Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Hacking for Dummies", Kevin Beaver

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Hacking for Dummies", Kevin Beaver
Date: Wed, 25 Oct 2006 09:21:10 -0800 
BKHACKDM.RVW   20060910

"Hacking for Dummies", Kevin Beaver, 2004, 0-7645-5784-X,
U$24.99/C$35.99/UK#16.99
%A   Kevin Beaver kbeaver@principlelogic.com
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2004
%G   0-7645-5784-X
%I   John Wiley & Sons, Inc.
%O   U$24.99/C$35.99/UK#16.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/076455784X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/076455784X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/076455784X/robsladesin03-20
%O   Audience i- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   358 p.
%T   "Hacking for Dummies"

Why, yes, now that you mention it, I believe that I *did* use this
title in an April Fools joke back in 2002 (cf. BKHAKDUM.RVW).  Turns
out the joke's on me: this time they're serious.

Actually, the introduction points out that the book is about "ethical"
hacking (otherwise known as penetration testing), and is intended for
system administrators, information security managers, and security
consultants who want some tips on security assessment.  So it isn't
exactly a "hack to secure" book, but I can't be expected to be happy
about the title.

Part one is supposed to give you a foundation for ethical hacking. 
Chapter one, an introduction, sets out the usual "set a thief to catch
a thief" argument, lists some attack types, and recommends that
readers be ethical.  The usual "hacker mindset" stereotypes are in
chapter two.  Chapter three has a terse but reasonable list of
questions that may assist you in planning for a penetration test. 
Some initial sources of information that attackers will use to direct
their assaults are given in chapter four.

Part two purports to get you started on the attack itself.  Chapter
five has a basic but haphazard discussion of social engineering. 
Physical security is important, but the material in chapter six is
incomplete, and concentrates more on attacks than countermeasures. 
Random trivia about passwords is in chapter seven.

Part three turns to networks.  Chapter eight looks at wardialling.  (I
agree that the practice should not be ignored, if only to find
neglected modems, but the content is still obsolete.)  A list of
vulnerability scanning tools makes up chapter nine.  Wireless hacking,
in chapter ten, has a catalogue of tools, but also suggests useful
countermeasures.

Part four looks at hacking the operating system.  Chapter eleven
repeats the inventory of Windows tools, twelve repeats the Linux
utilities, and thirteen has different tools--because they are
especially for Novell Netware.

Part five moves to application hacks.  Poor information about malware,
and weak suggestions about testing, are in chapter fourteen.  Attacks
against email and instant messaging, in chapter fifteen, are random,
esoteric, and unrealistic.  The content about attacks directed against
web applications, in chapter sixteen, is disorganized and poorly
explained.

Part six deals with the outcomes and results of an ethical hack. 
Chapter seventeen provides a terse list of contents for penetration
test reports.  Rectifying security problems is minimally covered in
chapter eighteen.  Ongoing security assessment and awareness programs
are suggested in nineteen.

Part seven is the part of tens, comprising ten tips for getting
management "buy in" (for the idea of "ethical hacking") and ten
mistakes (in conducting a penetration test).

This book may be helpful as a source for suggesting vulnerability
scanning tools, but not much else.

copyright Robert M. Slade, 2006   BKHACKDM.RVW   20060910


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
90% of all infections are Stoned.
                             - the viral corollary to Sturgeon's Law
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Hacking for Dummies", Kevin Beaver, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "SSH The Secure Shell", Daniel J. Barrett/Richard E. Silverman, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] REVIEW: "Writing Secure Code", Michael Howard/David LeBlanc, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "SSH The Secure Shell", Daniel J. Barrett/Richard E. Silverman, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] REVIEW: "Writing Secure Code", Michael Howard/David LeBlanc, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]