Book description
A new edition of the bestselling guide-now updated to cover the latest hacks and how to prevent them!
It's bad enough when a hack occurs-stealing identities, bank accounts, and personal information. But when the hack could have been prevented by taking basic security measures-like the ones described in this book-somehow that makes a bad situation even worse. This beginner guide to hacking examines some of the best security measures that exist and has been updated to cover the latest hacks for Windows 7 and the newest version of Linux.
Offering increased coverage of Web application hacks, database hacks, VoIP hacks, and mobile computing hacks, this guide addresses a wide range of vulnerabilities and how to identify and prevent them. Plus, you'll examine why ethical hacking is oftentimes the only way to find security flaws, which can then prevent any future malicious attacks.
Explores the malicious hackers's mindset so that you can counteract or avoid attacks completely
Covers developing strategies for reporting vulnerabilities, managing security changes, and putting anti-hacking policies and procedures in place
Completely updated to examine the latest hacks to Windows 7 and the newest version of Linux
Explains ethical hacking and why it is essential
Hacking For Dummies, 3rd Edition shows you how to put all the necessary security measures in place so that you avoid becoming a victim of malicious hacking.
Table of contents
- Copyright
- About the Author
- Author's Acknowledgments
- Publisher's Acknowledgments
- Foreword
- Introduction
-
I. Building the Foundation for Ethical Hacking
- 1. Introduction to Ethical Hacking
- 2. Cracking the Hacker Mindset
- 3. Developing Your Ethical Hacking Plan
- 4. Hacking Methodology
-
II. Putting Ethical Hacking in Motion
- 5. Social Engineering
- 6. Physical Security
-
7. Passwords
- 7.1. Password Vulnerabilities
-
7.2. Cracking Passwords
- 7.2.1. Cracking passwords the old-fashioned way
-
7.2.2. High-tech password cracking
- 7.2.2.1. Password-cracking software
- 7.2.2.2. Dictionary attacks
- 7.2.2.3. Brute-force attacks
- 7.2.2.4. Rainbow attacks
- 7.2.2.5. Cracking Windows passwords with pwdump3 and John the Ripper
- 7.2.2.6. Cracking UNIX passwords with John the Ripper
- 7.2.2.7. Cracking Windows passwords using rainbow tables with ophcrack
- 7.2.2.8. Checking for null/blank passwords in NetWare
- 7.2.3. Password-protected files
- 7.2.4. Other ways to crack passwords
- 7.3. General Password-Cracking Countermeasures
- 7.4. Securing Operating Systems
-
III. Hacking the Network
-
8. Network Infrastructure
- 8.1. Network Infrastructure Vulnerabilities
- 8.2. Choosing Tools
- 8.3. Scanning, Poking, and Prodding
- 8.4. Common Router, Switch, and Firewall Weaknesses
- 8.5. General Network Defenses
-
9. Wireless LANs
- 9.1. Understanding the Implications of Wireless Network Vulnerabilities
- 9.2. Choosing Your Tools
- 9.3. Wireless LAN Discovery
-
9.4. Wireless Network Attacks and Countermeasures
- 9.4.1. Encrypted traffic
- 9.4.2. Countermeasures against encrypted traffic attacks
- 9.4.3. Rogue wireless devices
- 9.4.4. Countermeasures against rogue wireless devices
- 9.4.5. MAC spoofing
- 9.4.6. Countermeasures against MAC spoofing
- 9.4.7. Queensland DoS attack
- 9.4.8. Countermeasures against DoS attacks
- 9.4.9. Physical security problems
- 9.4.10. Countermeasures against physical security problems
- 9.4.11. Vulnerable wireless workstations
- 9.4.12. Countermeasures against vulnerable wireless workstations
- 9.4.13. Default configuration settings
- 9.4.14. Countermeasures against default configuration settings exploits
-
8. Network Infrastructure
-
IV. Hacking Operating Systems
- 10. Windows
- 11. Linux
-
12. Novell NetWare
- 12.1. NetWare Vulnerabilities
- 12.2. Choosing Tools
- 12.3. Getting Started
- 12.4. Authentication
- 12.5. Solid Practices for Minimizing NetWare Security Risks
-
V. Hacking Applications
-
13. Communication and Messaging Systems
- 13.1. Messaging System Vulnerabilities
- 13.2. E-Mail Attacks
- 13.3. Instant Messaging
- 13.4. Voice over IP
-
14. Web Sites and Applications
- 14.1. Choosing Your Web Application Tools
-
14.2. Web Vulnerabilities
- 14.2.1. Directory traversal
- 14.2.2. Countermeasures against directory traversals
- 14.2.3. Input filtering attacks
- 14.2.4. Countermeasures against input attacks
- 14.2.5. Default script attacks
- 14.2.6. Countermeasures against default script attacks
- 14.2.7. Unsecured login mechanisms
- 14.2.8. Countermeasures against unsecured login systems
- 14.2.9. General security scans for Web application vulnerabilities
- 14.3. Best Practices for Minimizing Web Security Risks
- 15. Databases and Storage Systems
-
13. Communication and Messaging Systems
- VI. Ethical Hacking Aftermath
-
VII. The Part of Tens
-
19. Ten Tips for Getting Upper Management Buy-In
- 19.1. Cultivate an Ally and Sponsor
- 19.2. Don't Be a FUDdy Duddy
- 19.3. Demonstrate How the Organization Can't Afford to Be Hacked
- 19.4. Outline the General Benefits of Ethical Hacking
- 19.5. Show How Ethical Hacking Specifically Helps the Organization
- 19.6. Get Involved in the Business
- 19.7. Establish Your Credibility
- 19.8. Speak on Management's Level
- 19.9. Show Value in Your Efforts
- 19.10. Be Flexible and Adaptable
-
20. Ten Reasons Hacking Is the Only Effective Way to Test
- 20.1. The Bad Guys Are Thinking Bad Thoughts, Using Good Tools, and Developing New Attack Methods
- 20.2. IT Governance and Compliance Is More Than High-Level Checklist Audits
- 20.3. Ethical Hacking Complements Audits and Security Evaluations
- 20.4. Someone's Going to Ask How Secure Your Systems Are
- 20.5. The Law of Averages Is Working Against Businesses
- 20.6. Ethical Hacking Creates a Better Understanding of What the Business Is Up Against
- 20.7. If a Breach Occurs, You Have Something to Fall Back On
- 20.8. Ethical Hacking Brings Out the Worst in Your Systems
- 20.9. Ethical Hacking Combines the Best of Penetration Testing and Vulnerability Testing
- 20.10. Ethical Hacking Can Uncover Operational Weaknesses That Might Go Overlooked For Years
-
21. Ten Deadly Mistakes
- 21.1. Not Getting Prior Approval in Writing
- 21.2. Assuming That You Can Find All Vulnerabilities during Your Tests
- 21.3. Assuming That You Can Eliminate All Security Vulnerabilities
- 21.4. Performing Tests Only Once
- 21.5. Thinking That You Know It All
- 21.6. Running Your Tests without Looking at Things from a Hacker's Viewpoint
- 21.7. Not Testing the Right Systems
- 21.8. Not Using the Right Tools
- 21.9. Pounding Production Systems at the Wrong Time
- 21.10. Outsourcing Testing and Not Staying Involved
-
A. Tools and Resources
- A.1. Bluetooth
- A.2. Certifications
- A.3. Databases
- A.4. Exploit Tools
- A.5. General Research Tools
- A.6. Hacker Stuff
- A.7. Keyloggers
- A.8. Laws and Regulations
- A.9. Linux
- A.10. Live Toolkits
- A.11. Log Analysis
- A.12. Messaging
- A.13. Miscellaneous Tools
- A.14. NetWare
- A.15. Networks
- A.16. Password Cracking
- A.17. Patch Management
- A.18. Security Education and Learning Resources
- A.19. Security Methods and Models
- A.20. Source Code Analysis
- A.21. Storage
- A.22. System Hardening
- A.23. User Awareness and Training
- A.24. Voice over IP
- A.25. Vulnerability Databases
- A.26. Web Applications
- A.27. Windows
- A.28. Wireless Networks
-
19. Ten Tips for Getting Upper Management Buy-In
Product information
- Title: Hacking For Dummies® 3rd Edition
- Author(s):
- Release date: January 2010
- Publisher(s): For Dummies
- ISBN: 9780470550939
You might also like
book
Hacking For Dummies, 5th Edition
Learn to hack your own system to protect against malicious attacks from outside Is hacking something …
book
Hacking For Dummies, 6th Edition
Stop hackers before they hack you! In order to outsmart a would-be hacker, you need to …
book
Hacking For Dummies, 7th Edition
Learn to think like a hacker to secure your own systems and data Your smartphone, laptop, …
book
Hacking Exposed 7, 7th Edition
The latest tactics for thwarting digital attacks “Our new reality is zero-day, APT, and state-sponsored attacks. …