Hacking
Book - 2022
"Hacking For Dummies takes you on an easy-to-follow cybersecurity voyage that will teach you the essentials of vulnerability and penetration testing so that you can find the holes in your network before the bad guys exploit them. You will learn to secure your Wi-Fi networks, lock down your latest Windows 11 installation, understand the security implications of remote work, and much more."--
Saved in:
- Subjects
- Published
-
Hoboken, NJ :
John Wiley & Sons, Inc
[2022]
- Language
- English
- Main Author
- Edition
- 7th edition
- Item Description
- Previous edition: 2018.
- Physical Description
- xii, 396 pages : illustrations ; 24 cm
- Bibliography
- Includes bibliographical references and index.
- ISBN
- 9781119872191
- Introduction
- About This Book
- Foolish Assumptions
- Icons Used in This Book
- Beyond the Book
- Where to Go from Here
- Part 1. Building the Foundation for Security Testing
- Chapter 1. Introduction to Vulnerability and Penetration Testing
- Straightening Out the Terminology
- Hacker
- Malicious user
- Recognizing How Malicious Attackers Beget Ethical Hackers
- Vulnerability and penetration testing versus auditing
- Policy considerations
- Compliance and regulatory concerns
- Understanding the Need to Hack Your Own Systems
- Understanding the Dangers Your Systems Face
- Nontechnical attacks
- Network infrastructure attacks
- Operating system attacks
- Application and other specialized attacks
- Following the Security Assessment Principles
- Working ethically
- Respecting privacy
- Not crashing your systems
- Using the Vulnerability and Penetration Testing Process
- Formulating your plan
- Selecting tools
- Executing the plan
- Evaluating results
- Moving on
- Chapter 2. Cracking the Hacker Mindset
- What You're Up Against
- Who Breaks into Computer Systems
- Hacker skill levels
- Hacker motivations
- Why They Do It
- Planning and Performing Attacks
- Maintaining Anonymity
- Chapter 3. Developing Your Security Testing Plan
- Establishing Your Goals
- Determining Which Systems to Test
- Creating Testing Standards
- Timing your tests
- Running specific tests
- Conducting blind versus knowledge assessments
- Picking your location
- Responding to vulnerabilities you find
- Making silly assumptions
- Selecting Security Assessment Tools
- Chapter 4. Hacking Methodology
- Setting the Stage for Testing
- Seeing What Others See
- Scanning Systems
- Hosts
- Open ports
- Determining What's Running on Open Ports
- Assessing Vulnerabilities
- Penetrating the System
- Part 2. Putting Security Testing in Motion
- Chapter 5. Information Gathering
- Gathering Public Information
- Social media
- Web search
- Web crawling
- Websites
- Mapping the Network
- WHOIS
- Privacy policies
- Chapter 6. Social Engineering
- Introducing Social Engineering
- Starting Your Social Engineering Tests
- Knowing Why Attackers Use Social Engineering
- Understanding the Implications
- Building trust
- Exploiting the relationship
- Performing Social Engineering Attacks
- Determining a goal
- Seeking information
- Social Engineering Countermeasures
- Policies
- User awareness and training
- Chapter 7. Physical Security
- Identifying Basic Physical Security Vulnerabilities
- Pinpointing Physical Vulnerabilities in Your Office
- Building infrastructure
- Utilities
- Office layout and use
- Network components and computers
- Chapter 8. Passwords
- Understanding Password Vulnerabilities
- Organizational password vulnerabilities
- Technical password vulnerabilities
- Cracking Passwords
- Cracking passwords the old-fashioned way
- Cracking passwords with high-tech tools
- Cracking password-protected files
- Understanding other ways to crack passwords
- General Password Cracking Countermeasures
- Storing passwords
- Creating password policies
- Taking other countermeasures
- Securing Operating Systems
- Windows
- Linux and Unix
- Part 3. Hacking Network Hosts
- Chapter 9. Network Infrastructure Systems
- Understanding Network Infrastructure Vulnerabilities
- Choosing Tools
- Scanners and analyzers
- Vulnerability assessment
- Scanning, Poking, and Prodding the Network
- Scanning ports
- Scanning SNMP
- Grabbing banners
- Testing firewall rules
- Analyzing network data
- The MAC-daddy attack
- Testing denial of service attacks
- Detecting Common Router, Switch, and Firewall Weaknesses
- Finding unsecured interfaces
- Uncovering issues with SSL and TLS
- Putting Up General Network Defenses
- Chapter 10. Wireless Networks
- Understanding the Implications of Wireless Network Vulnerabilities
- Choosing Your Tools
- Discovering Wireless Networks
- Checking for worldwide recognition
- Scanning your local airwaves
- Discovering Wireless Network Attacks and Taking Countermeasures
- Encrypted traffic
- Countermeasures against encrypted traffic attacks
- Wi-Fi Protected Setup
- Countermeasures against the WPS PIN flaw
- Rogue wireless devices
- Countermeasures against rogue wireless devices
- MAC spoofing
- Countermeasures against MAC spoofing
- Physical security problems
- Countermeasures against physical security problems
- Vulnerable wireless workstations
- Countermeasures against vulnerable wireless workstations
- Default configuration settings
- Countermeasures against default configuration settings exploits
- Chapter 11. Mobile Devices
- Sizing Up Mobile Vulnerabilities
- Cracking Laptop Passwords
- Choosing your tools
- Applying countermeasures
- Cracking Phones and Tablets
- Cracking iOS passwords
- Taking countermeasures against password cracking
- Part 4. Hacking Operating Systems
- Chapter 12. Windows
- Introducing Windows Vulnerabilities
- Choosing Tools
- Free Microsoft tools
- All-in-one assessment tools
- Task-specific tools
- Gathering Information About Your Windows Vulnerabilities
- System scanning
- NetBIOS
- Detecting Null Sessions
- Mapping
- Gleaning information
- Countermeasures against null-session hacks
- Checking Share Permissions
- Windows defaults
- Testing
- Exploiting Missing Patches
- Using Metasploit
- Countermeasures against missing patch vulnerability exploits
- Running Authenticated Scans
- Chapter 13. Linux and macOS
- Understanding Linux Vulnerabilities
- Choosing Tools
- Gathering Information About Your System Vulnerabilities
- System scanning
- Countermeasures against system scanning
- Finding Unneeded and Unsecured Services
- Searches
- Countermeasures against attacks on unneeded services
- Securing the .rhosts and hosts.equiv Files
- Hacks using the hosts.equiv and .rhosts files
- Countermeasures against .rhosts and hosts.equiv file attacks
- Assessing the Security of NFS
- NFS hacks
- Countermeasures against NFS attacks
- Checking File Permissions
- File permission hacks
- Countermeasures against file permission attacks
- Finding Buffer Overflow Vulnerabilities
- Attacks
- Countermeasures against buffer overflow attacks
- Checking Physical Security
- Physical security hacks
- Countermeasures against physical security attacks
- Performing General Security Tests
- Patching
- Distribution updates
- Multiplatform update managers
- Part 5. Hacking Applications
- Chapter 14. Communication and Messaging Systems
- Introducing Messaging System Vulnerabilities
- Recognizing and Countering Email Attacks
- Email bombs
- Banners
- SMTP attacks
- General best practices for minimizing email security risks
- Understanding VoIP
- VoIP vulnerabilities
- Countermeasures against VoIP vulnerabilities
- Chapter 15. Web Applications and Mobile Apps
- Choosing Your Web Security Testing Tools
- Seeking Out Web Vulnerabilities
- Directory traversal
- Countermeasures against directory traversals
- Input-filtering attacks
- Countermeasures against input attacks
- Default script attacks
- Countermeasures against default script attacks
- Unsecured login mechanisms
- Countermeasures against unsecured login systems
- Performing general security scans for web application vulnerabilities
- Minimizing Web Security Risks
- Practicing security by obscurity
- Putting up firewalls
- Analyzing source code
- Uncovering Mobile App Flaws
- Chapter 16. Databases and Storage Systems
- Diving Into Databases
- Choosing tools
- Finding databases on the network
- Cracking database passwords
- Scanning databases for vulnerabilities
- Following Best Practices for Minimizing Database Security Risks
- Opening Up About Storage Systems
- Choosing tools
- Finding storage systems on the network
- Rooting out sensitive text in network files
- Following Best Practices for Minimizing Storage Security Risks
- Part 6. Security Testing Aftermath
- Chapter 17. Reporting Your Results
- Pulling the Results Together
- Prioritizing Vulnerabilities
- Creating Reports
- Chapter 18. Plugging Your Security Holes
- Turning Your Reports into Action
- Patching for Perfection
- Patch management
- Patch automation
- Hardening Your Systems
- Assessing Your Security Infrastructure
- Chapter 19. Managing Security Processes
- Automating the Security Assessment Process
- Monitoring Malicious Use
- Outsourcing Security Assessments
- Instilling a Security-Aware Mindset
- Keeping Up with Other Security Efforts
- Part 7. The Part of Tens
- Chapter 20. Ten Tips for Getting Security Buy-In
- Cultivate an Ally and a Sponsor
- Don't Be a FUDdy-Duddy
- Demonstrate That the Organization Can't Afford to Be Hacked
- Outline the General Benefits of Security Testing
- Show How Security Testing Specifically Helps the Organization
- Get Involved in the Business
- Establish Your Credibility
- Speak on Management's Level
- Show Value in Your Efforts
- Be Flexible and Adaptable
- Chapter 21. Ten Reasons Hacking Is the Only Effective Way to Test
- The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods
- IT Governance and Compliance Are More Than High-Level Audits
- Vulnerability and Penetration Testing Complements Audits and Security Evaluations
- Customers and Partners Will Ask How Secure Your Systems Are
- The Law of Averages Works Against Businesses
- Security Assessments Improve Understanding of Business Threats
- If a Breach Occurs, You Have Something to Fall Back On
- In-Depth Testing Brings Out the Worst in Your Systems
- Combined Vulnerability and Penetration Testing Is What You Need
- Proper Testing Can Uncover Overlooked Weaknesses
- Chapter 22. Ten Deadly Mistakes
- Not Getting Approval
- Assuming That You Can Find All Vulnerabilities
- Assuming That You Can Eliminate All Vulnerabilities
- Performing Tests Only Once
- Thinking That You Know It All
- Running Your Tests Without Looking at Things from a Hacker's Viewpoint
- Not Testing the Right Systems
- Not Using the Right Tools
- Pounding Production Systems at the Wrong Time
- Outsourcing Testing and Not Staying Involved
- Appendix: Tools and Resources
- Index