Ethical Hacking: Techniques, Tools, and Countermeasures, 4th Edition
- Length: 400 pages
- Edition: 4
- Language: English
- Publisher: Jones & Bartlett Learning
- Publication Date: 2022-12-07
- ISBN-10: 1284248992
- ISBN-13: 9781284248999
- Sales Rank: #7715272 (See Top 100 Books)
Ethical Hacking: Techniques, Tools, and Countermeasures, Fourth Edition, covers the basic strategies and tools that prepare students to engage in proactive and aggressive cyber security activities, with an increased focus on Pen testing and Red Teams. Written by subject matter experts, with numerous real-world examples, the Fourth Edition provides readers with a clear, comprehensive introduction to the many threats on the security of our cyber environments and what can be done to combat them. The text begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. Part II provides a technical overview of hacking: how attackers target cyber resources and the methodologies they follow. Part III studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on distributed devices. Part of the Jones & Bartlett Learning Information Systems Security & Assurance Series! Click here to learn more.
Cover Title Page Copyright Page Contents Preface Acknowledgments About the Authors CHAPTER 1 Hacking: The Next Generation Profiles and Motives of Different Types of Hackers Controls The Hacker Mindset Motivations of Hackers A Look at the History of Computer Hacking Ethical Hacking and Penetration Testing The Role of Ethical Hacking Ethical Hackers and the C-I-A Triad Common Hacking Methodologies Performing a Penetration Test The Role of the Law and Ethical Standards CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 1 ASSESSMENT CHAPTER 2 Linux and Penetration Testing Linux Introducing Kali Linux Working with Linux: The Basics A Look at the Interface Basic Linux Navigation Important Linux Directories Commonly Used Commands The Basic Command Structure of Linux Wildcard Characters in Linux Live CDs/DVDs Special-Purpose Live CDs/DVDs Virtual Machines CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 2 ASSESSMENT CHAPTER 3 TCP/IP Review Exploring the OSI Reference Model The Role of Protocols Layer 1: Physical Layer Layer 2: Data Link Layer Layer 3: Network Layer Layer 4: Transport Layer Layer 5: Session Layer Layer 6: Presentation Layer Layer 7: Application Layer The Role of Encapsulation Mapping the OSI Model to Functions and Protocols OSI Model Layers and Services TCP/IP: A Layer-by-Layer Review Physical or Network Access Layer Network or Internet Layer Host-to-Host Layer Application Layer CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 3 ASSESSMENT CHAPTER 4 Cryptographic Concepts Cryptographic Basics Authentication Integrity Nonrepudiation Symmetric and Asymmetric Cryptography Cryptographic History What Is an Algorithm or Cipher? Symmetric Encryption Asymmetric Encryption Hashing Birthday Attacks Digital Signatures Public Key Infrastructure The Role of Certificate Authorities Registration Authority Certificate Revocation List Digital Certificates PKI Attacks Common Cryptographic Systems Cryptanalysis Future Forms of Cryptography CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 4 ASSESSMENT CHAPTER 5 Passive Reconnaissance The Information-Gathering Process Information on a Company Website and Available Through Social Media Discovering Financial Information Google Hacking Exploring Domain Information Leakage Manual Registrar Query Nslookup Automatic Registrar Query Whois Internet Assigned Numbers Authority Determining a Network Range Traceroute Tracking an Organization’s Employees Using Social Networks Using Basic Countermeasures CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 5 ASSESSMENT CHAPTER 6 Active Reconnaissance Determining Address Ranges of Networks Identifying Active Machines Wardialing Wardriving and Related Activities Pinging Port Scanning Active Reconnaissance Countermeasures Mapping Open Ports Nmap Free IP Scanner Angry IP Scanner Advanced IP Scanner Operating System Fingerprinting Active OS Fingerprinting Passive OS Fingerprinting Mapping the Network Analyzing the Results CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 6 ASSESSMENT CHAPTER 7 Enumeration and Exploitation Windows Basics Controlling Access Users Groups Security Identifiers Commonly Attacked and Exploited Services Enumeration Performing Enumeration Tasks NULL Session Working with nbtstat SuperScan SNScan Reporting Exploitation Password Cracking Passive Online Attacks Active Online Attacks Offline Attacks Nontechnical Attacks Using Password Cracking Privilege Escalation Active@ Password Changer Reset Windows Password Stopping Privilege Escalation Planting Backdoors Using PsTools Rootkits Covering Tracks Disabling Auditing Data Hiding CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 7 ASSESSMENT CHAPTER 8 Malware Malware Malware’s Legality Types of Malware Malware’s Targets Viruses The History of Viruses Types of Viruses Prevention Techniques Worms How Worms Work Stopping Worms Trojans Use of Trojans Targets of Trojans Known Symptoms of an Infection Detection of Trojans Distribution Methods Backdoors Covert Communication Keystroke Loggers Software Hardware Port Redirection Spyware Methods of Infection Bundling with Software Adware Scareware Ransomware CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 8 ASSESSMENT CHAPTER 9 Web and Database Attacks Attacking Web Servers Categories of Risk Vulnerabilities of Web Servers Improper or Poor Web Design Buffer Overflow Denial of Service Attack Distributed Denial of Service Attack Banner Information Permissions Error Messages Unnecessary Features User Accounts Structured Query Language (SQL) Injection Examining a SQL Injection Attack Vandalizing Web Servers Input Validation Cross-Site Scripting Attack Anatomy of Web Applications Insecure Logon Systems Scripting Errors Session Management Issues Encryption Weaknesses Database Vulnerabilities Types of Databases Vulnerabilities Locating Databases on the Network Database Server Password Cracking Locating Vulnerabilities in Databases Cloud Computing CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 9 ASSESSMENT CHAPTER 10 Sniffers, Session Hijacking, and Denial of Service Attacks Sniffers Passive Sniffing Active Sniffing Sniffing Tools What Can Be Sniffed? Session Hijacking Identifying an Active Session Seizing Control of a Session Session Hijacking Tools Thwarting Session Hijacking Attacks Denial of Service Attacks Types of DoS Attacks Tools for DoS Attacks Distributed Denial of Service Attacks Characteristics of DDoS Attacks Tools for DDoS Attacks Botnets and the Internet of Things CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 10 ASSESSMENT CHAPTER 11 Wireless Vulnerabilities The Importance of Wireless Security Emanations Common Support and Availability A Brief History of Wireless Technologies 802.11 802.11b 802.11a 802.11g 802.11n 802.11ac 802.11ax Other 802.11 Variants Other Wireless Technologies Working with and Securing Bluetooth Bluetooth Security Securing Bluetooth Working with Wireless LANs CSMA/CD Versus CSMA/CA Role of Access Points Service Set Identifier Association with an AP The Importance of Authentication Working with RADIUS Network Setup Options Threats to Wireless LANs Countermeasures to Wireless LAN Threats The Internet of Things Wireless Hacking Tools Homedale The inSSIDer Program Protecting Wireless Networks Default AP Security Placement Dealing with Emanations Dealing with Rogue APs Use Protection for Transmitted Data MAC Filtering CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 11 ASSESSMENT CHAPTER 12 Social Engineering What Is Social Engineering? Types of Social Engineering Attacks Phone-Based Attacks Dumpster Diving Shoulder Surfing Attacks Through Social Media Persuasion/Coercion Reverse Social Engineering Technology and Social Engineering The Browser as a Defense Against Social Engineering Other Good Practices for Safe Computing Best Practices for Passwords Know What the Web Knows About You Creating and Managing Your Passwords Invest in a Password Manager Social Engineering and Social Networking Think Before You Post Risks Associated with Social Networking Social Networking in a Corporate Setting Particular Concerns in a Corporate Setting Mixing the Personal with the Professional Facebook Security CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 12 ASSESSMENT CHAPTER 13 Defensive Techniques What Is a Security Incident? The Incident Response Process Incident Response Policies, Procedures, and Guidelines Phases of an Incident and Response Incident Response Team Incident Response Plans Business Continuity Plans Recovering Systems Recovering from a Security Incident Loss Control and Damage Assessment Business Impact Analysis Planning for Disaster and Recovery Testing and Evaluation Preparation and Staging of Testing Procedures Frequency of Tests Analysis of Test Results Evidence Handling and Administration Evidence Collection Techniques Types of Evidence Chain of Custody Computer or Device Removal Rules of Evidence Security Reporting Options and Guidelines Requirements of Regulated Industries CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 13 ASSESSMENT CHAPTER 14 Defensive Tools Defense in Depth Intrusion Detection Systems IDS Components Setting Goals for an IDS Accountability Limitations of an IDS Intrusion Prevention Systems Firewalls How Firewalls Work Firewall Methodologies Limitations of a Firewall Implementing a Firewall Authoring a Firewall Policy Honeypots and Honeynets Goals of Honeypots Legal Issues The Role of Controls Administrative Controls Technical Controls Physical Controls Security Best Practices Security Information and Event Management Sources for Guidance CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 14 ASSESSMENT CHAPTER 15 Physical Security Basic Equipment Controls Hard Drive and Mobile Device Encryption Fax Machines and Printers Voice over Internet Protocol Physical Area Controls Fences Perimeter Intrusion Detection and Assessment Systems Gates Bollards Facility Controls Doors, Mantraps, and Turnstiles Walls, Ceilings, and Floors Windows Guards and Dogs Construction Personal Safety Controls Lighting Alarms and Intrusion Detection Closed-Circuit TV and Remote Monitoring Physical Access Controls Locks Tokens and Biometrics Avoiding Common Threats to Physical Security Natural, Human, and Technical Threats Physical Keystroke Loggers and Sniffers Wireless Interception and Rogue Access Points Defense in Depth CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 15 ASSESSMENT APPENDIX A Answer Key APPENDIX B Standard Acronyms Glossary of Key Terms References Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.