Full Download PDF of (Ebook PDF) Computer Security and Penetration Testing 2nd Edition All Chapter

(eBook PDF) Computer Security and
Penetration Testing 2nd Edition

Go to download the full and correct content document:
https://ebooksecure.com/product/ebook-pdf-computer-security-and-penetration-testin
g-2nd-edition/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Computer and Information Security Handbook - eBook PDF
https://ebooksecure.com/download/computer-and-information-
security-handbook-ebook-pdf/
Computer Security: Principles and Practice 4th Edition

(eBook PDF)
http://ebooksecure.com/product/computer-security-principles-and-
practice-4th-edition-ebook-pdf/
(eBook PDF) Computer Security Principles and Practice

4th Edition
http://ebooksecure.com/product/ebook-pdf-computer-security-
principles-and-practice-4th-edition/
(eBook PDF) Computer Security Fundamentals 4th Edition
fundamentals-4th-edition/
Principles of Computer Security Fourth Edition - eBook
PDF
https://ebooksecure.com/download/principles-of-computer-security-
ebook-pdf/
Principles of Computer Security: CompTIA Security+ and

Beyond (Exam SY0-601), 6th Edition Greg White - eBook
PDF
comptia-security-and-beyond-exam-sy0-601-6th-edition-ebook-pdf/
Principles of Computer Security: CompTIA Security+ and

Beyond Lab Manual (Exam SY0-601) 1st Edition - eBook
PDF
comptia-security-and-beyond-lab-manual-exam-sy0-601-ebook-pdf/
(eBook PDF) Computer Security Principles Practice 3rd

Global Edition
principles-practice-3rd-global-edition/
(Original PDF) Psychological Testing and Assessment 2e

2nd Edition
http://ebooksecure.com/product/original-pdf-psychological-
testing-and-assessment-2e-2nd-edition/
vi Table of Contents
CHAPTER 3
Scanning Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Evolution of Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
How Scanners Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Types of Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
TCP Connect Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Half-Open Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
UDP Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
IP Protocol Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Ping Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Stealth Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Review of Scanner Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Vulnerability Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Exploitation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
CHAPTER 4
Sniffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Sniffer Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Bundled Sniffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Commercial Sniffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Free Sniffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Sniffer Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Sniffer Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Placement of a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Data Transfer over a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Role of a Sniffer on a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Sniffer Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Wireshark (Ethereal). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
tcpdump/WinDump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Snort. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Network Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Cain and Abel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Kismet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Fluke Networks Protocol Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Detecting a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
DNS Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Network Latency Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Ping Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Source-Route Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Decoy Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Time Domain Reflectometer (TDR) Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Copyright 201 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Table of Contents vii
Protecting Against a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Secure Sockets Layer (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME). . . . . . . . . . . . . . 88
Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
More Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
CHAPTER 5
TCP/IP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Introduction to TCP/IP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Data Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
IP (Internet Protocol) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Connection Setup and Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
TCP/IP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Vulnerabilities in TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
IP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Source Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Connection Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
ICMP Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
TCP SYN Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
RIP Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Securing TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
IP Security Architecture (IPSec) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Hands-On Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
CHAPTER 6
Encryption and Password Cracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Introduction to Encryption and Password Cracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Symmetric and Asymmetric Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Symmetric Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Asymmetric Key Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Descriptions of Popular Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Symmetric Key Ciphers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Asymmetric Key Ciphers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Cryptographic Hash Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Attacks on Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Dictionary Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Hybridization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Brute-Force Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Observation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Keyloggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
viii Table of Contents
Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Sniffing Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Password File Stealing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Password Crackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Aircrack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Cain & Abel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
John the Ripper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
THC Hydra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
L0phtCrack and Lc6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
CHAPTER 7
Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
The Process of an IP Spoofing Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Costs of Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Kinds of Tangible Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Types of Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Blind Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Active Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
IP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
ARP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Web Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
DNS Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Spoofing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Mausezahn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Ettercap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Arpspoof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Prevention and Mitigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
CHAPTER 8
Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
TCP Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Session Hijacking – Hacker’s Point of View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
TCP Session Hijacking with Packet Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Session Hijacking Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Hunt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
UDP Hijacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Prevention and Mitigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Storm Watching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Table of Contents ix
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
CHAPTER 9
Hacking Network Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Categories of Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Concealed Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Routers and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Attacks on Routers and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Router Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Limitations of Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Types and Methods of Firewall Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Threats through VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Ways to Safeguard a Network from Attacks through VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
CHAPTER 10
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
How Trojan Horses Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Functions of a Trojan Horse Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Famous Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
PC-Write (1986). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
AIDS.exe/PC Cyborg (1989) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Back Orifice (1998) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Pretty Park (1999) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
NetBus (2001) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
SubSeven (1999) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
BO2K (2000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Zeus Trojan (2007) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Detection and Prevention of Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Detecting Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Distributing Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
x Table of Contents
CHAPTER 11
Denial-of-Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Causes of DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Types of DoS Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Preventable DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Non-Preventable DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Flood Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Software Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Isolated Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Distributed Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Known DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
TCP SYN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
SMURF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Known DDoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Trinoo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Stacheldraht. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Prevention and Mitigation of DoS and DDoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Prevention Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Mitigation of DoS and DDoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
CHAPTER 12
Buffer Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Standard Execution of a C Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Types of Buffer Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Stack Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Process of a Stack Overflow Exploit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Heap Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
More Methods for Causing a Buffer Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Character-Set Encoding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Nybble-to-Byte Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Buffer Overflows: Detection and Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Detecting Buffer Overflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Preventing Buffer Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Hands-On Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
CHAPTER 13
Programming Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
C and C++. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Vulnerabilities in the C and C++ Programming Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
C and C++ Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Table of Contents xi
.NET Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Vulnerabilities in the .NET Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Countering .NET Framework Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
HTML5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Vulnerabilities in HTML5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Countering HTML5 Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Java and JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Security Vulnerabilities in Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Vulnerabilities in JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Countering Java and JavaScript Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
CHAPTER 14
Mail Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Major Mail Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Simple Mail Transfer Protocol (SMTP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Post Office Protocol (POP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Internet Message Access Protocol (IMAP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Server Application Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Microsoft Exchange Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
IBM Lotus Domino Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
E-mail Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
List-Linking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
E-mail Bombing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
E-mail Spamming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
E-mail Sniffing and Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
E-mail Attachments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
419s, Scams, and Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Browser-Based Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Microsoft Outlook 2010. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Mozilla Thunderbird 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Opera Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Personal E-mail Security Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Corporate E-mail Security Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
CHAPTER 15
Web Application Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Why the Web Is Vulnerable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Weak Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
xii Table of Contents
Unsecure Software Configuration. . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Ease of Information Distribution . . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Availability of Hacking Tools . . . . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Increasing Opportunities for Internet-Related Criminal Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Web Server Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Unsecure Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Unsecure Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Threats from Insiders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Weaknesses in Site Administration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Weaknesses in Application or Protocol Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Weaknesses in Operating System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Coding Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Implementation Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Protection against Web Application Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Securing the Operating System and the Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Monitoring the Server for Suspicious Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Controlling Access to Confidential Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Protecting the Web Server on a LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Checking for Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Web-Browser Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Cache File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
History File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Location of Web Files Cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Browser Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Session ID Exploits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Web-Browser Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
CHAPTER 16
Windows Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Windows Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Windows Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Windows Server 2008. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Windows 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Windows 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Vulnerabilities in Windows Server 2008/XP/Vista/7/8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Default Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
File Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Trust Relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Windows Server 2008 Viewer Buffer Overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Vulnerabilities to Obtain or Elevate Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
RPC Service Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
SMTP MX Record Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Code Execution Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Table of Contents xiii
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Hands-On Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
CHAPTER 17
UNIX/Linux Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
UNIX-Based Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Linux Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Vulnerabilities from Default Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Basic Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Login Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Bad System Administration Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Utility Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Trivial File Transfer Protocol (TFTP) Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Kernel Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Printing Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Vulnerability in mem_write Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Integer Overflow Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Buffer Overflow Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
UseLogin Vulnerability of OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
wu-ftpd Exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
BIND Exploit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
CHAPTER 18
Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Need for Incident Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Types of Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Approach to Incident Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Detection Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Phases of Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Preparation for Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Classification of Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Establishing the Impact of an Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Establishing the Likelihood of an Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Reporting and Communicating Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Reporting the Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Communicating the Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Eliminating the Bug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Correcting the Root Problem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Identifying and Implementing the Steps to Fix the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Denial-of-Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
xiv Table of Contents
Recovering from Incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Reinstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Resuming work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Postmortem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Identifying the Root Cause of the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Identifying Short-Term and Long-Term Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Identifying Actions for Any Unpredictable Incident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Implementing the Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Tracking Hackers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Generic to Specific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Specific to Generic to Specific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Emergency Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Introduction
This text was written to provide a large number of options for further study for interested
individuals or enrolled students who desire an accurate and interesting introduction to the
fascinating realm of network security.
This work is designed to give students, professionals, and hobbyists accurate and well-
researched examples of current security topics. The field of information security changes
quickly, and this text is formulated to provide a solid foundation to enable the reader to
understand and differentiate between hype and fact. Readers will acquire a firm grasp of the
concepts and history of network development and network security as they have evolved.
This platform is anchored to real-world examples and techniques to glean the most useful
information from the Internet. It is intended to burst the mystique, shine a light into how and
why people attack computers and networks, and prepare the reader with the right techniques
to begin winning the network security game.
This text is primarily intended for students in the second or third year of programs in:
● Information technology
● Network security
● Network engineering
● Computer science
xv
xvi Introduction
This work is also valuable to upper management of small companies that do not have
IT departments, and it will bring IT professionals up-to-date on the latest security
concepts.
Organization and Coverage

Computer Security and Penetration Testing, Second Edition, introduces students to a wide
range of topics related to computer security issues. Chapter 1 provides an overview of hacking
and cracking and discusses ethical considerations surrounding these often misunderstood
activities. Chapters 2 through 6 give a broad overview of the basic concepts that are funda-
mental to the practice of ethical hacking. Chapter 2 begins with reconnaissance techniques
and compares legal and illegal techniques used by hackers to acquire the information neces-
sary to launch attacks. Chapters 3 and 4 cover the use of scanning tools and sniffers, critical
tools in the arsenals of both crackers and computer security professionals. Chapters 5 and 6
cover TCP/IP networking as well as encryption and password cracking—topics about which
no security professional can afford to be ignorant.
Chapters 7 through 13 focus on specific types of attacks and their countermeasures, including
spoofing, session hijacking, network device hacking, Trojan horses, denial-of-service attacks,
buffer overflows, and programming exploits.
In Chapters 14 through 17, the discussion turns to known vulnerabilities in existing soft-
ware. Chapters 14 and 15 cover vulnerabilities in the protocols and software implemen-
tations used for Internet mail and Web servers. Chapters 16 and 17 turn to two popular
operating systems—Windows and Linux—and describe some of the vulnerabilities inher-
ent in the systems themselves as well as those vulnerabilities that result from user error
or misconfiguration.
Finally, Chapter 18 covers the important topic of incident handling—what steps to take and
policies to follow when a security-related incident is detected on a network.
Features
Read This Before You Begin
Technical considerations and assumptions about hardware, software, and lab setup are listed
in one place early in the book to save time and eliminate surprises later on in the book.
Chapter Objectives
Each chapter begins with a list of the concepts to be mastered. This list gives you a quick
reference to the chapter’s contents and serves as a useful study aid.
Tips
Tips provide additional information, such as background information on a technology, mis-
takes to watch out for, or Web resources where users can obtain more information.
Introduction xvii
Chapter Summaries
Each chapter contains a summary of the key content covered in the chapter, which serves as
a helpful tool for study and for reinforcing the main ideas presented in the chapter.
Key Terms
All terms in the chapter introduced with bold text are gathered together in the Key Terms list
at the end of the chapter, with a full definition for each term. This list encourages a more
thorough understanding of the chapter’s key concepts and is a useful reference.
Review Questions
The end-of-chapter assessment begins with review questions that reinforce the main concepts
and techniques covered in each chapter. Answering these questions helps ensure that you
have mastered important topics.
Hands-On Projects
Projects at the end of each chapter provide students with the ability to apply some of the con-
cepts they have read about in the chapter. The ability to “learn-by-doing” helps students soli-
dify their understanding of the material.
Text and Graphic Conventions

Tips offer extra information on resources and how to solve problems.
Each Hands-On Project in this book is preceded by the activity icon

and a description of the exercise that follows.
Online Instructor Resources

The following supplemental materials are available when this book is used in a classroom set-
ting. All the supplements available with this book are online at www.cengage.com.
Instructor’s Manual
The Instructor’s Manual that accompanies this book includes additional instructional mate-
rial to assist in class preparation, including suggestions for classroom activities, discussion
topics, and additional projects.
Solutions
The answers to all end-of-chapter material, including the Review Questions and, where
applicable, Hands-On Projects, are provided.
xviii Introduction
ExamView®
This book is accompanied by ExamView®, a powerful testing software package that allows
instructors to create and administer printed, computer (LAN-based), and Internet exams. Exam-
View® includes hundreds of questions that correspond to the topics covered in this text,
enabling students to generate detailed study guides that include page references for further
review. The computer-based and Internet testing components allow students to take exams at
their computers and also save the instructor time by grading each exam automatically.
PowerPoint® Presentations
This book comes with Microsoft® PowerPoint® slides for each chapter. These are included as
a teaching aid for classroom presentation, to make available to students on the network for
chapter review, or to be printed for classroom distribution. Instructors, please feel free to
add your own slides for additional topics you introduce to the class.
Figure Files
All of the figures are reproduced and can be used to customize the PowerPoint® slides or
made available to students for review.
Read This Before You Begin

This book assumes that the student will have access to a networked PC running a current ver-
sion of Linux. The computer should also have Internet access. In the Hands-On Projects at the
end of Chapter 1, general instructions are given for setting up a PC to be used for this book.
Note that the specific machine requirements listed are a suggestion, and that other configura-
tions may work as well. In general, any current, standard Linux distribution should work.
Throughout the book, students will occasionally need to download software from the Internet
and install it. Specific instructions are given where necessary. The text also references a
“central Linux server” that the instructor may wish to set up to provide a central location
from which students can access software or files. (For example, in Chapter 6, the instructor
will need to provide students with a sample “passwd” file that students can use to practice
using password-cracking software.) This central server is not required, and the instructor may
choose to distribute files or software using other methods.
A few parts of the text—for example, Hands-On Project 10-3—are written assuming that the
student has access to a Windows computer. If a Windows machine is not available, such sec-
tions can be read through without following along at the computer.
Finally, at times it will be necessary for students to access other lab computers. For example, in
the project at the end of Chapter 8, the instructor should set up a TCP session between two
computers, so that students can observe the session using a sniffer. At the instructor’s discretion,
virtualization software such as VMware can be used if physical machines are not available.
About the Authors

Alfred Basta, PhD, is a professor of mathematics, cryptography, and information security as
well as a professional speaker on Internet security, networking, and cryptography. He is a
Introduction xix
member of many associations, including the Mathematical Association of America. Dr. Basta’s
other publications include Mathematics for Information Technology, Linux Operations and
Administration, and Database Security.
Nadine Basta, MS, is a professor of computer science, information technology, and security.
Her numerous certifications include MCSE, MSDBA, CCDP, NCSE, NCTE, and CCA. A
security consultant and auditor, she combines strong “in the field” experience with her aca-
demic background. She is also coauthor of Mathematics for Information Technology and
Linux Operations and Administration.
Mary Brown, CISSP, CISA, PhD, is a professor who leads the information assurance and
security and health informatics specializations at Capella University. She manages the
curricula for these programs and works with the NSA to maintain Capella as a Center of
Excellence in IAS, which includes managing a Web site and blog. She is also a member of an
advisory board for Advance IT, which promotes IT in Minnesota, as well as a member of
numerous professional associations, including the Information Systems Security Association.
Additional publications include HIPAA Program Reference Handbook and Ethical Issues
and Security Monitoring Trends in Global Healthcare: Technological Advancements.
Acknowledgments
From Alfred Basta:
To my wife Nadine:
“It is the continuing symphony of your loving thoughts, caring actions, and continuous sup-
port that stands out as the song of my life.”
To our daughter Rebecca, our son Stavros:
“Fix your hearts upon God, and love Him with all your strength, for without this no one can
be saved or be of any worth. Develop in yourselves an urge for a life of high and noble
values. You are like little birds that will soon spread your wings and fly.”
To my mother:
“You are a never-ending melody of goodness and kindness. You are without equal in this
world.”
And to the memory of my father:
“If one is weighed by the gifts one gives, your values given are beyond estimation.”
From Nadine Basta:
First, I would like to thank God for giving me the chance to complete this work. Every day I
thank Him for my three precious gifts: Alfred, Becca, and Stavros.
To my beloved husband, Alfred: Thank you for your continuous love and support throughout
our wonderful 17 years together.
To our children, Rebecca and Stavros: You are the true joy of our lives and our greatest bles-
sing. We pray for you every day to live a life that honors and glorifies God. Fix your hearts
upon Him, and love Him with all your strength.
chapter 1
Ethics of Hacking
and Cracking
After reading this chapter and completing

the exercises, you will be able to:
• Explain how unethical computer hacking is a crime
• Identify the various groups and classes of hackers and crackers
• Identify the various things that motivate hackers and crackers
• Explain differences in information security industry certifications
• Describe the origin and evolution of computer hacking
• Recognize the important issues related to ethical hacking
1
2 Chapter 1 Ethics of Hacking and Cracking
Hacking and cracking are of great interest to many students of information security
as well as to hobbyists and others. This chapter introduces you to hacking and helps you
understand the characteristics and motivations behind both ethical and unethical hacking
activities. It also explores the wide range of industry-related certifications available to those
interested in a career in ethical hacking. Many of these certifications contain a professional
ethics component—a potential barrier to those who choose to begin their career engaging
in questionable computing activities.
The Impact of Unethical Hacking

Cracking is the term for illegally hacking into a computer system without the permission
of the system’s owner. Hacking is a term that is often used interchangeably with
“cracking,” but some hackers find it offensive. In the early days of computing, someone
who was very proficient in coding and in creating solutions using computers was known
as a hacker. This was typically a way of recognizing one’s accomplishments. Over the
past 30 to 40 years, however, “hacker” has devolved into a more pejorative term that
refers to one who uses his technical skills to engage in illegal or unethical behavior. Legit-
imate hackers who wanted to hold on to the term “hackers” responded to this trend by
coming up with the term cracker to denote those on the “dark side” of computing. The
information security community has now widely adopted this distinction; however, out-
side of those with a certain level of expertise and insight, the two terms continue to be
used interchangeably.
Whatever a computer cracker’s motivations—a love of difficult challenges, curiosity, patriot-
ism, a desire for recognition or financial gain or revenge—cracking a system is a crime. In the
past, crackers tended not to be prosecuted; this was because the crime was internal, and com-
panies didn’t want to jeopardize their customers’ confidence. Also, companies may not have
been sure of how vulnerable they were and didn’t want to advertise it to other crackers. The
trend today is toward prompt prosecution and harsher sentencing for those caught
compromising machines owned by others. Due to the growth of computer cracking, many
companies are now hiring more employees with hacking skills who can identify crackers and
protect the company’s network.
In the 2010/2011 CSI Computer Crime and Security Survey, nearly half of the organiza-
tions that responded indicated they had been the victim of at least one targeted attack.1
Over two-thirds had experienced a malware infection, the most frequent mode of attack.
Likewise, in Verizon’s 2012 Data Breach Investigations Report, 69 percent of the reported
breaches involved the use of malware.2 Interestingly enough, 79 percent of the victims
were targets of opportunity, which indicates that organizations need better oversight of
their security policies. Both of these surveys focused on the numbers of compromises
recorded (reportedly in the millions of records) rather than on the resulting financial
losses. The CSI survey indicates that companies are increasingly reluctant to share finan-
cial loss information as part of annual surveys, which makes it increasingly difficult to
assess the financial impact.
This text is designed to give you the skills to defeat computer crackers.
Hacker Communities 3
Hacker Communities 1
There are distinct groups of hackers; however, the membership is not limited to a single
group, nor is there a consistent membership within groups over time. There are two common
ways to categorize the broader groups of hackers:
● As White Hat (good hackers) or Black Hat (bad hackers)
● Through psychological profiling, which seeks to understand the motivations of hackers
Hat Categories
The White Hat/Black Hat model is derived from old Westerns in which the “good guys”
always wore white hats and the “bad guys” always wore black hats. The assumption is that
everything the good guys do is right, legal, and justified, whereas everything the bad guys do
is wrong, illegal, and debased. As is often true in life, this model oversimplifies reality but
helps frame discussions among those who feel strongly about the importance of ethical
behavior in the information security industry. Many information security professionals
strongly feel that crackers have violated professional ethics and are, essentially, disqualified
from participation in the industry. Others make allowances for youthful indiscretions. And
some even admire and pursue crackers as possible employees under the belief that they are
in a better position to “know thine enemy.” Whatever one believes, the idea that there is a
distinction between legal and illegal, between ethical and unethical, is at the root of how
hackers and crackers are classified and categorized.
Figure 1-1 presents the range of what motivates White Hat/Black Hat hackers/crackers.
Figure 1-1 White Hat/Black Hat model

© Cengage Learning 2014
Hacker Profiling
Hacking—like criminalistic forensics or martial arts—requires the practitioner to be inti-
mately familiar with the techniques of one’s opponent. To be successful as an ethical hacker
and network security expert, a person must know not only how to protect a network but
what and whom to protect the network from. The reading material and techniques used by
ethical hackers and unethical hackers are identical; what distinguishes the two groups from
each other is simply the permission of the network owner and the choice of whether to
defend or attack. Figure 1-2 presents a list of hacker profiles that was developed by former
police detective and computer forensics expert Marcus Rogers.3 Despite the popular percep-
tion of a hacker as an antisocial teenager, hackers are not a monolithic group; they represent
Another random document with
no related content on Scribd:
were unsatisfactory to several of the concerted Powers, and
were sharply criticised in the British and German press. The
German government, especially, was disposed to insist upon
stern and strenuous measures in dealing with that of China,
and it addressed the following circular note, on the 18th of
September, to all the Powers:
"The Government of the Emperor holds as preliminary to

entering upon diplomatic relations with the Chinese Government
that those persons must be delivered up who have been proved
to be the original and real instigators of the outrages
against international law which have occurred at Peking. The
number of those who were merely instruments in carrying out
the outrages is too great. Wholesale executions would be
contrary to the civilized conscience, and the circumstances of
such a group of leaders cannot be completely ascertained. But
a few whose guilt is notorious should be delivered up and
punished. The representatives of the powers at Peking are in a
position to give or bring forward convincing evidence. Less
importance attaches to the number punished than to their
character as chief instigators or leaders. The Government
believes it can count on the unanimity of all the Cabinets in
regard to this point, insomuch as indifference to the idea of
just atonement would be equivalent to indifference to a
repetition of the crime. The Government proposes, therefore,
that the Cabinets concerned should instruct their
representatives at Peking to indicate those leading Chinese
personages from whose guilt in instigating or perpetrating
outrages all doubt is excluded."
The British government was understood to be not unwilling to

support this demand from Germany, but little encouragement
seems to have been officially given to it from other quarters,
and the government of the United States was most emphatic in
declining to approve it. The reply of the latter to the German
circular note was promptly given, September 21, as follows:
"The government of the United States has, from the outset,
proclaimed its purpose to hold to the uttermost accountability
the responsible authors of any wrongs done in China to
citizens of the United States and their interests, as was
stated in the Government's circular communication to the
Powers of July 3 last. These wrongs have been committed not
alone in Peking, but in many parts of the Empire, and their
punishment is believed to be an essential element of any
effective settlement which shall prevent a recurrence of such
outrages and bring about permanent safety and peace in China.
It is thought, however, that no punitive measures can be so
effective by way of reparation for wrongs suffered and as
deterrent examples for the future as the degradation and
punishment of the responsible authors by the supreme Imperial
authority itself, and it seems only just to China that she
should be afforded in the first instance an opportunity to do
this and thus rehabilitate herself before the world.
"Believing thus, and without abating in anywise its deliberate

purpose to exact the fullest accountability from the
responsible authors of the wrongs we have suffered in China,
the Government of the United States is not disposed, as a
preliminary condition to entering into diplomatic negotiations
with the Chinese Government, to join in a demand that said
Government surrender to the Powers such persons as, according
to the determination of the Powers themselves, may be held to
be the first and real perpetrators of those wrongs. On the
other hand, this Government is disposed to hold that the
punishment of the high responsible authors of these wrongs,
not only in Peking, but throughout China, is essentially a
condition to be embraced and provided for in the negotiations
for a final settlement.
{139}
It is the purpose of this Government, at the earliest
practicable moment, to name its plenipotentiaries for
negotiating a settlement with China, and in the mean time to
authorize its Minister in Peking to enter forthwith into
conference with the duly authorized representatives of the
Chinese Government, with a view of bringing about a
preliminary agreement whereby the full exercise of the
Imperial power for the preservation of order and the
protection of foreign life and property throughout China,
pending final negotiations with the Powers, shall be assured."
On the same day on which the above note was written the
American government announced its recognition of Prince Ching
and Li Hung-chang, as plenipotentiaries appointed to represent
the Emperor of China, in preliminary negotiations for the
restoration of the imperial authority at Peking and for a
settlement with the foreign Powers.
Differences between the Powers acting together in China, as to

the preliminary conditions of negotiation with the Chinese
government, and as to the nature and range of the demands to
be made upon it, were finally adjusted on the lines of a
proposal advanced by the French Foreign Office, in a note
dated October 4, addressed to the several governments, as
follows:
"The intention of the Powers in sending their forces to China

was, above all, to deliver the Legations. Thanks to their
union and the valour of their troops this object has been
attained. The question now is to obtain from the Chinese
Government, which has given Prince Ching and Li Hung-chang
full powers to negotiate and to treat in its name, suitable
reparation for the past and serious guarantees for the future.
Penetrated with the spirit which has evoked the previous
declarations of the different Governments, the Government of
the Republic has summarized its own sentiments in the
following points, which it submits as a basis for the
forthcoming negotiations after the customary verification of
powers:
(1) The punishment of the chief culprits, who will be

designated by the representatives of the Powers in Peking.
(2) The maintenance of the embargo on the importation of arms.
(3) Equitable indemnity for the States and for private

persons.
(4) The establishment in Peking of a permanent guard for the

Legations.
(5) The dismantling of the Ta-ku forts.
(6) The military occupation of two or three points on the

Tien-tsin-Peking route, thus assuring complete liberty of
access for the Legations should they wish to go to the coast
and to forces from the sea-board which might have to go up to
the capital.
It appears impossible to the Government of the Republic that

these so legitimate conditions, if collectively presented by
the representatives of the Powers and supported by the
presence of the international troops, will not shortly be
accepted by the Chinese Government."
On the 17th of October, the French Embassy at Washington

announced to the American government that "all the interested
powers have adhered to the essential principles of the French
note," and added: "The essential thing now is to show the
Chinese Government, which has declared itself ready to
negotiate, that the powers are animated by the same spirit;
that they are decided to respect the integrity of China and
the independence of its Government, but that they are none the
less resolved to obtain the satisfaction to which they have a
right. In this regard it would seem that if the proposition
which has been accepted as the basis of negotiations were
communicated to the Chinese plenipotentiaries by the Ministers
of the powers at Peking, or in their name by their Dean, this
step would be of a nature to have a happy influence upon the
determinations of the Emperor of China and of his Government."
The government of the United States approved of this
suggestion from France, and announced that it had "instructed
its Minister in Peking to concur in presenting to the Chinese
plenipotentiaries the points upon which we are agreed." Other
governments, however, seem to have given different
instructions, and some weeks were spent by the foreign
Ministers at Peking in formulating the joint note in which
their requirements were to be presented to Prince Ching and
Earl Li.
The latter, meantime, had submitted, on their own part, to the

allied plenipotentiaries, a draft of what they conceived to be
the just preliminaries of a definitive treaty. They prefaced
it with a brief review of what had occurred, and some remarks,
confessing that "the throne now realizes that all these
calamities have been caused by the fact that Princes and high
Ministers of State screened the Boxer desperados, and is
accordingly determined to punish severely the Princes and
Ministers concerned in accordance with precedent by handing
them over to their respective Yamêns for the determination of
a penalty." The "draft clauses" then submitted were as
follows:
"The siege of the Legations was a flagrant violation of the

usages of international law and an utterly unpermissible act.
China admits the gravity of her error and undertakes that
there shall be no repetition of the occurrence. China admits
her liability to pay an indemnity, and leaves it to the Powers
to appoint officers who shall investigate the details and make
out a general statement of claims to be dealt with
accordingly.
"With regard to the subsequent trade relations between China

and the foreign Powers, it will be for the latter to make
their own arrangements as to whether former treaties shall be
adhered to in their entirety, modified in details, or
exchanged for new ones. China will take steps to put the
respective proposals into operation accordingly.
"Before drawing up a definitive treaty it will be necessary

for China and the Powers to be agreed as to general
principles. Upon this agreement being arrived at, the
Ministers of the Powers will remove the seals which have been
affixed to the various departments of the Tsung-li-Yamên and
proceed to the Yamên for the despatch of business in matters
relating to international questions exactly as before.
"So soon as a settlement of matters of detail shall have been

agreed upon between China and the various nations concerned in
accordance with the requirements of each particular nation,
and so soon as the question of the payment of an indemnity
shall have been satisfactorily settled, the Powers will
respectively withdraw their troops. The despatch of troops to
China by the Powers was undertaken with the sole object of
protecting the Ministers, and so soon as peace negotiations
between China and the Powers shall have been opened there
shall be a cessation of hostilities.
{140}
"The statement that treaties will be made with each of the

Powers in no way prejudices the fact that with regard to the
trade conventions mentioned the conditions vary in accordance
with the respective powers concerned. With regard to the
headings of a definitive treaty, questions of nomenclature and
precedence affecting each of the Powers which may arise in
framing the treaty can be adjusted at personal conferences."
Great Britain and Germany were now acting in close accord,
having, apparently, been drawn together by a common distrust
of the intentions of Russia. On the 16th of October, Lord
Salisbury and Count Hatzfeldt signed the following agreement,
which was made known at once to the other governments
concerned, and its principles assented to by all:
"Her Britannic Majesty's Government and the Imperial German

Government, being desirous to maintain their interests in
China and their rights under existing treaties, have agreed to
observe the following principles in regard to their mutual policy
in China:—
"1. It is a matter of joint and permanent international

interest that the ports on the rivers and littoral of China
should remain free and open to trade and to every other
legitimate form of economic activity for the nationals of all
countries without distinction; and the two Governments agree
on their part to uphold the same for all Chinese territory as
far as they can exercise influence.
"2. The Imperial German Government and her Britannic Majesty's

Government will not, on their part, make use of the present
complication to obtain for themselves any territorial
advantages in Chinese dominions, and will direct their policy
towards maintaining undiminished the territorial condition of
the Chinese Empire.
"3. In case of another Power making use of the complications

in China in order to obtain under any form whatever such
territorial advantages, the two Contracting Parties reserve to
themselves to come to a preliminary understanding as to the
eventual steps to be taken for the protection of their own
interests in China.
"4. The two Governments will communicate this Agreement to the

other Powers interested, and especially to Austria-Hungary,
France, Italy, Japan, Russia, and the United States of
America, and will invite them to accept the principles
recorded in it."
The assent of Russia was no less positive than that of the

other Powers. It was conveyed in the following words: "The
first point of this Agreement, stipulating that the ports
situated on the rivers and littoral of China, wherever the two
Governments exercise their influence, should remain free and
open to commerce, can be favorably entertained by Russia, as
this stipulation does not infringe in any way the 'status quo'
established in China by existing treaties. The second point
corresponds all the more with the intentions of Russia, seeing
that, from the commencement of the present complications, she
was the first to lay down the maintenance of the integrity of
the Chinese Empire as a fundamental principle of her policy in
China. As regards the third point relating to the eventuality
of an infringement of this fundamental principle, the Imperial
Government, while referring to their Circular of the 12th
(25th) August, can only renew the declaration that such an
infringement would oblige Russia to modify her attitude
according to circumstances."
On the 13th of November, while the foreign plenipotentiaries

at Peking were trying to agree in formulating the demands they
should make, the Chinese imperial government issued a decree
for the punishment of officials held responsible for the Boxer
outrages. As given the Press by the Japanese Legation at
Washington, in translation from the text received there, it
was as follows;
"Orders have been already issued for the punishment of the

officials responsible for opening hostilities upon friendly
Powers and bringing the country into the present critical
condition by neglecting to suppress and even by encouraging
the Boxers. But as Peking and its neighborhood have not yet
been entirely cleared of the Boxers, the innocent people are
still suffering terribly through the devastation of their
fields and the destruction of their houses, a state of affairs
which cannot fail to fill one with the bitterest feelings
against these officials. And if they are not severely
punished, how can the anger of the people be appeased and the
indignation of the foreign Powers allayed?
"Accordingly, Prince Tuan is hereby deprived of his title and

rank, and shall, together with Prince Chwang, who has already
been deprived of his title, be delivered to the Clan Court to
be kept in prison until the restoration of peace, when they
shall be banished to Sheng-King, to be imprisoned for life.
Princes Yi and Tsai Yung, who have both been already deprived
of their titles, are also to be delivered to the Clan Court
for imprisonment, while Prince Tsai Lien, also already
deprived of title and rank, is to be kept confined in his own
house, Duke Tsai Lan shall forfeit his ducal salary, but may
be transferred with the degradation of one rank. Chief Censor
Ying Nien shall be degraded two ranks and transferred. As to
Kang Yi, Minister of the Board of Civil Appointment, upon his
return from the commission on which he had been sent for the
purpose of making inquiries into the Boxer affair he
memorialized the Throne in an audience strongly in their
favor. He should have been severely punished but for his death
from illness, and all penalties are accordingly remitted. Chao
Shuy Yao, Minister of the Board of Punishment, who had been
sent on a mission similar to that of Kang Yi, returned almost
immediately. Though such conduct was a flagrant neglect of his
duties, still he did not make a distorted report to the
Throne, and therefore he shall be deprived of his rank, but
allowed to retain his present office. Finally, Yu Hsien,
ex-Governor of Shan-Se, allowed, while in office, the Boxers
freely to massacre the Christian missionaries and converts.
For this he deserves the severest punishment, and therefore he
is to be banished to the furthermost border of the country, and
there to be kept at hard labor for life.
{141}
"We have a full knowledge of the present trouble from the very
beginning, and therefore, though no impeachment has been brought
by Chinese officials at home or abroad against Princes Yi,
Tsai Lien and Tsai Yung, we order them to be punished in the
same manner as those who have been impeached. All who see this
edict will thus perceive our justice and impartiality in
inflicting condign penalties upon these officials," It was not
until the 20th of December that the joint note of the
plenipotentiaries of the Powers, after having been submitted
in November to the several governments represented, and
amended to remove critical objections, was finally signed and
delivered to the Chinese plenipotentiaries. The following is a
precis of the requirements set forth in it:
"(1) An Imperial Prince is to convey to Berlin the Emperor's

regret for the assassination of Baron von Ketteler, and a
monument is to be erected on the site of the murder, with an
inscription, in Latin, German, and Chinese, expressing the
regret of the Emperor for the murder.
"(2) The most severe punishment fitting their crimes is to be

inflicted on the personages designated in the Imperial decree
of September 21, whose names—not mentioned—are Princes Tuan
and Chuang and two other princes, Duke Lan, Chao Shu-chiao,
Yang-yi, Ying-hien, also others whom the foreign Ministers
shall hereafter designate. Official examinations are to be
suspended for five years in those cities where foreigners have
been assassinated or cruelly treated.
"(3) Honourable reparation is to be made to Japan for the

murder of M. Sugiyama.
"(4) Expiatory monuments are to be erected in all foreign

cemeteries where tombs have been desecrated.
"(5) The importation of arms or 'materiel' and their

manufacture are to be prohibited.
"(6) An equitable indemnity is to be paid to States,

societies, and individuals, also to Chinese who have suffered
injury because of their employment by foreigners. China will
adopt financial measures acceptable to the Powers to guarantee
the payment of the indemnity and the service of the loans.
"(7) Permanent Legation guards are to be maintained, and the

diplomatic quarter is to be fortified.
"(8) The Ta-ku forts and those between Peking and the sea are
to be razed.
"(9) There is to be a military occupation of points necessary

to ensure the safety of the communications between Peking and
the sea.
"(10) Proclamations are to be posted during two years

throughout the Empire threatening death to any person joining
an anti-foreign society and enumerating the punishment
inflicted by China upon the guilty ringleaders of the recent
outrages. An Imperial edict is to be promulgated ordering
Viceroys, Governors, and Provincial officials to be held
responsible for anti-foreign outbreaks or violations of
treaties within their jurisdiction, failure to suppress the
same being visited by the immediate cashiering of the
officials responsible, who shall never hold office again.
"(11) China undertakes to negotiate a revision of the

commercial treaties in order to facilitate commercial
relations.
"(12) The Tsung-li-Yamên is to be reformed, and the Court

ceremonial for the reception of foreign Ministers modified in
the sense indicated by the Powers.
"Until the foregoing conditions are complied with ('se

conformer à') the Powers can hold out no expectation of a
limit of time for the removal of the foreign troops now
occupying Peking and the provinces."
CHINA: A. D. 1900 (November).
Russo-Chinese agreement relating to Manchuria.
See (in this volume)

MANCHURIA.
CHINA: A. D. 1900 (December).

Russo-Chinese agreement concerning the Manchurian
province of Fêng-tien.
See (in this volume)

MANCHURIA: A. D. 1900.
CHINA: A. D. 1900-1901 (November-February).

Seizure of grounds at Peking for a large Legation Quarter.
Extensive plans of fortification.
In February, 1901, the following from a despatch written in

the previous November by Mr. Conger, the American Minister at
Peking, was given to the Press by the State Department at
Washington: "I have the honor to report that in view of the
probability of keeping large legation grounds in the future,
and because of the general desire on the part of all the
European representatives to have extensive legations, all of
the Ministers are taking possession of considerable areas
adjoining their legations—property belonging either to the
Chinese Government or to private citizens, and having been
abandoned by the owners during the siege—with the intention to
claim them as conquest, or possibly credit something for them
on their account for indemnity. I have as yet not taken formal
possession of any ground for this purpose, nor shall I without
instructions, but I shall not for the present permit any of the
owners or other persons to reoccupy any of the property
between this legation and the canal to the east of it. While
this area will be very small in comparison with the other
legations, yet it will be sufficient to make both the legation
personnel and the guard very comfortable, and will better
comport with our traditional simplicity vis-a-vis the usual
magnificence of other representatives.
"It is proposed to designate the boundaries of a legation

quarter, which shall include all the legations, and then
demand the right to put that in a state of defence when
necessary, and to prohibit the residence of Chinese there,
except by permission of the Ministers. If, therefore, these
ideas as to guards, defence, etc:., are to be carried out, a
larger legation will be an absolute necessity. In fact, it is
impossible now to accommodate the legation and staff in our
present quarters without most inconvenient crowding.
"There are no public properties inside the legation quarter

which we could take as a legation. All the proposed property
to be added, as above mentioned, to our legation, is private
ground, except a very small temple in the southeast corner,
and I presume, under our policy, if taken, will be paid for
either to the Chinese owners or credited upon account against
the Chinese Government for indemnity, although I suspect most
of the other Governments will take theirs as a species of
conquest. The plot of ground adjoining and lying to the cast
of the legation to which I have made reference is about the
size of the premises now occupied by us."
Before its adjournment on the 4th of March, 1901, the Congress

of the United States made an appropriation for the purchase of
grounds for its Legation at Peking, and instructions were sent
to make the purchase.
{142}
By telegram from Peking on the 14th of February it was

announced that a formidable plan of fortification for this
Legation Quarter had been drawn up by the Military Council of
the Powers at Peking, and that work upon it was to begin at
once. The correspondent of the "London Times" described the
plan and wrote satirically of it, as follows; "From supreme
contempt for the weakness of China armed we have swayed to
exaggerated fear of the strength of China disarmed. The
international military experts have devised a scheme for
putting the Legation quarter in a state of defence which is
equivalent to the construction of an International fortress
alongside the Imperial Palace. The plan requires the breaching
of the city wall at the Water-gate, the levelling of the Ha-ta
Mên and Chien Mên towers, the demolition of the ramparts
giving access to them, the sweeping clear of a space 150 to
300 yards wide round the entire Legation area, and the
construction of walls, glacis, moats, barbed wire defences,
with siege guns, Maxims, and barracks capable of holding 2,000
troops, with military stores and equipment sufficient to
withstand a siege of three months. All public buildings,
boards, and civil offices between the Legations and the
Imperial walls are to be levelled, while 11,000 foreign troops
are to hold the communications between Peking and the sea, so
that no Chinese can travel to Peking from the sea without the
knowledge of the foreign military authorities.
"The erection of the defences is to begin at once, before the

return of the Court to Peking. They are no doubt devised to
encourage the Court to return to Peking, it being apparently
the belief of the foreign Ministers that an Imperial Court
governing an independent empire are eager to place themselves
under the tutelage of foreign soldiers and within the reach of
foreign Maxims.
"Within the large new Legation area all the private property
of Chinese owners who years before sought the advantages of
vicinity to the Legations has been seized by the foreign
Legations. France and Germany, with a view to subsequent
commercial transactions, have annexed many acres of valuable
private property for which no compensation is contemplated,
while the Italian Legation, which boasts a staff of two
persons, carrying out the scheme of appropriation to a logical
absurdity, has, in addition to other property, grabbed the
Imperial Maritime Customs gardens and buildings occupied for
so many years by Sir Robert Hart and his staff."
CHINA: A. D. 1901 (January-February).

Famine in Shensi.
A Press telegram from Peking, late in January, announced a

fearful famine prevailing in the province of Shensi, where
thousands of natives were dying. The Chinese government was
distributing rice, and there was reported to be discrimination
against native Christians in the distribution. Mr. Conger, Sir
E. Satow, and M. Pichon protested to Prince Ching and Li
Hung-chang against such discrimination. A Court edict was
therefore issued on the 26th instant ordering all relief
officials and Chinese soldiers to treat Christians in exactly
the same way as all other Chinese throughout the Empire, under
penalty of decapitation. Another despatch, early in February,
stated: "Trustworthy reports received here from Singan-fu [the
temporary residence of the fugitive Chinese court] all agree
that the famine in the provinces of Shen-si and Shan-si is one
of the worst in the history of China. It is estimated that
two-thirds of the people are without sufficient food or the
means of obtaining it. They are also suffering from the bitter
cold. As there is little fuel in either province the woodwork
of the houses is being used to supply the want. Oxen, horses,
and dogs have been practically all sacrificed to allay hunger.
Three years of crop failures in both provinces and more or less
of famine in previous seasons had brought the people to
poverty when winter began. This year their condition has
rapidly grown worse. Prince Ching stated to Mr. Conger, the
United States Minister, that the people were reduced to eating
human flesh and to selling their women and children.
Infanticide is alarmingly common."
CHINA: A. D. 1901 (January-February).

Submission to the demands of the Powers
by the Imperial Government.
Punishments inflicted and promised.
A new Reform Edict.
With no great delay, the Chinese plenipotentiaries at Peking

were authorized by the Emperor and Empress to agree to the
demands of the Powers, which they did by formally signing the
Joint Note. Prince Ching gave his signature on the 12th of
January, 1901, and Li Hung-chang, who was seriously ill,
signed on the following day. Discussion of the punishments to
be inflicted on guilty officials was then opened, and went on
for some time. On the 5th of February, the foreign Ministers
submitted the names of twelve leading officials, against whom
formal indictments were framed, and who were considered to be
deserving of death. Three of them, however (Kang Yi, Hsu Tung,
and Li Ping Heng), were found to be already deceased. The
remaining nine were the following: Prince Chuang,
commander-in-chief of the Boxers; Prince Tuan, who was held to
be the principal instigator of the attack on foreigners; Duke
Lan, the Vice-President of Police, who admitted the Boxers to
the city; Yu Hsien, who was the governor of Shan-Si Province,
promoter of the Boxer movement there, and director of the
massacres in that province; General Tung Fu Siang, who led the
attacks on the Legations, Ying Nien, Chao Hsu Kiao, Hsu Cheng
Yu, and Chih Siu, who were variously prominent in the
murderous work. In the cases of Prince Tuan and Duke Lan, who
were related to the Imperial family, and in the case of
General Tung Fu Siang, whose military command gave him power
to be troublesome, the Chinese court pleaded such difficulties
in the way of executing a decree of death that the Ministers
at Peking were persuaded to be satisfied with sentences of
exile, or degradation in rank, or both. On the 21st of
February the Ministers received notice that an imperial edict
had been issued, condemning General Tung Fu Siang to be
degraded and deprived of his rank; Prince Tuan and Duke Lan to
be disgraced and exiled; Prince Chuang, Ying Nien and Chao Hsu
Kiao to commit suicide; Hsu Cheng Yu, Yu Hsien and Chih Siu to
be beheaded. Hsu Cheng Yu and Chih Siu were then prisoners in
the hands of the foreign military authorities at Peking, and
the sentence was executed upon them there, on the 26th of
February, in the presence of Japanese, French, German and
American troops. A despatch from Peking reporting the
execution stated that, while it was being carried out, "the
ministers held a meeting and determined on the part of the
majority to draw a curtain over further demands for blood.
United States Special Commissioner Rockhill sided strongly
with those favoring humane methods, who are Sir Ernest Satow
and MM. Komura, De Cologan and De Giers, respectively British,
Japanese, Spanish and Russian ministers. Others believe that
China has not been sufficiently punished, and that men should
be executed in every city, town and village where foreigners
were injured."
{143}
While the subject of punishments was pending, and with a view,

it was said, of quickening the action of the Chinese
government, Count von Waldersee, the German Field-Marshal
commanding the allied forces in China, ordered preparations to
be made for an extensive military expedition into the
interior. The government of the United States gave prompt
directions that its forces at Peking should not take part in
this movement, and the remonstrances of other Powers more
pacifically inclined than the Germans caused the project to be
given up.
Meantime, three Imperial edicts of importance, if faithfully

carried out, had been issued. One, on the 5th of February,
commanded new undertakings of reform, accounting for the
abandonment of the reform movement of 1898 by declaring that
it was seditionary and would have resulted in anarchy, and
that it was entered upon when the Emperor was in bad health;
for all which reasons he had requested the Empress Dowager to
resume the reins of government. Now, it was declared, since
peace negotiations were in progress, the government should be
formed on a basis for future prosperity. Established good
methods of foreign countries should be introduced to supply
China's deficiencies. "China's greatest difficulty," said the
edict, "is her old customs, which have resulted in the
insincere dispatch of business and the promoting of private
gain. Up to the present time those who have followed the
Western methods have had only superficial knowledge, knowing
only a little of foreign languages and foreign inventions,
without knowing the real basis of the strength of foreign
nations. Such methods are insufficient for real reform."
In order to obtain a true basis, the Emperor commanded a

consultation between the ministers of the privy council, the
six boards, nine officers, the Chinese ministers to foreign
countries and all the viceroys and governors. Those were
instructed to recommend reforms in the seven branches of
government, namely, the central government, ceremonies,
taxation, schools, civil-service examinations, military
affairs and public economies. They were also to recommend what
part of the old system can be used and what part needs changing.
Two months were given them in which to prepare their report.
On the following day, two edicts, in fulfilment of demands

made in the Joint Note of the Powers, were promulgated. The
first provided, in accordance with article 3 of the Joint
Note, for the suspension of official examinations for five
years in places where foreigners are killed. The second edict
forbade anti-foreign societies, recited the punishment of
guilty parties and declared that local officials will be held
responsible for the maintenance of order. If trouble occurs
the officials would be removed without delay and never again
allowed to hold office.
CHINA: A. D. 1901 (March).

The murdered Christian missionaries and native converts.
Varying statements and estimates of their number.
To the time of this writing (March, 1901), no complete

enumeration of the foreign Christian missionaries and members
of missionary families who were killed during the Boxer
outbreak of the past year has been made. Varying estimates
have appeared, from time to time, and it is possible that one
of the latest among these, communicated from Shanghai on the
1st of March, may approach to accuracy. It was published in
the "North China Daily News," and said to be founded on the
missionary records, according to which, said the "News," "a
total of 134 adults and 52 children were killed or died of
injuries in the Boxer rising of 1899 and 1900."
On the 13th of March, the "Lokal Anzeiger," of Berlin,

published a statistical report from its Peking correspondent
of "foreign Christians killed during the troubles, exclusive
of the Peking siege," which enumerated 118 Englishmen, 79
Americans, Swedes and Norwegians, 26 Frenchmen, 11 Belgians,
10 Italians and Swiss, and 1 German. The total of these
figures is largely in excess of those given by the "North
China Daily News," but they cover, not missionaries alone, but
all foreign Christians. It is impossible, however, not to
doubt the accuracy of both these accounts. Of native
Christians, the German writer estimated that 30,000 had
perished. In September, 1900, the United States Consul-General
at Shanghai, Mr. Goodnow, "after making inquiries from every
possible source," placed the number of British and American
missionaries who had probably been killed at 93, taking no
account of a larger number in Chih-li and Shan-si whose fate
was entirely unknown. Of those whose deaths he believed to be
absolutely proved at that time, 34 were British, including 9
men, 15 women and 10 children, and 22 were American, 8 of
these being men, 8 women and 6 children.
In December, 1900, a private letter from the "Association for

the Propagation of the Faith, St. Mary's Seminary," Baltimore,
Maryland, stated that up to the end of September 48 Catholic
missionaries were known to have been murdered. A pastoral
letter issued in December by Cardinal Vaughan, in London,
without stating the numbers killed, declared that all work of
the Catholic church, throughout the most of China, where 942
European and 445 native priests had been engaged, was
practically swept away.
A private letter, written early in January, 1901, by the

Reverend Dr. Judson Smith, one of the corresponding
secretaries of the American Board of Commissioners for Foreign
Missions, contains the following statement: "The American
Board has lost in the recent disturbances in China 13
missionaries, 6 men and 7 women, and 5 children belonging to
the families who perished. The number of native converts
connected with the mission churches of the American Board who
have suffered death during these troubles cannot be stated
with accuracy. It undoubtedly exceeds 1,000; it may reach a
much larger figure; but some facts that have come to light of
late imply that more of those who were supposed to be lost
have been in hiding than was known. If we should reckon along
with native converts members of their families who have
suffered death, the number would probably be doubled."
There seems to be absolutely no basis of real information for

any estimate that has been made of the extent of massacre
among the native Christian converts. Thousands perished,
without doubt, but how many thousands is yet to be learned. As
intimated by Dr. Smith, larger numbers than have been supposed
may have escaped, and it will probably be long before the true
facts are gathered from all parts of the country.
{144}
In any view, the massacre of missionaries and their families

was hideous enough; but fictions of horror were shamefully
added, it seems, in some of the stories which came from the

Full Download PDF of (Ebook PDF) Computer Security and Penetration Testing 2nd Edition All Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Full Download PDF of (Ebook PDF) Computer Security and Penetration Testing 2nd Edition All Chapter

Uploaded by

Copyright:

Available Formats

(eBook PDF) Computer Security and

Penetration Testing 2nd Edition

Computer and Information Security Handbook - eBook PDF

Computer Security: Principles and Practice 4th Edition

(eBook PDF) Computer Security Principles and Practice

(eBook PDF) Computer Security Fundamentals 4th Edition

Principles of Computer Security: CompTIA Security+ and

Principles of Computer Security: CompTIA Security+ and

(eBook PDF) Computer Security Principles Practice 3rd

(Original PDF) Psychological Testing and Assessment 2e

Protecting Against a Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

.NET Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Unsecure Software Configuration. . . . . . . . . ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Recovering from Incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Organization and Coverage

Text and Graphic Conventions

Each Hands-On Project in this book is preceded by the activity icon

Online Instructor Resources

Read This Before You Begin

About the Authors

After reading this chapter and completing

The Impact of Unethical Hacking

Figure 1-1 White Hat/Black Hat model

"The Government of the Emperor holds as preliminary to

The British government was understood to be not unwilling to

"Believing thus, and without abating in anywise its deliberate

Differences between the Powers acting together in China, as to

"The intention of the Powers in sending their forces to China

(1) The punishment of the chief culprits, who will be

(3) Equitable indemnity for the States and for private

(4) The establishment in Peking of a permanent guard for the

(5) The dismantling of the Ta-ku forts.

(6) The military occupation of two or three points on the

It appears impossible to the Government of the Republic that

On the 17th of October, the French Embassy at Washington

The latter, meantime, had submitted, on their own part, to the

"The siege of the Legations was a flagrant violation of the

"With regard to the subsequent trade relations between China

"Before drawing up a definitive treaty it will be necessary

"So soon as a settlement of matters of detail shall have been

"The statement that treaties will be made with each of the

"Her Britannic Majesty's Government and the Imperial German

"1. It is a matter of joint and permanent international

"2. The Imperial German Government and her Britannic Majesty's

"3. In case of another Power making use of the complications

"4. The two Governments will communicate this Agreement to the

The assent of Russia was no less positive than that of the

On the 13th of November, while the foreign plenipotentiaries

"Orders have been already issued for the punishment of the

"Accordingly, Prince Tuan is hereby deprived of his title and

"(1) An Imperial Prince is to convey to Berlin the Emperor's

"(2) The most severe punishment fitting their crimes is to be

"(3) Honourable reparation is to be made to Japan for the

"(4) Expiatory monuments are to be erected in all foreign

"(5) The importation of arms or 'materiel' and their

"(6) An equitable indemnity is to be paid to States,

"(7) Permanent Legation guards are to be maintained, and the

"(9) There is to be a military occupation of points necessary

"(10) Proclamations are to be posted during two years

"(11) China undertakes to negotiate a revision of the