HACKING EXPOSED: Network Security Secrets & Solutions

HACKING EXPOSED: Network Security Secrets & Solutions, 6th Edition" is 720 pages, and over two pounds, full of information. And I found, as stated in the forward: "...Its goal is education..."

It is full of all kinds of knowledge.

Table of contents

Part I: Casing the Establishment

Chapter 1. Footprinting

Chapter 2. Scanning

Chapter 3. Enumeration

Part II: System Hacking

Chapter 4. Hacking Windows

Chapter 5. Hacking Unix

Part III: Infrastructure Hacking

Chapter 6. Remote Connectivity and VoIP Hacking

Chapter 7. Network Devices

Chapter 8. Wireless Hacking

Chapter 9. Hacking Hardware

Part IV: Application and Data Hacking

Chapter 10. Hacking Code

Chapter 11. Web Hacking

Chapter 12. Hacking the Internet User

Part V: Appendixes

Appendix A. Ports

Appendix B. Top 14 Security Vulnerabilities

Appendix C. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

Some of the new material includes:

the "Hacking Hardware" chapter (about physical locks, access cards, RFID, laptop security, USB, U3, Bluetooth, firmware, hard drives)...

Windows hacks (covering Terminal Services, Kerberos sniffing, man-in-the-middle attacks, Metasploit, device driver exploits, new password cracking tools)...

and UNIX hacks (such as THC Hydra, Solaris input validation attacks, dangling pointer attacks, DNS cache poisoning, UNIX Trojans, and kernel rootkits).

Some of the tactics and strategies that attackers use to gather information to prepare targets for attacks are noted, like: culling IP addresses, wardialing (it can still be effective), and spoofing e-mail messages (pretending to be support and administrative personnel).

To defend against attacks, you must understand the enemy. Preparing against access is better than trying to make repairs after a system has been. (Once someone has been inside you don't know what was left in the system, and where it was left at.) Instructions on how to perform network reconnaissance show how a network, and connected devices(firewalls/routers/etcetera), can be diagrammed. And there is a section regarding how to identify potential probing activities, and attacks.

This book can be used as a checklist of things that can sometimes be unintentionally available, but are: (web) cameras, and remote administration services...and the Microsoft Windows Remote Desktop Web Connection. Misconfigurations exist, and so do exploits that target them.

In Chapter 4, "Hacking Windows", there's a great reminder about proper password management. I've noticed that people seem to be better at it, but it's good to review best practices.

In the book the authors point towards many other sources of information and reference. There are suggestions of other books to enlighten and educate about how some prepare to access a network. And other websites and software that will allow you to test the openess of a network (hardware and services) and website.

(After going through the book, I remembered how there are instances where administrators and content managers are given more consideration than support and security managers and personnel...until there's a problem.)

If you are responsible in any way for a network or website, get this book. If there is anyone that works for you that is responsible for a network or website, get this book for their library!

The website of the book is http://www.hackingexposed.com

On the McGraw-Hill website, go to http://www.mhprofessional.com/c/pressroom/pressroom.php?pressnid=152

Changes to the site

I am playing around with some changes to the TechtalkRadio Site. More than anything I would like to make the site more interactive, other then switching it completely to a Word Press or Blogger Blogsite, I'm not quite sure how to achieve it. Maybe comments sections? Visitor Reviews? More Tips? I could really use some of your suggestions.

I did change up the Tech Tuesday, now called Television tab and shorten it to the 5 most recent and current video segment. I am looking for a Program that can rotate the videos out with the click of an Image and have them play in the bigger window. I read that the way I have been doing them is better for the search engines but I would just like to see the page get more hits and again, have the interactive features. Would love some input on this.

It looks like our new Engineer for the Radio Show is an avid gamer. Although he kicked my butt in Team Fortress 2 on Sunday we've chatted about doing the occasional review on gaming for the show. Should be fun and he already have some titles he can write about.

Carol is doing a KILLER job on the Tshirts and it looks like we're going to be rolling on them soon. We have collected the funds to get them printed by all of the companies except for two, and we won't out them here! Our printer is Alladin Graphics in Apparel who does awesome work. They did the TechtalkRadio Banner seen in our Ustream segments when we do them in the hot, un airconditioned studios! Can't wait for Winter!

Catch ya tommorow
Andy

homepage suggestions

I had mentioned these during a "Website of the Week" segment. I bunched them together because they're very similar, and thought you could choose the one you liked best:
MyWebber
Pageflakes
and Netvibes.

I found some interesting articles on the Netvibes site:
How to switch from my old service to netvibes?
Switch from Bloglines to netvibes?
Switch from Google Homepage to netvibes?
Switch from Google Reader to netvibes?
Switch from My Yahoo to netvibes?
Switch from Rojo to netvibes?
Switch from Live.com to netvibes?
Switch my RSS feed from Internet Explorer 7 to netvibes?
Switch my RSS feed from Firefox to netvibes?
Switch my RSS feed from Safari to netvibes?
Switch my RSS feed from Opera to netvibes?
Brings all your favorite MySpace, Digg, YouTube, Gmail, Flickr, eBay, del.icio.us accounts

world wide wait

Standard guidelines for ideal Web response times (Nielsen 1999, page 42):

0.1 second (one tenth of a second).
Ideal response time. The user doesn't sense any interruption.

1 second. Highest acceptable response time.
Download times above 1 second interrupt the user experience.

10 seconds. Unacceptable response time.
The user experience is interrupted and the user is likely to leave the site or system.
These numbers are useful for planning server capacity.

===============================

one-second response times = five kilobytes at 56 Kbps

===============================

Speedy downloads, speedy connections:
Minimize HTML, the number and size of graphics, and multimedia

Legibility
Use high contrast colors for optimum legibility (black text on white background best)

page width:
600 pixels and resizable [although 580 works best on Macs - ed.]

===========================

Minimize the number of steps needed to accomplish tasks
Load in under 20 to 30 seconds