滲透測試入門實戰

qinghuawenkang發表於2018-11-28

滲透測試入門實戰
[美] Sean-Philip Oriyano 著
李博 杜靜 李海莉 譯
安全技術經典譯叢
北  京
滲透測試入門實戰 文前.indd 1 2017/12/7 10:19:56
Sean-Philip Oriyano
Penetration Testing Essentials
EISBN: 978-1-119-23530-9
Copyright © 2017 by John Wiley & Sons, Inc., Indianapolis, Indiana
All Rights Reserved. This translation published under license.
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John
Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without
written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not
associated with any product or vendor mentioned in this book.
本書中文簡體字版由 Wiley Publishing, Inc. 授權清華大學出版社出版。未經出版者書面許可,不得以任何
方式複製或抄襲本書內容。
北京市版權局著作權合同登記號 圖字: 01-2017-3863
Copies of this book sold without a Wiley sticker on the cover are unauthorized and illegal.
本書封面貼有 Wiley 公司防偽標籤,無標籤者不得銷售。
版權所有,侵權必究。侵權舉報電話: 010-62782989 13701121933
圖書在版編目(CIP)資料
滲透測試入門實戰 / (美)肖恩•飛利浦•奧瑞雅諾(Sean-Philip Oriyano) 著;李博,杜靜,李海莉 譯.
—北京:清華大學出版社, 2018
( 安全技術經典譯叢 )
書名原文 : Penetration Testing Essentials
ISBN 978-7-302-48693-0
Ⅰ. ①滲… Ⅱ. ①肖… ②李… ③杜… ④李… Ⅲ. ①計算機網路—安全技術 Ⅳ. ①TP393.08
中國版本圖書館 CIP 資料核字(2017)第 270947 號
責任編輯: 王 軍 於 平
封面設計: 牛豔敏 周曉亮
版式設計: 孔祥峰
責任校對: 曹 陽
責任印製: 楊 豔 楊 豔
出版發行: 清華大學出版社
網  址: ,
地  址: 北京清華大學學研大廈 A 座 郵  編: 100084
社 總 機: 010-62770175 郵  購: 010-62786544
投稿與讀者服務: 010-62776969, c-service@tup.tsinghua.edu.cn
質 量 反 饋: 010-62772015, zhiliang@tup.tsinghua.edu.cn
印 刷 者: 北京富博印刷有限公司
裝 訂 者: 北京市密雲縣京文制本裝訂廠
經  銷: 全國新華書店
開  本: 185mm×260mm 印  張: 18 字  數: 404 千字
版  次: 2018 年 1 月第 1 版 印  次: 2018 年 1 月第 1 次印刷
印  數: 1~3000
定  價: 59.80 元
—————————————————————————————————————————
產品編號: 074947-01
滲透測試入門實戰 文前.indd 2 2017/12/7 10:19:56
譯 者 序
隨著計算機網路技術的飛速發展並深入到經濟和社會的方方面面,盜用身份、竊取信
息和錢財,甚至進行網路恐怖攻擊等種種網路犯罪也隨之粉墨登場、愈演愈烈,從而催生
了日益強烈的安全防護需求,而滲透測試正是查詢、分析、展現潛在的安全問題並幫助制
定策略以降低安全風險的最佳手段之一。
滲透測試,又稱“白帽駭客”測試,是出於增強安全性的目的,在得到授權的前提
下,透過利用與惡意攻擊者相同的思路、技術、策略和手段,對給定組織機構的安全問題
進行檢測和評估的過程。透過滲透測試,能夠由“知彼”做到“知己”,發現使用傳統檢
測方法無法發現的攻擊路徑、攻擊方法和技術弱點,從而在安全問題被攻擊者利用之前,
對其未雨綢繆地進行修復。
本書作者Sean-Philip Oriyano是一位專注於安全領域25年的資深專家,同時還是一名
美軍准尉,指揮一支專門從事網路安全訓練、開發和策略制定的網路戰分隊,經驗十分豐
富。本書是一本關於滲透測試的入門書籍,適用於具有一定計算機技術基礎、希望更深入
學習滲透測試、在網路安全領域有所建樹的讀者。本書首先從攻擊者的視角,介紹了滲透
測試的基本概念和方法論,以及情報收集、漏洞掃描、密碼破解、維持訪問、對抗防禦措
施、無線網路與移動裝置攻擊、社會工程攻擊等種種滲透測試手段;然後從防禦方的角度
闡述瞭如何加固主機和網路的防護;最後給出瞭如何規劃職業發展,建立滲透測試實驗
室,進一步鍛鍊滲透測試技能的指南。書中介紹深入淺出,提供了豐富的操作例項和章後
思考題,便於讀者實踐和提高。
本書主要內容由李博、杜靜、李海莉翻譯,參與本書翻譯的還有程若思、韓哲、秦
富童、龐訓龍、孔德強、黃赬東、劉宇、袁學軍、歲賽等。為了完美地翻譯本書,做到
“信、達、雅”,譯者們在翻譯過程中查閱、參考了大量的中英文資料。當然,限於水平
和精力有限,翻譯中的錯誤和不當之處在所難免,我們非常希望得到讀者的積極反饋以利
於更正和改進。
感謝本書的作者們,於字裡行間感受到你們的職業精神和專業素養總是那麼令人愉
悅;感謝清華大學出版社給予我們從事本書翻譯工作和學習的機會;感謝清華大學出版社
的編輯們,他們為本書的翻譯、校對投入了巨大的熱情並付出了很多心血,沒有他們的幫
助和鼓勵,本書不可能順利付梓。
最後,希望讀者透過閱讀本書能夠早日掌握滲透測試的技術精髓,成為一名“行駭客
手段,顯白帽風範”的安全高手!
譯 者
獻  辭
本書獻給我的父母,他們賦予我成長過程中尤為寶貴的核心價值觀。雖然父親已經離
開了我們,但我仍然能時時處處感受到他的影響,事實上,我有時會感覺自己自豪地開懷
大笑的樣子和從前的他完全一樣。我的母親仍在人世(願她健康長壽),我要感謝她支援和
推動我鑽研科學技術,並賦予我對科幻、冷笑話的熱愛以及對正確行事的追求。我愛你們
兩人,這本書首先獻給你們。
我也想把這本書獻給軍隊的戰友,是他們慷慨地給予我就讀候補軍官學校(Officer
Candidate School, OCS)的機會,儘管我並不成熟並且以自我為中心。雖然學校裡經歷的
磨難當時令我難以忍受,但它幫助我的生活走上正軌,並認識到自己的能力。它也幫助我
意識到重要的並不是自己,而是那些生活受自己影響的人。我希望閱讀這本書的讀者都能
思考這些問題。 K上校、 A中校、 M上尉、 D上尉、 J上尉和A上尉,我永遠感謝你們對我
耐心、真誠、直接、坦率的評價。 我希望我已經成為一名令你們自豪的准尉。這本書也
是獻給你們的。
我最後還要將這本書獻給我的團隊,你們展示了化腐朽為神奇的能力。在過去的一年
裡,你們一直不斷地給我驚喜。你們讓我光鮮亮麗,但我不能自居功勞。我沒有承擔那些
繁重的工作,是你們承擔的;我缺乏即興發揮的能力和創造力,是你們提供的。 E上士、
L上士、 S上士和N准尉,請繼續出類拔萃,贏得榮譽。我還要感謝我的指揮官L中校,他
信賴我的能力,給予我完成這一切的支援。
致  謝
重複一次,需要感謝的人太多,我真心希望沒有漏掉任何人。
首先,感謝Jim Minatel給予我創作這本書的機會,我期待今後的其他機會。
接下來,我要感謝Kim Wimpsett。你無疑是我沒有因語言和辭不達意的段落顯得愚蠢
的主要原因。我不知道如何表達你在團隊中的價值,我希望未來我的每一個專案都有
你加入。
然後,我希望向美國軍隊的所有人致以謝意,不論你們是誰。雖然可能你們不一定所
有人都能安全回家(當然我真誠地希望都能),任何人都永遠不會被遺忘。而當我穿上制服
時,不僅是為了工作,也是為了紀念你們的犧牲。
作 者 簡 介
Sean-Philip Oriyano是一位資深安全專業人士和企業家。在過去的25年中,他將時間
分別投入到安全研究、諮詢和提供IT以及網路安全領域的培訓。此外,他還是一位在數字
和印刷媒體出版方面均有多年經驗的暢銷書作家。在過去十年中, Sean出版了幾本書,並
透過參與電視和廣播節目進一步擴大了他的影響力。到目前為止, Sean已經參加了十幾個
電視節目和廣播節目,討論不同的網路安全主題和技術。在攝像機前, Sean因其平易近人
的風度而著稱,並因深入淺出地解釋複雜話題的能力廣受好評。
除了從事自己的商業活動,他還是一名准尉,指揮一支專門從事網路安全訓練、開發
和戰略的分隊。此外,作為一名准尉,他被公認為是其領域的主題專家,經常在需要時被
要求提供專業知識、培訓和指導。
在不工作時, Sean是一位狂熱的障礙賽跑運動員,已經完成了多項賽事,其中包括一
項世界冠軍錦標賽,四次斯巴達三項大滿貫。他還喜歡旅遊、健身、 MMA格鬥、玩遊戲
“銀河戰士”和“塞爾達傳說”。
前  言
安全是當今世界受到高度重視的主題之一。由於人們越來越依賴不同形式的技術、隨
身數字產品以及許多其他型別的系統和裝置,對這些裝置和系統實際安全性究竟如何的關
注與日俱增。為了應對諸如身份盜用、資訊竊取、服務中斷、駭客運動甚至恐怖主義等網
絡犯罪的增加,許多公共和私人組織面臨著必須在自己成為網路犯罪的受害者以及發生訴
訟之前對這些潛在安全性問題進行測試、評估和修復的挑戰。正是為了應對過去、現在和
未來的此類情況,許多組織正在倉促實施或尋求各種安全解決方案。
因此,滲透測試者應運而生,他們背後代表的是查詢、分析、呈現和推薦策略以降低
安全事件引起的潛在風險的最佳和最有效手段之一。滲透測試者是那些利用他們對技術及
其漏洞和優勢的深刻理解,應客戶的要求搶在對組織不懷好意者之前定位和評估安全問題
的人。
本書讀者物件
本書的目標受眾包括那些已經擁有一定技術背景並希望進入滲透測試領域的人。與許
多涵蓋滲透測試主題的其他書籍不同,本書力圖以簡單易懂的方式介紹該主題。本書的目
標是幫助讀者更好地瞭解滲透測試過程,並透過學習各種滲透測試基礎理論和實踐練習獲
得經驗和知識。
在完成本書之後,你應該能對成為滲透測試者的意義以及成功所需的技能、工具和
通用知識有一個更好的瞭解。在完成本書並且練習了所學內容後,就掌握了尋求更先進技
術、測試方法和技能所需的工具。
本書使用條件
要充分利用本書的價值,需要有一些便利條件。在開始之前,你應該有一臺至少具有
8GB RAM的能夠執行最新版本微軟Windows或Kali Linux的計算機。此外,你應該有能夠
使用的虛擬化軟體,如Oracle的VirtualBox或VMware的產品;選擇使用何種虛擬化軟體取
決於個人喜好和經濟能力。
在你閱讀本書的過程中,將向你介紹用於完成任務的基於硬體和軟體的工具。在章節
和習題中,將給出所選工具的下載連結或透過其他方式獲取的方法。
各章內容提要
本書涵蓋了廣泛的滲透測試入門主題。下面列出了各章及其關注重點的簡介。
第1章“滲透測試簡介” 該章重點介紹滲透測試的一般原理,以及成功所需的技能
和知識。
第2章“作業系統與網路簡介” 對作業系統及其所連線網路的結構有著紮實瞭解是
滲透測試者所必需的。該章探討兩者的基本原理,以奠定學習的基礎。
第3章“密碼學簡介” 如果沒有加密技術,很多用於防止無意洩露資訊的手段將無
法正常工作。另外,如果不瞭解密碼學,滿足各種法律法規的要求將非常困難。該章介紹
密碼學功能和機制以及如何應用的基礎知識。
第4章“滲透測試方法學綜述” 為了可靠地獲得最完整和最有效的結果,滲透測試
有一套必須遵循的流程和方法。在該章中,將介紹最流行的執行滲透測試的方法。
第5章“情報收集” 滲透測試過程的第一步是收集有關目標的資訊。在該章中,將
探討收集資訊的各種手段,以及如何將它們整合到整個滲透過程中。
第6章“掃描和列舉” 一旦收集到關於目標的足夠的情報,即可開始探測並找出可
以提取哪些資訊。該章包括如何獲取使用者名稱、組、安全策略等資訊。
第7章“實施漏洞掃描” 想採取一種不同的方法瞭解目標? 那麼,可以使用手動或
自動漏洞掃描的過程,定位環境中的弱點,以供以後利用。
第8章“破解密碼” 由於密碼是許多環境和應用程式的第一線防禦,因此必須在獲
取這些有價值資訊的過程中投入一定時間。在列舉中已經獲得了使用者名稱,所以可以專注於
收集這些使用者名稱的密碼。
第9章“使用後門和惡意軟體保持訪問權” 透過調查、探索、突破,現在你已進入
系統。但是,在獲得訪問權並建立這個灘頭陣地後,如何才能保住它?該章要探討的正是
相關內容。
第10章“報告” 記住,你是在根據合同為客戶工作,目標是查詢問題並報告你的發
現。在該章中,將介紹報告的一般格式和謀篇佈局。
第11章“應對安防和檢測系統” 當然並非所有的系統都是門戶大開,等待滲透的。
事實上,許多系統中會有幾層不同形式的防禦,嚴陣以待。在這種情況下,入侵檢測和預
防系統是滲透測試者的死敵,而在該章中將學習如何應對它們。
第12章“隱藏蹤跡與規避檢測” 在犯罪現場留下線索極易導致被抓住和挫敗。在該
章中,將學習如何在事後進行清理,以使除了最堅定的人都無法發現你。
第13章“探測和攻擊無線網路” 無線網路普遍存在,因此幾乎在任何你所探索的環
境中都需要應對它。如果這些環境中包括移動裝置,就必然會遇到此類網路,然後即可將
之作為目標。
第14章“移動裝置安全” 無論你如何看待移動裝置,移動裝置都不會就此停下發展
的腳步,而是不斷推出新的形式、功能、外形,並且已成為我們日常生活中的一部分。由
於它們已被整合到商業環境中,並且商業和個人使用之間的界限已經模糊,因此你必須學
習如何應對移動裝置。
第15章“進行社會工程攻擊” 在每個系統中都有一個最弱的環節,在許多情況下,
最弱的環節是人類。作為一名滲透測試人員,可以利用你的伶牙俐齒、心理學和巧妙的措
辭,將談話引向那些能夠提供有用資訊的話題。
第16章“加固主機系統” 有著各種可用於遲滯或阻止攻擊的對策。最外層防線之一
是經常鎖定或者加固系統,以減少其被破壞的機會。
第17章“加固你的網路” 與加固主機一樣,具有可用於遲滯或阻止對網路的攻擊的
對策。刪除非必要協議,應用防火牆和其他機制可以遲滯並挫敗攻擊者。
第18章“規劃職業成功之路” 在該章中,將自己視為一名畢業生。現在你正在尋求
未來在滲透測試領域的發展。該章將提供下一步應如何繼續培養技能的指南。
第19章“建立一個滲透測試實驗室” 一名好的滲透測試者需要在實踐中練習所擁有
的裝備。在該章中,我們將探討如何建立一個可用於實踐和實驗的基礎實驗室。
目  錄
第1章 滲透測試簡介········································································1
1.1 滲透測試的定義············································································1
1.1.1 滲透測試者的工作內容···································································· 2
1.1.2 識別對手······················································································ 2
1.2 保護機密性、完整性與可用性··························································3
1.3 駭客進化史漫談············································································4
1.3.1 Internet的角色 ··············································································· 5
1.3.2 駭客名人堂(或恥辱柱)····································································· 6
1.3.3 法律如何分類駭客行為···································································· 7
1.4 本章小結·····················································································9
1.5 習題························································································· 10
第2章 作業系統與網路簡介····························································· 11
2.1 常見作業系統對比······································································· 11
2.1.1 微軟Windows ·············································································· 12
2.1.2 Mac OS······················································································ 13
2.1.3 Linux ························································································ 14
2.1.4 Unix·························································································· 15
2.2 網路概念初探············································································· 16
2.2.1 OSI模型····················································································· 17
2.2.2 TCP/IP 協議族 ············································································· 19
2.2.3 IP地址······················································································· 20
2.2.4 IP地址的格式·············································································· 22
2.2.5 網路裝置···················································································· 25
2.3 本章小結··················································································· 27
2.4 習題························································································· 27
第3章 密碼學簡介········································································· 29
3.1 認識密碼學的4個目標 ·································································· 29
3.2 加密的歷史················································································ 30
3.3 密碼學常用語············································································· 31
3.4 比較對稱和非對稱加密技術··························································· 32
3.4.1 對稱加密技術·············································································· 32
3.4.2 非對稱(公鑰)加密技術··································································· 34
3.5 透過雜湊演算法變換資料································································· 36
3.6 一種混合系統:使用數字簽名························································ 37
3.7 使用PKI···················································································· 38
3.7.1 認證證書···················································································· 39
3.7.2 構建公鑰基礎設施(PKI)結構··························································· 40
3.8 本章小結··················································································· 40
3.9 習題························································································· 40
第4章 滲透測試方法學綜述····························································· 43
4.1 確定工作的目標和範圍································································· 43
4.2 選擇要執行的測試型別································································· 45
4.3 透過簽訂合同獲取許可································································· 46
4.3.1 收集情報···················································································· 47
4.3.2 掃描與列舉················································································· 48
4.3.3 滲透目標···················································································· 49
4.3.4 維持訪問···················································································· 50
4.3.5 隱藏痕跡···················································································· 50
4.3.6 記錄測試結果·············································································· 50
4.3.7 瞭解EC-Council流程 ····································································· 51
4.4 依法測試··················································································· 52
4.5 本章小結··················································································· 53
4.6 習題························································································· 54
第5章 情報收集············································································ 55
5.1 情報收集簡介············································································· 55
5.1.1 資訊分類···················································································· 56
5.1.2 收集方法分類·············································································· 56
5.2 檢查公司網站············································································· 57
5.2.1 離線檢視網站·············································································· 58
5.2.2 尋找子域···················································································· 59
5.3 找到不復存在的網站···································································· 60
5.4 用搜尋引擎收集資訊···································································· 60
5.4.1 利用谷歌進行駭客活動·································································· 61
5.4.2 獲取搜尋引擎告警········································································ 61
5.5 使用搜人網站定位員工································································· 62
5.6 發現位置資訊············································································· 63
5.7 應用社交網路············································································· 64
5.8 透過金融服務查詢資訊································································· 67
5.9 調查職位招聘公告欄···································································· 67
5.10 搜尋電子郵件 ··········································································· 68
5.11 提取技術資訊 ··········································································· 68
5.12 本章小結 ················································································· 69
5.13 習題 ······················································································· 69
第6章 掃描和列舉········································································· 71
6.1 掃描簡介··················································································· 71
6.2 檢查存活系統············································································· 72
6.3 執行埠掃描 ············································································ 76
6.3.1 全開掃描(埠掃描)······································································ 78
6.3.2 隱蔽掃描(半開掃描)······································································ 79
6.3.3 聖誕樹掃描················································································· 80
6.3.4 FIN掃描····················································································· 80
6.3.5 NULL掃描·················································································· 81
6.3.6 ACK掃描 ··················································································· 81
6.3.7 分段掃描···················································································· 82
6.3.8 UDP掃描···················································································· 84
6.4 識別作業系統············································································· 84
6.5 漏洞掃描··················································································· 86
6.6 使用代理伺服器(即保持低調)························································· 87
6.7 進行列舉··················································································· 88
6.7.1 有價值的埠·············································································· 88
6.7.2 利用電子郵件ID ·········································································· 89
6.7.3 SMTP列舉·················································································· 89
6.7.4 常被利用的服務··········································································· 91
6.7.5 NetBIOS ···················································································· 91
6.7.6 空會話······················································································· 93
6.8 本章小結··················································································· 93
6.9 習題························································································· 94
第7章 實施漏洞掃描······································································ 95
7.1 漏洞掃描簡介············································································· 95
7.2 認識漏洞掃描的侷限···································································· 96
7.3 漏洞掃描流程概述······································································· 97
7.3.1 對現有裝置進行定期評估······························································· 97
7.3.2 評估新的系統············································································· 98
7.3.3 理解掃描目標············································································· 98
7.3.4 緩解風險··················································································· 98
7.4 可執行的掃描型別 ······································································ 99
7.5 本章小結··················································································100
7.6 習題························································································100
第8章 破解密碼·········································································· 101
8.1 識別強密碼···············································································101
8.2 選擇一種密碼破解技術································································102
8.3 實施被動線上攻擊······································································103
8.3.1 網路嗅探和資料包分析································································· 103
8.3.2 中間人攻擊················································································ 104
8.4 實施主動線上攻擊······································································104
8.4.1 密碼猜測··················································································· 104
8.4.2  惡意軟體·················································································· 105
8.5 實施離線攻擊············································································105
8.6 使用非技術性方法······································································107
8.6.1 預設密碼··················································································· 107
8.6.2 猜測························································································· 108
8.6.3 使用快閃記憶體驅動器竊取密碼······························································ 108
8.7 提升許可權··················································································109
8.8 本章小結··················································································110
8.9 習題························································································111
第9章 使用後門和惡意軟體保持訪問權·············································113
9.1 決定如何攻擊···········································································113
9.2 使用PsTools安裝後門 ·································································114
9.3 使用LAN Turtle開啟一個shell·······················································115
9.4 識別各種惡意軟體·····································································116
9.5 啟動病毒·················································································117
9.5.1 病毒的生命週期·········································································· 117
9.5.2 病毒的型別················································································ 119
9.6 啟動蠕蟲··················································································121
9.7 啟動間諜軟體············································································122
9.8 植入木馬··················································································123
9.8.1 使用netcat工作 ··········································································· 124
9.8.2 與netcat通訊 ·············································································· 126
9.8.3 使用netcat傳送檔案 ····································································· 126
9.9 安裝rootkit················································································127
9.10 本章小結 ···············································································127
9.11 習題 ·····················································································128
第10章 報告 ·············································································· 129
10.1 報告測試引數 ··········································································129
10.2 收集資訊 ················································································130
10.3 突出重要資訊 ··········································································131
10.4 新增支援文件 ··········································································134
10.5 實施質量保證 ··········································································135
10.6 本章小結 ················································································136
10.7 習題 ······················································································136
第11章 應對安防和檢測系統 ························································· 137
11.1 檢測入侵 ················································································137
11.1.1 基於網路的入侵檢測································································· 137
11.1.2 網路檢測引擎的分類································································· 139
11.1.3 基於主機的入侵檢測································································· 140
11.1.4 入侵防禦系統·········································································· 140
11.2 識別入侵痕跡 ··········································································141
11.2.1 主機系統入侵·········································································· 141
11.2.2 統一威脅管理·········································································· 142
11.2.3 網路入侵的指標······································································· 142
11.2.4 入侵的模糊跡象······································································· 143
11.3 規避IDS ·················································································143
11.3.1 以IDS為目標··········································································· 144
11.3.2 混淆······················································································ 144
11.3.3 利用隱蔽通道·········································································· 145
11.3.4 “狼來了” ············································································· 145
11.3.5 透過加密進行規避···································································· 146
11.4 攻破防火牆 ·············································································146
11.4.1 防火牆配置············································································· 147
11.4.2 防火牆的型別·········································································· 148
11.4.3 瞭解目標················································································ 148
11.4.4 防火牆上“蹈火” ···································································· 149
11.5 使用蜜罐:披著羊皮的狼 ···························································151
11.5.1 檢測蜜罐················································································ 152
11.5.2 蜜罐的問題············································································· 152
11.6 本章小結 ················································································153
11.7 習題 ······················································································153
第12章 隱藏蹤跡與規避檢測 ························································· 155
12.1 認識規避動機 ··········································································155
12.2 清除日誌檔案 ··········································································156
12.2.1 禁用Windows中的日誌記錄過程 ·················································· 157
12.2.2 刪除日誌檔案中的事件······························································ 158
12.2.3 清除Linux計算機上的事件日誌 ··················································· 160
12.2.4 擦除命令歷史·········································································· 160
12.3 隱藏檔案 ················································································161
12.3.1 使用備用資料流(NTFS)隱藏檔案 ················································· 161
12.3.2 用隱寫術隱藏檔案···································································· 163
12.4 規避防病毒軟體檢測 ·································································166
12.5 透過後門規避防禦 ····································································168
12.6 使用rootkit進行規避 ··································································169
12.7 本章小結 ················································································170
12.8 習題 ······················································································170
第13章 探測和攻擊無線網路 ························································· 171
13.1 無線網路簡介 ··········································································171
13.1.1 認識無線網路標準···································································· 172
13.1.2 比較5GHz和2.4GHz無線網路 ······················································ 173
13.1.3 識別無線網路的元件································································· 174
13.1.4 Wi-Fi認證模式········································································· 177
13.2 攻破無線加密技術 ····································································178
13.2.1 破解WEP ··············································································· 178
13.2.2 從WEP轉換到WPA··································································· 179
13.2.3 破解WPA和WPA2 ···································································· 180
13.2.4 瞭解無線部署選項···································································· 181
13.2.5 防護WEP和WPA攻擊································································ 183
13.3 進行Wardriving 攻擊··································································183
13.4 進行其他型別的攻擊 ·································································185
13.5 選擇攻擊無線網路的工具 ···························································186
13.5.1 選擇實用程式·········································································· 187
13.5.2 選擇合適的無線網路卡································································· 187
13.6 破解藍芽 ················································································189
13.6.1 藍芽攻擊的型別······································································· 190
13.6.2 關於藍芽的注意事項································································· 191
13.7 物聯網駭客技術 ·······································································192
13.8 本章小結 ················································································192
13.9 習題 ······················································································193
第14章 移動裝置安全 ·································································· 195
14.1 認識當今的移動裝置 ·································································195
14.1.1 移動作業系統的版本和型別························································ 196
14.1.2 移動裝置面臨的威脅································································· 197
14.1.3 移動安全的目標······································································· 197
14.2 使用Android作業系統 ································································199
14.2.1 Android系統的root操作······························································ 200
14.2.2 在沙箱中操作·········································································· 200
14.2.3 搭建定製的Android系統····························································· 202
14.3 使用蘋果iOS ···········································································203
14.4 查詢移動裝置中的安全漏洞 ························································204
14.4.1 破解移動密碼·········································································· 204
14.4.2 尋找不受保護的網路································································· 205
14.5 有關自帶裝置 ··········································································205
14.6 選擇測試移動裝置的工具 ···························································206
14.7 本章小結 ················································································207
14.8 習題 ······················································································207
第15章 進行社會工程攻擊 ···························································· 209
15.1 社會工程導論 ··········································································209
15.2 利用人性 ················································································210
15.3 像社會工程攻擊者那樣行動 ························································211
15.4 選擇特定的受害者 ····································································212
15.5 利用社交網路 ··········································································213
15.6 實現更安全的社交網路 ······························································213
15.7 本章小結 ················································································214
15.8 習題 ······················································································215
第16章 加固主機系統 ·································································· 217
16.1 加固簡介 ················································································217
16.2 防禦三原則 ·············································································218
16.2.1 採取縱深防禦的方法································································· 218
16.2.2 貫徹隱式拒絕原則···································································· 219
16.2.3 貫徹最小許可權原則···································································· 220
16.3 建立安全基線 ··········································································221
16.4 使用組策略進行加固 ·································································222
16.5 桌面系統安全加固 ····································································223
16.5.1 管理補丁················································································ 224
16.5.2 增強密碼················································································ 227
16.5.3  謹慎安裝軟體········································································· 228
16.5.4 使用防病毒軟體包···································································· 229
16.6 備份系統 ················································································229
16.7 本章小結 ················································································230
16.8 習題 ·····················································································231
第17章 加固你的網路 ·································································· 233
17.1 網路加固簡介 ··········································································233
17.2 入侵檢測系統 ··········································································234
17.2.1 IDS原理綜述··········································································· 234
17.2.2 HIDS的元件············································································ 235
17.2.3 IDS的侷限性··········································································· 235
17.2.4 調查事件················································································ 236
17.3 防火牆 ···················································································236
17.3.1 防火牆的原理·········································································· 237
17.3.2 防火牆的侷限性······································································· 238
17.3.3 實現防火牆············································································· 239
17.3.4 制定防火牆策略······································································· 240
17.3.5 網路連線策略·········································································· 240
17.4 物理安全控制項 ·······································································241
17.5 本章小結 ················································································242
17.6 習題 ······················································································242
第18章 規劃職業成功之路 ···························································· 243
18.1 選擇職業發展路線 ····································································243
18.2 建立資料庫 ·············································································245
18.3 練習寫作技術文章 ····································································246
18.4 展示你的技能 ··········································································246
18.5 本章小結 ················································································247
18.6 習題 ······················································································247
第19章 建立一個滲透測試實驗室 ··················································· 249
19.1 決定建立實驗室 ·······································································249
19.2 考慮虛擬化 ·············································································250
19.2.1 虛擬化的優點·········································································· 251
19.2.2 虛擬化的缺點·········································································· 252
19.3 開始行動,以及所需資源 ··························································252
19.4 安裝軟體 ················································································253
19.5 本章小結 ················································································254
19.6 習題 ······················································································255
附錄 習題答案············································································ 257
滲透測試簡介
你已決定成為一名滲透測試者(通常被稱為pentester),但還不知如何入手?本書將幫
助你瞭解成為滲透測試者的意義,以及這一角色需要具備的技術和擔負的道義責任。你將
獲得在滲透和實踐安全領域取得成功所必備的技能。
具體而言,你將接觸到多種正在用於駭客攻防第一線的方法;同時,還將接觸到可用
於滲透測試中以獲取資訊或建立用於發起更高階攻擊的支撐點的種種技術。
另外,瞭解攻擊者的動機有助於掌握攻擊範圍甚至知曉攻擊細節。事實上,需要站在
攻擊者的角度以理解他們發起攻擊的原因,繼而利用這種經驗來測試客戶的網路。
本章將學習:
" 滲透測試的定義及滲透測試者的工作內容
" 為何要保護機密性、完整性和可用性
" 回顧駭客和滲透測試的歷史
1.1  滲透測試的定義
在當今世界中,由於各類組織不得不更為認真地審視其安全態勢及改善方法,滲透測
試者變得更為重要。諸如零售巨頭塔吉特(Target)百貨以及娛樂巨頭索尼(Sony)公司遭受的
攻擊等一些重大安全事件,引發了人們對於訓練有素、技能豐富,能夠了解系統弱點並能
予以定位的安全專家的需求的關注。透過採取一套綜合了技術、行政和物理手段的程式,
許多組織機構已經學會抵禦他們系統中的漏洞。
技術手段包含運用虛擬專用網(Virtual Private Network, VPN)、加密協議、入侵
檢測系統(Intrusion Detection System, IDS)、入侵防禦系統(Intrusion Prevention
System, IPS)、訪問控制列表(Access Control List, ACL)、生物識別技術、智慧卡
技術以及其他有助於提高安全性的裝置。
行政手段包含運用政策、規程以及其他在過去的十年間應用和加強的規則。
物理手段包含運用諸如電纜鎖、裝置鎖、報警系統和其他類似裝置。
作為一名滲透測試者,必須為測試包含上述一種或多種技術的各類環境以及幾乎數不
勝數的其他情況做好準備。那麼,滲透測試者到底承擔了什麼角色?
1.1.1 滲透測試者的工作內容
滲透測試者通常由組織機構以內部員工或外部實體(例如按職位或按專案的承包商)的
形式僱傭。不管採取何種僱傭形式,滲透測試者都要開展滲透測試:利用與惡意攻擊者相
同的技術、策略和手段,對給定組織結構的安全性進行調查、評估和測試。滲透測試者與
惡意攻擊者的主要不同在於目的以及是否獲得所評估系統的所有者的法律許可。此外,滲
透測試者不得向除客戶指定人員之外的任何人透露測試結果。為保證雙方權益,僱用者通
常會與滲透測試者簽署一份保密協議(Nondisclosure Agreement, NDA)。這麼做既可以保
護公司的財產,又可允許滲透測試者訪問內部資源。最終,滲透測試者根據合同為公司服
務,而合同規定了哪些行為是違規的以及在測試結束時滲透測試者需要提交哪些內容。合
同的所有細節取決於組織機構的具體需求。
其他一些術語也常用於稱呼滲透測試者:滲透測試人員、道德駭客和白帽駭客。所有
這些術語都是正確的,它們描述的是同一類人員(儘管在某些場合有的人可能會就這些明
顯的近義詞展開爭論)。通常情況下,最常用的是滲透測試者。不過國際電子商務顧問局
(EC-Council)在它自己的證書“道德駭客認證(Certified Ethical Hacker)”中使用的是“道德
駭客”這一稱呼。
在某些場合,“什麼人才算是駭客”一直是一個熱議
話題。幾年來,筆者曾就“駭客”這一術語是褒是貶參與過
許多有趣的討論。許多駭客壞事做盡、百無一益,電影、電
視、書籍及其他媒體上也往往正是這樣描寫他們的。然而,
駭客也發生了進化,這一術語不再只指那些從事犯罪的人。
事實上,許多駭客已經表明,儘管他們具備犯罪和毀滅的能
力,但他們更有興趣的是與客戶和他人交流以幫助他們提高
安全性或進行相應研究。
1.1.2 識別對手
在現實世界中,可以對駭客分門別類,以區分他們的技能和意圖。
指令碼小子  此類駭客只獲得了有限的訓練或完全未經訓練,只知道如何使用基本的
工具或技術。他們甚至可能完全不理解自己正在做什麼。
白帽駭客 此類駭客按照攻擊團隊的方式思考,但為好人服務。一般認為他們的特徵
是,有著一套通常被視為道德規範的“不造成任何損害”的原則。這個群體也被稱為滲透
測試者。
灰帽駭客 此類駭客遊走在黑白兩道之間,現已決定改弦更張,棄惡從善。但即使已
改過自新,仍不能完全信任他們。另外,在現代安全界,這類人員也會發現並利用漏洞,
而後將結果提供給供應商,可能免費,也可能換取某種形式的報酬。
為保險起見,不想造
成困擾的專業人士應避免
使用“駭客”一詞,以免
引起客戶可能的恐慌。
“滲透測試者”這一術語
應是首選。
黑帽駭客 此類駭客是違反法律的惡徒。他們的行動可能有一定的計劃,也可能毫
無規律可言。在大多數情況下,黑帽駭客的做法和徹頭徹尾的犯罪行為之間並沒有太大
區別。
網路恐怖分子 網路恐怖分子是一種新形式的攻擊者,他們試圖摧毀目標而不考慮隱
藏身份。本質上他們是為證明某個觀點,而並不擔心被捕或入獄。
1.2  保護機密性、完整性與可用性
任何有安全意識的組織都在努力維護CIA安全三要素,即機密性(confidentiality)、完
整性(integrity)和可用性(availability)這三個核心原則。以下列表描述了其核心概念。在履
行滲透測試任務和職責時應牢記這些概念。
機密性 這是指對資訊的保護,使其免遭非授權者獲取。用於保護機密性的控制措施
是許可權和加密。
完整性 這是指將資訊保持為一種可保留其原始意圖的格式,即接收者開啟的資料與
建立者意圖建立的資料相同。
可用性 這是指保證資訊和資源對需要它們者可用。簡而言之,無論資訊或資源多麼
安全,如果不能在需要時就緒並且可用,它們將毫無用處。
在進行系統安全性評估和規劃時, CIA準則即使不是最重要的保障目標,也是最重要
的目標之一。在瞄準一個系統後,攻擊者便會嘗試破壞或擾亂這些目標。 CIA安全三要素
的相輔相成關係如圖1.1所示 。

為何CIA安全三要素如此重要?考慮一下,如果投資公司或國防承包商遭受了被某個
惡意團體洩密的事件,會產生怎樣的後果?結果將是災難性的,更不用提它可能會使組織
面臨嚴重的民事甚至刑事風險。作為一個滲透測試者,要做的就是努力在客戶的環境中發
現破壞CIA準則的漏洞並搞清楚其機理,而另一種分析該問題的角度是使用一種本書稱為
反CIA準則(見圖1.2)的工具。

不當洩露 這是指由於疏忽、事故或惡意,導致資訊或資源向外洩露或得以訪問。簡
而言之,如果不是有權訪問物件的人,那麼永遠不應訪問到它。
未授權修改 它是完整性的對立面,是指未經授權或其他形式的資訊修改。這種修改
可能是由於錯誤、意外訪問或者主觀惡意造成的。
中斷(亦稱損失) 這是指失去對資訊或資源的訪問,而本不應該這樣。本質上,當需
要時而不在其處的資訊就是無用的。雖然資訊或其他資源不可能100%可用,但某些組織
花費時間和金錢來獲得99.999%的正常執行時間,這相當於平均每年只有約6分鐘的停機
時間。
1.3  駭客進化史漫談
滲透測試者的角色常常成為IT安全行業中易被誤解的職位之一。為了瞭解這個角色,
首先需要回顧一下滲透測試者的前身(即駭客)的進化史。
“駭客”一詞已有很長曆史,其源頭可以追溯到五十餘年前(20世紀60年代)的那些技
術狂人。這些人和今天的駭客不一樣,他們只不過是對新技術有好奇心和熱情,並花時間
探索早期系統內在機理和侷限性的人。早期,這些駭客會尋找目標系統,並嘗試透過發掘
系統的新功能或發現對當時技術而言未公開或未知的秘密來挑戰極限。雖然技術已經取得
了長足的進步,但這些早期駭客的理念卻一直得以延續。
駭客一詞在技術行業中具有雙重意義,它既可以描述軟體程式設計師,也可以描述那些未
經許可侵入計算機和網路的人。前者的含義更為正面,而後者則帶有貶義。凡涉及計算機
或其他相關技術時,必使用駭客一詞的新聞媒體使其含義更加混亂。基本上,新聞媒體、
電影和電視節目會把任何改變技術或具有高水平知識的人稱為駭客。
回顧這些早期的技術愛好者時,可以發現他們有一個共同的特點,那就是對新技術
的好奇心和對學習新事物的渴望。最初的駭客們的好奇心是由院校或企業中的大型機激
發的。而隨著時間的推移,個人電腦(PC)引起了他們的注意,因為它是一項全新的、光芒
四射的技術,有待探索、解析和利用。事實上,早期PC機(的普及)使得相比之前的短暫年
代,能夠有更多的人繼承技術愛好者和駭客的衣缽。 20世紀90年代, Internet使得駭客能夠
比以往任何時候都更加容易地廣泛傳播他們的活動,這對他們形成了不可抗拒的誘惑。現
在,在2016年之後的今天,我們比以前任何時候都有更多(被入侵)的可能。 Wi-Fi、藍芽、
平板電腦和智慧手機以及其他許多技術的爆炸式增長進一步增加了混亂,以及可被駭客入
侵攻擊的裝置的數量。隨著技術的發展,駭客也在進步,他們不斷增強的技術能力和創造
力導致攻擊也在不斷進化。
由於消費類產品並不像注重產品功能那麼重視安全,因此攻擊也變得更加容易。說到
底,通常釋出新產品(如平板電腦、 PC或其他產品)的製造商往往側重於產品的功能,而不
關注產品是否安全。儘管近幾年來這種趨勢可能有所改變,一些供應商比過去更加註重產
品安全,但別高興得太早,許多產品在預設情況下仍然存在漏洞。
1.3.1 Internet的角色
Internet向公眾開放後不久,駭客更加多產,也更加危險。起初在Internet上進行的許
多攻擊都是惡作劇式的,如篡改網頁或類似的行為。雖然最初Internet上的這些攻擊本質上
可能是惡作劇,但後來的攻擊惡劣程度要嚴重得多。
事實上, 2000年以來,發生的攻擊事件越來越複雜,攻擊性越來越強,公開化程度也
越來越高。一個例子是2014年8月蘋果公司雲資料服務iCloud的大規模資料洩露,導致數
百位名人的各種親密照片被公之於眾。遺憾的是,蘋果公司的客戶條款使得客戶並不能追
究其資料洩露和其他問題的責任。迄今為止,該攻擊事件已導致多起因照片被盜而提起的
訴訟,同時也給蘋果公司帶來了大量負面公眾影響。由於資料洩露而被盜的照片現在可在
Internet上隨意找到,並且以野火燎原之勢傳播,這給照片上的人帶來了極大的困擾。
惡意駭客造成損害的另一個例子是發生在2014年9月的塔吉特公司資料洩露事件。該
事件造成約5600萬個信用卡賬戶洩露。這一資料外洩事件距上一次廣為人知的塔吉特公司
資料洩露事件還不到一年時間,而上次事件導致4000萬客戶賬戶的洩露。
最後一個例子來自美國政府於2016年3月提供的資訊。據透露,截至2015年3月的18
個月期間,已經報告了對奧巴馬醫改網站316個不同嚴重程度的網路安全事件。數以百萬
計的美國人使用該網站搜尋和獲取醫療保健資訊,除了12個州和華盛頓特區外的所有地區
都使用它。雖然對這些事件的全面分析表明尚未洩露任何個人資訊,如社保賬號或家庭住
址,但它確實表明該網站可能被視為竊取此類資訊的有效目標。令人有些擔憂的是,事實
上(該網站)現在還存在著許多其他嚴重的安全問題,如未打補丁的系統和整合度不佳的系
統等(容易被駭客利用)。
所有這些攻擊都是正在發生的並且對公眾造成傷害的惡意攻擊的例子。
許多因素促成了駭客和網路犯罪的增加,其中Internet上可用的海量資料以及新技術
和數碼產品的擴散是兩大首要原因。 自2000年以來,越來越多的行動式裝置出現在市場
上,且功能和效能均穩步增長。 智慧手機、平板電腦以及可穿戴計算和類似產品已經變
得高度開放,易於聯網,可讓人們輕鬆共享資訊。 此外,請注意可連線Internet裝置的巨
大數量,例如智慧手機、平板電腦和其他隨身攜帶的數碼產品數量。 上述所有例子都引
起了犯罪分子的關注,其中許多人有著竊取金錢、資料和其他資源的動機。
許多發生在過去十幾年中的攻擊已不再由以往那類好奇駭客發動,而是其他群體。涉
及其中的群體包括那些有政治動機的團體、激進組織和罪犯。雖然很多網路攻擊仍然由好
奇者或惡作劇人士發動,但是這些更具惡意動機的攻擊往往更易被曝光併產生極大影響。
1.3.2 駭客名人堂(或恥辱柱)
許多駭客和罪犯選擇隱藏在假名之後,在很多案件中,他們一直逍遙法外,但這並不
意味著沒有一些知名的駭客人物和事件。下面是一些歷史上著名的駭客:
1988年,康奈爾大學的學生Robert T. Morris, Jr.製作了被認為是首個Internet蠕蟲的
病毒。由於對蠕蟲設計的疏忽,該病毒進行了極快的無差別複製,導致廣泛的速
度下降,影響了整個Internet。
1994年, Kevin Lee Poulsen使用假名“黑暗但丁(Dark Dante)”接管了位於洛杉磯
的KIIS-FM廣播電臺的所有電話線路,以確保他成為第102位來電者,贏得一輛保
時捷944 S2跑車。 Poulsen在出獄後由於成為第一個被禁止使用Internet的人而聲名
鵲起(儘管該禁令只是一個有期處罰)。該事件的一個花絮是, Poulsen現在是美國
《連線》雜誌的編輯。
1999年, David L. Smith製造了“梅利莎(Melissa)”病毒,該病毒設計為透過傳送
電子郵件入侵使用者地址簿,而後刪除受感染系統上的檔案。
2001年, Jan de Wit製造了以網壇美女庫爾尼科娃(Anna Kournikova)命名的病毒,
該病毒設計為讀取使用者Outlook軟體(微軟辦公套件之一,主要用來收發郵件)通訊
錄的所有條目,並將自身傳送到通訊錄的每個郵箱中。
2002年, Gary McKinnon接入了美國軍用網路,並刪除了其中的關鍵檔案,包括有
關武器和其他系統的資訊。
2004年, Adam Botbyl和兩位朋友共謀,竊取了勞氏(Loweʼs)工具連鎖店的信用卡
資訊。
2005年, Cameron Lacroix入侵了大名鼎鼎的帕麗斯 • 希爾頓(Paris Hilton)的電話,
並參與對律商聯訊(LexisNexis,世界知名法律服務提供商)網站的攻擊,該網站是
一個線上公共記錄聚合器,最終導致數千條個人資訊記錄洩露。
2009年,俄羅斯年輕的駭客Kristina Vladimirovna Svechinskaya參與了幾起詐騙美
國和英國一些大型銀行的事件。她使用特洛伊木馬進行攻擊,在美國銀行(Bank of
America)開設了數千個銀行賬戶,透過這些銀行賬戶,她總共可詐騙30億美元。
該事件中一個有趣的花絮是, Svechinskaya女士因為她的美貌而被評為世界上最性
感駭客。提到這一點,是要說明一個事實,即那種生活在地下室的社交困難或一
副書呆子相的駭客形象已一去不復返了。在本案中,這位駭客不僅技能熟練和危
險,而且並不符合對於駭客外貌的那種刻板印象。
2010年至今,駭客組織“匿名者(Anonymous)”攻擊了多個目標,包括地方政府網
絡和新聞機構等。直到今天,該組織依然活躍並進行了數次高調的攻擊。他們曾
將唐納德 • 川普(Donald Trump)和他的2016年總統競選活動列為攻擊目標。
儘管許多攻擊與實施這些攻擊的駭客使得新聞在某種程度上形成了一些定式或形式,
但還有許多並非如此。事實上,許多高價值、複雜和危險的攻擊經常發生,但從未被報
道,更糟的是有的甚至未被發現。在被發現的攻擊中,只有少數駭客會受審,鋃鐺入獄的
更是少之又少。但是,無論是否被抓住,駭客攻擊始終是一種犯罪行為,在一個不斷髮展
的法律體系中將會被起訴。
1.3.3 法律如何分類駭客行為
在過去二十年中,與駭客有關的犯罪行為發生了巨大的變化,下文列出了網路犯罪的
一些寬泛分類:
盜用身份資訊
這是指竊取身份資訊,從而使得某人可以冒用另一方身份達到非法目的。通常,這種
型別的活動是為了獲得經濟利益而進行的,例如開立信用卡或銀行賬戶;或者在極端情況
下進行其他犯罪,例如獲得租賃資產或其他服務。
盜用服務
這包括未經正式或口頭許可使用電話、 Internet或其他類似的服務。屬於此類別犯罪行
為的例子一般是竊取密碼和利用系統漏洞的行為。有趣的是,在某些情況下,僅僅是竊取
密碼等的行為就足以構成犯罪。在某些州,與朋友和家人分享Netflix(著名線上影視服務)
等服務賬戶可能被視為盜用服務而被起訴。
網路入侵或未經授權訪問
這是最古老和常見的攻擊型別之一。以這種型別的攻擊為先導的其他攻擊(例如身份
資訊盜用、盜用服務以及其他無數種可能性)並非聞所未聞。在理論上,任何一次未經授
權的網路訪問都足以被認為是網路入侵,這包括使用Wi-Fi網路或甚至未經許可登入一個
來賓賬戶。
釋出和/或傳播非法材料
在過去十年中,這是一個難以解決和處理的問題。被認定為非法分發的材料包括受版
權保護的材料、盜版軟體和兒童色情內容等。相關技術(如加密、檔案共享服務和保持匿
名等方式)的易於獲得使得這些活動屢禁不止。
欺詐
這是一種使用非法資訊或非法訪問來欺騙另外一方或多方的行為,目的往往是獲取經
濟利益或造成損害。
侵佔
這是一種金融詐騙形式,涉及盜用或挪用資金,是違反重要職位信用的結果。透過使
用現代技術,這項任務變得更加容易。
垃圾收集
這是最古老、最簡單的方法,即獲取和收集已丟棄或留在不安全或無保護容器中的材
料。丟棄的資料往往可以拼接到一起,重建敏感資訊。雖然翻找垃圾本身並不違法,但翻
找私有物業的垃圾卻構成犯罪,可以以入侵犯罪或其他相關罪名起訴。
編寫惡意程式碼
這是指病毒、蠕蟲、間諜軟體、廣告軟體、 rootkit或其他型別的惡意軟體。基本上而
言,這類犯罪包含一類故意編寫用以造成破壞或中斷的軟體。
未經授權銷燬或更改資訊
這包括在未獲取適當許可權的情況下修改、銷燬或篡改資訊。
拒絕服務(DoS)和分散式拒絕服務(DDoS)攻擊
這兩種攻擊方式都是使系統資源超負荷,以致無法向合法使用者提供所需的服務。雖然
目標相同,但DoS和DDoS兩個術語實際上描述了兩種不同形式的攻擊。 DoS攻擊是小規模
的一對一的攻擊;而DDoS攻擊規模更大,其中成千上萬的系統攻擊同一目標。
網路跟蹤
這是在此列舉的犯罪行為中相對較新的一種。這種犯罪的攻擊者使用線上資源或其他
手段來收集個人相關資訊,並使用它來跟蹤該人;同時在某些情況下,試圖在現實生活中
接觸目標。雖然一些州(如加利福尼亞)已經制定了針對網路騷擾犯罪行為的法律,但這類
立法遠不普遍。在許多情況下,由於騷擾者在實施犯罪期間穿越了州界,哪個州或管轄範
圍可以起訴成為一個問題。
網路欺凌
這種行為與網路跟蹤非常類似,區別是在該行為中,個人使用社交媒體和其他技術等
手段來騷擾受害者。雖然此類行為可能看起來不算什麼大事,但據稱它已導致一些人因被
欺凌而自殺。
網路恐怖主義
遺憾的是,當今世界的一個現實是,敵對方已經意識到,傳統武器無法給予他們像發
動網路空間戰那樣的力量。與被派往目標國家相比,透過網路空間從事恐怖主義行為所冒
的真實風險是微不足道的。
為了幫助瞭解網路犯罪的本質,首先要了解犯罪行為必有的三個核心要件,它們分
別是:
實現目標或目的的手段或能力,這本質上意味著具備完成工作所需的技能和能力。
動機,即追求既定目標的原因。
機會,即給定時間內落實威脅所需的空缺或弱點。
正如將在本書中探討的,這些攻擊型別中的許多種類開始時非常簡單,但迅速發展出
越來越多先進的形式。攻擊者迅速地升級了攻擊方法並採用更為先進的戰略,使得攻擊比
以往更加有效。由於他們已經知道如何騷擾和激怒公眾,透過將現代這種“互聯”的生活
方式作為目標,他們也對當今世界帶來了更大的破壞。
隨著智慧手機和社交網路等新技術更加融入日常生活,本書提到的攻擊只會不斷增
長。透過這些裝置和技術收集、跟蹤和處理的資訊量大得驚人。據某些資訊源估計,每隔
三分鐘就會從大多數人身上收集有關定位、應用程式使用、網頁瀏覽和其他資料的資訊。
有著如此之大資訊量的收集,很容易想象出可能發生的資訊濫用場景。
過去十多年來,大量攻擊的背後都由貪慾驅使。駭客們已經意識到,他們的技能現在
不僅僅可以滿足好奇,也可以用來獲得經濟利益。常見的例子之一是在這段時間內出現的
惡意軟體。惡意軟體不僅可以感染系統,而且在許多情況下也可以為其製作者帶來收益。
例如,惡意軟體可以將使用者的瀏覽器重定向到指定網站,目的是讓使用者點選或瀏覽廣告。
1.4  本章小結
本章介紹了滲透測試者是透過使用與惡意駭客相同的技術來調查、評估和測試給定組
織安全性的人。他們的“對手”是指令碼小子、白帽駭客、灰帽駭客、黑帽駭客和網路恐怖
分子。滲透測試的工作是試圖破壞客戶的機密性、完整性和可用性。
此外,還介紹了駭客和滲透測試的演化過程,包括Internet在其中扮演的角色和歷史上
的著名駭客。
1.5  習題
1. 一家公司可以使用哪三種型別的安全控制措施來防禦駭客?
2. 駭客與滲透測試者之間主要有何區別?
3. 滲透測試者都有何別稱?
4. 在討論資訊保安時, CIA三要素代表什麼?
5. 列舉一些網路犯罪的類別。

購買地址:

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26421423/viewspace-2220824/,如需轉載,請註明出處,否則將追究法律責任。

相關文章