Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, 3/e (Paperback)

Joel Scambray

  • 出版商: McGraw-Hill Education
  • 出版日期: 2007-12-25
  • 售價: $1,990
  • 貴賓價: 9.5$1,891
  • 語言: 英文
  • 頁數: 451
  • 裝訂: Paperback
  • ISBN: 007149426X
  • ISBN-13: 9780071494267
  • 相關分類: 資訊安全駭客 Hack
  • 海外代購書籍(需單獨結帳)
    無現貨庫存(No stock available)




"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell

Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:

  • Establish business relevance and context for security by highlighting real-world risks
  • Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
  • Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
  • Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
  • Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
  • See up close how professional hackers reverse engineer and develop new Windows exploits
  • Identify and eliminate rootkits, malware, and stealth software
  • Fortify SQL Server against external and insider attacks
  • Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats
  • Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization

Install and configure a TV tuner, a cable card, and an external hard drive

Table of Contents

Chapter 1 - Information Security Basics
Chapter 2 - Windows Attack Strategies
Chapter 3 - Footprinting and Scanning
Chapter 4 - Enumeration
Chapter 5 - Hacking Windows-Specific Services
Chapter 6 - Windows Vulnerability Discovery & Exploitation
Chapter 7 - Post-Exploit Pillaging
Chapter 8 - Stealth
Chapter 9 - Hacking SQL Server
Chapter 10 - Hacking Windows Internet Clients
Chapter 11 - Physical Attacks
Chapter 12 - Windows Security Features and Tools
AppendiX A - WS03 Windows Security Checklist
Appendix B - About the Companion Website



"保護Windows從閱讀這本書開始。" - James Costello(CISSP)IT安全專家,Honeywell

以獨特的Hacking Exposed "攻擊-對策"方法應對Windows安全挑戰。學習現實世界惡意駭客如何對目標進行偵察,然後利用客戶端和服務器上的常見配置錯誤和軟件漏洞。觀看領先的攻擊技術示範,並了解Windows XP、Vista和Server 2003/2008中的最新對策如何減輕這些攻擊。根據作者和貢獻者多年作為安全專業人員被聘用來入侵全球最大IT基礎設施的經驗,獲得實用建議。當您學會以下技能時,可以顯著提高各種規模的Microsoft技術部署的安全性:

- 通過突出現實世界風險,確立安全的業務相關性和上下文
- 從駭客的角度深入了解Windows安全架構,揭示可以輕易避免的舊和新漏洞
- 了解駭客如何使用偵察技術,如足跡、掃描、橫幅抓取、DNS查詢和Google搜索來定位易受攻擊的Windows系統
- 學習如何使用簡單的NetBIOS、SMB、MSRPC、SNMP和Active Directory枚舉技術從Windows中匿名提取信息
- 預防最新的遠程網絡攻擊,如通過WMI和Terminal Server進行密碼研磨、被動Kerberos登錄嗅探、偽造服務器/中間人攻擊和破解易受攻擊的服務
- 近距離觀察專業駭客如何逆向工程和開發新的Windows漏洞
- 識別和消除rootkit、惡意軟件和隱蔽軟件
- 加強SQL Server防範外部和內部攻擊
- 加固客戶端和用戶對抗最新的電子郵件釣魚、間諜軟件、廣告軟件和Internet Explorer威脅
- 部署和配置最新的Windows安全對策,包括BitLocker、完整性級別、用戶帳戶控制、更新的Windows防火牆、群組策略、Vista服務重構/加固、SafeSEH、GS、DEP、Patchguard和地址空間布局隨機化



第1章 - 信息安全基礎
第2章 - Windows攻擊策略
第3章 - 足跡和掃描
第4章 - 枚舉
第5章 - 點對點攻擊Windows特定服務
第6章 - Windows漏洞發現和利用
第7章 - 攻擊後的掠奪
第8章 - 隱蔽
第9章 - 駭客SQL Server
第10章 - 駭客Windows互聯網客戶端
第11章 - 物理攻擊
第12章 - Windows安全功能和工具