While you're reading this, a hacker could be prying and spying his way into your company's IT systems, sabotaging your operations, stealing confidential information, shutting down your Web site, or wreaking havoc in other diabolical ways. Hackers For Dummies helps you hack into a hacker's mindset and take security precautions to help you avoid a hack attack. It outlines computer hacker tricks and techniques you can use to assess the security of your own information systems, find security vulnerabilities, and fix them before malicious and criminal hackers can exploit them. It covers: \* Hacking methodology and researching public information to see what a hacker can quickly learn about your operations \* Social engineering (how hackers manipulate employees to gain information and access), physical security, and password vulnerabilities \* Network infrastructure, including port scanners, SNMP scanning, banner grabbing, scanning, and wireless LAN vulnerabilities \* Operating systems, including Windows, Linux, and Novell NetWare \* Application hacking, including malware (Trojan horses, viruses, worms, rootkits, logic bombs, and more), e-mail and instant messaging, and Web applications \* Tests, tools (commercial, shareware, and freeware), and techniques that offer the most bang for your ethical hacking buck With this guide you can develop and implement a comprehensive security assessment plan, get essential support from management, test your system for vulnerabilities, take countermeasures, and protect your network infrastructure. You discover how to beat hackers at their own game, with: \* Ahacking toolkit, including War dialing software, password cracking software, network scanning software, network vulnerability assessment software, a network analyzer, a Web application assessment tool, and more \* All kinds of countermeasures and ways to plug security holes \* A list of more than 100 security sites, tools, and resources Ethical hacking helps you fight hacking with hacking, pinpoint security flaws within your systems, and implement countermeasures. Complete with tons of screen shots, step-by-step instructions for some countermeasures, and actual case studies from IT security professionals, this is an invaluable guide, whether you're an Internet security professional, part of a penetration-testing team, or in charge of IT security for a large or small business. Team DDU Hacking for Dummies 1 Cover 1 Table of Contents 12 Foreword 20 Introduction 24 Who Should Read This Book? 24 About This Book 25 How to Use This Book 25 What You Don't Need to Read 26 Foolish Assumptions 26 How This Book Is Organized 26 Part I: Building the Foundation for Ethical Hacking 27 Part II: Putting Ethical Hacking in Motion 27 Part III: Network Hacking 27 Part IV: Operating System Hacking 27 Part V: Application Hacking 28 Part VI: Ethical Hacking Aftermath 28 Part VII: The Part of Tens 28 Part VIII: Appendixes 28 Icons Used in This Book 29 Where to Go from Here 29 Part I: Building the Foundation for Ethical Hacking 30 Chapter 1: Introduction to Ethical Hacking 32 How Hackers Beget Ethical Hackers 32 Defining hacker 32 Ethical Hacking 101 33 Understanding the Need to Hack Your Own Systems 34 Understanding the Dangers Your Systems Face 35 Nontechnical attacks 35 Network-infrastructure attacks 36 Operating-system attacks 36 Application and other specialized attacks 36 Obeying the Ethical hacking Commandments 37 Working ethically 37 Respecting privacy 37 Not crashing your systems 38 The Ethical hacking Process 38 Formulating your plan 38 Selecting tools 40 Executing the plan 42 Evaluating results 43 Moving on 43 Chapter 2: Cracking the Hacker Mindset 44 What You're Up Against 44 Who Hacks 45 Why Hackers Hack 47 Planning and Performing Attacks 49 Maintaining Anonymity 50 Chapter 3: Developing Your Ethical Hacking Plan 52 Getting Your Plan Approved 52 Establishing Your Goals 53 Determining What Systems to Hack 55 Creating Testing Standards 56 Timing 57 Specific tests 57 Blind versus knowledge assessments 58 Location 59 Reacting to major exploits that you find 59 Silly assumptions 59 Selecting Tools 60 Chapter 4: Hacking Methodology 62 Setting the Stage 62 Seeing What Others See 64 Gathering public information 64 Mapping the network 66 Scanning Systems 68 Hosts 69 Modems and open ports 69 Determining What's Running on Open Ports 70 Assessing Vulnerabilities 72 Penetrating the System 74 Part II: Putting Ethical Hacking in Motion 76 Chapter 5: Social Engineering 78 Social Engineering 101 78 Before You Start 79 Why Hackers Use Social Engineering 81 Understanding the Implications 81 Performing Social-Engineering Attacks 82 Fishing for information 83 Building trust 85 Exploiting the relationship 86 Social-Engineering Countermeasures 88 Policies 89 User awareness 89 Chapter 6: Physical Security 92 Physical-Security Vulnerabilities 92 What to Look For 93 Building infrastructure 95 Utilities 96 Office layout and usage 97 Network components and computers 98 Chapter 7: Passwords 102 Password Vulnerabilities 102 Organizational password vulnerabilities 103 Technical password vulnerabilities 105 Cracking Passwords 105 Cracking passwords the old-fashioned way 106 High-tech password cracking 108 General password-hacking countermeasures 114 Password-protected files 118 Other ways to crack passwords 120 Securing Operating Systems 124 Windows 124 Linux and UNIX 125 Part III: Network Hacking 126 Chapter 8: War Dialing 128 War Dialing 128 Modem safety 128 General telephone-system vulnerabilities 129 Attacking 129 Countermeasures 137 Chapter 9: Network Infrastructure 140 Network Infrastructure Vulnerabilities 142 Choosing Tools 143 Scanners 143 Vulnerability assessment 144 Scanning, Poking, and Prodding 144 Port scanners 144 SNMP scanning 152 Banner grabbing 153 Firewall rules 154 Looking through a network analyzer 157 The MAC-daddy attack 163 Denial of service 167 General network defenses 169 Chapter 10: Wireless LANs 170 Understanding the Implications of Wireless Network Vulnerabilities 170 Choosing Your Tools 171 Wireless LAN Discovery 174 Checking for worldwide recognition 174 Scanning your local airwaves 175 Wireless Network Attacks 177 Encrypted traffic 178 Countermeasures 179 Rogue networks 181 Countermeasures 182 Physical-security problems 183 Countermeasures 183 Vulnerable wireless workstations 184 Countermeasures 184 Default configuration settings 185 Countermeasures 186 Part IV: Operating System Hacking 188 Chapter 11: Windows 190 Windows Vulnerabilities 191 Choosing Tools 191 Essential tools 192 Free Microsoft tools 192 All-in-one assessment tools 193 Task-specific tools 193 Information Gathering 194 System scanning 194 NetBIOS 197 RPC 200 Enumeration 201 Countermeasures 201 Null Sessions 202 Hacks 202 Countermeasures 207 Share Permissions 209 Windows defaults 209 Testing 210 General Security Tests 212 Windows Update 212 Microsoft Baseline Security Analyzer (MBSA) 213 LANguard 214 Chapter 12: Linux 216 Linux Vulnerabilities 217 Choosing Tools 217 Information Gathering 218 System scanning 218 Countermeasures 222 Unneeded Services 223 Searches 223 Countermeasures 225 .rhosts and hosts equiv Files 227 Hacks 227 Countermeasures 228 NFS 229 Hacks 229 Countermeasures 230 File Permission 230 Hacks 230 Countermeasures 230 Buffer Overflows 231 Attacks 232 Countermeasures 232 Physical Security 232 Hacks 233 Countermeasures 233 General Security Tests 234 Patching Linux 235 Distribution updates 236 Multiplatform update managers 236 Chapter 13: Novell NetWare 238 NetWare Vulnerabilities 238 Choosing Tools 239 Getting Started 239 Server access methods 240 Port scanning 240 NCPQuery 242 Countermeasures 243 Authentication 243 Rconsole 244 Server-console access 247 Intruder detection 247 Rogue NLMs 248 Clear-text packets 252 General Best Practices for Minimizing NetWare Security Risks 253 Rename admin 254 Disable eDirectory browsing 254 Removing bindery contexts 256 System auditing 256 TCP/IP parameters 257 Patching 257 Part V: Application Hacking 258 Chapter 14: Malware 260 Implications of Malware Attacks 260 Types of Malware 262 Trojan horses 262 Viruses 263 Worms 263 Rootkits 263 Spyware 264 Built-in programming interfaces 264 Logic bombs 265 Security tools 265 How Malware Propagates 266 Automation 266 E-mail 266 Hacker backdoors 267 Testing 267 Vulnerable malware ports 267 Manual assessment 268 Antivirus software testing 272 Network scanning 273 Behavioral-analysis tools 276 Malware Countermeasures 276 General system administration 276 E-mails 278 Files 278 Chapter 15: Messaging Systems 280 Messaging-System Vulnerabilities 280 E-Mail Attacks by Myo Myint Htike 281 E-mail bombs 281 Banners 286 SMTP attacks 288 General best practices for minimizing e-mail security risks 294 Instant Messaging 295 Vulnerabilities 295 Countermeasures 298 Chapter 16: Web Applications 302 Web-Application Vulnerabilities 302 Choosing Your Tools 303 Insecure Login Mechanisms 303 Testing 303 Countermeasures 306 Directory Traversal 306 Testing 306 Countermeasures 308 Input Filtering 308 Input attacks 309 Countermeasures 312 Default Scripts 312 Attacks 312 Countermeasures 313 URL Filter Bypassing 313 Bypassing filters 313 Countermeasures 315 Automated Scans 315 Nikto 315 WebInspect 315 General Best Practices for Minimizing Web-Application Security Risks 317 Obscurity 317 Firewalls 318 Part VI: Ethical Hacking Aftermath 320 Chapter 17: Reporting Your Results 322 Pulling the Results Together 322 Prioritizing Vulnerabilities 324 Reporting Methods 325 Chapter 18: Plugging Security Holes 328 Turning Your Reports into Action 328 Patching for Perfection 329 Patch management 329 Patch automation 330 Hardening Your Systems 331 Assessing Your Security Infrastructure 332 Chapter 19: Managing Security Changes 334 Automating the Ethical Hacking Process 334 Monitoring Malicious Use 335 Outsourcing Ethical Hacking 336 Instilling a Security-Aware Mindset 338 Keeping Up with Other Security Issues 339 Part VII: The Part of Tens 340 Chapter 20: Ten Tips for Getting Upper Management Buy-In 342 Cultivate an Ally and Sponsor 342 Don't Be a FUDdy Duddy 342 Demonstrate How the Organization Can't Afford to Be Hacked 343 Outline the General Benefits of Ethical Hacking 343 Show How Ethical Hacking Specifically Helps the Organization 344 Get Involved in the Business 344 Establish Your Credibility 344 Speak on Their Level 345 Show Value in Your Efforts 345 Be Flexible and Adaptable 345 Chapter 21: Ten Deadly Mistakes 346 Not Getting Approval in Writing 346 Assuming That You Can Find All Vulnerabilities During Your Tests 347 Assuming That You Can Eliminate All Security Vulnerabilities 347 Performing Tests Only Once 347 Pretending to Know It All 348 Running Your Tests without Looking at Things from a Hacker's Viewpoint 348 Ignoring Common Attacks 348 Not Using the Right Tools 348 Pounding Production Systems at the Wrong Time 349 Outsourcing Testing and Not Staying Involved 349 Part VIII: Appendixes 350 Appendix A: Tools and Resources 352 Awareness and Training 352 Dictionary Files and Word Lists 352 General Research Tools 353 Hacker Stuff 353 Linux 354 Log Analysis 354 Malware 354 Messaging 355 NetWare 355 Networks 355 Password Cracking 356 War Dialing 357 Web Applications 357 Windows 357 Wireless Networks 358 Appendix B: About the Book Web Site 360 Index 362 Team DDU 1 While you're reading this, a hacker could be prying and spying his way into your company's IT systems, sabotaging your operations, stealing confidential information, shutting down your Web site, or wreaking havoc in other diabolical ways. Hackers For Dummies helps you hack into a hacker's mindset and take security precautions to help you avoid a hack attack. It outlines computer hacker tricks and techniques you can use to assess the security of your own information systems, find security vulnerabilities, and fix them before malicious and criminal hackers can exploit them. It covers: Hacking methodology and researching public information to see what a hacker can quickly learn about your operations Social engineering (how hackers manipulate employees to gain information and access), physical security, and password vulnerabilities Network infrastructure, including port scanners, SNMP scanning, banner grabbing, scanning, and wireless LAN vulnerabilities Operating systems, including Windows, Linux, and Novell NetWare Application hacking, including malware (Trojan horses, viruses, worms, rootkits, logic bombs, and more), e-mail and instant messaging, and Web applications Tests, tools (commercial, shareware, and freeware), and techniques that offer the most bang for your ethical hacking buck With this guide you can develop and implement a comprehensive security assessment plan, get essential support from management, test your system for vulnerabilities, take countermeasures, and protect your network infrastructure. You discover how to beat hackers at their own game, with: A hacking toolkit, including War dialing software, password cracking software, network scanning software, network vulnerability assessment software, a network analyzer, a Web application assessment tool, and more All kinds of countermeasures and ways to plug security holes A list of more than 100 security sites, tools, and resources Ethical hacking helps you fight hacking with hacking, pinpoint security flaws within your systems, and implement countermeasures. Complete with tons of screen shots, step-by-step instructions for some countermeasures, and actual case studies from IT security professionals, this is an invaluable guide, whether you're an Internet security professional, part of a penetration-testing team, or in charge of IT security for a large or small business. ''Ethical hacking'' is the process of entering into a hacker's mindset in order to spot system vulnerabilities by performing typical hacks in a controlled environment. This book helps security professionals understand how malicious users think and work, enabling administrators to defend their systems against attacks and to identify security vulnerabilities. * Shows readers how to approach their system security from the hacker's perspective and perform nondestructive penetration testing * Helps the reader develop an ethical hacking plan, and examines typical attacks and how to counteract them * Guides readers through reporting vulnerabilities to upper management, managing security changes, automating the ethical hacking process, and training end-users to avoid being victimized