iii
Contents
Preface xiii
Acknowledgments xv
PART ONE Hacker Techniques and Tools 1
CHAPTER 1 Hacking: The Next Generation 2
Profi les of Hackers, Crackers, and Cybercriminals 4
The Hacker Mindset 6
A Look Back at the History of Computer Hacking 9
Ethical Hacking and Penetration Testing 12
The Role of Ethical Hacking 13
Common Hacking Methodologies 15
Performing a Penetration Test 17
The Role of the Law and Ethical Standards 19
CHAPTER SUMMARY 21
KEY CONCEPTS AND TERMS 21
CHAPTER 1 ASSESSMENT 22
CHAPTER 2
TCP/IP Review 23
Exploring the OSI Reference Model 25
The Role of Protocols 25
Layer 1: Physical Layer 26
Layer 2: Data Link Layer 27
Layer 3: Network Layer 28
Layer 4: Transport Layer 28
Layer 5: Session Layer 29
Layer 6: Presentation Layer 29
Layer 7: Application Layer 30
Mapping the OSI to Functions and Protocols 31
TCP/IP (A Layer-by-Layer Review) 32
Physical/Network Access Layer 33
Internetwork Layer 36
Host-to-Host Layer 42
Application Layer 44
iv
Contents
CHAPTER SUMMARY 48
KEY CONCEPTS AND TERMS 48
CHAPTER 2 ASSESSMENT 49
CHAPTER 3
Cryptographic Concepts 50
Cryptographic Basics 52
Cryptographic History 55
Symmetric Encryption 58
Asymmetric Encryption 61
Digital Signatures 65
Purpose of Public Key Infrastructure 66
The Role of Certificate Authorities (CAs) 69
PKI Attacks 71
Hashing 72
Common Cryptographic Systems 74
Cryptanalysis 75
CHAPTER SUMMARY 78
KEY CONCEPTS AND TERMS 79
CHAPTER 3 ASSESSMENT 79
CHAPTER 4
Physical Security 81
Basic Equipment Controls 82
Hard Drive and Mobile Device Encryption 82
Fax Machines and Public Branch Exchanges 85
Voice over IP (VoIP) 86
Physical Area Controls 87
Fences 87
Gates 89
Bollards 90
Facility Controls 90
Doors, Mantraps, and Turnstiles 91
Walls, Ceilings, and Floors 92
Windows 93
Guards and Dogs 93
Construction 94
Personal Safety Controls 94
Lighting 95
Alarms and Intrusion Detection 95
Closed-Circuit TV (CCTV) 96
Contents v
Physical Access Controls 97
Locks 97
Lock Picking 97
Tokens and Biometrics 98
Avoiding Common Threats to Physical Security 99
Natural, Human, and Technical Threats 99
Physical Keyloggers and Sniffers 100
Wireless Interception and Rogue Access Points 102
Defense in Depth 102
CHAPTER SUMMARY 103
KEY CONCEPTS AND TERMS 103
CHAPTER 4 ASSESSMENT 104
PART TWO A Technical Overview of Hacking 105
CHAPTER 5 Footprinting Tools and Techniques 106
The Information-Gathering Process 107
The Information on a Company Web Site 108
Discovering Financial Information 112
Google Hacking 114
Exploring Domain Information Leakage 117
Manual Registrar Query 117
Automatic Registrar Query 121
Whois 123
Nslookup 124
Internet Assigned Numbers Authority (IANA) 124
Determining a Network Range 126
Tracking an Organization’s Employees 128
Exploiting Insecure Applications 132
Using Basic Countermeasures 132
CHAPTER SUMMARY 135
KEY CONCEPTS AND TERMS 135
CHAPTER 5 ASSESSMENT 136
CHAPTER 6
Port Scanning 137
Determining the Network Range 138
Identifying Active Machines 139
Wardialing 139
Wardriving 140
Pinging 142
Port Scanning 142
vi
Contents
Mapping Open Ports 146
Nmap 146
Superscan 149
Scanrand 149
THC-Amap 150
OS Fingerprinting 150
Active OS Fingerprinting 151
Passive OS Fingerprinting 153
Mapping the Network 154
Cheops 155
Solarwinds 155
Analyzing the Results 155
CHAPTER SUMMARY 157
KEY CONCEPTS AND TERMS 157
CHAPTER 6 ASSESSMENT 158
CHAPTER 7
Enumeration and Computer System Hacking 159
Windows Basics 160
Controlling Access 161
Users 161
Groups 162
Security Identifiers 163
Commonly Attacked and Exploited Services 164
Enumeration 164
NULL Session 165
Working with Nbtstat 167
SuperScan 167
SNScan 169
System Hacking 169
Types of Password Cracking 170
Passive Online Attacks 170
Active Online Attacks 171
Offline Attacks 171
Nontechnical Attacks 174
Using Password Cracking 175
Privilege Escalation 175
Planting Backdoors 179
Using PsTools 180
Rootkits 180
Contents vii
Covering Tracks 182
Disabling Auditing 182
Data Hiding 183
CHAPTER SUMMARY 184
KEY CONCEPTS AND TERMS 184
CHAPTER 7 ASSESSMENT 185
CHAPTER 8
Wireless Vulnerabilities 186
The Importance of Wireless Security 187
Emanations 188
Common Support and Availability 188
A Brief History of Wireless Technologies 189
802.11 190
802.11b 190
802.11a 190
802.11g 191
802.11n 191
Other Wireless Technologies 192
Working with and Securing Bluetooth 192
Bluetooth Security 193
Working with Wireless LANs 196
CSMA/CD Versus CSMA/CA 196
Role of APs 197
Service Set Identifier (SSID) 197
Association with an AP 198
The Importance of Authentication 198
Working with RADIUS 198
Network Setup Options 198
Threats to Wireless LANs 199
Wardriving 199
Misconfigured Security Settings 200
Unsecured Connections 200
Rogue APs 201
Promiscuous Clients 201
Wireless Network Viruses 202
Countermeasures 202
Wireless Hacking Tools 202
Netstumbler 203
inSSIDer 203

Get Hacker Techniques, Tools, and Incident Handling now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.