Includes bibliographical references and index.

Introduction 1 About This Book 1 Foolish Assumptions 2 Icons Used in This Book 3 Beyond the Book 3 Where to Go from Here 4 Part 1: Building the Foundation for Security Testing 5 Chapter 1: Introduction to Vulnerability and Penetration Testing 7 Straightening Out the Terminology 7 Hacker 8 Malicious user 9 Recognizing How Malicious Attackers Beget Ethical Hackers 10 Vulnerability and penetration testing versus auditing 10 Policy considerations 11 Compliance and regulatory concerns 12 Understanding the Need to Hack Your Own Systems 12 Understanding the Dangers Your Systems Face 14 Nontechnical attacks 14 Network infrastructure attacks 15 Operating system attacks 15 Application and other specialized attacks 15 Following the Security Assessment Principles 16 Working ethically 16 Respecting privacy 17 Not crashing your systems 17 Using the Vulnerability and Penetration Testing Process 18 Formulating your plan 18 Selecting tools 20 Executing the plan 22 Evaluating results 23 Moving on 23 Chapter 2: Cracking the Hacker Mindset 25 What You're Up Against 25 Who Breaks into Computer Systems 28 Hacker skill levels 28 Hacker motivations 30 Why They Do It 30 Planning and Performing Attacks 33 Maintaining Anonymity 35 Chapter 3: Developing Your Security Testing Plan 37 Establishing Your Goals 37 Determining Which Systems to Test 40 Creating Testing Standards 43 Timing your tests 43 Running specific tests 44 Conducting blind versus knowledge assessments 45 Picking your location 46 Responding to vulnerabilities you find 46 Making silly assumptions 46 Selecting Security Assessment Tools 47 Chapter 4: Hacking Methodology 49 Setting the Stage for Testing 49 Seeing What Others See 51 Scanning Systems 52 Hosts 53 Open ports 53 Determining What's Running on Open Ports 54 Assessing Vulnerabilities 56 Penetrating the System 58 Part 2: Putting Security Testing in Motion 59 Chapter 5: Information Gathering 61 Gathering Public Information 61 Social media 62 Web search 62 Web crawling 63 Websites 64 Mapping the Network 64 WHOIS 65 Privacy policies 66 Chapter 6: Social Engineering 67 Introducing Social Engineering 67 Starting Your Social Engineering Tests 68 Knowing Why Attackers Use Social Engineering 69 Understanding the Implications 70 Building trust 71 Exploiting the relationship 72 Performing Social Engineering Attacks 74 Determining a goal 75 Seeking information 75 Social Engineering Countermeasures 80 Policies 80 User awareness and training 80 Chapter 7: Physical Security 83 Identifying Basic Physical Security Vulnerabilities 84 Pinpointing Physical Vulnerabilities in Your Office 85 Building infrastructure 85 Utilities 87 Office layout and use 88 Network components and computers 90 Chapter 8: Passwords 95 Understanding Password Vulnerabilities 96 Organizational password vulnerabilities 97 Technical password vulnerabilities 97 Cracking Passwords 98 Cracking passwords the old-fashioned way 99 Cracking passwords with high-tech tools 102 Cracking password-protected files 110 Understanding other ways to crack passwords 112 General Password Cracking Countermeasures 117 Storing passwords 118 Creating password policies 118 Taking other countermeasures 120 Securing Operating Systems 121 Windows 121 Linux and Unix 122 Part 3: Hacking Network Hosts 123 Chapter 9: Network Infrastructure Systems 125 Understanding Network Infrastructure Vulnerabilities 126 Choosing Tools 127 Scanners and analyzers 128 Vulnerability assessment 128 Scanning, Poking, and Prodding the Network 129 Scanning ports 129 Scanning SNMP 135 Grabbing banners 137 Testing firewall rules 138 Analyzing network data 140 The MAC-daddy attack 147 Testing denial of service attacks 152 Detecting Common Router, Switch, and Firewall Weaknesses 155 Finding unsecured interfaces 155 Uncovering issues with SSL and TLS 156 Putting Up General Network Defenses 156 Chapter 10: Wireless Networks 159 Understanding the Implications of Wireless Network Vulnerabilities 159 Choosing Your Tools 160 Discovering Wireless Networks 162 Checking for worldwide recognition 162 Scanning your local airwaves 163 Discovering Wireless Network Attacks and Taking Countermeasures 165 Encrypted traffic 167 Countermeasures against encrypted traffic attacks 170 Wi-Fi Protected Setup 172 Countermeasures against the WPS PIN flaw 175 Rogue wireless devices 175 Countermeasures against rogue wireless devices 179 MAC spoofing 179 Countermeasures against MAC spoofing 183 Physical security problems 183 Countermeasures against physical security problems 184 Vulnerable wireless workstations 185 Countermeasures against vulnerable wireless workstations 185 Default configuration settings 185 Countermeasures against default configuration settings exploits 186 Chapter 11: Mobile Devices 187 Sizing Up Mobile Vulnerabilities 187 Cracking Laptop Passwords 188 Choosing your tools 188 Applying countermeasures 193 Cracking Phones and Tablets 193 Cracking iOS passwords 194 Taking countermeasures against password cracking 197 Part 4: Hacking Operating Systems 199 Chapter 12: Windows 201 Introducing Windows Vulnerabilities 202 Choosing Tools 203 Free Microsoft tools 203 All-in-one assessment tools 204 Task-specific tools 204 Gathering Information About Your Windows Vulnerabilities 205 System scanning 205 NetBIOS 208 Detecting Null Sessions 210 Mapping 211 Gleaning information 212 Countermeasures against null-session hacks 214 Checking Share Permissions 215 Windows defaults 216 Testing 216 Exploiting Missing Patches 217 Using Metasploit 220 Countermeasures against missing patch vulnerability exploits 224 Running Authenticated Scans 225 Chapter 13: Linux and macOS 227 Understanding Linux Vulnerabilities 228 Choosing Tools 229 Gathering Information About Your System Vulnerabilities 229 System scanning 229 Countermeasures against system scanning 233 Finding Unneeded and Unsecured Services 234 Searches 234 Countermeasures against attacks on unneeded services 236 Securing the rhosts and hosts.equiv Files 238 Hacks using the hosts.equiv and rhosts files 239 Countermeasures against rhosts and hosts.equiv file attacks 240 Assessing the Security of NFS 241 NFS hacks 241 Countermeasures against NFS attacks 242 Checking File Permissions 242 File permission hacks 243 Countermeasures against file permission attacks 243 Finding Buffer Overflow Vulnerabilities 244 Attacks 244 Countermeasures against buffer overflow attacks 245 Checking Physical Security 245 Physical security hacks 245 Countermeasures against physical security attacks 245 Performing General Security Tests 246 Patching 248 Distribution updates 248 Multiplatform update managers 249 Part 5: Hacking Applications 251 Chapter 14: Communication and Messaging Systems 253 Introducing Messaging System Vulnerabilities 253 Recognizing and Countering Email Attacks 254 Email bombs 255 Banners 258 SMTP attacks 260 General best practices for minimizing email security risks 269 Understanding VoIP 270 VoIP vulnerabilities 271 Countermeasures against VoIP vulnerabilities 275 Chapter 15: Web Applications and Mobile Apps 277 Choosing Your Web Security Testing Tools 278 Seeking Out Web Vulnerabilities 279 Directory traversal 279 Countermeasures against directory traversals 283 Input-filtering attacks 283 Countermeasures against input attacks 290 Default script attacks 291 Countermeasures against default script attacks 293 Unsecured login mechanisms 293 Countermeasures against unsecured login systems 297 Performing general security scans for web application vulnerabilities 297 Minimizing Web Security Risks 298 Practicing security by obscurity 299 Putting up firewalls 300 Analyzing source code 300 Uncovering Mobile App Flaws 301 Chapter 16: Databases and Storage Systems 303 Diving Into Databases 303 Choosing tools 304 Finding databases on the network 304 Cracking database passwords 305 Scanning databases for vulnerabilities 306 Following Best Practices for Minimizing Database Security Risks 307 Opening Up About Storage Systems 308 Choosing tools 309 Finding storage systems on the network 309 Rooting out sensitive text in network files 310 Following Best Practices for Minimizing Storage Security Risks 312 Part 6: Security Testing Aftermath 315 Chapter 17: Reporting Your Results 317 Pulling the Results Together 317 Prioritizing Vulnerabilities 319 Creating Reports 321 Chapter 18: Plugging Your Security Holes 323 Turning Your Reports into Action 323 Patching for Perfection 324 Patch management 325 Patch automation 325 Hardening Your Systems 326 Assessing Your Security Infrastructure 328 Chapter 19: Managing Security Processes 331 Automating the Security Assessment Process 331 Monitoring Malicious Use 332 Outsourcing Security Assessments 334 Instilling a Security-Aware Mindset 336 Keeping Up with Other Security Efforts 337 Part 7: The Part of Tens 339 Chapter 20: Ten Tips for Getting Security Buy-In 341 Cultivate an Ally and a Sponsor 341 Don't Be a FUDdy-Duddy 342 Demonstrate That the Organization Can't Afford to Be Hacked 342 Outline the General Benefits of Security Testing 343 Show How Security Testing Specifically Helps the Organization 344 Get Involved in the Business 344 Establish Your Credibility 345 Speak on Management's Level 345 Show Value in Your Efforts 346 Be Flexible and Adaptable 346 Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test 347 The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods 347 IT Governance and Compliance Are More Than High-Level Checklist Audits 348 Vulnerability and Penetration Testing Complements Audits and Security Evaluations 348 Customers and Partners Will Ask How Secure Your Systems Are 348 The Law of Averages Works Against Businesses 349 Security Assessments Improve Understanding of Business Threats 349 If a Breach Occurs, You Have Something to Fall Back On 349 In-Depth Testing Brings Out the Worst in Your Systems 350 Combined Vulnerability and Penetration Testing Is What You Need 350 Proper Testing Can Uncover Overlooked Weaknesses 350 Chapter 22: Ten Deadly Mistakes 351 Not Getting Approval 351 Assuming That You Can Find All Vulnerabilities 352 Assuming That You Can Eliminate All Vulnerabilities 352 Performing Tests Only Once 353 Thinking That You Know It All 353 Running Your Tests Without Looking at Things from a Hacker's Viewpoint 353 Not Testing the Right Systems 354 Not Using the Right Tools 354 Pounding Production Systems at the Wrong Time 354 Outsourcing Testing and Not Staying Involved 355 Appendix: Tools and Resources 357 Index 375

Until you can think like a bad guy and recognize the vulnerabilities in your system, you can't build an effective plan to keep your information secure. The book helps you stay on top of the security game!

College of Engineering and Computer Studies Bachelor of Science in Computer Engineering

Text in English