HACKING EXPOSED: Network Security Secrets & Solutions

HACKING EXPOSED: Network Security Secrets & Solutions, 6th Edition" is 720 pages, and over two pounds, full of information. And I found, as stated in the forward: "...Its goal is education..."

It is full of all kinds of knowledge.

Table of contents

Part I: Casing the Establishment

Chapter 1. Footprinting

Chapter 2. Scanning

Chapter 3. Enumeration

Part II: System Hacking

Chapter 4. Hacking Windows

Chapter 5. Hacking Unix

Part III: Infrastructure Hacking

Chapter 6. Remote Connectivity and VoIP Hacking

Chapter 7. Network Devices

Chapter 8. Wireless Hacking

Chapter 9. Hacking Hardware

Part IV: Application and Data Hacking

Chapter 10. Hacking Code

Chapter 11. Web Hacking

Chapter 12. Hacking the Internet User

Part V: Appendixes

Appendix A. Ports

Appendix B. Top 14 Security Vulnerabilities

Appendix C. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

Some of the new material includes:

the "Hacking Hardware" chapter (about physical locks, access cards, RFID, laptop security, USB, U3, Bluetooth, firmware, hard drives)...

Windows hacks (covering Terminal Services, Kerberos sniffing, man-in-the-middle attacks, Metasploit, device driver exploits, new password cracking tools)...

and UNIX hacks (such as THC Hydra, Solaris input validation attacks, dangling pointer attacks, DNS cache poisoning, UNIX Trojans, and kernel rootkits).

Some of the tactics and strategies that attackers use to gather information to prepare targets for attacks are noted, like: culling IP addresses, wardialing (it can still be effective), and spoofing e-mail messages (pretending to be support and administrative personnel).

To defend against attacks, you must understand the enemy. Preparing against access is better than trying to make repairs after a system has been. (Once someone has been inside you don't know what was left in the system, and where it was left at.) Instructions on how to perform network reconnaissance show how a network, and connected devices(firewalls/routers/etcetera), can be diagrammed. And there is a section regarding how to identify potential probing activities, and attacks.

This book can be used as a checklist of things that can sometimes be unintentionally available, but are: (web) cameras, and remote administration services...and the Microsoft Windows Remote Desktop Web Connection. Misconfigurations exist, and so do exploits that target them.

In Chapter 4, "Hacking Windows", there's a great reminder about proper password management. I've noticed that people seem to be better at it, but it's good to review best practices.

In the book the authors point towards many other sources of information and reference. There are suggestions of other books to enlighten and educate about how some prepare to access a network. And other websites and software that will allow you to test the openess of a network (hardware and services) and website.

(After going through the book, I remembered how there are instances where administrators and content managers are given more consideration than support and security managers and personnel...until there's a problem.)

If you are responsible in any way for a network or website, get this book. If there is anyone that works for you that is responsible for a network or website, get this book for their library!

The website of the book is http://www.hackingexposed.com

On the McGraw-Hill website, go to http://www.mhprofessional.com/c/pressroom/pressroom.php?pressnid=152

TCP/IP not secure in Windows 2000 and XP

As usual, when it comes to computing, we go forward and not backward...

Over the past week I have disposed of many electronic devices because...they are old. They worked, but no longer in "supported" scenarios: with current operating systems, with current connections (parallel printer/serial ports), etcetera.

And now, I read that "Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution". Per Microsoft: "An update for Windows XP will not be made available...Microsoft has decided not to patch Windows 2000 for the TCP/IP vulnerability..."

I am not surprised, and expect this attitude...until I remember that netbooks are being released with Windows XP as the operating system! And I had been seriously considering getting one...

For other computers, in regards to their hardware and software, it's time to evaluate whether Windows Vista (or 7) will be compatible. (As well as some version of Linux...)

Pure Networks Security Scan

I tried the Pure Networks Security Scan on one of my computers...some of my results are below. You must enable Active Scripting to run test...

------------------------------------------------

Pure Networks Security Scan

Redirected Websites
"...File and Printer Sharing settings...you might have problems due to the guest account being disabled. This can cause problems if you are trying to connect to shares on this computer from older Windows systems like Microsoft Windows 98 or Windows ME. It can also cause problems if you don't have exactly the same user names and passwords on all of your PCs."

Software Firewall
"The 'Microsoft Windows Firewall' firewall is enabled on your system...to get file and printer sharing working between computers, you need to open some ports in the software firewall...If you are interested in easily sharing files and printers on your network, download the free version of Network Magic - it takes care of everything for you. If you are having problems getting the most out of your network, download the free version of Network Magic. It will even show you a Network Map and tell you which PCs have a firewall installed and which ones don't."

[I DID NOT FIND A "FREE" VERSION ON THEIR WEBSITE...maybe they mean that there are some free features available in the trial version... - SLICK]

Antivirus Software
"No enabled antivirus software was found."

Windows Update Not Automatic
"Windows Update is not set to automatically download and install updates."

Internet Connection
"Not connected to the Internet."

Dynamic IP Address
"Your computer is configured to automatically receive an IP address...The IP address that this computer is using is..."

Router Present
"Found router (make, model, and IP address)...We found a hardware firewall inside the...router which is protecting your network."

Router Password
"Your router has the default password set. The password for your router is currently set to the well-known factory default. All routers from a given manufacturer ship with a well-known default password. Having a default password is a bad thing because hackers can then use this to access your router..."

[The router doesn't belong to me...I am not the subscriber of the internet service provider...it is a DSL router... - SLICK]

Multiple Router Check
"Your router is connected normally to the Internet. You are connected normally to the Internet through one router."

Router Firmware Version
"Firmware version...is possibly out of date."

Default Network Name (SSID)
"Your network name...has been changed from the factory default. Your wireless network name (SSID) has been changed from the router's factory default SSID. Excellent work. Having your SSID set to the factory default can be bad for two reasons: 1) if your network isn't encrypted, other users are more likely to connect to your network unexpectedly and 2) if you use your computer outside of your home, it is more likely to unexpectedly connect to other networks using that same default SSID."

Signal Strength
"Your wireless network signal strength is 'good'..."

Secure Wireless Connection
"You are connected to a secure, encrypted wireless network...using the 802.11 WEP standard. The wireless network you're connected to is using an encryption method called WEP."

Wireless Network Name (SSID) Conflict
"Your wireless network is the only one in range with the network name..."

Wireless Encryption
"You have 802.11 WEP enabled, but your router supports 802.11 WPA encryption which is stronger encryption. Your router is correctly configured to use an encryption method called WEP...Your router also supports the more secure WPA encryption method. WEP has a number of security flaws that make it easy for hackers to crack. We recommend you consult your router vendor's manual about configuring your wireless router to use WPA instead. (Note that there are some devices that support WEP but not WPA, so you should check all devices that connect wirelessly to your network to verify they support WPA.)

[See my statement below about my experience with modifying Qwest DSL modems... - SLICK]

Network Magic Wireless Protection Compatible
"Your router is fully compatible with Network Magic Wireless Protection. Your...router is on the list of routers that are fully supported by Network Magic Wireless Protection..."

MAC Address Filtering
"Your router is not using MAC address filtering...We recommend that you enable MAC address filtering..."

SSID Broadcast
"Your router is broadcasting its SSID."

-------------------------------------------

I've had trouble attempting to configure Qwest DSL modems: changes I made, that I consider to be simple, had disabled wireless internet access. So, I refuse to try to make any adjustments for this Qwest DSL subscriber unless: I have a full day to devote to it, and I have a Qwest technical support person on the phone with me.