Hacking Exposed: Network Security Secrets & Solutions, Second Edition (Hacking Exposed) - Softcover

Review

A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.

The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren't impressed, and don't hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. --David Wall

Topics covered:

• Security vulnerabilities of operating systems, applications, and network devices
• Administrative procedures that will help defeat them
• Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix
• Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls

From the Back Cover

In today's round-the-clock, hyper-connected, all-digital economy, computer security is everyone's business. Hacking Exposed: Network Security Secrets & Solutions, Second Edition brings even more in-depth insight into how hackers infiltrate e-business, and how they can be stopped. Security insiders Stuart McClure, Joel Scambray, and George Kurtz present more than 220 all-new pages of technical detail and case studies in an easy-to-follow style. The world of Internet security moves even faster than the digital economy, and all of the brand-new tools and techniques that have surfaced since the publication of the best-selling first edition are covered here. Use the real-world countermeasures in this one-of-a-kind volume to plug the holes in your network today--before they end up in the headlines tomorrow. New and Updated Material: Brand new "Hacking the Internet User" chapter covers insidious Internet client attacks against web browsers, email software, and active content, including the vicious new Outlook email date field buffer overflow and ILOVEYOU worms. A huge new chapter on Windows 2000 attacks and countermeasures covers offline password database attacks and Encrypting File System (EFS) vulnerabilities. Coverage of all the new Distributed Denial of Service (DDoS) tools and techniques that almost broke down the Internet in February 2000 (Trinoo, TFN2K, Stacheldraht). Significantly updated e-commerce hacking methodologies including new IIS and Cold Fusion vulnerabilities. A revised and updated dial-up chapter with new material on PBX and voicemail system hacking. New network discovery tools and techniques, including an updated section on Windows-based scanners, how to carry out eavesdropping attacks on switched networks using ARP redirection, and RIP spoofing attacks. Coverage of new back doors and forensic techniques, including defenses against Win9x back doors like Sub7. Updated coverage of security attacks against Windows 9x, Windows Me, Windows 2000, Windows NT, UNIX, Linux, NetWare, and dozens of other platforms, with appropriate countermeasures.