Hack I.T. - Security Through Penetration Testing
TeamPenetration testing—in which professional, "white hat" hackers attempt to break through an organization's security defenses—has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.
Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.
Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system—before the real hackers attack.
Specific topics covered in this book include:
- War dialing
- Hacking myths
- Web testing tools
- Remote control tools
- Social engineering methods
- The Windows NT Resource kit
- Numerous DoS attacks and tools
- Sniffers and password crackers
- Port scanners and discovery tools
- Application-level holes and defenses
- Announced versus unannounced testing
- Firewalls and intrusion detection systems
- Potential drawbacks of penetration testing
- Enumerating NT systems to expose security holes
- Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
- Penetration through the Internet, including zone transfer, sniffing, and port scanning

Review By: Mickey Epperson
07/09/2010
This book presents a three-step methodology for testing network and computer security through penetration. Section one describes the current state of computer hacking and the motivation for penetration testing. Section two describes the testing methodology and its application in three test scenarios, Internet penetration, dial-in penetration, and internal penetration. Section three describes the tools used to perform penetration testing by group, Discovery Tools, Port Scanners, Sniffers, Password Crackers, Windows NT Tools, and Web-Testing Tools.
This book is a beginner’s guide for penetration testing, and no prior knowledge of penetration testing is needed. However, knowledge of networks, TCP/IP, and network security is needed to perform a successful test.
I found it useful to have this book rather than searching for the information on the Web. There is a list of Web sites where you can find more information and mail lists you can join. The methodology presented for penetration testing is straightforward and produces documented, consistent, and repeatable tests. Much of the book is devoted to tools used to perform penetration testing. A description, use, and pros and cons are provided for each tool along with a reference to more information.
The first section of the book describes the hacker community today, the security consultant roles and responsibilities, and categorizes security vulnerabilities. Hackers range from the first-tier hacker who can find and exploit vulnerabilities, to the third-tier known as script kiddies. The majority of hackers fall into the second-tier, with a skill level equivalent to a system administrator or security team member. The roles, responsibilities, and skill level of a security consultant provide good background information if you are hiring a consultant to perform penetration testing, or you are interested in becoming a security consultant. The last chapter in the section describes each category of vulnerability and possibly counter measures.
Section two presents a methodology for penetrations testing. The three-step process consists of discovering the network topology, identifying possible vulnerabilities, and attempting to exploit the vulnerabilities to compromise the network. This gives the beginner a framework for consistent and repeatable testing. I like the importance the authors give to documenting the testing process. Internet penetration testing, dial-in penetration testing, and internal penetration testing are described along with the tools used in the testing process.
The third section describes the tools you can use, both commercial and noncommercial. The tools are grouped by the categories Discovery Tools, Port Scanners, Sniffers, Password Crackers, Windows NT Tools, and Web-Testing Tools. There is enough information about each tool to get you started and references to more information.