Читать книгу Hacking For Dummies - Kevin Beaver - Страница 3

1  Cover

2  Title Page

3  Copyright

4  Introduction About This Book Foolish Assumptions Icons Used in This Book Beyond the Book Where to Go from Here

5  Part 1: Building the Foundation for Security Testing Chapter 1: Introduction to Vulnerability and Penetration Testing Straightening Out the Terminology Recognizing How Malicious Attackers Beget Ethical Hackers Understanding the Need to Hack Your Own Systems Understanding the Dangers Your Systems Face Following the Security Assessment Principles Using the Vulnerability and Penetration Testing Process Chapter 2: Cracking the Hacker Mindset What You’re Up Against Who Breaks into Computer Systems Why They Do It Planning and Performing Attacks Maintaining Anonymity Chapter 3: Developing Your Security Testing Plan Establishing Your Goals Determining Which Systems to Test Creating Testing Standards Selecting Security Assessment Tools Chapter 4: Hacking Methodology Setting the Stage for Testing Seeing What Others See Scanning Systems Determining What’s Running on Open Ports Assessing Vulnerabilities Penetrating the System

6  Part 2: Putting Security Testing in Motion Chapter 5: Information Gathering Gathering Public Information Mapping the Network Chapter 6: Social Engineering Introducing Social Engineering Starting Your Social Engineering Tests Knowing Why Attackers Use Social Engineering Understanding the Implications Performing Social Engineering Attacks Social Engineering Countermeasures Chapter 7: Physical Security Identifying Basic Physical Security Vulnerabilities Pinpointing Physical Vulnerabilities in Your Office Chapter 8: Passwords Understanding Password Vulnerabilities Cracking Passwords General Password Cracking Countermeasures Securing Operating Systems

7  Part 3: Hacking Network Hosts Chapter 9: Network Infrastructure Systems Understanding Network Infrastructure Vulnerabilities Choosing Tools Scanning, Poking, and Prodding the Network Detecting Common Router, Switch, and Firewall Weaknesses Putting Up General Network Defenses Chapter 10: Wireless Networks Understanding the Implications of Wireless Network Vulnerabilities Choosing Your Tools Discovering Wireless Networks Discovering Wireless Network Attacks and Taking Countermeasures Chapter 11: Mobile Devices Sizing Up Mobile Vulnerabilities Cracking Laptop Passwords Cracking Phones and Tablets

8  Part 4: Hacking Operating Systems Chapter 12: Windows Introducing Windows Vulnerabilities Choosing Tools Gathering Information About Your Windows Vulnerabilities Detecting Null Sessions Checking Share Permissions Exploiting Missing Patches Running Authenticated Scans Chapter 13: Linux and macOS Understanding Linux Vulnerabilities Choosing Tools Gathering Information About Your System Vulnerabilities Finding Unneeded and Unsecured Services Securing the .rhosts and hosts.equiv Files Assessing the Security of NFS Checking File Permissions Finding Buffer Overflow Vulnerabilities Checking Physical Security Performing General Security Tests Patching

9  Part 5: Hacking Applications Chapter 14: Communication and Messaging Systems Introducing Messaging System Vulnerabilities Recognizing and Countering Email Attacks Understanding VoIP Chapter 15: Web Applications and Mobile Apps Choosing Your Web Security Testing Tools Seeking Out Web Vulnerabilities Minimizing Web Security Risks Uncovering Mobile App Flaws Chapter 16: Databases and Storage Systems Diving Into Databases Following Best Practices for Minimizing Database Security Risks Opening Up About Storage Systems Following Best Practices for Minimizing Storage Security Risks

10  Part 6: Security Testing Aftermath Chapter 17: Reporting Your Results Pulling the Results Together Prioritizing Vulnerabilities Creating Reports Chapter 18: Plugging Your Security Holes Turning Your Reports into Action Patching for Perfection Hardening Your Systems Assessing Your Security Infrastructure Chapter 19: Managing Security Processes Automating the Security Assessment Process Monitoring Malicious Use Outsourcing Security Assessments Instilling a Security-Aware Mindset Keeping Up with Other Security Efforts

11  Part 7: The Part of Tens Chapter 20: Ten Tips for Getting Security Buy-In Cultivate an Ally and a Sponsor Don’t Be a FUDdy-Duddy Demonstrate That the Organization Can’t Afford to Be Hacked Outline the General Benefits of Security Testing Show How Security Testing Specifically Helps the Organization Get Involved in the Business Establish Your Credibility Speak on Management’s Level Show Value in Your Efforts Be Flexible and Adaptable Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods IT Governance and Compliance Are More Than High-Level Audits Vulnerability and Penetration Testing Complements Audits and Security Evaluations Customers and Partners Will Ask How Secure Your Systems Are The Law of Averages Works Against Businesses Security Assessments Improve Understanding of Business Threats If a Breach Occurs, You Have Something to Fall Back On In-Depth Testing Brings Out the Worst in Your Systems Combined Vulnerability and Penetration Testing Is What You Need Proper Testing Can Uncover Overlooked Weaknesses Chapter 22: Ten Deadly Mistakes Not Getting Approval Assuming That You Can Find All Vulnerabilities Assuming That You Can Eliminate All Vulnerabilities Performing Tests Only Once Thinking That You Know It All Running Your Tests Without Looking at Things from a Hacker’s Viewpoint Not Testing the Right Systems Not Using the Right Tools Pounding Production Systems at the Wrong Time Outsourcing Testing and Not Staying Involved

12  Appendix: Tools and Resources Bluetooth Certifications Databases Denial of Service (DoS) Protection Exploits Firewall Rulebase Analyzers General Research and OSINT Tools Hacker and Security Testing Publications Internet of Things Keyloggers Laws and Regulations Linux Live Toolkits Log Analysis Messaging Miscellaneous Mobile Networks Password Cracking Patch Management Security Education and Learning Resources Security Frameworks Security Reports and Statistics Social Engineering and Phishing Source Code Analysis Storage User Awareness and Training Voice over Internet Protocol Vulnerability Databases Websites and Applications Windows Wireless Networks

13  Index

14  About the Author

15  Advertisement Page

16  Connect with Dummies

17  End User License Agreement