Embed or link this publication
Popular Pages
p. 4
hacking exposed 6 network security secrets solutions tm st uart m c clu re joel scambray george k u rtz new york chicago san francisco lisbon london madrid mexico city milan new delhi san juan seoul singapore sydney toronto[close]
p. 5
copyright © 2009 by the mcgraw-hill companies all rights reserved except as permitted under the united states copyright act of 1976 no part of this publication may be reproduced or distributed in any form or by any means or stored in a database or retrieval system without the prior written permission of the publisher isbn 978-0-07-161375-0 mhid 0-07-161375-7 the material in this ebook also appears in the print version of this title isbn 978-0-07-161374-3 mhid 0-07-161374-9 all trademarks are trademarks of their respective owners rather than put a trademark symbol after every occurrence of a trademarked name we use names in an editorial fashion only and to the benefit of the trademark owner with no intention of infringement of the trademark where such designations appear in this book they have been printed with initial caps mcgraw-hill ebooks are available at special quantity discounts to use as premiums and sales promotions or for use in corporate training programs to contact a representative please visit the contact us page at www.mhprofessional.com information has been obtained by mcgraw-hill from sources believed to be reliable however because of the possibility of human or mechanical error by our sources mcgraw-hill or others mcgraw-hill does not guarantee the accuracy adequacy or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information terms of use this is a copyrighted work and the mcgraw-hill companies inc mcgraw-hill and its licensors reserve all rights in and to the work use of this work is subject to these terms except as permitted under the copyright act of 1976 and the right to store and retrieve one copy of the work you may not decompile disassemble reverse engineer reproduce modify create derivative works based upon transmit distribute disseminate sell publish or sublicense the work or any part of it without mcgraw-hill s prior consent you may use the work for your own noncommercial and personal use any other use of the work is strictly prohibited your right to use the work may be terminated if you fail to comply with these terms the work is provided as is mcgraw-hill and its licensors make no guarantees or warranties as to the accuracy adequacy or completeness of or results to be obtained from using the work including any information that can be accessed through the work via hyperlink or otherwise and expressly disclaim any warranty express or implied including but not limited to implied warranties of merchantability or fitness for a particular purpose mcgraw-hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free neither mcgraw-hill nor its licensors shall be liable to you or anyone else for any inaccuracy error or omission regardless of cause in the work or for any damages resulting therefrom mcgraw-hill has no responsibility for the content of any information accessed through the work under no circumstances shall mcgraw-hill and/or its licensors be liable for any indirect incidental special punitive consequential or similar damages that result from the use of or inability to use the work even if any of them has been advised of the possibility of such damages this limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract tort or otherwise.[close]
p. 6
for my beautiful boys ilufaanmw for samantha lumlg tml stuart to my little rock band you are my idols joel to my loving family anna alexander and allegra who provide inspiration guidance and unwavering support to my mom victoria for helping me define my character and for teaching me to overcome adversity george[close]
p. 7
vi hacking exposed 6 network security secrets solutions about the authors stuart mcclure cissp cne ccse widely recognized for his extensive and in-depth knowledge of security products stuart mcclure is considered one of the industry s leading authorities in information security today a well-published and acclaimed security visionary mcclure has over two decades of technology and executive leadership with profound technical operational and financial experience stuart mcclure is vice president of operations and strategy for the risk compliance business unit at mcafee where he is responsible for the health and advancement of security risk management and compliance products and service solutions in 2008 stuart mcclure was executive director of security services at kaiser permanente the world s largest health maintenance organization where he oversaw 140 security professionals and was responsible for security compliance oversight consulting architecture and operations in 2005 mcclure took over the top spot as senior vice president of global threats running all of avert avert is mcafee s virus malware and attack detection signature and heuristic response team which includes over 140 of the smartest programmers engineers and security professionals from around the world his team monitored global security threats and provided follow-the-sun signature creation capabilities among his many tactical responsibilities mcclure was also responsible for providing strategic vision and marketing for the teams to elevate the value of their security expertise in the eyes of the customer and the public additionally he created the semiannual sage magazine a security publication dedicated to monitoring global threats prior to taking over the avert team stuart mcclure was senior vice president of risk management product development at mcafee inc where he was responsible for driving product strategy and marketing for the mcafee foundstone family of risk mitigation and management solutions prior to his role at mcafee mcclure was founder president and chief technology officer of foundstone inc which was acquired by mcafee in october 2004 for $86m at foundstone mcclure led both the product vision and strategy for foundstone as well as operational responsibilities for all technology development support and implementation mcclure drove annual revenues over 100 percent every year since the company s inception in 1999 mcclure was also the author of the company s primary patent #7,152,105 in 1999 he created and co-authored hacking exposed network security secrets solutions the best-selling computer security book with over 500,000 copies sold to date the book has been translated into more than 26 languages and is ranked the #4 computer book ever sold positioning it as one of the best-selling security and computer books in history mcclure also co-authored hacking exposed windows 2000 mcgraw-hill professional and web hacking attacks and defense addison-wesley prior to foundstone mcclure held a variety of leadership positions in security and it management with ernst young s national security profiling team two years as an industry analyst with infoworld s test center five years as director of it for both state[close]
p. 8
about the authors vii and local california government two years as owner of his own it consultancy and two years in it with the university of colorado boulder mcclure holds a bachelor s degree in psychology and philosophy with an emphasis in computer science applications from the university of colorado boulder he later earned numerous certifications including isc2 s cissp novell s cne and check point s ccse joel scambray cissp joel scambray is co-founder and ceo of consciere a provider of strategic security advisory services he has assisted companies ranging from newly minted startups to members of the fortune 50 in addressing information security challenges and opportunities for over a dozen years scambray s background includes roles as an executive technical consultant and entrepreneur he was a senior director at microsoft corporation where he led microsoft s online services security efforts for three years before joining the windows platform and services division to focus on security technology architecture joel also co-founded security software and services startup foundstone inc and helped lead it to acquisition by mcafee for $86m he has also held positions as a manager for ernst young chief strategy officer for leviathan security columnist for microsoft technet editor at large for infoworld magazine and director of it for a major commercial real estate firm joel scambray has co-authored hacking exposed network security secrets solutions since helping create the book in 1999 he is also lead author of the hacking exposed windows and hacking exposed web applications series both from mcgraw-hill professional scambray brings tremendous experience in technology development it operations security and consulting to clients ranging from small startups to the world s largest enterprises he has spoken widely on information security at forums including black hat i-4 and the asia europe meeting asem as well as organizations including cert the computer security institute csi issa isaca sans private corporations and government agencies such as the korean information security agency kisa fbi and the rcmp scambray holds a bachelor s of science from the university of california at davis an ma from ucla and he is a certified information systems security professional cissp george kurtz cissp cisa cpa former ceo of foundstone and current senior vice president general manager of mcafee s risk compliance business unit george kurtz is an internationally recognized security expert author and entrepreneur as well as a frequent speaker at most major industry conferences kurtz has over 16 years of experience in the security space and has helped hundreds of large organizations and government agencies tackle the most demanding security problems he has been quoted or featured in many major publications media outlets and television programs including cnn fox news abc world news associated press usa today wall street journal the washington post time computerworld eweek cnet and others.[close]
p. 9
viii hacking exposed 6 network security secrets solutions george kurtz is currently responsible for driving mcafee s worldwide growth in the risk compliance segments in this role he has helped transform mcafee from a point product company to a provider of security risk management and compliance optimization solutions during his tenure mcafee has significantly increased its overall enterprise average selling price asp and its competitive displacements kurtz formerly held the position of svp of mcafee enterprise where he was responsible for helping to drive the growth of the enterprise product portfolio on a worldwide basis prior to his role at mcafee kurtz was ceo of foundstone inc which was acquired by mcafee in october 2004 in his position as ceo kurtz brought a unique combination of business acumen and technical security know-how to foundstone having raised over $20 million in financing kurtz positioned the company for rapid growth and took the company from startup to over 135 people and in four years kurtz s entrepreneurial spirit positioned foundstone as one of the premier pure play security solutions providers in the industry prior to foundstone kurtz served as a senior manager and the national leader of ernst young s security profiling services group during his tenure kurtz was responsible for managing and performing a variety of ecommerce-related security engagements with clients in the financial services manufacturing retailing pharmaceuticals and high technology industries he was also responsible for codeveloping the extreme hacking course prior to joining ernst young he was a manager at price waterhouse where he was responsible for developing their networkbased attack and penetration methodologies used around the world under george kurtz s direction he and foundstone have received numerous awards including inc s top 500 companies software council of southern california s software entrepreneur of the year 2003 and software ceo of the year 2005 fast company s fast 50 american electronics association s outstanding executive deloitte s fast 50 ernst young s entrepreneur of the year finalist orange county s hottest 25 people and others kurtz holds a bachelor of science degree from seton hall university he also holds several industry designations including certified information systems security professional cissp certified information systems auditor cisa and certified public accountant cpa he was recently granted patent #7,152,105 system and method for network vulnerability detection and reporting additional patents are still pending about the contributing authors nathan sportsman is an information security consultant whose experience includes positions at foundstone a division of mcafee symantec sun microsystems and dell over the years sportsman has had the opportunity to work across all major verticals and his clients have ranged from wall st and silicon valley to government intelligence agencies and renowned educational institutions his work spans several service lines but he specializes in software and network security sportsman is also a frequent public speaker he has lectured on the latest hacking techniques for the national security agency served as an instructor for the ultimate hacking series at black hat and is a regular presenter for various security organizations such as issa infragard and[close]
p. 10
about the authors ix owasp sportsman has developed several security tools and was a contributor to the solaris software security toolkit sst industry designations include the certified information systems security professional cissp and giac certified incident handler gcih sportsman holds a bachelor s of science in electrical and computer engineering from the university of texas at austin brad antoniewicz is the leader of foundstone s network vulnerability and assessment penetration service lines he is a senior security consultant focusing on internal and external vulnerability assessments web application penetration firewall and router configuration reviews secure network architectures and wireless hacking antoniewicz developed foundstone s ultimate hacking wireless class and teaches both ultimate hacking wireless and the traditional ultimate hacking classes antoniewicz has spoken at many events authored various articles and whitepapers and developed many of foundstone s internal assessment tools jon mcclintock is a senior information security consultant located in the pacific northwest specializing in application security from design through implementation and into deployment he has over ten years of professional software experience covering information security enterprise and service-oriented software development and embedded systems engineering mcclintock has worked as a senior software engineer on amazon.com s information security team where he worked with software teams to define security requirements assess application security and educate developers about security software best practices prior to amazon jon developed software for mobile devices and low-level operating system and device drivers he holds a bachelor s of science in computer science from california state university chico adam cecchetti has over seven years of professional experience as a security engineer and researcher he is a senior security consultant for leviathan security group located in the pacific northwest cecchetti specializes in hardware and application penetration testing he has led assessments for the fortune 500 in a vast array of verticals prior to consulting he was a lead security engineer for amazon.com inc cecchetti holds a master s degree in electrical and computer engineering from carnegie mellon university about the tech reviewer michael price research manager for mcafee foundstone is currently responsible for content development for the mcafee foundstone enterprise vulnerability management product in this role price works with and manages a global team of security researchers responsible for implementing software checks designed to detect the presence of vulnerabilities on remote computer systems he has extensive experience in the information security field having worked in the areas of vulnerability analysis and security software development for over nine years.[close]
p. 12
at a glance part i casing the establishment 1 footprinting 2 scanning 3 enumeration part ii system hacking 4 hacking windows 157 5 hacking unix 223 part iii infrastructure hacking 6 7 8 9 remote connectivity and voip hacking network devices wireless hacking hacking hardware 315 387 445 493 7 43 79 part iv application and data hacking 10 hacking code 519 11 web hacking 543 12 hacking the internet user 585 xi[close]
p. 13
xii hacking exposed 6 network security secrets solutions part v appendixes a ports 639 b top 14 securityvulnerabilities 647 c denial of service dos and distributed denial of service ddos attacks 649 index 655[close]
p. 14
contents foreword xix acknowledgments xxi preface xxiii introduction xxv part i casing the establishment case study iaaas it s all about anonymity stupid tor-menting the good guys 2 2 2 1 footprinting what is footprinting why is footprinting necessary internet footprinting step 1 determine the scope of your activities step 2 get proper authorization step 3 publicly available information step 4 whois dns enumeration step 5 dns interrogation step 6 network reconnaissance summary 7 8 10 10 10 10 11 24 34 38 42 2 scanning determining if the system is alive determining which services are running or listening scan types identifying tcp and udp services running windows-based port scanners port scanning breakdown 43 44 54 55 56 62 67 xiii[close]
p. 15
xiv hacking exposed 6 network security secrets solutions detecting the operating system active stack fingerprinting passive stack fingerprinting summary 69 69 73 77 3 enumeration 79 81 83 148 basic banner grabbing enumerating common network services summary part ii system hacking case study dns high jinx pwning the internet 152 4 hacking windows 157 159 160 160 161 172 179 179 181 193 198 199 202 206 206 206 208 209 211 212 213 215 215 219 220 221 overview what s not covered unauthenticated attacks authentication spoofing attacks remote unauthenticated exploits authenticated attacks privilege escalation extracting and cracking passwords remote control and back doors port redirection covering tracks general countermeasures to authenticated compromise windows security features windows firewall automated updates security center security policy and group policy bitlocker and the encrypting file system efs windows resource protection integrity levels uac and lorie data execution prevention dep service hardening compiler-based enhancements coda the burden of windows security summary 5 hacking unix 223 224 224 the quest for root a brief review .[close]
Other Publications
 |
JSPTags: |
 |
Web Hosting AdministrationTags: |
 |
Linux CertificationTags: |
 |
photo 1Tags: |
 |
webTags: |
Comments
no comments yet