Catalog

Record Details

Catalog Search


Hacking Cover Image Book Book

Hacking / by Kevin Beaver, CISSP.

Beaver, Kevin M., (author.).

Record details

  • ISBN: 9781119872191
  • ISBN: 1119872197
  • Physical Description: xii, 396 pages : illustrations ; 24 cm.
  • Edition: Seventh edition.
  • Publisher: Hoboken, NJ : John Wiley & Sons, Inc., [2022]

Content descriptions

General Note:
Previous edition: 2018.
Bibliography, etc. Note:
Includes index.
Formatted Contents Note:
pt. I. Building the foundation for security testing. Introduction to vulnerability and penetration testing ; Cracking the hacker mindset ; Developing your security testing plan ; Hacking methodology -- pt. II. Putting security testing in motion. Information gathering ; Social engineering ; Physical security ; Passwords -- pt. III. Hacking network hosts. Network infrastructure systems ; Wireless networks ; Mobile devices -- pt. IV. Hacking operating systems. Windows ; Linux and macOS -- pt. V. Hacking applications. Communication and messaging systems ; Web applications and mobile apps ; Databases and storage systems -- pt. VI. Security testing aftermath. Reporting your results ; Plugging your security holes ; Managing security processes -- pt. VII. The part of tens. Ten tips for getting security buy-in ; Ten reasons hacking is the only effective way to test ; Ten deadly mistakes ; Appendix: tools and resources.

Search for related items by subject

Subject: Computer security.
Computer networks > Security measures.
Hackers.

Search for related items by series

Available copies

  • 1 of 1 copy available at Missouri Evergreen. (Show)
  • 1 of 1 copy available at Cass County.

Holds

  • 0 current holds with 1 total copy.
Show Only Available Copies
Location Call Number / Copy Notes Barcode Shelving Location Status Due Date
Cass County Library-Northern Resource Center 005.8 BEA 2022 (Text) 0002205507961 Adult Non-Fiction Available -
▼ Awards, Reviews, & Suggested Reads
▼ Additional Content
Syndetic Solutions - Table of Contents for ISBN Number 9781119872191
Hacking for Dummies
Hacking for Dummies
by Beaver, Kevin
Rate this title:
vote data
Click an element below to view details:

Table of Contents

Hacking for Dummies

SectionSection DescriptionPage Number
Introductionp. 1
    About This Bookp. 2
    Foolish Assumptionsp. 2
    Icons Used in This Bookp. 3
    Beyond the Bookp. 4
    Where to Go from Herep. 4
Part 1Building the Foundation for Security Testingp. 5
Chapter 1    Introduction to Vulnerability and Penetration Testingp. 7
        Straightening Out the Terminologyp. 7
            Hackerp. 8
            Malicious userp. 9
        Recognizing How Malicious Attackers Beget Ethical Hackersp. 10
            Vulnerability and penetration testing versus auditingp. 11
            Policy considerationsp. 11
            Compliance and regulatory concernsp. 12
        Understanding the Need to Hack Your Own Systemsp. 12
        Understanding the Dangers Your Systems Facep. 14
            Nontechnical attacksp. 14
            Network infrastructure attacksp. 15
            Operating system attacksp. 15
            Application and other specialized attacksp. 15
        Following the Security Assessment Principlesp. 16
            Working ethicallyp. 16
            Respecting privacyp. 17
            Not crashing your systemsp. 17
        Using the Vulnerability and Penetration Testing Processp. 18
            Formulating your planp. 18
            Selecting toolsp. 21
            Executing the planp. 22
            Evaluating resultsp. 24
            Moving onp. 24
Chapter 2    Cracking the Hacker Mindsetp. 25
        What You're Up Againstp. 25
        Who Breaks into Computer Systemsp. 28
            Hacker skill levelsp. 28
            Hacker motivationsp. 30
        Why They Do Itp. 31
        Planning and Performing Attacksp. 34
        Maintaining Anonymityp. 36
Chapter 3    Developing Your Security Testing Planp. 37
        Establishing Your Goalsp. 38
        Determining Which Systems to Testp. 40
        Creating Testing Standardsp. 43
            Timing your testsp. 43
            Running specific testsp. 44
            Conducting blind versus knowledge assessmentsp. 45
            Picking your locationp. 46
            Responding to vulnerabilities you findp. 47
            Making silly assumptionsp. 47
        Selecting Security Assessment Toolsp. 48
Chapter 4    Hacking Methodologyp. 49
        Setting the Stage for Testingp. 49
        Seeing What Others Seep. 51
        Scanning Systemsp. 52
            Hostsp. 53
            Open portsp. 53
        Determining What's Running on Open Portsp. 54
        Assessing Vulnerabilitiesp. 56
        Penetrating the Systemp. 58
Part 2Putting Security Testing in Motionp. 59
Chapter 5    Information Gatheringp. 61
        Gathering Public Informationp. 61
            Social mediap. 62
            Web searchp. 62
            Web crawlingp. 63
            Websitesp. 64
        Mapping the Networkp. 65
            WHOISp. 65
            Privacy policiesp. 66
Chapter 6    Social Engineeringp. 69
        Introducing Social Engineeringp. 69
        Starting Your Social Engineering Testsp. 71
        Knowing Why Attackers Use Social Engineeringp. 71
        Understanding the Implicationsp. 72
            Building trustp. 73
            Exploiting the relationshipp. 74
        Performing Social Engineering Attacksp. 77
            Determining a goalp. 77
            Seeking informationp. 77
        Social Engineering Countermeasuresp. 82
            Policiesp. 82
            User awareness and trainingp. 83
Chapter 7    Physical Securityp. 87
        Identifying Basic Physical Security Vulnerabilitiesp. 88
        Pinpointing Physical Vulnerabilities in Your Officep. 89
            Building infrastructurep. 90
            Utilitiesp. 91
            Office layout and usep. 93
            Network components and computersp. 95
Chapter 8    Passwordsp. 99
        Understanding Password Vulnerabilitiesp. 100
            Organizational password vulnerabilitiesp. 101
            Technical password vulnerabilitiesp. 101
        Cracking Passwordsp. 102
            Cracking passwords the old-fashioned wayp. 103
            Cracking passwords with high-tech toolsp. 106
            Cracking password-protected filesp. 115
            Understanding other ways to crack passwordsp. 116
        General Password Cracking Countermeasuresp. 121
            Storing passwordsp. 122
            Creating password policiesp. 122
            Taking other countermeasuresp. 124
        Securing Operating Systemsp. 126
            Windowsp. 126
            Linux and Unixp. 127
Part 3Hacking Network Hostsp. 129
Chapter 9    Network Infrastructure Systemsp. 131
        Understanding Network Infrastructure Vulnerabilitiesp. 132
        Choosing Toolsp. 133
            Scanners and analyzersp. 134
            Vulnerability assessmentp. 134
        Scanning, Poking, and Prodding the Networkp. 135
            Scanning portsp. 135
            Scanning SNMPp. 141
            Grabbing bannersp. 143
            Testing firewall rulesp. 144
            Analyzing network datap. 146
            The MAC-daddy attackp. 153
            Testing denial of service attacksp. 157
        Detecting Common Router, Switch, and Firewall Weaknessesp. 161
            Finding unsecured interfacesp. 161
            Uncovering issues with SSL and TLSp. 162
        Putting Up General Network Defensesp. 162
Chapter 10    Wireless Networksp. 165
        Understanding the Implications of Wireless Network Vulnerabilitiesp. 166
        Choosing Your Toolsp. 166
        Discovering Wireless Networksp. 168
            Checking for worldwide recognitionp. 168
            Scanning your local airwavesp. 169
        Discovering Wireless Network Attacks and Taking Countermeasuresp. 171
            Encrypted trafficp. 173
            Countermeasures against encrypted traffic attacksp. 177
            Wi-Fi Protected Setupp. 179
            Countermeasures against the WPS PIN flawp. 181
            Rogue wireless devicesp. 181
            Countermeasures against rogue wireless devicesp. 185
            MAC spoofingp. 185
            Countermeasures against MAC spoofingp. 189
            Physical security problemsp. 189
            Countermeasures against physical security problemsp. 190
            Vulnerable wireless workstationsp. 190
            Countermeasures against vulnerable wireless workstationsp. 191
            Default configuration settingsp. 191
            Countermeasures against default configuration settings exploitsp. 191
Chapter 11    Mobile Devicesp. 193
        Sizing Up Mobile Vulnerabilitiesp. 193
        Cracking Laptop Passwordsp. 194
            Choosing your toolsp. 194
            Applying countermeasuresp. 198
        Cracking Phones and Tabletsp. 199
            Cracking iOS passwordsp. 200
            Taking countermeasures against password crackingp. 203
Part 4Hacking Operating Systemsp. 205
Chapter 12    Windowsp. 207
        Introducing Windows Vulnerabilitiesp. 208
        Choosing Toolsp. 209
            Free Microsoft toolsp. 209
            All-in-one assessment toolsp. 210
            Task-specific toolsp. 210
        Gathering Information About Your Windows Vulnerabilitiesp. 211
            System scanningp. 211
            NetBIOSp. 214
        Detecting Null Sessionsp. 217
            Mappingp. 217
            Gleaning informationp. 218
            Countermeasures against null-session hacksp. 221
        Checking Share Permissionsp. 222
            Windows defaultsp. 222
            Testingp. 223
        Exploiting Missing Patchesp. 224
            Using Metasploitp. 225
            Countermeasures against missing patch vulnerability exploitsp. 231
        Running Authenticated Scansp. 231
Chapter 13    Linux and macOSp. 233
        Understanding Linux Vulnerabilitiesp. 234
        Choosing Toolsp. 235
        Gathering Information About Your System Vulnerabilitiesp. 235
            System scanningp. 235
            Countermeasures against system scanningp. 238
        Finding Unneeded and Unsecured Servicesp. 240
            Searchesp. 240
            Countermeasures against attacks on unneeded servicesp. 242
        Securing the .rhosts and hosts.equiv Filesp. 244
            Hacks using the hosts.equiv and .rhosts filesp. 244
            Countermeasures against .rhosts and hosts.equiv file attacksp. 245
        Assessing the Security of NFSp. 247
            NFS hacksp. 247
            Countermeasures against NFS attacksp. 248
        Checking File Permissionsp. 248
            File permission hacksp. 248
            Countermeasures against file permission attacksp. 248
        Finding Buffer Overflow Vulnerabilitiesp. 250
            Attacksp. 250
            Countermeasures against buffer overflow attacksp. 250
        Checking Physical Securityp. 251
            Physical security hacksp. 251
            Countermeasures against physical security attacksp. 251
        Performing General Security Testsp. 252
        Patchingp. 253
            Distribution updatesp. 254
            Multiplatform update managersp. 255
Part 5Hacking Applicationsp. 257
Chapter 14    Communication and Messaging Systemsp. 259
        Introducing Messaging System Vulnerabilitiesp. 259
        Recognizing and Countering Email Attacksp. 260
            Email bombsp. 261
            Bannersp. 264
            SMTP attacksp. 266
            General best practices for minimizing email security risksp. 275
        Understanding VoIPp. 276
            VoIP vulnerabilitiesp. 277
            Countermeasures against VoIP vulnerabilitiesp. 282
Chapter 15    Web Applications and Mobile Appsp. 283
        Choosing Your Web Security Testing Toolsp. 284
        Seeking Out Web Vulnerabilitiesp. 285
            Directory traversalp. 285
            Countermeasures against directory traversalsp. 289
            Input-filtering attacksp. 290
            Countermeasures against input attacksp. 297
            Default script attacksp. 299
            Countermeasures against default script attacksp. 299
            Unsecured login mechanismsp. 300
            Countermeasures against unsecured login systemsp. 303
            Performing general security scans for web application vulnerabilitiesp. 304
        Minimizing Web Security Risksp. 305
            Practicing security by obscurityp. 305
            Putting up firewallsp. 306
            Analyzing source codep. 306
        Uncovering Mobile App Flawsp. 307
Chapter 16    Databases and Storage Systemsp. 309
        Diving Into Databasesp. 309
            Choosing toolsp. 310
            Finding databases on the networkp. 310
            Cracking database passwordsp. 311
            Scanning databases for vulnerabilitiesp. 312
        Following Best Practices for Minimizing Database Security Risksp. 313
        Opening Up About Storage Systemsp. 314
            Choosing toolsp. 315
            Finding storage systems on the networkp. 315
            Rooting out sensitive text in network filesp. 316
        Following Best Practices for Minimizing Storage Security Risksp. 319
Part 6Security Testing Aftermathp. 321
Chapter 17    Reporting Your Resultsp. 323
            Pulling the Results Togetherp. 323
            Prioritizing Vulnerabilitiesp. 325
            Creating Reportsp. 327
Chapter 18    Plugging Your Security Holesp. 329
        Turning Your Reports into Actionp. 329
        Patching for Perfectionp. 330
            Patch managementp. 331
            Patch automationp. 331
        Hardening Your Systemsp. 332
        Assessing Your Security Infrastructurep. 334
Chapter 19    Managing Security Processesp. 337
        Automating the Security Assessment Processp. 337
        Monitoring Malicious Usep. 338
        Outsourcing Security Assessmentsp. 340
        Instilling a Security-Aware Mindsetp. 342
        Keeping Up with Other Security Effortsp. 343
Part 7The Part of Tensp. 345
Chapter 20    Ten Tips for Getting Security Buy-Inp. 347
        Cultivate an Ally and a Sponsorp. 347
        Don't Be a FUDdy-Duddyp. 348
        Demonstrate That the Organization Can't Afford to Be Hackedp. 348
        Outline the General Benefits of Security Testingp. 349
        Show How Security Testing Specifically Helps the Organizationp. 350
        Get Involved in the Businessp. 350
        Establish Your Credibilityp. 351
        Speak on Management's Levelp. 351
        Show Value in Your Effortsp. 352
        Be Flexible and Adaptablep. 352
Chapter 21    Ten Reasons Hacking Is the Only Effective Way to Testp. 353
        The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methodsp. 353
        IT Governance and Compliance Are More Than High-Level Auditsp. 354
        Vulnerability and Penetration Testing Complements Audits and Security Evaluationsp. 354
        Customers and Partners Will Ask How Secure Your Systems Arep. 354
        The Law of Averages Works Against Businessesp. 355
        Security Assessments Improve Understanding of Business Threatsp. 355
        If a Breach Occurs, You Have Something to Fall Back Onp. 355
        In-Depth Testing Brings Out the Worst in Your Systemsp. 356
        Combined Vulnerability and Penetration Testing Is What You Needp. 356
        Proper Testing Can Uncover Overlooked Weaknessesp. 356
Chapter 22    Ten Deadly Mistakesp. 357
        Not Getting Approvalp. 357
        Assuming That You Can Find All Vulnerabilitiesp. 358
        Assuming That You Can Eliminate All Vulnerabilitiesp. 358
        Performing Tests Only Oncep. 359
        Thinking That You Know It Allp. 359
        Running Your Tests Without Looking at Things from a Hacker's Viewpointp. 359
        Not Testing the Right Systemsp. 360
        Not Using the Right Toolsp. 360
        Pounding Production Systems at the Wrong Timep. 360
        Outsourcing Testing and Not Staying Involvedp. 361
Appendix: Tools and Resourcesp. 363
Indexp. 379
Descriptive content provided by Syndetics™, a ProQuest® service.
Click here for Terms of Use.
► Shelf Browser
► MARC Record

Additional Resources