TY  - BOOK
AU  - McClure,Stuart
AU  - Scambray,Joel
AU  - Kurtz,George
TI  - Hacking exposed: network security secrets & solutions 
SN  - 0072227427 (pbk.) :
AV  - QA76.9.A25 M428 2003
PY  - 2003///
CY  - New York
PB  - McGraw-Hill/Osborne
KW  - Computer networks
KW  - Security measures
KW  - Computer security
N1  - Scambray's name appears first on the previous edition; Includes index.Unable to copy CD-Rom. Original to loan; Casing the Establishment -- Case Study: Network Security Monitoring -- Footprinting -- Internet Footprinting -- Determine the Scope of Your Activities -- Network Enumeration -- DNS Interrogation -- Network Reconnaissance -- Scanning -- Determining If the System Is Alive -- Determining Which Services Are Running or Listening -- Scan Types -- Identifying TCP and UDP Services Running -- Windows-Based Port Scanners -- Port Scanning Breakdown -- Detecting the Operating System -- Active Stack Fingerprinting -- Passive Stack Fingerprinting -- The Whole Enchilada: Automated Discovery Tools -- Enumeration -- Basic Banner Grabbing -- Enumerating Common Network Services -- System Hacking -- Case Study: The Perils of Pen-Testing -- Hacking Windows 95/98 and Me -- Windows 9x Remote Exploits -- Direct Connection to Windows 9x Shared Resources -- Windows 9x Backdoor Servers and Trojans -- Known Server Application Vulnerabilities -- Windows 9x Local Exploits -- Windows Millennium Edition (Me) -- Windows Me Remote Attacks -- Windows Me Local Attacks -- Hacking the Windows NT Family -- Unauthenticated Attacks -- Server Message Block (SMB) Attacks -- IIS Attacks -- Authenticated Attacks -- Privilege Escalation -- Pilfering -- Remote Control and Back Doors -- Port Redirection -- General Countermeasures to Authenticated Compromise -- Covering Tracks -- NT Family Security Features -- Keeping Up with Patches -- Group Policy -- IPSec -- runas -- NET Framework -- Internet Connection Firewall -- The Encrypting File System (EFS) -- A Note on Raw Sockets and Other Unsubstantiated Claims -- Novell NetWare Hacking -- Attaching but Not Touching -- Enumerating Bindery and Trees -- Opening the Unlocked Doors -- Authenticated Enumeration -- Gaining Admin -- Application Vulnerabilities -- Spoofing Attacks (Pandora) -- Once You Have Admin on a Server -- Owning the NDS Files -- Log Doctoring -- Console Logs -- Hacking UNIX -- The Quest for Root -- Vulnerability Mapping -- Remote Access vs. Local Access -- Remote Access -- Data Driven Attacks -- I Want My Shell -- Common Types of Remote Attacks -- Local Access -- After Hacking Root -- Rootkits -- Rootkit Recovery -- Network Hacking -- Case Study: Tunneling Out of Firewalls -- Dial-Up, PBX, Voicemail, and VPN Hacking -- Preparing to Dial Up -- War-Dialing -- Hardware -- Legal Issues -- Peripheral Costs -- Software -- Brute-Force Scripting--The Home-Grown Way -- PBX Hacking -- Voicemail Hacking -- Virtual Private Network (VPN) Hacking -- Network Devices -- Discovery -- Detection -- Autonomous System Lookup -- Normal Traceroute -- Traceroute with ASN Information -- show ip bgp -- Public Newsgroups -- Service Detection -- Network Vulnerability -- OSI Layer 1 -- OSI Layer 2 -- Detecting Layer 2 Media -- Switch Sniffing -- OSI Layer 3 -- Dsniff -- Misconfigurations -- Route Protocol Hacking -- Wireless Hacking -- Wireless Footprinting -- Equipment -- Wireless Scanning and Enumeration -- Wireless Sniffers -- Wireless Monitoring Tools -- MAC Access Control -- Gaining Access (Hacking 802.11) -- MAC Access Control -- Attacks Against the WEP Algorithm -- Securing WEP -- Tools That Exploit WEP Weaknesses -- Denial of Service (DoS) Attacks -- An 802.1x Overview -- Firewalls -- Firewall Landscape -- Firewall Identification -- Advanced Firewall Discovery -- Scanning Through Firewalls -- Packet Filtering -- Application Proxy Vulnerabilities -- WinGate Vulnerabilities -- Denial of Service (DoS) Attacks -- Motivation of DoS Attackers -- Types of DoS Attacks -- Bandwidth Consumption -- Resource Starvation -- Programming Flaws -- Routing and DNS Attacks -- Generic DoS Attacks -- Sites Under Attack -- UNIX and Windows DoS -- Remote DoS Attacks -- Distributed Denial of Service Attacks -- Local DoS Attacks -- Software Hacking -- Case Study: You Say Goodbye, I Say Hello -- Remote Control Insecurities -- Discovering Remote Control Software -- Connecting -- Weaknesses -- Virtual Network Computing (VNC) -- Microsoft Terminal Server and Citrix ICA -- Server -- Clients -- Data Transmission -- Finding Targets -- Attacking Terminal Server -- Additional Security Considerations -- Advanced Techniques -- Session Hijacking -- Back Doors -- Trojans -- Cryptography -- Classes of Attacks -- Secure Shell (SSH) Attacks -- Subverting the System Environment: Rootkits and Imaging Tools -- Social Engineering -- Web Hacking -- Web Server Hacking -- Source Code Disclosure -- Canonicalization Attacks -- WebDAV Vulnerabilities -- Buffer Overflows -- ColdFusion Vulnerabilities -- Web Server Vulnerability Scanners -- Web Application Hacking -- Finding Vulnerable Web Apps with Google -- Web Crawling -- Web Application Assessment -- Common Web Application Vulnerabilities -- Hacking the Internet User -- Malicious Mobile Code -- Microsoft ActiveX -- Java Security Holes -- Beware the Cookie Monster -- Internet Explorer HTML Frame Vulnerabilities -- SSL Fraud -- E-mail Hacking -- Mail Hacking 101 -- Executing Arbitrary Code Through E-Mail -- Outlook Address Book Worms -- File Attachment Attacks -- Writing Attachments to Disk Without User Intervention -- Invoking Outbound Client Connections -- IRC Hacking -- Global Countermeasures to Internet User Hacking -- Ports -- Top 14 Security Vulnerabilities
N2  - Since new hacks and attacks are occurring daily, "Hacking Exposed" provides administrators with the latest information to combat hackers and protect their networks. It shows how flaws and loopholes in security technologies can be exploited and provides security solutions. The CD contains a one-hour video presentation by the authors. Line illustrations
ER  -