The Hacker's Handbook
The Strategy Behind Breaking into and Defending Networks
Contributors: Felix Lindner, Trevor Young, John Zuena, Scott Brown, Jim Barrett, Stephen Northcutt
Auerbach Publications – 2003 – 896 pages
The Hacker’s Handbook: The Strategy Behind Breaking Into and Defending Networks, moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders.
This book is divided into three parts. Part I introduces programming, protocol, and attack concepts. Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration.
Each section provides a “path” to hacking/security Web sites and other resources that augment existing content. Referencing these supplemental and constantly-updated resources ensures that this volume remains timely and enduring. By informing IT professionals how to think like hackers, this book serves as a valuable weapon in the fight to protect digital assets.
“By the author’s providing a ‘hacker’ perspective, readers will more fully understand the ramifications of having an insecure computer, server, network, program, database and or policy. The book [includes] … a good table of contents that is extensive, very organized and thorough … . … [T]here are important discussions of the non-technical kind [of insecurity] like policy, which is too often overlooked in many organizations. … What is most impressive about the book is its outlines of specific exploits and attacks with prescribed defenses. … Coupled with good illustrations and detailed explanations[,] this is a great resource for both academic and public libraries.”
— E-Streams, Vol. 7, No. 9, Sept. 2004
—Anton Chuvakin, Ph.D., GCIA, GCIH, netForensics
Case Study in Subversion
Know Your Opponent
Anatomy of an Attack
Your Defensive Arsenal
The Protocols (TCP/IP) (OSI Layers 2-3)
The Protocols (TCP/IP) (OSI Layers 4-7)
SYSTEM AND NETWORK PENETRATION
Domain Name Service (DNS)
Simple Mail Transfer Protocol (SMTP)
Hypertext Transfer Protocol (http)
After the Fall