Details

Hacking the Hacker


Hacking the Hacker

Learn From the Experts Who Take Down Hackers
1. Aufl.

von: Roger A. Grimes

17,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 18.04.2017
ISBN/EAN: 9781119396222
Sprache: englisch
Anzahl Seiten: 320

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>Meet the world's top ethical hackers and explore the tools of the trade</b></p> <p><i>Hacking the Hacker</i> takes you inside the world of cybersecurity to show you what goes on behind the scenes, and introduces you to the men and women on the front lines of this technological arms race. Twenty-six of the world's top white hat hackers, security researchers, writers, and leaders, describe what they do and why, with each profile preceded by a no-experience-necessary explanation of the relevant technology.  Dorothy Denning discusses advanced persistent threats, Martin Hellman describes how he helped invent public key encryption, Bill Cheswick talks about firewalls, Dr. Charlie Miller talks about hacking cars, and other cybersecurity experts from around the world detail the threats, their defenses, and the tools and techniques they use to thwart the most advanced criminals history has ever seen. Light on jargon and heavy on intrigue, this book is designed to be an introduction to the field; final chapters include a guide for parents of young hackers, as well as the Code of Ethical Hacking to help you start your own journey to the top.</p> <p>Cybersecurity is becoming increasingly critical at all levels, from retail businesses all the way up to national security. This book drives to the heart of the field, introducing the people and practices that help keep our world secure.</p> <ul> <li>Go deep into the world of white hat hacking to grasp just how critical cybersecurity is</li> <li>Read the stories of some of the world's most renowned computer security experts</li> <li>Learn how hackers do what they do—no technical expertise necessary</li> <li>Delve into social engineering, cryptography, penetration testing, network attacks, and more</li> </ul> <p>As a field, cybersecurity is large and multi-faceted—yet not historically diverse. With a massive demand for qualified professional that is only going to grow, opportunities are endless. <i>Hacking the Hacker</i> shows you why you should give the field a closer look.</p>
<p>Foreword xxxi</p> <p>Introduction xxxiii</p> <p><b>1 What Type of Hacker Are You? 1</b></p> <p>Most Hackers Aren’t Geniuses 2</p> <p>Defenders Are Hackers Plus 3</p> <p>Hackers Are Special 3</p> <p>Hackers Are Persistent 4</p> <p>Hacker Hats 4</p> <p><b>2 How Hackers Hack 9</b></p> <p>The Secret to Hacking 10</p> <p>The Hacking Methodology 11</p> <p>Hacking Is Boringly Successful 20</p> <p>Automated Malware as a Hacking Tool 20</p> <p>Hacking Ethically 21</p> <p><b>3 Profile: <i>Bruce Schneier</i>   23</b></p> <p>For More Information on <i>Bruce Schneier</i> 26</p> <p><b>4 Social Engineering   27</b></p> <p>Social Engineering Methods 27</p> <p>Phishing 27</p> <p>Trojan Horse Execution 28</p> <p>Over the Phone 28</p> <p>Purchase Scams 28</p> <p>In-Person 29</p> <p>Carrot or Stick 29</p> <p>Social Engineering Defenses 30</p> <p>Education 30</p> <p>Be Careful of Installing Software from Third-Party Websites 30</p> <p>EV Digital Certificates   31</p> <p>Get Rid of Passwords 31</p> <p>Anti–Social Engineering Technologies 31</p> <p><b>5 Profile: <i>Kevin Mitnick</i>   33</b></p> <p>For More Information on <i>Kevin Mitnick </i>37</p> <p><b>6 Software Vulnerabilities   39</b></p> <p>Number of Software Vulnerabilities 39</p> <p>Why Are Software Vulnerabilities Still a Big Problem? 40</p> <p>Defenses Against Software Vulnerabilities 41</p> <p>Security Development Lifecycle 41</p> <p>More Secure Programming Languages 42</p> <p>Code and Program Analysis 42</p> <p>More Secure Operating Systems 42</p> <p>Third-Party Protections and Vendor Add-Ons 42</p> <p>Perfect Software Won’t Cure All Ills 43</p> <p><b>7 Profile: <i>Michael Howard</i> 45</b></p> <p>For More Information on <i>Michael Howard</i> 49</p> <p><b>8 Profile: <i>Gary McGraw</i> 51</b></p> <p>For More Information on <i>Gary McGraw</i> 54</p> <p><b>9 Malware   55</b></p> <p>Malware Types 55</p> <p>Number of Malware Programs 56</p> <p>Mostly Criminal in Origin 57</p> <p>Defenses Against Malware 58</p> <p>Fully Patched Software 58</p> <p>Training 58</p> <p>Anti-Malware Software 58</p> <p>Application Control Programs 59</p> <p>Security Boundaries 59</p> <p>Intrusion Detection 59</p> <p><b>10 Profile: <i>Susan Bradley</i> 61</b></p> <p>For More Information on Susan Bradley 63</p> <p><b>11 Profile: <i>Mark Russinovich</i>   65</b></p> <p>For More on <i>Mark Russinovich</i> 68</p> <p><b>12 Cryptography 69</b></p> <p>What Is Cryptography? 69</p> <p>Why Can’t Attackers Just Guess All the Possible Keys? 70</p> <p>Symmetric Versus Asymmetric Keys 70</p> <p>Popular Cryptography 70</p> <p>Hashes 71</p> <p>Cryptographic Uses 72</p> <p>Cryptographic Attacks 72</p> <p>Math Attacks 72</p> <p>Known Ciphertext/Plaintext 73</p> <p>Side Channel Attacks 73</p> <p>Insecure Implementations 73</p> <p><b>13 Profile: <i>Martin Hellman</i>   75</b></p> <p>For More Information on <i>Martin Hellman</i> 79</p> <p><b>14 Intrusion Detection/APTs   81</b></p> <p>Traits of a Good Security Event Message 82</p> <p>Advanced Persistent Threats (APTs) 82</p> <p>Types of Intrusion Detection 83</p> <p>Behavior-Based 83</p> <p>Signature-Based 84</p> <p>Intrusion Detection Tools and Services 84</p> <p>Intrusion Detection/Prevention Systems 84</p> <p>Event Log Management Systems 85</p> <p>Detecting Advanced Persistent Threats (APTs) 85</p> <p><b>15 Profile: <i>Dr. Dorothy E. Denning</i>   87</b></p> <p>For More Information on <i>Dr Dorothy E Denning</i> 90</p> <p><b>16 Profile: <i>Michael Dubinsky</i> 91</b></p> <p>For More Information on <i>Michael Dubinsky</i> 93</p> <p><b>17 Firewalls 95</b></p> <p>What Is a Firewall? 95</p> <p>The Early History of Firewalls 95</p> <p>Firewall Rules 97</p> <p>Where Are Firewalls? 97</p> <p>Advanced Firewalls 98</p> <p>What Firewalls Protect Against 98</p> <p><b>18 Profile: <i>William Cheswick</i>   101</b></p> <p>For More Information on <i>William Cheswick</i> 105</p> <p><b>19 Honeypots 107</b></p> <p>What Is a Honeypot? 107</p> <p>Interaction 108</p> <p>Why Use a Honeypot? 108</p> <p>Catching My Own Russian Spy 109</p> <p>Honeypot Resources to Explore 110</p> <p><b>20 Profile: <i>Lance Spitzner</i>   111</b></p> <p>For More Information on <i>Lance Spitzner</i> 114</p> <p><b>21 Password Hacking   115</b></p> <p>Authentication Components 115</p> <p>Passwords 116</p> <p>Authentication Databases 116</p> <p>Password Hashes   116</p> <p>Authentication Challenges   116</p> <p>Authentication Factors   117</p> <p>Hacking Passwords   117</p> <p>Password Guessing 117</p> <p>Phishing   118</p> <p>Keylogging 118</p> <p>Hash Cracking   118</p> <p>Credential Reuse 119</p> <p>Hacking Password Reset Portals   119</p> <p>Password Defenses   119</p> <p>Complexity and Length 120</p> <p>Frequent Changes with No Repeating 120</p> <p>Not Sharing Passwords Between Systems 120</p> <p>Account Lockout 121</p> <p>Strong Password Hashes 121</p> <p>Don’t Use Passwords   121</p> <p>Credential Theft Defenses 121</p> <p>Reset Portal Defenses 122</p> <p><b>22 Profile: <i>Dr. Cormac Herley</i>   123</b></p> <p>For More Information on <i>Dr. Cormac Herley</i> 126</p> <p><b>23 Wireless Hacking   127</b></p> <p>The Wireless World 127</p> <p>Types of Wireless Hacking   127</p> <p>Attacking the Access Point 128</p> <p>Denial of Service 128</p> <p>Guessing a Wireless Channel Password 128</p> <p>Session Hijacking 128</p> <p>Stealing Information 129</p> <p>Physically Locating a User 129</p> <p>Some Wireless Hacking Tools 129</p> <p>Aircrack-Ng 130</p> <p>Kismet 130</p> <p>Fern Wi-Fi Hacker 130</p> <p>Firesheep 130</p> <p>Wireless Hacking Defenses 130</p> <p>Frequency Hopping 130</p> <p>Predefined Client Identification   131</p> <p>Strong Protocols 131</p> <p>Long Passwords   131</p> <p>Patching Access Points   131</p> <p>Electromagnetic Shielding   131</p> <p><b>24 Profile: <i>Thomas d’Otreppe de Bouvette</i>   133</b></p> <p>For More Information on <i>Thomas d’Otreppe de Bouvette</i> 135</p> <p><b>25 Penetration Testing   137</b></p> <p>My Penetration Testing Highlights   137</p> <p>Hacked Every Cable Box in the Country   137</p> <p>Simultaneously Hacked a Major Television Network and Pornography 138</p> <p>Hacked a Major Credit Card Company   138</p> <p>Created a Camera Virus   139</p> <p>How to Be a Pen Tester   139</p> <p>Hacker Methodology   139</p> <p>Get Documented Permission First 140</p> <p>Get a Signed Contract 140</p> <p>Reporting 140</p> <p>Certifications   141</p> <p>Be Ethical 145</p> <p>Minimize Potential Operational Interruption 145</p> <p><b>26 Profile: <i>Aaron Higbee</i>   147</b></p> <p>For More Information on <i>Aaron Higbee</i> 149</p> <p><b>27 Profile: <i>Benild Joseph</i>   151</b></p> <p>For More Information on <i>Benild Joseph</i>   153</p> <p><b>28 DDoS Attacks 155</b></p> <p>Types of DDoS Attacks   155</p> <p>Denial of Service 155</p> <p>Direct Attacks 156</p> <p>Reflection Attacks 156</p> <p>Amplification 156</p> <p>Every Layer in the OSI Model   157</p> <p>Escalating Attacks 157</p> <p>Upstream and Downsteam Attacks 157</p> <p>DDoS Tools and Providers 158</p> <p>Tools 158</p> <p>DDoS as a Service 158</p> <p>DDoS Defenses   159</p> <p>Training   159</p> <p>Stress Testing   159</p> <p>Appropriate Network Configuration 159</p> <p>Engineer Out Potential Weak Points   159</p> <p>Anti-DDoS Services 160</p> <p><b>29 Profile: <i>Brian Krebs</i> 161</b></p> <p>For More Information on <i>Brian Krebs</i> 164</p> <p><b>30 Secure OS 165</b></p> <p>How to Secure an Operating System 166</p> <p>Secure-Built OS 166</p> <p>Secure Guidelines 168</p> <p>Secure Configuration Tools 169</p> <p>Security Consortiums 169</p> <p>Trusted Computing Group 169</p> <p>FIDO Alliance 169</p> <p><b>31 Profile: <i>Joanna Rutkowska</i> 171</b></p> <p>For More Information on <i>Joanna Rutkowska</i>   173</p> <p><b>32 Profile: <i>Aaron Margosis</i>   175</b></p> <p>For More Information on <i>Aaron Margosis</i>   179</p> <p><b>33 Network Attacks   181</b></p> <p>Types of Network Attacks 181</p> <p>Eavesdropping 182</p> <p>Man-in-the-Middle Attacks 182</p> <p>Distributed Denial-of-Service Attacks 183</p> <p>Network Attack Defenses 183</p> <p>Domain Isolation 183</p> <p>Virtual Private Networks 183</p> <p>Use Secure Protocols and Applications 183</p> <p>Network Intrusion Detection 184</p> <p>Anti-DDoS Defenses 184</p> <p>Visit Secure Web Sites and Use Secure Services 184</p> <p><b>34 Profile: <i>Laura Chappell</i> 185</b></p> <p>For More Information on <i>Laura Chappell</i> 188</p> <p><b>35 IoT Hacking 189</b></p> <p>How Do Hackers Hack IoT? 189</p> <p>IoT Defenses 190</p> <p><b>36 Profile: <i>Dr. Charlie Miller</i> 193</b></p> <p>For More Information on <i>Dr. Charlie Miller</i> 198</p> <p><b>37 Policy and Strategy 201</b></p> <p>Standards 201</p> <p>Policies 202</p> <p>Procedures 203</p> <p>Frameworks 203</p> <p>Regulatory Laws 203</p> <p>Global Concerns 203</p> <p>Systems Support 204</p> <p><b>38 Profile: <i>Jing de Jong-Chen</i> 205</b></p> <p>For More Information on <i>Jing de Jong-Chen</i> 209</p> <p><b>39 Threat Modeling  211</b></p> <p>Why Threat Model?  211</p> <p>Threat Modeling Models 212</p> <p>Threat Actors  213</p> <p>Nation-States  213</p> <p>Industrial Hackers  213</p> <p>Financial Crime 213</p> <p>Hacktivists 214</p> <p>Gamers 214</p> <p>Insider Threats 214</p> <p>Ordinary, Solitary Hackers or Hacker Groups 214</p> <p><b>40 Profile: <i>Adam Shostack</i> 217</b></p> <p>For More Information on <i>Adam Shostack</i> 220</p> <p><b>41 Computer Security Education 221</b></p> <p>Computer Security Training Topics 222</p> <p>End-User/Security Awareness Training 222</p> <p>General IT Security Training 222</p> <p>Incident Response 222</p> <p>OS and Application-Specific Training 223</p> <p>Technical Skills 223</p> <p>Certifications 223</p> <p>Training Methods 224</p> <p>Online Training 224</p> <p>Break into My Website 224</p> <p>Schools and Training Centers 224</p> <p>Boot Camps 225</p> <p>Corporate Training 225</p> <p>Books 225</p> <p><b>42 Profile: <i>Stephen Northcutt</i>  227</b></p> <p>For More Information on <i>Stephen Northcutt</i> 230</p> <p><b>43 Privacy 231</b></p> <p>Privacy Organizations 232</p> <p>Privacy-Protecting Applications 233</p> <p><b>44 Profile: <i>Eva Galperin</i> 235</b></p> <p>For More Information on <i>Eva Galperin</i> 237</p> <p><b>45 Patching  239</b></p> <p>Patching Facts 240</p> <p>Most Exploits Are Caused by Old Vulnerabilities That Patches Exist For 240</p> <p>Most Exploits Are Caused by a Few Unpatched Programs 240</p> <p>The Most Unpatched Program Isn’t Always the Most Exploited Program 241</p> <p>You Need to Patch Hardware Too 241</p> <p>Common Patching Problems 241</p> <p>Detecting Missing Patching Isn’t Accurate 241</p> <p>You Can’t Always Patch 242</p> <p>Some Percentage of Patching Always Fails 242</p> <p>Patching Will Cause Operational Issues 242</p> <p>A Patch Is a Globally Broadcasted Exploit Announcement 243</p> <p><b>46 Profile: Window Snyder 245</b></p> <p>For More Information on Window Snyder 248</p> <p><b>47 Writing as a Career 249</b></p> <p>Computer Security Writing Outlets 250</p> <p>Blogs 250</p> <p>Social Media Sites 250</p> <p>Articles   250</p> <p>Books 251</p> <p>Newsletters 253</p> <p>Whitepapers 254</p> <p>Technical Reviews 254</p> <p>Conferences 254</p> <p>Professional Writing Tips 255</p> <p>The Hardest Part Is Starting 255</p> <p>Read Differently 255</p> <p>Start Out Free 255</p> <p>Be Professional 256</p> <p>Be Your Own Publicist 256</p> <p>A Picture Is Worth a Thousand Words 256</p> <p><b>48 Profile: <i>Fahmida Y . Rashid</i> 259</b></p> <p>For More Information on <i>Fahmida Y. Rashid</i> 262</p> <p><b>49 Guide for Parents with Young Hackers   263</b></p> <p>Signs Your Kid Is Hacking 264</p> <p>They Tell You They Hack 264</p> <p>Overly Secretive About Their Online Activities 264</p> <p>They Have Multiple Email/Social Media Accounts You Can’t Access 265</p> <p>You Find Hacking Tools on the System 265</p> <p>People Complain You Are Hacking 265</p> <p>You Catch Them Switching Screens Every Time You Walk into the Room 265</p> <p>These Signs Could Be Normal 265</p> <p>Not All Hacking Is Bad 266</p> <p>How to Turn Around Your Malicious Hacker 266</p> <p>Move Their Computers into the Main Living Area and Monitor 267</p> <p>Give Guidance 267</p> <p>Give Legal Places to Hack 267</p> <p>Connect Them with a Good Mentor 269</p> <p><b>50 Hacker Code of Ethics   271</b></p> <p>Hacker Code of Ethics 272</p> <p>Be Ethical, Transparent, and Honest 273</p> <p>Don’t Break the Law 273</p> <p>Get Permission 273</p> <p>Be Confidential with Sensitive Information 273</p> <p>Do No Greater Harm 273</p> <p>Conduct Yourself Professionally 274</p> <p>Be a Light for Others 274</p> <p>Index 275</p>
<p><b>ROGER A. GRIMES</b> has worked in the field of computer security for over 27 years. As a professional penetration tester, he successfully broke into every company he was hired to hack within an hour, with a single exception that took three hours. He consults worldwide and has been the <i>InfoWorld</i> magazine (www.infoworld.com) computer security columnist since 2005. <p>(ISC)<sup>2</sup> books published by Wiley provide aspiring and experienced cybersecurity professionals with unique insights and advice for delivering on (ISC)<sup>2</sup>'s vision of inspiring a safe and secure world.
<p><b>MEET THE ROCK STARS OF CYBERSECURITY</b> <p>Day after day, whitehats meet blackhats on the field of cyberspace, battling for control of the technology that powers our world. Ethical hackers—whitehats—are among the most brilliant and resourceful of technology experts, constantly developing new ways to stay one step ahead of those who would hijack our data and systems for personal gain. <p>In these pages, you're going to meet some of the unsung heroes who protect us all from the Dark Side. You'll discover why they chose this field, the areas in which they excel, and their most notable accomplishments. You'll also get a brief overview of the many different types of cyberattacks they battle. <p>If the world of ethical hacking intrigues you, here's where to start exploring. You'll hear from: <ul> <li><b>Bruce Schneier,</b> America's leading cyber-security expert</li> <li><b>Kevin Mitnick,</b> master of social engineering</li> <li><b>Dr. Dorothy E. Denning,</b> specialist in intrusion detection</li> <li><b>Mark Russinovich,</b> Azure Cloud CTO</li> <li><b>Dr. Charlie Miller,</b> leader in thwarting car hacks</li> </ul> <p> <i>… and many more</i>

Diese Produkte könnten Sie auch interessieren:

MDX Solutions
MDX Solutions
von: George Spofford, Sivakumar Harinath, Christopher Webb, Dylan Hai Huang, Francesco Civardi
PDF ebook
53,99 €
Concept Data Analysis
Concept Data Analysis
von: Claudio Carpineto, Giovanni Romano
PDF ebook
107,99 €
Handbook of Virtual Humans
Handbook of Virtual Humans
von: Nadia Magnenat-Thalmann, Daniel Thalmann
PDF ebook
150,99 €