Hacking Exposed, Sixth Edition: Network Security Secrets& Solutions: Network Security Secrets and Solutions [Paperback]

A lot of computer security textbooks approach the subject from a defensive point of view. "Do this, and you'll probably survive a particular kind of attack", they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalogue of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the most powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There is a lot of new stuff on electronic mail worms, distributed denial of service (DDoS) attacks and attacks that involve routing protocols.

The result of all this familiarity with bad-guy tools is a leg up on defending against them. Hacking wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products they aren't impressed with, and hesitate not in pointing out inherent, uncorrectable security weaknesses where they find them. This is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all you network administrators to know thy enemies. --David Wall --This text refers to an out of print or unavailable edition of this title.

The world's bestselling computer security book--fully expanded and updated

"Right now you hold in your hand one of the most successful security books ever written. Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." --From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc.

"For security to be successful in any company, you must ‘think evil' and be attuned to your ‘real risk'...Hacking Expose 6 defines both." --Patrick Heim, CISO, Kaiser Permanente

"The definitive resource to understanding the hacking mindset and the defenses against it." --Vince Rossi, CEO & President, St. Bernard Software

"Identity theft costs billions every year and unless you understand the threat, you will be destined to be a victim of it. Hacking Exposed 6 gives you the tools you need to prevent being a victim." --Bill Loesch, CTO, Guard ID Systems

"This book is current, comprehensive, thoughtful, backed by experience, and appropriately free of vendor-bias-prized features for any security practitioner in need of information." --Kip Boyle, CISO, PEMCO Mutual Insurance Company

"The Hacking Exposed series has become the definitive reference for security professionals from the moment it was first released, and the 6th edition maintains its place on my bookshelf," --Jeff Moss, Founder of the popular Black Hat Security Conference

Meet the formidable demands of security in today's hyperconnected world with expert guidance from the world-renowned Hacking Exposed team. Following the time-tested "attack-countermeasure" philosophy, this 10th anniversary edition has been fully overhauled to cover the latest insidious weapons in the hacker's extensive arsenal.

New and updated material:

• New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking
• Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits
• The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits
• New wireless and RFID security tools, including multilayered encryption and gateways
• All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices
• Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage
• VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking
• Fully updated chapters on hacking the Internet user, web hacking, and securing code

Right Now, Who is Breaking Into Your Computer?
Anyone who is connected to the Internet for any stable length of time is a potential victim. From large companies like Yahoo.com, eBay, and Amazon to organisations like universities and even average consumers on a cable modem or DSL connection, Internet security is everybody’s business.

Every type of end user can understand and implement ways to prevent attacks by reading the second edition of the world’s most popular network security book, Hacking Exposed, by Stuart McClure, Joel Scambray, and George Kurtz. In addition to being partners in Foundstone, Inc., a premier security consulting and training company, authors McClure, Scambray and Kurtz have promoted information system security over a combined fifteen years for Fortune 500 companies, and in forums including weekly columns in InfoWorld.

Since its release in the autumn of 1999, more than 125,000 copies of the first edition of Hacking Exposed have been sold world-wide making it an international best seller.

Why the need for a second edition? The world of Internet security moves even faster than today’s round-the-clock digital economy, and all of the brand-new tools and techniques that have surfaced since the publication of the best-selling first edition are covered here.

In his foreword to the Second Edition, Internet security titan Bruce Schneier, CTO of Counterpane Internet Security Inc., calls Hacking Exposed "…the distilled essence of the full-disclosure movement. It’s a comprehensive bible of security vulnerabilities: what they are, how they work, and what to do about them. After reading this, you will know more about your network and how to secure it than any other book I can think of. This book is informational gold." Read a copy today to see what you – or your ebusiness – may be missing. --This text refers to an out of print or unavailable edition of this title.

"A must-read for anyone in security…. One of the best security books available." --Tony Bradley, CISSP, About.com

"Authoritative….Even readers of earlier editions will find critical new insight on the more modern attacks." --From the Foreword by Gene Hodges, President of McAfee

"A cross between a spy novel and a tech manual." --Mark A. Kellner, Washington Times

"The seminal book on white-hat hacking and countermeasures.... Should be required reading for anyone with a server or a network to secure." —Bill Machrone, PC Magazine

"With every edition this book keeps getting better and better. I can recommend it to anyone interested in computer security, as it will certainly give you a real-world course on the subject." —Mirko Zorz, Net-security.org

The fifth edition of this world-renowned security reference offers completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using the proven Hacking Exposed methodology, the book shows you, step by step, how to locate and patch system vulnerabilities and explains what you need to know to stay vigilant in today's 24x7 digital world.

New and Updated Material:

New chapter on hacking code, with contributions by Michael Howard, covering the ways flaws get introduced into software and how best to prevent them
New Windows hacks including RPCSS (Blaster), LSASS (Sasser), and PCT (Download.ject) buffer overflow exploits
Updated denial of service chapter with descriptions of large scale zombie attacks and practical countermeasures
Coverage of new web hacking tools and techniques including HTTP response splitting and automated vulnerability scanners
New content on remote connectivity including VoIP hacking
New coverage of web and e-mail client hacking, including the latest Internet
Explorer exploits, phishing, spyware, rootkits, and bots
New hacks and countermeasures using Google as a reconnaissance tool
An updated footprinting chapter that deals with changes regarding finding information from Internet databases
Brand new case studies covering relevant and timely security attacks including Google, wireless, UNIX/Linux, and Mac OS X hacks --This text refers to an alternate Paperback edition.

"If there was an Encyclopedia Britannica of computer security, it would be Hacking Exposed, Third Edition." Marty Roesch, creator of the Snort tool

"A critical step to knowing your enemy is first understanding their tools. Hacking Exposed, Third Edition delivers just that...and more." Lance Spitzner, Sun Microsystems GESS Security Team and the coordinator of the Honeynet Project

"Whether you're a struggling novice or a seasoned pro Hacking Exposed, Third Edition is required reading." Barnaby Jack, Win32 Buffer Overflow expert

CD-ROM contains key security tools ready to install on your computer, links to the security tools covered in the book, and a password database.

Harden your computers and networks against compromise by digital marauders today with this fully revised, essential volume. Hacking Exposed: Network Security Secrets ; Solutions, Third Edition shows you how hackers view internetworking technologies, the techniques they use to exploit network security holes, and what you can do to recognize oncoming attacks. Renowned security experts Stuart McClure, Joel Scambray, and George Kurtz provide detailed examples of the latest devious break-ins and destructive attacks and show you, step-by-step, how to protect your systems. You'll get brand-new coverage of technologies like 802.11 Wireless Networking expanded coverage of Denial of Service, VPN, dial-up, and remote access hacks, and all-new security information on Windows XP, Windows.NET Server (code named Whistler), and IIS 5.

New and Updated Material:

-The latest 802.11 Wireless networking security attacks and countermeasures
-Fully up-to-date information on the latest Windows, UNIX, Linux, and NetWare hacks and countermeasures in the tried-and-true Hacking Exposed format
-New techniques used by today's hacker to pinpoint potential targets ping sweep tools, TCP/UDP scans, traceroutes, whois queries, and zone transfer downloads
-Significantly revised chapters on analog dial-up and Web attacks
-Brand-new coverage of Windows XP, Windows.NET Sever (code named Whistler), and IIS 5 vulnerabilities like Code Red
-New UNIX material including the latest Format String vulnerabilities
-The latest remote control vulnerabilities in VNC and Terminal Server
-New strategies for preventing untrusted access to SNMP, Active Directory, and NetBIOS/SMB services using IPSec filters, firewalls, and TCP/IP Security
-The most recent techniques for securing and managing Microsoft SQL Server and Internet Clients in networked environments --This text refers to an out of print or unavailable edition of this title.

Stuart McClure, CISSP, CNE, CCSE, a leading authority on information security, is VP of Operations & Strategy for the Risk & Compliance Business Unit at McAfee.

Joel Scambray, CISSP, is cofounder and CEO of Consciere, provider of strategic security advisory services.

George Kurtz, CISSP, CISA, CPA, is an internationally recognized security expert, author, and entrepreneur. He is currently a senior executive and general manager with McAfee, Inc.

They are the bestselling coauthors of the five previous editions of Hacking Exposed.