TABLE OF CONTENT:
Chapter 01 Understanding Communication Protocols
Chapter 02 NetWare and NetBIOS Technology
Chapter 03 Understanding Communication Mediums
Chapter 04 Well-Known Ports and Their Services
Chapter 05 Discovery and Scanning Techniques
Chapter 06 The Hacker’s Technology Handbook
Chapter 07 Hacker Coding Fundamentals
Chapter 08 Port, Socket, and Service Vulnerability Penetrations
Chapter 09 Gateways and Routers and Internet Server Daemons
Chapter 10 Operating Systems
Chapter 11 Proxies and Firewalls
Chapter 12 TigerSuite: The Complete Internetworking Security Toolbox

Author(s): Teri Bidwell
Publisher: Syngress
Year: 2002
ISBN: 1-931836-51-5
Language: English
File type: PDF
Pages: 392
Size (for download): 7.13 MB

If you’re like most people, your day includes writing checks or using a debit card at stores, using credit cards at the gas station, or using an ATM terminal to get cash. If you’re among the growing numbers of Internet users, you’ve probably also bought a thing or two online, and might even do your banking or trade stocks online.

If more than half of the following statements are true, you are at high risk for identity theft:
- You receive at least one loan solicitation or preapproved credit offer each week.
- You usually toss preapproved credit or loan solicitations in the trash without shredding.
- You usually toss old banking or credit documents in the trash without shredding.
- Mail is delivered to you in an unlocked mailbox.
- You send mail by placing it in an unlocked mailbox.
- You carry your Social Security or Social Insurance card in your wallet.
- Your Social Security Number is printed on the health insurance card in your wallet.
- Your Social Security Number is printed on your driver’s license.
- Your Social Security or driver’s license number is printed on your personal checks.
- You make occasional or frequent purchases online using a credit card.
- You seldom check whether a site is “secure” before using a credit card to make an online purchase or before disclosing private data, such as your Social Security Number, to a Web site.
- You seldom read Web site privacy policies before disclosing private information.

Author(s): Joel Scambray, Stuart MCClure, George Kurtz
Publisher: MCGraw-Hill
Year: 2001
ISBN: 0-07-219214-3
Language: English
File type: PDF
Pages: 735
Size (for download): 7.39 MB

When a tree falls in the forest and no one is around to hear it, it certainly makes a sound. But if a computer network has a security vulnerability and no one knows about it, is it insecure? Only the most extreme Berkeleian idealist might argue against the former, but the latter is not nearly so obvious.

A network with a security vulnerability is insecure to those who know about the vulnerability.If noone knows about it—if it is literally a vulnerability that has not been discovered—then the network is secure. If one person knows about it, then the network is insecure to him but secure to everyone else. If the network equipment manufacturer knows about it…if security researchers know about it…if the hacking community knows about it the insecurity of the network increasesas news of the vulnerability gets out.

Or does it? The vulnerability exists, whether or not anyone knows about it.Publishing a vulnerability does not cause the network to be insecure. To claim that would be confusing knowledge about a thing with the thing itself. Publishing increases the likelihood that an attacker will use the vulnerability, but not the severity of the vulnerability. Publishing also increases the likelihood that people can defend against the vulnerability. Just as an attacker can’t exploit a vulnerability he does not know about, a defender can’t protect against a vulnerability he does not know about.

So if keeping vulnerabilities secret increases security, it does so in a fragile way. Keeping vulnerabilities secret only works as long as they remain secret—but everything about information works toward spreading information. Some people spread secrets accidentally; others spread them on purpose. Sometimes secrets are re-derived by someone else. And once a secret is out, it can never be put back.

Author(s): Joel, Scambray, Mike Shema
Publisher: MCGraw-Hill
Year: 2002
ISBN: 0-07-222438-X
Language: English
File type: PDF
Pages: 415
Size (for download): 4.04 MB

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors’ experiences as gray hat security professionals.
- Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
- Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
- Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
- See how to excise the heart of any Web application’s access controls through advanced session analysis, hijacking, and fixation techniques
- Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
- Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
- Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
- Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware

This concise, high-end guide shows experienced administrators how to customize and extend popular open source security tools such as Nikto, Ettercap, and Nessus. It also addresses port scanners, packet injectors, network sniffers, and web assessment tools. Network Security Tools is the one resource you want at your side when locking down your network.If you’re an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it’s a fight that may never end.

Fortunately, there are a number of open source security tools that give you a leg up in the battle. Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus. This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Some of the topics covered include:
- Writing your own network sniffers and packet injection tools
- Writing plugins for Nessus, Ettercap, and Nikto
- Developing exploits for Metasploit
- Code analysis for web applications
- Writing kernel modules for security applications, and understanding rootkits