Verfügbarkeit: Hacking Exposed 7 | Technische Universität München

Hacking Exposed 7: Network Security Secrets and Solutions

Gespeichert in:

Bibliographische Detailangaben
Beteiligte Personen:	McClure, Stuart (VerfasserIn), Scambray, Joel (VerfasserIn), Kurtz, George (VerfasserIn)
Format:	Buch
Sprache:	Englisch
Veröffentlicht:	New York [u.a.] McGraw Hill 2012
Ausgabe:	7. ed.
Schlagwörter:	Computer communications & networking Hacker Computersicherheit Betriebssystem Zugriffskontrolle Internet Rechnernetz Datensicherung
Links:	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025220486&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
Umfang:	XXIV, 741 S.
ISBN:	9780071780285 0071780289

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV040366776
003	DE-604
005	20120925
007	t\|
008	120816s2012 xx \|\|\|\| 00\|\|\| eng d
020			\|a 9780071780285 \|9 978-0-07178028-5
020			\|a 0071780289 \|9 0-07-178028-9
035			\|a (OCoLC)812233179
035			\|a (DE-599)BVBBV040366776
040			\|a DE-604 \|b ger \|e rakwb
041	0		\|a eng
049			\|a DE-355 \|a DE-83 \|a DE-861 \|a DE-706
082	0		\|a 005.8 \|2 23
084			\|a ST 277 \|0 (DE-625)143643: \|2 rvk
100	1		\|a McClure, Stuart \|e Verfasser \|0 (DE-588)121792064 \|4 aut
245	1	0	\|a Hacking Exposed 7 \|b Network Security Secrets and Solutions
250			\|a 7. ed.
264		1	\|a New York [u.a.] \|b McGraw Hill \|c 2012
300			\|a XXIV, 741 S.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650		4	\|a Computer communications & networking
650	0	7	\|a Hacker \|0 (DE-588)4113821-1 \|2 gnd \|9 rswk-swf
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Betriebssystem \|0 (DE-588)4006216-8 \|2 gnd \|9 rswk-swf
650	0	7	\|a Zugriffskontrolle \|0 (DE-588)4293034-0 \|2 gnd \|9 rswk-swf
650	0	7	\|a Internet \|0 (DE-588)4308416-3 \|2 gnd \|9 rswk-swf
650	0	7	\|a Rechnernetz \|0 (DE-588)4070085-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Datensicherung \|0 (DE-588)4011144-1 \|2 gnd \|9 rswk-swf
689	0	0	\|a Rechnernetz \|0 (DE-588)4070085-9 \|D s
689	0	1	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	2	\|a Zugriffskontrolle \|0 (DE-588)4293034-0 \|D s
689	0	3	\|a Hacker \|0 (DE-588)4113821-1 \|D s
689	0	4	\|a Internet \|0 (DE-588)4308416-3 \|D s
689	0	5	\|a Datensicherung \|0 (DE-588)4011144-1 \|D s
689	0		\|5 DE-604
689	1	0	\|a Betriebssystem \|0 (DE-588)4006216-8 \|D s
689	1	1	\|a Hacker \|0 (DE-588)4113821-1 \|D s
689	1		\|8 1\p \|5 DE-604
700	1		\|a Scambray, Joel \|e Verfasser \|4 aut
700	1		\|a Kurtz, George \|e Verfasser \|4 aut
856	4	2	\|m Digitalisierung UB Regensburg \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025220486&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
883	1		\|8 1\p \|a cgwrk \|d 20201028 \|q DE-101 \|u https://d-nb.info/provenance/plan#cgwrk
943	1		\|a oai:aleph.bib-bvb.de:BVB01-025220486

Datensatz im Suchindex

_version_	1819353159781318656
adam_text	CONTENTS Foreword ........................................................ xix Acknowledgments ................................................ xxi Introduction ...................................................... xxiii Casing the Establishment Case Study ....................................................... 2 IA A AS—It s All About Anonymity, Stupid ..................... 2 Tor-menting the Good Guys .................................. 2 1 Footprinting .......................................................... 7 What Is Footprinting? ............................................. 8 Why Is Footprinting Necessary? .............................. 10 Internet Footprinting .............................................. 10 Step 1: Determine the Scope of Your Activities .................. 10 Step 2: Get Proper Authorization .............................. 10 Step 3: Publicly Available Information ......................... 11 Step 4: WHOIS& DNS Enumeration .......................... 27 Step 5: DNS Interrogation .................................... 36 Step 6: Network Reconnaissance .............................. 43 Summary ........................................................ 46 2 Scanning ............................................................ 47 Determining If the System Is Alive .................................. 48 ARP Host Discovery ........................................ 49 ICMP Host Discovery ....................................... 51 TCP/UDP Host Discovery ................................... 55 Determining Which Services Are Running or Listening ................ 61 Scan Types ................................................. 62 Identifying TCP and UDP Services Running .................... 64 Hacking Exposed 7: Network Security Secrets & Solutions Detecting the Operating System ..................................... 72 Making Guesses from Available Ports .......................... 73 Active Stack Fingerprinting .................................. 74 Passive Stack Fingerprinting ................................. 77 Processing and Storing Scan Data ................................... 79 Managing Scan Data with Metasploit .......................... 79 Summary ........................................................ 82 Τ 3 Enumeration ......................................................... 83 Service Fingerprinting ............................................. 85 Vulnerability Scanners ............................................. 87 Basic Banner Grabbing ............................................ 90 Enumerating Common Network Services ............................ 92 Summary ........................................................ 154 Endpoint and Server Hacking Case Study: International Intrigue ................................... 158 Τ 4 Hacking Windows ..................................................... 159 Overview ........................................................ 161 What s Not Covered ......................................... 161 Unauthenticated Attacks ........................................... 162 Authentication Spoofing Attacks .............................. 162 Remote Unauthenticated Exploits ............................. 177 Authenticated Attacks ............................................. 184 Privilege Escalation ......................................... 185 Extracting and Cracking Passwords ........................... 186 Remote Control and Back Doors .............................. 200 Port Redirection ............................................ 204 Covering Tracks ............................................ 206 General Countermeasures to Authenticated Compromise ........ 209 Windows Security Features ......................................... 213 Windows Firewall ........................................... 213 Automated Updates ......................................... 213 Security Center ............................................. 214 Security Policy and Group Policy ............................. 215 Microsoft Security Essentials ................................. 217 The Enhanced Mitigation Experience Toolkit ................... 218 Bitlocker and the Encrypting File System ....................... 218 Windows Resource Protection ................................ 219 Integrity Levels, UAC, and PMIE ........................... ■ ■ 220 Data Execution Prevention (DEP) ............................. 222 Windows Service Hardening .............................· · ■ · 223 Contents xw Compiler-based Enhancements ............................... 226 Coda: The Burden of Windows Security ........................ 227 Summary ........................................................ 228 5 Hacking UNIX ........................................................ 231 The Quest for Root ................................................ 232 A Brief Review ............................................. 232 Vulnerability Mapping ...................................... 233 Remote Access vs. Local Access ............................... 234 Remote Access .................................................... 234 Data-driven Attacks ......................................... 239 IWantMyShell ............................................. 255 Common Types of Remote Attacks ............................ 259 Local Access ...................................................... 278 After Hacking Root ............................................... 294 Rootkit Recovery ........................................... 309 Summary ........................................................ 310 6 Cybercrime and Advanced Persistent Threats ............................... 313 What Is an APT? .................................................. 315 Operation Aurora ........................................... 318 Anonymous ................................................ 320 RBN ....................................................... 321 What APTs Are NOT? ............................................. 322 Examples of Popular APT Tools and Techniques ...................... 323 Common APTs Indicators .......................................... 363 Summarv ........................................................ 368 Infrastructure Hacking Case Study: Read It and WEP ....................................... 370 7 Remote Connectivity and VoIP Hacking .................................... 373 Preparing to Dial Up .............................................. 375 Wardialing ....................................................... 377 Hardware .................................................. 377 Legal Issues ................................................ 378 Peripheral Costs ............................................ 378 Software ___................................___........... 379 Brute-Force Scripting — The Homegrown Way ....................___ 393 A Final Note About Brute-Force Scripting ...................... 403 PBX Hacking ..................................................... 405 Voicemail Hacking ................................................ 409 JÜÏL. Hacking Exposed 7: Network Security Secrets & Solutions Virtual Private Network {VPN) Hacking ...............___.......... 414 Basics of IPSec VPNs ........................................ 415 Hacking theCitrix VPN Solution .............................. 422 Voice over IP Attacks ___.......................................... 440 Attacking VoIP ............................................. 441 Summary ........................................................ 463 ▼ 8 Wireless Hacking ...................................................... 465 Background ...................................................... 466 Frequencies and Channels ................................... 467 Session Establishment ....................................... 467 Security Mechanisms ........................................ 468 Equipment ....................................................... 471 Wireless Adapters ....___........___....................... 471 Operating Systems .......................................... 472 Miscellaneous Goodies ...................................... 472 Discovery and Monitoring ......................................... 474 Finding Wireless Networks ................................... 475 Sniffing Wireless Traffic .......___.___.___................. 478 Denial of Sendee Attacks ........................................... 479 Encryption Attacks ................................................ 481 WEP ...................................................... 481 Authentication Attacks ............................................ 485 WPAPre-Shared Key ........................................ 485 WPA Enterprise ............................................. 490 Summary ........................................................ 496 ▼ 9 Hacking Hardware ..........................___...................... 497 Physical Access: Getting in the Door ................................. 498 Hacking Devices .................................................. 505 Default Configurations ............................................ 509 Owned Out of the Box ....................................... 509 Standard Passwords ......................................... 509 Bluetooth .................................................. 510 Reverse Engineering Hardware ..................................... 511 Mapping the Device ......................................... 511 Sniffing Bus Data ........................................... 515 Sniffing the Wireless Interface ................................ 518 Firmware Reversing ......................................... 518 ICETools .................................................. 523 Summary ........................................................ 526 Contents Application and Data Hacking Case Study ....................................................... 528 10 Web and Database Hacking ............................................ 529 Web Server Hacking ............................................... 530 Sample Files ................................................ 532 Source Code Disclosure ...................................... 532 Canonicalization Attacks ..................................... 533 Server Extensions ........................................... 534 Buffer Overflows ........................................... 536 Denial of Service ............................................ 537 Web Server Vulnerability Scanners ............................ 538 Web Application Hacking .......................................... 540 Finding Vulnerable Web Apps with Google (Googledorks) ....... 540 Web Crawling .............................................. 541 Web Application Assessment ................................. 542 Common Web Application Vulnerabilities ............................ 556 Database Hacking ................................................. 570 Database Discovery ......................................... 570 Database Vulnerabilities ..................................... 572 Other Considerations ........................................ 587 Summary ........................................................ 589 11 Mobile Hacking ....................................................... 591 Hacking Android ................................................. 593 Android Fundamentals ...................................... 594 Hacking Your Android ...................................... 600 Hacking Other Androids ..................................... 616 Android as a Portable Hacking Platform ....................... 635 Defending Your Android ..................................... 639 iOS .............................................................. 640 Know Your iPhone .......................................... 641 How Secure Is iOS? ......................................... 643 Jailbreaking: Unleash the Fury! ............................... 644 Hacking Other iPhones: Fury Unleashed! ...................... 651 Summary ........................................................ 667 12 Countermeasures Cookbook .............,.............................. 669 General Strategies ................................................. 671 (Re)move the Asset .......................................... 671 Separation of Duties ......................................... 672 Authenticate, Authorize, and Audit ........................... 673 Layering ................................................... 675 Adaptive Enhancement ...................................... 675 YVÏi Hacking Exposed 7: Network Security Secrets & Solutions Orderly Failure ............................................. 676 Policy and Training ......................................... 677 Simple, Cheap, and Easy ..................................... 677 Example Scenarios ................................................ 678 Desktop Scenarios .......................................... 678 Server Scenarios ............................................ 679 Network Scenarios .......................................... 684 Web Application and Database Scenarios ....................... 685 Mobile Scenarios ............................................ 686 Summary ........................................................ 688 Appendixes ▼ A Ports ............................................................... 691 ▼ В Top 10 Security Vulnerabilities ........................................... 699 ▼ С Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks ......... 701 Countermeasures ................................................. 704 Τ Index ............................................................... 707
any_adam_object	1
author	McClure, Stuart Scambray, Joel Kurtz, George
author_GND	(DE-588)121792064
author_facet	McClure, Stuart Scambray, Joel Kurtz, George
author_role	aut aut aut
author_sort	McClure, Stuart
author_variant	s m sm j s js g k gk
building	Verbundindex
bvnumber	BV040366776
classification_rvk	ST 277
ctrlnum	(OCoLC)812233179 (DE-599)BVBBV040366776
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
edition	7. ed.
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02278nam a2200565 c 4500</leader><controlfield tag="001">BV040366776</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20120925 </controlfield><controlfield tag="007">t\|</controlfield><controlfield tag="008">120816s2012 xx \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780071780285</subfield><subfield code="9">978-0-07178028-5</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0071780289</subfield><subfield code="9">0-07-178028-9</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)812233179</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV040366776</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-355</subfield><subfield code="a">DE-83</subfield><subfield code="a">DE-861</subfield><subfield code="a">DE-706</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">McClure, Stuart</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)121792064</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Hacking Exposed 7</subfield><subfield code="b">Network Security Secrets and Solutions</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">7. ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">New York [u.a.]</subfield><subfield code="b">McGraw Hill</subfield><subfield code="c">2012</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIV, 741 S.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer communications & networking</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Hacker</subfield><subfield code="0">(DE-588)4113821-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Betriebssystem</subfield><subfield code="0">(DE-588)4006216-8</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Zugriffskontrolle</subfield><subfield code="0">(DE-588)4293034-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Internet</subfield><subfield code="0">(DE-588)4308416-3</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Zugriffskontrolle</subfield><subfield code="0">(DE-588)4293034-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="3"><subfield code="a">Hacker</subfield><subfield code="0">(DE-588)4113821-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="4"><subfield code="a">Internet</subfield><subfield code="0">(DE-588)4308416-3</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="5"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="689" ind1="1" ind2="0"><subfield code="a">Betriebssystem</subfield><subfield code="0">(DE-588)4006216-8</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2="1"><subfield code="a">Hacker</subfield><subfield code="0">(DE-588)4113821-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2=" "><subfield code="8">1\p</subfield><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Scambray, Joel</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Kurtz, George</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025220486&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="883" ind1="1" ind2=" "><subfield code="8">1\p</subfield><subfield code="a">cgwrk</subfield><subfield code="d">20201028</subfield><subfield code="q">DE-101</subfield><subfield code="u">https://d-nb.info/provenance/plan#cgwrk</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-025220486</subfield></datafield></record></collection>
id	DE-604.BV040366776
illustrated	Not Illustrated
indexdate	2024-12-20T16:13:33Z
institution	BVB
isbn	9780071780285 0071780289
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-025220486
oclc_num	812233179
open_access_boolean
owner	DE-355 DE-BY-UBR DE-83 DE-861 DE-706
owner_facet	DE-355 DE-BY-UBR DE-83 DE-861 DE-706
physical	XXIV, 741 S.
publishDate	2012
publishDateSearch	2012
publishDateSort	2012
publisher	McGraw Hill
record_format	marc
spellingShingle	McClure, Stuart Scambray, Joel Kurtz, George Hacking Exposed 7 Network Security Secrets and Solutions Computer communications & networking Hacker (DE-588)4113821-1 gnd Computersicherheit (DE-588)4274324-2 gnd Betriebssystem (DE-588)4006216-8 gnd Zugriffskontrolle (DE-588)4293034-0 gnd Internet (DE-588)4308416-3 gnd Rechnernetz (DE-588)4070085-9 gnd Datensicherung (DE-588)4011144-1 gnd
subject_GND	(DE-588)4113821-1 (DE-588)4274324-2 (DE-588)4006216-8 (DE-588)4293034-0 (DE-588)4308416-3 (DE-588)4070085-9 (DE-588)4011144-1
title	Hacking Exposed 7 Network Security Secrets and Solutions
title_auth	Hacking Exposed 7 Network Security Secrets and Solutions
title_exact_search	Hacking Exposed 7 Network Security Secrets and Solutions
title_full	Hacking Exposed 7 Network Security Secrets and Solutions
title_fullStr	Hacking Exposed 7 Network Security Secrets and Solutions
title_full_unstemmed	Hacking Exposed 7 Network Security Secrets and Solutions
title_short	Hacking Exposed 7
title_sort	hacking exposed 7 network security secrets and solutions
title_sub	Network Security Secrets and Solutions
topic	Computer communications & networking Hacker (DE-588)4113821-1 gnd Computersicherheit (DE-588)4274324-2 gnd Betriebssystem (DE-588)4006216-8 gnd Zugriffskontrolle (DE-588)4293034-0 gnd Internet (DE-588)4308416-3 gnd Rechnernetz (DE-588)4070085-9 gnd Datensicherung (DE-588)4011144-1 gnd
topic_facet	Computer communications & networking Hacker Computersicherheit Betriebssystem Zugriffskontrolle Internet Rechnernetz Datensicherung
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025220486&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT mcclurestuart hackingexposed7networksecuritysecretsandsolutions AT scambrayjoel hackingexposed7networksecuritysecretsandsolutions AT kurtzgeorge hackingexposed7networksecuritysecretsandsolutions

Verfügbarkeit

‌

Inhaltsverzeichnis