Kevin Beaver - Hacking For Dummies

Given the COVID-19 situation, ensuring security is especially critical today. With so many people working from home and outside the traditional enterprise network security controls, hacking and related breaches are off the charts. It’s clear that businesses are having to adapt to new ways of working. IT and security professionals are also grappling with the associated emerging technologies, and that’s only further complicating security. It’s a tricky place to be and not an enviable position. Still, it represents an opportunity for learning and improving, so it’s not all bad.

This book will help you successfully navigate the craziness of the world as it relates to IT and security. I’ll also help you implement a proper vulnerability and penetration testing program, perform the right security checks, and put the necessary countermeasures in place to keep external hackers and malicious users in check.

Hacking For Dummies is a reference guide for hacking your systems to improve security and minimize business risks. The security testing techniques are based on written and unwritten rules of computer system vulnerability and penetration testing and information security best practices. This book covers everything from establishing your testing plan to assessing your systems to plugging the holes and managing an ongoing security testing program.

Realistically, for most networks, operating systems, and applications, thousands of possible vulnerabilities exist. I don’t cover them all, but I do cover the big ones on various platforms and systems that I believe contribute to most security problems in business today. I cover basic Pareto principle (80/20 rule) stuff, with the goal of helping you find the 20 percent of the issues that create 80 percent of your security risks. Whether you need to assess security vulnerabilities on a small home-office network, a medium-size corporate network, or across a large enterprise, Hacking For Dummies provides the information you need.

This book includes the following features:

Various technical and nontechnical tests and their detailed methodologies

Specific countermeasures to protect against hacking and breaches

Before you start testing your systems, familiarize yourself with the information in Part 1so that you’re prepared for the tasks at hand. The adage “If you fail to plan, you plan to fail” rings true for the security assessment process. You must have a solid game plan in place if you’re going to be successful.

Disclaimer: This book is intended solely for information technology (IT) and information security professionals to test the security of their (or their clients’) systems in an authorized fashion. If you choose to use the information in this book to hack or break into computer systems maliciously and without authorization, you’re on your own. Neither I (the author) nor anyone else associated with this book shall be liable or responsible for any unethical or criminal choices that you might make and execute using the methodologies and tools that I describe.

Okay, now that that’s out of the way, let’s get to the good stuff! This book is for you if you’re a network administrator, IT or information security manager, security consultant, security auditor, compliance manager, or otherwise interested in finding out more about evaluating computer systems, software, and IT operations for security flaws and, of course, making long-term improvements.

I also make a few assumptions about you, the aspiring information technology (IT) or security professional:

You’re familiar with basic computer, network, and information security concepts and terms.

You have access to a computer and a network on which to use these techniques and tools.

You have the go-ahead from your employer or your client to perform the hacking techniques described in this book.

Throughout this book, you’ll see the following icons in the margins.

This icon points out information that’s worth committing to memory.

This icon points out information that could have a negative effect on your vulnerability and penetration testing efforts — so please read it!

This icon refers to advice that can highlight or clarify an important point.

This icon points out technical information that’s interesting but not vital to your understanding of the topic being discussed.

First off, be sure to check out the Cheat Sheet associated with this book. You can access the Cheat Sheet by visiting dummies.com and searching for Hacking For Dummies . The Cheat Sheet is a great way to get you pointed in the right direction or get you back on track with your security testing program if needed.

Also, be sure to check out my website www.principlelogic.com , especially the Resources page.

The more you know about how external hackers and rogue insiders work and how your systems should be tested, the better you’re able to secure your computer and network systems. This book provides the foundation you need to develop and maintain a successful security assessment and vulnerability management program to minimize business risks.

Depending on your computer and network configurations, you may be able to skip certain chapters. For example, if you aren’t running Linux or wireless networks, you can skip those chapters. Just be careful. You may think you’re not running certain systems, but they could very well be on your network, somewhere, waiting to be exploited.

Keep in mind that the high-level concepts of security testing won’t change as often as the specific vulnerabilities you protect against. Vulnerability and penetration testing will always remain both an art and a science in a field that’s ever-changing. You must keep up with the latest hardware and software technologies, along with the various vulnerabilities that come about day after day and month after month. The good news is the vulnerabilities are often very predictable and, therefore, easy to discover and resolve.

You won’t find a single best way to hack your systems, so tweak this information to your heart’s content. And happy hacking!

Part 1

IN THIS PART …

Discover the basics of vulnerability and penetration testing.

Get a look inside a hacker’s head to understand why and how they do what they do.

Develop a security testing plan.

Understand the methodology for finding the most (and best) vulnerabilities.

Chapter 1

IN THIS CHAPTER

Understanding hackers’ and malicious users’ objectives

Examining how the security testing process came about