This work shows network administrators and security testers how to enter the mindset of a malicious hacker and perform penetration testing on their own networks. It is thoroughly updated with more than 30 percent new content, including coverage of Windows XP SP2 and Vista, a rundown of new security threats, expanded discussions of rootkits and denial of service (DoS) exploits, new chapters on file and database vulnerabilities and Google hacks, and guidance on new hacker tools such as Metaspoilt. Topics covered include developing an ethical hacking plan, counteracting typical hack attacks, reporting vulnerabilities to upper management, managing security changes, and training end-users on how to avoid becoming victims of social engineering. The author is a veteran security pro who has performed penetration testing for nearly two decades and is a regular speaker at security conferences such as RSA.

Contents: Foreword. Introduction. Part I: Building the Foundation for Ethical Hacking. Chapter 1: Introduction to Ethical Hacking. Chapter 2: Cracking the Hacker Mindset. Chapter 3: Developing Your Ethical Hacking Plan. Chapter 4: Hacking Methodology. Part II: Putting Ethical Hacking in Motion. Chapter 5: Social Engineering. Chapter 6: Physical Security. Chapter 7: Passwords. Part III: Hacking the Network. Chapter 8: War Dialing. Chapter 9: Network Infrastructure. Chapter 10: Wireless LANs. Part IV: Hacking Operating Systems. Chapter 11: Windows. Chapter 12: Linux. Chapter 13: Novell NetWare. Part V: Hacking Applications. Chapter 14: Messaging Systems. Chapter 15: Web Applications. Part VI: Ethical Hacking Aftermath. Chapter 16: Reporting Your Results. Chapter 17: Plugging Security Holes. Chapter 18: Managing Security Changes. Part VII: The Part of Tens. Chapter 19: Ten Tips for Getting Upper Management Buy--In. Chapter 20: Ten Deadly Mistakes. Appendix: Tools and Resources. Index.