100% found this document useful (4 votes)

122 views

Instant download (Ebook) Computer Security and Penetration Testing by Alfred Basta, Nadine Basta, Mary Brown ISBN 9780840020932, 0840020937 pdf all chapter

The document provides information on various ebooks available for download, including titles related to computer security, penetration testing, and other subjects. It highlights specific ebooks with their authors, ISBNs, and links for downloading. Additionally, it includes a brief overview of the content structure of the book 'Computer Security and Penetration Testing' by Alfred Basta and others.

Uploaded by

visnesrafiou

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (4 votes)

122 views

Instant download (Ebook) Computer Security and Penetration Testing by Alfred Basta, Nadine Basta, Mary Brown ISBN 9780840020932, 0840020937 pdf all chapter

Uploaded by

visnesrafiou

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 76

Visit https://ebooknice.

com to download the full version and

explore more ebooks

(Ebook) Computer Security and Penetration Testing by

Alfred Basta, Nadine Basta, Mary Brown ISBN
9780840020932, 0840020937

_ Click the link below to download _

https://ebooknice.com/product/computer-security-and-
penetration-testing-34020144

Explore and download more ebooks at ebooknice.com

Here are some recommended products that might interest you.
You can download now and explore!

(Ebook) Linux Operations and Administration by Alfred Basta, Dustin A.

Finamore, Nadine Basta, Serge Palladino ISBN 9781111035303, 111103530X

https://ebooknice.com/product/linux-operations-and-
administration-4577238

ebooknice.com

(Ebook) Biota Grow 2C gather 2C cook by Loucas, Jason; Viles, James

ISBN 9781459699816, 9781743365571, 9781925268492, 1459699815,
1743365578, 1925268497

https://ebooknice.com/product/biota-grow-2c-gather-2c-cook-6661374

ebooknice.com

(Ebook) Database Security by Alfred Basta; Melissa Zgola ISBN

9781435453906, 1435453905

https://ebooknice.com/product/database-security-10004958

ebooknice.com

(Ebook) Matematik 5000+ Kurs 2c Lärobok by Lena Alfredsson, Hans

Heikne, Sanna Bodemyr ISBN 9789127456600, 9127456609

https://ebooknice.com/product/matematik-5000-kurs-2c-larobok-23848312

ebooknice.com
(Ebook) SAT II Success MATH 1C and 2C 2002 (Peterson's SAT II Success)
by Peterson's ISBN 9780768906677, 0768906679

https://ebooknice.com/product/sat-ii-success-
math-1c-and-2c-2002-peterson-s-sat-ii-success-1722018

ebooknice.com

(Ebook) Master SAT II Math 1c and 2c 4th ed (Arco Master the SAT
Subject Test: Math Levels 1 & 2) by Arco ISBN 9780768923049,
0768923042

https://ebooknice.com/product/master-sat-ii-math-1c-and-2c-4th-ed-
arco-master-the-sat-subject-test-math-levels-1-2-2326094

ebooknice.com

(Ebook) Cambridge IGCSE and O Level History Workbook 2C - Depth Study:

the United States, 1919-41 2nd Edition by Benjamin Harrison ISBN
9781398375147, 9781398375048, 1398375144, 1398375047

https://ebooknice.com/product/cambridge-igcse-and-o-level-history-
workbook-2c-depth-study-the-united-states-1919-41-2nd-edition-53538044

ebooknice.com

(Ebook) Basta de amores de mierda IV by Gonzalo Romero ISBN

9789878841618, 9878841618

https://ebooknice.com/product/basta-de-amores-de-mierda-iv-50580646

ebooknice.com

(Ebook) Careers in High Tech by Basta N. ISBN 9780071476126,

9780071509831, 0071476121, 0071509836

https://ebooknice.com/product/careers-in-high-tech-1557548

ebooknice.com
Computer Security
and Penetration Testing
Second Edition

Alfred Basta
Nadine Basta
Mary Brown

Australia • Brazil • Mexico • Singapore • United Kingdom • United States

Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
This is an electronic version of the print textbook. Due to electronic rights restrictions,
some third party content may be suppressed. Editorial review has deemed that any suppressed
content does not materially affect the overall learning experience. The publisher reserves the right
to remove content from this title at any time if subsequent rights restrictions require it. For
valuable information on pricing, previous editions, changes to current editions, and alternate
formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for
materials in your areas of interest.

Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Computer Security and Penetration Testing, © 2014, 2008 Cengage Learning
Second Edition
ALL RIGHTS RESERVED. No part of this work covered by the copyright
Alfred Basta, Nadine Basta, and Mary Brown herein may be reproduced, transmitted, stored, or used in any form or by
any means graphic, electronic, or mechanical, including but not limited to
Vice President, Careers & Computing: Dave Garza photocopying, recording, scanning, digitizing, taping, web distribution,
Acquisitions Editor: Nick Lombardi information networks, or information storage and retrieval systems, except
as permitted under Section 107 or 108 of the 1976 United States Copyright
Director, Development—Careers and Computing: Act, without the prior written permission of the publisher.
Marah Bellegarde
Product Development Manager: Leigh Hefferon For product information and technology assistance, contact us at
Cengage Learning Customer & Sales Support, 1-800-354-9706
Senior Product Manager: Natalie Pashoukos
For permission to use material from this text or product,
Developmental Editor: Kent Williams
submit all requests online at www.cengage.com/permissions
Technical Editor: Robert Zemelka
Further permissions questions can be emailed to
Editorial Assistant: Torey Schantz permissionrequest@cengage.com
Vice President, Marketing: Jennifer Ann Baker
Marketing Director: Deborah Yarnell Library of Congress Control Number: 2013939807
Production Director: Wendy A. Troeger ISBN-13: 978-0-8400-2093-2
Production Manager: Andrew Crouth ISBN-10: 0-8400-2093-7
Content Project Manager: Brooke Baker
Art Director: GEX Cengage Learning
200 First Stamford Place, 4th Floor
Media Editor: William Overocker
Stamford, CT 06902
Cover Photo: ©iStockphoto.com/pheonix3d USA

Cengage Learning is a leading provider of customized learning solutions

with office locations around the globe, including Singapore, the United
Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at
www.cengage.com/global.

Cengage Learning products are represented in Canada by

Nelson Education, Ltd.

To learn more about Cengage Learning Solutions, visit www.cengage.com.

Purchase any of our products at your local college store or at our preferred
online store www.cengagebrain.com.

Printed in the United States of America

1 2 3 4 5 6 7 17 16 15 14 13

Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Brief Contents
INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

CHAPTER 1
Ethics of Hacking and Cracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
CHAPTER 2
Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
CHAPTER 3
Scanning Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
CHAPTER 4
Sniffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
CHAPTER 5
TCP/IP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
CHAPTER 6
Encryption and Password Cracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
CHAPTER 7
Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
CHAPTER 8
Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
CHAPTER 9
Hacking Network Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
CHAPTER 10
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
CHAPTER 11
Denial-of-Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
CHAPTER 12
Buffer Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
CHAPTER 13
Programming Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
CHAPTER 14
Mail Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
CHAPTER 15
Web Application Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
CHAPTER 16
Windows Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
CHAPTER 17
UNIX/Linux Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
CHAPTER 18
Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

iii
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Table of Contents
INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

CHAPTER 1
Ethics of Hacking and Cracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
The Impact of Unethical Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Hacker Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Hat Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Hacker Profiling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Hacker Motivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Ethical Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Evolution of Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Vendor-Neutral Security Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Vendor-Specific Security Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
What Needs to Be Secured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Hands-On Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

CHAPTER 2
Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Introduction to Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Legal Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Questionable Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Illegal Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Impact of Context on Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Social Engineering Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Physical Intrusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Communication Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Countering Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Dumpster Diving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Importance of Proper Discarding of Refuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Prevention of Dumpster Diving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Internet Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Social Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Web Searching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Network Enumeration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Domain Name System–Based Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Network-Based Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

v
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
vi Table of Contents

CHAPTER 3
Scanning Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Evolution of Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
How Scanners Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Types of Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
TCP Connect Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Half-Open Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
UDP Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
IP Protocol Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Ping Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Stealth Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Review of Scanner Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Vulnerability Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Exploitation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

CHAPTER 4
Sniffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Sniffer Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Bundled Sniffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Commercial Sniffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Free Sniffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Sniffer Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Sniffer Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Placement of a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Data Transfer over a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Role of a Sniffer on a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Sniffer Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Wireshark (Ethereal). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
tcpdump/WinDump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Snort. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Network Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Cain and Abel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Kismet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Fluke Networks Protocol Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Detecting a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
DNS Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Network Latency Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Ping Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Source-Route Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Decoy Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Time Domain Reflectometer (TDR) Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Table of Contents vii

Protecting Against a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Secure Sockets Layer (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME). . . . . . . . . . . . . . 88
Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
More Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

CHAPTER 5
TCP/IP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Introduction to TCP/IP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Data Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
IP (Internet Protocol) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Connection Setup and Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
TCP/IP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Vulnerabilities in TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
IP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Source Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Connection Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
ICMP Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
TCP SYN Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
RIP Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Securing TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
IP Security Architecture (IPSec) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

CHAPTER 6
Encryption and Password Cracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Introduction to Encryption and Password Cracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Symmetric and Asymmetric Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Symmetric Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Asymmetric Key Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Descriptions of Popular Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Symmetric Key Ciphers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Asymmetric Key Ciphers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Cryptographic Hash Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Attacks on Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Dictionary Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Hybridization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Brute-Force Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Observation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Keyloggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Sniffing Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Password File Stealing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Password Crackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Aircrack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Cain & Abel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
John the Ripper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
THC Hydra. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
L0phtCrack and Lc6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

CHAPTER 7
Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
The Process of an IP Spoofing Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Costs of Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Kinds of Tangible Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Types of Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Blind Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Active Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
IP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
ARP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Web Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
DNS Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Spoofing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Mausezahn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Ettercap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Arpspoof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Prevention and Mitigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

CHAPTER 8
Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
TCP Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Session Hijacking – Hacker’s Point of View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
TCP Session Hijacking with Packet Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Session Hijacking Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Hunt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
UDP Hijacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Prevention and Mitigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Storm Watching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

CHAPTER 9
Hacking Network Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Categories of Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Concealed Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Routers and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Attacks on Routers and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Router Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Limitations of Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Types and Methods of Firewall Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Threats through VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Ways to Safeguard a Network from Attacks through VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

CHAPTER 10
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
How Trojan Horses Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Functions of a Trojan Horse Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Famous Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
PC-Write (1986). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
AIDS.exe/PC Cyborg (1989) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Back Orifice (1998) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Pretty Park (1999) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
NetBus (2001) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
SubSeven (1999) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
BO2K (2000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Zeus Trojan (2007) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Detection and Prevention of Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Detecting Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Distributing Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

CHAPTER 11
Denial-of-Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Causes of DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Types of DoS Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Preventable DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Non-Preventable DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Flood Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Software Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Isolated Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Distributed Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Known DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
TCP SYN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
SMURF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Known DDoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Trinoo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Stacheldraht. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Prevention and Mitigation of DoS and DDoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Prevention Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Mitigation of DoS and DDoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

CHAPTER 12
Buffer Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Standard Execution of a C Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Types of Buffer Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Stack Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Process of a Stack Overflow Exploit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Heap Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
More Methods for Causing a Buffer Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Character-Set Encoding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Nybble-to-Byte Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Buffer Overflows: Detection and Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Detecting Buffer Overflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Preventing Buffer Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Hands-On Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

CHAPTER 13
Programming Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
C and C++. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Vulnerabilities in the C and C++ Programming Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
C and C++ Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

.NET Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Vulnerabilities in the .NET Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Countering .NET Framework Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
HTML5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Vulnerabilities in HTML5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Countering HTML5 Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Java and JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Security Vulnerabilities in Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Vulnerabilities in JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Countering Java and JavaScript Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

CHAPTER 14
Mail Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Major Mail Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Simple Mail Transfer Protocol (SMTP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Post Office Protocol (POP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Internet Message Access Protocol (IMAP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Server Application Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Microsoft Exchange Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
IBM Lotus Domino Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
E-mail Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
List-Linking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
E-mail Bombing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
E-mail Spamming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
E-mail Sniffing and Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
E-mail Attachments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
419s, Scams, and Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Browser-Based Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Microsoft Outlook 2010. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Mozilla Thunderbird 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Opera Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Personal E-mail Security Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Corporate E-mail Security Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

CHAPTER 15
Web Application Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Why the Web Is Vulnerable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Weak Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
xii Table of Contents

Unsecure Software Configuration. . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Ease of Information Distribution . . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Availability of Hacking Tools . . . . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Increasing Opportunities for Internet-Related Criminal Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Web Server Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Unsecure Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Unsecure Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Threats from Insiders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Weaknesses in Site Administration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Weaknesses in Application or Protocol Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Weaknesses in Operating System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Coding Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Implementation Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Protection against Web Application Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Securing the Operating System and the Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Monitoring the Server for Suspicious Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Controlling Access to Confidential Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Protecting the Web Server on a LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Checking for Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Web-Browser Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Cache File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
History File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Location of Web Files Cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Browser Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Session ID Exploits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Web-Browser Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

CHAPTER 16
Windows Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Windows Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Windows Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Windows Server 2008. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Windows 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Windows 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Vulnerabilities in Windows Server 2008/XP/Vista/7/8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Default Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
File Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Trust Relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Windows Server 2008 Viewer Buffer Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Vulnerabilities to Obtain or Elevate Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
RPC Service Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
SMTP MX Record Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Code Execution Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Hands-On Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

CHAPTER 17
UNIX/Linux Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
UNIX-Based Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Linux Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Vulnerabilities from Default Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Basic Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Login Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Bad System Administration Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Utility Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Trivial File Transfer Protocol (TFTP) Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Kernel Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Printing Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Vulnerability in mem_write Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Integer Overflow Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Buffer Overflow Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
UseLogin Vulnerability of OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
wu-ftpd Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
BIND Exploit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

CHAPTER 18
Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Need for Incident Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Types of Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Approach to Incident Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Detection Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Phases of Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Preparation for Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Classification of Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Establishing the Impact of an Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Establishing the Likelihood of an Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Reporting and Communicating Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Reporting the Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Communicating the Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Eliminating the Bug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Correcting the Root Problem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Identifying and Implementing the Steps to Fix the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Denial-of-Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Recovering from Incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Reinstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Resuming work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Postmortem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Identifying the Root Cause of the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Identifying Short-Term and Long-Term Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Identifying Actions for Any Unpredictable Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Implementing the Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Tracking Hackers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Generic to Specific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Specific to Generic to Specific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Emergency Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

This text was written to provide a large number of options for further study for interested
individuals or enrolled students who desire an accurate and interesting introduction to the
fascinating realm of network security.
This work is designed to give students, professionals, and hobbyists accurate and well-
researched examples of current security topics. The field of information security changes
quickly, and this text is formulated to provide a solid foundation to enable the reader to
understand and differentiate between hype and fact. Readers will acquire a firm grasp of the
concepts and history of network development and network security as they have evolved.
This platform is anchored to real-world examples and techniques to glean the most useful
information from the Internet. It is intended to burst the mystique, shine a light into how and
why people attack computers and networks, and prepare the reader with the right techniques
to begin winning the network security game.
This text is primarily intended for students in the second or third year of programs in:
● Information technology
● Network security
● Network engineering
● Computer science

xv
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
xvi Introduction

This work is also valuable to upper management of small companies that do not have
IT departments, and it will bring IT professionals up-to-date on the latest security
concepts.

Organization and Coverage

Computer Security and Penetration Testing, Second Edition, introduces students to a wide
range of topics related to computer security issues. Chapter 1 provides an overview of hacking
and cracking and discusses ethical considerations surrounding these often misunderstood
activities. Chapters 2 through 6 give a broad overview of the basic concepts that are funda-
mental to the practice of ethical hacking. Chapter 2 begins with reconnaissance techniques
and compares legal and illegal techniques used by hackers to acquire the information neces-
sary to launch attacks. Chapters 3 and 4 cover the use of scanning tools and sniffers, critical
tools in the arsenals of both crackers and computer security professionals. Chapters 5 and 6
cover TCP/IP networking as well as encryption and password cracking—topics about which
no security professional can afford to be ignorant.
Chapters 7 through 13 focus on specific types of attacks and their countermeasures, including
spoofing, session hijacking, network device hacking, Trojan horses, denial-of-service attacks,
buffer overflows, and programming exploits.
In Chapters 14 through 17, the discussion turns to known vulnerabilities in existing soft-
ware. Chapters 14 and 15 cover vulnerabilities in the protocols and software implemen-
tations used for Internet mail and Web servers. Chapters 16 and 17 turn to two popular
operating systems—Windows and Linux—and describe some of the vulnerabilities inher-
ent in the systems themselves as well as those vulnerabilities that result from user error
or misconfiguration.
Finally, Chapter 18 covers the important topic of incident handling—what steps to take and
policies to follow when a security-related incident is detected on a network.

Features
Read This Before You Begin
Technical considerations and assumptions about hardware, software, and lab setup are listed
in one place early in the book to save time and eliminate surprises later on in the book.

Chapter Objectives
Each chapter begins with a list of the concepts to be mastered. This list gives you a quick
reference to the chapter’s contents and serves as a useful study aid.

Tips
Tips provide additional information, such as background information on a technology, mis-
takes to watch out for, or Web resources where users can obtain more information.

Chapter Summaries
Each chapter contains a summary of the key content covered in the chapter, which serves as
a helpful tool for study and for reinforcing the main ideas presented in the chapter.

Key Terms
All terms in the chapter introduced with bold text are gathered together in the Key Terms list
at the end of the chapter, with a full definition for each term. This list encourages a more
thorough understanding of the chapter’s key concepts and is a useful reference.

Review Questions
The end-of-chapter assessment begins with review questions that reinforce the main concepts
and techniques covered in each chapter. Answering these questions helps ensure that you
have mastered important topics.

Hands-On Projects
Projects at the end of each chapter provide students with the ability to apply some of the con-
cepts they have read about in the chapter. The ability to “learn-by-doing” helps students soli-
dify their understanding of the material.

Text and Graphic Conventions

Tips offer extra information on resources and how to solve problems.

Each Hands-On Project in this book is preceded by the activity icon

and a description of the exercise that follows.

Online Instructor Resources

The following supplemental materials are available when this book is used in a classroom set-
ting. All the supplements available with this book are online at www.cengage.com.

Instructor’s Manual
The Instructor’s Manual that accompanies this book includes additional instructional mate-
rial to assist in class preparation, including suggestions for classroom activities, discussion
topics, and additional projects.

Solutions
The answers to all end-of-chapter material, including the Review Questions and, where
applicable, Hands-On Projects, are provided.

ExamView®
This book is accompanied by ExamView®, a powerful testing software package that allows
instructors to create and administer printed, computer (LAN-based), and Internet exams. Exam-
View® includes hundreds of questions that correspond to the topics covered in this text,
enabling students to generate detailed study guides that include page references for further
review. The computer-based and Internet testing components allow students to take exams at
their computers and also save the instructor time by grading each exam automatically.

PowerPoint® Presentations
This book comes with Microsoft® PowerPoint® slides for each chapter. These are included as
a teaching aid for classroom presentation, to make available to students on the network for
chapter review, or to be printed for classroom distribution. Instructors, please feel free to
add your own slides for additional topics you introduce to the class.

Figure Files
All of the figures are reproduced and can be used to customize the PowerPoint® slides or
made available to students for review.

Read This Before You Begin

This book assumes that the student will have access to a networked PC running a current ver-
sion of Linux. The computer should also have Internet access. In the Hands-On Projects at the
end of Chapter 1, general instructions are given for setting up a PC to be used for this book.
Note that the specific machine requirements listed are a suggestion, and that other configura-
tions may work as well. In general, any current, standard Linux distribution should work.
Throughout the book, students will occasionally need to download software from the Internet
and install it. Specific instructions are given where necessary. The text also references a
“central Linux server” that the instructor may wish to set up to provide a central location
from which students can access software or files. (For example, in Chapter 6, the instructor
will need to provide students with a sample “passwd” file that students can use to practice
using password-cracking software.) This central server is not required, and the instructor may
choose to distribute files or software using other methods.
A few parts of the text—for example, Hands-On Project 10-3—are written assuming that the
student has access to a Windows computer. If a Windows machine is not available, such sec-
tions can be read through without following along at the computer.
Finally, at times it will be necessary for students to access other lab computers. For example, in
the project at the end of Chapter 8, the instructor should set up a TCP session between two
computers, so that students can observe the session using a sniffer. At the instructor’s discretion,
virtualization software such as VMware can be used if physical machines are not available.

About the Authors

Alfred Basta, PhD, is a professor of mathematics, cryptography, and information security as
well as a professional speaker on Internet security, networking, and cryptography. He is a
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Introduction xix

member of many associations, including the Mathematical Association of America. Dr. Basta’s
other publications include Mathematics for Information Technology, Linux Operations and
Administration, and Database Security.
Nadine Basta, MS, is a professor of computer science, information technology, and security.
Her numerous certifications include MCSE, MSDBA, CCDP, NCSE, NCTE, and CCA. A
security consultant and auditor, she combines strong “in the field” experience with her aca-
demic background. She is also coauthor of Mathematics for Information Technology and
Linux Operations and Administration.
Mary Brown, CISSP, CISA, PhD, is a professor who leads the information assurance and
security and health informatics specializations at Capella University. She manages the
curricula for these programs and works with the NSA to maintain Capella as a Center of
Excellence in IAS, which includes managing a Web site and blog. She is also a member of an
advisory board for Advance IT, which promotes IT in Minnesota, as well as a member of
numerous professional associations, including the Information Systems Security Association.
Additional publications include HIPAA Program Reference Handbook and Ethical Issues
and Security Monitoring Trends in Global Healthcare: Technological Advancements.

Acknowledgments
From Alfred Basta:
To my wife Nadine:
“It is the continuing symphony of your loving thoughts, caring actions, and continuous sup-
port that stands out as the song of my life.”
To our daughter Rebecca, our son Stavros:
“Fix your hearts upon God, and love Him with all your strength, for without this no one can
be saved or be of any worth. Develop in yourselves an urge for a life of high and noble
values. You are like little birds that will soon spread your wings and fly.”
To my mother:
“You are a never-ending melody of goodness and kindness. You are without equal in this
world.”
And to the memory of my father:
“If one is weighed by the gifts one gives, your values given are beyond estimation.”
From Nadine Basta:
First, I would like to thank God for giving me the chance to complete this work. Every day I
thank Him for my three precious gifts: Alfred, Becca, and Stavros.
To my beloved husband, Alfred: Thank you for your continuous love and support throughout
our wonderful 17 years together.
To our children, Rebecca and Stavros: You are the true joy of our lives and our greatest bles-
sing. We pray for you every day to live a life that honors and glorifies God. Fix your hearts
upon Him, and love Him with all your strength.
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
chapter 1

Ethics of Hacking
and Cracking

After reading this chapter and completing

the exercises, you will be able to:
• Explain how unethical computer hacking is a crime
• Identify the various groups and classes of hackers and crackers
• Identify the various things that motivate hackers and crackers
• Explain differences in information security industry certifications
• Describe the origin and evolution of computer hacking
• Recognize the important issues related to ethical hacking

1
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
2 Chapter 1 Ethics of Hacking and Cracking

Hacking and cracking are of great interest to many students of information security
as well as to hobbyists and others. This chapter introduces you to hacking and helps you
understand the characteristics and motivations behind both ethical and unethical hacking
activities. It also explores the wide range of industry-related certifications available to those
interested in a career in ethical hacking. Many of these certifications contain a professional
ethics component—a potential barrier to those who choose to begin their career engaging
in questionable computing activities.

The Impact of Unethical Hacking

Cracking is the term for illegally hacking into a computer system without the permission
of the system’s owner. Hacking is a term that is often used interchangeably with
“cracking,” but some hackers find it offensive. In the early days of computing, someone
who was very proficient in coding and in creating solutions using computers was known
as a hacker. This was typically a way of recognizing one’s accomplishments. Over the
past 30 to 40 years, however, “hacker” has devolved into a more pejorative term that
refers to one who uses his technical skills to engage in illegal or unethical behavior. Legit-
imate hackers who wanted to hold on to the term “hackers” responded to this trend by
coming up with the term cracker to denote those on the “dark side” of computing. The
information security community has now widely adopted this distinction; however, out-
side of those with a certain level of expertise and insight, the two terms continue to be
used interchangeably.
Whatever a computer cracker’s motivations—a love of difficult challenges, curiosity, patriot-
ism, a desire for recognition or financial gain or revenge—cracking a system is a crime. In the
past, crackers tended not to be prosecuted; this was because the crime was internal, and com-
panies didn’t want to jeopardize their customers’ confidence. Also, companies may not have
been sure of how vulnerable they were and didn’t want to advertise it to other crackers. The
trend today is toward prompt prosecution and harsher sentencing for those caught
compromising machines owned by others. Due to the growth of computer cracking, many
companies are now hiring more employees with hacking skills who can identify crackers and
protect the company’s network.
In the 2010/2011 CSI Computer Crime and Security Survey, nearly half of the organiza-
tions that responded indicated they had been the victim of at least one targeted attack.1
Over two-thirds had experienced a malware infection, the most frequent mode of attack.
Likewise, in Verizon’s 2012 Data Breach Investigations Report, 69 percent of the reported
breaches involved the use of malware.2 Interestingly enough, 79 percent of the victims
were targets of opportunity, which indicates that organizations need better oversight of
their security policies. Both of these surveys focused on the numbers of compromises
recorded (reportedly in the millions of records) rather than on the resulting financial
losses. The CSI survey indicates that companies are increasingly reluctant to share finan-
cial loss information as part of annual surveys, which makes it increasingly difficult to
assess the financial impact.
This text is designed to give you the skills to defeat computer crackers.

Hacker Communities 1
There are distinct groups of hackers; however, the membership is not limited to a single
group, nor is there a consistent membership within groups over time. There are two common
ways to categorize the broader groups of hackers:
● As White Hat (good hackers) or Black Hat (bad hackers)
● Through psychological profiling, which seeks to understand the motivations of hackers

Hat Categories
The White Hat/Black Hat model is derived from old Westerns in which the “good guys”
always wore white hats and the “bad guys” always wore black hats. The assumption is that
everything the good guys do is right, legal, and justified, whereas everything the bad guys do
is wrong, illegal, and debased. As is often true in life, this model oversimplifies reality but
helps frame discussions among those who feel strongly about the importance of ethical
behavior in the information security industry. Many information security professionals
strongly feel that crackers have violated professional ethics and are, essentially, disqualified
from participation in the industry. Others make allowances for youthful indiscretions. And
some even admire and pursue crackers as possible employees under the belief that they are
in a better position to “know thine enemy.” Whatever one believes, the idea that there is a
distinction between legal and illegal, between ethical and unethical, is at the root of how
hackers and crackers are classified and categorized.
Figure 1-1 presents the range of what motivates White Hat/Black Hat hackers/crackers.

Figure 1-1 White Hat/Black Hat model

Hacker Profiling
Hacking—like criminalistic forensics or martial arts—requires the practitioner to be inti-
mately familiar with the techniques of one’s opponent. To be successful as an ethical hacker
and network security expert, a person must know not only how to protect a network but
what and whom to protect the network from. The reading material and techniques used by
ethical hackers and unethical hackers are identical; what distinguishes the two groups from
each other is simply the permission of the network owner and the choice of whether to
defend or attack. Figure 1-2 presents a list of hacker profiles that was developed by former
police detective and computer forensics expert Marcus Rogers.3 Despite the popular percep-
tion of a hacker as an antisocial teenager, hackers are not a monolithic group; they represent
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
4 Chapter 1 Ethics of Hacking and Cracking

a wide diversity of lifestyles. One cannot just point to the geekiest-looking person in a line-up
and say, “He’s the one!”

Figure 1-2 Hacker profiles

Whether one chooses to act in alignment with current regulations or not, abide by company
policy or not, act ethically or not, to be a successful hacker or cracker, you must devote con-
siderable time and resources to maintaining sufficient knowledge of current threats, vulner-
abilities, tools, and trends. Among the eight types of hackers described in Figure 1-2, most
are able to find ways of justifying their activities. Some engage in behaviors, such as publiciz-
ing a potential vulnerability, that can be seen as either unethical or a valid warning. The sub-
ject of ethics is sufficiently broad and complex to be worthy of an entire book; suffice it to
say that ethics plays an important role in the hacking profession and should be well inte-
grated into project planning and implementation. Novices with the best of intentions can get
in over their heads and inadvertently cause thousands of dollars in damage and loss because
they don’t entirely understand what they are doing.
As noted hacker Kevin Mitnick once wrote, “Are hackers a threat? The degree of threat pre-
sented by any conduct, whether legal or illegal, depends on the actions and intent of the indi-
vidual and the harm they cause.”4
There is a popular convention called the “Black Hat Briefings,” first held in 1997 in Las
Vegas. The stated purpose of the convention and its Web site is to “highlight breaking secu-
rity research submitted by leading corporate professionals, government experts, and members
of the underground hacking community. 5
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Hacker Communities 5

Information security certifications include security management-related certifications, such as

the Certified Information Systems Security Professional (CISSP) and the Certified Information 1
Security Manager (CISM) certifications, which are sponsored by the ISC2 and ISACA organi-
zations, respectively. Organizations such as SANS (System Administration, Networking, and
Security) Institute and the EC-Council promote more technology-specific certifications. Each
of these certifying groups offers ethical standards to keep its members within the realm of
proper behavior. Such attention to ethics is especially important with respect to hacking,
where the owner’s permission and the hacker’s intentions are often the only things separating
what is ethical from what is unethical.
Hackers themselves tend to disagree as to what is ethical and unethical. Many hackers
believe that cracking a network host or device is like cutting across the neighbor’s lawn. As
long as there is no harm done, the act is not an invasion of the neighbor’s privacy or a viola-
tion of privacy rights. The courts have typically ruled that the preliminary steps of penetra-
tion testing, such as enumeration and scanning, are not illegal activities because they do not
result in actual damages. Professional standards tend be more stringent, however; failure to
obtain the network owner’s permission prior to engaging in these activities is more likely to
be perceived as unethical behavior.

Hacker Motivations
Regardless of their profiles, knowledge, or skills, hackers are often motivated by a combina-
tion of the following:
● Curiosity
● Love of puzzles
● Desire for recognition or fame
● Revenge
● Financial gain
● Patriotism or politics

Curiosity Perhaps the strongest motivation is curiosity: “What happens when I do this?”
or “How do these security measures work?” We are trained from childhood to be curious,
open, and sharing. Crackers direct their innate curiosity toward finding the blind spots in
the network systems we build.

Love of Puzzles Hackers gain great satisfaction in finding the solutions to complicated
puzzles. A hacker has to control many variables and master many techniques to successfully
crack systems. These same challenges motivate locksmiths and cat burglars in the physical
security realm. Strong passwords, such as “Tr34$>l drU,”(tr), can be devised that block most
attack attempts, and locks can be keyed with “024642” pin combinations that are almost
unpickable. Think how much fun it is to figure out how to solve these difficult puzzles!

Desire for Recognition or Fame Almost all hackers are motivated by a need for
acceptance, acknowledgment, and fame—at least among their peers. It takes a person of
average intelligence and skill many years to become even a poor hacker. Expertise in the
field is rare and marvelous in ways not necessarily understood by those outside the field.
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
6 Chapter 1 Ethics of Hacking and Cracking

True, hackers may be deficient in social skills or fashion sense, but they are as susceptible to
the lure of fame as anyone else. As members of an elite group possessing specialized techni-
cal skills, they believe they deserve recognition. Ethical hackers may believe they are merely
the last line of defense against malicious individuals, but script kiddies (hackers with little
knowledge or experience who run scripts they didn’t write themselves) and Black Hat crack-
ers actually enjoy their conquests and the notoriety it brings.

Revenge People who feel that they were wronged, or that their cause or group was
wronged, can easily talk themselves into performing unethical acts by using the simplistic notion
that a badly behaved person, business, or government deserves to be treated as poorly as possi-
ble. It is the cracker’s way of getting even. Groups such as Anonymous, an international and
loosely aligned group of crackers that engaged in a number of high visibility attacks against
political targets in 2011, have heightened the public’s awareness of the increased potential for a
cyber-attack following events that these groups might find offensive. Little is known about
Anonymous other than that it appears highly fluid and basically leaderless, coming together in
distinct groups for a particular action and then falling back to regroup for the next action.

Financial Gain Money is a very common motivation among all classes of hacker, from
the security expert on contract or salary to the script kiddie stealing and selling credit card
information. Plainly, the education required and the time spent learning the craft are not
without cost, so it makes sense that there is some expectation of remuneration. Although
some hackers do their work for free, citing the Hacker’s Ethic that information should be
free and freely shared to all interested parties, many others are in it for the cash.

Patriotism and Other Causes Some hackers, known as hacktivists, are motivated by
patriotism or nationalism or other causes. Their goal may be to secure a network from
cyber-criminals. Alternatively, they may want to attack a network to disrupt services,
thereby causing fear among specific “enemy” populations and communities.
Governments can engage in hacking as well. Stuxnet, a computer worm that seeded
malware-infected USB drives in cars parked outside Iranian nuclear plants, is one of the bet-
ter known examples of state-sponsored hacking. There, the goal was to break into the
plants’ centrifuges. In a paper written for a U.S. Army War College publication, Timothy
Thomas has suggested that China has several state-sponsored schools that train students to
become experts in the art of cyber-terrorism.6 Brodsky has pointed to the increased depen-
dence on SCADA (Supervisory Control and Data Acquisition) systems to run critical infra-
structure, which makes them a potential target of cyber-terrorism.7

Ethical Hacking
Most professions have ethical codes that bind their members into a set of shared values and
help them gain the public’s trust. The profession of network security is no exception, but it is
still emerging from a set of conflicting values that arose from the two communities it draws
on: the hobbyist/student community and the professional community (those on the IT career
track). Many individuals involved in the profession, especially those who come from business
rather than technical backgrounds, believe they need to distance themselves from the commu-
nities they (and most of the better penetration tools) came from. That’s one of the causes
within the profession: to differentiate the bad hackers who threaten the networks from good
hackers who are paid to protect them. Coming up with a set of distinctions that distinguish

the ethical hacker from the unethical cracker will help the network security profession pres-
ent to the world the benefits that it brings to society. 1
Evolution of Hacking
In the 1940s, universities, government, and large businesses started using computers, but few
people knew about them. There were no computer science students. Most of the profes-
sionals who worked with computers used them to solve complicated mathematics problems.
The modern concept of hacking began in the late 1950s, when students at the Massachusetts
Institute of Technology (MIT) started using their access to the IBM mainframe housed at
MIT to work on new programming languages and other experiments outside of their regular
classes. This was not antisocial or illegal behavior, but the students, while developing their
skills, became a community of hackers as well. In the 1950s, “hacker” was a word for a hob-
byist in any technical area.
The students used their unsupervised computer time to experiment, to find new ways of solv-
ing problems, and to invent applications that did things in a new computerized way. These
early hackers had no malicious intent. They simply believed that there was always room for
improvement. And so, when a new, simpler, more elegant solution was found, it was pub-
lished widely and tested by many. There was little predefined structure to the experimentation.
Many of the students took as much pride in their collaborative solutions as they did in their
individual achievements. Given the open access and freedom they had, many of them indulged
in programmed pranks or discovered ways to access others’ personal files to edit their code.
But these pranks were published just as widely as the more socially acceptable results.
The first password hacks were a response to the Compatible Time Sharing System (CTSS),
which was developed in the early 1960s and first loaded onto an IBM mainframe, again at
MIT. This application enabled the safe sharing of computer time by different users so that
all the processor’s cycles were used and there was no idle time. Usernames and logons kept
people from anonymously accessing the computer, but this flew in the face of the freedoms
that students had previously enjoyed. Some responded by trying to guess usernames and
passwords. Finally, they broke into the CTSS system.
In the 1970s, a new sort of hacker, the phone phreak, appeared. Phone phreaks used various
methods, collectively called phreaking, to access telephone networks in order to make free
calls from pay phones. Eventually, they began combining traditional phreaking tools with
computer programming languages. One popular phreaking program was Blue Beep. It
works with MS-DOS and shell prompts of Windows, using PASCAL and other assembly
languages. Its features include creating digital tones, controlling trunk lines, and scanning
telephone exchanges.
In the 1980s, phreaks discovered that any server with a modem could potentially be entered.
War dialers were developed to search for open modems. Once a hacker gained access to one
server, it was often possible to access another server through the dedicated lines the servers
shared. This was one way to access the fledgling Internet and its precursors—i.e., the bulletin
boards run by CompuServe and AOL.
As personal computer prices dropped and users became more common, hacker communities
grew, too, and the term “hacking” started to take on a new connotation. Hackers were no
longer just young, socially inept males with an insatiable curiosity about computers. They

were now joined by malicious individuals who attempted to break into and damage sensitive
corporate and government networks that they accessed through the use of modems.
Given that automation was the whole reason for computers in the first place, it is not surpris-
ing that, in the 1980s, people started creating applications that could spread themselves auto-
matically (or nearly automatically) over the Internet and through e-mail systems. Viruses,
worms, and Trojans started appearing in 1988. The thrill of having such simple codes
wreak havoc on servers and workstations was intoxicating, and hackers have continued to
develop viruses and worms to this day. In fact, they have turned to even more hazardous
code over time because it is easy to find existing resources that need just minor modifications
and little skill to alter, then send them back out. Examples of these viruses are the Bagel virus
(which had dozens of variants), Nimda, and Code Red.
The presence of the resources and tools to create malware is a long-term problem that shows
little evidence of resolving in the near future. Viruses are indiscriminate in their damaging
effects, and any script kiddie can set one loose. Also, virus code is available on the Internet,
and skilled crackers can use such code as a starting point to develop better ways to break
into more specific targets.
Hackers’ antisocial actions ultimately made it difficult to hold on to the original definition of
“hacking”; people started to use the label “hacker” to describe computer experts working
with malicious intent. This stereotype persists today and has raised the need for security
experts to distance themselves from the criminal—the same way lawmen in the old West
used their tin badges to separate themselves from the outlaws.

Vendor-Neutral Security Certifications

Table 1-1 shows the existing vendor-neutral security organizations and the certificates that
they sponsor.
Table 1-1 Information security certification organizations and offerings
© Cengage Learning 2014

Certification Organization Certification Area of Focus

CompTia Security+™ General security overview
General Information GIAC Information Security Fundamentals (GISF) Security administration
Assurance Certification
(GIAC)
GIAC Security Essentials Certification (GSEF) Security administration
GIAC Information Security Professional (GISP) Security management
GIAC ISO-27000 Specialist (G2700) Security audit
GIAC Certified Forensics Examiner (GCFE) Forensics
GIAC Certified Firewall Analyst (GCFW) Security administration
GIAC Security Leadership Certification (GSLC) Security management
GIAC Legal Issues (GLEG) Security legal
GIAC Systems and Network Auditor (GSNA) Security audit
GIAC Secure Software Programmer-.net (GSSP-NET) Software security

GIAC Certified Forensics Analyst (GCFA) Testing, Forensics

Table 1-1 Information security certification organizations and offerings (continued )

Certification Organization Certification Area of Focus

1
GIAC Certified Intrusion Analyst (GCIA) Security administration
GIAC Certified Project Manager Certification (GCPM) Security management
GIAC Secure Software Programmer-JAVA (GSSP-JAVA) Software security
GIAC Certified Incident Handler (GCIH) Security administration
GIAC Certified UNIX Security Administrator (GCUX) Security administration
GIAC Certified Enterprise Defender (GCED) Security administration
GIAC Certified Penetration Tester (GCPT) Security administration
GIAC Web Application Penetration Tester (GWAPT) Security administration
GIAC Assessing Wireless Networks (GAWN) Security administration
GIAC Exploit Researcher and Advanced Pentetration Security administration
Tester (GXPN)
GIAC Reverse Engineering Malware (GREM) Forensics
International Information Certified Authorization Professional (CAP) Security certification
Systems Security
Certification Consortium
(ISC2)
Certified Information Systems Security Professional Security management
(CISSP)
CISSP Information Systems Security Architecture Security design
Professional (CISSP-ISSAP)
CISSP Information Systems Security Engineering Security engineering
Professional (CISSP-ISSEP)
CISSP Information Systems Security Management Security management
Professional (CISSP-ISSMP)
Certified Secure Software Lifecycle Professional Software security
(CSSLP)
Systems Security Certified Practitioner (SSCP) Security administration
International Council of Certified Ethical Hacker (CEH) Penetration testing
E-Commerce Consultants
(EC-Council)
Computer Hacking Forensic Investigator (CHFI) Forensics
EC-Council Certified Security Analyst (ECSA) Penetration testing
Licensed Penetration Tester (LPT) Penetration testing
EC-Council Network Security Administrator (ENSA) Security administration
ISACA Certified Information Systems Auditor (CISA) Security audit
Certified Information Security Manager (CISM) Security management
Certified in the Governance of IT (CGEIT) Security management
Certified in Risk and Information Systems Control Security risk management
(CRISC)

For more information about vendor-neutral certifications, visit the following Web sites:
● Information Systems Audit and Control Association (ISACA): www.isaca.org
● EC-Council: www.eccouncil.org/certification.aspx
● ISC2: www.isc2.org/cgi-bin/index.cgi
● CompTIA: http://certification.comptia.org/getCertified/certifications/security.aspx
● Global Information Assurance Certification (GIAC): www.giac.org/certifications/security

Vendor-Specific Security Certificates

There are almost as many vendor-specific network security certificates as there are network
vendors. Some, such as Cisco’s CCNA and Microsoft’s MCITP, might be useful to newcomers
to the network security industry, helping them get entry-level jobs. Other useful ways to gain
an entry-level position include doing unpaid internships, joining local professional organiza-
tions, and participating in industry-related social media groups.
For more information about vendor-specific security certification, visit the individual vendors’
Web sites.

What Needs to Be Secured

Organizations have become increasingly aware of the need to secure the sensitive data they
collect and store as part of their business operations. An increasing number of federal,
state, and local regulations have provided some of this incentive. Entire industries are sub-
ject to controls requirements, including health care, which is subject to the Health Insur-
ance Portability and Accountability Act (HIPAA), and finance, which is subject to rules
such as the Sarbanes-Oxley (SOX) Act. These laws require those who collect and store
information (such as medical histories, credit reports, police records, bank accounts, finan-
cial and transaction records) to protect it from crackers who may want to engage in mali-
cious or illegal use of that data.
The focus of much of the existing legislation is on protecting the data from exposure to a
malicious cracker with sufficient skill and desire to break into systems; however, not all such
break-ins are intended to liberate sensitive data. Some crackers break into systems to utilize
what they consider wasted computer power. Thousands, if not millions, of computers sit
idle for many hours a day, and these hackers do not consider it unethical to use the compu-
ters’ idle time for their own projects.
Recently, there has been an explosion of computers being compromised through rootkits and
other malware that made them available to crackers. For example, idle bandwidth has been
seized upon by crackers, who “point” the bandwidth (along with other compromised sys-
tems) at the target to create a distributed denial of service attack. These compromised systems
are known as “bots” or “zombies” and are combined to create illegal networks known as
“botnets.” Some crackers have created large botnets, which they then sell to those interested
in using them for illegal or unethical activities. The number of compromised systems whose
idle bandwidths are used for illegal or unethical pursuits is believed to be in the hundreds of
thousands. In many states, unauthorized use of a computer system, in addition to being
unethical, is a crime.

The majority of hackers employed by organizations understand that they are responsible for
the success of the protective measures they use on their employers’ networks. Such hackers 1
may take pride in making an honest living and may thus feel duty-bound to perform their
penetration and software testing with due diligence. They will strive to uphold their profes-
sion’s reputation and demonstrate an understanding of the ethical responsibilities associated
with maintaining respect for the industry.
Some hackers might find it tempting to copy, download, and use proprietary software and
other copyrighted works. Although they may consider this a harmless activity, it is often ille-
gal (based on the license under which the software is distributed). The controls available to
software manufacturers that manage licensing become increasingly sophisticated. Organiza-
tions that have been on the receiving end of a Microsoft software license audit can attest to
the potential impact of failing to take this responsibility seriously.
There is an ongoing philosophical discussion as to whether free access to information is more
or less important than a creator’s right to protect his or her creations. This is the same sort of
debate as the one over the regulations that govern the distribution and modification of written
works. There are those who feel that proprietary software is a form of elitism that inhibits
progress. The argument is that every person has the right to hear, read, see, or learn anything
that is available. On the other hand, proponents of strong intellectual property rights argue
that there would be no creation at all if there was not some method of ensuring remuneration
for reproduction of that intellectual property. Regardless of the personal opinions a hacker
may hold with regard to intellectual property issues, as a member of the information security
industry, there is an obligation to the organization to uphold and enforce existing laws.
Professional hackers have a responsibility to society that is hard to ignore. Their activities
should help to build and improve upon existing technology. Accessing information in a
quest for knowledge is valuable, but a hacker’s right to free information ought not to infringe
on others’ rights to their own space and property. It is the responsibility of ethical hackers to
ensure that their activities cause no harm to the confidentiality and integrity of information.
They should use their skills and interests as opportunities to learn and teach. Hackers can
use their intelligence and experience to invent new solutions that help the overall develop-
ment of technology.
An ethical hacker is a security professional who applies his or her hacking skills for defensive
purposes. This person accesses a computer system or network with the authorization of the
system’s owner and without causing damage to the system. Hackers who are conscious of
other people’s rights are assets to the IT field. (On the other hand, hackers who act with
malicious intent harm the profession, but at the same time they help security professionals
see where their networks are vulnerable.) It is possible for hackers to gain access to sensitive
and controversial data while they are engaged in the activity of ethical hacking. What that
hacker does with that data reflects on the entire industry. The very cornerstone of success
for ethical hackers rests on trust. Violations of that trust by failing to act honorably and ethi-
cally come with significant consequences.

Why Hire an Ethical Hacker? Companies would rather pay an ethical hacker to dis-
cover their systems’ vulnerabilities than wait for an unethical hacker to do it for them. Fur-
thermore, an increasing number of industries, such as finance and health care, charge orga-
nizations with the specific duty of protecting the sensitive data they collect and store. As

part of a defensive strategy, organizations may want to hire external security professionals
to try to hack their systems. They can derive further benefits from hiring ethical hackers to
perform security audits, which provide solutions as well as identify potential problems.
Ethical hackers work to protect all IT areas—Web servers and shared printers as well as
e-mail from end to end. The widespread adoption of smartphones, tablets, and other mobile
devices as well as the move to the “cloud” are only the most recent additions to the infor-
mation assets that organizations are responsible for. These organizations have also adopted
social media and technically integrated Enterprise Resource Planning (ERP) systems that
have blurred the boundaries of the traditional internal network, which has only increased
the importance of the work of professional ethical hackers. Hackers must have experience
in software engineering, network engineering, and system security. They must strive to
increase their knowledge of tools and techniques to protect their networks and to check for
forensics evidence when those networks are attacked.

Chapter Summary
■ Computer cracking is illegally hacking into a computer system without the permission of
the system’s owner.
■ Hackers are commonly classified in two groups: White Hat, or “good” and ethical hack-
ers, and Black Hat, or “bad” and malicious hackers.
■ The eight major profiles of hackers include novices, cyber-punks, internals, old-guard
hackers, coders, professional criminals, information warriors (aka cyber-terrorists), and
hacktivists.
■ Ethical hackers and unethical hackers use the same reading materials and techniques;
what distinguishes between the two groups is simply the permission of the network
owner and the choice of whether to defend or attack.
■ Hackers may be motivated by a love of difficult challenges, curiosity, a desire for recog-
nition, a desire for financial gain, a need for revenge, or patriotism.
■ The modern concept of hacking began in the late 1950s when some students at MIT
started using their access to the MIT mainframe in order to work on new programming
languages and other experiments outside of their regular classes. With the advent of
logon accounts and passwords in the 1960s, hackers went from exploring computers to
hacking passwords. The 1970s saw the rise of the phreaks, and the 1980s saw a tremen-
dous growth in computer crime and abuse with the introduction of viruses, worms, and
Trojan horses.
■ Although there are several vendor-neutral and vendor-specific certifications available to
computer security professionals, there is no national certification standard.
■ Professional security experts, technologists, and hackers must develop a public code of
ethics. Without the assurance a code provides, potential clients may resist employing eth-
ical hackers who could defend their networks and computer systems from crackers.
■ An ethical hacker is a security professional who applies hacking skills for defensive pur-
poses. This person accesses a computer system or network with the authorization of the
system’s owner and without causing damage to the system.

Key Terms 1
cloud computing Computing that occurs beyond the edges of the trusted network.
cracker Someone who engages in cracking.
cracking The act of illegally hacking into a computer system without the permission of the
system’s owner.
hacker A term originally meant to describe a programmer or someone skilled at computers
and code writing. The term has evolved and is sometimes used as a more pejorative term to
describe a cracker.
hacktivist Hacker or cracker who is motivated by patriotism, nationalism, or some other
deeply held civic or social belief and who may either secure networks from cyber-criminals
or disrupt services, thereby causing fear among specific “enemy” populations and
communities.
malware infection When a host computer or device is surreptitiously loaded via
various routes, including infected attachments or from visiting malicious Web sites.
The objective of malware is to activate functionality on the device that is not sanctioned
by the device owner. Malware can take many forms, including viruses, Trojans, worms,
and rootkits.
phreaking Cracking the phone network to make free long-distance calls, for example.
Also refers to security cracking, especially (but not exclusively) on communications
networks.
SCADA (Supervisory Control and Data Acquisition) Systems designed to run critical
infrastructure.
script kiddies A subset of hacking enthusiasts who, having little knowledge or
experience, find and run scripts that others have made available through various media.
Script kiddies are universally despised by experienced programmers. When an individual is
singled out as being or acting like a script kiddie, this is a derogatory usage.
Stuxnet A computer worm that seeded malware-infected USB drives in cars parked outside
Iranian nuclear plants with the goal of breaking into centrifuges.
war dialer A script that tells a modem to dial a range of phone numbers and then
identifies those that are connected to remote computers. The phone number range is defined
by the user, then the program proceeds to dial these numbers, one after the other,
attempting to establish a remote connection.

Review Questions
1. Using the White Hat/Black Hat model, which kind of hacker is more likely to create a
Web site to teach new hackers how to hack a network?
2. Using the White Hat/Black Hat model, which kind of hacker is more likely to work as a
network administrator?
3. Using the White Hat/Black Hat model, which kind of hacker is more likely to be politi-
cally motivated?

4. Using the White Hat/Black Hat model, which kind of hacker is more likely to sell credit
card numbers to criminals online?
5. When presenting a talk to a group of business leaders, are you more likely to use the
White Hat/Black Hat model or the Hacker Profiles model to explain the dangers posed
by hackers? If the business leaders were the chief information officers of their respective
companies, would you reverse your decision? Write a short essay explaining your
answers.
6. If your Web site is hacked and all the pages call up the same anti-war slogan and
picture, which profile of hacker has hit your site?
7. If it is discovered that the CEO’s e-mail browser is set to automatically copy all her
outgoing mail to an unknown account called asmith@thecompany.com, what profile of
hacker is probably responsible?
8. Which hacker profile is most likely to try out attack scripts found on the Internet “just
to see what happens”?
9. What is the name for a group of compromised computers that can be used in a distrib-
uted denial of service attack?
10. What are the motivations for the hacker profile “professional criminal”?
11. A security tester can make a network impenetrable. True or False?
12. An ethical hacker is a person who performs most of the same activities a cracker does
but only late at night. True or False?
13. The System Administration, Network, and Security (SANS) Institute offers training and
IT security certifications through Global Information Assurance Certification (GIAC).
True or False?
14. The GIAC program offers a certification that focuses on reverse-engineering malware.
True or False?
15. In the United States, all the state legal systems view port scanning as noninvasive or
nondestructive in nature and deem it legal. True or False?
16. According to the Hacker Profile model, old-guard hackers brag incessantly about their
successful exploits. True or False?
Match each of the following terms with the correct statement below.
a. script
b. port scanning
c. novice
d. ethical hacker
17. Name a way to find open ports on a system.
18. Who copies code from knowledgeable programmers instead of creating the code him-
self/herself?

19. Name the set of instructions that runs in sequence to perform tasks on a computer
system. 1
20. Who is sometimes employed by companies to perform penetration tests.

Hands-On Project
Project 1-1
In this project, you set up the Linux computer that you will be using in many
of the projects throughout the book. There are a variety of free tutorials avail-
able on the Internet that will help you with this task. Entering the name of the
Linux variety you want to explore in your favorite search engine, followed by
the term “installation tutorial,” should reveal an array of resources that will be useful in this
exercise as well as those coming in subsequent chapters.
You need the following:
● An x86 computer with a minimum of 256MB RAM, the equivalent of a Pentium III 900
MHz processor or better, a 20GB hard drive, a high-speed cable or DSL phone modem,
and a 10/100 Ethernet network interface card. Please note that these specifications
should be viewed as minimum requirements; you will get better performance if you have
more RAM, a faster processor, and so on.
● A current version of a popular, robust Linux distribution, such as Fedora, Red Hat
Enterprise, CentOS, Mandriva, SUSE, or Ubuntu. The hands-on projects in this book
assume an installation of Fedora Core 6, and the steps are written accordingly.
However, other Linux distributions can be used, with minor modifications to the steps,
as needed.
● An Internet connection

1. Perform a default installation of the Linux OS. For the purposes of this book, you
won’t need to review or customize partitions, and you can accept the default partition-
ing scheme that the installation program selects.
2. When installation is complete, use the OS’s package manager to install any available
software updates. This will help ensure that your system contains important security
updates and bug fixes. For example, in Fedora, you can start the update process by
entering yum update at a Terminal window (you’ll need to log in as root) or
by clicking Applications, pointing to System Tools, and clicking Software Updater to
run the Software Updater program.

References
1. Computer Security Institute. “CSI 2010/2011 Computer Crime and Security Survey.”
gocsi.com. Retrieved April 9, 2012 @ http://gocsi.com/survey.
2. Verizon. “2012 Data Breach Investigations Report.” verizonbusiness.com. Retrieved
April 9, 2012 @ www.verizonbusiness.com/about/events/2012dbir/index.xml.

3. Bednarz, A. “Profiling Cybercriminals: A Promising but Immature Science.” Network-

World 29 November 2004. Retrieved April 9, 2012 @ www.networkworld.com/supp
/2004/cybercrime/112904profile.html.
4. Mitnick, Kevin. “They Call Me a Criminal.” Guardian Unlimited. February 22, 2000.
Retrieved April 9, 2012 @ www.guardian.co.uk/Archive/Article/0,4273,3966123,00.html.
5. Black Hat. “Black Hat Briefings and Training: About Black Hat.” blackhat.com.
Retrived April 9, 2012 @ http://blackhat.com/html/about.html.
6. Thomas, T. “Google Confronts China’s Three Warfares.” Parameters. Summer, 2010.
U.S. Army War College.
7. Brodsky, J., and R. Radvanovsky. “Control Systems Security.” Corporate Hacking and
Technology-Driven Crime: Social Dynamics and Implications. Ed. T. Holt and B. Schell.
IGI Global, p. 187.

After reading this chapter and completing

the exercises, you will be able to:
• Identify various techniques for performing reconna issance
• Describe the methods used in social engineering
• Explain the importance of dumpster diving in reconnaissance
• Describe the methods of Internet footpri nting

17
�"'' :111 J.c,11,:•i.o.___ ,..,11 tui111• :ic,....-.M•r,,...., • 1N1,,. .t11 tu . ,...'""" ��..,.,.,._11•1) h> •--"...., 1,0 ,.,._,..aoa
..,;, .i .""•-"'.lq,11<,oHI. 11>""""<><In11,11 .l>o•1<>o1.. ....c 1q1..11,<,
II••
.,.,....., u ,...., _ .i,
....... ,...,..a
...., ,..,. ,..rs,_..J,..,,.,._,._..._ m-i,ur.,,,., , 1111a lumai: ._.p;w1,,_ e.wo..,,...-s _._ ,..,..,.,.,1 .,,.,., .,..,
11,, ""'' "' ..,..,,,. it..-.,.,,.
4 '0'un
.. 11¥1U , ..,,,.11o 11 .
.. 111,,1,.,.
18 Chapter 2 Reconnaissance

Information leakage is a big problem that becomes even bigger with the use of
social networking and other Web-based services, which reveal useful information to mali-
cious hackers. Organizations therefore need to be aware of the potential areas of risk that
can be exploited by attackers. Several techniques can be used to discover viable targets.
These techniques fall within three tactical classes: social engineering, dumpster diving, and
Internet footprinting. Figure 2-1 shows an abridged organizational chart that includes the
reconnaissance methods described in this chapter.

Figure 2-1 Abridged organization chart

Source: Microsoft Paint

Introduction to Reconnaissance
Reconnaissance is the act of locating targets and developing the methods necessary to attack
those targets successfully. The information that hackers use is the same regardless of whether
it’s used as part of an authorized penetration test or part of a surveillance step by an attacker.
Important sources of information include:
● Physical location of the target
● Data about the users at the facility
● Administrative short-cuts (such as assigning the same password to all new accounts
and expecting the user to change the password later)
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Introduction to Reconnaissance 19

● Operating systems
● Network structure
● Hardware configuration
● Available services
2
● Business strategies
● Employee phone lists
● Staffing structure of the organization
● Internal newsletters
● All available published information about the company, either on its Web site or by
other writers
These types of information allow a hacker to figure out the targeted organization’s security
weaknesses and identify the best possible techniques and tools to conduct attacks.
Reconnaissance is not illegal by definition, nor are many specific reconnaissance techniques.
That’s because these kinds of activities do not result in actual damages, for which the organi-
zation would be able to prosecute. The following sections sort through the various areas of
reconnaissance, identifying which are legal and which may prove illegal or unethical.

Legal Reconnaissance
It is completely legal to look up all the information that’s available about a company on the
Internet, including its phone numbers, office hours, and addresses. In addition, many organi-
zations publicize very detailed information about their technical environments when seeking
trained IT staff; looking up this information is legal as well. Calling the organization with a
problem that requires customer service assistance is legal (even if it is a made-up problem).
Interviewing a member of the staff for a school project is legal. Physically entering a facility,
including attending a tour of the facility, is legal. Making friends with somebody who works
there or used to work there is legal. Company representatives would have to be exceptionally
paranoid not to answer the phone “just in case it is a hacker performing recon.” All these
methods—and many others like them—are completely legal and are done for various reasons
all the time.

Questionable Reconnaissance
Local laws vary, but in much of the world, performing a passive port scan is legal. Reading
the names on the mail that’s sitting on a mail cart or scanning a document that’s lying on a
desk may be legal. Picking up trash in the parking lot and looking at it before you toss it out
or hand it off to a company representative is probably legal. Picking up a copy of the com-
pany’s employee newsletter is probably legal. Asking for a phone list or a business card or
product specs is probably legal. Looking through a garbage can is probably legal. Conduct-
ing a stake-out to discover the movements of key individuals may be illegal; however, if the
hacker is not trespassing or otherwise attracting attention, it may be legal. War driving—
checking for unsecured wireless networks—is legal in some places and not in others. Leverag-
ing these legal types of activities can often be just as fruitful, in terms of providing a toehold
into the organization, as other activities that may cross the line into illegal or unethical
behavior.
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
20 Chapter 2 Reconnaissance

Illegal Reconnaissance
There are a number of plainly illegal reconnaissance techniques. Developing a “front” com-
pany and acting as a representative of that company for the specific purpose of robbing or
defrauding a target company, in addition to being quite expensive and time consuming, is
probably illegal. Stealing garbage is illegal in some locales. Entering a home or office to look
for information is illegal, although it often goes undetected if nothing is removed. Surrepti-
tiously installing a keylogger—a tool that records users’ keystrokes—on a vulnerable
machine is illegal. Leaving a sniffer, which intercepts and reads data packets, on a network is
illegal.

Impact of Context on Reconnaissance

Context is important in ethical hacking. For example, ethical hackers conducting criminal or
homeland security investigations may engage in some reconnaissance activities that would
normally be considered illegal under other circumstances. Although these special circum-
stances may be legally sanctioned, those with an interest in personal privacy and liberty may
consider them unethical, regardless of the context.
When practicing reconnaissance, it is important to remember that any information about the
target is potentially of value. During the collection phase of reconnaissance, sanctioned or
ethical hackers are not always able to predict how that information will be used. Therefore,
hackers strive to gather every detail—all e-mails, passwords, phone numbers, and codes—
and then apply different scenarios or contexts to leverage the information that is collected.
Depending on the technology used and the nature of the investigation, reconnaissance meth-
ods fall into three categories: social engineering, dumpster diving, and Internet footprinting.
Each of these categories is composed of various methods that are variously risky and vari-
ously legal. Hackers use these methods, together or separately, to collect information about
their targets.

Social Engineering
Social engineering involves an act of deception on the part of an attacker, which is meant to
trick well-meaning individuals into providing access to unauthorized information or systems.
Social engineering is typically considered unethical behavior but is sometimes used by ethical
hackers as part of a penetration test.
Social engineering works, for the most part, because people are trusting and want to be help-
ful, which is part of our social conditioning. Suspiciousness and selfishness are not traits we
teach our children, nor do most adults cultivate those traits. But being trusting and helpful
opens an avenue of risk. Security policies and vulnerability checks do provide some basic and
limited protection, but humans remain the weakest link in the security chain. Individual
employees must be responsible for protecting their usernames and complex passwords; for
securing their paperwork, files, and phone conversations; and for carefully selecting their cir-
cles of people they can trust.
Kevin Mitnick, a once-notorious, now well-respected hacker, made up for his lousy technical
skills with some sophisticated social engineering skills. In his book The Art of Deception,
Mitnick wrote, “Social engineering uses influence and persuasion to deceive people by
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Social Engineering 21

convincing them that the social engineer is someone he isn’t, or by manipulation. As a result,
the social engineer is able to take advantage of people to obtain information with or without
the use of technology.”1 Sometimes, social engineering is only part of an attack. The infamous
ILOVEYOU worm attack back in 2000 was caused by a virus, but it also involved social
engineering, exploiting the curiosity that causes people to click on an e-mail attachment.
2
The success or failure of social engineering depends on the ability of hackers to manipulate
human psychology, contacts, and physical workstations. Training and employee-awareness
programs are critically important to reduce social engineers’ ability to manipulate others.

Social Engineering Techniques

To access information about individuals, a social engineer must gain the trust or acquiescence
of that person. This is done by deploying any of the following social engineering techniques:
● Impersonation
● Bribery
● Deception
● Conformity
● Reverse social engineering

Impersonation Impersonation can occur at an individual level, such as pretending to be

Tom Cruise to get into a cool nightclub, or it can occur on a functional level, such as dress-
ing like a service person to get past the security controls at Disney World. On the individual
level, posing as an actual employee requires at least some of the ID information connected to
that person. This can be pretty difficult to acquire and has the drawback that you might
encounter somebody who knows the person you’re impersonating. Functional-level imper-
sonation is easier and may require less preparation. In either case, the hacker poses as a
legitimate user or an employee who has the authority to collect information.
Examples of functional-level impersonation include:
● Approaching a user, claiming to be a system administrator or an IT support executive,
then asking for passwords
● Wearing a baseball cap with the name of a local phone company on it and dressing as
a phone company technician to get into a locked wiring closet
● Making a phone call to state that the system is acting erratically and that the victim
must authenticate his or her username and password for verification
● Posing as a flustered, uncertain, but legitimate user and making a phone call to a help
desk to ask for information
● Calling the third-shift sysadmin at 6:30 a.m. claiming to be the IT director (who never
arrives at the office until 10:00 a.m.) and requesting that a specific line of code be run
on the command line of the mail server
Before engaging in this kind of social engineering, a hacker usually performs basic research
about the target company to avoid creating suspicion. It is easier to engage in this kind of
impersonation in larger and more geographically diverse organizations than in smaller orga-
nizations where employees are more likely to know one another.
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
22 Chapter 2 Reconnaissance

Bribery Bribery can be an effective way to collect information. Here, the hacker pits an
employee’s greed against his or her loyalty to the organization. Once a bribe has been
accepted, blackmail is a common tactic for keeping the target employee working for the
hacker. While looking for victims, a social engineer asks the following questions about
employees:
● Do they work at a level of the company that might provide useful information?
● Are they in financial difficulty?
● Are they addicted to gambling, alcohol, or drugs?
● Are they unsatisfied with the organization?
● Are they focused on short-term gains with the company?
● Are they morally compromisable?
Bribery is a time-consuming technique that requires a lot of research on the target individ-
ual. There is also a potentially expensive front-end matter to consider. During the research,
the hacker will probably be required to invest time and resources in the person or persons
being bribed. The major risk to bribery is that the employee, though ready and willing to
perform, is unable to provide any useful information—or that they may change their mind,
either before or after that segment of the plan is complete. The hacker’s risk level stays high,
and there is at least one individual within the organization who knows some foul plan is in
effect.

Deception Deception involves actually joining the organization as an employee or con-

sultant. This pits the “virtuous” hacker against the “evil” company and requires a good
helping of self-delusion on the part of the hacker.

Conformity This method depends on people’s tendency to believe that they are “typical”
and that an apparent similarity between themselves and other (unknown) persons is an
actual similarity. The attacker may use this sense of conformity to convince victims that
they have a lot in common and that they share the same values. Establishing this sense of
rapport is used to gain the confidence of the victim. Once the desired information is
obtained, the attacker will likely disengage. This is another area that an ethical hacker may
choose to pursue as part of a penetration testing engagement. If so, it should be done with
the knowledge that those who are the target of attention are likely to feel victimized regard-
less of the fact that the ethical hacker had no malicious intent.

Reverse Social Engineering Reverse social engineering is a sting operation in

which the hacker pretends he’s an authority figure invested with the power to solve peoples’
problems. The thing is, the problems were caused by the hacker himself. Here’s how it
works:
1. First, the hacker manufactures a problem, such as a denial of service (DoS) attack that
shuts down the network for a time.
2. Then, the hacker advertises himself as an expert who can solve this sort of problem. The
victim might be prompted to communicate with the hacker for relief, and the hacker
uses this opportunity to solve the victim s problem.
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Social Engineering 23

3. Now, the hacker is believed to be a trusted assistant or expert in the field of network
security, and he is therefore given more access to the network in question, including
many critical systems.
4. Finally, the hacker is able to collect information from users and perhaps install hidden 2
running processes on the systems to which he now has access.
Most social engineering attacks are opportunistic; the hacker uses whatever technique he or
she thinks fits the situation. For example, impersonating a user and calling a help desk for
assistance might not be the way to go if the aim is to collect confidential information from
a sysop. All social engineering techniques are affected by ease of physical entry into the tar-
get organization or of communication with the victims within the organization.

Physical Intrusion
Physical intrusion refers to social engineers actually entering an organization’s premises with
the sole purpose of collecting information. The social engineering aspect of physical intrusion
results from the use of impersonation or other forms of deception to gain access to areas to
which the attacker should not be entitled.
First, the social engineer must scope out the premises. “Casing the joint” usually includes:
● Learning the organization’s schedules
● Knowing the floor plan of the building or buildings
● Engaging in surveillance or research to understand the existing security procedures
Learning an organization’s schedules or patterns includes knowing which people are likely to
be there at any one time, their jobs, and their work styles. It is also good to know who holds
which keys and where these people are at various times of the day. The more a hacker knows
about the usual behaviors of the people who work in the building, the less likely he or she
will arouse suspicion or set off alarms.
Failing to secure a building’s floor plans might provide an attacker with an opportunity to
get to the right place quickly while under stress. As in any complex plan, the less left to
chance and improvisation, the better the results.
Knowing the security measures that are in place also helps hackers know where the security
system breaks down. Social engineers normally have close contact with employees on
the inside before entering an organization’s building, and they can get a lot of baseline infor-
mation from those employees. A friendly employee is likely to be unaware of the useful
information he or she is imparting and will consider such divulged information to be just
“office war stories.” However, this information lets the hacker know the company’s physical
security, network security, and response policy to intrusion. There is no reason to assume
that a single hacker cannot have multiple contacts within an organization; he or she could
have a network of interested friends inside a company’s firewall.
Once the hacker acquires some information about the organization, he or she can develop
fake identification cards. Many companies use a laminated card with the employee’s informa-
tion on it. This is very easy to duplicate with a word processor and a laminator—at a copy
shop, for example. Before creating the fake ID, the social engineer must decide whether to
pose as an employee, a contractor, or an authority figure. Large companies with lots of
employees, contractors, and social churn are the easiest to infiltrate. Because nobody is
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
24 Chapter 2 Reconnaissance

expecting an attack, few will challenge a properly dressed individual with authentic-looking
identification, a show of confidence, and knowledge of the building and organization.
The last step is to acquire useful information. Through the development of a viable back-
story, the hacker may have been able to spend a good amount of time in the building unat-
tended, where he or she acquired all the available information using minimally intrusive
methods. In that time, they may have added keyloggers or sniffers to local computers, jim-
mied desk-drawer locks, or broken into filing cabinets, looking for business documents and
passwords. There are several methods for easily gathering information without alarming
other employees. Many users write down their passwords and keep them in plain view, or
they store them in their local computers. A hacker may also just watch users while they’re
typing their passwords and business documents.
How do social engineers perform these physical intrusion activities without generating any
suspicion? They never collect all the required information from a single user or source, and
they never hold a job position after the necessary activity has ended. The more valuable the
information is, the more likely hackers are working with a team or with backing that funds
their efforts. Corporate espionage is alive and well.
When physical intrusion is not a possibility because of a distributed corporate presence or a
strong security perimeter, hackers sometimes use communication media. Communication
media help social engineers perform their activities remotely, thus causing less suspicion.

Communication Media
Social engineers use postal mail, e-mail, instant messaging, social networking, and telephone
communication to get useful information from target individuals within an organization. Let
us briefly overview these various media and examine how they are used by hackers.

Postal Mail A venerable medium of communication, postal mail is a powerful tool for
social engineers to gather personal information about users. In a typical attack, the victim
receives a letter announcing that he or she has won a prize. The content of the mailer is
very professional and slick, asking for verification details in order for the victim to receive
the prize. This can include phone numbers, e-mail addresses, tax information, and so forth.
The greed engendered by the idea of winning a prize leads the victim to happily surrender
all sorts of information, which is then used to further victimize the user. What differentiates
this attack from a typical mailing by a genuine mail-order house is that the genuine mailer is
sent in bulk and manufactured to look that way, whereas a mail attack is usually sent only
to the specific victim. This technique is not illegal, but some of the subsequent uses of the
information may be. The technique also requires more patience; and in a society already
driven by immediate gratification, it may not be as tempting, although it is still more effec-
tive than using e-mail, which organizations are more cautious about.

E-Mail E-mail is used in a variety of scams, but in this chapter, we will look at three uses.
A social engineer can send an e-mail purported to be from a legitimate IT e-mail account,
such as from the network administrator, but using the social engineer’s own return address.
This e-mail itself may claim there is a problem to be fixed and that the user must send his or
her password to help solve it. Most legitimate administrators and technicians are constantly
fending off unrequested username and password combinations, volunteered by users who
think they need to provide this information to have their problem resolved. A legitimate
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Social Engineering 25

administrator never needs a password to troubleshoot a user’s login issues; nevertheless, the
social engineer’s trick of asking for this information as though it were needed to fix a prob-
lem is often successful.
Another trick is to send e-mail message invitations to join online competitions to receive 2
prizes. In these cases, the social engineer attaches forms that must be filled out by users for
joining the competition. The form requests information such as usernames, phone numbers,
passwords, and Social Security numbers. Users fall for this trick out of the desire to win a
prize or money. Many people have the same username and password for multiple online
accounts; thus, by providing this information, they jeopardize all their accounts that use
these username/password combinations.
The final ploy is called phishing, in which a user is tricked into giving private information
about his or her account with a known large organization. A common form of phishing is
for an attacker to send out an e-mail message that appears to be from a source that the
receiver is likely to trust. The message often contains a link to a Web site where the receiver
is tricked into entering confidential information that will then be sold or used to provide
information for a larger attack. Figure 2-2 shows a typical phishing form that users might
encounter by clicking a link that offers helpful ways to keep their information safe.

Figure 2-2 Typical phishing form

Internet sites are often used as platforms for phishing expeditions, as well as for phony
“prize-distribution” ploys. It is easy to make professional-looking Web sites in very little
time—so easy, in fact, that it is sometimes difficult to tell the phishing sites from the genuine
ones. Users should check if the form is an https page, which indicates it uses encryption to
guard transmitted data. Fake sites don’t tend to care if data is at risk during transmission
and so will not provide any safeguards. Users should not send sensitive data to sites with
which they are not well acquainted. Phishing sites take advantage of users’ tendency to
employ the same username and password for many similar sites, then they go looking for
the other sites to which the users are subscribed. The level of sophistication that phishers
bring to their techniques is such that even information security professionals can fail to iden-
tify a malicious link, which is why phishing is one of the more common risks experienced by
today’s organizations.

Instant Messaging Instant messaging hacking scripts are prevalent in many public IM
platforms. Here, the social engineer attempts to befriend the victim to gather information
and/or introduce the victim to a Web link he might want to visit. Usually, these sites are
pornography related. Actual people usually contact one another through mutual friends or
by searching profiles for pertinent keywords. Random contacts that are actual people with
legitimate interests declare their intentions outright: “I saw on your profile that you like
model trains. I do, too. How do you make miniature farm animals for your trains?” They
might be selling toy horses, but they say that up front. In contrast, there are automated
scripts that run on ICQ and Yahoo IM. In some cases, it is possible to have a 20-minute
IM session with a set of automated responses! But they are easy to catch as well. Because
they are automated, they are not able to respond to open-ended questions, such as “What
kind of tea do you like?” Their responses are noticeably inappropriate, so it is easy to
block them early in the conversation. It is also possible to set the IM client to accept only
contacts from an approved list.

Telephone Communication Social engineers have an array of tools with which to

exploit telephone communication for malicious purposes. They may manipulate background
sounds and their own voices to produce the required effect—for example, using a light, fem-
inine voice instead of a brusque voice with a thick accent. Social engineers also have tools to
generate false entries in caller-ID technology, making it appear that a call is coming from a
legitimate source.
Help desk personnel are vulnerable targets because they have been granted more access to
information than the average employee and are required to give information to people
quickly, with a minimum of digression. In fact, they are often under time pressure to suc-
cessfully answer as many calls as they can.
When calling a particular employee, it can be more effective to call another employee and be
transferred to the potential victim. This makes the caller appear more trustworthy than if
she had called the victim directly.
Social engineers often impersonate technicians who contact target users to inform them, for
example, that they may have been overbilled for telephone charges. After they convince the
user to accept that premise, they ask for more personal information.

Countering Social Engineering

To prevent or mitigate social engineering, you must educate the users. Education must be
included in your security policy, and new users must be made aware of the policy. All users
in a system must take the following precautions to counter social engineering attempts: 2
● Do not provide any information to unknown people.
● Do not disclose any confidential information to anyone over the telephone without
confirming the legitimacy of the person on the other end of the line.
● Do not type passwords or other confidential information in front of unknown people.
● Do not submit information to any insecure Web site.
● Do not use the same username and password for all accounts.
● Verify the credentials of persons asking for passwords, and recognize that authentic
administrators often do not need your password to access your files.
● Keep confidential documents locked.
● Lock or shut down computers when away from the workstation.
● Establish protocols that require help desk employees to provide information only after
they have gained proper authentication.

Dumpster Diving
Dumpster diving—the act of combing through an organization’s refuse—often provides the
mother lode of sensitive information as well as actual hardware and software. Hackers look
specifically for sales receipts and paperwork that contain personal data or credit card informa-
tion. This information can be sold to others who will do damage with it, or it can be used by
the hacker himself. Shredded documents can lead to data leaks when all the shredders are
strip shredders and the resultant strips are disposed of in a single bag. Although cross-cut
shredders are more secure, the complicated jigsaw puzzle they create can be reconstructed by
whoever wishes to put in the time. Many people believe that all companies carefully shred
and dispose of their personal information, but this is not necessarily true. In many places,
documents considered less sensitive are dropped directly into publicly available receptacles.
Drafts of letters, even mail-merge documents with hundreds of recipients, are routinely left
whole in the trash. Company directory sheets, catalog lists, unused or misprinted labels, and
policy manuals are not recognized as sensitive data, so they are left whole in the trash as
well, but consider the consequences of a criminal retrieving this information. They are not
concerned with whether the labels are printed properly; they are interested in the names and
addresses, phone numbers, and employee IDs that appear there.

Importance of Proper Discarding of Refuse

An organization’s security policy must carefully specify what is sensitive information and
what isn’t, and then specify how to treat refuse. Some documents may not be considered sen-
sitive, like employee handbooks and company policy statements. But these can often tell
hackers what kind of physical and network security to expect when doing an intrusion.

There are various ways to dispose of trash paper, such as using cross-cut shredders or locked
trash receptacles. As a result of the Health Insurance Portability and Accountability Act
(HIPAA) and similar federal legislation, such as the Sarbanes-Oxley (SOX) Act, a cottage
industry of document-destruction services has emerged. These services involve backing trucks
up to organizations, collecting locked bins, shredding the information, and then issuing certi-
ficates of destruction to the organization, both as a form of insurance policy against misuse
of these documents and to provide evidence of compliance to regulators or auditors.
Old hardware cannot be shredded and takes up space; thus, these items are frequently
thrown out, or given to employees to take home. Hackers search for outdated hardware,
such as tapes, CD-ROMs, and hard disks. There are various tools available to hackers, such
as forensics programs, that can restore data from damaged data-storage devices. Information
recovery services such as Kroll have demonstrated that it is really physical destruction of stor-
age devices that can best ensure that sensitive information cannot be recreated.

Prevention of Dumpster Diving

To prevent dumpster diving attacks or mitigate their value to the attacker, do the following:
● Develop a written recycling and trash-handling policy that is part of the overall
security policy.
● Use the policy to develop a consistent, systematic method for handling trash.
● Demand that all papers be shredded. Cross-cut shredders with narrow cuts are the best
because they minimize the possibility of reconstructing documents.
● Erase all data from tapes, floppies, flash drives, and hard disks. Because data can be
recovered even from formatted hard disks and tapes, stipulate that the application
that’s adopted to erase media use at least government-approved wiping algorithms.
These overwrite data with random data at least eight times, therefore minimizing
hackers’ success in salvaging information. Most effective, however, are those
techniques that involve the physical destruction of the media.
● Don’t simply break CD-ROMs, given that data can be recovered from broken disks.
Place them in a microwave and heat them, which destroys the integrity of the
substrate and makes the data irrecoverable.

Internet Footprinting
Internet footprinting is a technical reconnaissance method that interests budding hackers and
network security specialists alike. Hackers like it because it is clean, legal, and safe; security
specialists often choose it over all other methods of surveillance because of the increased ave-
nues of information leakage experienced by modern organizations. This kind of profiling helps
the social engineer understand the target system’s Internet, intranet, and remote-access setups.
It is easy to implement and almost undetectable by the victim.
There are five Internet footprinting methods:
● Social networking
● Web searching
Network enumeration
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Exploring the Variety of Random
Documents with Different Content
foreigners writing in America, 510–12;
some American patrons of music, 512–13;
symphony orchestras, 513–4;
opera companies, 514;
twentieth century composers in, 545–6
University of California, open air theatre at, 469
V
Valkyrie, Wagner’s, 367, 368, 369, 371, 374, 375
Van der Stucken, Frank, 490
Varese, Edgar, 511
Vaudeville, origin of the word, 119–20
Venetian school of music, the, 155–7
Venice, first public opera house in, 185
Verdi, Giuseppe, account of his life and work, 377–81
Vielle, or hurdy-gurdy, the, 106
Vikings, the, 91
Viola, the, 216–17
Violin, makers of the, in Cremona, 14–17;
perfecting of the bow, 323;
the growth of violin music, 323–5
Violoncello, the, 216
Viols, of the Arabs, 60
Viotti, Giovanni Battista, 323
Virginal, the, 210, 310, 311
Virginals, in England in the 16th and 17th centuries, 195–6
Vitali, Giovanni Battista, 218
Vivaldi, 218
Volger, Abbé, 327, 328
W
Wagner, Wilhelm Richard, account of his life and work, 359–76;
influence of other musicians upon, 360–1;
first use of leit-motif by, 364;
The Flying Dutchman, 365;
Tannhäuser, 365–6, 370;
Lohengrin, 366, 368, 375;
The Nibelungen Ring, 364, 366 ff.;
Tristan and Isolde and The Meistersinger, 369–71, 372;
Bayreuth, 371–2, 373;
Parsifal, 372–3, 374;
his influence on opera, 374–6;
influence of, on Verdi, 377, 381;
followers of his theories in France, 389;
and Liszt, 405–6, 407, 408
Wagner, Siegfried, 395
Wallace, William Vincent, 341
Walther, Johann, 166
Washington, George, 464
Water organs, 309
Weber, Carl Maria von, 327–9, 333, 334;
influence of, on Wagner, 360
Weelkes, Thomas, 200, 201
Weingartner, Felix, 424
Wellesz, Egon, 533
Welsh folk music, 137–8
Wesley, Samuel, 340
Whiteman, Paul, 508
Whithorne, Emerson, 505
Whiting, Arthur, 482
Whitman, Walt, 474
Widor, Charles Marie, 392
Wieck, Clara, 352–3
Willaert, foundation of Venetian school of music by, 155–6
William the Conqueror, 93
William Tell, Rossini’s, 337
Williams, Vaughn, 543
Wolf, Hugo, 424–6
Wolfe, James, 380
Wolf-Ferrari, Ermanno, 385
Wolle, Frederick, 464
Wood, Sir Henry J., 318
Worde, Wynken de, song book of, 191
Y
Young People’s Concerts, New York, 470
Ysaye, Eugene, 434
Z
Zarlino, books on harmony and theory by, 157
Zither, use of, by the Arabs, 60
TRANSCRIBER’S NOTES
1. Silently corrected obvious typographical errors and
variations in spelling.
2. Retained archaic, non-standard, and uncertain spellings
as printed.
3. The music files are the music transcriber’s interpretation
of the printed notation and are placed in the public
domain.
P. 78, Organum, Subsituted 1/2 note rest for
short bar line indicating break between sung
notes.
P. 78, Discant, missing slur and not whole note.
*** END OF THE PROJECT GUTENBERG EBOOK HOW MUSIC
GREW, FROM PREHISTORIC TIMES TO THE PRESENT DAY ***

Updated editions will replace the previous one—the old editions

will be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright
in these works, so the Foundation (and you!) can copy and
distribute it in the United States without permission and without
paying copyright royalties. Special rules, set forth in the General
Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the

free distribution of electronic works, by using or distributing this
work (or any other work associated in any way with the phrase
“Project Gutenberg”), you agree to comply with all the terms of
the Full Project Gutenberg™ License available with this file or
online at www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand,
agree to and accept all the terms of this license and intellectual
property (trademark/copyright) agreement. If you do not agree to
abide by all the terms of this agreement, you must cease using
and return or destroy all copies of Project Gutenberg™
electronic works in your possession. If you paid a fee for
obtaining a copy of or access to a Project Gutenberg™
electronic work and you do not agree to be bound by the terms
of this agreement, you may obtain a refund from the person or
entity to whom you paid the fee as set forth in paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only

be used on or associated in any way with an electronic work by
people who agree to be bound by the terms of this agreement.
There are a few things that you can do with most Project
Gutenberg™ electronic works even without complying with the
full terms of this agreement. See paragraph 1.C below. There
are a lot of things you can do with Project Gutenberg™
electronic works if you follow the terms of this agreement and
help preserve free future access to Project Gutenberg™
electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright
law in the United States and you are located in the United
States, we do not claim a right to prevent you from copying,
distributing, performing, displaying or creating derivative works
based on the work as long as all references to Project
Gutenberg are removed. Of course, we hope that you will
support the Project Gutenberg™ mission of promoting free
access to electronic works by freely sharing Project
Gutenberg™ works in compliance with the terms of this
agreement for keeping the Project Gutenberg™ name
associated with the work. You can easily comply with the terms
of this agreement by keeping this work in the same format with
its attached full Project Gutenberg™ License when you share it
without charge with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.

1.E. Unless you have removed all references to Project

Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project
Gutenberg™ work (any work on which the phrase “Project
Gutenberg” appears, or with which the phrase “Project
Gutenberg” is associated) is accessed, displayed, performed,
viewed, copied or distributed:

This eBook is for the use of anyone anywhere in the United

States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it
away or re-use it under the terms of the Project Gutenberg
License included with this eBook or online at
www.gutenberg.org. If you are not located in the United
States, you will have to check the laws of the country where
you are located before using this eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is

derived from texts not protected by U.S. copyright law (does not
contain a notice indicating that it is posted with permission of the
copyright holder), the work can be copied and distributed to
anyone in the United States without paying any fees or charges.
If you are redistributing or providing access to a work with the
phrase “Project Gutenberg” associated with or appearing on the
work, you must comply either with the requirements of
paragraphs 1.E.1 through 1.E.7 or obtain permission for the use
of the work and the Project Gutenberg™ trademark as set forth
in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is

posted with the permission of the copyright holder, your use and
distribution must comply with both paragraphs 1.E.1 through
1.E.7 and any additional terms imposed by the copyright holder.
Additional terms will be linked to the Project Gutenberg™
License for all works posted with the permission of the copyright
holder found at the beginning of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files
containing a part of this work or any other work associated with
Project Gutenberg™.
1.E.5. Do not copy, display, perform, distribute or redistribute
this electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the
Project Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if
you provide access to or distribute copies of a Project
Gutenberg™ work in a format other than “Plain Vanilla ASCII” or
other format used in the official version posted on the official
Project Gutenberg™ website (www.gutenberg.org), you must, at
no additional cost, fee or expense to the user, provide a copy, a
means of exporting a copy, or a means of obtaining a copy upon
request, of the work in its original “Plain Vanilla ASCII” or other
form. Any alternate format must include the full Project
Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™
works unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or

providing access to or distributing Project Gutenberg™
electronic works provided that:

• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt that
s/he does not agree to the terms of the full Project Gutenberg™
License. You must require such a user to return or destroy all
copies of the works possessed in a physical medium and
discontinue all use of and all access to other copies of Project
Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project

Gutenberg™ electronic work or group of works on different
terms than are set forth in this agreement, you must obtain
permission in writing from the Project Gutenberg Literary
Archive Foundation, the manager of the Project Gutenberg™
trademark. Contact the Foundation as set forth in Section 3
below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on,
transcribe and proofread works not protected by U.S. copyright
law in creating the Project Gutenberg™ collection. Despite
these efforts, Project Gutenberg™ electronic works, and the
medium on which they may be stored, may contain “Defects,”
such as, but not limited to, incomplete, inaccurate or corrupt
data, transcription errors, a copyright or other intellectual
property infringement, a defective or damaged disk or other
medium, a computer virus, or computer codes that damage or
cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES -

Except for the “Right of Replacement or Refund” described in
paragraph 1.F.3, the Project Gutenberg Literary Archive
Foundation, the owner of the Project Gutenberg™ trademark,
and any other party distributing a Project Gutenberg™ electronic
work under this agreement, disclaim all liability to you for
damages, costs and expenses, including legal fees. YOU
AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE,
STRICT LIABILITY, BREACH OF WARRANTY OR BREACH
OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH
1.F.3. YOU AGREE THAT THE FOUNDATION, THE
TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER
THIS AGREEMENT WILL NOT BE LIABLE TO YOU FOR
ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE
OR INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF
THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If

you discover a defect in this electronic work within 90 days of
receiving it, you can receive a refund of the money (if any) you
paid for it by sending a written explanation to the person you
received the work from. If you received the work on a physical
medium, you must return the medium with your written
explanation. The person or entity that provided you with the
defective work may elect to provide a replacement copy in lieu
of a refund. If you received the work electronically, the person or
entity providing it to you may choose to give you a second
opportunity to receive the work electronically in lieu of a refund.
If the second copy is also defective, you may demand a refund
in writing without further opportunities to fix the problem.

1.F.4. Except for the limited right of replacement or refund set

forth in paragraph 1.F.3, this work is provided to you ‘AS-IS’,
WITH NO OTHER WARRANTIES OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR
ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of
damages. If any disclaimer or limitation set forth in this
agreement violates the law of the state applicable to this
agreement, the agreement shall be interpreted to make the
maximum disclaimer or limitation permitted by the applicable
state law. The invalidity or unenforceability of any provision of
this agreement shall not void the remaining provisions.

1.F.6. INDEMNITY - You agree to indemnify and hold the

Foundation, the trademark owner, any agent or employee of the
Foundation, anyone providing copies of Project Gutenberg™
electronic works in accordance with this agreement, and any
volunteers associated with the production, promotion and
distribution of Project Gutenberg™ electronic works, harmless
from all liability, costs and expenses, including legal fees, that
arise directly or indirectly from any of the following which you do
or cause to occur: (a) distribution of this or any Project
Gutenberg™ work, (b) alteration, modification, or additions or
deletions to any Project Gutenberg™ work, and (c) any Defect
you cause.

Section 2. Information about the Mission of

Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new
computers. It exists because of the efforts of hundreds of
volunteers and donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project
Gutenberg™’s goals and ensuring that the Project Gutenberg™
collection will remain freely available for generations to come. In
2001, the Project Gutenberg Literary Archive Foundation was
created to provide a secure and permanent future for Project
Gutenberg™ and future generations. To learn more about the
Project Gutenberg Literary Archive Foundation and how your
efforts and donations can help, see Sections 3 and 4 and the
Foundation information page at www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-
profit 501(c)(3) educational corporation organized under the
laws of the state of Mississippi and granted tax exempt status by
the Internal Revenue Service. The Foundation’s EIN or federal
tax identification number is 64-6221541. Contributions to the
Project Gutenberg Literary Archive Foundation are tax
deductible to the full extent permitted by U.S. federal laws and
your state’s laws.

The Foundation’s business office is located at 809 North 1500

West, Salt Lake City, UT 84116, (801) 596-1887. Email contact
links and up to date contact information can be found at the
Foundation’s website and official page at
www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission
of increasing the number of public domain and licensed works
that can be freely distributed in machine-readable form
accessible by the widest array of equipment including outdated
equipment. Many small donations ($1 to $5,000) are particularly
important to maintaining tax exempt status with the IRS.

The Foundation is committed to complying with the laws

regulating charities and charitable donations in all 50 states of
the United States. Compliance requirements are not uniform
and it takes a considerable effort, much paperwork and many
fees to meet and keep up with these requirements. We do not
solicit donations in locations where we have not received written
confirmation of compliance. To SEND DONATIONS or
determine the status of compliance for any particular state visit
www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states

where we have not met the solicitation requirements, we know
of no prohibition against accepting unsolicited donations from
donors in such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot

make any statements concerning tax treatment of donations
received from outside the United States. U.S. laws alone swamp
our small staff.

Please check the Project Gutenberg web pages for current

donation methods and addresses. Donations are accepted in a
number of other ways including checks, online payments and
credit card donations. To donate, please visit:
www.gutenberg.org/donate.

Section 5. General Information About Project

Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could
be freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose
network of volunteer support.

Project Gutenberg™ eBooks are often created from several

printed editions, all of which are confirmed as not protected by
copyright in the U.S. unless a copyright notice is included. Thus,
we do not necessarily keep eBooks in compliance with any
particular paper edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg
Literary Archive Foundation, how to help produce our new
eBooks, and how to subscribe to our email newsletter to hear
about new eBooks.
back
back
back
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

ebooknice.com

Foundations of Computer Science Behrouz Forouzan pdf download
100% (1)
Foundations of Computer Science Behrouz Forouzan pdf download
59 pages
Digital Signal Processing using MATLAB 3rd Edition Robert J. Schilling instant download
100% (2)
Digital Signal Processing using MATLAB 3rd Edition Robert J. Schilling instant download
49 pages
Database Systems: Design, Implementation, and Management 13th Edition Carlos Coronel Download PDF
100% (1)
Database Systems: Design, Implementation, and Management 13th Edition Carlos Coronel Download PDF
47 pages
Download Complete Hands On Information Security Lab Manual 4th Edition Andrew Green PDF for All Chapters
100% (3)
Download Complete Hands On Information Security Lab Manual 4th Edition Andrew Green PDF for All Chapters
81 pages
Download Guide to Wireless Communications Olenewa ebook All Chapters PDF
100% (2)
Download Guide to Wireless Communications Olenewa ebook All Chapters PDF
62 pages
Download full (eBook PDF) Precalculus: Functions and Graphs, Enhanced Edition 12th Edition ebook all chapters
100% (2)
Download full (eBook PDF) Precalculus: Functions and Graphs, Enhanced Edition 12th Edition ebook all chapters
24 pages
TOGETHER FOR THE FAITH Lyrics
No ratings yet
TOGETHER FOR THE FAITH Lyrics
2 pages
U44 Industrial Power Electronics and Storage
50% (2)
U44 Industrial Power Electronics and Storage
8 pages
Electromagnetic Emission Measurement Prediction of Buck Boost Converter Circuits Using Machine Learning Methods
No ratings yet
Electromagnetic Emission Measurement Prediction of Buck Boost Converter Circuits Using Machine Learning Methods
22 pages
Verbs Followed by Gerunds
No ratings yet
Verbs Followed by Gerunds
6 pages
Instant Download Guide To Operating Systems Greg Tomsho PDF All Chapter
100% (3)
Instant Download Guide To Operating Systems Greg Tomsho PDF All Chapter
62 pages
Download full Sustainable Energy, 2nd 2nd Edition Richard A. Dunlap ebook all chapters
100% (4)
Download full Sustainable Energy, 2nd 2nd Edition Richard A. Dunlap ebook all chapters
66 pages
Final Mohan
No ratings yet
Final Mohan
272 pages
Data Structures and Algorithms in C 4th Edition Adam Drozdek download
100% (2)
Data Structures and Algorithms in C 4th Edition Adam Drozdek download
83 pages
Full Download VLSI and Hardware Implementations using Modern Machine Learning Methods 1st Edition Sandeep Saini PDF DOCX
100% (6)
Full Download VLSI and Hardware Implementations using Modern Machine Learning Methods 1st Edition Sandeep Saini PDF DOCX
40 pages
APSCHE Curriculum For Engineering UG Programmes
No ratings yet
APSCHE Curriculum For Engineering UG Programmes
44 pages
(Ebook) An Introduction to Parallel Programming by Pacheco, Peter S.; Malensek, Matthew ISBN 9780128046050, 0128046058 - Quickly download the ebook to read anytime, anywhere
100% (2)
(Ebook) An Introduction to Parallel Programming by Pacheco, Peter S.; Malensek, Matthew ISBN 9780128046050, 0128046058 - Quickly download the ebook to read anytime, anywhere
80 pages
Eadsm Notes
No ratings yet
Eadsm Notes
135 pages
BESCK104E204E Module 1 Notes
No ratings yet
BESCK104E204E Module 1 Notes
24 pages
McEvoy's Handbook of Photovoltaics, Third Edition: Fundamentals and Applications Soteris Kalogirou - eBook PDF 2024 Scribd Download
100% (3)
McEvoy's Handbook of Photovoltaics, Third Edition: Fundamentals and Applications Soteris Kalogirou - eBook PDF 2024 Scribd Download
44 pages
(Ebook) Instructor Solution Manual - Fundamentals of Digital Signal Processing Using MATLAB by Robert J. Schilling, Sandra L. Harris ISBN 9781111426033, 1111426031 download
100% (1)
(Ebook) Instructor Solution Manual - Fundamentals of Digital Signal Processing Using MATLAB by Robert J. Schilling, Sandra L. Harris ISBN 9781111426033, 1111426031 download
31 pages
Interference and Diffraction
No ratings yet
Interference and Diffraction
52 pages
Immediate download Foundations of Computer Science 4th Edition Behrouz Forouzan - eBook PDF ebooks 2024
100% (3)
Immediate download Foundations of Computer Science 4th Edition Behrouz Forouzan - eBook PDF ebooks 2024
41 pages
Download full Fundamentals of Logic Design, Enhanced Edition Jr. Charles H. Roth ebook all chapters
100% (1)
Download full Fundamentals of Logic Design, Enhanced Edition Jr. Charles H. Roth ebook all chapters
65 pages
Data Networks Minor Syllabus
No ratings yet
Data Networks Minor Syllabus
7 pages
Principles of Information Security 6th edition by Michael Whitman, Herbert Mattord ISBN 1337102067 978-1337102063 pdf download
100% (2)
Principles of Information Security 6th edition by Michael Whitman, Herbert Mattord ISBN 1337102067 978-1337102063 pdf download
62 pages
Li Fi The Future Technology in Wireless Communication
No ratings yet
Li Fi The Future Technology in Wireless Communication
4 pages
Modern Electronics and Communication Engineering 1st Edition M. L. Anand pdf download
100% (1)
Modern Electronics and Communication Engineering 1st Edition M. L. Anand pdf download
51 pages
Vlsi Lab Co-Po Mapping
No ratings yet
Vlsi Lab Co-Po Mapping
2 pages
(Ebook) Essentials of Photonics, Second Edition by Rogers, Alan ISBN 9781420005530, 1420005537 2024 Scribd Download
100% (2)
(Ebook) Essentials of Photonics, Second Edition by Rogers, Alan ISBN 9781420005530, 1420005537 2024 Scribd Download
82 pages
Flashcards - 2.1 Waves and Particle Nature of Light - Edexcel IAL Physics A-Level
No ratings yet
Flashcards - 2.1 Waves and Particle Nature of Light - Edexcel IAL Physics A-Level
77 pages
Full download Fundamentals of Nanoelectronics 1st ed Edition Hanson pdf docx
100% (8)
Full download Fundamentals of Nanoelectronics 1st ed Edition Hanson pdf docx
77 pages
Future of Computers
100% (1)
Future of Computers
2 pages
Immediate download (Ebook) Engineering design with polymers and composites by Gerdeen, James C.; Rorrer, Ronald A. L ISBN 9781628709377, 1628709375 ebooks 2024
100% (2)
Immediate download (Ebook) Engineering design with polymers and composites by Gerdeen, James C.; Rorrer, Ronald A. L ISBN 9781628709377, 1628709375 ebooks 2024
72 pages
DOC-20250131-WA0005.
No ratings yet
DOC-20250131-WA0005.
121 pages
Format of Resume To Be Uploaded Under Application
No ratings yet
Format of Resume To Be Uploaded Under Application
3 pages
SET_1_ASSIGNMENTS_NPTEL
No ratings yet
SET_1_ASSIGNMENTS_NPTEL
32 pages
08 Electronic Devices and Circuits - GQB (Ddpanda)
No ratings yet
08 Electronic Devices and Circuits - GQB (Ddpanda)
36 pages
EDC Hand Written Theory Notes of ACE PDF
No ratings yet
EDC Hand Written Theory Notes of ACE PDF
190 pages
Cyber Law - Bangladesh Perspective
No ratings yet
Cyber Law - Bangladesh Perspective
9 pages
DIP126EN - Applied Physics-II 28-02-2022
No ratings yet
DIP126EN - Applied Physics-II 28-02-2022
226 pages
Johannes Kepler-Concerning the More Certain Fundamentals of Astrology_ a New Brief Dissertation Looking Towards a Cosmotheory Together With a Physical Prognosis for the ... of Christ, Written to the p
No ratings yet
Johannes Kepler-Concerning the More Certain Fundamentals of Astrology_ a New Brief Dissertation Looking Towards a Cosmotheory Together With a Physical Prognosis for the ... of Christ, Written to the p
1,045 pages
Download ebooks file Nanoscale Electronic Devices and Their Applications 1st Edition Khurshed Ahmad Shah (Author) all chapters
100% (2)
Download ebooks file Nanoscale Electronic Devices and Their Applications 1st Edition Khurshed Ahmad Shah (Author) all chapters
55 pages
ML Akash
No ratings yet
ML Akash
53 pages
MOSFET SCaling and Parameters of Mos Transistor
No ratings yet
MOSFET SCaling and Parameters of Mos Transistor
27 pages
NS & ST Unit 1 Test QP
No ratings yet
NS & ST Unit 1 Test QP
2 pages
NTC Syllabus
0% (1)
NTC Syllabus
5 pages
Fall 2022 QMBU 310 Syllabus
No ratings yet
Fall 2022 QMBU 310 Syllabus
6 pages
A Concise Introduction to Logic (14th Edition) Patrick J. Hurley - Download the full ebook version right now
100% (5)
A Concise Introduction to Logic (14th Edition) Patrick J. Hurley - Download the full ebook version right now
71 pages
Sustainable Energy, 2nd 2nd Edition Richard A. Dunlap - eBook PDF pdf download
100% (6)
Sustainable Energy, 2nd 2nd Edition Richard A. Dunlap - eBook PDF pdf download
56 pages
FEV Unit - 5
No ratings yet
FEV Unit - 5
13 pages
Nano and Micro Electromechanical Systems Fundamentals of Nano and Microengineering Second Edition Lyshevski 2024 Scribd Download
100% (1)
Nano and Micro Electromechanical Systems Fundamentals of Nano and Microengineering Second Edition Lyshevski 2024 Scribd Download
77 pages
SCH 18ee733
No ratings yet
SCH 18ee733
11 pages
Instant Access to Engineering Ethics: Concepts and Cases 6 ed. Edition Charles E. Harris ebook Full Chapters
100% (4)
Instant Access to Engineering Ethics: Concepts and Cases 6 ed. Edition Charles E. Harris ebook Full Chapters
41 pages
MEFA by Aryasri
100% (1)
MEFA by Aryasri
529 pages
(Ebook) Computer Security and Penetration Testing by Alfred Basta, Nadine Basta, Mary Brown ISBN 9780840020932, 0840020937 pdf download
100% (3)
(Ebook) Computer Security and Penetration Testing by Alfred Basta, Nadine Basta, Mary Brown ISBN 9780840020932, 0840020937 pdf download
32 pages
Computer Security And Penetration Testing 2nd Edition Alfred Basta pdf download
100% (1)
Computer Security And Penetration Testing 2nd Edition Alfred Basta pdf download
84 pages
Full Download Computer Security and Penetration Testing 2nd Edition Alfred Basta PDF DOCX
100% (4)
Full Download Computer Security and Penetration Testing 2nd Edition Alfred Basta PDF DOCX
51 pages
Get Computer Security and Penetration Testing 2nd Edition Alfred Basta PDF ebook with Full Chapters Now
No ratings yet
Get Computer Security and Penetration Testing 2nd Edition Alfred Basta PDF ebook with Full Chapters Now
41 pages
Computer Security and Penetration Testing 2nd Edition Alfred Basta - Read the ebook online or download it for a complete experience
100% (1)
Computer Security and Penetration Testing 2nd Edition Alfred Basta - Read the ebook online or download it for a complete experience
41 pages
Computer Security and Penetration Testing 2nd Edition Alfred Basta download
No ratings yet
Computer Security and Penetration Testing 2nd Edition Alfred Basta download
54 pages
(Ebooks PDF) Download Computer Security and Penetration Testing 2nd Edition Alfred Basta Full Chapters
100% (24)
(Ebooks PDF) Download Computer Security and Penetration Testing 2nd Edition Alfred Basta Full Chapters
84 pages
(Ebook) Exposure and Response (Ritual) Prevention for Obsessive Compulsive Disorder: Therapist Guide, 2nd ed by Edna B. Foa, Elna Yadin, Tracey K. Lichner ISBN 9780195335286, 0195335287 All Chapters Instant Download
100% (4)
(Ebook) Exposure and Response (Ritual) Prevention for Obsessive Compulsive Disorder: Therapist Guide, 2nd ed by Edna B. Foa, Elna Yadin, Tracey K. Lichner ISBN 9780195335286, 0195335287 All Chapters Instant Download
72 pages
Instant Download (Ebook) Beating the Drum: Stories of Influencing Networks by Nynke Kuperus ISBN 9789069421186, 9069421186 PDF All Chapters
100% (4)
Instant Download (Ebook) Beating the Drum: Stories of Influencing Networks by Nynke Kuperus ISBN 9789069421186, 9069421186 PDF All Chapters
86 pages
(Ebook) Facts and Fantasies: Images of Istanbul Women in the 1920s by D. Fatma Ture ISBN 9781443872225, 1443872229 2024 Scribd Download
100% (4)
(Ebook) Facts and Fantasies: Images of Istanbul Women in the 1920s by D. Fatma Ture ISBN 9781443872225, 1443872229 2024 Scribd Download
86 pages
Full Download (Ebook) The Missionary, the Catechist, and the Hunter: Foucault, Protestantism and Colonialism by Christina Petterson ISBN 9789004236059, 9789004273160, 9004236058, 9004273166, 2014008123 PDF DOCX
100% (4)
Full Download (Ebook) The Missionary, the Catechist, and the Hunter: Foucault, Protestantism and Colonialism by Christina Petterson ISBN 9789004236059, 9789004273160, 9004236058, 9004273166, 2014008123 PDF DOCX
76 pages
(Ebook) Re-create Your Life : Transforming Yourself and Your World With the Decision Maker Process by Morty Lefkoe, Werner Erhard, Eckhart Tolle, Anthony De Mello ISBN 9780836221671, 0836221672 All Chapters Instant Download
100% (3)
(Ebook) Re-create Your Life : Transforming Yourself and Your World With the Decision Maker Process by Morty Lefkoe, Werner Erhard, Eckhart Tolle, Anthony De Mello ISBN 9780836221671, 0836221672 All Chapters Instant Download
81 pages
Full Download (Ebook) An Integral Guide to Recovery: Twelve Steps and Beyond by Guy du Plessis ISBN 9780990441953, 0990441954 PDF DOCX
100% (4)
Full Download (Ebook) An Integral Guide to Recovery: Twelve Steps and Beyond by Guy du Plessis ISBN 9780990441953, 0990441954 PDF DOCX
76 pages
Instant Download (Ebook) Children and Schools: A Journal of National Association of Social Workers by unknown ISBN 9780871014504, 0871014505 PDF All Chapters
100% (2)
Instant Download (Ebook) Children and Schools: A Journal of National Association of Social Workers by unknown ISBN 9780871014504, 0871014505 PDF All Chapters
81 pages
Download Complete (Ebook) Technology for Business: Application of the Advances in Industry 4.0 to Small to Medium Sized Enterprises by John Blakemore ISBN 9789814968706, 9814968706 PDF for All Chapters
100% (3)
Download Complete (Ebook) Technology for Business: Application of the Advances in Industry 4.0 to Small to Medium Sized Enterprises by John Blakemore ISBN 9789814968706, 9814968706 PDF for All Chapters
71 pages
Full Download (Ebook) Key Themes in Health and Social Care: A Companion to Learning by Adam Barnard, Verusca Calabria, Louise Griffiths, Bailey Foster ISBN 9780367529345, 9780367529321, 0367529343, 0367529327, 2022044707, 2022044708 PDF DOCX
100% (3)
Full Download (Ebook) Key Themes in Health and Social Care: A Companion to Learning by Adam Barnard, Verusca Calabria, Louise Griffiths, Bailey Foster ISBN 9780367529345, 9780367529321, 0367529343, 0367529327, 2022044707, 2022044708 PDF DOCX
71 pages
Download full (Ebook) The Grapevine: from the science to the practice of growing vines for wine by Patrick Iland, Peter Dry, Tony Proffitt, Steve Tyerman, ISBN 9780994635600, 0994635605, 0412090411 ebook all chapters
100% (3)
Download full (Ebook) The Grapevine: from the science to the practice of growing vines for wine by Patrick Iland, Peter Dry, Tony Proffitt, Steve Tyerman, ISBN 9780994635600, 0994635605, 0412090411 ebook all chapters
71 pages
Download ebooks file (Ebook) Smart Manufacturing: Integrating Transformational Technologies for Competitiveness and Sustainability by Scott M. Shemwell, Hebab A. Quazi ISBN 9780367742928, 0367742926 all chapters
100% (2)
Download ebooks file (Ebook) Smart Manufacturing: Integrating Transformational Technologies for Competitiveness and Sustainability by Scott M. Shemwell, Hebab A. Quazi ISBN 9780367742928, 0367742926 all chapters
71 pages
Download ebooks file (Ebook) Background Noise: Perspectives on Sound Art by Brandon LaBelle ISBN 9781628923537, 9781628923520, 9781628923544, 1628923539, 1628923520, 1628923547 all chapters
100% (3)
Download ebooks file (Ebook) Background Noise: Perspectives on Sound Art by Brandon LaBelle ISBN 9781628923537, 9781628923520, 9781628923544, 1628923539, 1628923520, 1628923547 all chapters
81 pages
CV Vetting Manual 2023-2024
No ratings yet
CV Vetting Manual 2023-2024
10 pages
GROUP-4-A-MARKETING-PLAN-OF-GOLDILOCKS-COMPANY
No ratings yet
GROUP-4-A-MARKETING-PLAN-OF-GOLDILOCKS-COMPANY
24 pages
Credit Collection Policy Procedures and Practices
No ratings yet
Credit Collection Policy Procedures and Practices
28 pages
Compensation and Benefits Assignment
No ratings yet
Compensation and Benefits Assignment
10 pages
Taylor - Francis - Permission FAQS
No ratings yet
Taylor - Francis - Permission FAQS
11 pages
Pay DTP
No ratings yet
Pay DTP
23 pages
Application For Employment
No ratings yet
Application For Employment
5 pages
KMC Work Permit Form 1
No ratings yet
KMC Work Permit Form 1
1 page
Quality of Work Life
No ratings yet
Quality of Work Life
1 page
Implementation of Intelligent Automated Gate System With QR Code
No ratings yet
Implementation of Intelligent Automated Gate System With QR Code
5 pages
Helm - Locke's Theory of Personal Identity
No ratings yet
Helm - Locke's Theory of Personal Identity
14 pages
Resource Sharing Agreement c5 SLS Sample 07 09 17
No ratings yet
Resource Sharing Agreement c5 SLS Sample 07 09 17
7 pages
People Vs Villareal
100% (3)
People Vs Villareal
2 pages
1 Semana Santa Wordsearch
No ratings yet
1 Semana Santa Wordsearch
3 pages
PhonePe Statement Apr2024 May2024
No ratings yet
PhonePe Statement Apr2024 May2024
4 pages
Seerah of Prophet Muhammed 61 - The Tribe of Banu Quraytha - Dr. Yasir Qadhi 15th May 2013
No ratings yet
Seerah of Prophet Muhammed 61 - The Tribe of Banu Quraytha - Dr. Yasir Qadhi 15th May 2013
7 pages
Indian Constitution Question Bank For SEE
100% (1)
Indian Constitution Question Bank For SEE
31 pages
Duavit Vs CA
No ratings yet
Duavit Vs CA
1 page
Banking & Insurance - Module 1 calicut university
No ratings yet
Banking & Insurance - Module 1 calicut university
16 pages
Digital Transformation and Agile Leadership Biblio
No ratings yet
Digital Transformation and Agile Leadership Biblio
15 pages
SN Zones States Lgas Wards Name - of - Facility - Visited
No ratings yet
SN Zones States Lgas Wards Name - of - Facility - Visited
33 pages
Save Electricity: Amount Deferred by Govt. of M. P
No ratings yet
Save Electricity: Amount Deferred by Govt. of M. P
1 page
Business Plan
No ratings yet
Business Plan
5 pages
Classification of Mexican Folk Dance
No ratings yet
Classification of Mexican Folk Dance
11 pages
2012AUG24 West
No ratings yet
2012AUG24 West
2 pages
A Short History of Islamic Science, From Genesis To Decline
No ratings yet
A Short History of Islamic Science, From Genesis To Decline
9 pages
Rice Pests (Stem & Leaf Feeding)
No ratings yet
Rice Pests (Stem & Leaf Feeding)
16 pages
Ch-1 - Preventing and Eliminating (MUDA HNS2)
No ratings yet
Ch-1 - Preventing and Eliminating (MUDA HNS2)
26 pages

Instant download (Ebook) Computer Security and Penetration Testing by Alfred Basta, Nadine Basta, Mary Brown ISBN 9780840020932, 0840020937 pdf all chapter

Uploaded by

Instant download (Ebook) Computer Security and Penetration Testing by Alfred Basta, Nadine Basta, Mary Brown ISBN 9780840020932, 0840020937 pdf all chapter

Uploaded by

Visit https://ebooknice.

com to download the full version and

(Ebook) Computer Security and Penetration Testing by

_____ Click the link below to download _____

Explore and download more ebooks at ebooknice.com

(Ebook) Linux Operations and Administration by Alfred Basta, Dustin A.

(Ebook) Biota Grow 2C gather 2C cook by Loucas, Jason; Viles, James

(Ebook) Database Security by Alfred Basta; Melissa Zgola ISBN

(Ebook) Matematik 5000+ Kurs 2c Lärobok by Lena Alfredsson, Hans

(Ebook) Cambridge IGCSE and O Level History Workbook 2C - Depth Study:

(Ebook) Basta de amores de mierda IV by Gonzalo Romero ISBN

(Ebook) Careers in High Tech by Basta N. ISBN 9780071476126,

Australia • Brazil • Mexico • Singapore • United Kingdom • United States

Cengage Learning is a leading provider of customized learning solutions

Cengage Learning products are represented in Canada by

To learn more about Cengage Learning Solutions, visit www.cengage.com.

Printed in the United States of America

Protecting Against a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

.NET Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Unsecure Software Configuration. . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Recovering from Incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Organization and Coverage

Text and Graphic Conventions

Each Hands-On Project in this book is preceded by the activity icon

Online Instructor Resources

Read This Before You Begin

About the Authors

After reading this chapter and completing

The Impact of Unethical Hacking

Figure 1-1 White Hat/Black Hat model

Figure 1-2 Hacker profiles

Information security certifications include security management-related certifications, such as

Vendor-Neutral Security Certifications

Certification Organization Certification Area of Focus

GIAC Certified Forensics Analyst (GCFA) Testing, Forensics

Table 1-1 Information security certification organizations and offerings (continued )

Certification Organization Certification Area of Focus

Vendor-Specific Security Certificates

What Needs to Be Secured

3. Bednarz, A. “Profiling Cybercriminals: A Promising but Immature Science.” Network-

After reading this chapter and completing

Figure 2-1 Abridged organization chart

Impact of Context on Reconnaissance

Social Engineering Techniques

Impersonation Impersonation can occur at an individual level, such as pretending to be

Deception Deception involves actually joining the organization as an employee or con-

Reverse Social Engineering Reverse social engineering is a sting operation in

Figure 2-2 Typical phishing form

Telephone Communication Social engineers have an array of tools with which to

Countering Social Engineering

Importance of Proper Discarding of Refuse

Prevention of Dumpster Diving

Updated editions will replace the previous one—the old editions

Creating the works from print editions not protected by U.S.

START: FULL LICENSE

To protect the Project Gutenberg™ mission of promoting the

Section 1. General Terms of Use and

1.B. “Project Gutenberg” is a registered trademark. It may only

1.E. Unless you have removed all references to Project

1.E.1. The following sentence, with active links to, or other

This eBook is for the use of anyone anywhere in the United

1.E.2. If an individual Project Gutenberg™ electronic work is

1.E.3. If an individual Project Gutenberg™ electronic work is

1.E.4. Do not unlink or detach or remove the full Project

1.E.7. Do not charge a fee for access to, viewing, displaying,

1.E.8. You may charge a reasonable fee for copies of or

• You provide a full refund of any money paid by a user who

• You provide, in accordance with paragraph 1.F.3, a full refund of

1.E.9. If you wish to charge a fee or distribute a Project

1.F.1. Project Gutenberg volunteers and employees expend

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES -

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If

1.F.4. Except for the limited right of replacement or refund set

_ Click the link below to download _