Cover -- Contents -- Introduction -- Methods for Running BackTrack Linux -- Chapter 1 Ethical Hacking Overview -- Introduction to Ethical Hacking -- The Role of Security and Penetration Testers -- Penetration-Testing Methodologies -- Certification Programs for Network Security Personnel -- What You Can Do Legally -- Laws of the Land -- Is Port Scanning Legal? -- Federal Laws -- What You Cannot Do Legally -- Get It in Writing -- Ethical Hacking in a Nutshell -- Chapter Summary -- Chapter 2 TCP/IP Concepts Review -- Overview of TCP/IP -- The Application Layer -- The Transport Layer -- The Internet Layer -- IP Addressing -- Planning IP Address Assignments -- IPv6 Addressing -- Overview of Numbering Systems -- Reviewing the Binary Numbering System -- Reviewing the Octal Numbering System -- Reviewing the Hexadecimal Numbering System -- Chapter Summary -- Chapter 3 Network and Computer Attacks -- Malicious Software (Malware) -- Viruses -- Macro Viruses -- Worms -- Trojan Programs -- Spyware -- Adware -- Protecting Against Malware Attacks -- Educating Your Users -- Intruder Attacks on Networks and Computers -- Denial-of-Service Attacks -- Distributed Denial-of-Service Attacks -- Buffer Overflow Attacks -- Ping of Death Attacks -- Session Hijacking -- Addressing Physical Security -- Keyloggers -- Behind Locked Doors -- Chapter Summary -- Chapter 4 Footprinting and Social Engineering -- Using Web Tools for Footprinting -- Conducting Competitive Intelligence -- Analyzing a Company's Web Site -- Using Other Footprinting Tools -- Using E-mail Addresses -- Using HTTP Basics -- Other Methods of Gathering Information -- Using Domain Name System Zone Transfers -- Introduction to Social Engineering -- The Art of Shoulder Surfing -- The Art of Dumpster Diving -- The Art of Piggybacking -- Phishing -- Chapter Summary -- Chapter 5 Port Scanning.

Introduction to Port Scanning -- Types of Port Scans -- Using Port-Scanning Tools -- Nmap -- Unicornscan -- Nessus and OpenVAS -- Conducting Ping Sweeps -- Fping -- Hping -- Crafting IP Packets -- Understanding Scripting -- Scripting Basics -- Chapter Summary -- Chapter 6 Enumeration -- Introduction to Enumeration -- Enumerating Windows Operating Systems -- NetBIOS Basics -- NetBIOS Enumeration Tools -- Additional Enumeration Tools -- Enumerating the NetWare Operating System -- NetWare Enumeration Tools -- Enumerating the *nix Operating System -- UNIX Enumeration -- Chapter Summary -- Chapter 7 Programming for Security Professionals -- Introduction to Computer Programming -- Programming Fundamentals -- Learning the C Language -- Anatomy of a C Program -- Understanding HTML Basics -- Creating a Web Page with HTML -- Understanding Perl -- Background on Perl -- Understanding the Basics of Perl -- Understanding the BLT of Perl -- Understanding Object-Oriented Programming Concepts -- Components of Object-Oriented Programming -- An Overview of Ruby -- Chapter Summary -- Chapter 8 Desktop and Server OS Vulnerabilities -- Windows OS Vulnerabilities -- Windows File Systems -- Remote Procedure Call -- NetBIOS -- Server Message Block -- Common Internet File System -- Null Sessions -- Web Services -- SQL Server -- Buffer Overflows -- Passwords and Authentication -- Tools for Identifying Vulnerabilities in Windows -- Built-in Windows Tools -- Best Practices for Hardening Windows Systems -- Patching Systems -- Antivirus Solutions -- Enable Logging and Review Logs Regularly -- Disable Unused Services and Filtering Ports -- Other Security Best Practices -- Linux OS Vulnerabilities -- Samba -- Tools for Identifying Linux Vulnerabilities -- More Countermeasures Against Linux Attacks -- Chapter Summary -- Chapter 9 Embedded Operating Systems: The Hidden Threat.

Introduction to Embedded Operating Systems -- Windows and Other Embedded Operating Systems -- Other Proprietary Embedded OSs -- *Nix Embedded OSs -- Vulnerabilities of Embedded OSs -- Embedded OSs Are Everywhere -- Embedded OSs Are Networked -- Embedded OSs Are Difficult to Patch -- Embedded OSs Are in Networking Devices -- Embedded OSs Are in Network Peripherals -- Supervisory Control and Data Acquisition Systems -- Cell Phones, Smartphones, and PDAs -- Rootkits -- Best Practices for Protecting Embedded OSs -- Chapter Summary -- Chapter 10 Hacking Web Servers -- Understanding Web Applications -- Web Application Components -- Using Scripting Languages -- Connecting to Databases -- Understanding Web Application Vulnerabilities -- Application Vulnerabilities and Countermeasures -- Assessing Web Applications -- Tools for Web Attackers and Security Testers -- Web Tools -- Chapter Summary -- Chapter 11 Hacking Wireless Networks -- Understanding Wireless Technology -- Components of a Wireless Network -- Understanding Wireless Network Standards -- The 802.11 Standard -- An Overview of Wireless Technologies -- Additional IEEE 802.11 Projects -- Understanding Authentication -- The 802.1X Standard -- Understanding Wardriving -- How It Works -- Understanding Wireless Hacking -- Tools of the Trade -- Countermeasures for Wireless Attacks -- Chapter Summary -- Chapter 12 Cryptography -- Understanding Cryptography Basics -- History of Cryptography -- Understanding Symmetric and Asymmetric Algorithms -- Symmetric Algorithms -- Asymmetric Algorithms -- Digital Signatures -- Sensitive Data Encryption -- Hashing Algorithms -- Understanding Public Key Infrastructure -- Components of PKI -- Understanding Cryptography Attacks -- Birthday Attack -- Mathematical Attacks -- Brute-Force Attack -- Man-in-the-Middle Attack -- Dictionary Attack -- Replay Attack.

Understanding Password Cracking -- Chapter Summary -- Chapter 13 Network Protection Systems -- Understanding Routers -- Understanding Routing Protocols -- Understanding Basic Hardware Routers -- Understanding Access Control Lists -- Understanding Firewalls -- Understanding Firewall Technology -- Implementing a Firewall -- Understanding the Cisco Adaptive Security Appliance Firewall -- Using Configuration and Risk Analysis Tools for Firewalls and Routers -- Understanding Intrusion Detection and Prevention Systems -- Network-Based and Host-Based IDSs and IPSs -- Web Filtering -- Security Incident Response Teams -- Understanding Honeypots -- How Honeypots Work -- Chapter Summary -- Appendix A: Legal Resources -- Appendix B: Resources -- Appendix C: Virtualization and Ethical Hacking -- Virtualization and Security Testing -- Virtualization Vulnerabilities -- Installing and Using Virtualization Software -- Overview of VMware Server -- Downloading and Installing VMware Server -- Creating a Virtual Machine and Installing a Guest OS -- Configuring Networking Options -- Configuring Hardware Options -- Installing VMware Tools -- Glossary -- A -- B -- C -- D -- E -- F -- G -- H -- I -- K -- L -- M -- N -- O -- P -- R -- S -- T -- U -- V -- W -- Z -- Index -- A -- B -- C -- D -- E -- F -- G -- H -- I -- J -- K -- L -- M -- N -- O -- P -- Q -- R -- S -- T -- U -- V -- W -- X -- Y -- Z.