| | Copyright |
| | Foreword |
| | First Edition Foreword |
| | Preface |
| | | About the Author |
| | | Acknowledgments |
|
| | Part I: Understanding Hackers |
| | | Chapter 1. Who Hackers Are |
| | | Internal Hackers |
| | | External Hackers |
| | | Categorizing Hackers |
| | | Demographics |
| | | Classified by Skill Level |
|
| | | Chapter 2. Hacker Motives |
| | | Intellectually Motivated |
| | | Personally Motivated |
| | | Socially Motivated |
| | | Politically Motivated |
| | | Financially Motivated |
| | | Motivated by Ego |
|
| | | Chapter 3. What Hackers Do |
| | | Modern Day Robin Hood |
| | | Digital Dillinger |
|
| | | Chapter 4. How Hackers Do What They Do |
| | | Malicious Code |
| | | Modified Source Code |
| | | Exploiting Network Protocols |
| | | Exploiting Vulnerabilities |
| | | Password Crackers |
|
|
| | Part II: The Hacking Process |
| | | Chapter 5. Gathering Information |
| | | Public Sources |
| | | People |
| | | Going On Site |
| | | Computer Systems |
| | | Security Experts |
| | | Other Hackers |
|
| | | Chapter 6. Limiting Information Disclosure |
| | | Public Information Sources |
| | | Announcements |
| | | Restricting the Scope of the Service |
| | | Polling |
| | | Eavesdropping |
| | | Misinformation |
|
| | | Chapter 7. Gaining Access |
| | | Outsiders |
| | | Insiders |
| | | Back Doors |
| | | Anonymously |
| | | Active Sessions |
| | | Stolen Credentials |
| | | Subverting Protocols |
|
| | | Chapter 8. Limiting Access |
| | | Physical System Access |
| | | Restricting Users |
| | | Over the Network |
| | | Restricting Services |
| | | File System Access |
|
| | | Chapter 9. Getting Credentials |
| | | Identity Management |
| | | Account Management |
| | | Repositories |
| | | Monitoring the Network |
| | | Social Engineering |
| | | Monitoring User Input |
|
| | | Chapter 10. Controlling Authentication |
| | | Authentication Management |
| | | Cracking Passwords |
| | | Finding Passwords in Clear Text |
| | | The Future of Passwords |
| | | Implementing Strong Authentication |
|
| | | Chapter 11. Gaining Privileges |
| | | Having Another User Run a Program |
| | | Exploiting Permission Vulnerabilities |
| | | Exploiting Hardware Vulnerabilities |
| | | Exploiting Software Vulnerabilities |
|
| | | Chapter 12. Controlling Authorizations |
| | | User Authorizations |
| | | Program Authorizations |
| | | Compartmentalization |
| | | Protecting Files |
| | | Exploiting Permission Vulnerabilities |
| | | Read-only File Systems |
|
| | | Chapter 13. Avoiding Detection |
| | | Monitoring Connections |
| | | Monitoring Processes |
| | | Monitoring Information |
| | | Increasing Security |
| | | Not Making Tracks |
| | | Removing Tracks |
| | | Misdirection |
| | | Changing Time |
|
| | | Chapter 14. Increasing Monitoring |
| | | Monitoring Files |
| | | Monitoring Users |
| | | Monitoring Resources |
| | | The Logging System |
| | | Consolidated Logging Server |
| | | Log File Monitoring |
|
|
| | Part III: Legal Recourse |
| | | Chapter 15. Computer Crimes |
| | | Traditional Offenses Using Computers |
| | | Computer-specific Offenses |
| | | Intellectual Property Offenses |
| | | Content- related Offenses |
| | | Privacy Offenses |
|
| | | Chapter 16. Legal Prosecution |
| | | Computer Crime |
| | | Law Enforcement Agencies |
|
| | | Chapter 17. Obstacles to Prosecution |
| | | Identifying the Hacker |
| | | Jurisdiction |
| | | Extradition |
| | | Evidence |
| | | Cost of Prosecution |
| | | Corporate Concerns |
| | | Personal Concerns |
|
| | | Chapter 18. Improving Successful Prosecution |
| | | Enforcing Security Policy |
| | | Fair Notice |
| | | Marking Information |
| | | Proper Evidence Preservation |
| | | Trusted Time |
|
|
| | Part IV: Halting the Hacker |
| | | Chapter 19. Preparation |
| | | Define What Needs Protection |
| | | Define How Much Protection Is Required |
| | | Decide How Much Protection Is Afforded |
| | | Define What You Have |
| | | Define How to Protect It |
|
| | | Chapter 20. Installation |
| | | Software Structure |
| | | Install Minimum Base Operating System |
| | | Remove Any Unneeded Software |
| | | Install Additional Products |
| | | Install Standard Patches |
| | | Install Security Patches |
| | | Remove Software Remnants |
|
| | | Chapter 21. Proactive Protection |
| | | Remove What Is Not Needed |
| | | Disable What Is Not Used |
| | | Restrict the Rest |
| | | Host Hardening Systems |
|
| | | Chapter 22. Security Testing |
| | | Evaluate Current Status |
| | | Compliance with Security Program |
| | | Integrity of Installed Software |
| | | Integrity of Configuration |
| | | Security Scanners |
|
| | | Chapter 23. Security Monitoring |
| | | Monitoring for New Vulnerabilities |
| | | Intrusion Methods |
| | | Determining When a Security Incident Has Occurred |
| | | System Monitoring Techniques |
| | | Comprehensive Monitoring |
|
| | | Chapter 24. Reactive Security |
| | | Review the Incident Response Plan |
| | | Preserve the State of the Computer |
| | | Reporting the Incident |
| | | Contain the Incident |
| | | Gather Information |
| | | Countermeasures |
|
| | | Chapter 25. Recovery |
| | | Assess the Scope |
| | | Setting Priorities |
| | | Secure the System |
| | | Repair the Vulnerability |
| | | System Recovery |
| | | Data Recovery |
| | | Monitor for Additional Signs of Attack |
| | | Restoration of Confidence |
|
| | | Chapter 26. Review |
| | | Determine the Cost of the Incident |
| | | Evaluate the Response Process |
| | | Improve the Safeguards |
| | | Update Detection |
| | | Process Improvement |
| | | Postmortem Documentation |
| | | Follow-up Communication |
|
|
| | Glossary |
| | Index |