Hacking For Dummies

Kevin Beaver is an independent information security consultant with more than three decades of experience. Kevin specializes in performing vulnerability and penetration testing and security consulting work for Fortune 1000 corporations, product vendors, independent software developers, universities, and government organizations. He has appeared on CNN and been quoted in The Wall Street Journal.

Introduction 1 About This Book 1 Foolish Assumptions 2 Icons Used in This Book 3 Beyond the Book 3 Where to Go from Here 4 Part 1: Building the Foundation for Security Testing 5 Chapter 1: Introduction to Vulnerability and Penetration Testing 7 Straightening Out the Terminology 7 Hacker 8 Malicious user 9 Recognizing How Malicious Attackers Beget Ethical Hackers 10 Vulnerability and penetration testing versus auditing 10 Policy considerations 11 Compliance and regulatory concerns 12 Understanding the Need to Hack Your Own Systems 12 Understanding the Dangers Your Systems Face 14 Nontechnical attacks 14 Network infrastructure attacks 15 Operating system attacks 15 Application and other specialized attacks 15 Following the Security Assessment Principles 16 Working ethically 16 Respecting privacy 17 Not crashing your systems 17 Using the Vulnerability and Penetration Testing Process 18 Formulating your plan 18 Selecting tools 20 Executing the plan 22 Evaluating results 23 Moving on 23 Chapter 2: Cracking the Hacker Mindset 25 What You're Up Against 25 Who Breaks into Computer Systems 28 Hacker skill levels 28 Hacker motivations 30 Why They Do It 30 Planning and Performing Attacks 33 Maintaining Anonymity 35 Chapter 3: Developing Your Security Testing Plan 37 Establishing Your Goals 37 Determining Which Systems to Test 40 Creating Testing Standards 43 Timing your tests 43 Running specific tests 44 Conducting blind versus knowledge assessments 45 Picking your location 46 Responding to vulnerabilities you find 46 Making silly assumptions 46 Selecting Security Assessment Tools 47 Chapter 4: Hacking Methodology 49 Setting the Stage for Testing 49 Seeing What Others See 51 Scanning Systems 52 Hosts 53 Open ports 53 Determining What's Running on Open Ports 54 Assessing Vulnerabilities 56 Penetrating the System 58 Part 2: Putting Security Testing in Motion 59 Chapter 5: Information Gathering 61 Gathering Public Information 61 Social media 62 Web search 62 Web crawling 63 Websites 64 Mapping the Network 64 WHOIS 65 Privacy policies 66 Chapter 6: Social Engineering 67 Introducing Social Engineering 67 Starting Your Social Engineering Tests 68 Knowing Why Attackers Use Social Engineering 69 Understanding the Implications 70 Building trust 71 Exploiting the relationship 72 Performing Social Engineering Attacks 74 Determining a goal 75 Seeking information 75 Social Engineering Countermeasures 80 Policies 80 User awareness and training 80 Chapter 7: Physical Security 83 Identifying Basic Physical Security Vulnerabilities 84 Pinpointing Physical Vulnerabilities in Your Office 85 Building infrastructure 85 Utilities 87 Office layout and use 88 Network components and computers 90 Chapter 8: Passwords 95 Understanding Password Vulnerabilities 96 Organizational password vulnerabilities 97 Technical password vulnerabilities 97 Cracking Passwords 98 Cracking passwords the old-fashioned way 99 Cracking passwords with high-tech tools 102 Cracking password-protected files 110 Understanding other ways to crack passwords 112 General Password Cracking Countermeasures 117 Storing passwords 118 Creating password policies 118 Taking other countermeasures 120 Securing Operating Systems 121 Windows 121 Linux and Unix 122 Part 3: Hacking Network Hosts 123 Chapter 9: Network Infrastructure Systems 125 Understanding Network Infrastructure Vulnerabilities 126 Choosing Tools 127 Scanners and analyzers 128 Vulnerability assessment 128 Scanning, Poking, and Prodding the Network 129 Scanning ports 129 Scanning SNMP 135 Grabbing banners 137 Testing firewall rules 138 Analyzing network data 140 The MAC-daddy attack 147 Testing denial of service attacks 152 Detecting Common Router, Switch, and Firewall Weaknesses 155 Finding unsecured i