- Save 10% on Books for Schools offered by Amazon.co.uk when you purchase 10 or more of the same book. Here's how (terms and conditions apply) Enter code SCHOOLS2016 at checkout. Here's how (terms and conditions apply)
Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions: Cisco Security Secrets and Solutions Paperback – 1 Jan 2006
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
Special Offers and Product Promotions
Customers Who Bought This Item Also Bought
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
From the Back Cover
Implement bulletproof Cisco security the battle-tested Hacking Exposed way
Defend against the sneakiest attacks by looking at your Cisco network and devices through the eyes of the intruder. Hacking Exposed Cisco Networks shows you, step-by-step, how hackers target exposed systems, gain access, and pilfer compromised networks. All device-specific and network-centered security issues are covered alongside real-world examples, in-depth case studies, and detailed countermeasures. It’s all here--from switch, router, firewall, wireless, and VPN vulnerabilities to Layer 2 man-in-the-middle, VLAN jumping, BGP, DoS, and DDoS attacks. You’ll prevent tomorrow’s catastrophe by learning how new flaws in Cisco-centered networks are discovered and abused by cyber-criminals. Plus, you’ll get undocumented Cisco commands, security evaluation templates, and vital security tools from hackingexposedcisco.com.
- Use the tried-and-true Hacking Exposed methodology to find, exploit, and plug security holes in Cisco devices and networks
- Locate vulnerable Cisco networks using Google and BGP queries, wardialing, fuzzing, host fingerprinting, and portscanning
- Abuse Cisco failover protocols, punch holes in firewalls, and break into VPN tunnels
- Use blackbox testing to uncover data input validation errors, hidden backdoors, HTTP, and SNMP vulnerabilities
- Gain network access using password and SNMP community guessing, Telnet session hijacking, and searching for open TFTP servers
- Find out how IOS exploits are written and if a Cisco router can be used as an attack platform
- Block determined DoS and DDoS attacks using Cisco proprietary safeguards, CAR, and NBAR
- Prevent secret keys cracking, sneaky data link attacks, routing protocol exploits, and malicious physical access
About the Author
Dr. Andrew A. Vladimirov, CCNP, CCDP, CISSP, CWNA, CompTIA Linux+ (Bristol, UK) is a researcher with a wide area of expertise ranging from applied cryptography and network security to bioinformatics and neuroscience.
Konstanstin V. Gavrilenko (Bristol, UK) has over 12 years experience in IT and security.
Andrei A. Mikhailovsky (Bristol, UK) has expertise that includes user authentication mechanisms, database and directory services, wireless networking security and systems integration.
Top Customer Reviews
It covers every angle you can think of to attack a network infrastructure and them some that you would never have thought of - it even includes some undocumented IOS commands.
You will need at least a basic understanding of networks and network protocols to completely understand all the content but this is not a fault of the book, as it is not designed to teach network admin skills.
It is an absolute must for any professional pen tester or hacking 'enthusiast' as this is an area that is not well known within the security community in general.
One of the best books I have read in a long time.
Most Helpful Customer Reviews on Amazon.com (beta)
My first impression of Hacking Exposed Cisco Networks is that the book was simply 'rushed' to market. The book begins with an intro by Michael Lynn, who made a name for himself at the 2005 Black Hat Briefings by 'publicly demonstrating the ability to reliably exploit buffer overflows on Cisco routers.' My feeling is that after the Black Hat Briefings, a rush was put on HECN to have it published simply to ride on this wave.
The book is divided into 3 Parts and 1 Appendix and includes a total of 14 chapters. The first section, Foundations, gives a review of Cisco design models, different security elements (firewall, IDS, VPN and AAA) and examples of real world security issues.
The second section (and the main section of the book) is titled `Hacking the Box' and dives into various methods of penetrating Cisco devices. The first chapter in this section discusses using different information sources to develop a profile (what to search for on a web search engine, autonomous system discovery, Internet routing servers and tables, etc..). Next, a 50 page chapter discusses enumerating and fingerprinting Cisco devices. Subsequent chapters discuss password attacks, SNMP community string attacks, wardialing, IOS exploitation and password cracking. After penetrating a device, the next chapter shows how to exploit and preserve access.
The last section discusses protocol exploitation, which needs not be focused solely on Cisco devices; most of these attacks are common across all vendors. This includes chapters on exploiting Vlans, GRE packet injection, EAP-LEAP cracking. The last chapter discusses routing protocol exploitation including exploits for RIP, EIGRP and BGP. The Appendix includes listing undocumented Cisco commands. While these commands can also be found on the web, the book discusses ways to use the commands in context of a hacking exploit.
Some of the items I found useful from HECN:
* Chapter 4 provides a respectable list of AS profiling techniques. Starting on page 108 is an excellent introduction to a tool to help sniff routing updates (the autonomous system scanner).
* Chapter 5 provides a great chart on Cisco specific protocols (page 124). The chapter also has a very good discussion on Cisco fingerprinting.
* Chapter 8 provides a one-of-a-kind discussion on IOS memory dissection. I was extremely impressed by the discussion on stack heaps. The TFTP buffer overflow on page 281 is a great example of where the future of Cisco IOS hacking may lie. While some believe buffer overflows are soooo 2005, I think believe there is amply room to further explore this within the context of Cisco devices.
HECN also has some weak areas:
* page 24 - mentions all routers support NTP - not true, some of the lower-end IOSs only support SNTP.
* page 28 - mentions `extra flags' for UDP connections. UDP has no flags, but certainly TCP does.
* page 133 - mentions a tool, the "ST-divine tool", as available on the book's website, but the tool is not listed at the book's website.
* Chapters 1 and 3 really don't offer anything new, and only distract from the overall quality of the book.
These and other such typos/editorial mistakes don't distract too much from the overall focus of HECN. The book tries to be a proof-of-concept with many different exploits. One feels that the authors were huddled around a few Cisco boxes, trying whatever exploits they could find to bust the box. It would be very easy to rack up some routers and switches, copy the configurations provided in the book, and follow them page by page as they perform various hacking techniques.
As an owner of over 50 books dedicated to Cisco, this book goes into an area not covered by any other book in my library. And, for that fact alone, I have to respect the book. However, I have to believe that if HECN had only gone through a further round of editing, that the overall structure of the book would be much better. In the end, I do recommend this book, simply because of the novelty of the subject and due to the amount of effort that is apparent throughout the text.
I give this book 4 pings out of 5:
One of the more striking aspects of HECN is the amount of original research committed to the book. Sure, the authors document already known Cisco vulnerabilities. However, they also developed a suite of tools to implement attacks discussed in HECN. They demonstrate how to apply various tools and when those applications are realistic. HECN's authors discovered a variety of new exploits (documented at the book Web site) which they submitted to Cisco's PSIRT. I appreciated this degree of originality.
HECN is on the leading edge of attacks happening right now. While reading the book I assisted with an incident response involving a Cisco switch. It appeared that bot net command-and-control traffic was originating from a switch on a client network. Upon closer inspection, I could tell that unknown intruders were bouncing IRC traffic through the management interface of the switch, probably using a variant of the ciscoBNC tool introduced in Ch 10. HECN also describes the possibilities offered by Tcl scripting on Cisco routers, which I expect to see intruders abuse.
I had two sorts of problems with HECN. First, the text can be somewhat confusing to follow. In some parts this is caused by the authors' writing style. In others confusion is caused by the authors' unwillingness to fully describe sensitive exploitation techniques. For example, they mention ways to reverse engineer and/or patch IOS binary images, but they are deliberately vague. This helps the authors stay out of trouble with Cisco, but it leaves the reader frustrated. The second problem with HECN involves the tone of the book. In some places I was left wondering why the authors made certain comments. A good example of material that should simply be dropped is the final "case study" at the end of the book.
Some minor technical issues should be fixed in future editions. In addition to those outlined by previous reviewers, I would add the item on p 460 that says AH is IP proto 49; it should be 51. I also thought the Nmap scanning recommendations on p 136 were somewhat silly. It's best to stick with the simplest scan possible and avoid the poorly-named "stealth" options Nmap offers. Finally, some of the screen shots were too fuzzy. Images taken from Ethereal in Ch 4 are examples of this problem.
Overall, I would still buy HECN. Administrators and security professionals must recognize that Cisco equipment (along with infrastructure from other vendors) are actively targeted, exploited, and abused by intruders. HECN explains how this happens and what you can do to prevent, or at least detect, these compromises. It's like 1999 all over again -- get the Hacking Exposed title that will help you mitigate a new class of threats!
As to the comments above, the scans of devices are limited to a single chapter where they rightfuly belong. And "ip inspect tcp max-incomplete host block" is by no means a panacea. First of all, TCP scanning is not limited to the SYN scans. Second, before setting a limit on the TCP half-connects one has to baseline the network behavior first and find out how common the half-connects to the protected hosts are and why do they occur, otherwise there could be connectivity troubles. So, in my opinion, the methods of hiding your routers from attackers described in the book are quite sufficient.
One example of many:
- page 521: Cisco's tcphijack
I would then have to Google to see if the tool was now elsewhere - sometimes successfully, sometimes - not.
Another example of bad tooling - page 519 - Arpworks. Yes it is still there but they fail to mention that it only works on Windows 95/98. I could go on and on.
The thing that really annoys me on this book is the binding. The softcover binding is made of some very cheap paper which curls up. For a $50 list-price book (I paid $50 for ordering it 1st and not waiting 2 months for the price to drop to $30), I would think that Osborne could have popped for an extra $1 on a good jacket quality - which would never happen with O'Reilly.
I did pick up a few tools I was not aware of, but was it worth $50?! Nope. Is it worth now $30? Questionable. If you live and breath Cisco security there won't be much new to learn here, but it does give you a reference to lend to others that keep asking you the same questions. :-)