دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب The hacker’s handbook: the strategy behind breaking into and defending networks
دانلود کتاب کتاب راهنمای هکرها: استراتژی پشت سرگذاشتن و دفاع از شبکه ها
مشخصات کتاب
The hacker’s handbook: the strategy behind breaking into and defending networks
دسته بندی: امنیت ویرایش: 1 نویسندگان: Susan Young. Dave Aitel سری: ISBN (شابک) : 0849308887, 9780203490044 ناشر: Auerbach Publications سال نشر: 2003 تعداد صفحات: 849 زبان: English فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 10 مگابایت
قیمت کتاب (تومان) : 71,000
کلمات کلیدی مربوط به کتاب کتاب راهنمای هکرها: استراتژی پشت سرگذاشتن و دفاع از شبکه ها: انفورماتیک و مهندسی کامپیوتر، امنیت اطلاعات، امنیت سایبری و جرایم سایبری
در صورت تبدیل فایل کتاب The hacker’s handbook: the strategy behind breaking into and defending networks به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب کتاب راهنمای هکرها: استراتژی پشت سرگذاشتن و دفاع از شبکه ها نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks Cover Acknowledgments Authors Contributors Illustrator List of Abbreviations Contents Chapter 01: Introduction: The Chess Game Chapter 2. Case Study in Subversion Chapter 3. Know Your Opponent Chapter 4. Anatomy of an Attack Chapter 5. Your Defensive Arsenal Chapter 6. Programming Chapter 7. IP and Layer 2 Protocols Chapter 8. The Protocols Chapter 9. Domain Name System (DNS) Chapter 10. Directory Services Chapter 11. Simple Mail Transfer Protocol (SMTP) Chapter 12. Hypertext Transfer Protocol (HTTP) Chapter 13. Database Hacking Chapter 14. Malware and Viruses Chapter 15. Network Hardware Chapter 16. Consolidating Gains Chapter 17. After the Fall Chapter 18. Conclusion Part I Foundation Material Chapter 02: Case Study in Subversion Dalmedica The Dilemma The Investigation Notes Chapter 03: Know Your Opponent Terminology Script Kiddy Cracker White Hat Hacker Black Hat Hacker Hacktivism Professional Attackers History Computer Industry and Campus System Administration Home Computers Home Computers: Commercial Software Home Computers: The BBS Phone Systems Ethics and Full Disclosure Opponents Inside The Hostile Insider Corporate Politics Conclusion Notes Chapter 04: Anatomy of an Attack Overview Reconnaissance Social Engineering and Site Reconnaissance Internet Reconnaissance Internet Search Engines and Usenet Tools Financial Search Tools, Directories, Yellow Pages, and Other Sources IP and Network Reconnaissance Registrar and whois Searches Network Registrar Searches (ARIN) DNS Reconnaissance Mapping Targets War Dialing Network Mapping (ICMP) ICMP Queries TCP Pings: An Alternative to ICMP Traceroute Additional Network Mapping Tools Port Scanning TCP and UDP Scanning Banner Grabbing Packet Fragmentation Options Decoy Scanning Capabilities Ident Scanning FTP Bounce Scanning Source Port Scanning Stack Fingerprinting Techniques Vulnerability Scanning (Network-Based OS and Application Interrogation) Researching and Probing Vulnerabilities System/Network Penetration Account (Password) Cracking Application Attacks Cache Exploits File System Hacking Hostile and Self-Replicating Code Programming Tactics Process Manipulation Shell Hacking Session Hijacking Spoofing State-Based Attacks Traffic Capture (Sniffing) Trust Relationship Exploitation Denial-of-Service Consolidation Security Notes References Texts Web References Chapter 05: Your Defensive Arsenal The Defensive Arsenal Access Controls System Access Controls Authentication IP Authentication Password Authentication Eavesdropping Attacks Password Guessing Attacks Token-Based Authentication Session Authentication Client Session/ID Theft Cryptographic (Key-Based) Authentication Key Transfer and Key Management Vulnerabilities Key Binding and Impersonation Vulnerabilities Dictionary and Brute-Force Attacks against Weak Secrets Centralized Authentication Servers Human Authentication (Biometrics) Resource Controls Nonrepudiation Digital Signatures (and Digital Certificates) Privacy Virtual Private Network (VPN) Session and Protocol Encryption File System Encryption Intrusion Detection Network-Based and Host-Based IDS Anomaly-Based (Behavior-Based) IDS Signature-Based (Knowledge-Based) IDS IDS Hacking Exploits File System Integrity Checkers Security Information Management Data Integrity Notes References Texts Web References Chapter 06: Programming Languages Speed and Security Trade-Offs Native Compiled Code: C/C++/Assembly Bytecode/Just in Time Compiled Code (ÏManagedÓ Code): C#/Java Interpreted (Usually Compiled into Byte Codes at Runtime): Perl, Python (Scripting Languages), PHP, Visual Basic, .ASP, Lisp, JSP (Web Languages) Language-Specific Flaws and Strategic Ways to Protect against Them The Basics of Buffer Overflows and Other Memory Allocation Errors History Basic Stack Overflows Options for the Hacker after a Stack Overflow So What Is a Stack Canary? Heap Overflows Format String Bugs Integer Overflows Signal Races on UNIX What Is Shellcode? Interpreter Bugs File Name Canonicalization Logic Error War Stories Platform-Specific Programming Security Issues Windows NT Compared to UNIX Types of Applications Web Applications Cross-Site Scripting Vulnerabilities Java J2EE Traditional ASP .Net LAMP Remote Procedure Calling Creating an RPC Program Special Cases Setuid Applications on UNIX DCOM Services Auditing Techniques Tools That Aid Source Auditing Tools That Aid Reverse Engineering Fenris IDA-Pro SoftICE Ollydbg Fuzzing Audit Tools Web Security Audit Tools General Security Tools Encryption and Authentication Layered Defenses Platform-Specific Defenses (Security through Security and Security through Obscurity) Nonexecutable Stack Using a Different Platform Than Expected File System User Access Controls Process Logging The Insider Problem, Backdoors, and Logic Bombs Buying an Application Assessment Conclusion References Chapter 07: IP and Layer 2 Protocols Layer 2 Protocols Address Resolution Protocol (ARP) Reverse Address Resolution Protocol (RARP) Layer 3 Protocols IP Protocol Notes References Texts Request for Comments (RFCs) White Papers and Web References Chapter 08: The Protocols Layer 3 Protocols Internet Control Message Protocol (ICMP) Layer 4 Protocols Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Notes References Texts Request for Comments (RFCs) White Papers and Web References Part II System and Network Penetration Chapter 09: Domain Name System ( DNS) The DNS Protocol DNS Protocol and Packet Constructs (Packet Data Hacking) DNS Vulnerabilities DNS Exploits and DNS Hacking Protocol-Based Hacking Application-Based Attacks Cache Poisoning DNS Hijacking DNS Security and Controls Mapping Exploits to Defenses Defensive Strategy Microsoft Windows 2000 DNS Logging Controls Split-Level DNS Topologies (and DNS Proxying) Notes References Texts Request for Comments (RFCs) Mailing Lists and Newsgroups Web References Chapter 10: Directory Services What Is a Directory Service? Components of a Directory Schema Leaf Object Container Object Namespace Directory Information Tree Directory Information Base (DIB) Directory Features Directory Security Single Sign On Uses for Directory Systems Directory-Enabled Networking Linked Provisioning Global Directory Public Key Infrastructure Directory Models Physical vs. Logical Flat vs. Hierarchical X.500 Directory X.500 Schema X.500 Partitions X.500 Objects and Naming A Word about Aliases X.500 Back-End Processes X.500 Directory Access X.500 Security Access Control Rights Summary Lightweight Directory Access Protocol (LDAP) LDAP Schema LDAP Partitions LDAP Objects and Naming LDAP Queries LDAP Data Interchange Format (LDIF) LDAP Security Summary Active Directory Windows NT Windows 2000 Schema Windows 2000 Partitions Windows 2000 Objects and Naming Naming Standards and Resolution in Windows 2000 Active Directory Back-End Processes Windows 2000 Security Exploiting LDAP Sun ONE Directory Server 5.1 Microsoft Active Directory Summary Future Directions Further Reading Chapter 11: Simple Mail Transfer Protocol ( SMTP) The SMTP Protocol SMTP Protocol and Packet Constructs (Packet Data Hacking) SMTP Vulnerabilities SMTP Protocol Commands and Protocol Extensions SMTP Exploits and SMTP Hacking SMTP Protocol Attacks ESMTP and Command Set Vulnerabilities Worms and Automated Attack Tools Application-Based Denial-of-Service Attacks on the Mail Trust Model Attacks on Data Integrity Delivery Status Notification Manipulation SMTP Security and Controls Mapping Exploits to Defenses Defensive Strategy Notes References Texts Request for Comments (RFCs) White Papers and Web References Chapter 12: Hypertext Transfer Protocol ( HTTP) The HTTP Protocol HTTP Protocol and Packet Constructs (Packet Data Hacking) HTTP Vulnerabilities HTTP Protocol Methods (and Associated Vulnerabilities) HTTP Exploits and HTTP Hacking HTTP Protocol Attacks Caching Exploits Application-Based Attacks Attacks on the HTTP Trust Model HTTP Security and Controls Mapping Exploits to Defenses Defensive Strategy Notes References Texts Request for Comments (RFCs) Web References Chapter 13: Database Hacking and Security Introduction Enumeration of Weaknesses SQL Injection Introduction Phases of SQL Injection Hacking Microsoft SQL Server Overflows in Microsoft SQL Server Microsoft SQL Server Postauth Vulnerabilities Microsoft SQL Server SQL Injection A Note on Attacking Cold Fusion Web Applications Default Accounts and Configurations Hacking Oracle Buffer Overflows in Oracle Servers SQL Injection on Oracle Default User Accounts Tools and Services for Oracle Assessments Other Databases Connecting Backwards Demonstration and Examples Phase 1. Discovery Phase 2. Reverse Engineering the Vulnerable Application Phase 3. Getting the Results of Arbitrary Queries Conclusions Chapter 14: Malware and Viruses Ethics Again Target Platforms Script Malware Learning Script Virus Basics with Anna Kournikova Binary Viruses Binary File Viruses Binary Boot Viruses Hybrids Binary Worms Worst to Come Adware Infections Conclusion Notes Chapter 15: Network Hardware Overview Network Infrastructure Routers Switches Load-Balancing Devices Remote Access Devices Wireless Technologies Network Infrastructure Exploits and Hacking Device Policy Attacks Denial-of-Service Network Mapping Exploits Information Theft Spoofing Password or Configuration Exploits Logging Attacks Network Ports and Protocols Exploits and Attacks Device Management Attacks Management Protocols Device Configuration Security Attacks Router-Specific Exploits Access-Control Lists Attacks Switch-Specific Exploits Media Access (MAC) Address Exploits Load-Balancing Device Û Specific Exploits Remote Access Device Û Specific Exploits Home User System Exploitation Wireless Technology Û Specific Exploits Network Infrastructure Security and Controls Defensive Strategy Routing Protocol Security Options Management Security Options Operating System Hardening Options Configuration Audit and Verification Tools Wireless Network Controls Notes References Tools Request for Comments (RFCs) White Paper Web References Part III Consolidation Chapter 16: Consolidating Gains Overview Consolidation (OS and Network Facilities) Account and Privilege Management Facilities File System and I/O Resources File System (Operating System) Hacking Application-Based File System Hacking Service and Process Management Facilities Buffer Overflows, Format String, and Other Application Attacks Debugging Processes and Memory Manipulation Devices and Device Management Facilities Libraries and Shared Libraries Shell Access and Command Line Facilities Registry Facilities (NT/2000) Client Software Listeners and Network Services Network Information Service (NIS) Reconnaissance SNMP Reconnaissance Network Trust Relationships Application/Executable Environment Consolidation (Foreign Code) Trojans Backdoors (and Trojan Backdoors) Backdoor Applications Rootkits Kernel-Level Rootkits Security Mapping Exploits to Defenses Notes References and System Hardening References Texts Web References System Hardening References Chapter 17: After the Fall Logging, Auditing, and IDS Evasion Logging and Auditing Evasion IDS Evasion Forensics Evasion Environment Sanitization File Hiding and File System Manipulation Covert Network Activities Investigative, Forensics, and Security Controls Mapping Exploits to Defenses Notes References Texts Web References Chapter 18: Conclusion Conclusion: Case Study in Subversion DalmedicaÌs Perspective Access Points Bastion Hosts Reconnaissance Activity Target Systems Conclusion (Final Thoughts) References Areas of Focus General Hacking and Security Resources Authentication Technologies Cryptography DNS and Directory Services Network Management Route/Switch Infrastructures Storage Networking Voice over IP Wireless Networks Notes Team DDU
نظرات کاربران
کتاب های مرتبط
دانلود کتاب Yılanların öcü
دانلود کتاب The Secret Terrorists (Secret Jesuit plot to take over USA)
دانلود کتاب Information Security Governance Framework and Toolset for CISOs and Decision Makers.
دانلود کتاب Spidering Hacks
دانلود کتاب States and Markets: Comparing Japan and Russia
