23 June 2008

Hacking Exposed - 2nd Edition


Book Description:
When a tree falls in the forest and no one is around to hear it, it certainly makes a sound. But if a computer network has a security vulnerability and no one knows about it, is it insecure? Only the most extreme Berkeleian idealist might argue against the former, but the latter is not nearly so obvious. A network with a security vulnerability is insecure to those who know about the vulnerability.If noone knows about it�if it is literally a vulnerability that has not been discovered�then the network is secure. If one person knows about it, then the network is insecure to him but secure to everyone else. If the network equipment manufacturer knows about it...if security researchers know about it...if the hacking community knows about it the insecurity of the network increasesas news of the vulnerability gets out. Or does it? The vulnerability exists, whether or not anyone knows about it.Publishing a vulnerability does not cause the network to be insecure. To claim that would be confusing knowledge about a thing with the thing itself. Publishing increases the likelihood that an attacker will use the vulnerability, but not the severity of the vulnerability. Publishing also increases the likelihood that people can defend against the vulnerability. Just as an attacker can't exploit a vulnerability he does not know about, a defender can't protect against a vulnerability he does not know about. So if keeping vulnerabilities secret increases security, it does so in a fragile way. Keeping vulnerabilities secret only works as long as they remain secret�but everything about information works toward spreading information. Some people spread secrets accidentally; others spread them on purpose. Sometimes secrets are re-derived by someone else. And once a secret is out, it can never be put back.
TABLE OF CONTENT:
Chapter 01 - Footprinting
Chapter 02 - Scanning Chapter
03 - Enumeration Chapter
04 - Hacking Windows 95/98 and ME Chapter
05 - Hacking Windows NT Chapter
06 - Hacking Windows 2000 Chapter
07 - Novell NetWare Hacking Chapter
08 - Hacking UNIX Chapter
09 - Dial-Up, PBX, Voicemail, and VPN Hacking Chapter
10 - Network Devices Chapter
11 - Firewalls Chapter
12 - Denial of Service (DoS) Attacks Chapter
13 - Remote Control Insecurities Chapter
14 - Advanced Techniques Chapter
15 - Web Hacking Chapter
16 - Hacking the Internet User
Appendix A - Ports
Appendix B - Top 14 Security Vulnerabilities
Appendix C - About the Companion Web Site