HACKING EXPOSED: 4th Edition Network Security Secrets & Solutions
is here AO's. I spent a pretty penny on this 737 page book.
(DVD included) When I cracked it open I put my nose in between the pages, ahhhhhhh, smells like old library. Any ways, you guys have answered alot of my newbie questions so I feel compeled to give something in return. Heres a brief look at Chap. 1 Enjoy!

Chapter 1: FOOTPRINTING

WHAT IS FOOTPRINTING?

The systematic footprinting of an organization enables attackers to create a complete profile of an organization's security posture. By using a combination of tools and techniques, attackers can take an unkown quantity(Widget Company's Internet connection) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet. Although although there are many types of footprinting techniques, they are primarily aimed at discovering information related to the following invironments:Internet,intranet, remote access, and extranet. Table 1-1 depicts these enviroments and the critical information an attacker will try to identify.


Internet
Domain name
Network blocks
Specific IP addresses of systems reachable via the Internet
TCP and UDP services running on each system identified
System arichitecture
Access control mechanisms and related access control list
Intrusion-detection systems (IDSs)
System enumeration (user and group names, routing tables, etc.)
Intranet
Networking protocols in use (IP, IPX, DecNet, etc.)
Internal Domain name
Network blocks
Specific IP addresses of systems reachable via the Intranet
TCP and UDP services running on each system identified
System arichitecture
Access control mechanisms and related access control list
Intrusion-detection systems (IDSs)
System enumeration (user and group names, routing tables, etc.)

Remote
access Analog/digital telephone numbers
Remote system type
Authentication mechanisms


Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified. Without a sound methodolgy for performing this type of reconnaissance, you are likely to miss key pieces of information related to a specific technology or organization. Footprinting is often the most ardous task of trying to determine the security posture of an entity.

Step 1: Determine the Scope of Your Activities

The first item to address is to determine the scope of your footprinting activities. Are you going to footprint an entire organization, or are you going to limit your activites to certain locations.
As a starting point, persue the target organizations web page if it has one. Many times an organizations web page provides a ridiculous amount of info that can aid attackers. We have actually seen organizations list security configuration options for their firewall system directly on their web server. Other items of interest include:
Related companies or entities
Merger news
Phone numbers
Contact names and e-mail addresses

In addition, try reviewing the HTML soiurce code for comments. Many items not listed for public consumption are buried in HTML comment tags, such as < , !, and -. Viewing the source code offline may be faster than viewing it online, so it is often beneficial to mirror the entire site for offline viewing. Having a copy of the site locally may allow you to programmatically search for comments or other items of interest, thus making your footprinting activities more efficient. UNIX and Teleport Pro (http://www.tenmax.com/teleport/pro/home.htm)

EDGAR Search

For targets that are publicly traded companies, you can consult the Securities and Exchange Commission EDGAR databse at www.sec.gov.
One of the biggest problems organizations have is managing their Internet connections, especially when they are actively acquiring or merging with other entities. Therefore, it is important to focus on newly acquired entities. Two of the best SEC publications to review are the 10-Q and 10-K. The 10-Q is a quick snapshot of what the org has done over the last quarter. 10-K is a yearly update of what the company has done. Often orgs will scramble to connect the acquired entities to their corporate network with little regard to security. With EDGAR search, keep in mind that you are looking for entity names tht are different from the parent company.

Countermeasure: Public Database Security

Much of the information discussed earlier must be made publicly available, this is especially true for publicily traded companies. The Site Security Handbook (RFC 2196) can be found at http://www.faqs.org/rfcs/rfc2196.html and is a wonderful resource for many policy-related issues.



Chapter 2 Scanning
Chapter 3 Enumeration
Chapter 4 Hacking Windows X
Chapter 5 Windows NT
Chapter 6 Novell Netware Hacking
Chapter 7 Hacking UNIX
Chapter 8 Dial up, PBX, Voicemail, and VPN Hacking
Chapter 9 Network Devices\
Chapter 10 Wireless Hacking
Chapter 11 Firewalls
Chapter 12 Denial of Sevice (DoS)
Chapter 13 Remote control Insecurites
Chapter 14 Advanced Tech
Chapter 15 Web Hacking
Chapter 16 Hacking the Internet User