The Ethical Hack

The Ethical Hack

by James S. Tiller
Released September 2004
Publisher(s): Auerbach Publications
ISBN: 9781135502478

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This book explains the methodologies, framework, and "unwritten conventions" that ethical hacks should employ to provide the maximum value to organizations that want to harden their security. It goes beyond the technical aspects of penetration testing to address the processes and rules of engagement for successful tests. The text examines testing from a strategic perspective to show how testing ramifications affect an entire organization. Security practitioners can use this book to reduce their exposure and deliver better service, while organizations will learn how to align the information about tools, techniques, and vulnerabilities that they gather from testing with their business objectives.

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. About the Author
  5. Contributors
  6. Foreword
  7. Preface
  8. Acknowledgments
  9. 1 Getting Started
    1. Audience
    2. How to Use this Book
  10. 2 Setting the Stage
    1. Perspectives of Value
    2. Where Does Ethical Hacking Fit?
    3. What Constitutes a Success?
    4. Note 1: Digging for the Hole
    5. A Quick Look Back
    6. Note 2: Foreign Internet Hackers Extort Domestic Companies
    7. Hacking Impacts
    8. Security Industry Reports
    9. Notable Facts
    10. The Hacker
    11. Type of Hacker
    12. Script Kiddies
    13. Note 3: Sophisticated Tools will Cover for the Unsophisticated
    14. Hackers
    15. Über Hacker
    16. Note 4: The Value of Seemingly Basic Manufacturing Techniques
    17. Sociology
  11. 3 The Framework
    1. Planning the Test
    2. Sound Operations
    3. Reconnaissance
    4. Enumeration
    5. Vulnerability Analysis
    6. Exploitation
    7. Final Analysis
    8. Deliverable
    9. Integration
  12. 4 Information Security Models
    1. Computer Security
    2. Harden a System
    3. Network Security
    4. Transmission Security
    5. Protocol Security
    6. Routing Protocol Security
    7. Network Access Controls
    8. Service Security
    9. Application Security
    10. Security Architecture
    11. Resource Layer
    12. Control
    13. Perimeter
    14. Extended
  13. 5 Information Security Program
    1. Scope of Information Security Programs
    2. The Process of Information Security
    3. Identify Risk
    4. Quantify Risk
    5. Handling Risk
    6. Component Parts of Information Security Programs
    7. Risk Assessment
    8. Management System
    9. Controls
    10. Maintenance Plan
    11. Risk Analysis and Ethical Hacking
  14. 6 The Business Perspective
    1. Business Objectives
    2. Security Policy
    3. Previous Test Results
    4. Building a Roadmap
    5. Business Challenges
    6. Security Drivers
    7. Why Have the Test?
    8. Note 5: Presenting Only the Problem is Not Always the Solution
    9. It’s All About Perspective
    10. Overall Expectations
    11. One-Hole Wonder
    12. Today’s Hole
  15. 7 Planning for a Controlled Attack
    1. Inherent Limitations
    2. Imposed Limitations
    3. Note 6: Imposed Limitations Can Cause Problems for Everyone
    4. Timing is Everything
    5. Attack Type
    6. Source Point
    7. Required Knowledge
    8. Timing of Information
    9. Multi-Phased Attacks
    10. Parallel Shared
    11. Parallel Isolated
    12. Series Shared
    13. Series Isolated
    14. Value of Multi-Phase Testing
    15. Employing Multi-Phased Tests
    16. Teaming and Attack Structure
    17. Red Team
    18. White Team
    19. Blue Team
    20. Note 7: Incident Management is More Than Just Technology
    21. Team Communications
    22. Engagement Planner
    23. The Right Security Consultant
    24. Technologists
    25. Architects
    26. Ethics
    27. The Tester
    28. Logistics
    29. Agreements
    30. Note 8: Example Legal Agreement for Testing Services
    31. Note 9: Legal Document Supporting Exhibit A
    32. Downtime Issues
    33. Intermediates
    34. Law Enforcement
  16. 8 Preparing for a Hack
    1. Technical Preparation
    2. Attacking System
    3. Note 10: The Hunter Becoming the Hunted
    4. Attacking Network
    5. Managing the Engagement
    6. Project Initiation
    7. Note 11: White Team Problems Affecting the Test
    8. During the Project
    9. Concluding the Engagement
  17. 9 Reconnaissance
    1. Social Engineering
    2. Note 12: The Physicality of Social Engineering
    3. E-Mail
    4. Note 13: Trusting E-Mail
    5. Helpdesk Fraud
    6. Note 14: Good Helpdesk Practices Gone Wrong
    7. Prowling and Surfing
    8. Internal Relations and Collaboration
    9. Corporate Identity Assumption
    10. Physical Security
    11. Observation
    12. Dumpster Diving
    13. Wardriving and Warchalking
    14. Theft
    15. Internet Reconnaissance
    16. General Information
    17. Technical Reconnaissance
  18. 10 Enumeration
    1. Enumeration Techniques
    2. Soft Objective
    3. Looking Around or Attack?
    4. Note 15: Is it Scanning or Exploitation?
    5. Elements of Enumeration
    6. Preparing for the Next Phase
  19. 11 Vulnerability Analysis
    1. Weighing the Vulnerability
    2. Note 16: Hacking an Old Hole is Bad Business
    3. Source Points
    4. Obtained Data
    5. Note 17: The Needle in the Haystack
    6. The Internet
    7. Note 18: Nasty Tools and the Difficulty in Finding Them
    8. Vendors
    9. Reporting Dilemma
    10. Note 19: Reporting Problems is Not Always Easy
  20. 12 Exploitation
    1. Intuitive Testing
    2. Evasion
    3. Threads and Groups
    4. Threads
    5. Groups
    6. Operating Systems
    7. Windows
    8. Unix
    9. Password Crackers
    10. Rootkits
    11. Applications
    12. Web Applications
    13. Distributed Applications
    14. Customer Applications
    15. Wardialing
    16. Network
    17. Perimeter
    18. Network Nodes
    19. Services and Areas of Concern
    20. Services
    21. Windows Ports
    22. Remote Procedure Calls (RPC)
    23. Simple Network Management Protocol (SNMP)
    24. Berkeley Internet Name Domain (BIND)
    25. Common Gateway Interface (CGI)
    26. Cleartext Services
    27. Network File System (NFS)
    28. Domain Name Service (DNS)
    29. File and Directory Permissions
    30. FTP and Telnet
    31. Internet Control Message Protocol (ICMP)
    32. Imap and Pop
    33. Network Architecture
  21. 13 The Deliverable
    1. Final Analysis
    2. Potential Analysis
    3. The Document
    4. Executive Summary
    5. Present Findings
    6. Planning and Operations
    7. Vulnerability Ranking
    8. Process Mapping
    9. Recommendations
    10. Exceptions and Limitations
    11. Final Analysis
    12. Conclusion
    13. Overall Structure
    14. Aligning Findings
    15. Technical Measurement
    16. Business Measurement
    17. Presentation
    18. Remedial
    19. Tactical
    20. Strategic
  22. 14 Integrating the Results
    1. Note 20: Fixing the Problem Cannot Always Be Done from the Outside
    2. Integration Summary
    3. Mitigation
    4. Test
    5. Pilot
    6. Implement
    7. Validate
    8. Defense Planning
    9. Architecture Review
    10. Incident Management
    11. Building a Team
    12. Note 21: Food and Beverage
    13. Security Policy
    14. Data Classification
    15. Conclusion

Product information

  • Title: The Ethical Hack
  • Author(s): James S. Tiller
  • Release date: September 2004
  • Publisher(s): Auerbach Publications
  • ISBN: 9781135502478