hakin9_StarterKit_01.pdf

~ t q w ~

~ t q w ~

~ t q w ~

Something new...

CD contents

A moment of honesty: I can play games, watch

some movies, send e-mails and make boring excel

sheet for my dad and that's it! Pretty amazing consid-

ering the fact that I'm an Editor of hakin9, technical

magazine for advanced security admins, don't you

think so? Well, I suppose I 'm not the only one who

has only basic computing skills and simply wants

to know more but doesn't know where to start...

If you have a similar impression, this magazine is

intended for you! We've prepared hakin9 starter kit

in response to our readers' needs. hakin9 starter

kit is created for those who cannot truly understand

how to secure the system/application or why to do

so. hakin9 starter kit content is a prelude to more

advanced techniques presented in hakin9 Hard Core

IT Security Magazine.

If, sometimes, you feel overwhelmed with all the

information – and lack of it – hakin9 starter kit issue

would be a great addition to standard hakin9 maga-

zine.

This edition starts with the entry level examples

of the most popular security topics and consists of

the articles that were published in previous English

editions in 2005 and were both selected and updated

by Shyaam Sundhar R. S. The main idea standing

behind the first issue is to define what information/

system security is; introduce the basic terminology

and provide an overview of some of the – essential

for information/system security – technical compo-

nents (firewalls, IDS, HIDS, basic system/application

hardening, log monitoring, antivirus, etc.). Last but

not least we will move on to present some basic

security assessment tools (vulnerability scan-

ners, patch scanners, network mapping tools, and

penetration/exploit tools).

We hope that we manage to meet your expecta-

tions by giving you these two magazines, hakin9 and

hakin9 starter kit, covering general questions of IT

security and bringing easy to reach, generic knowl-

edge as a helping hand.

As usually we would like to invite you to coopera-

tion – you are always welcome as articles authors,

betatesters, advisors. Your ideas and suggestions are

as precious as your security – our deepest concern.

Magdalena Błaszczyk

What's new in the latest hakin9.live version (3.1.2-

aur, MadWii Drivers, NTFS Support, Orphcrack)

and what the full commercial versions of must-have

applications you will ind (LANState 1.2, Keylogger

1.7, Password Protector 2006, System Tweaker, VIP

Privacy).

Safe Storage of conidential data

under GNU/Linux

Piotr Tyburski

This writting presents the use of advanced crypto-

graphic algorithms that seem to be the only guar-

antee for a safe data storage under GNU/Linux. The

Linux users will learn how to make sure if data is

being protected by the use of the tools that are avail-

able for free.

Dangerous Google

– searching for secrets

Michał Piotrowski

You will get to know how to ind conidential data using

Google - the most popular Web browser. The article

also shows an effective way of looking for information

on vulnerable systems and Web services as well as

publicly available network devices.

Bluetooth connection security

Tomasz Rybicki

Although Bluetooth is extremely popular all over the

world and believed to be a support for the technol-

ogy, it can also be used for malicious purposes, such

as private data snooping, causing inancial losses or

locating the device owner. From this article the reader

learns how to detect Bluetooth-enabled devices, how

to attack detected devices and how to deal with Blue-

tooth viruses.

Marta Ogonek

marta.ogonek@hakin9.org

Internal penetration tests

Marcin Kurpiewski

Penetration tests are used to expose holes in IT sys-

tems' security. Thanks to this article you might learn

how to conduct an internal pen – test by stimulating

the actions a potential intruder would undertake.

A great source of system iniltration methods.

www.en.hakin9.org

hakin9 starter kit 1/2007

~ t q w ~

Practical IT Security Solutions for Newbies

Robot Wars – how botnets work

Editor in Chief: Ewa Dudzic ewal@software.com.pl

Executive Editor: Marta Ogonek marta.ogonek@hakin9.org

Editor: Magdalena Błaszczyk magdalena.błaszczyk@hakin9.org

Contributing Editor: Shyaam Sundhar R. S.

DTP Director: Marcin Pieśniewski marcin.piesniewski@software.com.pl

Art Director: Agnieszka Marchocka agnes@software.com.pl

CD: Rafał Kwaśny

Proofreaders: N. Potter, D. F. Leer, M. Szuba, P. S. Rieth

Top betatesters: Wendel Guglielmetti Henrique, Justin Seitz,

Peter Hüwe, Damian Szewczyk, Peter Harmsen, Kevin Bewley

Massimiliano Romano, Simone Rosignoli, Ennio Giannini

This text sheds the light on what are bots, botnets and

on the way they work. The reader will get to know how

hosts are infected and controlled and what are the

available bot infestation prevetion methods.

Voice over IP security

– SIP and RTP protocols

President: Monika Godlewska monikag @software.com.pl

Senior Consultant/Publisher: Paweł Marciniak pawel@software.com.pl

National Sales Manager: Monika Godlewska monikag@software.com.pl

Production Director: Marta Kurpiewska marta@software.com.pl

Marketing Director: Ewa Dudzic ewal@software.com.pl

Advertising Sales: Marta Ogonek marta.ogonek@hakin9.org

Subscription: subscription@software.com.pl

Prepress technician: Marcin Pieśniewski

marcin.piesniewski@software.com.pl

Tobias Glemser, Reto Lorenz

VoIP is still one of the hottest buzzwords in IT world.

Thanks to this article you will get to know what are

the basics of the SIP protocol. Additionally, you will be

shown a number of attack techniques used against

VoIP users and providers.

Publisher: Software Media LLC

(on Software Publishing House licence www.software.com.pl/en )

Postal adderss:

Software Media LLC

1461 A First Avenue, # 360

New York, NY 10021-2209

USA

Tel: 004822 8871010

www.en.hakin9.org

How spam is sent

Software LLC is looking for partners from all over the World. If you are

interested in cooperating with us,

please contact us by e-mail: cooperation@software.com.pl

Tomasz Nidecki

This writing presents a wide range of spam related

information and operations. The author describes

how spammers send spam and how to protect serv-

ers from the results of their actions. You will be also

shown how the SMPT protocol functions.

Print: 101 Studio, Firma Tęgi

Printed in Poland

Distributed in the USA by: Source Interlink Fulfillment Division, 27500

Riverview Centre Boulevard, Suite 400, Bonita Springs, FL 34134

Tel: 239-949-4450.

Pharming

– DNS cache poisoning attacks

Distributed in Australia by: Gordon and Gotch, Australia Pty Ltd.

Level 2, 9 Roadborough Road, Locked Bag 527, NSW 2086, Sydney, Australia

Tel: + 61 2 9972 8800

Whilst every effort has been made to ensure the high quality

of the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only

for informative purposes. All rights to trade marks presented

in the magazine are reserved by the companies which own them.

Mariusz Tomaszewski

The attacks connected with inancial transactions are

more and more frequent nowadays, often making use

of a pharming method. This writting presents how

pharming works and how to defend from it; how DNS

cache poisoning attacks are carried out and which of

DNS servers prooved to be the most secure.

To create graphs and diagrams we used program by

company.

CDs included to the magazine were tested with AntiVirenKit by G DATA

Software Sp. z o.o

Upcoming

The editors use automatic DTP system

Magdalena Błaszczyk

Here we present the subjects that will be brought up

in the upcoming hakin9 starter kit.

ATTENTION!

Selling current or past issues of this magazine for prices that are

different than printed on the cover is – without permission of the

publisher – harmful activity and will result in judicial liability.

DISCLAIMER!

The techniques described in our articles may only be

used in private, local networks. The editors hold no

responsibility for misuse of the presented techniques

or consequent data loss.

hakin9 starter kit 1/2007

~ t q w ~

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: