Home  >  Fourth Edition  >  Chapter 8
Chapter 8 –  Penetrating Computer Systems and Networks
     Chey Cobb
     Stephen Cobb, CISSP
     M. E. Kabay, PhD, CISSP

Chapter Contents:

   8.1    Security: More Than a Technical Issue
   8.1.1    Organizational Culture
   8.1.2    Chapter Organization
   8.2    Nontechnical Penetration Techniques
   8.2.1    Misrepresentation (Social Engineering)    Lying    Subversion
   8.2.2    Human Target Range
   8.2.3    Incremental Information Leveraging
   8.2.4    Data Scavenging
   8.3    Technical Penetration Techniques
   8.3.1    Data Leakage: A Fundamental Problem
   8.3.2    Intercepting Communications    Wiretapping    LAN Packet Capture    Optical Fiber    Wireless Communications    Van Eck Freakin    Trapping Login Information
   8.3.3    Breaching Access Controls    Brute-Force Attacks    Intelligent Guesswork    Stealing    Dumpster Diving    Discarded Magnetic Media
   8.3.4    Spying
   8.3.5    Penetration Testing, Toolkits, and Techniques    Common Tools    Common Scans    Basic Exploits    Rootkits
   8.3.6    Penetration via Web sites    Web System Architecture    Input Validation Exploits    File System Exploits
   8.4    Political and Legal Issues
   8.4.1    Exchange of System Penetration Information
   8.4.2    Full Disclosure
   8.4.3    Sources    Bulletin Board Systems    Usenet Groups    Publications    Hacker Support Groups
   8.4.4    The Future of Penetration
   8.5    Summary
   8.6    Notes
   8.7    For Further Reading
   8.7.1    Web sites
   8.7.2    Books

Please report problems to the webmaster at:
copyright 2002-2006, Robert Gezelter, All Rights Reserved