Cheat Sheet

Hacking For Dummies

From Hacking For Dummies, 2nd Edition by Kevin Beaver, Stuart McClure (Foreword by)

Ethical hacking is not only good, but necessary in today’s networked world. As an ethical hacker testing the vulnerabilities of your own systems or that of a client, you need to follow certain protocols, have the right tools, and know what to look for.

Tools for Ethical Hacking

As a professional ethical hacker, your (anti) hacking toolkit is the most critical item you can possess — other than experience and common sense. Make sure you’re never caught on the job without these tools:

  • Password cracking software, such as pwdump3 and Proactive Password Auditor

  • Network scanning software, such as SuperScan and Nmap

  • Network vulnerability assessment software, such as LANguard Network Security Scanner and QualysGuard

  • Network analyzer software, such as EtherPeek and RFprotect Mobile

  • File search software, such as FileLocator Pro and Effective File Search

  • Web application assessment tool, such as N-Stealth and WebInspect

  • Database security assessment tool, such as SQLPing2 and AppDetective

  • Exploit software, such as Metasploit and CORE IMPACT

Common Security Weaknesses Vulnerable to Hackers

Hackers and rogue insiders often check the vulnerabilities listed here first when they try to hack into networks and computers. Put these on your checklist when performing security tests:

  • Gullible and overly trusting users

  • Unsecured building and computer room entrances

  • Discarded documents and computer disks that have not been shredded or destroyed

  • Weak or no passwords

  • Network perimeter with no firewall

  • Poor, inappropriate, or missing file and share access controls

  • Unpatched systems

  • Web applications with authentication or information disclosure issues

  • Wireless systems running with default settings and without WEP, WPA, or WPA2 enabled

  • SNMP-enabled network hosts with default or easily guessed community strings

  • Firewalls, routers, remote access, and dialup devices with default or easily guessed passwords

Commonly Hacked Ports

Hackers know where common weaknesses are, including certain ports. If you’re guarding your network from hackers (unauthorized entry,) realize that some ports are more vulnerable than others. Pay attention to the TCP, POP, and UDP ports listed here:

  • TCP ports 20 and 21 — FTP (File Transfer Protocol)

  • TCP port 23 — telnet

  • TCP port 25 — SMTP (Simple Mail Transfer Protocol)

  • TCP and UDP port 53 — DNS (Domain Name System)

  • TCP ports 80 and 443 — HTTP (Hypertext Transport Protocol) and HTTPS (HTTP over SSL)

  • TCP port 110 — POP3 (Post Office Protocol version 3)

  • TCP and UDP port 135 — RPC in a Microsoft environment

  • TCP and UDP ports 137 – 139 — NetBIOS over TCP/IP

  • TCP and UDP port 161 — SNMP (Simple Network Management Protocol)

Tips for Ethical Hackers

As an information security professional, you may perform ethical hacking against a customer’s systems or your own. For your own safety follow these rules for success no matter who your ultimate client is:

  • Get permission in writing to perform your tests.

  • Set goals and develop a plan before you get started.

  • Have access to the right tools for the tasks at hand.

  • Test at a time that’s best for the business.

  • Understand that it’s not possible to detect every security vulnerability.

  • Study malicious hacker and rogue insider behaviors and tactics. The more you know about how the bad guys work, the better you’ll be at testing your systems for security vulnerabilities.

  • Don’t overlook nontechnical security issues; they are often exploited first.

  • Make sure that all your testing is aboveboard.

  • Treat other people’s confidential information at least as well as you would treat your own.

  • Bring vulnerabilities you find to the attention of management and implement the appropriate countermeasures.

  • Don’t treat every vulnerability discovered in the same manner. Not all weaknesses are bad. Evaluate the context of the issues found before you declare that the sky is falling.

  • Show management and customers that ethical hacking is good business. Ethical hacking is an investment to meet business goals. Make it clear that you’re not playing silly hacker games.

Comments (0)

Leave a Reply


Post Comment

Videos

How to Secure a Laptop 1:40
How to Tune Your Guitar 4:44
More Videos »

DUMMIES STORE

Cover image for product 0470550937
Hacking For Dummies, 3rd Edition
US $29.99 Add to Cart
Cover image for product 0764573365
Preventing Identity Theft For Dummies
Cover image for product 0470465441
Raising Chickens For Dummies
US $19.99 Add to Cart
More items in the Store »

Grab a free widget and we'll bring interesting & helpful tips to your favorite personal page each day

Sign Up for RSS Feeds

Computers & Software

Inside Dummies.com

BUSINESS & CAREER STRATEGIES

Achieve optimal results in your business or career with sound advice and solid tips.
Achieve optimal results in your business or career with sound advice and solid tips.

THANKSGIVING: DINNER IDEAS & RECIPES

Entertaining for Thanksgiving doesn't have to cost a lot of money. Check out new ideas, tips, and more.
Entertaining for Thanksgiving doesn’t have to cost a lot of money. Check out new ideas, tips, and more.

INTRODUCING WINDOWS 7

Find out what to expect from Windows 7 with our new articles, cheat sheets, and more!
Find out what to expect from Windows 7 with our new articles, cheat sheets, and more!

Dummies.com Sweepstakes

Enter to win a $5000 fashion makeover with style expert Jill Martin
Enter to win a $5000 fashion makeover with style expert Jill Martin