The Ethical Hack

The Ethical Hack: A Framework for Business Value Penetration Testing

Published:
September 29, 2004 by Auerbach Publications - 352 Pages
Author(s):
James S. Tiller, Raleigh, North Carolina, USA

» Recommend to Librarian
Free Standard Shipping

Purchasing Options

Hardback
$91.95
Add to cart
ISBN 9780849316098
Cat# AU1609
eBook
Purchase >
ISBN 9780203495414
Cat# TFE1028
 

Features

A focus on on methodology over

  • technology. Hacker methods are relatively well known, so this book answers the desperate demand for details of how these processes work
  • Interpretation of results. The author recommends expert integration of testing results into security practice, which is surprisingly uncommon
  • Protecting the innocent. This book provides the framework for protecting security professionals and confidential information during testing
  • Politics and processes. The text highlights the need for proper communications, expectations, and metrics before testing
  • Testing procedures. The book is unique in connecting reconnaissance, data collection, vulnerability analysis, exploitation, analysis, and other testing components to overall business objectives

    • Summary

    There are many books that detail tools and techniques of penetration testing, but none of these effectively communicate how the information gathered from tests should be analyzed and implemented. Until recently, there was very little strategic information available to explain the value of ethical hacking and how tests should be performed in order to provide a company with insight beyond a mere listing of security vulnerabilities. Now there is a resource that illustrates how an organization can gain as much value from an ethical hack as possible.

    The Ethical Hack: A Framework for Business Value Penetration Testing explains the methodologies, framework, and "unwritten conventions" that ethical hacks should employ to provide the maximum value to organizations that want to harden their security. This book is unique in that it goes beyond the technical aspects of penetration testing to address the processes and rules of engagement required for successful tests. It examines testing from a strategic perspective, shedding light on how testing ramifications affect an entire organization.

    Security practitioners can use this resource to reduce their exposure and deliver a focused, valuable service to customers. Organizations will learn how to align the information about tools, techniques, and vulnerabilities that they gathered from testing with their overall business objectives.

    Table of Contents

    INTRODUCTION
    Perspectives of Value

    SECURITY AND HACKING
    Information Security
    Security Architecture
    Hacking Impacts

    THE FRAMEWORK
    Business Planning and Operations
    Reconnaissance
    Enumeration
    Vulnerability Analysis
    Exploitation
    Final Analysis
    Deliverable
    Integration

    INFORMATION SECURITY PROGRAM
    Scope of Information Security Programs
    The Process of Information Security
    Component Parts of Information Security Programs

    BUSINESS PLANNING AND OPERATIONS
    Business Objectives
    Security Policy
    Previous Test Results
    Business Challenges
    The Business of Security
    Reasoning
    Overall Expectations
    How Deep is Deep Enough?
    Timing is Everything
    Attack Type
    Source Point
    Required Knowledge
    Inherent Limitations
    Imposed Limitations
    Multi-Phased Attacks
    Teaming and Attack Structure
    The Security Consultant
    The Tester
    Logistics
    Technical Preparation
    Managing of the Engagement
    Scenario

    RECONNAISSANCE
    The Hacker
    Reconnaissance Techniques

    ENUMERATION
    Technical Objective
    Soft Objective
    Scope of Effort
    Looking Around or Attack?
    Preparing for the Next Phase

    VULNERABILITY ANALYSIS
    Weighing the Vulnerability
    Source Points
    Reporting Dilemma

    EXPLOITATION
    Intuitive Testing
    Evasion
    War Dialing
    Threads and Groups
    Operating Systems
    Password Crackers
    Rootkits
    Applications
    Network
    Services and Areas of Concern

    FINAL ANALYSIS
    Critical
    Warning
    Informational

    DELIVERABLE
    Overall Structure
    Aligning Findings
    Format

    INTEGRATION
    Mitigation
    Defense Planning
    Incident Management
    Security Policy

    CONCLUSION

    APPENDIX-SPOOFING AND SEQUENCE ATTACK

    Editorial Reviews

    "[I]n this comprehensive work author James Tiller explains not only why ethical hacks are viable, but also why they are critical. … [This] is one of the most complete books on penetration testing available."
    - Security Management, August 2005



    "Jim Tiller has created an outstanding book that describes in detail the right way to conduct a thorough penetration test. As more and more people offer penetration testing services, our industry needs a base line of solid practices to help separate the professionals from the charlatans. Jim's book describes such practices, including the policies, procedures, and technical insights that come from years of in-the-trenches experience."
    Ed Skoudis, VP of Security Strategy, Global Integrity, from the Foreword
    "This book differentiates itself by presenting a structured approach to testing an organization's security…Tiller's writing style makes the book easy to follow, and he uses plenty of real-world examples…the framework that Tiller describes will remain valid because security's fundamental aspects will change slowly."
    -IEEE Security & Privacy, 2005

    Related Titles

     
    About Us
    Resources
    Textbooks
    Other CRC Press Sites
    Featured Authors
    STAY CONNECTED
    Facebook Page for CRC Press Twitter Page for CRC Press You Tube Channel for CRC Press LinkedIn Page for CRC Press Google Plus Page for CRC Press
    Sign Up for Email Alerts
    © 2013 Taylor & Francis Group, LLC. All Rights Reserved. Privacy Policy | Cookie Use | Shipping Policy | Contact Us