Book description
This book explains the methodologies, framework, and "unwritten conventions" that ethical hacks should employ to provide the maximum value to organizations that want to harden their security. It goes beyond the technical aspects of penetration testing to address the processes and rules of engagement for successful tests. The text examines testing from a strategic perspective to show how testing ramifications affect an entire organization. Security practitioners can use this book to reduce their exposure and deliver better service, while organizations will learn how to align the information about tools, techniques, and vulnerabilities that they gather from testing with their business objectives.
Table of contents
- Cover Page
- Title Page
- Copyright Page
- About the Author
- Contributors
- Foreword
- Preface
- Acknowledgments
- 1 Getting Started
-
2 Setting the Stage
- Perspectives of Value
- Where Does Ethical Hacking Fit?
- What Constitutes a Success?
- Note 1: Digging for the Hole
- A Quick Look Back
- Note 2: Foreign Internet Hackers Extort Domestic Companies
- Hacking Impacts
- Security Industry Reports
- Notable Facts
- The Hacker
- Type of Hacker
- Script Kiddies
- Note 3: Sophisticated Tools will Cover for the Unsophisticated
- Hackers
- Über Hacker
- Note 4: The Value of Seemingly Basic Manufacturing Techniques
- Sociology
- 3 The Framework
- 4 Information Security Models
- 5 Information Security Program
- 6 The Business Perspective
-
7 Planning for a Controlled Attack
- Inherent Limitations
- Imposed Limitations
- Note 6: Imposed Limitations Can Cause Problems for Everyone
- Timing is Everything
- Attack Type
- Source Point
- Required Knowledge
- Timing of Information
- Multi-Phased Attacks
- Parallel Shared
- Parallel Isolated
- Series Shared
- Series Isolated
- Value of Multi-Phase Testing
- Employing Multi-Phased Tests
- Teaming and Attack Structure
- Red Team
- White Team
- Blue Team
- Note 7: Incident Management is More Than Just Technology
- Team Communications
- Engagement Planner
- The Right Security Consultant
- Technologists
- Architects
- Ethics
- The Tester
- Logistics
- Agreements
- Note 8: Example Legal Agreement for Testing Services
- Note 9: Legal Document Supporting Exhibit A
- Downtime Issues
- Intermediates
- Law Enforcement
- 8 Preparing for a Hack
-
9 Reconnaissance
- Social Engineering
- Note 12: The Physicality of Social Engineering
- Note 13: Trusting E-Mail
- Helpdesk Fraud
- Note 14: Good Helpdesk Practices Gone Wrong
- Prowling and Surfing
- Internal Relations and Collaboration
- Corporate Identity Assumption
- Physical Security
- Observation
- Dumpster Diving
- Wardriving and Warchalking
- Theft
- Internet Reconnaissance
- General Information
- Technical Reconnaissance
- 10 Enumeration
- 11 Vulnerability Analysis
-
12 Exploitation
- Intuitive Testing
- Evasion
- Threads and Groups
- Threads
- Groups
- Operating Systems
- Windows
- Unix
- Password Crackers
- Rootkits
- Applications
- Web Applications
- Distributed Applications
- Customer Applications
- Wardialing
- Network
- Perimeter
- Network Nodes
- Services and Areas of Concern
- Services
- Windows Ports
- Remote Procedure Calls (RPC)
- Simple Network Management Protocol (SNMP)
- Berkeley Internet Name Domain (BIND)
- Common Gateway Interface (CGI)
- Cleartext Services
- Network File System (NFS)
- Domain Name Service (DNS)
- File and Directory Permissions
- FTP and Telnet
- Internet Control Message Protocol (ICMP)
- Imap and Pop
- Network Architecture
-
13 The Deliverable
- Final Analysis
- Potential Analysis
- The Document
- Executive Summary
- Present Findings
- Planning and Operations
- Vulnerability Ranking
- Process Mapping
- Recommendations
- Exceptions and Limitations
- Final Analysis
- Conclusion
- Overall Structure
- Aligning Findings
- Technical Measurement
- Business Measurement
- Presentation
- Remedial
- Tactical
- Strategic
- 14 Integrating the Results
Product information
- Title: The Ethical Hack
- Author(s):
- Release date: September 2004
- Publisher(s): Auerbach Publications
- ISBN: 9781135502478
You might also like
book
Ethical Hacking: Techniques, Tools, and Countermeasures, 4th Edition
Ethical Hacking: Techniques, Tools, and Countermeasures, Fourth Edition, covers the basic strategies and tools that prepare …
book
Hacking Web Intelligence
Open source intelligence (OSINT) and web reconnaissance are rich topics for infosec professionals looking for the …
book
Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition
Cutting-edge techniques for finding and fixing critical security flaws Fortify your network and avert digital catastrophe …
book
Insider Threat: A Guide to Understanding, Detecting, and Defending Against the Enemy from Within
Learn how to build a defense program against insider threats Insiders are not always employees and …