Plugging Security Holes
Turning Your Reports into Action
Patching for Perfection
Hardening Your Systems
Assessing Your Security Infrastructure
Chapter 19: Managing Security Processes
Automating the Ethical Hacking Process
Monitoring Malicious Use
Outsourcing Security Assessments
Instilling a Security-Aware Mindset
Keeping Up with Other Security Efforts
Part VII: The Part of Tens
Chapter 20: Ten Tips for Getting Security Buy-In
Cultivate an Ally and a Sponsor
Don’t Be a FUDdy Duddy
Demonstrate How the Organization Can’t Afford to Be Hacked
Outline the General Benefits of Security Testing
Show How Security Testing Specifically Helps the Organization
Get Involved in the Business
Establish Your Credibility
Speak on Management’s Level
Show Value in Your Efforts
Be Flexible and Adaptable
Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test
The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods
IT Governance and Compliance Are More than High-Level Checklist Audits
Hacking Complements Audits and Security Evaluations
Customers and Partners Will Ask, ‘How Secure Are Your Systems?’
The Law of Averages Works Against Businesses
Security Assessments Improve the Understanding of Business Threats
If a Breach Occurs, You Have Something to Fall Back On
In-Depth Testing Brings Out the Worst in Your Systems
Combining the Best of Penetration Testing and Vulnerability Assessments Is What You Need
Proper Testing Can Uncover Weaknesses That Might Go Overlooked for Years
Chapter 22: Ten Deadly Mistakes
Not Getting Prior Approval
Assuming You Can Find All Vulnerabilities During Your Tests
Assuming You Can Eliminate All Security Vulnerabilities
Performing Tests Only Once
Thinking You Know It All
Running Your Tests Without Looking at Things from a Hacker’s Viewpoint
Not Testing the Right Systems
Not Using the Right Tools
Pounding Production Systems at the Wrong Time
Outsourcing Testing and Not Staying Involved
Appendix: Tools and Resources
Advanced Malware
Bluetooth
Certifications
Databases
Denial of Service Protection
Exploits
General Research Tools
Hacker Stuff
Keyloggers
Laws and Regulations
Linux
Live Toolkits
Log Analysis
Messaging
Miscellaneous
Mobile
Networks
Password Cracking
Patch Management
Security Education and Learning Resources
Security Methods and Models
Social Enginering and Phishing
Source Code Analysis
Statistics
Storage
System Hardening
User Awareness and Training
Voice over IP
Vulnerability Databases
Websites and Applications
Windows
Wireless Networks
About the Author
Cheat Sheet
Connect with Dummies
End User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Connect with Dummies
WILEY END USER LICENSE AGREEMENT
Go to
www.wiley.com/go/eula
to access Wiley’s ebook EULA.
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset