Chapter 8 – |
Penetrating Computer Systems and Networks |
Chey Cobb
Stephen Cobb, CISSP
M. E. Kabay, PhD, CISSP
Chapter Contents:
|
8.1 |
|
Security: More Than a Technical Issue
|
|
8.1.1 |
|
Organizational Culture
|
|
8.1.2 |
|
Chapter Organization
|
|
8.2 |
|
Nontechnical Penetration Techniques
|
|
8.2.1 |
|
Misrepresentation (Social Engineering)
|
|
8.2.1.1 |
|
Lying
|
|
8.2.1.2 |
|
Subversion
|
|
8.2.2 |
|
Human Target Range
|
|
8.2.3 |
|
Incremental Information Leveraging
|
|
8.2.4 |
|
Data Scavenging
|
|
8.3 |
|
Technical Penetration Techniques
|
|
8.3.1 |
|
Data Leakage: A Fundamental Problem
|
|
8.3.2 |
|
Intercepting Communications
|
|
8.3.2.1 |
|
Wiretapping
|
|
8.3.2.2 |
|
LAN Packet Capture
|
|
8.3.2.3 |
|
Optical Fiber
|
|
8.3.2.4 |
|
Wireless Communications
|
|
8.3.2.5 |
|
Van Eck Freakin
|
|
8.3.2.6 |
|
Trapping Login Information
|
|
8.3.3 |
|
Breaching Access Controls
|
|
8.3.3.1 |
|
Brute-Force Attacks
|
|
8.3.3.2 |
|
Intelligent Guesswork
|
|
8.3.3.3 |
|
Stealing
|
|
8.3.3.4 |
|
Dumpster Diving
|
|
8.3.3.5 |
|
Discarded Magnetic Media
|
|
8.3.4 |
|
Spying
|
|
8.3.5 |
|
Penetration Testing, Toolkits, and Techniques
|
|
8.3.5.1 |
|
Common Tools
|
|
8.3.5.2 |
|
Common Scans
|
|
8.3.5.3 |
|
Basic Exploits
|
|
8.3.5.4 |
|
Rootkits
|
|
8.3.6 |
|
Penetration via Web sites
|
|
8.3.6.1 |
|
Web System Architecture
|
|
8.3.6.2 |
|
Input Validation Exploits
|
|
8.3.6.3 |
|
File System Exploits
|
|
8.4 |
|
Political and Legal Issues
|
|
8.4.1 |
|
Exchange of System Penetration Information
|
|
8.4.2 |
|
Full Disclosure
|
|
8.4.3 |
|
Sources
|
|
8.4.3.1 |
|
Bulletin Board Systems
|
|
8.4.3.2 |
|
Usenet Groups
|
|
8.4.3.3 |
|
Publications
|
|
8.4.3.4 |
|
Hacker Support Groups
|
|
8.4.4 |
|
The Future of Penetration
|
|
8.5 |
|
Summary
|
|
8.6 |
|
Notes
|
|
8.7 |
|
For Further Reading
|
|
8.7.1 |
|
Web sites
|
|
8.7.2 |
|
Books
|
|
|
|