1st Edition
The Hacker's Handbook The Strategy Behind Breaking into and Defending Networks
The Hacker’s Handbook: The Strategy Behind Breaking Into and Defending Networks, moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders.
This book is divided into three parts. Part I introduces programming, protocol, and attack concepts. Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration.
Each section provides a “path” to hacking/security Web sites and other resources that augment existing content. Referencing these supplemental and constantly-updated resources ensures that this volume remains timely and enduring. By informing IT professionals how to think like hackers, this book serves as a valuable weapon in the fight to protect digital assets.
FOUNDATION MATERIAL
Case Study in Subversion
Know Your Opponent
Anatomy of an Attack
Your Defensive Arsenal
Programming
The Protocols (TCP/IP) (OSI Layers 2-3)
The Protocols (TCP/IP) (OSI Layers 4-7)
SYSTEM AND NETWORK PENETRATION
Domain Name Service (DNS)
Directory Services
Simple Mail Transfer Protocol (SMTP)
Hypertext Transfer Protocol (http)
Database Hacking
Malware
Network Hardware
CONSOLIDATION
Consolidating Gains
After the Fall
Conclusion
Biography
Dave Aitel is the founder of Immunity, Inc. (www.immunitysec.com), with prior experience at both private industry security consulting companies and the National Security Agency. His tools, SPIKE and SPIKE Proxy, are widely regarded as the best black box application assessment tools available.Susan Young has worked in the security field for the past seven years, four of which have been spent in the security consulting arena, helping clients design and implement secure networks, training on security technologies, and conducting security assessments and penetration tests of client system or network defenses (so-called ethical hacking). Her experience has included consulting work in the defense sector and the financial industry, as well as time spent evaluating and deconstructing various security products. She currently works as a senior security consultant in the Boston area security practice of International Network Services (INS).
“By the author’s providing a ‘hacker’ perspective, readers will more fully understand the ramifications of having an insecure computer, server, network, program, database and or policy. The book [includes] … a good table of contents that is extensive, very organized and thorough … . … [T]here are important discussions of the non-technical kind [of insecurity] like policy, which is too often overlooked in many organizations. … What is most impressive about the book is its outlines of specific exploits and attacks with prescribed defenses. … Coupled with good illustrations and detailed explanations[,] this is a great resource for both academic and public libraries.”
— E-Streams, Vol. 7, No. 9, Sept. 2004
“Awesome work!”
—Anton Chuvakin, Ph.D., GCIA, GCIH, netForensics
Promo Copy