Muutke küpsiste eelistusi

Ethical Hacking: Techniques, Tools, and Countermeasures 4th edition [Pehme köide]

,
  • Formaat: Paperback / softback, 400 pages, kaal: 737 g
  • Ilmumisaeg: 12-Dec-2022
  • Kirjastus: Jones and Bartlett Publishers, Inc
  • ISBN-10: 1284248992
  • ISBN-13: 9781284248999
Teised raamatud teemal:
Ethical Hacking: Techniques, Tools, and Countermeasures 4th editionSuurem pilt
  • Formaat: Paperback / softback, 400 pages, kaal: 737 g
  • Ilmumisaeg: 12-Dec-2022
  • Kirjastus: Jones and Bartlett Publishers, Inc
  • ISBN-10: 1284248992
  • ISBN-13: 9781284248999
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781284248999.html
Märksõnad:
Ethical Hacking: Techniques, Tools, and Countermeasures, Fourth Edition, covers the basic strategies and tools that prepare students to engage in proactive and aggressive cyber security activities, with an increased focus on Pen testing and Red Teams. Written by subject matter experts, with numerous real-world examples, the Fourth Edition provides readers with a clear, comprehensive introduction to the many threats on the security of our cyber environments and what can be done to combat them.The text begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. Part II provides a technical overview of hacking: how attackers target cyber resources and the methodologies they follow. Part III studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on distributed devices. Part of the Jones amp Bartlett Learning Information Systems Security amp Assurance Series! Click here to learn more.
Preface xvii
Acknowledgments xix
About the Authors xxi
PART I Hacker Techniques and Tools
1(98)
Chapter 1 Hacking: The Next Generation
3(20)
Profiles and Motives of Different Types of Hackers
4(2)
Controls
6(1)
The Hacker Mindset
6(1)
Motivations of Hackers
7(2)
A Look at the History of Computer Hacking
9(1)
Ethical Hacking and Penetration Testing
10(1)
The Role of Ethical Hacking
11(2)
Ethical Hackers and the C-I-A Triad
13(1)
Common Hacking Methodologies
14(1)
Performing a Penetration Test
15(3)
The Role of the Law and Ethical Standards
18(2)
Chapter Summary
20(1)
Key Concepts and Terms
20(1)
Chapter 1 Assessment
20(3)
Chapter 2 Linux and Penetration Testing
23(14)
Linux
24(2)
Introducing Kali Linux
26(1)
Working with Linux: The Basics
27(1)
A Look at the Interface
27(1)
Basic Linux Navigation
28(1)
Important Linux Directories
28(1)
Commonly Used Commands
28(2)
The Basic Command Structure of Linux
30(2)
Wildcard Characters in Linux
32(2)
LIVE CDs/DVDs
34(1)
Special-Purpose Live CDs/DVDs
34(1)
Virtual Machines
34(1)
Chapter Summary
35(1)
Key Concepts and Terms
35(1)
Chapter 2 Assessment
36(1)
Chapter 3 TCP/IP Review
37(30)
Exploring the OSI Reference Model
38(1)
The Role of Protocols
39(1)
Layer 1 Physical Layer
40(1)
Layer 2 Data Link Layer
41(1)
Layer 3 Network Layer
42(1)
Layer 4 Transport Layer
42(1)
Layer 5 Session Layer
43(1)
Layer 6 Presentation Layer
43(1)
Layer 7 Application Layer
44(1)
The Role of Encapsulation
44(1)
Mapping the OSI Model to Functions and Protocols
44(1)
OSI Model Layers and Services
45(1)
TCP/IP: A Layer-by-Layer Review
46(1)
Physical or Network Access Layer
47(4)
Network or Internet Layer
51(7)
Host-to-Host Layer
58(2)
Application Layer
60(4)
Chapter Summary
64(1)
Key Concepts Andterms
64(1)
Chapter 3 Assessment
64(3)
Chapter 4 Cryptographic Concepts
67(32)
Cryptographic Basics
69(1)
Authentication
70(1)
Integrity
70(1)
Nonrepudiation
71(1)
Symmetric and Asymmetric Cryptography
71(1)
Cryptographic History
72(3)
What Is an Algorithm or Cipher?
75(2)
Symmetric Encryption
77(3)
Asymmetric Encryption
80(3)
Hashing
83(2)
Birthday Attacks
85(1)
Digital Signatures
85(1)
Public Key Infrastructure
86(3)
The Role of Certificate Authorities
89(1)
Registration Authority
89(1)
Certificate Revocation List
89(1)
Digital Certificates
90(1)
PKI Attacks
91(1)
Common Cryptographic Systems
92(1)
Cryptanalysis
93(3)
Future Forms of Cryptography
96(1)
Chapter Summary
97(1)
Key Concepts and Terms
97(1)
Chapter 4 Assessment
98(1)
PART II A Technical and Social Overview of Hacking
99(208)
Chapter 5 Passive Reconnaissance
101(28)
The Information-Gathering Process
102(1)
Information on a Company Website and Available Through Social Media
103(3)
Discovering Financial Information
106(2)
Google Hacking
108(3)
Exploring Domain Information Leakage
111(1)
Manual Registrar Query
112(1)
Nslookup
113(3)
Automatic Registrar Query
116(1)
Whois
116(2)
Internet Assigned Numbers Authority
118(2)
Determining a Network Range
120(1)
Traceroute
121(1)
Tracking an Organization's Employees
122(2)
Using Social Networks
124(1)
Using Basic Countermeasures
125(1)
Chapter Summary
126(1)
Key Concepts Andterms
127(1)
Chapter 5 Assessment
127(2)
Chapter 6 Active Reconnaissance
129(22)
Determining Address Ranges of Networks
130(1)
Identifying Active Machines
131(1)
Wardialing
131(1)
Wardriving and Related Activities
131(2)
Pinging
133(1)
Port Scanning
134(3)
Active Reconnaissance Countermeasures
137(1)
Mapping Open Ports
138(1)
Nmap
138(2)
Free IP Scanner
140(1)
Angry IP Scanner
141(1)
Advanced IP Scanner
141(2)
Operating System Fingerprinting
143(1)
Active OS Fingerprinting
144(1)
Passive OS Fingerprinting
145(2)
Mapping the Network
147(1)
Analyzing the Results
148(1)
Chapter Summary
149(1)
Key Concepts and Terms
149(1)
Chapter 6 Assessment
150(1)
Chapter 7 Enumeration and Exploitation
151(32)
Windows Basics
152(1)
Controlling Access
153(1)
Users
153(2)
Groups
155(1)
Security Identifiers
156(1)
Commonly Attacked and Exploited Services
156(1)
Enumeration
157(1)
Performing Enumeration Tasks
158(1)
NULL Session
158(2)
Working with nbtstat
160(1)
SuperScan
161(1)
SNScan
162(1)
Reporting
162(1)
Exploitation
163(1)
Password Cracking
164(1)
Passive Online Attacks
165(1)
Active Online Attacks
165(1)
Offline Attacks
166(3)
Nontechnical Attacks
169(1)
Using Password Cracking
170(1)
Privilege Escalation
170(1)
Active® Password Changer
171(1)
Reset Windows Password
171(3)
Stopping Privilege Escalation
174(1)
Planting Backdoors
174(1)
Using PsTools
175(1)
Rootkits
175(2)
Covering Tracks
177(1)
Disabling Auditing
177(1)
Data Hiding
178(1)
Chapter Summary
179(1)
Key Concepts and Terms
180(1)
Chapter 7 Assessment
180(3)
Chapter 8 Malware
183(32)
Malware
184(2)
Malware's Legality
186(1)
Types of Malware
187(1)
Malware's Targets
187(1)
Viruses
188(1)
The History of Viruses
188(1)
Types of Viruses
189(3)
Prevention Techniques
192(1)
Worms
193(1)
How Worms Work
194(1)
Stopping Worms
195(1)
Trojans
196(1)
Use of Trojans
197(1)
Targets of Trojans
198(1)
Known Symptoms of an Infection
198(1)
Detection of Trojans
199(3)
Distribution Methods
202(1)
Backdoors
203(1)
Covert Communication
204(1)
Keystroke Loggers
205(1)
Software
205(1)
Hardware
206(1)
Port Redirection
206(2)
Spyware
208(1)
Methods of Infection
208(1)
Bundling with Software
209(1)
Adware
210(1)
Scareware
210(1)
Ransomware
211(1)
Chapter Summary
212(1)
Key Concepts and Terms
212(1)
Chapter 8 Assessment
213(2)
Chapter 9 Web and Database Attacks
215(24)
Attacking Web Servers
216(1)
Categories of Risk
217(1)
Vulnerabilities of Web Servers
218(1)
Improper or Poor Web Design
218(1)
Buffer Overflow
219(1)
Denial of Service Attack
219(1)
Distributed Denial of Service Attack
219(1)
Banner Information
220(1)
Permissions
221(1)
Error Messages
221(1)
Unnecessary Features
222(1)
User Accounts
223(1)
Structured Query Language (SQL) Injection
223(1)
Examining a SQL Injection Attack
223(2)
Vandalizing Web Servers
225(1)
Input Validation
225(1)
Cross-Site Scripting Attack
226(1)
Anatomy of Web Applications
227(1)
Insecure Logon Systems
227(1)
Scripting Errors
228(1)
Session Management Issues
229(1)
Encryption Weaknesses
230(1)
Database Vulnerabilities
230(1)
Types of Databases
231(1)
Vulnerabilities
232(1)
Locating Databases on the Network
232(1)
Database Server Password Cracking
233(1)
Locating Vulnerabilities in Databases
234(1)
Cloud Computing
235(1)
Chapter Summary
236(1)
Key Concepts Andterms
237(1)
Chapter 9 Assessment
237(2)
Chapter 10 Sniffers, Session Hijacking, and Denial of Service Attacks
239(22)
Sniffers
240(1)
Passive Sniffing
241(1)
Active Sniffing
242(4)
Sniffing Tools
246(1)
What Can Be Sniffed?
247(1)
Session Hijacking
247(1)
Identifying an Active Session
248(2)
Seizing Control of a Session
250(1)
Session Hijacking Tools
250(1)
Thwarting Session Hijacking Attacks
251(1)
Denial of Service Attacks
251(1)
Types of DoS Attacks
252(2)
Tools for DoS Attacks
254(1)
Distributed Denial of Service Attacks
254(1)
Characteristics of DDoS Attacks
255(1)
Tools for DDoS Attacks
256(1)
Botnets and the Internet of Things
257(1)
Chapter Summary
258(1)
Key Concepts and Terms
259(1)
Chapter 10 Assessment
259(2)
Chapter 11 Wireless Vulnerabilities
261(26)
The Importance of Wireless Security
262(1)
Emanations
262(1)
Common Support and Availability
263(1)
A Brief History of Wireless Technologies
264(1)
802.11
264(1)
802.11b
265(1)
802.11a
265(1)
802.11g
266(1)
802.11n
266(1)
802.11ac
266(1)
802.11ax
267(1)
Other 802.11 Variants
267(1)
Other Wireless Technologies
267(1)
Working with and Securing Bluetooth
268(1)
Bluetooth Security
269(3)
Securing Bluetooth
272(1)
Working with Wireless LANs
272(1)
CSMA/CD Versus CSMA/CA
272(1)
Role of Access Points
273(1)
Service Set Identifier
273(1)
Association with an AP
274(1)
The Importance of Authentication
274(1)
Working with RADIUS
274(1)
Network Setup Options
274(1)
Threats to Wireless LANs
275(3)
Countermeasures to Wireless LAN Threats
278(1)
The Internet of Things
279(1)
Wireless Hacking Tools
280(1)
Homedale
280(1)
The inSSIDer Program
281(1)
Protecting Wireless Networks
282(1)
Default AP Security
282(1)
Placement
282(1)
Dealing with Emanations
282(1)
Dealing with Rogue APs
282(1)
Use Protection for Transmitted Data
283(1)
MAC Filtering
283(1)
Chapter Summary
284(1)
Key Concepts and Terms
284(1)
Chapter 11 Assessment
284(3)
Chapter 12 Social Engineering
287(20)
What Is Social Engineering?
288(1)
Types of Social Engineering Attacks
289(1)
Phone-Based Attacks
289(1)
Dumpster Diving
289(1)
Shoulder Surfing
290(1)
Attacks Through Social Media
290(1)
Persuasion/Coercion
290(1)
Reverse Social Engineering
290(1)
Technology and Social Engineering
291(1)
The Browser as a Defense Against Social Engineering
291(1)
Other Good Practices for Safe Computing
292(2)
Best Practices for Passwords
294(1)
Know What the Web Knows About You
294(1)
Creating and Managing Your Passwords
294(1)
Invest in a Password Manager
295(1)
Social Engineering and Social Networking
295(1)
Think Before You Post
296(1)
Risks Associated with Social Networking
296(3)
Social Networking in a Corporate Setting
299(1)
Particular Concerns in a Corporate Setting
300(1)
Mixing the Personal with the Professional
300(2)
Facebook Security
302(1)
Chapter Summary
303(1)
Key Concepts Andterms
304(1)
Chapter 12 Assessment
304(3)
PART III Defensive Techniques and Tools
307(74)
Chapter 13 Defensive Techniques
309(22)
What Is a Security Incident?
310(1)
The Incident Response Process
311(1)
Incident Response Policies, Procedures, and Guidelines
312(1)
Phases of an Incident and Response
313(1)
Incident Response Team
314(1)
Incident Response Plans
315(1)
Business Continuity Plans
315(3)
Recovering Systems
318(1)
Recovering from a Security Incident
318(1)
Loss Control and Damage Assessment
319(1)
Business Impact Analysis
319(1)
Planning for Disaster and Recovery
320(1)
Testing and Evaluation
321(1)
Preparation and Staging of Testing Procedures
322(1)
Frequency of Tests
323(1)
Analysis of Test Results
323(1)
Evidence Handling and Administration
323(1)
Evidence Collection Techniques
323(1)
Types of Evidence
324(1)
Chain of Custody
325(1)
Computer or Device Removal
325(1)
Rules of Evidence
325(1)
Security Reporting Options and Guidelines
326(1)
Requirements of Regulated Industries
327(1)
Chapter Summary
328(1)
Key Concepts and Terms
329(1)
Chapter 13 Assessment
329(2)
Chapter 14 Defensive Tools
331(26)
Defense in Depth
332(1)
Intrusion Detection Systems
332(4)
IDS Components
336(3)
Setting Goals for an IDS
339(1)
Accountability
340(1)
Limitations of an IDS
340(1)
Intrusion Prevention Systems
341(1)
Firewalls
342(1)
How Firewalls Work
342(1)
Firewall Methodologies
343(1)
Limitations of a Firewall
344(1)
Implementing a Firewall
345(1)
Authoring a Firewall Policy
346(2)
Honeypots and Honeynets
348(1)
Goals of Honeypots
348(1)
Legal Issues
349(1)
The Role of Controls
349(1)
Administrative Controls
350(1)
Technical Controls
350(2)
Physical Controls
352(1)
Security Best Practices
353(1)
Security Information and Event Management
353(1)
Sources for Guidance
354(1)
Chapter Summary
354(1)
Key Concepts and Terms
355(1)
Chapter 14 Assessment
355(2)
Chapter 15 Physical Security
357(24)
Basic Equipment Controls
358(1)
Hard Drive and Mobile Device Encryption
358(3)
Fax Machines and Printers
361(1)
Voice over Internet Protocol
362(1)
Physical Area Controls
362(1)
Fences
363(1)
Perimeter Intrusion Detection and Assessment Systems
364(1)
Gates
364(1)
Bollards
365(1)
Facility Controls
366(1)
Doors, Mantraps, and Turnstiles
366(1)
Walls, Ceilings, and Floors
367(1)
Windows
368(1)
Guards and Dogs
368(1)
Construction
369(1)
Personal Safety Controls
369(1)
Lighting
370(1)
Alarms and Intrusion Detection
370(1)
Closed-Circuit TV and Remote Monitoring
371(1)
Physical Access Controls
372(1)
Locks
372(1)
Tokens and Biometrics
373(1)
Avoiding Common Threats to Physical Security
374(1)
Natural, Human, and Technical Threats
374(1)
Physical Keystroke Loggers and Sniffers
375(1)
Wireless Interception and Rogue Access Points
376(1)
Defense in Depth
377(1)
Chapter Summary
378(1)
Key Concepts Andterms
378(1)
Chapter 15 Assessment
378(3)
Appendix A Answer Key 381(2)
Appendix B Standard Acronyms 383(2)
Glossary of Key Terms 385(8)
References 393(4)
Index 397
Michael G. Solomon, PhD, CISSP, PMP, CISM, CySA+, Pentest+, is an author, educator, and consultant focusing on privacy, security, blockchain, and identity management. As an IT professional and consultant since 1987, Dr. Solomon has led project teams for many Fortune 500 companies and has authored and contributed to more than 30 books and numerous training courses. Dr. Solomon is a Professor of Computer and Information Sciences at the University of the Cumberlands and holds a Ph.D. in Computer Science and Informatics from Emory University.

Sean-Philip Oriyano has been actively working in the IT field since 1990. Throughout his career, he has held positions such as support specialist to consultants and senior instructor. Currently he is an IT instructor who specializes in infrastructure and security topics for various public and private entities. Sean has instructed for the US Air Force, Navy, and Army at locations both in North America and internationally. Sean is certified as a CISSP, CHFI, CEH, CEI, CNDA, SCNP, SCPI, MCT, MCSE, and MCITP, and he is a member of EC-Council, ISSA, Elearning Guild, and Infragard.