Hacking Exposed 5th Edition (Hacking Exposed)

Features

• Cover Type: Paperback with 692 pages
• Published by: McGraw-Hill Osborne Media
• Edition: 5th Edition April 19, 2005
• Written in: English
• ISBN 10 Number: 0072260815
• ISBN 13 Number: 978-0072260816
• Book Dimensions: 9 x 7.4 x 1.5 inches
• Weighs: 2.4 pounds

Product Review
A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.

The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren't impressed, and don't hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. --David Wall

Topics covered:

• Security vulnerabilities of operating systems, applications, and network devices
• Administrative procedures that will help defeat them
• Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix
• Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls

--This text refers to the Paperback edition.

Product Description


“The seminal book on white-hat hacking and countermeasures Should be required reading for anyone with a server or a network to secure.” --Bill Machrone, PC Magazine

"The definitive enyclopedia of intruder practices and tools." --Steve Steinke, Network Magazine

"For almost any computer book, you can find a clone. But not this one A one-of-a-kind study of the art of breaking in." --UNIX Review

Here is the latest edition of international best-seller, Hacking Exposed. Using real-world case studies, renowned security experts Stuart McClure, Joel Scambray, and George Kurtz show IT professionals how to protect computers and networks against the most recent security vulnerabilities. You'll find detailed examples of the latest devious break-ins and will learn how to think like a hacker in order to thwart attacks. Coverage includes:

• Code hacking methods and countermeasures
• New exploits for Windows 2003 Server, UNIX/Linux, Cisco, Apache, and Web and wireless applications
• Latest DDoS techniques--zombies, Blaster, MyDoom
• All new class of vulnerabilities--HTTP Response Splitting
• and much more

Reader Reviews
This review is from: Hacking Exposed: Network Security Secrets & Solutions, Third Edition (Hacking Exposed) (Paperback) I am a senior engineer for network security operations. I've read and reviewed every edition of the "Hacking Exposed" series since the 1999 original. "Hacking Exposed" is a winner; the authors' powerful example-driven style teaches the tools and tactics of vulnerability assessment and penetration testing. Nevertheless, I've compared this third edition to its "Hacking Linux" and "Hacking Windows 2000" cousins, and I believe the authors should rethink their goals for the "Hacking Exposed" series. "Hacking Exposed, Third Edition" (HE:3E) describes techniques to attack and defend a wide variety of network assets: Microsoft products (9x, ME, NT, 2000, XP), UNIX variants, Novell's NOS, routers, PBXs, firewalls, and so on. Weaknesses in individual applications are explained, with attention given to remote control tools (VNC, Windows Terminal Server, PCAnywhere), Web technologies (IIS, ColdFusion, ActiveX, Java), and file sharing/chat systems (Napster, IRC). Readers are unlikely to find so many topics given fairly thorough coverage in a single volume. Unfortunately, at 727 pages, HE:3E has gained too much weight. The 1999 first edition offered 484 pages, and the 2001 (yes, 2001) second edition gave 703 pages. While the authors should be credited for not simply copying and pasting material from their 2001 edition of "Hacking Exposed: Windows 2000," many of the same topics appear in both books. Furthermore, some subjects are redundantly described within HE:3E. For example, why rehash port redirection and rootkits in chapter 14 when they were adequately covered in earlier sections? I strongly recommend the authors remove the UNIX- and Windows-specific material from a future fourth edition of "Hacking Exposed," directing readers to "Hacking Linux" and "Hacking Windows" when necessary. The authors should briefly describe general UNIX and Windows vulnerabilities in "HE:4E," and devote most of the book to their methodology and systems not covered in other books. This overhaul will give the authors a chance to remove some dated material from "Hacking Exposed," like a reference to ISS RealSecure v3.0 (6.0 is now in use). I recommend readers who have not read previous "Hacking Exposed" titles buy this book. Despite my concerns, I still learned something new (wireless issues, format string vulnerabilities) and re-acquainted myself with material mentioned in earlier editions (RIP spoofing, enumeration techniques). If you've read "Hacking Exposed, Second Edition," wait for a revamped fourth edition. (Disclaimer: I received a free review copy from the publisher.)