Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Hacking the Hacker
Learn from the Experts Who Take Down Hackers
Taschenbuch von Roger A Grimes
Sprache: Englisch

28,65 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung

MEET THE ROCK STARS OF CYBERSECURITY

Day after day, whitehats meet blackhats on the field of cyberspace, battling for control of the technology that powers our world. Ethical hackers?whitehats?are among the most brilliant and resourceful of technology experts, constantly developing new ways to stay one step ahead of those who would hijack our data and systems for personal gain.

In these pages, you're going to meet some of the unsung heroes who protect us all from the Dark Side. You'll discover why they chose this field, the areas in which they excel, and their most notable accomplishments. You'll also get a brief overview of the many different types of cyberattacks they battle.

If the world of ethical hacking intrigues you, here's where to start exploring. You'll hear from:

  • Bruce Schneier, America's leading cyber-security expert
  • Kevin Mitnick, master of social engineering
  • Dr. Dorothy E. Denning, specialist in intrusion detection
  • Mark Russinovich, Azure Cloud CTO
  • Dr. Charlie Miller, leader in thwarting car hacks

... and many more

MEET THE ROCK STARS OF CYBERSECURITY

Day after day, whitehats meet blackhats on the field of cyberspace, battling for control of the technology that powers our world. Ethical hackers?whitehats?are among the most brilliant and resourceful of technology experts, constantly developing new ways to stay one step ahead of those who would hijack our data and systems for personal gain.

In these pages, you're going to meet some of the unsung heroes who protect us all from the Dark Side. You'll discover why they chose this field, the areas in which they excel, and their most notable accomplishments. You'll also get a brief overview of the many different types of cyberattacks they battle.

If the world of ethical hacking intrigues you, here's where to start exploring. You'll hear from:

  • Bruce Schneier, America's leading cyber-security expert
  • Kevin Mitnick, master of social engineering
  • Dr. Dorothy E. Denning, specialist in intrusion detection
  • Mark Russinovich, Azure Cloud CTO
  • Dr. Charlie Miller, leader in thwarting car hacks

... and many more

Über den Autor

ROGER A. GRIMES has worked in the field of computer security for over 27 years. As a professional penetration tester, he successfully broke into every company he was hired to hack within an hour, with a single exception that took three hours. He consults worldwide and has been the InfoWorld magazine ([...] computer security columnist since 2005.

(ISC)2 books published by Wiley provide aspiring and experienced cybersecurity professionals with unique insights and advice for delivering on (ISC)2's vision of inspiring a safe and secure world.

Inhaltsverzeichnis

Foreword xxxi

Introduction xxxiii

1 What Type of Hacker Are You? 1

Most Hackers Aren't Geniuses 2

Defenders Are Hackers Plus 3

Hackers Are Special 3

Hackers Are Persistent 4

Hacker Hats 4

2 How Hackers Hack 9

The Secret to Hacking 10

The Hacking Methodology 11

Hacking Is Boringly Successful 20

Automated Malware as a Hacking Tool 20

Hacking Ethically 21

3 Profile: Bruce Schneier 23

For More Information on Bruce Schneier 26

4 Social Engineering 27

Social Engineering Methods 27

Phishing 27

Trojan Horse Execution 28

Over the Phone 28

Purchase Scams 28

In-Person 29

Carrot or Stick 29

Social Engineering Defenses 30

Education 30

Be Careful of Installing Software from Third-Party Websites 30

EV Digital Certificates 31

Get Rid of Passwords 31

Anti-Social Engineering Technologies 31

5 Profile: Kevin Mitnick 33

For More Information on Kevin Mitnick 37

6 Software Vulnerabilities 39

Number of Software Vulnerabilities 39

Why Are Software Vulnerabilities Still a Big Problem? 40

Defenses Against Software Vulnerabilities 41

Security Development Lifecycle 41

More Secure Programming Languages 42

Code and Program Analysis 42

More Secure Operating Systems 42

Third-Party Protections and Vendor Add-Ons 42

Perfect Software Won't Cure All Ills 43

7 Profile: Michael Howard 45

For More Information on Michael Howard 49

8 Profile: Gary McGraw 51

For More Information on Gary McGraw 54

9 Malware 55

Malware Types 55

Number of Malware Programs 56

Mostly Criminal in Origin 57

Defenses Against Malware 58

Fully Patched Software 58

Training 58

Anti-Malware Software 58

Application Control Programs 59

Security Boundaries 59

Intrusion Detection 59

10 Profile: Susan Bradley 61

For More Information on Susan Bradley 63

11 Profile: Mark Russinovich 65

For More on Mark Russinovich 68

12 Cryptography 69

What Is Cryptography? 69

Why Can't Attackers Just Guess All the Possible Keys? 70

Symmetric Versus Asymmetric Keys 70

Popular Cryptography 70

Hashes 71

Cryptographic Uses 72

Cryptographic Attacks 72

Math Attacks 72

Known Ciphertext/Plaintext 73

Side Channel Attacks 73

Insecure Implementations 73

13 Profile: Martin Hellman 75

For More Information on Martin Hellman 79

14 Intrusion Detection/APTs 81

Traits of a Good Security Event Message 82

Advanced Persistent Threats (APTs) 82

Types of Intrusion Detection 83

Behavior-Based 83

Signature-Based 84

Intrusion Detection Tools and Services 84

Intrusion Detection/Prevention Systems 84

Event Log Management Systems 85

Detecting Advanced Persistent Threats (APTs) 85

15 Profile: Dr. Dorothy E. Denning 87

For More Information on Dr Dorothy E Denning 90

16 Profile: Michael Dubinsky 91

For More Information on Michael Dubinsky 93

17 Firewalls 95

What Is a Firewall? 95

The Early History of Firewalls 95

Firewall Rules 97

Where Are Firewalls? 97

Advanced Firewalls 98

What Firewalls Protect Against 98

18 Profile: William Cheswick 101

For More Information on William Cheswick 105

19 Honeypots 107

What Is a Honeypot? 107

Interaction 108

Why Use a Honeypot? 108

Catching My Own Russian Spy 109

Honeypot Resources to Explore 110

20 Profile: Lance Spitzner 111

For More Information on Lance Spitzner 114

21 Password Hacking 115

Authentication Components 115

Passwords 116

Authentication Databases 116

Password Hashes 116

Authentication Challenges 116

Authentication Factors 117

Hacking Passwords 117

Password Guessing 117

Phishing 118

Keylogging 118

Hash Cracking 118

Credential Reuse 119

Hacking Password Reset Portals 119

Password Defenses 119

Complexity and Length 120

Frequent Changes with No Repeating 120

Not Sharing Passwords Between Systems 120

Account Lockout 121

Strong Password Hashes 121

Don't Use Passwords 121

Credential Theft Defenses 121

Reset Portal Defenses 122

22 Profile: Dr. Cormac Herley 123

For More Information on Dr. Cormac Herley 126

23 Wireless Hacking 127

The Wireless World 127

Types of Wireless Hacking 127

Attacking the Access Point 128

Denial of Service 128

Guessing a Wireless Channel Password 128

Session Hijacking 128

Stealing Information 129

Physically Locating a User 129

Some Wireless Hacking Tools 129

Aircrack-Ng 130

Kismet 130

Fern Wi-Fi Hacker 130

Firesheep 130

Wireless Hacking Defenses 130

Frequency Hopping 130

Predefined Client Identification 131

Strong Protocols 131

Long Passwords 131

Patching Access Points 131

Electromagnetic Shielding 131

24 Profile: Thomas d'Otreppe de Bouvette 133

For More Information on Thomas d'Otreppe de Bouvette 135

25 Penetration Testing 137

My Penetration Testing Highlights 137

Hacked Every Cable Box in the Country 137

Simultaneously Hacked a Major Television Network and Pornography 138

Hacked a Major Credit Card Company 138

Created a Camera Virus 139

How to Be a Pen Tester 139

Hacker Methodology 139

Get Documented Permission First 140

Get a Signed Contract 140

Reporting 140

Certifications 141

Be Ethical 145

Minimize Potential Operational Interruption 145

26 Profile: Aaron Higbee 147

For More Information on Aaron Higbee 149

27 Profile: Benild Joseph 151

For More Information on Benild Joseph 153

28 DDoS Attacks 155

Types of DDoS Attacks 155

Denial of Service 155

Direct Attacks 156

Reflection Attacks 156

Amplification 156

Every Layer in the OSI Model 157

Escalating Attacks 157

Upstream and Downsteam Attacks 157

DDoS Tools and Providers 158

Tools 158

DDoS as a Service 158

DDoS Defenses 159

Training 159

Stress Testing 159

Appropriate Network Configuration 159

Engineer Out Potential Weak Points 159

Anti-DDoS Services 160

29 Profile: Brian Krebs 161

For More Information on Brian Krebs 164

30 Secure OS 165

How to Secure an Operating System 166

Secure-Built OS 166

Secure Guidelines 168

Secure Configuration Tools 169

Security Consortiums 169

Trusted Computing Group 169

FIDO Alliance 169

31 Profile: Joanna Rutkowska 171

For More Information on Joanna Rutkowska 173

32 Profile: Aaron Margosis 175

For More Information on Aaron Margosis 179

33 Network Attacks 181

Types of Network Attacks 181

Eavesdropping 182

Man-in-the-Middle Attacks 182

Distributed Denial-of-Service Attacks 183

Network Attack Defenses 183

Domain Isolation 183

Virtual Private Networks 183

Use Secure Protocols and Applications 183

Network Intrusion Detection 184

Anti-DDoS Defenses 184

Visit Secure Web Sites and Use Secure Services 184

34 Profile: Laura Chappell 185

For More Information on Laura Chappell 188

35 IoT Hacking 189

How Do Hackers Hack IoT? 189

IoT Defenses 190

36 Profile: Dr. Charlie Miller 193

For More Information on Dr. Charlie Miller 198

37 Policy and Strategy 201

Standards 201

Policies 202

Procedures 203

Frameworks 203

Regulatory Laws 203

Global Concerns 203

Systems Support 204

38 Profile: Jing de Jong-Chen 205

For More Information on Jing de Jong-Chen 209

39 Threat Modeling 211

Why Threat Model? 211

Threat Modeling Models 212

Threat Actors 213

Nation-States 213

Industrial Hackers 213

Financial Crime 213

Hacktivists 214

Gamers 214

Insider Threats 214

Ordinary, Solitary Hackers or Hacker Groups 214

40 Profile: Adam Shostack 217

For More Information on Adam Shostack 220

41 Computer Security Education 221

Computer Security Training Topics 222

End-User/Security Awareness Training 222

General IT Security Training 222

Incident Response 222

OS and Application-Specific Training 223

Technical Skills 223

Certifications 223

Training Methods 224

Online Training 224

Break into My Website 224

Schools and Training Centers 224

Boot Camps 225

Corporate Training 225

Books 225

42 Profile: Stephen Northcutt 227

For More Information on...

Details
Erscheinungsjahr: 2017
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: Kartoniert / Broschiert
ISBN-13: 9781119396215
ISBN-10: 1119396212
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Grimes, Roger A
Hersteller: Wiley
Verantwortliche Person für die EU: Produktsicherheitsverantwortliche/r, Europaallee 1, D-36244 Bad Hersfeld, gpsr@libri.de
Maße: 228 x 154 x 20 mm
Von/Mit: Roger A Grimes
Erscheinungsdatum: 01.05.2017
Gewicht: 0,427 kg
Artikel-ID: 108128598
Über den Autor

ROGER A. GRIMES has worked in the field of computer security for over 27 years. As a professional penetration tester, he successfully broke into every company he was hired to hack within an hour, with a single exception that took three hours. He consults worldwide and has been the InfoWorld magazine ([...] computer security columnist since 2005.

(ISC)2 books published by Wiley provide aspiring and experienced cybersecurity professionals with unique insights and advice for delivering on (ISC)2's vision of inspiring a safe and secure world.

Inhaltsverzeichnis

Foreword xxxi

Introduction xxxiii

1 What Type of Hacker Are You? 1

Most Hackers Aren't Geniuses 2

Defenders Are Hackers Plus 3

Hackers Are Special 3

Hackers Are Persistent 4

Hacker Hats 4

2 How Hackers Hack 9

The Secret to Hacking 10

The Hacking Methodology 11

Hacking Is Boringly Successful 20

Automated Malware as a Hacking Tool 20

Hacking Ethically 21

3 Profile: Bruce Schneier 23

For More Information on Bruce Schneier 26

4 Social Engineering 27

Social Engineering Methods 27

Phishing 27

Trojan Horse Execution 28

Over the Phone 28

Purchase Scams 28

In-Person 29

Carrot or Stick 29

Social Engineering Defenses 30

Education 30

Be Careful of Installing Software from Third-Party Websites 30

EV Digital Certificates 31

Get Rid of Passwords 31

Anti-Social Engineering Technologies 31

5 Profile: Kevin Mitnick 33

For More Information on Kevin Mitnick 37

6 Software Vulnerabilities 39

Number of Software Vulnerabilities 39

Why Are Software Vulnerabilities Still a Big Problem? 40

Defenses Against Software Vulnerabilities 41

Security Development Lifecycle 41

More Secure Programming Languages 42

Code and Program Analysis 42

More Secure Operating Systems 42

Third-Party Protections and Vendor Add-Ons 42

Perfect Software Won't Cure All Ills 43

7 Profile: Michael Howard 45

For More Information on Michael Howard 49

8 Profile: Gary McGraw 51

For More Information on Gary McGraw 54

9 Malware 55

Malware Types 55

Number of Malware Programs 56

Mostly Criminal in Origin 57

Defenses Against Malware 58

Fully Patched Software 58

Training 58

Anti-Malware Software 58

Application Control Programs 59

Security Boundaries 59

Intrusion Detection 59

10 Profile: Susan Bradley 61

For More Information on Susan Bradley 63

11 Profile: Mark Russinovich 65

For More on Mark Russinovich 68

12 Cryptography 69

What Is Cryptography? 69

Why Can't Attackers Just Guess All the Possible Keys? 70

Symmetric Versus Asymmetric Keys 70

Popular Cryptography 70

Hashes 71

Cryptographic Uses 72

Cryptographic Attacks 72

Math Attacks 72

Known Ciphertext/Plaintext 73

Side Channel Attacks 73

Insecure Implementations 73

13 Profile: Martin Hellman 75

For More Information on Martin Hellman 79

14 Intrusion Detection/APTs 81

Traits of a Good Security Event Message 82

Advanced Persistent Threats (APTs) 82

Types of Intrusion Detection 83

Behavior-Based 83

Signature-Based 84

Intrusion Detection Tools and Services 84

Intrusion Detection/Prevention Systems 84

Event Log Management Systems 85

Detecting Advanced Persistent Threats (APTs) 85

15 Profile: Dr. Dorothy E. Denning 87

For More Information on Dr Dorothy E Denning 90

16 Profile: Michael Dubinsky 91

For More Information on Michael Dubinsky 93

17 Firewalls 95

What Is a Firewall? 95

The Early History of Firewalls 95

Firewall Rules 97

Where Are Firewalls? 97

Advanced Firewalls 98

What Firewalls Protect Against 98

18 Profile: William Cheswick 101

For More Information on William Cheswick 105

19 Honeypots 107

What Is a Honeypot? 107

Interaction 108

Why Use a Honeypot? 108

Catching My Own Russian Spy 109

Honeypot Resources to Explore 110

20 Profile: Lance Spitzner 111

For More Information on Lance Spitzner 114

21 Password Hacking 115

Authentication Components 115

Passwords 116

Authentication Databases 116

Password Hashes 116

Authentication Challenges 116

Authentication Factors 117

Hacking Passwords 117

Password Guessing 117

Phishing 118

Keylogging 118

Hash Cracking 118

Credential Reuse 119

Hacking Password Reset Portals 119

Password Defenses 119

Complexity and Length 120

Frequent Changes with No Repeating 120

Not Sharing Passwords Between Systems 120

Account Lockout 121

Strong Password Hashes 121

Don't Use Passwords 121

Credential Theft Defenses 121

Reset Portal Defenses 122

22 Profile: Dr. Cormac Herley 123

For More Information on Dr. Cormac Herley 126

23 Wireless Hacking 127

The Wireless World 127

Types of Wireless Hacking 127

Attacking the Access Point 128

Denial of Service 128

Guessing a Wireless Channel Password 128

Session Hijacking 128

Stealing Information 129

Physically Locating a User 129

Some Wireless Hacking Tools 129

Aircrack-Ng 130

Kismet 130

Fern Wi-Fi Hacker 130

Firesheep 130

Wireless Hacking Defenses 130

Frequency Hopping 130

Predefined Client Identification 131

Strong Protocols 131

Long Passwords 131

Patching Access Points 131

Electromagnetic Shielding 131

24 Profile: Thomas d'Otreppe de Bouvette 133

For More Information on Thomas d'Otreppe de Bouvette 135

25 Penetration Testing 137

My Penetration Testing Highlights 137

Hacked Every Cable Box in the Country 137

Simultaneously Hacked a Major Television Network and Pornography 138

Hacked a Major Credit Card Company 138

Created a Camera Virus 139

How to Be a Pen Tester 139

Hacker Methodology 139

Get Documented Permission First 140

Get a Signed Contract 140

Reporting 140

Certifications 141

Be Ethical 145

Minimize Potential Operational Interruption 145

26 Profile: Aaron Higbee 147

For More Information on Aaron Higbee 149

27 Profile: Benild Joseph 151

For More Information on Benild Joseph 153

28 DDoS Attacks 155

Types of DDoS Attacks 155

Denial of Service 155

Direct Attacks 156

Reflection Attacks 156

Amplification 156

Every Layer in the OSI Model 157

Escalating Attacks 157

Upstream and Downsteam Attacks 157

DDoS Tools and Providers 158

Tools 158

DDoS as a Service 158

DDoS Defenses 159

Training 159

Stress Testing 159

Appropriate Network Configuration 159

Engineer Out Potential Weak Points 159

Anti-DDoS Services 160

29 Profile: Brian Krebs 161

For More Information on Brian Krebs 164

30 Secure OS 165

How to Secure an Operating System 166

Secure-Built OS 166

Secure Guidelines 168

Secure Configuration Tools 169

Security Consortiums 169

Trusted Computing Group 169

FIDO Alliance 169

31 Profile: Joanna Rutkowska 171

For More Information on Joanna Rutkowska 173

32 Profile: Aaron Margosis 175

For More Information on Aaron Margosis 179

33 Network Attacks 181

Types of Network Attacks 181

Eavesdropping 182

Man-in-the-Middle Attacks 182

Distributed Denial-of-Service Attacks 183

Network Attack Defenses 183

Domain Isolation 183

Virtual Private Networks 183

Use Secure Protocols and Applications 183

Network Intrusion Detection 184

Anti-DDoS Defenses 184

Visit Secure Web Sites and Use Secure Services 184

34 Profile: Laura Chappell 185

For More Information on Laura Chappell 188

35 IoT Hacking 189

How Do Hackers Hack IoT? 189

IoT Defenses 190

36 Profile: Dr. Charlie Miller 193

For More Information on Dr. Charlie Miller 198

37 Policy and Strategy 201

Standards 201

Policies 202

Procedures 203

Frameworks 203

Regulatory Laws 203

Global Concerns 203

Systems Support 204

38 Profile: Jing de Jong-Chen 205

For More Information on Jing de Jong-Chen 209

39 Threat Modeling 211

Why Threat Model? 211

Threat Modeling Models 212

Threat Actors 213

Nation-States 213

Industrial Hackers 213

Financial Crime 213

Hacktivists 214

Gamers 214

Insider Threats 214

Ordinary, Solitary Hackers or Hacker Groups 214

40 Profile: Adam Shostack 217

For More Information on Adam Shostack 220

41 Computer Security Education 221

Computer Security Training Topics 222

End-User/Security Awareness Training 222

General IT Security Training 222

Incident Response 222

OS and Application-Specific Training 223

Technical Skills 223

Certifications 223

Training Methods 224

Online Training 224

Break into My Website 224

Schools and Training Centers 224

Boot Camps 225

Corporate Training 225

Books 225

42 Profile: Stephen Northcutt 227

For More Information on...

Details
Erscheinungsjahr: 2017
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: Kartoniert / Broschiert
ISBN-13: 9781119396215
ISBN-10: 1119396212
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Grimes, Roger A
Hersteller: Wiley
Verantwortliche Person für die EU: Produktsicherheitsverantwortliche/r, Europaallee 1, D-36244 Bad Hersfeld, gpsr@libri.de
Maße: 228 x 154 x 20 mm
Von/Mit: Roger A Grimes
Erscheinungsdatum: 01.05.2017
Gewicht: 0,427 kg
Artikel-ID: 108128598
Sicherheitshinweis

Ähnliche Produkte

Ähnliche Produkte