Hack I.T. - Security Through Penetration Testing [Paperback]

T. J. Klevinsky (Author), Scott Laliberte (Author), Ajay Gupta (Author)

Book Description

ISBN-10: 0201719568 | ISBN-13: 978-0201719567 | Publication Date: February 11, 2002

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art." --From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information. Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack.Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included. Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack. Specific topics covered in this book include: *Hacking myths *Potential drawbacks of penetration testing *Announced versus unannounced testing *Application-level holes and defenses *Penetration through the Internet, including zone transfer, sniffing, and port scanning *War dialing *Enumerating NT systems to expose security holes *Social engineering methods *Unix-specific vulnerabilities, such as RPC and buffer overflow attacks *The Windows NT Resource kit *Port scanners and discovery tools *Sniffers and password crackers *Web testing tools *Remote control tools *Firewalls and intrusion detection systems *Numerous DoS attacks and tools 0201719568B01042002

Editorial Reviews

From the Back Cover

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art."
--From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team

Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.

Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.

Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack.

Specific topics covered in this book include:

• Hacking myths
• Potential drawbacks of penetration testing
• Announced versus unannounced testing
• Application-level holes and defenses
• Penetration through the Internet, including zone transfer, sniffing, and port scanning
• War dialing
• Enumerating NT systems to expose security holes
• Social engineering methods
• Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
• The Windows NT Resource kit
• Port scanners and discovery tools
• Sniffers and password crackers
• Web testing tools
• Remote control tools
• Firewalls and intrusion detection systems
• Numerous DoS attacks and tools

0201719568B01042002

About the Author

T.J. Klevinsky is part of Ernst & Young¿s Security and Technology Solutions practice, where he coordinates attack and penetration exercises for Fortune 500 corporations worldwide. He is also an instructor for the Ernst & Young¿s Extreme Hacking course. Additionally, T.J. is an instructor with SANS, where he teaches the course Contemporary Hacking Tools and Penetration Testing, a survey of recent security related software tools.

Scott Laliberte, CISSP, CISM, MBA, is a leader of Protiviti’s Global Information Security Practice. He has extensive experience in the areas of information systems security, network operations, incident response, and e-commerce, and has served clients in many industries, including healthcare, life sciences, financial services, manufacturing, and other industries. Scott has led many security engagements, including attack and penetration studies, Web application security reviews, systems vulnerability assessments, wireless security reviews, and security systems implementation. In addition, he has led a number of incident response projects, which help organizations identify, stop, and recover from security incidents and attacks. He has spoken on information security topics for a variety of audiences and industries, including MIS Training Institute (MISTI), National Association of Financial Services Auditors (NAFSA), ISACA, IIA, and HCCA. He has been quoted as a security expert in the Financial Times, Securities Industries News, and elsewhere, and has authored numerous information security articles for a variety of publications.

Ajay Gupta, CISSP, founder and president of Gsecurity, is an expert on cyber security, secure architecture, and information privacy. Gsecurity provides cyber security and data privacy services to federal, state, and local governments, as well as commercial clients in the educational, financial, and health-care sectors.

See all Editorial Reviews

Product Details

• Paperback: 544 pages
• Publisher: Addison-Wesley Professional (February 11, 2002)
• Language: English
• ISBN-10: 0201719568
• ISBN-13: 978-0201719567
• Product Dimensions: 9.4 x 7.3 x 1.2 inches
• Shipping Weight: 2.4 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (23 customer reviews)
• Amazon Best Sellers Rank: #1,032,358 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

21 of 23 people found the following review helpful:

2.0 out of 5 stars Nothin new, February 19, 2002

By A Customer

This review is from: Hack I.T. - Security Through Penetration Testing (Paperback)

This book is fairly well written but like the author mentions, there is nothing in this book that can not be found on the net. In short, this book is a compilation of various sources up for grabs for free on the net. What is a valuable in this book are all the lessons learnt and real life scenarios that are included.

Since not much new is revealed in this book I suggest not buying this book and instead check out the Open Source Security Methodology Testing Manual, which is a decent framework for penetration testing, including methodology and tools. Alternatively have a look at the NIST publication on penetration testing. Both come at a great price - they are FREE!

If your are exteremely lazy or a newbie to penetration testing then the Hack I.T. book might come in handy as an introduction. However, I suggest using one of the frameworks mentioned above and supplement with sources that are freely available on the web and dedicate time to learn the penetration testing methodologies, tools and techniques instead of reading only one book which scratches the surface.

14 of 15 people found the following review helpful:

2.0 out of 5 stars Brief and quick introduction to beginner, April 27, 2002

By 

Roland Lee - See all my reviews

This review is from: Hack I.T. - Security Through Penetration Testing (Paperback)

This book compiles a comprehensive list of tools, both commercial and freeware, which nowadays security consultants used to conduct penetration testing. That's all. Nothing in details, such as dealing with false positive results of commercial scanners, CVE, etc. Claiming to have extensive experience in conducting penetration testing for Fortune 500 companies, the writers seem unwilling to share their real-world experience. I expect that there should be some example scenarios given in the book, and then to discuss the approach on selecting the best tools to conduct the test, i.e to find the most number of vulnerabilities in a short period of time. (usually we ethical hackers are only given short time frame (e.g. 3 hours, or at most one day to conduct the test, in order to minimize business interruption of the clients) And most important, how to correlate the results obtained by different freeware and commercial tools, and present the result to technical as well as management people. And then basing how the risk level of the vulnerability, how to choose appropriate safeguard to protect the company from financial loss. All of these important things are not found in the book.

...

6 of 6 people found the following review helpful:

5.0 out of 5 stars Great book, April 19, 2002

By 

Dimik - See all my reviews

This review is from: Hack I.T. - Security Through Penetration Testing (Paperback)

This book is good for beginners. I have finished it within 2 days, very easy going, enjoyed reading it.. Most of exploits that are on the cd don't work with unix. However this book explains some nice techniques and i recommend this book to anybody who is into protecting his/her system from break ins.