Thông tin tài liệu
www.it-ebooks.info
HACKING EXPOSED
™
6:
NETWORK SECURITY
SECRETS & SOLUTIONS
www.it-ebooks.info
This page intentionally left blank
www.it-ebooks.info
HACKING EXPOSED
™
6:
NETWORK SECURITY
SECRETS & SOLUTIONS
STUART M C CLURE
JOEL SCAMBRAY
GEORGE KURTZ
New York Chicago San Francisco
Lisbon London Madrid Mexico City
Milan New Delhi San Juan
Seoul Singapore Sydney Toronto
www.it-ebooks.info
Copyright © 2009 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of 1976,
no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without
the prior written permission of the publisher.
ISBN: 978-0-07-161375-0
MHID: 0-07-161375-7
The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-161374-3, MHID: 0-07-161374-9.
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name,
we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where
such designations appear in this book, they have been printed with initial caps.
McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training pro-
grams. To contact a representative please visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or
mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any
information and is not responsible for any errors or omissions or the results obtained from the use of such information.
TERMS OF USE
This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use
of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the
work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, dis-
seminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own non-
commercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to com-
ply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE
ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY
INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DIS-
CLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MER-
CHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the func-
tions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its
licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages
resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances
shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from
the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.
www.it-ebooks.info
For my beautiful boys, ilufaanmw…
For Samantha, lumlg… tml!!! -
—Stuart
To my little Rock Band: you are my idols.
—Joel
To my loving family, Anna, Alexander, and Allegra,
who provide inspiration, guidance, and unwavering
support. To my mom, Victoria, for helping me defi ne
my character and for teaching me to overcome
adversity.
—George
www.it-ebooks.info
vi
Hacking Exposed 6: Network Security Secrets & Solutions
ABOUT THE AUTHORS
Stuart McClure, CISSP, CNE, CCSE
Widely recognized for his extensive and in-depth knowledge of security
products, Stuart McClure is considered one of the industry’s leading
authorities in information security today. A well-published and acclaimed
security visionary, McClure has over two decades of technology and
executive leadership with profound technical, operational, and financial
experience.
Stuart McClure is Vice President of Operations and Strategy for the
Risk & Compliance Business Unit at McAfee, where he is responsible for the health and
advancement of security risk management and compliance products and service
solutions. In 2008, Stuart McClure was Executive Director of Security Services at Kaiser
Permanente, the world’s largest health maintenance organization, where he oversaw 140
security professionals and was responsible for security compliance, oversight, consulting,
architecture, and operations. In 2005, McClure took over the top spot as Senior Vice
President of Global Threats, running all of AVERT. AVERT is McAfee’s virus, malware,
and attack detection signature and heuristic response team, which includes over 140 of
the smartest programmers, engineers, and security professionals from around the world.
His team monitored global security threats and provided follow-the-sun signature
creation capabilities. Among his many tactical responsibilities, McClure was also
responsible for providing strategic vision and marketing for the teams to elevate the
value of their security expertise in the eyes of the customer and the public. Additionally,
he created the semiannual Sage Magazine, a security publication dedicated to monitoring
global threats.
Prior to taking over the AVERT team, Stuart McClure was Senior Vice President of
Risk Management Product Development at McAfee, Inc., where he was responsible for
driving product strategy and marketing for the McAfee Foundstone family of risk
mitigation and management solutions. Prior to his role at McAfee, McClure was founder,
president, and chief technology officer of Foundstone, Inc., which was acquired by
McAfee in October 2004 for $86M. At Foundstone, McClure led both the product vision
and strategy for Foundstone, as well as operational responsibilities for all technology
development, support, and implementation. McClure drove annual revenues over
100 percent every year since the company’s inception in 1999. McClure was also the
author of the company’s primary patent #7,152,105.
In 1999, he created and co-authored Hacking Exposed: Network Security Secrets &
Solutions, the best-selling computer security book, with over 500,000 copies sold to date.
The book has been translated into more than 26 languages and is ranked the #4 computer
book ever sold—positioning it as one of the best-selling security and computer books in
history. McClure also co-authored Hacking Exposed Windows 2000 (McGraw-Hill
Professional) and Web Hacking: Attacks and Defense (Addison-Wesley).
Prior to Foundstone, McClure held a variety of leadership positions in security and
IT management, with Ernst & Young’s National Security Profiling Team, two years as an
industry analyst with InfoWorld’s Test Center, five years as director of IT for both state
www.it-ebooks.info
About the Authors
vii
and local California government, two years as owner of his own IT consultancy, and two
years in IT with the University of Colorado, Boulder.
McClure holds a bachelor’s degree in psychology and philosophy, with an emphasis in
computer science applications from the University of Colorado, Boulder. He later earned
numerous certifications including ISC2’s CISSP, Novell’s CNE, and Check Point’s CCSE.
Joel Scambray, CISSP
Joel Scambray is co-founder and CEO of Consciere, a provider of strategic
security advisory services. He has assisted companies ranging from newly
minted startups to members of the Fortune 50 in addressing information
security challenges and opportunities for over a dozen years.
Scambray’s background includes roles as an executive, technical
consultant, and entrepreneur. He was a senior director at Microsoft
Corporation, where he led Microsoft’s online services security efforts for
three years before joining the Windows platform and services division to focus on
security technology architecture. Joel also co-founded security software and services
startup Foundstone, Inc., and helped lead it to acquisition by McAfee for $86M. He has
also held positions as a Manager for Ernst & Young, Chief Strategy Officer for Leviathan,
security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and
director of IT for a major commercial real estate firm.
Joel Scambray has co-authored Hacking Exposed: Network Security Secrets & Solutions
since helping create the book in 1999. He is also lead author of the Hacking Exposed Windows
and Hacking Exposed Web Applications series (both from McGraw-Hill Professional).
Scambray brings tremendous experience in technology development, IT operations
security, and consulting to clients ranging from small startups to the world’s largest
enterprises. He has spoken widely on information security at forums including Black
Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT,
The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and
government agencies such as the Korean Information Security Agency (KISA), FBI, and
the RCMP.
Scambray holds a bachelor’s of science from the University of California at Davis, an MA
from UCLA, and he is a Certified Information Systems Security Professional (CISSP).
George Kurtz, CISSP, CISA, CPA
Former CEO of Foundstone and current Senior Vice President & General
Manager of McAfee’s Risk & Compliance Business Unit, George Kurtz is
an internationally recognized security expert, author, and entrepreneur, as
well as a frequent speaker at most major industry conferences. Kurtz has
over 16 years of experience in the security space and has helped hundreds
of large organizations and government agencies tackle the most demanding
security problems. He has been quoted or featured in many major
publications, media outlets, and television programs, including CNN, Fox News, ABC
World News, Associated Press, USA Today, Wall Street Journal, The Washington Post, Time,
ComputerWorld, eWeek, CNET, and others.
www.it-ebooks.info
viii
Hacking Exposed 6: Network Security Secrets & Solutions
George Kurtz is currently responsible for driving McAfee’s worldwide growth in the
Risk & Compliance segments. In this role, he has helped transform McAfee from a point
product company to a provider of Security Risk Management and Compliance
Optimization solutions. During his tenure, McAfee has significantly increased its overall
enterprise average selling price (ASP) and its competitive displacements. Kurtz formerly
held the position of SVP of McAfee Enterprise, where he was responsible for helping to
drive the growth of the enterprise product portfolio on a worldwide basis.
Prior to his role at McAfee, Kurtz was CEO of Foundstone, Inc., which was acquired
by McAfee in October 2004. In his position as CEO, Kurtz brought a unique combination
of business acumen and technical security know-how to Foundstone. Having raised over
$20 million in financing, Kurtz positioned the company for rapid growth and took the
company from startup to over 135 people and in four years. Kurtz’s entrepreneurial
spirit positioned Foundstone as one of the premier “pure play” security solutions
providers in the industry.
Prior to Foundstone, Kurtz served as a senior manager and the national leader of
Ernst & Young’s Security Profiling Services Group. During his tenure, Kurtz was
responsible for managing and performing a variety of eCommerce-related security
engagements with clients in the financial services, manufacturing, retailing,
pharmaceuticals, and high technology industries. He was also responsible for co-
developing the “Extreme Hacking” course. Prior to joining Ernst & Young, he was a
manager at Price Waterhouse, where he was responsible for developing their network-
based attack and penetration methodologies used around the world.
Under George Kurtz’s direction, he and Foundstone have received numerous awards,
including Inc.’s “Top 500 Companies,” Software Council of Southern California’s
“Software Entrepreneur of the Year 2003” and “Software CEO of the Year 2005,” Fast
Company’s “Fast 50,” American Electronics Association’s “Outstanding Executive,”
Deloitte’s “Fast 50,” Ernst & Young’s “Entrepreneur of the Year Finalist,” Orange County’s
“Hottest 25 People,” and others.
Kurtz holds a bachelor of science degree from Seton Hall University. He also holds
several industry designations, including Certified Information Systems Security
Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Public
Accountant (CPA). He was recently granted Patent #7,152,105 - “System and method for
network vulnerability detection and reporting.” Additional patents are still pending.
About the Contributing Authors
Nathan Sportsman is an information security consultant whose experience includes
positions at Foundstone, a division of McAfee; Symantec; Sun Microsystems; and Dell.
Over the years, Sportsman has had the opportunity to work across all major verticals
and his clients have ranged from Wall St. and Silicon Valley to government intelligence
agencies and renowned educational institutions. His work spans several service lines,
but he specializes in software and network security. Sportsman is also a frequent public
speaker. He has lectured on the latest hacking techniques for the National Security
Agency, served as an instructor for the Ultimate Hacking Series at Black Hat, and is a
regular presenter for various security organizations such as ISSA, Infragard, and
www.it-ebooks.info
About the Authors
ix
OWASP. Sportsman has developed several security tools and was a contributor to the
Solaris Software Security Toolkit (SST). Industry designations include the Certified
Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler
(GCIH). Sportsman holds a bachelor’s of science in electrical and computer engineering
from The University of Texas at Austin.
Brad Antoniewicz is the leader of Foundstone’s network vulnerability and assessment
penetration service lines. He is a senior security consultant focusing on internal and
external vulnerability assessments, web application penetration, firewall and router
configuration reviews, secure network architectures, and wireless hacking. Antoniewicz
developed Foundstone’s Ultimate Hacking wireless class and teaches both Ultimate
Hacking Wireless and the traditional Ultimate Hacking classes. Antoniewicz has spoken
at many events, authored various articles and whitepapers, and developed many of
Foundstone’s internal assessment tools.
Jon McClintock is a senior information security consultant located in the Pacific
Northwest, specializing in application security from design through implementation
and into deployment. He has over ten years of professional software experience, covering
information security, enterprise and service-oriented software development, and
embedded systems engineering. McClintock has worked as a senior software engineer
on Amazon.com’s Information Security team, where he worked with software teams to
define security requirements, assess application security, and educate developers about
security software best practices. Prior to Amazon, Jon developed software for mobile
devices and low-level operating system and device drivers. He holds a bachelor’s of
science in computer science from California State University, Chico.
Adam Cecchetti has over seven years of professional experience as a security engineer
and researcher. He is a senior security consultant for Leviathan Security Group located
in the Pacific Northwest. Cecchetti specializes in hardware and application penetration
testing. He has led assessments for the Fortune 500 in a vast array of verticals. Prior to
consulting, he was a lead security engineer for Amazon.com, Inc. Cecchetti holds a
master’s degree in electrical and computer engineering from Carnegie Mellon
University.
About the Tech Reviewer
Michael Price, research manager for McAfee Foundstone, is currently responsible for
content development for the McAfee Foundstone Enterprise vulnerability management
product. In this role, Price works with and manages a global team of security researchers
responsible for implementing software checks designed to detect the presence of
vulnerabilities on remote computer systems. He has extensive experience in the
information security field, having worked in the areas of vulnerability analysis and
security software development for over nine years.
www.it-ebooks.info
[...]... 7 43 79 Part II System Hacking ▼ 4 Hacking Windows 157 ▼ 5 Hacking Unix 223 Part III Infrastructure Hacking ▼ ▼ ▼ ▼ 6 7 8 9 Remote Connectivity and VoIP Hacking Network Devices Wireless Hacking Hacking Hardware ... Hardware 315 387 445 493 Part IV Application and Data Hacking ▼ 10 Hacking Code 519 ▼ 11 Web Hacking 543 ▼ 12 Hacking the Internet User 585 xi www.it-ebooks.info xii Hacking Exposed 6: Network Security Secrets & Solutions Part V Appendixes ▼ A Ports ... Brute-Force Scripting—The Homegrown Way A Final Note About Brute-Force Scripting PBX Hacking Voicemail Hacking Virtual Private Network (VPN) Hacking Basics of IPSec VPNs Voice over IP Attacks ... participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cybercrime —Dave DeWalt President and CEO, McAfee, Inc www.it-ebooks.info ACKNOWLEDGMENTS T he authors of Hacking Exposed 6 would like to sincerely thank the incredible McGraw-Hill Professional editors and production staff who worked on the sixth edition, including Jane Brownlow and... motivation and opportunity to do bad things, turns his or her attention your way Then watch the light bulbs go off… xxv www.it-ebooks.info xxvi Hacking Exposed 6: Network Security Secrets & Solutions What’s New in the Sixth Edition Our infinite mission with Hacking Exposed is to continually update and provide security analysis of the latest technologies for the network, host, application, and database... configurations, hacking IPsec VPN servers, attacking IKE Aggressive Mode, SIP scanning and enumeration, SIP flooding hacks, and TFTP tricks to discover VoIP treasures • New footprinting, scanning, and enumeration techniques that can go completely undetected • Newly condensed denial of service appendix giving you only what you need to know • Updated coverage of Hacking the Internet User” and Hacking Code”... target, 10 being superuser-account compromise or equivalent Risk Rating: The overall risk rating (average of the preceding three values) To Everyone Message to all readers: as with all prior editions of Hacking Exposed, take the book in chunks, absorb its rich content in doses, and test everything we show you There is no better way to learn than to “do.” Take all the prescriptive text we have accumulated... Summary 447 447 453 458 462 463 466 470 471 472 475 476 477 478 479 480 484 486 487 488 491 ▼ 9 Hacking Hardware 493 Physical Access: Getting in the Door Hacking Devices Default Configurations Owned Out of the Box... Summary 494 501 505 505 505 506 506 506 508 510 513 514 www.it-ebooks.info Contents Part IV Application and Data Hacking Case Study: Session Riding 516 ▼ 10 Hacking Code 519 Common Exploit Techniques Buffer Overflows and Design Flaws ... Recommended Further Reading Summary 520 520 527 530 530 532 539 541 542 ▼ 11 Web Hacking 543 Web Server Hacking Sample Files Source Code Disclosure Canonicalization . hacking. Antoniewicz
developed Foundstone’s Ultimate Hacking wireless class and teaches both Ultimate
Hacking Wireless and the traditional Ultimate Hacking. . 79
Part II System Hacking
▼ 4 Hacking Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
▼ 5 Hacking Unix . . . .
Ngày đăng: 18/02/2014, 15:20
Xem thêm: Tài liệu Hacking Exposed, 6th Edition pptx, Tài liệu Hacking Exposed, 6th Edition pptx