滲透測試入門實戰

本書中文簡體字版由 Wiley Publishing, Inc. 授權清華大學出版社出版。未經出版者書面許可，不得以任何
方式復制或抄襲本書內容。
本書封面貼有 Wiley 公司防偽標簽，無標簽者不得銷售。
版權所有，侵權必究。侵權舉報電話： 010-62782989 13701121933
圖書在版編目(CIP)數據
滲透測試入門實戰 / (美)肖恩?飛利浦?奧瑞雅諾(Sean-Philip Oriyano) 著；李博，杜靜，李海莉 譯.
—北京：清華大學出版社， 2018
( 安全技術經典譯叢 )
書名原文 : Penetration Testing Essentials
ISBN 978-7-302-48693-0
Ⅰ. ①滲… Ⅱ. ①肖… ②李… ③杜… ④李… Ⅲ. ①計算機網絡—安全技術 Ⅳ. ①TP393.08
中國版本圖書館 CIP 數據核字(2017)第 270947 號
責任編輯： 王 軍　于　平
封面設計： 牛艷敏 周曉亮
版式設計： 孔祥峰
責任校對： 曹　陽
責任印制： 楊　艷 楊 艷
出版發行： 清華大學出版社
網　　址： http://www.tup.com.cn， http://www.wqbook.com
地　　址： 北京清華大學學研大廈 A 座 郵　　編： 100084
社 總 機： 010-62770175 郵　　購： 010-62786544
投稿與讀者服務： 010-62776969， c-service@tup.tsinghua.edu.cn
質　量　反　饋： 010-62772015， zhiliang@tup.tsinghua.edu.cn
印 刷 者： 北京富博印刷有限公司
裝 訂 者： 北京市密云縣京文制本裝訂廠
經　　銷： 全國新華書店
開　　本： 185mm×260mm 印　　張： 18 字　　數： 404 千字
版　　次： 2018 年 1 月第 1 版 印　　次： 2018 年 1 月第 1 次印刷
印　　數： 1~3000
定　　價： 59.80 元
—————————————————————————————————————————
產品編號： 074947-01
隨著計算機網絡技術的飛速發展并深入到經濟和社會的方方面面，盜用身份、竊取信
息和錢財，甚至進行網絡恐怖攻擊等種種網絡犯罪也隨之粉墨登場、愈演愈烈，從而催生
了日益強烈的安全防護需求，而滲透測試正是查找、分析、展現潛在的安全問題并幫助制
定策略以降低安全風險的最佳手段之一。
滲透測試，又稱“白帽黑客”測試，是出于增強安全性的目的，在得到授權的前提
下，通過利用與惡意攻擊者相同的思路、技術、策略和手段，對給定組織機構的安全問題
進行檢測和評估的過程。通過滲透測試，能夠由“知彼”做到“知己”，發現使用傳統檢
測方法無法發現的攻擊路徑、攻擊方法和技術弱點，從而在安全問題被攻擊者利用之前，
對其未雨綢繆地進行修復。
本書作者Sean-Philip Oriyano是一位專注于安全領域25年的資深專家，同時還是一名
美軍準尉，指揮一支專門從事網絡安全訓練、開發和策略制定的網絡戰分隊，經驗十分豐
富。本書是一本關于滲透測試的入門書籍，適用于具有一定計算機技術基礎、希望更深入
學習滲透測試、在網絡安全領域有所建樹的讀者。本書首先從攻擊者的視角，介紹了滲透
測試的基本概念和方法論，以及情報收集、漏洞掃描、密碼破解、維持訪問、對抗防御措
施、無線網絡與移動設備攻擊、社會工程攻擊等種種滲透測試手段；然后從防御方的角度
闡述了如何加固主機和網絡的防護；最后給出了如何規劃職業發展，建立滲透測試實驗
室，進一步鍛煉滲透測試技能的指南。書中介紹深入淺出，提供了豐富的操作實例和章后
思考題，便于讀者實踐和提高。
本書主要內容由李博、杜靜、李海莉翻譯，參與本書翻譯的還有程若思、韓哲、秦
富童、龐訓龍、孔德強、黃赪東、劉宇、袁學軍、歲賽等。為了完美地翻譯本書，做到
“信、達、雅”，譯者們在翻譯過程中查閱、參考了大量的中英文資料。當然，限于水平
和精力有限，翻譯中的錯誤和不當之處在所難免，我們非常希望得到讀者的積極反饋以利
于更正和改進。
感謝本書的作者們，于字里行間感受到你們的職業精神和專業素養總是那么令人愉
悅；感謝清華大學出版社給予我們從事本書翻譯工作和學習的機會；感謝清華大學出版社
的編輯們，他們為本書的翻譯、校對投入了巨大的熱情并付出了很多心血，沒有他們的幫
助和鼓勵，本書不可能順利付梓。
最后，希望讀者通過閱讀本書能夠早日掌握滲透測試的技術精髓，成為一名“行黑客
手段，顯白帽風范”的安全高手！
譯 者
本書獻給我的父母，他們賦予我成長過程中尤為寶貴的核心價值觀。雖然父親已經離
開了我們，但我仍然能時時處處感受到他的影響，事實上，我有時會感覺自己自豪地開懷
大笑的樣子和從前的他完全一樣。我的母親仍在人世(愿她健康長壽)，我要感謝她支持和
推動我鉆研科學技術，并賦予我對科幻、冷笑話的熱愛以及對正確行事的追求。我愛你們
兩人，這本書首先獻給你們。
我也想把這本書獻給軍隊的戰友，是他們慷慨地給予我就讀候補軍官學校(Officer
Candidate School， OCS)的機會，盡管我并不成熟并且以自我為中心。雖然學校里經歷的
磨難當時令我難以忍受，但它幫助我的生活走上正軌，并認識到自己的能力。它也幫助我
意識到重要的并不是自己，而是那些生活受自己影響的人。我希望閱讀這本書的讀者都能
思考這些問題。 K上校、 A中校、 M上尉、 D上尉、 J上尉和A上尉，我永遠感謝你們對我
耐心、真誠、直接、坦率的評價。 我希望我已經成為一名令你們自豪的準尉。這本書也
是獻給你們的。
我最后還要將這本書獻給我的團隊，你們展示了化腐朽為神奇的能力。在過去的一年
里，你們一直不斷地給我驚喜。你們讓我光鮮亮麗，但我不能自居功勞。我沒有承擔那些
繁重的工作，是你們承擔的；我缺乏即興發揮的能力和創造力，是你們提供的。 E上士、
L上士、 S上士和N準尉，請繼續出類拔萃，贏得榮譽。我還要感謝我的指揮官L中校，他
信賴我的能力，給予我完成這一切的支持。
重復一次，需要感謝的人太多，我真心希望沒有漏掉任何人。
首先，感謝Jim Minatel給予我創作這本書的機會，我期待今后的其他機會。
接下來，我要感謝Kim Wimpsett。你無疑是我沒有因語言和辭不達意的段落顯得愚蠢
的主要原因。我不知道如何表達你在團隊中的價值，我希望未來我的每一個項目都有
你加入。
然后，我希望向美國軍隊的所有人致以謝意，不論你們是誰。雖然可能你們不一定所
有人都能安全回家(當然我真誠地希望都能)，任何人都永遠不會被遺忘。而當我穿上制服
時，不僅是為了工作，也是為了紀念你們的犧牲。
Sean-Philip Oriyano是一位資深安全專業人士和企業家。在過去的25年中，他將時間
分別投入到安全研究、咨詢和提供IT以及網絡安全領域的培訓。此外，他還是一位在數字
和印刷媒體出版方面均有多年經驗的暢銷書作家。在過去十年中， Sean出版了幾本書，并
通過參與電視和廣播節目進一步擴大了他的影響力。到目前為止， Sean已經參加了十幾個
電視節目和廣播節目，討論不同的網絡安全主題和技術。在攝像機前， Sean因其平易近人
的風度而著稱，并因深入淺出地解釋復雜話題的能力廣受好評。
除了從事自己的商業活動，他還是一名準尉，指揮一支專門從事網絡安全訓練、開發
和戰略的分隊。此外，作為一名準尉，他被公認為是其領域的主題專家，經常在需要時被
要求提供專業知識、培訓和指導。
在不工作時， Sean是一位狂熱的障礙賽跑運動員，已經完成了多項賽事，其中包括一
項世界冠軍錦標賽，四次斯巴達三項大滿貫。他還喜歡旅游、健身、 MMA格斗、玩游戲
“銀河戰士”和“塞爾達傳說”。
安全是當今世界受到高度重視的主題之一。由于人們越來越依賴不同形式的技術、隨
身數字產品以及許多其他類型的系統和設備，對這些設備和系統實際安全性究竟如何的關
注與日俱增。為了應對諸如身份盜用、信息竊取、服務中斷、黑客運動甚至恐怖主義等網
絡犯罪的增加，許多公共和私人組織面臨著必須在自己成為網絡犯罪的受害者以及發生訴
訟之前對這些潛在安全性問題進行測試、評估和修復的挑戰。正是為了應對過去、現在和
未來的此類情況，許多組織正在倉促實施或尋求各種安全解決方案。
因此，滲透測試者應運而生，他們背后代表的是查找、分析、呈現和推薦策略以降低
安全事件引起的潛在風險的最佳和最有效手段之一。滲透測試者是那些利用他們對技術及
其漏洞和優勢的深刻理解，應客戶的要求搶在對組織不懷好意者之前定位和評估安全問題
的人。
本書的目標受眾包括那些已經擁有一定技術背景并希望進入滲透測試領域的人。與許
多涵蓋滲透測試主題的其他書籍不同，本書力圖以簡單易懂的方式介紹該主題。本書的目
標是幫助讀者更好地了解滲透測試過程，并通過學習各種滲透測試基礎理論和實踐練習獲
得經驗和知識。
在完成本書之后，你應該能對成為滲透測試者的意義以及成功所需的技能、工具和
通用知識有一個更好的了解。在完成本書并且練習了所學內容后，就掌握了尋求更先進技
術、測試方法和技能所需的工具。
要充分利用本書的價值，需要有一些便利條件。在開始之前，你應該有一臺至少具有
8GB RAM的能夠運行最新版本微軟Windows或Kali Linux的計算機。此外，你應該有能夠
使用的虛擬化軟件，如Oracle的VirtualBox或VMware的產品；選擇使用何種虛擬化軟件取
決于個人喜好和經濟能力。
在你閱讀本書的過程中，將向你介紹用于完成任務的基于硬件和軟件的工具。在章節
和習題中，將給出所選工具的下載鏈接或通過其他方式獲取的方法。 本書涵蓋了廣泛的滲透測試入門主題。下面列出了各章及其關注重點的簡介。
第1章“滲透測試簡介”　該章重點介紹滲透測試的一般原理，以及成功所需的技能
和知識。
第2章“操作系統與網絡簡介”　對操作系統及其所連接網絡的結構有著扎實了解是
滲透測試者所必需的。該章探討兩者的基本原理，以奠定學習的基礎。
第3章“密碼學簡介”　如果沒有加密技術，很多用于防止無意泄露信息的手段將無
法正常工作。另外，如果不了解密碼學，滿足各種法律法規的要求將非常困難。該章介紹
密碼學功能和機制以及如何應用的基礎知識。
第4章“滲透測試方法學綜述”　為了可靠地獲得最完整和最有效的結果，滲透測試
有一套必須遵循的流程和方法。在該章中，將介紹最流行的執行滲透測試的方法。
第5章“情報收集”　滲透測試過程的第一步是收集有關目標的信息。在該章中，將
探討收集信息的各種手段，以及如何將它們集成到整個滲透過程中。
第6章“掃描和枚舉”　一旦收集到關于目標的足夠的情報，即可開始探測并找出可
以提取哪些信息。該章包括如何獲取用戶名、組、安全策略等信息。
第7章“實施漏洞掃描”　想采取一種不同的方法了解目標？ 那么，可以使用手動或
自動漏洞掃描的過程，定位環境中的弱點，以供以后利用。
第8章“破解密碼”　由于密碼是許多環境和應用程序的第一線防御，因此必須在獲
取這些有價值信息的過程中投入一定時間。在枚舉中已經獲得了用戶名，所以可以專注于
收集這些用戶名的密碼。
第9章“使用后門和惡意軟件保持訪問權”　通過調查、探索、突破，現在你已進入
系統。但是，在獲得訪問權并建立這個灘頭陣地后，如何才能保住它？該章要探討的正是
相關內容。
第10章“報告”　記住，你是在根據合同為客戶工作，目標是查找問題并報告你的發
現。在該章中，將介紹報告的一般格式和謀篇布局。
第11章“應對安防和檢測系統”　當然并非所有的系統都是門戶大開，等待滲透的。
事實上，許多系統中會有幾層不同形式的防御，嚴陣以待。在這種情況下，入侵檢測和預
防系統是滲透測試者的死敵，而在該章中將學習如何應對它們。
第12章“隱藏蹤跡與規避檢測”　在犯罪現場留下線索極易導致被抓住和挫敗。在該
章中，將學習如何在事后進行清理，以使除了最堅定的人都無法發現你。
第13章“探測和攻擊無線網絡”　無線網絡普遍存在，因此幾乎在任何你所探索的環
境中都需要應對它。如果這些環境中包括移動設備，就必然會遇到此類網絡，然后即可將
之作為目標。
第14章“移動設備安全”　無論你如何看待移動設備，移動設備都不會就此停下發展 的腳步，而是不斷推出新的形式、功能、外形，并且已成為我們日常生活中的一部分。由
于它們已被整合到商業環境中，并且商業和個人使用之間的界限已經模糊，因此你必須學
習如何應對移動設備。
第15章“進行社會工程攻擊”　在每個系統中都有一個最弱的環節，在許多情況下，
最弱的環節是人類。作為一名滲透測試人員，可以利用你的伶牙俐齒、心理學和巧妙的措
辭，將談話引向那些能夠提供有用信息的話題。
第16章“加固主機系統”　有著各種可用于遲滯或阻止攻擊的對策。最外層防線之一
是經常鎖定或者加固系統，以減少其被破壞的機會。
第17章“加固你的網絡”　與加固主機一樣，具有可用于遲滯或阻止對網絡的攻擊的
對策。刪除非必要協議，應用防火墻和其他機制可以遲滯并挫敗攻擊者。
第18章“規劃職業成功之路”　在該章中，將自己視為一名畢業生。現在你正在尋求
未來在滲透測試領域的發展。該章將提供下一步應如何繼續培養技能的指南。
第19章“建立一個滲透測試實驗室” 一名好的滲透測試者需要在實踐中練習所擁有
的裝備。在該章中，我們將探討如何建立一個可用于實踐和實驗的基礎實驗室。
第1章　滲透測試簡介········································································1
1.1　滲透測試的定義············································································1
1.1.1　滲透測試者的工作內容···································································· 2
1.1.2　識別對手······················································································ 2
1.2　保護機密性、完整性與可用性··························································3
1.3　黑客進化史漫談············································································4
1.3.1 Internet的角色 ··············································································· 5
1.3.2　黑客名人堂(或恥辱柱)····································································· 6
1.3.3　法律如何分類黑客行為···································································· 7
1.4　本章小結·····················································································9
1.5　習題························································································· 10
第2章　操作系統與網絡簡介····························································· 11
2.1　常見操作系統對比······································································· 11
2.1.1　微軟Windows ·············································································· 12
2.1.2 Mac OS······················································································ 13
2.1.3 Linux ························································································ 14
2.1.4 Unix·························································································· 15
2.2　網絡概念初探············································································· 16
2.2.1 OSI模型····················································································· 17
2.2.2 TCP/IP 協議族 ············································································· 19
2.2.3 IP地址······················································································· 20
2.2.4 IP地址的格式·············································································· 22
2.2.5　網絡設備···················································································· 25
2.3　本章小結··················································································· 27
2.4　習題························································································· 27
第3章　密碼學簡介········································································· 29
3.1　認識密碼學的4個目標 ·································································· 29 3.2　加密的歷史················································································ 30
3.3　密碼學常用語············································································· 31
3.4　比較對稱和非對稱加密技術··························································· 32
3.4.1　對稱加密技術·············································································· 32
3.4.2　非對稱(公鑰)加密技術··································································· 34
3.5　通過哈希算法變換數據································································· 36
3.6　一種混合系統：使用數字簽名························································ 37
3.7　使用PKI···················································································· 38
3.7.1　認證證書···················································································· 39
3.7.2　構建公鑰基礎設施(PKI)結構··························································· 40
3.8　本章小結··················································································· 40
3.9　習題························································································· 40
第4章　滲透測試方法學綜述····························································· 43
4.1　確定工作的目標和范圍································································· 43
4.2　選擇要執行的測試類型································································· 45
4.3　通過簽訂合同獲取許可································································· 46
4.3.1　收集情報···················································································· 47
4.3.2　掃描與枚舉················································································· 48
4.3.3　滲透目標···················································································· 49
4.3.4　維持訪問···················································································· 50
4.3.5　隱藏痕跡···················································································· 50
4.3.6　記錄測試結果·············································································· 50
4.3.7　了解EC-Council流程 ····································································· 51
4.4　依法測試··················································································· 52
4.5　本章小結··················································································· 53
4.6　習題························································································· 54
第5章　情報收集············································································ 55
5.1　情報收集簡介············································································· 55
5.1.1　信息分類···················································································· 56
5.1.2　收集方法分類·············································································· 56
5.2　檢查公司網站············································································· 57
5.2.1　離線查看網站·············································································· 58
5.2.2　尋找子域···················································································· 59
5.3　找到不復存在的網站···································································· 60 5.4　用搜索引擎收集信息···································································· 60
5.4.1　利用谷歌進行黑客活動·································································· 61
5.4.2　獲取搜索引擎告警········································································ 61
5.5　使用搜人網站定位員工································································· 62
5.6　發現位置信息············································································· 63
5.7　應用社交網絡············································································· 64
5.8　通過金融服務查找信息································································· 67
5.9　調查職位招聘公告欄···································································· 67
5.10　搜索電子郵件 ··········································································· 68
5.11　提取技術信息 ··········································································· 68
5.12　本章小結 ················································································· 69
5.13　習題 ······················································································· 69
第6章　掃描和枚舉········································································· 71
6.1　掃描簡介··················································································· 71
6.2　檢查存活系統············································································· 72
6.3　執行端口掃描 ············································································ 76
6.3.1　全開掃描(端口掃描)······································································ 78
6.3.2　隱蔽掃描(半開掃描)······································································ 79
6.3.3　圣誕樹掃描················································································· 80
6.3.4 FIN掃描····················································································· 80
6.3.5 NULL掃描·················································································· 81
6.3.6 ACK掃描 ··················································································· 81
6.3.7　分段掃描···················································································· 82
6.3.8 UDP掃描···················································································· 84
6.4　識別操作系統············································································· 84
6.5　漏洞掃描··················································································· 86
6.6　使用代理服務器(即保持低調)························································· 87
6.7　進行枚舉··················································································· 88
6.7.1　有價值的端口·············································································· 88
6.7.2　利用電子郵件ID ·········································································· 89
6.7.3 SMTP枚舉·················································································· 89
6.7.4　常被利用的服務··········································································· 91
6.7.5 NetBIOS ···················································································· 91
6.7.6　空會話······················································································· 93
6.8　本章小結··················································································· 93 6.9　習題························································································· 94
第7章　實施漏洞掃描······································································ 95
7.1　漏洞掃描簡介············································································· 95
7.2　認識漏洞掃描的局限···································································· 96
7.3　漏洞掃描流程概述······································································· 97
7.3.1　對現有設備進行定期評估······························································· 97
7.3.2 評估新的系統············································································· 98
7.3.3 理解掃描目標············································································· 98
7.3.4 緩解風險··················································································· 98
7.4 可執行的掃描類型 ······································································ 99
7.5　本章小結··················································································100
7.6　習題························································································100
第8章　破解密碼·········································································· 101
8.1 識別強密碼···············································································101
8.2　選擇一種密碼破解技術································································102
8.3　實施被動在線攻擊······································································103
8.3.1　網絡嗅探和數據包分析································································· 103
8.3.2　中間人攻擊················································································ 104
8.4　實施主動在線攻擊······································································104
8.4.1　密碼猜測··················································································· 104
8.4.2 　惡意軟件·················································································· 105
8.5　實施離線攻擊············································································105
8.6　使用非技術性方法······································································107
8.6.1　默認密碼··················································································· 107
8.6.2　猜測························································································· 108
8.6.3 使用閃存驅動器竊取密碼······························································ 108
8.7　提升權限··················································································109
8.8　本章小結··················································································110
8.9　習題························································································111
第9章　使用后門和惡意軟件保持訪問權·············································113
9.1 決定如何攻擊···········································································113
9.2 使用PsTools安裝后門 ·································································114 9.3 使用LAN Turtle開啟一個shell·······················································115
9.4 識別各種惡意軟件·····································································116
9.5 啟動病毒·················································································117
9.5.1　病毒的生命周期·········································································· 117
9.5.2　病毒的類型················································································ 119
9.6　啟動蠕蟲··················································································121
9.7　啟動間諜軟件············································································122
9.8　植入木馬··················································································123
9.8.1　使用netcat工作 ··········································································· 124
9.8.2　與netcat通信 ·············································································· 126
9.8.3　使用netcat發送文件 ····································································· 126
9.9　安裝rootkit················································································127
9.10 本章小結 ···············································································127
9.11 習題 ·····················································································128
第10章　報告 ·············································································· 129
10.1　報告測試參數 ··········································································129
10.2　收集信息 ················································································130
10.3　突出重要信息 ··········································································131
10.4　添加支持文檔 ··········································································134
10.5　實施質量保證 ··········································································135
10.6　本章小結 ················································································136
10.7　習題 ······················································································136
第11章　應對安防和檢測系統 ························································· 137
11.1　檢測入侵 ················································································137
11.1.1　基于網絡的入侵檢測································································· 137
11.1.2　網絡檢測引擎的分類································································· 139
11.1.3　基于主機的入侵檢測································································· 140
11.1.4　入侵防御系統·········································································· 140
11.2　識別入侵痕跡 ··········································································141
11.2.1　主機系統入侵·········································································· 141
11.2.2　統一威脅管理·········································································· 142
11.2.3　網絡入侵的指標······································································· 142
11.2.4　入侵的模糊跡象······································································· 143 11.3　規避IDS ·················································································143
11.3.1　以IDS為目標··········································································· 144
11.3.2　混淆······················································································ 144
11.3.3　利用隱蔽通道·········································································· 145
11.3.4　“狼來了” ············································································· 145
11.3.5　通過加密進行規避···································································· 146
11.4　攻破防火墻 ·············································································146
11.4.1　防火墻配置············································································· 147
11.4.2　防火墻的類型·········································································· 148
11.4.3　了解目標················································································ 148
11.4.4　防火墻上“蹈火” ···································································· 149
11.5　使用蜜罐：披著羊皮的狼 ···························································151
11.5.1　檢測蜜罐················································································ 152
11.5.2　蜜罐的問題············································································· 152
11.6　本章小結 ················································································153
11.7　習題 ······················································································153
第12章　隱藏蹤跡與規避檢測 ························································· 155
12.1　認識規避動機 ··········································································155
12.2　清除日志文件 ··········································································156
12.2.1　禁用Windows中的日志記錄過程 ·················································· 157
12.2.2　刪除日志文件中的事件······························································ 158
12.2.3　清除Linux計算機上的事件日志 ··················································· 160
12.2.4　擦除命令歷史·········································································· 160
12.3　隱藏文件 ················································································161
12.3.1　使用備用數據流(NTFS)隱藏文件 ················································· 161
12.3.2　用隱寫術隱藏文件···································································· 163
12.4　規避防病毒軟件檢測 ·································································166
12.5　通過后門規避防御 ····································································168
12.6　使用rootkit進行規避 ··································································169
12.7　本章小結 ················································································170
12.8　習題 ······················································································170
第13章　探測和攻擊無線網絡 ························································· 171
13.1　無線網絡簡介 ··········································································171 13.1.1　認識無線網絡標準···································································· 172
13.1.2　比較5GHz和2.4GHz無線網絡 ······················································ 173
13.1.3　識別無線網絡的組件································································· 174
13.1.4 Wi-Fi認證模式········································································· 177
13.2　攻破無線加密技術 ····································································178
13.2.1　破解WEP ··············································································· 178
13.2.2　從WEP轉換到WPA··································································· 179
13.2.3　破解WPA和WPA2 ···································································· 180
13.2.4　了解無線部署選項···································································· 181
13.2.5　防護WEP和WPA攻擊································································ 183
13.3　進行Wardriving 攻擊··································································183
13.4　進行其他類型的攻擊 ·································································185
13.5　選擇攻擊無線網絡的工具 ···························································186
13.5.1　選擇實用程序·········································································· 187
13.5.2　選擇合適的無線網卡································································· 187
13.6　破解藍牙 ················································································189
13.6.1　藍牙攻擊的類型······································································· 190
13.6.2　關于藍牙的注意事項································································· 191
13.7　物聯網黑客技術 ·······································································192
13.8　本章小結 ················································································192
13.9　習題 ······················································································193
第14章　移動設備安全 ·································································· 195
14.1　認識當今的移動設備 ·································································195
14.1.1　移動操作系統的版本和類型························································ 196
14.1.2　移動設備面臨的威脅································································· 197
14.1.3　移動安全的目標······································································· 197
14.2　使用Android操作系統 ································································199
14.2.1 Android系統的root操作······························································ 200
14.2.2　在沙箱中操作·········································································· 200
14.2.3　搭建定制的Android系統····························································· 202
14.3　使用蘋果iOS ···········································································203
14.4　查找移動設備中的安全漏洞 ························································204
14.4.1　破解移動密碼·········································································· 204
14.4.2　尋找不受保護的網絡································································· 205
14.5　有關自帶設備 ··········································································205 14.6　選擇測試移動設備的工具 ···························································206
14.7　本章小結 ················································································207
14.8　習題 ······················································································207
第15章　進行社會工程攻擊 ···························································· 209
15.1　社會工程導論 ··········································································209
15.2　利用人性 ················································································210
15.3　像社會工程攻擊者那樣行動 ························································211
15.4　選擇特定的受害者 ····································································212
15.5　利用社交網絡 ··········································································213
15.6　實現更安全的社交網絡 ······························································213
15.7　本章小結 ················································································214
15.8　習題 ······················································································215
第16章　加固主機系統 ·································································· 217
16.1　加固簡介 ················································································217
16.2　防御三原則 ·············································································218
16.2.1　采取縱深防御的方法································································· 218
16.2.2　貫徹隱式拒絕原則···································································· 219
16.2.3　貫徹最小權限原則···································································· 220
16.3　建立安全基線 ··········································································221
16.4　使用組策略進行加固 ·································································222
16.5　桌面系統安全加固 ····································································223
16.5.1　管理補丁················································································ 224
16.5.2　增強密碼················································································ 227
16.5.3 　謹慎安裝軟件········································································· 228
16.5.4　使用防病毒軟件包···································································· 229
16.6　備份系統 ················································································229
16.7　本章小結 ················································································230
16.8　習題 ·····················································································231
第17章　加固你的網絡 ·································································· 233
17.1　網絡加固簡介 ··········································································233
17.2　入侵檢測系統 ··········································································234
17.2.1 IDS原理綜述··········································································· 234 17.2.2 HIDS的組件············································································ 235
17.2.3 IDS的局限性··········································································· 235
17.2.4　調查事件················································································ 236
17.3　防火墻 ···················································································236
17.3.1　防火墻的原理·········································································· 237
17.3.2　防火墻的局限性······································································· 238
17.3.3　實現防火墻············································································· 239
17.3.4　制定防火墻策略······································································· 240
17.3.5　網絡連接策略·········································································· 240
17.4　物理安全控制項 ·······································································241
17.5　本章小結 ················································································242
17.6　習題 ······················································································242
第18章　規劃職業成功之路 ···························································· 243
18.1　選擇職業發展路線 ····································································243
18.2　建立資料庫 ·············································································245
18.3　練習寫作技術文章 ····································································246
18.4　展示你的技能 ··········································································246
18.5　本章小結 ················································································247
18.6　習題 ······················································································247
第19章　建立一個滲透測試實驗室 ··················································· 249
19.1　決定建立實驗室 ·······································································249
19.2　考慮虛擬化 ·············································································250
19.2.1　虛擬化的優點·········································································· 251
19.2.2　虛擬化的缺點·········································································· 252
19.3　開始行動，以及所需資源 ··························································252
19.4　安裝軟件 ················································································253
19.5　本章小結 ················································································254
19.6　習題 ······················································································255
附錄　習題答案············································································ 257 你已決定成為一名滲透測試者(通常被稱為pentester)，但還不知如何入手？本書將幫
助你了解成為滲透測試者的意義，以及這一角色需要具備的技術和擔負的道義責任。你將
獲得在滲透和實踐安全領域取得成功所必備的技能。
具體而言，你將接觸到多種正在用于黑客攻防第一線的方法；同時，還將接觸到可用
于滲透測試中以獲取信息或建立用于發起更高級攻擊的支撐點的種種技術。
另外，了解攻擊者的動機有助于掌握攻擊范圍甚至知曉攻擊細節。事實上，需要站在
攻擊者的角度以理解他們發起攻擊的原因，繼而利用這種經驗來測試客戶的網絡。
本章將學習：
滲透測試的定義及滲透測試者的工作內容
為何要保護機密性、完整性和可用性
回顧黑客和滲透測試的歷史
　滲透測試的定義
在當今世界中，由于各類組織不得不更為認真地審視其安全態勢及改善方法，滲透測
試者變得更為重要。諸如零售巨頭塔吉特(Target)百貨以及娛樂巨頭索尼(Sony)公司遭受的
攻擊等一些重大安全事件，引發了人們對于訓練有素、技能豐富，能夠了解系統弱點并能
予以定位的安全專家的需求的關注。通過采取一套綜合了技術、行政和物理手段的程序，
許多組織機構已經學會抵御他們系統中的漏洞。
技術手段包含運用虛擬專用網(Virtual Private Network， VPN)、加密協議、入侵
檢測系統(Intrusion Detection System， IDS)、入侵防御系統(Intrusion Prevention
System， IPS)、訪問控制列表(Access Control List， ACL)、生物識別技術、智能卡
技術以及其他有助于提高安全性的裝置。
行政手段包含運用政策、規程以及其他在過去的十年間應用和加強的規則。
物理手段包含運用諸如電纜鎖、設備鎖、報警系統和其他類似設備。
作為一名滲透測試者，必須為測試包含上述一種或多種技術的各類環境以及幾乎數不
勝數的其他情況做好準備。那么，滲透測試者到底承擔了什么角色？ 滲透測試者通常由組織機構以內部員工或外部實體(例如按職位或按項目的承包商)的
形式雇傭。不管采取何種雇傭形式，滲透測試者都要開展滲透測試：利用與惡意攻擊者相
同的技術、策略和手段，對給定組織結構的安全性進行調查、評估和測試。滲透測試者與
惡意攻擊者的主要不同在于目的以及是否獲得所評估系統的所有者的法律許可。此外，滲
透測試者不得向除客戶指定人員之外的任何人透露測試結果。為保證雙方權益，雇用者通
常會與滲透測試者簽署一份保密協議(Nondisclosure Agreement， NDA)。這么做既可以保
護公司的財產，又可允許滲透測試者訪問內部資源。最終，滲透測試者根據合同為公司服
務，而合同規定了哪些行為是違規的以及在測試結束時滲透測試者需要提交哪些內容。合
同的所有細節取決于組織機構的具體需求。
其他一些術語也常用于稱呼滲透測試者：滲透測試人員、道德黑客和白帽黑客。所有
這些術語都是正確的，它們描述的是同一類人員(盡管在某些場合有的人可能會就這些明
顯的近義詞展開爭論)。通常情況下，最常用的是滲透測試者。不過國際電子商務顧問局
(EC-Council)在它自己的證書“道德黑客認證(Certified Ethical Hacker)”中使用的是“道德
黑客”這一稱呼。
在某些場合，“什么人才算是黑客”一直是一個熱議
話題。幾年來，筆者曾就“黑客”這一術語是褒是貶參與過
許多有趣的討論。許多黑客壞事做盡、百無一益，電影、電
視、書籍及其他媒體上也往往正是這樣描寫他們的。然而，
黑客也發生了進化，這一術語不再只指那些從事犯罪的人。
事實上，許多黑客已經表明，盡管他們具備犯罪和毀滅的能
力，但他們更有興趣的是與客戶和他人交流以幫助他們提高
安全性或進行相應研究。
在現實世界中，可以對黑客分門別類，以區分他們的技能和意圖。
腳本小子　　此類黑客只獲得了有限的訓練或完全未經訓練，只知道如何使用基本的
工具或技術。他們甚至可能完全不理解自己正在做什么。
白帽黑客　此類黑客按照攻擊團隊的方式思考，但為好人服務。一般認為他們的特征
是，有著一套通常被視為道德規范的“不造成任何損害”的原則。這個群體也被稱為滲透
測試者。
灰帽黑客　此類黑客游走在黑白兩道之間，現已決定改弦更張，棄惡從善。但即使已
改過自新，仍不能完全信任他們。另外，在現代安全界，這類人員也會發現并利用漏洞，
而后將結果提供給供應商，可能免費，也可能換取某種形式的報酬。
為保險起見，不想造
成困擾的專業人士應避免
使用“黑客”一詞，以免
引起客戶可能的恐慌。
“滲透測試者”這一術語
應是首選。 黑帽黑客 此類黑客是違反法律的惡徒。他們的行動可能有一定的計劃，也可能毫
無規律可言。在大多數情況下，黑帽黑客的做法和徹頭徹尾的犯罪行為之間并沒有太大
區別。
網絡恐怖分子 網絡恐怖分子是一種新形式的攻擊者，他們試圖摧毀目標而不考慮隱
藏身份。本質上他們是為證明某個觀點，而并不擔心被捕或入獄。
　保護機密性、完整性與可用性
任何有安全意識的組織都在努力維護CIA安全三要素，即機密性(confidentiality)、完
整性(integrity)和可用性(availability)這三個核心原則。以下列表描述了其核心概念。在履
行滲透測試任務和職責時應牢記這些概念。
機密性 這是指對信息的保護，使其免遭非授權者獲取。用于保護機密性的控制措施
是權限和加密。
完整性 這是指將信息保持為一種可保留其原始意圖的格式，即接收者打開的數據與
創建者意圖創建的數據相同。
可用性 這是指保證信息和資源對需要它們者可用。簡而言之，無論信息或資源多么
安全，如果不能在需要時就緒并且可用，它們將毫無用處。
在進行系統安全性評估和規劃時， CIA準則即使不是最重要的保障目標，也是最重要
的目標之一。在瞄準一個系統后，攻擊者便會嘗試破壞或擾亂這些目標。 CIA安全三要素
的相輔相成關系如圖1.1所示 。

為何CIA安全三要素如此重要？考慮一下，如果投資公司或國防承包商遭受了被某個
惡意團體泄密的事件，會產生怎樣的后果？結果將是災難性的，更不用提它可能會使組織
面臨嚴重的民事甚至刑事風險。作為一個滲透測試者，要做的就是努力在客戶的環境中發 現破壞CIA準則的漏洞并搞清楚其機理，而另一種分析該問題的角度是使用一種本書稱為
反CIA準則(見圖1.2)的工具。

不當泄露 這是指由于疏忽、事故或惡意，導致信息或資源向外泄露或得以訪問。簡
而言之，如果不是有權訪問對象的人，那么永遠不應訪問到它。
未授權修改 它是完整性的對立面，是指未經授權或其他形式的信息修改。這種修改
可能是由于錯誤、意外訪問或者主觀惡意造成的。
中斷(亦稱損失) 這是指失去對信息或資源的訪問，而本不應該這樣。本質上，當需
要時而不在其處的信息就是無用的。雖然信息或其他資源不可能100％可用，但某些組織
花費時間和金錢來獲得99.999％的正常運行時間，這相當于平均每年只有約6分鐘的停機
時間。
　黑客進化史漫談
滲透測試者的角色常常成為IT安全行業中易被誤解的職位之一。為了了解這個角色，
首先需要回顧一下滲透測試者的前身(即黑客)的進化史。
“黑客”一詞已有很長歷史，其源頭可以追溯到五十余年前(20世紀60年代)的那些技
術狂人。這些人和今天的黑客不一樣，他們只不過是對新技術有好奇心和熱情，并花時間
探索早期系統內在機理和局限性的人。早期，這些黑客會尋找目標系統，并嘗試通過發掘
系統的新功能或發現對當時技術而言未公開或未知的秘密來挑戰極限。雖然技術已經取得
了長足的進步，但這些早期黑客的理念卻一直得以延續。
黑客一詞在技術行業中具有雙重意義，它既可以描述軟件程序員，也可以描述那些未
經許可侵入計算機和網絡的人。前者的含義更為正面，而后者則帶有貶義。凡涉及計算機 或其他相關技術時，必使用黑客一詞的新聞媒體使其含義更加混亂。基本上，新聞媒體、
電影和電視節目會把任何改變技術或具有高水平知識的人稱為黑客。
回顧這些早期的技術愛好者時，可以發現他們有一個共同的特點，那就是對新技術
的好奇心和對學習新事物的渴望。最初的黑客們的好奇心是由院校或企業中的大型機激
發的。而隨著時間的推移，個人電腦(PC)引起了他們的注意，因為它是一項全新的、光芒
四射的技術，有待探索、解析和利用。事實上，早期PC機(的普及)使得相比之前的短暫年
代，能夠有更多的人繼承技術愛好者和黑客的衣缽。 20世紀90年代， Internet使得黑客能夠
比以往任何時候都更加容易地廣泛傳播他們的活動，這對他們形成了不可抗拒的誘惑。現
在，在2016年之后的今天，我們比以前任何時候都有更多(被入侵)的可能。 Wi-Fi、藍牙、
平板電腦和智能手機以及其他許多技術的爆炸式增長進一步增加了混亂，以及可被黑客入
侵攻擊的設備的數量。隨著技術的發展，黑客也在進步，他們不斷增強的技術能力和創造
力導致攻擊也在不斷進化。
由于消費類產品并不像注重產品功能那么重視安全，因此攻擊也變得更加容易。說到
底，通常發布新產品(如平板電腦、 PC或其他產品)的制造商往往側重于產品的功能，而不
關注產品是否安全。盡管近幾年來這種趨勢可能有所改變，一些供應商比過去更加注重產
品安全，但別高興得太早，許多產品在默認情況下仍然存在漏洞。
Internet向公眾開放后不久，黑客更加多產，也更加危險。起初在Internet上進行的許
多攻擊都是惡作劇式的，如篡改網頁或類似的行為。雖然最初Internet上的這些攻擊本質上
可能是惡作劇，但后來的攻擊惡劣程度要嚴重得多。
事實上， 2000年以來，發生的攻擊事件越來越復雜，攻擊性越來越強，公開化程度也
越來越高。一個例子是2014年8月蘋果公司云數據服務iCloud的大規模數據泄露，導致數
百位名人的各種親密照片被公之于眾。遺憾的是，蘋果公司的客戶條款使得客戶并不能追
究其數據泄露和其他問題的責任。迄今為止，該攻擊事件已導致多起因照片被盜而提起的
訴訟，同時也給蘋果公司帶來了大量負面公眾影響。由于數據泄露而被盜的照片現在可在
Internet上隨意找到，并且以野火燎原之勢傳播，這給照片上的人帶來了極大的困擾。
惡意黑客造成損害的另一個例子是發生在2014年9月的塔吉特公司數據泄露事件。該
事件造成約5600萬個信用卡賬戶泄露。這一數據外泄事件距上一次廣為人知的塔吉特公司
數據泄露事件還不到一年時間，而上次事件導致4000萬客戶賬戶的泄露。
最后一個例子來自美國政府于2016年3月提供的信息。據透露，截至2015年3月的18
個月期間，已經報告了對奧巴馬醫改網站316個不同嚴重程度的網絡安全事件。數以百萬
計的美國人使用該網站搜索和獲取醫療保健信息，除了12個州和華盛頓特區外的所有地區
都使用它。雖然對這些事件的全面分析表明尚未泄露任何個人信息，如社保賬號或家庭住
址，但它確實表明該網站可能被視為竊取此類信息的有效目標。令人有些擔憂的是，事實 上(該網站)現在還存在著許多其他嚴重的安全問題，如未打補丁的系統和集成度不佳的系
統等(容易被黑客利用)。
所有這些攻擊都是正在發生的并且對公眾造成傷害的惡意攻擊的例子。
許多因素促成了黑客和網絡犯罪的增加，其中Internet上可用的海量數據以及新技術
和數碼產品的擴散是兩大首要原因。 自2000年以來，越來越多的便攜式設備出現在市場
上，且功能和性能均穩步增長。 智能手機、平板電腦以及可穿戴計算和類似產品已經變
得高度開放，易于聯網，可讓人們輕松共享信息。 此外，請注意可連接Internet設備的巨
大數量，例如智能手機、平板電腦和其他隨身攜帶的數碼產品數量。 上述所有例子都引
起了犯罪分子的關注，其中許多人有著竊取金錢、數據和其他資源的動機。
許多發生在過去十幾年中的攻擊已不再由以往那類好奇黑客發動，而是其他群體。涉
及其中的群體包括那些有政治動機的團體、激進組織和罪犯。雖然很多網絡攻擊仍然由好
奇者或惡作劇人士發動，但是這些更具惡意動機的攻擊往往更易被曝光并產生極大影響。
許多黑客和罪犯選擇隱藏在假名之后，在很多案件中，他們一直逍遙法外，但這并不
意味著沒有一些知名的黑客人物和事件。下面是一些歷史上著名的黑客：
1988年，康奈爾大學的學生Robert T. Morris, Jr.制作了被認為是首個Internet蠕蟲的
病毒。由于對蠕蟲設計的疏忽，該病毒進行了極快的無差別復制，導致廣泛的速
度下降，影響了整個Internet。
1994年， Kevin Lee Poulsen使用假名“黑暗但丁(Dark Dante)”接管了位于洛杉磯
的KIIS-FM廣播電臺的所有電話線路，以確保他成為第102位來電者，贏得一輛保
時捷944 S2跑車。 Poulsen在出獄后由于成為第一個被禁止使用Internet的人而聲名
鵲起(盡管該禁令只是一個有期處罰)。該事件的一個花絮是， Poulsen現在是美國
《連線》雜志的編輯。
1999年， David L. Smith制造了“梅利莎(Melissa)”病毒，該病毒設計為通過發送
電子郵件入侵用戶地址簿，而后刪除受感染系統上的文件。
2001年， Jan de Wit制造了以網壇美女庫爾尼科娃(Anna Kournikova)命名的病毒，
該病毒設計為讀取用戶Outlook軟件(微軟辦公套件之一，主要用來收發郵件)通訊
錄的所有條目，并將自身發送到通訊錄的每個郵箱中。
2002年， Gary McKinnon接入了美國軍用網絡，并刪除了其中的關鍵文件，包括有
關武器和其他系統的信息。
2004年， Adam Botbyl和兩位朋友共謀，竊取了勞氏(Lowe?s)工具連鎖店的信用卡
信息。
2005年， Cameron Lacroix入侵了大名鼎鼎的帕麗斯 ? 希爾頓(Paris Hilton)的電話，
并參與對律商聯訊(LexisNexis，世界知名法律服務提供商)網站的攻擊，該網站是 一個在線公共記錄聚合器，最終導致數千條個人信息記錄泄露。
2009年，俄羅斯年輕的黑客Kristina Vladimirovna Svechinskaya參與了幾起詐騙美
國和英國一些大型銀行的事件。她使用特洛伊木馬進行攻擊，在美國銀行(Bank of
America)開設了數千個銀行賬戶，通過這些銀行賬戶，她總共可詐騙30億美元。
該事件中一個有趣的花絮是， Svechinskaya女士因為她的美貌而被評為世界上最性
感黑客。提到這一點，是要說明一個事實，即那種生活在地下室的社交困難或一
副書呆子相的黑客形象已一去不復返了。在本案中，這位黑客不僅技能熟練和危
險，而且并不符合對于黑客外貌的那種刻板印象。
2010年至今，黑客組織“匿名者(Anonymous)”攻擊了多個目標，包括地方政府網
絡和新聞機構等。直到今天，該組織依然活躍并進行了數次高調的攻擊。他們曾
將唐納德 ? 特朗普(Donald Trump)和他的2016年總統競選活動列為攻擊目標。
盡管許多攻擊與實施這些攻擊的黑客使得新聞在某種程度上形成了一些定式或形式，
但還有許多并非如此。事實上，許多高價值、復雜和危險的攻擊經常發生，但從未被報
道，更糟的是有的甚至未被發現。在被發現的攻擊中，只有少數黑客會受審，鋃鐺入獄的
更是少之又少。但是，無論是否被抓住，黑客攻擊始終是一種犯罪行為，在一個不斷發展
的法律體系中將會被起訴。
在過去二十年中，與黑客有關的犯罪行為發生了巨大的變化，下文列出了網絡犯罪的
一些寬泛分類：
盜用身份信息
這是指竊取身份信息，從而使得某人可以冒用另一方身份達到非法目的。通常，這種
類型的活動是為了獲得經濟利益而進行的，例如開立信用卡或銀行賬戶；或者在極端情況
下進行其他犯罪，例如獲得租賃資產或其他服務。
盜用服務
這包括未經正式或口頭許可使用電話、 Internet或其他類似的服務。屬于此類別犯罪行
為的例子一般是竊取密碼和利用系統漏洞的行為。有趣的是，在某些情況下，僅僅是竊取
密碼等的行為就足以構成犯罪。在某些州，與朋友和家人分享Netflix(著名在線影視服務)
等服務賬戶可能被視為盜用服務而被起訴。
網絡入侵或未經授權訪問
這是最古老和常見的攻擊類型之一。以這種類型的攻擊為先導的其他攻擊(例如身份
信息盜用、盜用服務以及其他無數種可能性)并非聞所未聞。在理論上，任何一次未經授
權的網絡訪問都足以被認為是網絡入侵，這包括使用Wi-Fi網絡或甚至未經許可登錄一個 來賓賬戶。
發布和/或傳播非法材料
在過去十年中，這是一個難以解決和處理的問題。被認定為非法分發的材料包括受版
權保護的材料、盜版軟件和兒童色情內容等。相關技術(如加密、文件共享服務和保持匿
名等方式)的易于獲得使得這些活動屢禁不止。
欺詐
這是一種使用非法信息或非法訪問來欺騙另外一方或多方的行為，目的往往是獲取經
濟利益或造成損害。
侵占
這是一種金融詐騙形式，涉及盜用或挪用資金，是違反重要職位信用的結果。通過使
用現代技術，這項任務變得更加容易。
垃圾收集
這是最古老、最簡單的方法，即獲取和收集已丟棄或留在不安全或無保護容器中的材
料。丟棄的數據往往可以拼接到一起，重建敏感信息。雖然翻找垃圾本身并不違法，但翻
找私有物業的垃圾卻構成犯罪，可以以入侵犯罪或其他相關罪名起訴。
編寫惡意代碼
這是指病毒、蠕蟲、間諜軟件、廣告軟件、 rootkit或其他類型的惡意軟件。基本上而
言，這類犯罪包含一類故意編寫用以造成破壞或中斷的軟件。
未經授權銷毀或更改信息
這包括在未獲取適當權限的情況下修改、銷毀或篡改信息。
拒絕服務(DoS)和分布式拒絕服務(DDoS)攻擊
這兩種攻擊方式都是使系統資源超負荷，以致無法向合法用戶提供所需的服務。雖然
目標相同，但DoS和DDoS兩個術語實際上描述了兩種不同形式的攻擊。 DoS攻擊是小規模
的一對一的攻擊；而DDoS攻擊規模更大，其中成千上萬的系統攻擊同一目標。
網絡跟蹤
這是在此列舉的犯罪行為中相對較新的一種。這種犯罪的攻擊者使用在線資源或其他
手段來收集個人相關信息，并使用它來跟蹤該人；同時在某些情況下，試圖在現實生活中
接觸目標。雖然一些州(如加利福尼亞)已經制定了針對網絡騷擾犯罪行為的法律，但這類
立法遠不普遍。在許多情況下，由于騷擾者在實施犯罪期間穿越了州界，哪個州或管轄范
圍可以起訴成為一個問題。 網絡欺凌
這種行為與網絡跟蹤非常類似，區別是在該行為中，個人使用社交媒體和其他技術等
手段來騷擾受害者。雖然此類行為可能看起來不算什么大事，但據稱它已導致一些人因被
欺凌而自殺。
網絡恐怖主義
遺憾的是，當今世界的一個現實是，敵對方已經意識到，傳統武器無法給予他們像發
動網絡空間戰那樣的力量。與被派往目標國家相比，通過網絡空間從事恐怖主義行為所冒
的真實風險是微不足道的。
為了幫助了解網絡犯罪的本質，首先要了解犯罪行為必有的三個核心要件，它們分
別是：
實現目標或目的的手段或能力，這本質上意味著具備完成工作所需的技能和能力。
動機，即追求既定目標的原因。
機會，即給定時間內落實威脅所需的空缺或弱點。
正如將在本書中探討的，這些攻擊類型中的許多種類開始時非常簡單，但迅速發展出
越來越多先進的形式。攻擊者迅速地升級了攻擊方法并采用更為先進的戰略，使得攻擊比
以往更加有效。由于他們已經知道如何騷擾和激怒公眾，通過將現代這種“互聯”的生活
方式作為目標，他們也對當今世界帶來了更大的破壞。
隨著智能手機和社交網絡等新技術更加融入日常生活，本書提到的攻擊只會不斷增
長。通過這些設備和技術收集、跟蹤和處理的信息量大得驚人。據某些信息源估計，每隔
三分鐘就會從大多數人身上收集有關定位、應用程序使用、網頁瀏覽和其他數據的信息。
有著如此之大信息量的收集，很容易想象出可能發生的信息濫用場景。
過去十多年來，大量攻擊的背后都由貪欲驅使。黑客們已經意識到，他們的技能現在
不僅僅可以滿足好奇，也可以用來獲得經濟利益。常見的例子之一是在這段時間內出現的
惡意軟件。惡意軟件不僅可以感染系統，而且在許多情況下也可以為其制作者帶來收益。
例如，惡意軟件可以將用戶的瀏覽器重定向到指定網站，目的是讓用戶點擊或瀏覽廣告。
　本章小結
本章介紹了滲透測試者是通過使用與惡意黑客相同的技術來調查、評估和測試給定組
織安全性的人。他們的“對手”是腳本小子、白帽黑客、灰帽黑客、黑帽黑客和網絡恐怖
分子。滲透測試的工作是試圖破壞客戶的機密性、完整性和可用性。
此外，還介紹了黑客和滲透測試的演化過程，包括Internet在其中扮演的角色和歷史上
的著名黑客。 　習題
1. 一家公司可以使用哪三種類型的安全控制措施來防御黑客？
2. 黑客與滲透測試者之間主要有何區別？
3. 滲透測試者都有何別稱？
4. 在討論信息安全時， CIA三要素代表什么？
5. 列舉一些網絡犯罪的類別。

購買地址：

https://item.jd.com/12286400.html