Hack proofing your network. (©2002)
- Record Type:
- Book
- Title:
- Hack proofing your network. (©2002)
- Main Title:
- Hack proofing your network
- Further Information:
- Note: David R. Mirza Ahmad [and others] ; Ryan Russell, technical editor.
- Other Names:
- Ahmad, David R. Mirza
Russell, Ryan, 1969- - Contents:
- Foreword v 1.5; ; Foreword v 1.0; ; Chapter 1 How To Hack; ; Introduction; ; What We Mean by “Hack; ; Why Hack?; ; Knowing What To Expect in the Rest of This Book; ; Understanding the Current Legal Climate; ; Summary; ; Frequently Asked Questions; ; Chapter 2 The Laws of Security; ; Introduction; ; Knowing the Laws of Security; ; Client-Side Security Doesn’t Work; ; You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information; ; Malicious Code Cannot Be 100 Percent Protected against; ; Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection; ; Firewalls Cannot Protect You 100 Percent from Attack; ; Social Engineering; ; Attacking Exposed Servers; ; Attacking the Firewall Directly; ; Client-Side Holes; ; Any IDS Can Be Evaded; ; Secret Cryptographic Algorithms Are Not Secure; ; If a Key Is Not Required, You Do Not Have Encryption-You Have Encoding; ; Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them; ; In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit; ; Security through Obscurity Does Not Work; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 3 Classes of Attack; ; Introduction; ; Identifying and Understanding the Classes of Attack; ; Denial of Service; ; Information Leakage; ; Regular File Access; ; Misinformation; ; Special File/Database Access; ; Remote Arbitrary Code Execution; ; Elevation of Privileges;Foreword v 1.5; ; Foreword v 1.0; ; Chapter 1 How To Hack; ; Introduction; ; What We Mean by “Hack; ; Why Hack?; ; Knowing What To Expect in the Rest of This Book; ; Understanding the Current Legal Climate; ; Summary; ; Frequently Asked Questions; ; Chapter 2 The Laws of Security; ; Introduction; ; Knowing the Laws of Security; ; Client-Side Security Doesn’t Work; ; You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information; ; Malicious Code Cannot Be 100 Percent Protected against; ; Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection; ; Firewalls Cannot Protect You 100 Percent from Attack; ; Social Engineering; ; Attacking Exposed Servers; ; Attacking the Firewall Directly; ; Client-Side Holes; ; Any IDS Can Be Evaded; ; Secret Cryptographic Algorithms Are Not Secure; ; If a Key Is Not Required, You Do Not Have Encryption-You Have Encoding; ; Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them; ; In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit; ; Security through Obscurity Does Not Work; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 3 Classes of Attack; ; Introduction; ; Identifying and Understanding the Classes of Attack; ; Denial of Service; ; Information Leakage; ; Regular File Access; ; Misinformation; ; Special File/Database Access; ; Remote Arbitrary Code Execution; ; Elevation of Privileges; ; Identifying Methods of Testing for Vulnerabilities; ; Proof of Concept; ; Standard Research Techniques; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 4 Methodology; ; Introduction; ; Understanding Vulnerability Research Methodologies; ; Source Code Research; ; Binary Research; ; The Importance of Source Code Reviews; ; Searching Error-Prone Functions; ; Reverse Engineering Techniques; ; Disassemblers, Decompilers, and Debuggers; ; Black Box Testing; ; Chips; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 5 Diffing; ; Introduction; ; What Is Diffing?; ; Why Diff?; ; Looking to the Source Code; ; Exploring Diff Tools; ; Using File-Comparison Tools; ; Working with Hex Editors; ; Utilizing File System Monitoring Tools; ; Finding Other Tools; ; Troubleshooting; ; Problems with Checksums and Hashes; ; Problems with Compression and Encryption; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 6 Cryptography; ; Introduction; ; Understanding Cryptography Concepts; ; History; ; Encryption Key Types; ; Learning about Standard Cryptographic Algorithms; ; Understanding Symmetric Algorithms; ; Understanding Asymmetric Algorithms; ; Understanding Brute Force; ; Brute Force Basics; ; Using Brute Force to Obtain Passwords; ; Knowing When Real Algorithms Are Being Used Improperly; ; Bad Key Exchanges; ; Hashing Pieces Separately; ; Using a Short Password to Generate a Long Key; ; Improperly Stored Private or Secret Keys; ; Understanding Amateur Cryptography Attempts; ; Classifying the Ciphertext; ; Monoalphabetic Ciphers; ; Other Ways to Hide Information; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 7 Unexpected Input; ; Introduction; ; Understanding Why Unexpected Data Is Dangerous; ; Finding Situations Involving Unexpected Data; ; Local Applications and Utilities; ; HTTP/HTML; ; Unexpected Data in SQL Queries; ; Application Authentication; ; Disguising the Obvious; ; Using Techniques to Find and Eliminate Vulnerabilities; ; Black-Box Testing; ; Use the Source; ; Untaint Data by Filtering It; ; Escaping Characters Is Not Always Enough; ; Perl; ; Cold Fusion/Cold Fusion Markup Language (CFML); ; ASP; ; PHP; ; Protecting Your SQL Queries; ; Silently Removing versus Alerting on Bad Data; ; Invalid Input Function; ; Token Substitution; ; Utilizing the Available Safety Features in Your Programming Language; ; Perl; ; PHP; ; ColdFusion/ColdFusion Markup Language; ; ASP; ; MySQL; ; Using Tools to Handle Unexpected Data; ; Web Sleuth; ; CGIAudit; ; RATS; ; Flawfinder; ; Retina; ; Hailstorm; ; Pudding; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 8 Buffer Overflow; ; Introduction; ; Understanding the Stack; ; The Stack Dump; ; Oddities and the Stack; ; Understanding the Stack Frame; ; Introduction to the Stack Frame; ; Passing Arguments to a Function: A Sample Program; ; Stack Frames and Calling Syntaxes; ; Learning about Buffer Overflows; ; A Simple Uncontrolled Overflow: A Sample Program; ; Creating Your First Overflow; ; Creating a Program with an Exploitable Overflow; ; Performing the Exploit; ; Learning Advanced Overflow Techniques; ; Stack Based Function Pointer Overwrite; ; Heap Overflows; ; Advanced Payload Design; ; Using What You Already Have; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 9 Format Strings; ; Introduction; ; Understanding Format String Vulnerabilities; ; Why and Where Do Format String Vulnerabilities Exist?; ; How Can They Be Fixed?; ; How Format String Vulnerabilities Are Exploited; ; How Format String Exploits Work; ; What to Overwrite; ; Examining a Vulnerable Program; ; Testing with a Random Format String; ; Writing a Format String Exploit; ; Summary; ; Solutions Fast Track; ; Frequently Asked Questions; ; Chapter 10 Sniffing; ; Introduction; ; What Is Sniffing?; ; How Does It Work?; ; What to Sniff?; ; Obtaining Authentication Information; ; Capturing Other Network Traffic; ; Popular Sniffing Software; ; Ethereal; <b … (more)
- Edition:
- 2nd ed
- Publisher Details:
- Rockland, MA : Syngress
- Publication Date:
- 2002
- Copyright Date:
- 2002
- Extent:
- 1 online resource (xxxiv, 787 pages), illustrations
- Subjects:
- 005.8
Computer networks -- Security measures
Computer security
COMPUTERS -- Internet -- Security
COMPUTERS -- Networking -- Security
COMPUTERS -- Security -- General
Computer networks -- Security measures
Computer security
Electronic books
Electronic books
Electronic books - Languages:
- English
- ISBNs:
- 1932266186
9781932266184
9781928994701
1928994709
9780080478166
0080478166 - Notes:
- Note: Print version record.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.32849
- Ingest File:
- 02_180.xml