livre hack i.t : a guide to security through penetration testing (with cd-rom), securite : confidentialite, integrite disponibilite (firewall, proxy...). qualite. fiabilite, edition lavoisier

Notice

Hack I.T : a guide to security through penetration testing (with CD-ROM)

Auteur(s) : KLEVINSKY T.J., LALIBERTE Scott, GUPTA Ajay
Date de parution: 03-2002
Langue : ANGLAIS
Env. 448p. 19x23 Paperback
Etat : Épuisé

Commentaire

Résumé

Master penetration testing: hack your own systems to discover and fix their vulnerabilities!

Start-to-finish coverage: discovery, enumeration, vulnerability mapping, and exploitation.
Fix the top 50 network security problems.
Testing your intrusion detection and response capabilities -- in depth.

Using penetration testing, you can hack into your own systems to discover their vulnerabilities -- and fix them, before hackers take advantage of them. This is the first complete guide to every stage of penetration testing: discovery, enumeration, vulnerability mapping, and exploitation. Two leading security experts cover every key technique and tool, demonstrate how to plan for penetration testing, minimize the risks, and act on the lessons you learn. Drawing on their extensive consulting experience, they identify 50 common pitfalls in technology and network defense, presenting realistic solutions. Next, they introduce a framework that organizes penetration testing into four stages: finding the target network, identifying vulnerable services, exploiting weaknesses, and documenting results. They review commercial and open source penetration testing tools, providing many of them on CD-ROM. By using this framework and these tools, network security professionals can perform penetration tests that are well-structured, efficient, repeatable, and provide clear information for action.

T.J. Klevinsky and Scott Laliberte are Managers of Ernst & Youngs Security Technology Solutions practice, responsible for coordinating attack and penetration exercises and instructors for the companys Extreme Hacking course. Klevinsky is an instructor of a SANS security course. Jay Gupta is with Deloitte and Touche.

Sommaire

Preface.
Introduction.
1. Hacking Today.
2. Defining the Hacker.

Hacker Skill Levels.

First-Tier Hackers.
Second-Tier Hackers.
Third-Tier Hackers.

Information Security Consultants.
Hacker Myths.
Information Security Myths.

3. Penetration for Hire.

Ramifications of Penetration Testing.
Requirements for a Freelance Consultant.

Skill Set.
Knowledge.
Tool Kit.
Hardware.
Record Keeping.
Ethics.

Announced vs. Unannounced Penetration Testing.

Definitions.
Pros and Cons of Both Types of Penetration Testing.
Documented Compromise.

4. Where the Exposures Lie.

Application Holes.
Berkeley Internet Name Domain (BIND) Implementations.
Common Gateway Interface (CGI).
Clear Text Services.
Default Accounts.
Domain Name Service (DNS).
File Permissions.
FTP and telnet.
ICMP.
IMAP and POP.
Modems
Lack of Monitoring and Intrusion Detection.
Network Architecture.
Network File System (NFS).
NT Ports 135n139.
NT Null Connection.
Poor Passwords and User IDs.
Remote Administration Services.
Remote Procedure Call (RPC).
sendmail.
Services Started by Default.
Simple Mail Transport Protocol (SMTP).
Simple Network Management Protocol (SNMP) Community Strings.
Viruses and Hidden Code.
Web Server Sample Files.
Web Server General Vulnerabilities.
Monitoring Vulnerabilities.

5. Internet Penetration.

Network Enumeration/Discovery.

Whois Query.
Zone Transfer.
Ping Sweeps.
Traceroute.

Vulnerability Analysis.

OS Identification.
Port Scanning.
Application Enumeration.
Internet Research.

Exploitation.
Case Study: Dual-Homed Hosts.

6. Dial-In Penetration.

War Dialing.
War Dialing Method.

Dialing
Login.
Login Screens.

Gathering Numbers.
Precautionary Methods.
War Dialing Tools.

ToneLoc.
THC-Scan.
TeleSweep.
PhoneSweep.

Case Study: War Dialing.

7. Internal Penetration Testing.

Scenarios.
Network Discovery.
NT Enumeration.
UNIX.
Searching for Exploits.
Sniffing.
Remotely Installing a Hacker Tool Kit.
Vulnerability Scanning.
Case Study: Snoop the User Desktop.

8. Social Engineering.

The Telephone.

Technical Support.
Disgruntled Customer.
Get Help Logging In.
Additional Methods.

Dumpster Diving.
Desktop Information.
Common Countermeasures.

9. UNIX Methods.

UNIX Services.

inetd Services.
r Services.
Remote Procedure Call Services.

Buffer Overflow Attacks.
File Permissions.
Applications.

Mail Servers.
Web Servers.
X Windows.
DNS Servers.

Misconfigurations.
UNIX Tools.

Datapipe.c.
QueSO.
Cheops.
nfsshell.
XSCAN.

Case Study: UNIX Penetration.

10. The Tool Kit.

Hardware.
Software.

Windows NT Workstation.
Linux.

VMware.

11. Automated Vulnerability Scanners.

Definition.
Testing Use.
Shortfalls.
Network-Based and Host-Based Scanners.
Tools.
Network-Based Scanners.

Network Associates CyberCop Scanner.
ISS Internet Scanner.
Nessus.
Symantec (Formerly Axent Technologies) NetRecon.
Bindview HackerShield (bv-control for Internet Security).

Host-Based Scanners.

Symantec (Formerly Axent Technologies) Enterprise Security Manager (ESM).

Pentasafe VigilEnt.

Thèmes :

Informatique / Ingenierie des systemes d'information, genie logiciel, securite / Sécurité : confidentialité, intégrité disponibilité (firewall, proxy...). qualité. fiabilité

> Nouvelle recherche
> Voir le panier

Information

Services Client

Lavoisier.fr

> Recherche
avancée

> Voir le
panier

Nouveau

Systèmes d'information collaboratifs. Architectures et modèles (Ingénierie dessystèmes d'information RSTI série ISI Volume 15 n° 3/Mai-Juin 2010)

<a href='http://www.informationhospitaliere.com/ads/www/delivery/ck.php?n=afca6074&cb=9797' target='_blank'><img src='http://www.informationhospitaliere.com/ads/www/delivery/avw.php?zoneid=14&cb=9797&n=afca6074' border='0' alt='' /></a>