| |  | Copyright |
| | | Foreword |
| | | First Edition Foreword |
| | | Preface |
| | | | About the Author |
| | | | Acknowledgments |
| |
| | | Part I: Understanding Hackers |
| | | | Chapter 1. Who Hackers Are |
| | | | Internal Hackers |
| | | | External Hackers |
| | | | Categorizing Hackers |
| | | | Demographics |
| | | | Classified by Skill Level |
| |
| | | | Chapter 2. Hacker Motives |
| | | | Intellectually Motivated |
| | | | Personally Motivated |
| | | | Socially Motivated |
| | | | Politically Motivated |
| | | | Financially Motivated |
| | | | Motivated by Ego |
| |
| | | | Chapter 3. What Hackers Do |
| | | | Modern Day Robin Hood |
| | | | Digital Dillinger |
| |
| | | | Chapter 4. How Hackers Do What They Do |
| | | | Malicious Code |
| | | | Modified Source Code |
| | | | Exploiting Network Protocols |
| | | | Exploiting Vulnerabilities |
| | | | Password Crackers |
| |
| |
| | | Part II: The Hacking Process |
| | | | Chapter 5. Gathering Information |
| | | | Public Sources |
| | | | People |
| | | | Going On Site |
| | | | Computer Systems |
| | | | Security Experts |
| | | | Other Hackers |
| |
| | | | Chapter 6. Limiting Information Disclosure |
| | | | Public Information Sources |
| | | | Announcements |
| | | | Restricting the Scope of the Service |
| | | | Polling |
| | | | Eavesdropping |
| | | | Misinformation |
| |
| | | | Chapter 7. Gaining Access |
| | | | Outsiders |
| | | | Insiders |
| | | | Back Doors |
| | | | Anonymously |
| | | | Active Sessions |
| | | | Stolen Credentials |
| | | | Subverting Protocols |
| |
| | | | Chapter 8. Limiting Access |
| | | | Physical System Access |
| | | | Restricting Users |
| | | | Over the Network |
| | | | Restricting Services |
| | | | File System Access |
| |
| | | | Chapter 9. Getting Credentials |
| | | | Identity Management |
| | | | Account Management |
| | | | Repositories |
| | | | Monitoring the Network |
| | | | Social Engineering |
| | | | Monitoring User Input |
| |
| | | | Chapter 10. Controlling Authentication |
| | | | Authentication Management |
| | | | Cracking Passwords |
| | | | Finding Passwords in Clear Text |
| | | | The Future of Passwords |
| | | | Implementing Strong Authentication |
| |
| | | | Chapter 11. Gaining Privileges |
| | | | Having Another User Run a Program |
| | | | Exploiting Permission Vulnerabilities |
| | | | Exploiting Hardware Vulnerabilities |
| | | | Exploiting Software Vulnerabilities |
| |
| | | | Chapter 12. Controlling Authorizations |
| | | | User Authorizations |
| | | | Program Authorizations |
| | | | Compartmentalization |
| | | | Protecting Files |
| | | | Exploiting Permission Vulnerabilities |
| | | | Read-only File Systems |
| |
| | | | Chapter 13. Avoiding Detection |
| | | | Monitoring Connections |
| | | | Monitoring Processes |
| | | | Monitoring Information |
| | | | Increasing Security |
| | | | Not Making Tracks |
| | | | Removing Tracks |
| | | | Misdirection |
| | | | Changing Time |
| |
| | | | Chapter 14. Increasing Monitoring |
| | | | Monitoring Files |
| | | | Monitoring Users |
| | | | Monitoring Resources |
| | | | The Logging System |
| | | | Consolidated Logging Server |
| | | | Log File Monitoring |
| |
| |
| | | Part III: Legal Recourse |
| | | | Chapter 15. Computer Crimes |
| | | | Traditional Offenses Using Computers |
| | | | Computer-specific Offenses |
| | | | Intellectual Property Offenses |
| | | | Content- related Offenses |
| | | | Privacy Offenses |
| |
| | | | Chapter 16. Legal Prosecution |
| | | | Computer Crime |
| | | | Law Enforcement Agencies |
| |
| | | | Chapter 17. Obstacles to Prosecution |
| | | | Identifying the Hacker |
| | | | Jurisdiction |
| | | | Extradition |
| | | | Evidence |
| | | | Cost of Prosecution |
| | | | Corporate Concerns |
| | | | Personal Concerns |
| |
| | | | Chapter 18. Improving Successful Prosecution |
| | | | Enforcing Security Policy |
| | | | Fair Notice |
| | | | Marking Information |
| | | | Proper Evidence Preservation |
| | | | Trusted Time |
| |
| |
| | | Part IV: Halting the Hacker |
| | | | Chapter 19. Preparation |
| | | | Define What Needs Protection |
| | | | Define How Much Protection Is Required |
| | | | Decide How Much Protection Is Afforded |
| | | | Define What You Have |
| | | | Define How to Protect It |
| |
| | | | Chapter 20. Installation |
| | | | Software Structure |
| | | | Install Minimum Base Operating System |
| | | | Remove Any Unneeded Software |
| | | | Install Additional Products |
| | | | Install Standard Patches |
| | | | Install Security Patches |
| | | | Remove Software Remnants |
| |
| | | | Chapter 21. Proactive Protection |
| | | | Remove What Is Not Needed |
| | | | Disable What Is Not Used |
| | | | Restrict the Rest |
| | | | Host Hardening Systems |
| |
| | | | Chapter 22. Security Testing |
| | | | Evaluate Current Status |
| | | | Compliance with Security Program |
| | | | Integrity of Installed Software |
| | | | Integrity of Configuration |
| | | | Security Scanners |
| |
| | | | Chapter 23. Security Monitoring |
| | | | Monitoring for New Vulnerabilities |
| | | | Intrusion Methods |
| | | | Determining When a Security Incident Has Occurred |
| | | | System Monitoring Techniques |
| | | | Comprehensive Monitoring |
| |
| | | | Chapter 24. Reactive Security |
| | | | Review the Incident Response Plan |
| | | | Preserve the State of the Computer |
| | | | Reporting the Incident |
| | | | Contain the Incident |
| | | | Gather Information |
| | | | Countermeasures |
| |
| | | | Chapter 25. Recovery |
| | | | Assess the Scope |
| | | | Setting Priorities |
| | | | Secure the System |
| | | | Repair the Vulnerability |
| | | | System Recovery |
| | | | Data Recovery |
| | | | Monitor for Additional Signs of Attack |
| | | | Restoration of Confidence |
| |
| | | | Chapter 26. Review |
| | | | Determine the Cost of the Incident |
| | | | Evaluate the Response Process |
| | | | Improve the Safeguards |
| | | | Update Detection |
| | | | Process Improvement |
| | | | Postmortem Documentation |
| | | | Follow-up Communication |
| |
| |
| | | Glossary |
| | | Index |
