Hack I.T.: Security Through Penetration Testing (Paperback)

by T. J. Klevinsky (Author), Scott Laliberte (Author), Ajay Gupta (Author)

Editorial Reviews

Product Description
Covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. Introduces penetration testing and its vital role in an overall network security plan. Softcover.

From the Back Cover

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art."
--From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team

Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.

Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.

Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack.

Specific topics covered in this book include:

• Hacking myths
• Potential drawbacks of penetration testing
• Announced versus unannounced testing
• Application-level holes and defenses
• Penetration through the Internet, including zone transfer, sniffing, and port scanning
• War dialing
• Enumerating NT systems to expose security holes
• Social engineering methods
• Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
• The Windows NT Resource kit
• Port scanners and discovery tools
• Sniffers and password crackers
• Web testing tools
• Remote control tools
• Firewalls and intrusion detection systems
• Numerous DoS attacks and tools

0201719568B01042002

See all Editorial Reviews

Product Details

• Paperback: 544 pages
• Publisher: Addison-Wesley Professional (February 2002)
• Language: English
• ISBN-10: 0201719568
• ISBN-13: 978-0201719567
• Product Dimensions: 9 x 7.3 x 1.2 inches
• Shipping Weight: 2 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars See all reviews (23 customer reviews)
• Amazon.com Sales Rank: #594,721 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #58 in

  Books > Computers & Internet > Networking > Network Programming

Customer Reviews

Most Helpful Customer Reviews

21 of 23 people found the following review helpful:

2.0 out of 5 stars Nothin new, February 19, 2002

By A Customer

This book is fairly well written but like the author mentions, there is nothing in this book that can not be found on the net. In short, this book is a compilation of various sources up for grabs for free on the net. What is a valuable in this book are all the lessons learnt and real life scenarios that are included.

Since not much new is revealed in this book I suggest not buying this book and instead check out the Open Source Security Methodology Testing Manual, which is a decent framework for penetration testing, including methodology and tools. Alternatively have a look at the NIST publication on penetration testing. Both come at a great price - they are FREE!

If your are exteremely lazy or a newbie to penetration testing then the Hack I.T. book might come in handy as an introduction. However, I suggest using one of the frameworks mentioned above and supplement with sources that are freely available on the web and dedicate time to learn the penetration testing methodologies, tools and techniques instead of reading only one book which scratches the surface.

14 of 15 people found the following review helpful:

2.0 out of 5 stars Brief and quick introduction to beginner, April 27, 2002

By	Roland Lee (Hong Kong) - See all my reviews

This book compiles a comprehensive list of tools, both commercial and freeware, which nowadays security consultants used to conduct penetration testing. That's all. Nothing in details, such as dealing with false positive results of commercial scanners, CVE, etc. Claiming to have extensive experience in conducting penetration testing for Fortune 500 companies, the writers seem unwilling to share their real-world experience. I expect that there should be some example scenarios given in the book, and then to discuss the approach on selecting the best tools to conduct the test, i.e to find the most number of vulnerabilities in a short period of time. (usually we ethical hackers are only given short time frame (e.g. 3 hours, or at most one day to conduct the test, in order to minimize business interruption of the clients) And most important, how to correlate the results obtained by different freeware and commercial tools, and present the result to technical as well as management people. And then basing how the risk level of the vulnerability, how to choose appropriate safeguard to protect the company from financial loss. All of these important things are not found in the book.

...

6 of 6 people found the following review helpful:

5.0 out of 5 stars Great book, April 19, 2002

By	Dimik - See all my reviews

This book is good for beginners. I have finished it within 2 days, very easy going, enjoyed reading it.. Most of exploits that are on the cd don't work with unix. However this book explains some nice techniques and i recommend this book to anybody who is into protecting his/her system from break ins.