Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network

Michael Gregg, Stephen Watkins, George Mays, Chris Ries, Ronald M. Bandes, Brandon Franklin

  • 出版商: Syngress Media
  • 出版日期: 2006-12-27
  • 售價: $1,650
  • 貴賓價: 9.5$1,568
  • 語言: 英文
  • 頁數: 481
  • 裝訂: Paperback
  • ISBN: 1597491098
  • ISBN-13: 9781597491099
  • 立即出貨 (庫存 < 3)




A Unique and Refreshing Look at Network Security

The first thing many people think of when they hear the word hack is some type of malicious activity. Although some hacks are malicious, many are not. Nonmalicious hacks are about exploring the details of programmable systems and learning how they really work. They are explored by those who want to understand every detail of a system and how to stretch the capabilities of these systems beyond what they were originally designed to do.

Hack the Stack was written for those who seek to better understand and to gain a deeper knowledge of how TCP/IP systems really work. Such knowledge enables security professionals to make networks more secure.

• Extend OSI to Network Security: Use the well-known Open Systems Interconnect (OSI) model to see security topics in a new way.

• Defend the Physical Layer: Learn ways to avoid the loss of physical security, which can result in total exposure.

• Attack and Defend the Data Link Layer: Examine methods like ARP spoofing, MAC flooding, and using honeytokens.

• Understand IP Attacks: Learn how spoofing and evasion tasks can undermine the network layer.

• Detect Scans on Your Network: Understand port scanning techniques and utilities such as Scanrand, Wireshark, and Nmap.

• Avoid the Effects of Session Hijacking: See how Ettercap can be used for both malicious activity and to protect the session layer.

• Protect the Confidentiality of a Transaction: Use protocols such as IPSec to secure communications between two hosts.

• Analyze DNS and Its Weaknesses: See how DNS is susceptible to attacks that could lead to DoS or provide attackers with information.

• Make the Case for Stronger Security: Perform asset identification and valuation procedures.