Thwarting Hacker Techniques

TABLE OF CONTENTS

   Reconnaissance
   Probing and Fingerprinting
   Detecting Intrusions While Saving Money
   Network Security -- You Should Know Jack
   Authentication Weaknesses
   Improving Access Requests
   Combating Social Engineers
   Securing Remote User Access Points
   Internet Data Manipulation
   Wireless Security Basics
   Signs of a Compromised System
   More Security Learning Resources

Reconnaissance	Return to Table of Contents
In Thwarting hacker techniques: Reconnaissance, you learned that a hacker's first step is to look for any information they can find about your company's infrastructure. Now read more about what you can do to protect your information.

• Article: Failing to sever network ties can lead to 'leftover access'
• Article: Data theft detective work begins at the office
• Tip: Are you throwing out company secrets? (Part 1 -- Physical records)
• Tip: Are you throwing out company secrets? (Part 2 -- Data destruction)
• Tip: Bridging the gap between perimeter and host security
• Tip: The difference between hackers and crackers
• Tip: Honeypots can strengthen reconnaissance and lower intrusion noise
• Tip: Authentication and access
• Tip: Sam Spade: Your network's detective agency
• Tip: Thwarting social engineering attacks
• Tip: How to avoid authentication bypass attacks

Probing and Fingerprinting	Return to Table of Contents
In the tip, Thwarting hacker techniques: Probing and fingerprinting, you read about the tools hackers use to identify specs about your hardware and software configurations. Now read more about what you can do to protect against them.

• Tip: Life at the edge: Securing the network perimeter
• Tip: Top tools for testing your online security
• Technical paper: Know your enemy: Why your Web site is at risk
• Tip: Firewall security tips
• Tip: Simplifying security scans with a spreadsheet model
• Tip: Invasion force
• Tip: Using Nessus with the SANS Top 20 to identify critical vulnerabilities
• Tip: Protecting the network from Web-based service attacks with defense-in-depth
• Tip: Five steps for beating back the bots
• Tip: Ports -- Don't have an 'open house' sign out
• Tip: Inside application assessments: Pen testing vs. code review

Detecting Intrusions While Saving Money	Return to Table of Contents
In Thwarting hacker techniques: Detecting intrusions while saving money You learned how to detect and prevent intrusions without breaking the bank. Now read more about the low-budget IDS/IPS tools you can use.

• Technical Guide: Snort
• Article: Snort (rules) for sale
• Advice: Is Snort better than a proprietary IDS
• Tip: Snort -- The Poor Man's intrusion-detection system
• Advice: Designing DMZs with various levels of access
• Featured Topic: IDS best practices

Network Security -- You Should Know Jack	Return to Table of Contents
You learned about the importance of securing your active network jacks, in the tip Thwarting Hacker Techniques: Network security -- You should know Jack, now learn more about how to prevent hackers from connecting their computers to your network through open jacks.

• Tip: Hacking for Dummies: Chapter 10 -- Wireless LANs
• Tip: Hacking For Dummies: Chapter 7 -- Passwords
• Tip: Ethical hacking: Ten crucial lessons
• Tip: Hacking Windows 95/98 and Me
• Tip: How to select the best security assessment tool for the job
• Tip: Source code security scanners: A revamped option for securing custom software
• Tip: Beware of hotel hacking
• Tip: Check your Windows port associations
• Tip: Using honeypots to fake out an attacker
• Tip: Prevent hackers from sneaking in through IM
• Tip: Are P2P applications worth the risk?
• Tip: Network security monitoring -- Going beyond intrusion detection
• Tip: Week 29: Can you go on vacation?
• Tip: Fighting the hacker myth
• Tip: Hacking Exposed Windows Server 2003: Chapter 17, The Future of Windows Security
• Advice: Reporting hack attempts
• Advice: Simulating an attack on a Windows-based machine

Authentication Weaknesses	Return to Table of Contents
In the tip Thwarting Hacker Techniques -- Authentication weaknesses, you learned that weak usernames and passwords are often the key to a hacker's success. Now read more about methods for beefing up your authentication processes.

• Tip: How to avoid authentication bypass attacks
• Article: The 'how-tos' of security integration
• Article: Wedded to physical and IT security
• Tip: Pointing the finger at biometrics
• Featured Topic: Authenticating users
• Featured Topic: Two-factor authentication
• Tip: Understanding digital-certificate infrastructure
• Tip: Authentication and access
• Tip: Practical biometrics

Improving Access Requests	Return to Table of Contents
In the tip Thwarting Hacker techniques: Improving Access requests, you learned that outdated access requests leave you wide-open to attack. Here are more tips for improving your access request processes.

• Tip: Tips for securing Web-based applications
• Tip: Thwarting insider threats
• Tip: Use performance evaluations to strengthen your infosec staff
• Tip: Who's responsible for security? Everyone!
• Tip: Combat security threats with user education

Combating Social Engineers	Return to Table of Contents
You learned about the importance of teaching end users about social engineering in the tip Thwarting Hacker Techniques: Combating social engineers, now read more about how to protect your network from the inside out.

• Security School: Web Security School Lesson 3
• School: Security School for CISSP Training: Domain Spotlight on physical security
• Tip: Improving employee awareness to fight malicious code
• Article: Hackers costing enterprises billions
• Tip: Social engineering --The low-tech side of high-tech
• Tip: Identify Malicious Users
• Quiz: Common vulnerabilities

Securing Remote User Access Points	Return to Table of Contents
In the tip Thwarting Hacker Techniques -- Securing remote user access points, you learned that poorly configured remote access points can be an open door into your network. Now read more about tactics for securing your remote access points to close the door on hackers.

• Tip: Layered access control: Six top defenses that work
• Tip: Five best strategies for endpoint security
• Tip: Five Steps to controlling network access
• Tip: Letting Telecommuters In—Your VPN alternative
• Tip: The inherent capabilities of IPsec selectors and their use in remote-access VPNs
• Tip: Effective endpoint security without a significant investment
• Featured Topic: Securing Remote Users
• Featured Topic: End-point Security
• Resource Guide: Firewalls

Internet Data Manipulation	Return to Table of Contents
You learned the importance of securing your Web server in the tip Thwarting Hacker Techniques: Internet data manipulation, now read more about best practices for securing it and keeping your data safe.

• School: SearchSecurity.com's Web Security School
• Tip: Protecting the network from Web-based service attacks with defense-in-depth
• Tip: Five easy ways to lock down IIS 6.0
• Tip: How to avoid authentication bypass attacks
• Checklist: Windows IIS server hardening checklist
• Webcast: Insider's guide to Web security
• Article: Welded shut: How to patch vulnerabilities and keep them sealed
• Tip: Handling patch emergencies
• Featured Topic: Best practices for patch management
• Tip: Five ways to simplify the vulnerability management lifestyle

Wireless Security Basics	Return to Table of Contents
In the tip Thwarting Hacker Techniques: Wireless security basics, you learned about wireless security risks and some methods for keeping your wireless network secure. Now read more in-depth information about tactics for securing your wireless network.

• Article: Mobile-proofing your network
• Tip: Combining VPN and wireless links
• Tip: 10 Tactics to build a secure wireless network
• Tip: Wireless security: 802.11i promises much, but doesn't deliver all of it -- yet
• Tip: The key to locking out mobile threats
• Expert Advice: Assessment tools for a wireless network
• Step-by-Step Guide: Five Bluetooth security basics
• Quiz: Wireless (in)security

Signs of a Compromised System	Return to Table of Contents
In the tip Thwarting Hacker Techniques: Signs of a compromised system, you learned a few methods for determining whether your system has been hacked. Now read more about how to tell if your system has been compromised and actions to take if you've been hacked.

• Tip: Thwarting insiders threats
• Tip: How to overcome Web services security obstacles
• Tip: It pays to plan
• Tip: Protecting files from snoops
• Tip: How to avoid authentication bypass attacks
• Technical paper: Know your enemy: Why your Web site is at risk
• Technical paper: Life at the edge: Securing the network perimeter
• Checklist: Windows tools for investigating an attack
• Book chapter: Hacking Windows: MSRPC vulnerabilities
• Webcast: Web attacks and how to defeat them
• Webcast: Five must-have hacker tools for the security admin -- Expert Webcast