关闭

关闭

封号提示

内容

首页 [黑客大曝光(第6版)].Hacking.Exposed.6Th.Ed.pdf

[黑客大曝光(第6版)].Hacking.Exposed.6Th.Ed.pdf

[黑客大曝光(第6版)].Hacking.Exposed.6T…

上传者: 三少 2011-05-06 评分 5 0 224 30 1016 暂无简介 简介 举报

简介:本文档为《[黑客大曝光(第6版)].Hacking.Exposed.6Th.Edpdf》,可适用于IT/计算机领域,主题内容包含HACKINGEXPOSED:NETWORKSECURITYSECRETSSOLUTIONSThispageintentionallyleftbla符等。

HACKINGEXPOSED:NETWORKSECURITYSECRETSSOLUTIONSThispageintentionallyleftblankHACKINGEXPOSED:NETWORKSECURITYSECRETSSOLUTIONSSTUARTMCCLUREJOELSCAMBRAYGEORGEKURTZNewYorkChicagoSanFranciscoLisbonLondonMadridMexicoCityMilanNewDelhiSanJuanSeoulSingaporeSydneyTorontoCopyrightbyTheMcGrawHillCompaniesAllrightsreservedExceptaspermittedundertheUnitedStatesCopyrightActof,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisherISBN:MHID:ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:,MHID:AlltrademarksaretrademarksoftheirrespectiveownersRatherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademarkWheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcapsMcGrawHilleBooksareavailableatspecialquantitydiscountstouseaspremiumsandsalespromotions,orforuseincorporatetrainingprogramsTocontactarepresentativepleasevisittheContactUspageatwwwmhprofessionalcomInformationhasbeenobtainedbyMcGrawHillfromsourcesbelievedtobereliableHowever,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGrawHill,orothers,McGrawHilldoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformationTERMSOFUSEThisisacopyrightedworkandTheMcGrawHillCompanies,Inc(“McGrawHill”)anditslicensorsreserveallrightsinandtotheworkUseofthisworkissubjecttothesetermsExceptaspermittedundertheCopyrightActofandtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGrawHill’spriorconsentYoumayusetheworkforyourownnoncommercialandpersonaluseanyotheruseoftheworkisstrictlyprohibitedYourrighttousetheworkmaybeterminatedifyoufailtocomplywiththesetermsTHEWORKISPROVIDED“ASIS”McGRAWHILLANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSEMcGrawHillanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedintheworkwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfreeNeitherMcGrawHillnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtherefromMcGrawHillhasnoresponsibilityforthecontentofanyinformationaccessedthroughtheworkUndernocircumstancesshallMcGrawHillandoritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamagesThislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwiseFormybeautifulboys,ilufaanmw…ForSamantha,lumlg…tml!!!StuartTomylittleRockBand:youaremyidolsJoelTomylovingfamily,Anna,Alexander,andAllegra,whoprovideinspiration,guidance,andunwaveringsupportTomymom,Victoria,forhelpingmedefinemycharacterandforteachingmetoovercomeadversityGeorgeviHackingExposed:NetworkSecuritySecretsSolutionsABOUTTHEAUTHORSStuartMcClure,CISSP,CNE,CCSEWidelyrecognizedforhisextensiveandindepthknowledgeofsecurityproducts,StuartMcClureisconsideredoneoftheindustry’sleadingauthoritiesininformationsecuritytodayAwellpublishedandacclaimedsecurityvisionary,McClurehasovertwodecadesoftechnologyandexecutiveleadershipwithprofoundtechnical,operational,andfinancialexperienceStuartMcClureisVicePresidentofOperationsandStrategyfortheRiskComplianceBusinessUnitatMcAfee,whereheisresponsibleforthehealthandadvancementofsecurityriskmanagementandcomplianceproductsandservicesolutionsIn,StuartMcClurewasExecutiveDirectorofSecurityServicesatKaiserPermanente,theworld’slargesthealthmaintenanceorganization,whereheoversawsecurityprofessionalsandwasresponsibleforsecuritycompliance,oversight,consulting,architecture,andoperationsIn,McCluretookoverthetopspotasSeniorVicePresidentofGlobalThreats,runningallofAVERTAVERTisMcAfee’svirus,malware,andattackdetectionsignatureandheuristicresponseteam,whichincludesoverofthesmartestprogrammers,engineers,andsecurityprofessionalsfromaroundtheworldHisteammonitoredglobalsecuritythreatsandprovidedfollowthesunsignaturecreationcapabilitiesAmonghismanytacticalresponsibilities,McClurewasalsoresponsibleforprovidingstrategicvisionandmarketingfortheteamstoelevatethevalueoftheirsecurityexpertiseintheeyesofthecustomerandthepublicAdditionally,hecreatedthesemiannualSageMagazine,asecuritypublicationdedicatedtomonitoringglobalthreatsPriortotakingovertheAVERTteam,StuartMcClurewasSeniorVicePresidentofRiskManagementProductDevelopmentatMcAfee,Inc,wherehewasresponsiblefordrivingproductstrategyandmarketingfortheMcAfeeFoundstonefamilyofriskmitigationandmanagementsolutionsPriortohisroleatMcAfee,McClurewasfounder,president,andchieftechnologyofficerofFoundstone,Inc,whichwasacquiredbyMcAfeeinOctoberfor$MAtFoundstone,McClureledboththeproductvisionandstrategyforFoundstone,aswellasoperationalresponsibilitiesforalltechnologydevelopment,support,andimplementationMcCluredroveannualrevenuesoverpercenteveryyearsincethecompany’sinceptioninMcClurewasalsotheauthorofthecompany’sprimarypatent#,,In,hecreatedandcoauthoredHackingExposed:NetworkSecuritySecretsSolutions,thebestsellingcomputersecuritybook,withover,copiessoldtodateThebookhasbeentranslatedintomorethanlanguagesandisrankedthe#computerbookeversoldpositioningitasoneofthebestsellingsecurityandcomputerbooksinhistoryMcClurealsocoauthoredHackingExposedWindows(McGrawHillProfessional)andWebHacking:AttacksandDefense(AddisonWesley)PriortoFoundstone,McClureheldavarietyofleadershippositionsinsecurityandITmanagement,withErnstYoung’sNationalSecurityProfilingTeam,twoyearsasanindustryanalystwithInfoWorld’sTestCenter,fiveyearsasdirectorofITforbothstateAbouttheAuthorsviiandlocalCaliforniagovernment,twoyearsasownerofhisownITconsultancy,andtwoyearsinITwiththeUniversityofColorado,BoulderMcClureholdsabachelor’sdegreeinpsychologyandphilosophy,withanemphasisincomputerscienceapplicationsfromtheUniversityofColorado,BoulderHelaterearnednumerouscertificationsincludingISC’sCISSP,Novell’sCNE,andCheckPoint’sCCSEJoelScambray,CISSPJoelScambrayiscofounderandCEOofConsciere,aproviderofstrategicsecurityadvisoryservicesHehasassistedcompaniesrangingfromnewlymintedstartupstomembersoftheFortuneinaddressinginformationsecuritychallengesandopportunitiesforoveradozenyearsScambray’sbackgroundincludesrolesasanexecutive,technicalconsultant,andentrepreneurHewasaseniordirectoratMicrosoftCorporation,whereheledMicrosoft’sonlineservicessecurityeffortsforthreeyearsbeforejoiningtheWindowsplatformandservicesdivisiontofocusonsecuritytechnologyarchitectureJoelalsocofoundedsecuritysoftwareandservicesstartupFoundstone,Inc,andhelpedleadittoacquisitionbyMcAfeefor$MHehasalsoheldpositionsasaManagerforErnstYoung,ChiefStrategyOfficerforLeviathan,securitycolumnistforMicrosoftTechNet,EditoratLargeforInfoWorldMagazine,anddirectorofITforamajorcommercialrealestatefirmJoelScambrayhascoauthoredHackingExposed:NetworkSecuritySecretsSolutionssincehelpingcreatethebookinHeisalsoleadauthoroftheHackingExposedWindowsandHackingExposedWebApplicationsseries(bothfromMcGrawHillProfessional)Scambraybringstremendousexperienceintechnologydevelopment,IToperationssecurity,andconsultingtoclientsrangingfromsmallstartupstotheworld’slargestenterprisesHehasspokenwidelyoninformationsecurityatforumsincludingBlackHat,I,andTheAsiaEuropeMeeting(ASEM),aswellasorganizationsincludingCERT,TheComputerSecurityInstitute(CSI),ISSA,ISACA,SANS,privatecorporations,andgovernmentagenciessuchastheKoreanInformationSecurityAgency(KISA),FBI,andtheRCMPScambrayholdsabachelor’sofsciencefromtheUniversityofCaliforniaatDavis,anMAfromUCLA,andheisaCertifiedInformationSystemsSecurityProfessional(CISSP)GeorgeKurtz,CISSP,CISA,CPAFormerCEOofFoundstoneandcurrentSeniorVicePresidentGeneralManagerofMcAfee’sRiskComplianceBusinessUnit,GeorgeKurtzisaninternationallyrecognizedsecurityexpert,author,andentrepreneur,aswellasafrequentspeakeratmostmajorindustryconferencesKurtzhasoveryearsofexperienceinthesecurityspaceandhashelpedhundredsoflargeorganizationsandgovernmentagenciestacklethemostdemandingsecurityproblemsHehasbeenquotedorfeaturedinmanymajorpublications,mediaoutlets,andtelevisionprograms,includingCNN,FoxNews,ABCWorldNews,AssociatedPress,USAToday,WallStreetJournal,TheWashingtonPost,Time,ComputerWorld,eWeek,CNET,andothersviiiHackingExposed:NetworkSecuritySecretsSolutionsGeorgeKurtziscurrentlyresponsiblefordrivingMcAfee’sworldwidegrowthintheRiskCompliancesegmentsInthisrole,hehashelpedtransformMcAfeefromapointproductcompanytoaproviderofSecurityRiskManagementandComplianceOptimizationsolutionsDuringhistenure,McAfeehassignificantlyincreaseditsoverallenterpriseaveragesellingprice(ASP)anditscompetitivedisplacementsKurtzformerlyheldthepositionofSVPofMcAfeeEnterprise,wherehewasresponsibleforhelpingtodrivethegrowthoftheenterpriseproductportfolioonaworldwidebasisPriortohisroleatMcAfee,KurtzwasCEOofFoundstone,Inc,whichwasacquiredbyMcAfeeinOctoberInhispositionasCEO,KurtzbroughtauniquecombinationofbusinessacumenandtechnicalsecurityknowhowtoFoundstoneHavingraisedover$millioninfinancing,KurtzpositionedthecompanyforrapidgrowthandtookthecompanyfromstartuptooverpeopleandinfouryearsKurtz’sentrepreneurialspiritpositionedFoundstoneasoneofthepremier“pureplay”securitysolutionsprovidersintheindustryPriortoFoundstone,KurtzservedasaseniormanagerandthenationalleaderofErnstYoung’sSecurityProfilingServicesGroupDuringhistenure,KurtzwasresponsibleformanagingandperformingavarietyofeCommercerelatedsecurityengagementswithclientsinthefinancialservices,manufacturing,retailing,pharmaceuticals,andhightechnologyindustriesHewasalsoresponsibleforcodevelopingthe“ExtremeHacking”coursePriortojoiningErnstYoung,hewasamanageratPriceWaterhouse,wherehewasresponsiblefordevelopingtheirnetworkbasedattackandpenetrationmethodologiesusedaroundtheworldUnderGeorgeKurtz’sdirection,heandFoundstonehavereceivednumerousawards,includingInc’s“TopCompanies,”SoftwareCouncilofSouthernCalifornia’s“SoftwareEntrepreneuroftheYear”and“SoftwareCEOoftheYear,”FastCompany’s“Fast,”AmericanElectronicsAssociation’s“OutstandingExecutive,”Deloitte’s“Fast,”ErnstYoung’s“EntrepreneuroftheYearFinalist,”OrangeCounty’s“HottestPeople,”andothersKurtzholdsabachelorofsciencedegreefromSetonHallUniversityHealsoholdsseveralindustrydesignations,includingCertifiedInformationSystemsSecurityProfessional(CISSP),CertifiedInformationSystemsAuditor(CISA),andCertifiedPublicAccountant(CPA)HewasrecentlygrantedPatent#,,“Systemandmethodfornetworkvulnerabilitydetectionandreporting”AdditionalpatentsarestillpendingAbouttheContributingAuthorsNathanSportsmanisaninformationsecurityconsultantwhoseexperienceincludespositionsatFoundstone,adivisionofMcAfeeSymantecSunMicrosystemsandDellOvertheyears,SportsmanhashadtheopportunitytoworkacrossallmajorverticalsandhisclientshaverangedfromWallStandSiliconValleytogovernmentintelligenceagenciesandrenownededucationalinstitutionsHisworkspansseveralservicelines,buthespecializesinsoftwareandnetworksecuritySportsmanisalsoafrequentpublicspeakerHehaslecturedonthelatesthackingtechniquesfortheNationalSecurityAgency,servedasaninstructorfortheUltimateHackingSeriesatBlackHat,andisaregularpresenterforvarioussecurityorganizationssuchasISSA,Infragard,andAbouttheAuthorsixOWASPSportsmanhasdevelopedseveralsecuritytoolsandwasacontributortotheSolarisSoftwareSecurityToolkit(SST)IndustrydesignationsincludetheCertifiedInformationSystemsSecurityProfessional(CISSP)andGIACCertifiedIncidentHandler(GCIH)Sportsmanholdsabachelor’sofscienceinelectricalandcomputerengineeringfromTheUniversityofTexasatAustinBradAntoniewiczistheleaderofFoundstone’snetworkvulnerabilityandassessmentpenetrationservicelinesHeisaseniorsecurityconsultantfocusingoninternalandexternalvulnerabilityassessments,webapplicationpenetration,firewallandrouterconfigurationreviews,securenetworkarchitectures,andwirelesshackingAntoniewiczdevelopedFoundstone’sUltimateHackingwirelessclassandteachesbothUltimateHackingWirelessandthetraditionalUltimateHackingclassesAntoniewiczhasspokenatmanyevents,authoredvariousarticlesandwhitepapers,anddevelopedmanyofFoundstone’sinternalassessmenttoolsJonMcClintockisaseniorinformationsecurityconsultantlocatedinthePacificNorthwest,specializinginapplicationsecurityfromdesignthroughimplementationandintodeploymentHehasovertenyearsofprofessionalsoftwareexperience,coveringinformationsecurity,enterpriseandserviceorientedsoftwaredevelopment,andembeddedsystemsengineeringMcClintockhasworkedasaseniorsoftwareengineeronAmazoncom’sInformationSecurityteam,whereheworkedwithsoftwareteamstodefinesecurityrequirements,assessapplicationsecurity,andeducatedevelopersaboutsecuritysoftwarebestpracticesPriortoAmazon,JondevelopedsoftwareformobiledevicesandlowleveloperatingsystemanddevicedriversHeholdsabachelor’sofscienceincomputersciencefromCaliforniaStateUniversity,ChicoAdamCecchettihasoversevenyearsofprofessionalexperienceasasecurityengineerandresearcherHeisaseniorsecurityconsultantforLeviathanSecurityGrouplocatedinthePacificNorthwestCecchettispecializesinhardwareandapplicationpenetrationtestingHehasledassessmentsfortheFortuneinavastarrayofverticalsPriortoconsulting,hewasaleadsecurityengineerforAmazoncom,IncCecchettiholdsamaster’sdegreeinelectricalandcomputerengineeringfromCarnegieMellonUniversityAbouttheTechReviewerMichaelPrice,researchmanagerforMcAfeeFoundstone,iscurrentlyresponsibleforcontentdevelopmentfortheMcAfeeFoundstoneEnterprisevulnerabilitymanagementproductInthisrole,PriceworkswithandmanagesaglobalteamofsecurityresearchersresponsibleforimplementingsoftwarechecksdesignedtodetectthepresenceofvulnerabilitiesonremotecomputersystemsHehasextensiveexperienceintheinformationsecurityfield,havingworkedintheareasofvulnerabilityanalysisandsecuritysoftwaredevelopmentforovernineyearsThispageintentionallyleftblankxiATAGLANCEPartICasingtheEstablishmentFootprintingScanningEnumerationPartIISystemHackingHackingWindowsHackingUnixPartIIIInfrastructureHackingRemoteConnectivityandVoIPHackingNetworkDevicesWirelessHackingHackingHardwarePartIVApplicationandDataHackingHackingCodeWebHackingHackingtheInternetUserxiiHackingExposed:NetworkSecuritySecretsSolutionsPartVAppendixesAPortsBTopSecurityVulnerabilitiesCDenialofService(DoS)andDistributedDenialofService(DDoS)AttacksIndexxiiiCONTENTSForewordxixAcknowledgmentsxxiPrefacexxiiiIntroductionxxvPartICasingtheEstablishmentCaseStudyIAAASIt’sAllAboutAnonymi

精彩专题

职业精品

上传我的资料

热门资料

资料评价:

/ 720
所需积分:5 立即下载

意见
反馈

返回
顶部

Q