Some of the new material includes:
the “Hacking Hardware” chapter (about physical locks, access cards, RFID, laptop security, USB, U3, Bluetooth, firmware, hard drives)…
Windows hacks (covering Terminal Services, Kerberos sniffing, man-in-the-middle attacks, Metasploit, device driver exploits, new password cracking tools)…
and UNIX hacks (such as THC Hydra, Solaris input validation attacks, dangling pointer attacks, DNS cache poisoning, UNIX Trojans, and kernel rootkits).
Some of the tactics and strategies that attackers use to gather information to prepare targets for attacks are noted, like: culling IP addresses, wardialing (it can still be effective), and spoofing e-mail messages (pretending to be support and administrative personnel).
To defend against attacks, you must understand the enemy. Preparing against access is better than trying to make repairs after a system has been. (Once someone has been inside you don’t know what was left in the system, and where it was left at.) Instructions on how to perform network reconnaissance show how a network, and connected devices(firewalls/routers/etcetera), can be diagrammed. And there is a section regarding how to identify potential probing activities, and attacks.
This book can be used as a checklist of things that can sometimes be unintentionally available, but are: (web) cameras, and remote administration services…and the Microsoft Windows Remote Desktop Web Connection. Misconfigurations exist, and so do exploits that target them.
In Chapter 4, “Hacking Windows”, there’s a great reminder about proper password management. I’ve noticed that people seem to be better at it, but it’s good to review best practices.
In the book the authors point towards many other sources of information and reference. There are suggestions of other books to enlighten and educate about how some prepare to access a network. And other websites and software that will allow you to test the openess of a network (hardware and services) and website.
(After going through the book, I remembered how there are instances where administrators and content managers are given more consideration than support and security managers and personnel…until there’s a problem.)
If you are responsible in any way for a network or website, get this book. If there is anyone that works for you that is responsible for a network or website, get this book for their library!