Introduction
Welcome to Hacking For Dummies, 5th Edition. This book outlines — in plain English — computer hacker tricks and techniques that you can use to assess the security of your information systems, find the vulnerabilities that matter, and fix the weaknesses before criminal hackers and malicious insiders take advantage of them. This hacking is the professional, aboveboard, and legal type of security testing — which I often refer to as ethical hacking throughout the book.
Computer and network security is a complex subject and an ever-moving target. You must stay on top of it to ensure that your information is protected from the bad guys. That’s where the techniques and tools outlined in this book can help.
You can implement all the security technologies and other best practices possible, and your information systems might be secure — as far as you know. However, until you understand how malicious attackers think, apply that knowledge, and use the right tools to assess your systems from their point of view, it’s practically impossible to have a true sense of how secure your information really is.
Ethical hacking, or more simply, “security assessments” — which encompasses formal and methodical penetration testing, white hat hacking, and vulnerability testing — is necessary to find security flaws and to help validate that your information systems are truly secure on an ongoing basis. This book provides you with the knowledge to implement a security assessment program successfully, perform proper security checks, and put the proper countermeasures in place to keep external hackers and malicious users in check.
Who Should Read This Book?
Disclaimer: If you choose to use the information in this book to hack or break into computer systems maliciously and without authorization, you’re on your own. Neither I (the author) nor anyone else associated with this book shall be liable or responsible for any unethical or criminal choices that you might make and execute using the methodologies and tools that I describe. This book is intended solely for information technology (IT) and information security professionals to test information security — either on your own systems or on a client’s systems — in an authorized fashion.
Okay, now that that’s out of the way, it’s time for the good stuff! This book is for you if you’re a network administrator, information security manager, security consultant, security auditor, compliance manager, or otherwise interested in finding out more about testing computer systems and IT operations to make things more secure.
As the person performing well-intended information security assessments, you can detect and point out security holes that might otherwise be overlooked. If you’re performing these tests on your systems, the information you uncover in your tests can help you win over management and prove that information security really is a business issue to be taken seriously. Likewise, if you’re performing these tests for your clients, you can help find security holes that can be plugged before the bad guys have a chance to exploit them.
The information in this book helps you stay on top of the security game and enjoy the fame and glory of helping your organization and clients prevent bad things from happening to their information and network environment.
About This Book
Hacking For Dummies, 5th Edition, is a reference guide on hacking your systems to improve security and help minimize business risks. The security testing techniques are based on written and unwritten rules of computer system penetration testing, vulnerability testing, and information security best practices. This book covers everything from establishing your hacking plan to testing your systems to plugging the holes and managing an ongoing security testing program. Realistically, for many networks, operating systems, and applications, thousands of possible hacks exist. I don’t cover them all but I do cover the major ones on various platforms and systems that I believe contribute to the most security problems in business today. Whether you need to assess security vulnerabilities on a small home office network, a medium-sized corporate network, or across large enterprise systems, Hacking For Dummies, 5th Edition, provides the information you need.
How to Use This Book
This book includes the following features:
- Various technical and nontechnical tests and their detailed methodologies
- Specific countermeasures to protect against hacking
Before you start testing your systems, familiarize yourself with the information in Part I so you’re prepared for the tasks at hand. The adage “if you fail to plan, you plan to fail” rings true for the ethical hacking process. You must have a solid game plan in place if you’re going to be successful.
What You Don’t Need to Read
Depending on your computer and network configurations, you may be able to skip chapters. For example, if you aren’t running Linux or wireless networks, you can skip those chapters. Just be careful. You may think you’re not running certain systems, but they could very well be on your network, somewhere, waiting to be exploited.
Foolish Assumptions
I make a few assumptions about you, the aspiring IT or security professional:
- You are familiar with basic computer-, network-, and information-security concepts and terms.
- You have access to a computer and a network on which to use these techniques and tools.
- You have permission to perform the hacking techniques described in this book.
How This Book Is Organized
This book is organized into seven modular parts, so you can jump around from one part to another as needed. Each chapter provides practical methodologies and practices you can use as part of your security testing efforts, including checklists and references to specific tools you can use, as well as resources on the Internet.
Part I: Building the Foundation for Security Testing
This part covers the fundamental aspects of security assessments. It starts with an overview of the value of ethical hacking and what you should and shouldn’t do during the process. You get inside the malicious mindset and discover how to plan your security testing efforts. This part covers the steps involved in the ethical hacking process, including how to choose the proper tools.
Part II: Putting Security Testing in Motion
This part gets you rolling with the security testing process. It covers several well-known and widely used hack attacks, including information gathering, social engineering, and cracking passwords, to get your feet wet. This part covers the human and physical elements of security, which tend to be the weakest links in any information security program. After you plunge into these topics, you’ll know the tips and tricks required to perform common general security tests against your systems, as well as specific countermeasures to keep your information systems secure.
Part III: Hacking Network Hosts
Starting with the larger network in mind, this part covers methods to test your systems for various well-known network infrastructure vulnerabilities. From weaknesses in the TCP/IP protocol suite to wireless network insecurities, you find out how networks are compromised by using specific methods of flawed network communications, along with various countermeasures that you can implement to avoid becoming a victim. I then delve down into mobile devices and show how smartphones, tablets, and the like can be exploited.
Part IV: Hacking Operating Systems
Practically all operating systems have well-known vulnerabilities that hackers often exploit. This part jumps into hacking the widely-used operating systems: Windows and Linux. The hacking methods include scanning your operating systems for vulnerabilities and enumerating the specific hosts to gain detailed information. This part also includes information on exploiting well-known vulnerabilities in these operating systems, taking over operating systems remotely, and specific countermeasures that you can implement to make your operating systems more secure.
Part V: Hacking Applications
Application security is a critical area of focus these days. An increasing number of attacks — which are often able to bypass firewalls, intrusion prevention systems, and antivirus software — are aimed directly at web, mobile, and related applications. This part discusses hacking specific business applications, including coverage of messaging systems, web applications, mobile apps, and databases, along with practical countermeasures that you can put in place to make your systems more secure.
Part VI: Security Testing Aftermath
After you perform your security testing, what do you do with the information you gather? Shelve it? Show it off? How do you move forward? This part answers these questions and more. From developing reports for management to remediating the security flaws that you discover to establishing procedures for your ongoing vulnerability testing efforts, this part brings the security assessment process full circle. This information not only ensures that your effort and time are well spent, but also is evidence that information security is an essential element for success in any business that depends on computers and information technology.
Part VII: The Part of Tens
This part contains tips to help ensure the success of your information security program. You find out how to get management to buy into your program so you can get going and start protecting your systems. This part also includes the top ten ethical hacking mistakes you absolutely must avoid.
The appendix, which also appears in this part, provides a one-stop reference listing of ethical hacking tools and resources.
Icons Used in This Book
This icon points out information that is worth committing to memory.
This icon points out information that could have a negative impact on your ethical hacking efforts — so please read it!
This icon refers to advice that can help highlight or clarify an important point.
This icon points out technical information that is interesting but not vital to your understanding of the topic being discussed.
Where to Go from Here
The more you know about how external hackers and rogue insiders work and how your systems should be tested, the better you’re able to secure your computer and network systems. This book provides the foundation that you need to develop and maintain a successful security assessment program in order to minimize business risks.
Keep in mind that the high-level concepts of security testing won’t change as often as the specific vulnerabilities you protect against. Ethical hacking will always remain both an art and a science in a field that’s ever-changing. You must keep up with the latest hardware and software technologies, along with the various vulnerabilities that come about month after month and year after year.
You won’t find a single best way to hack your systems, so tweak this information to your heart’s content and, as I’ve always said, happy hacking!