Welcome to Hacking For Dummies. This book outlines computer hacker tricks and techniques — in plain English — to assess the security of your own information systems, find security vulnerabilities, and fix the vulnerabilities before malicious and criminal hackers have an opportunity to take advantage of them. This hacking is the professional, aboveboard, and legal type of security testing — which I call ethical hacking throughout the book. Computer and network security is a complex subject and an ever- moving target. You must stay on top of it to ensure your information is protected from the bad guys.
You can implement all the security technologies and other best practices possible, and your information systems may be secure — as far as you know. However, until you understand how hackers think and apply that knowledge to assess your systems from a hacker’s-eye view, you can’t get a true sense of how secure your information really is.
Ethical hacking — sometimes referred to as penetration testing or white-hat hacking — is a necessary requirement to ensure that information systems are truly secure on an ongoing basis. This book provides you with the knowledge required to successfully implement an ethical hacking program, along with countermeasures that you can implement to keep malicious hackers out of your business.
How This Book Is Organized
This book is organized into eight parts — six regular chapter parts, a Part of Tens, and a part with appendixes. These parts are modular, so you can jump around from one part to another as needed. Each chapter provides practical methodologies and best practices you can utilize as part of your ethical hacking efforts, including checklists and references to specific tools you can use, as well as resources on the Internet.
Part I: Building the Foundation for Ethical Hacking
This part covers the fundamental aspects of ethical hacking. It starts with an overview of the value of ethical hacking and what you should and shouldn’t do during the process. You get inside the hacker’s mindset and discover how to plan your ethical hacking efforts. This part covers the steps involved in the ethical hacking process, including how to choose the proper tools.
Part II: Putting Ethical Hacking in Motion
This part gets you rolling with the ethical hacking process. It covers several well-known hack attacks, including social engineering and cracking passwords, to get your feet wet. The techniques presented are some of the most widely used hack attacks. This part covers the human and physical elements of security, which tend to be the weakest links in any information-security program. After you plunge into these topics, you’ll know the tips and tricks required to perform common general hack attacks against your systems, as well as specific countermeasures to keep your information systems secure.
Part III: Network Hacking
Starting with the larger network in mind, this part covers methods to test your systems for various well-known network infrastructure vulnerabilities. From weaknesses in the TCP/IP protocol suite to wireless network insecurities, you find out how networks are compromised using specific methods of flawed network communications, along with various countermeasures that you can implement to keep from becoming a victim. This part also includes case studies on some of the network hack attacks that are presented.
Part IV: Operating System Hacking
Practically all operating systems have well-known vulnerabilities that hackers often use. This part jumps into hacking three widely used operating systems: Windows, Linux, and NetWare. The hacking methods include scanning your operating systems for vulnerabilities and enumerating the specific hosts to gain detailed information. This part also includes information on exploiting well-known vulnerabilities in these operating systems, taking over operating systems remotely, and specific countermeasures that you can implement to make your operating systems more secure. This part also includes case studies on operating-system hack attacks.
Part V: Application Hacking
Application security is gaining more visibility in the information-security arena these days. An increasing number of attacks are aimed directly at various applications, which are often able to bypass firewalls, intrusion-detection systems, and antivirus software. This part discusses hacking specific applications, including coverage on malicious software and messaging systems, along with practical countermeasures that you can put in place to make your applications more secure.
One of the most common network attacks is on Web applications. Practically every firewall lets Web traffic into and out of the network, so most attacks are against the millions of Web applications available to almost anyone. This part covers Web application hack attacks, countermeasures, and some application hacking case studies for real-world security testing scenarios.
Part VI: Ethical Hacking Aftermath
After you’ve performed your ethical hack attacks, what do you do with the information you’ve gathered? Shelve it? Show it off? How do you move forward? This part answers all these questions and more. From developing reports for upper management to remediating the security flaws that you discover to establishing procedures for your ongoing ethical hacking efforts, this part brings the ethical hacking process full circle. This information not only ensures that your effort and time are well spent, but also is evidence that information security is as an essential element for success in any business that depends on computers and information technology.
Part VII: The Part of Tens
This part contains tips to help ensure the success of your ethical hacking program. You find out how to get upper management to buy into your ethical hacking program so you can get going and start protecting your systems. This part also includes the top ten ethical hacking mistakes to avoid and my top ten tips for ethical hacking success.
Part VIII: Appendixes
This part includes two appendixes that cover ethical hacking reference materials. This includes a one-stop reference listing of ethical hacking tools and resources, as well as information on the Hacking For Dummies Web site.
Enlaces Públicos de descarga