Hugendubel.info - Die B2B Online-Buchhandlung 

Merkliste
Die Merkliste ist leer.
Bitte warten - die Druckansicht der Seite wird vorbereitet.
Der Druckdialog öffnet sich, sobald die Seite vollständig geladen wurde.
Sollte die Druckvorschau unvollständig sein, bitte schliessen und "Erneut drucken" wählen.

Hacking For Dummies

E-BookEPUB2 - DRM Adobe / EPUBE-Book
416 Seiten
Englisch
Wiley-IEEE Presserschienen am22.03.20227. Auflage
Learn to think like a hacker to secure your own systems and data
Your smartphone, laptop, and desktop computer are more important to your life and business than ever before. On top of making your life easier and more productive, they hold sensitive information that should remain private. Luckily for all of us, anyone can learn powerful data privacy and security techniques to keep the bad guys on the outside where they belong.
Hacking For Dummies takes you on an easy-to-follow cybersecurity voyage that will teach you the essentials of vulnerability and penetration testing so that you can find the holes in your network before the bad guys exploit them. You will learn to secure your Wi-Fi networks, lock down your latest Windows 11 installation, understand the security implications of remote work, and much more.
You'll find out how to: Stay on top of the latest security weaknesses that could affect your business's security setup
Use freely available testing tools to 'penetration test' your network's security
Use ongoing security checkups to continually ensure that your data is safe from hackers

Perfect for small business owners, IT and security professionals, and employees who work remotely, Hacking For Dummies is a must-have resource for anyone who wants to keep their data safe.


Kevin Beaver is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master's degree in Management of Technology at Georgia Tech.mehr
Verfügbare Formate
BuchKartoniert, Paperback
EUR29,50
E-BookEPUB2 - DRM Adobe / EPUBE-Book
EUR19,99
E-BookPDF2 - DRM Adobe / Adobe Ebook ReaderE-Book
EUR19,99
E-BookPDF2 - DRM Adobe / Adobe Ebook ReaderE-Book
EUR20,99
E-BookEPUB2 - DRM Adobe / EPUBE-Book
EUR20,99

Produkt

KlappentextLearn to think like a hacker to secure your own systems and data
Your smartphone, laptop, and desktop computer are more important to your life and business than ever before. On top of making your life easier and more productive, they hold sensitive information that should remain private. Luckily for all of us, anyone can learn powerful data privacy and security techniques to keep the bad guys on the outside where they belong.
Hacking For Dummies takes you on an easy-to-follow cybersecurity voyage that will teach you the essentials of vulnerability and penetration testing so that you can find the holes in your network before the bad guys exploit them. You will learn to secure your Wi-Fi networks, lock down your latest Windows 11 installation, understand the security implications of remote work, and much more.
You'll find out how to: Stay on top of the latest security weaknesses that could affect your business's security setup
Use freely available testing tools to 'penetration test' your network's security
Use ongoing security checkups to continually ensure that your data is safe from hackers

Perfect for small business owners, IT and security professionals, and employees who work remotely, Hacking For Dummies is a must-have resource for anyone who wants to keep their data safe.


Kevin Beaver is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master's degree in Management of Technology at Georgia Tech.
Details
Weitere ISBN/GTIN9781119872214
ProduktartE-Book
EinbandartE-Book
FormatEPUB
Format Hinweis2 - DRM Adobe / EPUB
FormatFormat mit automatischem Seitenumbruch (reflowable)
Erscheinungsjahr2022
Erscheinungsdatum22.03.2022
Auflage7. Auflage
Seiten416 Seiten
SpracheEnglisch
Dateigrösse9522 Kbytes
Artikel-Nr.9070011
Rubriken
Genre9201

Inhalt/Kritik

Inhaltsverzeichnis
Introduction 1

Part 1: Building the Foundation for Security Testing 5

Chapter 1: Introduction to Vulnerability and Penetration Testing 7

Chapter 2: Cracking the Hacker Mindset 25

Chapter 3: Developing Your Security Testing Plan 37

Chapter 4: Hacking Methodology 49

Part 2: Putting Security Testing in Motion 59

Chapter 5: Information Gathering 61

Chapter 6: Social Engineering 69

Chapter 7: Physical Security 87

Chapter 8: Passwords 99

Part 3: Hacking Network Hosts 129

Chapter 9: Network Infrastructure Systems 131

Chapter 10: Wireless Networks 165

Chapter 11: Mobile Devices 193

Part 4: Hacking Operating Systems 205

Chapter 12: Windows 207

Chapter 13: Linux and macOS 233

Part 5: Hacking Applications 257

Chapter 14: Communication and Messaging Systems 259

Chapter 15: Web Applications and Mobile Apps 283

Chapter 16: Databases and Storage Systems 309

Part 6: Security Testing Aftermath 321

Chapter 17: Reporting Your Results 323

Chapter 18: Plugging Your Security Holes 329

Chapter 19: Managing Security Processes 337

Part 7: The Part of Tens 345

Chapter 20: Ten Tips for Getting Security Buy-In 347

Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test 353

Chapter 22: Ten Deadly Mistakes 357

Appendix: Tools and Resources 363

Index 379mehr
Leseprobe


Chapter 1
Introduction to Vulnerability and Penetration Testing

IN THIS CHAPTER

Understanding hackers and malicious users objectives

Examining how the security testing process came about

Recognizing what endangers your computer systems

Starting to use the process for security testing

This book is about testing your computers and networks for security vulnerabilities and plugging the holes you find before the bad guys get a chance to exploit them.
Straightening Out the Terminology

Everyone has heard of hackers and malicious users. Many people have even suffered the consequences of their criminal actions. Who are these people, and why do you need to know about them? The next few sections give you the lowdown on these attackers.

In this book, I use the following terminology:
Hackers (or external attackers) try to compromise computers, sensitive information, and even entire networks for ill-gotten gains - usually from the outside - as unauthorized users. Hackers go for almost any system they think they can compromise. Some prefer prestigious, well-protected systems, but hacking into anyone s system increases an attacker s status in hacker circles.

Malicious users (external or internal attackers, often called black-hat hackers) try to compromise computers and sensitive information from the outside (such as customers or business partners) or the inside as authorized and trusted users. Malicious users go for systems that they believe they can compromise for ill-gotten gains or revenge, because they may have access or knowledge of a system that gives them a leg up.

Malicious attackers are, generally speaking, both hackers and malicious users. For the sake of simplicity, I refer to both as hackers and specify hacker or malicious user only when I need to differentiate and drill down further into their unique tools, techniques, and ways of thinking.

Ethical hackers (or good guys), often referred to as white-hat hackers or penetration testers, hack systems to discover vulnerabilities to protect against unauthorized access, abuse, and misuse. Information security researchers, consultants, and internal staff fall into this category.
Hacker

Hacker has two meanings:
Traditionally, hackers like to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work - both mechanically and electronically.

Over the years, hacker has taken on a new meaning: someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). These crackers break into - or crack - systems with malicious intent. They seek fame, intellectual property, profit, or even revenge. They modify, delete, and steal critical information, and they spread ransomware and take entire networks offline, often bringing large corporations and government agencies to their knees.

Don t get me started on how pop culture and the media have hijacked the word hack, from life hacking to so-called election meddling. Marketers, politicians, and media strategists know that the average person doesn t understand the term hacking, so many of them use it however they desire to achieve their goals. Don t be distracted.


The good-guy (white-hat) hackers don t like being lumped in the same category as the bad-guy (black-hat) hackers. (In case you re curious, the white hat and black hat come from old Western TV shows in which the good guys wore white cowboy hats and the bad guys wore black cowboy hats.) Gray-hat hackers are a bit of both. Whatever the case, the word hacker often has a negative connotation.

Many malicious hackers claim that they don t cause damage but help others for the greater good of society. Yeah, whatever. Malicious hackers are electronic miscreants and deserve the consequences of their actions.

Be careful not to confuse criminal hackers with security researchers. Researchers not only hack aboveboard and develop the amazing tools that we get to use in our work, but they also (usually) take responsible steps to disclose their findings and publish their code. Unfortunately, there is a war going on against legitimate information security research, and the tools and techniques are often questioned by government agencies. Some people are even forced to remove these tools from their websites.
Malicious user

A malicious user - meaning a rogue employee, contractor, intern, or other user who abuses their trusted privileges - is a common term in security circles and in headlines about information breaches. The issue isn t necessarily users hacking internal systems but users who abuse the computer access privileges they ve been given. Users ferret through critical database systems to glean sensitive information, email confidential client information to the competition or elsewhere to the cloud to save for later, or delete sensitive files from servers that they probably didn t need to have access to in the first place.

Sometimes, an innocent (or ignorant) insider whose intent isn t malicious still causes security problems by moving, deleting, or corrupting sensitive information. Even an innocent fat finger on the keyboard can have dire consequences in the business world. Think about all the ransomware infections affecting businesses around the world. All it takes is one click by a careless user for your entire network to be affected.

Malicious users are often the worst enemies of IT and information security professionals because they know exactly where to go to get the goods and don t need to be computer-savvy to compromise sensitive information. These users have the access they need, and management trusts them - often without question.
Recognizing How Malicious Attackers Beget Ethical Hackers

You need protection from hacker shenanigans. Along the lines of what my father taught me about being smarter than the machine you re working on, you have to become as savvy as the guys who are trying to attack your systems. A true IT or security professional possesses the skills, mindset, and tools of a hacker but is trustworthy. They perform hacks as security tests against systems based on how hackers think and work and make tireless efforts to protect the organizations network and information assets.

Ethical hacking (otherwise known as vulnerability and penetration testing) involves the same tools, tricks, and techniques that criminal hackers use, with one major difference: It s performed with the target s permission in a professional setting. The intent of this testing is to discover vulnerabilities from a malicious attacker s viewpoint to better secure systems. Vulnerability and penetration testing is part of an overall information risk management program that allows for ongoing security improvements. This security testing can also ensure that vendors claims about the security of their products are legitimate.

SECURITY TESTING CERTIFICATIONS

If you perform vulnerability and penetration tests and want to add another certification to your credentials, you may want to consider becoming a Certified Ethical Hacker (C|EH) through a certification program by EC-Council. See www.eccouncil.org for more information. Like Certified Information Systems Security Professional (CISSP), the C|EH certification is a well-known, respected certification in the industry, accredited by the American National Standards Institute (ANSI 17024).

Other options include the SANS Global Information Assurance Certification (GIAC) program, IACRB Certified Penetration Tester (CPT), and the Offensive Security Certified Professional (OSCP) program, a hands-on security testing certification. I love the approach of the certifications, as all too often, people who perform this type of work don t have the proper hands-on experience with the tools and techniques to do it well. See www.giac.org, www.iacertification.org, and www.offensive-security.com for more information.

Vulnerability and penetration testing versus auditing

Many people confuse security testing via vulnerability and penetration testing with security auditing, but big differences exist in the objectives. Security auditing involves comparing a company s security policies (or compliance requirements) with what s actually taking place. The intent of security auditing is to validate that security controls exist, typically by using a risk-based approach. Auditing often involves reviewing business processes, and in some cases, it isn t as technical. Some security audits, in fact, can be as basic as security checklists that simply serve to meet a specific compliance requirement.

Not all audits are high-level, but many of the ones I ve seen - especially those involving compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA)...
mehr