Full download ebooks at ebookmeta.

com

Ethical Hacking Techniques Tools and

Countermeasures Michael G. Solomon

https://ebookmeta.com/product/ethical-hacking-techniques-
tools-and-countermeasures-michael-g-solomon/

OR CLICK BUTTON

DOWLOAD NOW

Download more ebook from https://ebookmeta.com

More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Ethical Hacking Techniques and Countermeasures for

Cybercrime Prevention First Edition Nabie Y. Conteh

https://ebookmeta.com/product/ethical-hacking-techniques-and-
countermeasures-for-cybercrime-prevention-first-edition-nabie-y-
conteh/

Ethereum for Dummies Michael G Solomon

https://ebookmeta.com/product/ethereum-for-dummies-michael-g-
solomon/

Python Penetration Testing Essentials Techniques for

ethical hacking with Python 2nd Edition Mohit

https://ebookmeta.com/product/python-penetration-testing-
essentials-techniques-for-ethical-hacking-with-python-2nd-
edition-mohit/

Fundamentals of Information Systems Security 4th

Edition David Kim & Michael G. Solomon

https://ebookmeta.com/product/fundamentals-of-information-
systems-security-4th-edition-david-kim-michael-g-solomon/
Ethical Hacking A Comprehensive Beginner s Guide to
Learn and Understand the Concept of Ethical Hacking
2023 1st Edition Joe Grant

https://ebookmeta.com/product/ethical-hacking-a-comprehensive-
beginner-s-guide-to-learn-and-understand-the-concept-of-ethical-
hacking-2023-1st-edition-joe-grant/

Global health Ethical challenges 2nd Edition Solomon

Benatar

https://ebookmeta.com/product/global-health-ethical-
challenges-2nd-edition-solomon-benatar/

Beginning Ethical Hacking with Python 1st Edition

Sanjib Sinha

https://ebookmeta.com/product/beginning-ethical-hacking-with-
python-1st-edition-sanjib-sinha/

Coping Skills Tools Techniques for Every Stressful

Situation 2nd Edition Faith G Harper

https://ebookmeta.com/product/coping-skills-tools-techniques-for-
every-stressful-situation-2nd-edition-faith-g-harper/

Certified Ethical Hacker (CEH) Preparation Guide:

Lesson-Based Review of Ethical Hacking and Penetration
Testing 1st Edition Ahmed Sheikh

https://ebookmeta.com/product/certified-ethical-hacker-ceh-
preparation-guide-lesson-based-review-of-ethical-hacking-and-
penetration-testing-1st-edition-ahmed-sheikh-2/
World Headquarters
Jones & Bartlett Learning
25 Mall Road
Burlington, MA 01803
978-443-5000
[email protected]
www.jblearning.com
Jones & Bartlett Learning books and products are available through most
bookstores and online booksellers. To contact Jones & Bartlett Learning directly,
call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning

publications are available to corporations, professional associations, and other
qualified organizations. For details and specific discount information, contact the
special sales department at Jones & Bartlett Learning via the above contact
information or send an email to [email protected].

Copyright © 2024 by Jones & Bartlett Learning, LLC, an Ascend Learning

Company
All rights reserved. No part of the material protected by this copyright may be
reproduced or utilized in any form, electronic or mechanical, including
photocopying, recording, or by any information storage and retrieval system,
without written permission from the copyright owner.
The content, statements, views, and opinions herein are the sole expression of the
respective authors and not that of Jones & Bartlett Learning, LLC. Reference
herein to any specific commercial product, process, or service by trade name,
trademark, manufacturer, or otherwise does not constitute or imply its
endorsement or recommendation by Jones & Bartlett Learning, LLC and such
reference shall not be used for advertising or product endorsement purposes. All
trademarks displayed are the trademarks of the parties noted herein. Ethical
Hacking: Techniques, Tools, and Countermeasures, Fourth Edition is an
independent publication and has not been authorized, sponsored, or otherwise
approved by the owners of the trademarks or service marks referenced in this
product.
There may be images in this book that feature models; these models do not
necessarily endorse, represent, or participate in the activities represented in the
images. Any screenshots in this product are for educational and instructive
purposes only. Any individuals and scenarios featured in the case studies
throughout this product may be real or fictitious but are used for instructional
purposes only.
24911-8
Production Credits
Vice President, Product Management: Marisa R. Urbano
Vice President, Content Strategy and Implementation: Christine Emerton
Director, Product Management: Ray Chew
Product Owner, Labs: Garret Donaldson
Director, Content Management: Donna Gridley
Manager, Content Strategy: Carolyn Pershouse
Content Strategist: Melissa Duffy
Content Coordinator: Mark Restuccia
Director, Project Management and Content Services: Karen Scott
Manager, Program Management: Kristen Rogers
Program Manager: Kathryn Leeber
Senior Digital Project Specialist: Angela Dooley
Director, Marketing: Andrea DeFronzo
Marketing Manager: Mark Adamiak
Content Services Manager: Colleen Lamy
Vice President, Manufacturing and Inventory Control: Therese Connell
Product Fulfillment Manager: Wendy Kilborn
Composition: Straive
Cover Design: Briana Yates
Media Development Editor: Faith Brosnan
Rights & Permissions Manager: John Rusk
Rights Specialist: James Fortney
Cover Image (Title Page, Part Opener, Chapter Opener): © Bocos
Benedict/Shutterstock
Printing and Binding: McNaughton & Gunn
Library of Congress Cataloging-in-Publication Data
Names: Solomon, Michael (Michael G.), 1963– author.
Title: Ethical hacking : techniques, tools, and countermeasures / Michael G.
Solomon, PhD, CISSP, PMP, CISM, PenTest+, CySA+.
Other titles: Hacker techniques, tools, and incident handling
Description: Fourth edition. | Burlington, Massachusetts : Jones & Bartlett
Learning, [2024] | Previous edition: Hacker techniques, tools, and incident
handling. Third edition. Burlington, MA : Jones & Bartlett Learning, 2020. |
Includes bibliographical references and index.
Identifiers: LCCN 2022026903 | ISBN 9781284248999 (paperback)
Classification: LCC TK5105.59 .O786 2024 | DDC 005.8–dc23/eng/20220826
LC record available at https://lccn.loc.gov/2022026903
6048
Printed in the United States of America
26 25 24 23 22 10 9 8 7 6 5 4 3 2 1
 This text is dedicated to our readers and students and the IT professionals who
are pursuing careers in information systems security. May you find learning about
hacking for ethical purposes to be a rewarding endeavor, and have a lot of fun in
the process.
© Bocos Benedict/Shutterstock.

Contents

Preface
Acknowledgments
About the Authors

PART I Hacker Techniques and Tools

CHAPTER 1 Hacking: The Next Generation

Profiles and Motives of Different Types of Hackers
Controls
The Hacker Mindset
Motivations of Hackers
A Look at the History of Computer Hacking
Ethical Hacking and Penetration Testing
The Role of Ethical Hacking
Ethical Hackers and the C-I-A Triad
Common Hacking Methodologies
Performing a Penetration Test
The Role of the Law and Ethical Standards
CHAPTER SUMMARY
 KEY CONCEPTS AND TERMS
CHAPTER 1 ASSESSMENT

CHAPTER 2 Linux and Penetration Testing

Linux
Introducing Kali Linux
Working with Linux: The Basics
A Look at the Interface
Basic Linux Navigation
Important Linux Directories
Commonly Used Commands
The Basic Command Structure of Linux
Wildcard Characters in Linux
Live CDs/DVDs
Special-Purpose Live CDs/DVDs
Virtual Machines
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 2 ASSESSMENT

CHAPTER 3 TCP/IP Review

Exploring the OSI Reference Model
The Role of Protocols
Layer 1: Physical Layer
Layer 2: Data Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
The Role of Encapsulation
Mapping the OSI Model to Functions and Protocols
OSI Model Layers and Services
TCP/IP: A Layer-by-Layer Review
Physical or Network Access Layer
 Network or Internet Layer
Host-to-Host Layer
Application Layer
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 3 ASSESSMENT

CHAPTER 4 Cryptographic Concepts

Cryptographic Basics
Authentication
Integrity
Nonrepudiation
Symmetric and Asymmetric Cryptography
Cryptographic History
What Is an Algorithm or Cipher?
Symmetric Encryption
Asymmetric Encryption
Hashing
Birthday Attacks
Digital Signatures
Public Key Infrastructure
The Role of Certificate Authorities
Registration Authority
Certificate Revocation List
Digital Certificates
PKI Attacks
Common Cryptographic Systems
Cryptanalysis
Future Forms of Cryptography
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 4 ASSESSMENT

PART II A Technical and Social Overview of Hacking

CHAPTER 5 Passive Reconnaissance
The Information-Gathering Process
Information on a Company Website and Available Through Social Media
Discovering Financial Information
Google Hacking
Exploring Domain Information Leakage
Manual Registrar Query
Nslookup
Automatic Registrar Query
Whois
Internet Assigned Numbers Authority
Determining a Network Range
Traceroute
Tracking an Organization’s Employees
Using Social Networks
Using Basic Countermeasures
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 5 ASSESSMENT

CHAPTER 6 Active Reconnaissance

Determining Address Ranges of Networks
Identifying Active Machines
Wardialing
Wardriving and Related Activities
Pinging
Port Scanning
Active Reconnaissance Countermeasures
Mapping Open Ports
Nmap
Free IP Scanner
Angry IP Scanner
Advanced IP Scanner
Operating System Fingerprinting
Active OS Fingerprinting
 Passive OS Fingerprinting
Mapping the Network
Analyzing the Results
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 6 ASSESSMENT

CHAPTER 7 Enumeration and Exploitation

Windows Basics
Controlling Access
Users
Groups
Security Identifiers
Commonly Attacked and Exploited Services
Enumeration
Performing Enumeration Tasks
NULL Session
Working with nbtstat
SuperScan
SNScan
Reporting
Exploitation
Password Cracking
Passive Online Attacks
Active Online Attacks
Offline Attacks
Nontechnical Attacks
Using Password Cracking
Privilege Escalation
Active@ Password Changer
Reset Windows Password
Stopping Privilege Escalation
Planting Backdoors
Using PsTools
Rootkits
 Covering Tracks
Disabling Auditing
Data Hiding
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 7 ASSESSMENT

CHAPTER 8 Malware
Malware
Malware’s Legality
Types of Malware
Malware’s Targets
Viruses
The History of Viruses
Types of Viruses
Prevention Techniques
Worms
How Worms Work
Stopping Worms
Trojans
Use of Trojans
Targets of Trojans
Known Symptoms of an Infection
Detection of Trojans
Distribution Methods
Backdoors
Covert Communication
Keystroke Loggers
Software
Hardware
Port Redirection
Spyware
Methods of Infection
Bundling with Software
Adware
 Scareware
Ransomware
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 8 ASSESSMENT

CHAPTER 9 Web and Database Attacks

Attacking Web Servers
Categories of Risk
Vulnerabilities of Web Servers
Improper or Poor Web Design
Buffer Overflow
Denial of Service Attack
Distributed Denial of Service Attack
Banner Information
Permissions
Error Messages
Unnecessary Features
User Accounts
Structured Query Language (SQL) Injection
Examining a SQL Injection Attack
Vandalizing Web Servers
Input Validation
Cross-Site Scripting Attack
Anatomy of Web Applications
Insecure Logon Systems
Scripting Errors
Session Management Issues
Encryption Weaknesses
Database Vulnerabilities
Types of Databases
Vulnerabilities
Locating Databases on the Network
Database Server Password Cracking
Locating Vulnerabilities in Databases
 Cloud Computing
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 9 ASSESSMENT

CHAPTER 10 Sniffers, Session Hijacking, and Denial of Service Attacks

Sniffers
Passive Sniffing
Active Sniffing
Sniffing Tools
What Can Be Sniffed?
Session Hijacking
Identifying an Active Session
Seizing Control of a Session
Session Hijacking Tools
Thwarting Session Hijacking Attacks
Denial of Service Attacks
Types of DoS Attacks
Tools for DoS Attacks
Distributed Denial of Service Attacks
Characteristics of DDoS Attacks
Tools for DDoS Attacks
Botnets and the Internet of Things
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 10 ASSESSMENT

CHAPTER 11 Wireless Vulnerabilities

The Importance of Wireless Security
Emanations
Common Support and Availability
A Brief History of Wireless Technologies
802.11
802.11b
802.11a
 802.11g
802.11n
802.11ac
802.11ax
Other 802.11 Variants
Other Wireless Technologies
Working with and Securing Bluetooth
Bluetooth Security
Securing Bluetooth
Working with Wireless LANs
CSMA/CD Versus CSMA/CA
Role of Access Points
Service Set Identifier
Association with an AP
The Importance of Authentication
Working with RADIUS
Network Setup Options
Threats to Wireless LANs
Countermeasures to Wireless LAN Threats
The Internet of Things
Wireless Hacking Tools
Homedale
The inSSIDer Program
Protecting Wireless Networks
Default AP Security
Placement
Dealing with Emanations
Dealing with Rogue APs
Use Protection for Transmitted Data
MAC Filtering
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 11 ASSESSMENT

CHAPTER 12 Social Engineering

 What Is Social Engineering?
Types of Social Engineering Attacks
Phone-Based Attacks
Dumpster Diving
Shoulder Surfing
Attacks Through Social Media
Persuasion/Coercion
Reverse Social Engineering
Technology and Social Engineering
The Browser as a Defense Against Social Engineering
Other Good Practices for Safe Computing
Best Practices for Passwords
Know What the Web Knows About You
Creating and Managing Your Passwords
Invest in a Password Manager
Social Engineering and Social Networking
Think Before You Post
Risks Associated with Social Networking
Social Networking in a Corporate Setting
Particular Concerns in a Corporate Setting
Mixing the Personal with the Professional
Facebook Security
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 12 ASSESSMENT

PART III Defensive Techniques and Tools

CHAPTER 13 Defensive Techniques

What Is a Security Incident?
The Incident Response Process
Incident Response Policies, Procedures, and Guidelines
Phases of an Incident and Response
Incident Response Team
Incident Response Plans
 Business Continuity Plans
Recovering Systems
Recovering from a Security Incident
Loss Control and Damage Assessment
Business Impact Analysis
Planning for Disaster and Recovery
Testing and Evaluation
Preparation and Staging of Testing Procedures
Frequency of Tests
Analysis of Test Results
Evidence Handling and Administration
Evidence Collection Techniques
Types of Evidence
Chain of Custody
Computer or Device Removal
Rules of Evidence
Security Reporting Options and Guidelines
Requirements of Regulated Industries
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 13 ASSESSMENT

CHAPTER 14 Defensive Tools

Defense in Depth
Intrusion Detection Systems
IDS Components
Setting Goals for an IDS
Accountability
Limitations of an IDS
Intrusion Prevention Systems
Firewalls
How Firewalls Work
Firewall Methodologies
Limitations of a Firewall
Implementing a Firewall
 Authoring a Firewall Policy
Honeypots and Honeynets
Goals of Honeypots
Legal Issues
The Role of Controls
Administrative Controls
Technical Controls
Physical Controls
Security Best Practices
Security Information and Event Management
Sources for Guidance
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 14 ASSESSMENT

CHAPTER 15 Physical Security

Basic Equipment Controls
Hard Drive and Mobile Device Encryption
Fax Machines and Printers
Voice over Internet Protocol
Physical Area Controls
Fences
Perimeter Intrusion Detection and Assessment Systems
Gates
Bollards
Facility Controls
Doors, Mantraps, and Turnstiles
Walls, Ceilings, and Floors
Windows
Guards and Dogs
Construction
Personal Safety Controls
Lighting
Alarms and Intrusion Detection
Closed-Circuit TV and Remote Monitoring
 Physical Access Controls
Locks
Tokens and Biometrics
Avoiding Common Threats to Physical Security
Natural, Human, and Technical Threats
Physical Keystroke Loggers and Sniffers
Wireless Interception and Rogue Access Points
Defense in Depth
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 15 ASSESSMENT

APPENDIX A Answer Key

APPENDIX B Standard Acronyms

Glossary of Key Terms
References
Index
© Bocos Benedict/Shutterstock.

Preface

Purpose of This Text

This text is part of the Information Systems Security & Assurance
Series from Jones & Bartlett Learning (www.jblearning.com).
Designed for courses and curricula in IT security, cybersecurity,
information assurance, and information systems security, this series
features a comprehensive, consistent treatment of the most current
thinking and trends in this critical subject area. These titles deliver
fundamental information security principles packed with real-world
applications and examples. Authored by Certified Information
Systems Security Professionals (CISSPs), the text delivers
comprehensive information on all aspects of information security.
Reviewed word for word by leading technical experts in the field,
these texts are not just current but also forward-thinking—putting
you in the position to solve the cybersecurity challenges not just of
today, but of tomorrow as well.
The first part of this text on information security examines the
landscape, key terms, and concepts that a security professional
needs to know about hackers and computer criminals who break into
networks, steal information, and corrupt data. It covers the history
of hacking and the standards of ethical hacking. The second part
provides a technical overview of hacking: how attackers target
networks and the methodology they follow. It reviews the various
techniques attackers apply, including passive and active
reconnaissance, port scanning, enumeration, malware, sniffers,
denial of service, and social engineering. The third part of the text
reviews incident response and defensive technologies, including how
to respond to hacking attacks and how to fend them off, especially in
an age of increased reliance on cloud environments and distributed
applications.

Learning Features
The writing style of this text is practical and conversational. Each
chapter begins with a statement of learning objectives. Step-by-step
examples of information security concepts and procedures are
presented throughout the text. Illustrations are used to both clarify
the material and vary the presentation. Sprinkled throughout are a
wealth of Notes, Tips, FYIs, Warnings, and sidebars to alert the
reader to additional helpful information related to the subject under
discussion. Chapter Assessments appear at the end of each chapter,
with solutions provided in the back of the text.
Chapter summaries are included in the text to provide a rapid
review or preview of the material and to help students understand
the relative importance of the concepts presented.

New to This Edition

This new edition has been updated to better reflect the
infrastructures and security threats readers are most likely to
encounter in today’s organizations. The content has been slightly
reorganized, extended, and refreshed to ensure that it covers the
latest cybersecurity attack trends, tools and techniques, and industry
best practices.
Part I, Foundations of Hacking, covers many of the threats that
today’s distributed IT environments face, along with some skills and
basic knowledge that ethical hackers need to be successful. The
chapter that covers Linux and penetration testing was moved into
this part so that readers would be introduced to ethical hacking
activities earlier in the text.
Part II, Hacker Techniques and Tools, continues the discussion
from Part I to form the core technical material of the text. In Part II,
we dig into the various aspects of carrying out ethical hacking
activities, including reconnaissance, enumeration exploitation, and
attacks on web, database, wireless, and mobile environments. This
edition retains the technical information from previous editions but
updates the tools and techniques to reflect the latest state of the
art. Additional emphasis is placed on planning, scoping, and carrying
a penetration testing plan.
Finally, Part III, Defensive Tools and Techniques, extends the
content from previous editions to go beyond incident response and
cover key defensive techniques and best practices. This latest edition
provides the most comprehensive coverage to date of how to
implement an ethical hacking initiative as a strategic organizational
objective.

Audience
This material is suitable for undergraduate or graduate computer
science majors or information science majors, students at a two-year
technical college or community college who have a basic technical
background, and readers who have a basic understanding of IT
security and want to expand their knowledge.

Cloud Labs
This text is accompanied by Cloud Labs. These hands-on virtual labs
provide immersive mock IT infrastructures where students can learn
and practice foundational cybersecurity skills as an extension of the
lessons in this text. For more information or to purchase the labs,
visit http://go.jblearning.com/ethicalhacking4e.
© Bocos Benedict/Shutterstock.

Acknowledgments

I want to thank God for blessing me so richly with such a wonderful

family and with their support throughout the years. My best friend
and wife of more than three decades, Stacey, is my biggest
cheerleader and supporter through many professional and academic
projects. I would not be who I am without her.
Both our sons have always been sources of support and
inspiration as well. I thank Noah, who still challenges me, keeps me
sharp, and tries to keep me relevant, and Isaac, who left us far too
early. We miss you.
Michael G. Solomon
© Bocos Benedict/Shutterstock.

About the Authors

Michael G. Solomon, PhD, is an educator; a full-time security,

privacy, compliance, and blockchain consultant; a speaker; and an
author who specializes in leading teams in achieving and maintaining
secure and effective IT environments. Michael is a professor of
Information Systems Security and Information Technology at the
University of the Cumberlands. As an industry consultant since 1987,
he has led project teams for many Fortune 500 companies and has
authored and contributed to more than 30 books and numerous
training courses. Michael holds the CISSP, PMP, PenTest+, CySA+,
and CISM certifications, and has a PhD in Computer Science and
Informatics from Emory University.

Sean-Philip Oriyano has been actively working in the IT field since

1990. Throughout his career, he has held positions such as support
specialist to consultants and senior instructor. Currently he is an IT
instructor who specializes in infrastructure and security topics for
various public and private entities. Sean has instructed for the US Air
Force, Navy, and Army at locations both in North America and
internationally. Sean is certified as a CISSP, CHFI, CEH, CEI, CNDA,
SCNP, SCPI, MCT, MCSE, and MCITP, and he is a member of EC-
Council, ISSA, Elearning Guild, and Infragard.
© Bocos Benedict/Shutterstock.
 PART I
Hacker Techniques and
Tools
CHAPTER 1 Hacking: The Next Generation
CHAPTER 2 Linux and Penetration Testing
CHAPTER 3 TCP/IP Review
CHAPTER 4 Cryptographic Concepts
© Bocos Benedict/Shutterstock.
 CHAPTER 1
Hacking: The Next
Generation
MANY OF TODAY’S NEWS STORIES RELATED to cybersecurity focus
on attackers—what they do and the consequences of their actions.
In this text, we will cover a wide range of techniques and
technologies that attackers use to compromise systems. We will also
consider how security professionals can use those same techniques
and technologies to make their systems harder to attack. But before
we dive into the details, it is important to first gain an understanding
of who these attackers are and why they do what they do.
During the early generations of digital computing (way back in the
1960s), learning about computing wasn’t nearly as easy as it is
today. In many cases, the best way to learn was to build your own
computer! From this do-it-yourself era, a group of individuals
emerged who were passionately interested in learning all they could
about computers. They learned about hardware, software, and ways
to connect devices and communicate. Their often-imprecise methods
of building and accessing devices earned them the moniker
hackers. The first generation of hackers were individuals who are
called “geeks” or technology enthusiasts today. These early hackers
went on to create the foundation for technologies such as the
Advanced Research Projects Agency Network (ARPANET), which
paved the way for the Internet. They also initiated many early
software-development movements that led to what is known today
as open source. Their hacking was motivated by intellectual curiosity
and a quest to collectively expand the body of knowledge for this
new domain of digital computing; causing damage or stealing
information was “against the rules” for this core group of people.
In the 1980s, hackers started to gain more of a negative
reputation—one with which the public now identifies them. Movies
such as WarGames and media attention to their exploits altered the
image of a hacker from a technology enthusiast to a computer
criminal. During this time, hackers engaged in activities such as theft
of service by breaking into phone systems to make free phone calls.
Books such as The Cuckoo’s Egg and the emergence of magazines
such as Phrack cast even more negative light on hackers. In many
respects, the 1980s formed the basis for how a hacker is perceived
today.
Fortunately, the overall image of hackers is not all bad. A new
generation of security professionals, who share many of the same
aspirations as the original hackers, have emerged to use their
knowledge and skills to protect systems, rather than to compromise
them. These professionals use hacking for ethical purposes.

CHAPTER 1 TOPICS
This chapter covers the following topics and concepts:

The motives of different types of hackers

The history of computer hacking
Ethical hacking and penetration testing
Commonly used hacking methodologies
The roles of ethical standards and the law

CHAPTER 1 GOALS
When you complete this chapter, you will be able to:

Distinguish the different motives of hackers and determine

the basis of their attacks.
Describe the history of hacking.
Explain the evolution of hacking.
Explain why information systems and people are vulnerable
to manipulation.
Differentiate between hacking, ethical hacking, penetration
testing, and auditing.
Identify the motivations, skill sets, and primary attack tools
used by hackers.
Compare the steps and phases of a hacking attack to those
of a penetration test.
Explain the difference in risk between inside and outside
threats and attacks.
Review the need for ethical hackers.
State the most important step in ethical hacking.
Identify important laws that relate to hacking.
Profiles and Motives of Different Types of
Hackers
Over the past four decades, the definition of a hacker has evolved
quite a bit from the definition accepted in the 1980s and even the
1990s. Current hackers defy easy classification and are best
understood by looking at the motivations for their actions. Although
there is no comprehensive list of the types of hackers active in
today’s global online environments, here is a general list of
categories of their motivations (you’ll learn more about each type of
hacker in a later section in this chapter):

Good guys—Information security (InfoSec) professionals who

engage in hacking activities to uncover vulnerabilities in hopes
of mitigating them and making systems more secure and
resistant to attacks.
Amateurs—Entry-level hackers who do not possess their own
advanced skills but rather use only scripts and software written
by more experienced hackers. Because amateurs rarely do more
than run other people’s scripts, they are often called “script
kiddies.”
Criminals—Hackers who routinely use malicious software,
techniques, and devices to carry out illegal activities primarily
for the purpose of financial gain.
Ideologues—Hackers who carry out their activities to achieve
ideological or political goals. These types of hackers are
sometimes called “hacktivists” because they use their hacking
skills to carry out activist activities.
 Nation-state actors—An increasingly worrisome group of
cybercriminals are those who are directly trained and supported
by nation-states. Nation-state actors are extremely
sophisticated, have large budgets, and are tasked with carrying
out cyberwarfare operations.

NOTE
Don’t let the term “good guys” throw you. It doesn’t actually
imply that only one gender is a good fit for being an exceptional
InfoSec professional. Some of the best InfoSec people with
whom I have worked are not “guys.”

Most of today’s organizations have quickly learned that they can

no longer afford to underestimate or ignore the growing threat that
increasingly sophisticated attackers pose. Organizations of all sizes
have learned to reduce threats through a combination of technical,
administrative, and physical measures designed to address a specific
range of problems. Technical measures include devices and
techniques such as virtual private networks (VPNs), cryptographic
protocols, intrusion detection systems (IDSs) and intrusion
prevention systems (IPSs), access control lists (ACLs),
biometrics, smart cards, and other devices. Administrative controls
include policies, procedures, and other rules. Physical measures
include devices such as cable locks, device locks, alarm systems, and
other similar devices. Although any of these devices or controls may
be expensive, they will likely be cheaper and more effective than the
cost and effort required to clean up after a successful attack.

FYI
 People who break the law or break into systems without
authorization are more correctly known as crackers. The media
do not usually make this distinction because “hacker” has
become such a universal term. In reality, many experienced
hackers never break the law and define hacking as producing an
outcome that the system’s designers never intended or
anticipated. In that respect, Albert Einstein can be considered to
have “hacked” Newtonian physics. In the interest of simplicity,
this book will use the term “hacker” to describe those individuals
who are either productive or destructive.

While discussing attacks and attackers, InfoSec professionals must

be thorough when assessing and evaluating threats by also
considering where those threats originate. When evaluating the
threats against an organization and possible sources of attack,
always consider the fact that attackers can come from both outside
and inside the organization. Given the nearly global access to the
Internet, “outside” an organization can mean literally anywhere in
the world today. External attackers may attempt to hide their attacks
by initiating them from far-away countries that may have very
different laws than those in the victim’s country. Meanwhile, internal
attackers can use their insider knowledge to focus their attacks. A
single disgruntled employee can cause tremendous damage because
that person is an authorized user of the system. Although you will
likely see many more external attacks, the actions of a malicious
insider may go unnoticed longer, and such an individual may have
some level of knowledge of how things work ahead of time, which
can result in a more effective attack.

NOTE
Never underestimate the damage a determined individual can do
to computer systems. For example, the 2021 Cost of Data Breach
Study by IBM (available at www.ibm.com/security/data-breach)
 found that breaches cost the large organizations reporting such
incidents a global annualized average of $4.24 million each.

Controls
Each organization is responsible for protecting itself from risks by
determining the controls that will be most effective in reducing or
mitigating the threats it faces. One approach to developing a
balanced and effective strategy for selecting security controls is the
TAP principle. TAP is an acronym for technical, administrative, and
physical—the three types of controls you can use to mitigate risk.
Here’s a look at each type, with a few examples:

Technical—Technical controls take the form of software or

hardware devices, such as firewalls, proxies, IDSs, IPSs,
biometric authentication, permissions, auditing, and similar
technologies.
Administrative—Administrative controls take the form of
policies and procedures. Examples include a password policy
that defines what makes a strong password and an acceptable
use policy (AUP) that defines acceptable and unacceptable uses
for an organization’s computers and devices. In many cases,
administrative controls also fulfill legal requirements, such as
policies that dictate privacy of customer information. Other
examples of administrative policy include the rules governing
actions taken when hiring and firing employees.
Physical—Physical controls protect assets from traditional
threats such as theft or vandalism. Mechanisms in this category
include door locks, cameras, security guards, lighting, fences,
gates, and other similar devices.
 NOTE
Attacks depend on the existence of one or more weaknesses in a
system. Each weakness is referred to as a vulnerability. An
exploit refers to a piece of software, a tool, or a technique that
targets or takes advantage of a vulnerability—leading to privilege
escalation, loss of integrity or confidentiality, or denial of service
on a computer system or resource. In short, a successful attack
depends on the attacker first identifying and then exploiting a
vulnerability.

The Hacker Mindset

Depending on whom you ask, you will get a wide range of responses
from hackers about how they view their actions. In fact, many
malicious hackers, like other individuals who break rules or laws for
various reasons, have their own codes of ethics that they hold
sacred. In defense of their actions, hackers have been known to cite
various justifications, including the following:

The notion of victimless crime—Because humans are not

the direct targets, there’s nothing wrong with committing the
crime. (Of course, this justification doesn’t apply to attacks that
actually do target individuals.)
The Robin Hood ideal—Stealing software and other media
from “rich” companies and delivering them to the “poor”
consumers via methods, such as BitTorrent, that bypass
organizations’ intellectual property protections, is okay because
the target companies have plenty of money.
National pride and patriotism—Similar to the anti-
establishment Robin Hood mentality, patriotic hackers may seek
 to upset the balance of national or international power, hacking
to disrupt the due process of an adversary and/or bolster the
opinion of their own country.
The educational value of hacking—Essentially, it is okay to
commit a crime as long as one is doing it to learn.
Curiosity—Breaking into a network is okay as long as you don’t
steal or change anything.

NOTE
Although the mere act of writing malicious computer software,
such as a virus or ransomware, is not illegal, releasing it into the
“wild” is illegal.

NOTE
Although it is true that applications or data can be erased or
modified, even worse scenarios can happen under the right
circumstances. For example, consider what could happen if
someone broke into a system such as a 911 emergency service
and then maliciously or accidentally took it down.

Another attempt to explain the mindset of hackers is known as the

hacker ethic. This set of standards dates back to Steven Levy in the
1980s. In the preface of his book Hackers: Heroes of the Computer
Revolution, Levy states the following:

Access to computers and anything that might teach you

something about the way the world works should be unlimited
and total.
 All information should be free.
Authority should be mistrusted, and decentralization should be
promoted.
Hackers should be judged by their hacking, not by criteria such
as degrees, age, race, gender, or position.
You can create art and beauty on a computer.
Computers can change your life for the better.

Motivations of Hackers
Ethics are an important aspect of understanding hackers, but far
from the only salient point. One must also consider motivation.
Anyone who has watched one of the many television shows that
focus on solving crimes knows that three things are needed to
commit a crime:

Means—Does the attacker possess the ability to commit the

crime in question?
Motive—Does the attacker have a reason to commit the crime?
Opportunity—Does the attacker have the necessary access
and time to commit the crime?

Focusing on the second point—motive—helps us better understand

why an attacker might engage in hacking activities. The early
“pioneers” of hacking engaged in those activities almost exclusively
out of curiosity. Today’s hackers may have any number of motives,
many of which are similar to the motives for committing traditional
crimes:

Beneficial contribution—Hackers with this motive are not

criminals. White-hat hackers, also called ethical hackers, are
InfoSec professionals who engage in hacking activities to help
make their organization’s systems more secure. They try to
attack their systems much as attackers would in an effort to
uncover vulnerabilities that can be mitigated before attackers
find and exploit those weaknesses. The two main differences
between ethical hackers and unethical hackers are that ethical
hackers have permission to carry out their activities, and they
do so to make their organizations more secure.
Status/validation—New hackers nearly always learn the
ropes by running prepackaged scripts and programs written by
more experienced hackers. These tools require very little
sophistication in terms of users’ skills and make it easy for
inexperienced hackers to cause damage. These new hackers
with limited original skills are generally referred to as script
kiddies. As they gain more skills, they often modify existing
exploits, and some eventually write their own malicious
software. Many of today’s hackers aim to make a name for
themselves. Each successful attack gives them more status and
elevates their reputation in the eyes of other, often more
established hackers. For many hackers, this recognition is
reward enough—at least at first.
Monetary gain—Most of today’s malicious attacks are
specifically targeted to either generate revenue for the attacker
or deny revenue to the target. Attacks can provide access to
financial resources or to valuable data that can be resold, deny
resources or processes that generate revenue, or deny access to
resources that can be held for ransom. In any case, money is
the primary motivation for these types of hackers, who can
 include malicious insiders, individual criminals, organized crime
organizations, or cybermercenaries.
Ideology—Hackers in this category use technology to achieve
ideological goals. Those who use malicious software to carry out
activist attacks are often labeled “hacktivists.” But hacktivists
aren’t the only actors in this category: Nationalists and nation-
state actors are also motivated by ideology. Their attacks are
carried out to promote a particular agenda. Actors who operate
in this area often have the most advanced skills and the
greatest financial backing. Due to their high level of
sophistication coupled with robust funding, ideological hackers
can be the most dangerous cybercriminals, resulting in grave,
global consequences.

Hacktivism
A relatively new form of hacking is hacking on behalf of a cause.
In the past, hacking was done for many different reasons, which
rarely included social expression. Over the past few decades,
however, an increasing number of security incidents have
occurred whose roots can be traced to social or political activism.
Examples include defacing websites of public officials,
candidates, or agencies with which an individual or group
disagrees or launching denial of service (DoS) attacks against
corporate or political websites. With the increased presence of,
and reliance on, social media, hacktivism can also manifest as
simply spreading rumors and false stories. Hacktivists generally
focus on attacks that lead to widespread disruption as opposed
to financial gain.
A Look at the History of Computer Hacking
Typical early hackers were curious about the new technology of
networks and computers and wanted to see just how far they could
push their capabilities. Hacking has changed quite a bit since then.
For example, in the 1970s, before the advent of the personal
computer (PC), hacking was mostly confined to mainframes that
were found only in corporate and university environments. When
PCs became widely available in the 1980s, anyone could get their
own copy of an operating system. Hackers soon realized that a hack
that worked on one PC would work on nearly every other PC as well.
Although the first Internet worm, introduced by Robert T. Morris, Jr.
in November 1988, exploited a weakness in the UNIX sendmail
command, the attention of worm and virus writers soon shifted to
the world of PCs, where most infections occur today.
As hackers’ skills and creativity evolved, so did their attacks. The
first web browser, Mosaic, was introduced in 1993. By 1995, hackers
were defacing websites. Some of the earliest hacks were quite
funny, if not somewhat offensive or vulgar. By May 2001, websites
were hacked at such a rate that the group that documented them
gave up trying to keep track these attacks (see
http://attrition.org/mirror/attrition).
By the turn of the century, hacks started to devolve from pranks to
malicious activity. DoS attacks took out companies’ Internet access,
affecting those firms’ stock prices and causing financial damage. As
websites began to process more credit card transactions, their back-
end databases became prime targets for attacks. As computer crime
laws came into being, the bragging rights for hacking a website
became less attractive—sure, a hacker could show off to friends, but
that didn’t produce a financial return. As online commerce grew,
skilled hackers started offering their services to the highest bidder,
with crime rings, organized crime, and nations with hostile interests
utilizing the Internet as an attack route.
 To combat the growing tide of cybercrime, software and hardware
vendors released numerous security-related products in the 1990s
and early 2000s. Antivirus software, firewalls, IDSs, and remote
access controls were all designed to counter an increasing number of
new and diverse threats. As technology, hackers, and
countermeasures improved and evolved together, so did the types of
attacks and strategies used. Attackers started introducing new
threats in the form of worms, spam, spyware, adware, and rootkits.
These attacks went beyond harassing and irritating the public to
causing widespread disruptions by attacking the technologies that
society increasingly depended on.
Hackers also started to realize that it was possible to use their
skills to generate money in all sorts of interesting ways. For
example, attackers used techniques to redirect web browsers to
specific pages that generated revenue for themselves. Spammers
sent out thousands upon thousands of email messages advertising
various products and services. Because sending out bulk email costs
mere pennies, it takes only a small number of purchases to make a
nice profit.
The last two decades have seen the hacking community adopting
a new team ethic or work style. In the past, it was normal for a
“lone wolf” type to engage in hacking activities. Today, a new
pattern of a collective or group effort has emerged. Attackers found
that working together can produce greater results than just one
individual carrying out an attack. Such teams increase their
effectiveness not only by capitalizing on their sheer numbers,
diversity, or complementary skills, but also by adding clear
leadership structures. Another concern is the trend in which groups
of hackers receive financing from nefarious or resourceful sources,
such as criminal organizations, terrorists, or even foreign
governments. The proliferation of and increasing dependence on
technology has proved it to be an irresistible target for criminals.

FYI
 In the 1960s, Intel scientist Gordon Moore noted that the density
of transistors was doubling every 18 to 24 months. Because
computing power is directly related to transistor density, the
statement “Computing power doubles every 18 months” became
known as Moore’s law. Cybersecurity author and expert G. Mark
Hardy has offered a corollary for security professionals, known as
G. Mark’s law: “Half of what you know about security will be
obsolete in 18 months.” Successful security professionals commit
to lifelong learning.

Clearly, hacking is by no means a new phenomenon; it has existed

in one form or another since the 1960s. It is only for a portion of the
time since then that hacking has been viewed as a crime and a
situation that must be addressed.
Although the media commonly cover successful cybersecurity
attacks, for every news item or story that makes it into the public
consciousness, many more never do. For every hacking incident that
is made public, only a small portion of perpetrators are caught, and
an even smaller number get prosecuted for cybercrime. But hacking
is indeed a crime, and those engaging in such activities can be
prosecuted under any number of laws. The volume, frequency, and
seriousness of attacks have increased and will continue to do so as
technology and techniques evolve.
Ethical Hacking and Penetration Testing
As an InfoSec professional, two of the terms you will encounter early
on are ethical hacker and penetration testing. Today’s InfoSec
community includes different schools of thought on the precise
definition of each term. It’s important to separate and clarify these
two terms to understand each one and how they fit into the big
picture.
From everything discussed so far, you might think that hacking is
not something you can engage in legally or for any positive or
helpful reason whatsoever. This is far from the truth. It is possible to
engage in hacking for good reasons—for example, when a network
owner contracts with an InfoSec professional and gives that
professional explicit permission to hack systems to uncover
vulnerabilities that should be addressed. Notice the important
phrases “network owner contracts” and “explicit permission” here:
Ethical hackers engage in their activities only with the permission
(which must be in written form) of the asset owner.

NOTE
Engaging in any hacking activity without the explicit permission
of the owner of the target you are attacking is a crime whether
or not you get caught. And the only way to prove that you have
explicit permission is to get it in writing—before you start!
InfoSec professionals often call this written permission their “get
out of jail free card.”

Once ethical hackers have the necessary permissions and

contracts in place, they can engage in penetration testing, which is
the structured and methodical means of investigating, identifying,
attacking, and reporting on a target system’s strengths and
Random documents with unrelated
content Scribd suggests to you:
 HORDEOLUM. STYE. ACNE.

Like acne of the skin in general, this consists in inflammation and

suppuration of a hair follicle and sebaceous gland. The whole lid or a
large part of it may be swollen, but by stroking it with the finger, a
hard, rounded, very tender spot will be detected and as the disease
advances this develops a minute collection of pus. A specially wide
orifice favors the entrance of the pus microbes, and the onset of the
disease. It has been noted in dogs (Fröhner).
For abortive treatment Fick recommends dry heat from a pocket
handkerchief or a heated teaspoon. If pus is present it must be
evacuated, and recurrence guarded against by cleanliness and
antiseptics. Use pyoktannin solution (1 ∶ 1000), or mercuric chloride
(1 ∶ 5000) or yellow oxide of mercury ointment.
 CHALAZION.

This is a pea like tumor growing from the tarsal cartilage, its
flattened side toward the mucosa, which is red and angry, and its
round surface toward the skin. When manipulated between the
fingers it moves with the tarsus. It is usually of slow growth and may
continue for years apparently unchanged. Some have thought it
tuberculous, but its true nature is uncertain. Warner records the
disease in the horse.
Treatment consists in incision and removal of the tumor,
curretting of the cavity, and after antiseptic douching, suturing the
lips.
 TUBERCULOSIS OF THE EYELID.

Described by Jewsejenke in the lower lid of birds, this is

manifested by small, hard round knots, covered by bluish red, or
yellowish red skin, and when incised showing a characteristic miliary
tubercle, with bacilli and sometimes a caseated centre. It is treated
by incision, curretting and caustics.
 TURNED IN EYELASH. TRICHIASIS.

Sometimes an eyelash grows inward so as to impinge upon the

front of the eyeball, or even to extend between this and the eyelid.
The condition exists in entropion but trichiasis is rather the
deviation of one or two cilia by reason of their false direction,
individually. It may occur as the result of a pre-existing
inflammation affecting the edge of the lid and the follicle, and the
offending hair is not only badly directed but small and shrunken as
well. On this account it is not always easy to recognize it, and
accordingly in cases of conjunctivitis without apparent cause it is
well to examine carefully with the aid of oblique focal illumination.
Treatment consists in pulling out the offending hair with ciliary
forceps, avoiding bending it lest it break off short and become at
once more irritating and more difficult of extraction. In case the hair
grows anew in the same direction extract it anew and destroy its root
with the electric cautery.
 ENTROPION. TURNING IN OF THE EYELID.

In foals, puppies, hounds, with narrow fissure, and conjunctivitis, or tarsitis.

Permanent bandaging, orbicularis spasm. Symptoms: disappearance of tarsus and
lashes by involution. Treatment: in spasm fix by plaster; suture skin; excise
elliptical section of skin and suture edges together. Release cicatrices.

Inversion of the eyelid or a portion of it, with consequent

trichiasis, conjunctivitis and lachrymation has been met with
congenitally in foals (Aubry, Bourdeau, Hamon) and puppies
(Cadiot, Almy). Hounds have especially suffered. In the older
animals it is largely determined by abnormally narrow fissure, and
by old standing disease of the conjunctiva or tarsus, with cicatricial
contraction or adhesion. Persistent bandaging turns in the cilia and
contributes to entropion. Finally a persistent spasm of the orbicularis
muscle may bring it about.
Symptoms. Trichiasis is usually, though not always, present.
In any case the tarsus is turned inward so as to press upon the
front of the bulb, or even to disappear completely. Thickening and
distortion of the lid is a not infrequent condition.
Treatment. In case of simple spasm clip or shave the hairs from
the lid corresponding to the lesion, and close to the tarsus attach a
strip of plaster. When firmly adherent draw it sufficiently to efface
the entropion and attach it to the skin of the face.
This failing, Gaillard’s sutures may succeed. With a pair of forceps
with looped, transversely elongated blades, pinch up skin and muscle
sufficient to correct the entropion, and passing a needle twice
through this fold with an interval of 3 mm., tie the suture over a
small roll of cotton. The stitches may be removed in two days and the
cicatrices may permanently obviate the deformity.
 The older plastic operation is more trustworthy: The skin of the
affected lid is pinched up to such an extent in length and breadth, as
to correct the entropion and is then excised with sharp scissors or
bistuory so as to leave a long elliptical sore. The edges of this are then
carefully sutured together and the resulting union corrects
deformity. In case the entropion is caused by an old standing
cicatrix, it may be necessary, first, to make a careful incision along
the edge of the lid so as to separate the tarsus and conjunctiva from
the cilia and Meibomian ducts, and then to proceed with the plastic
operation on the skin.
 TURNING OUT OF THE EYELID. ECTROPION.

In large dogs, in old age, debility, conjunctival swelling, cicatrized skin of lids,
distortions of lids. Symptoms: exposure of palpebral mucosa, weeping eyes,
conjunctival hypertrophy (chemosis). Treatment: scarify or excise a fold of
mucosa, astringent antiseptics, Snellen’s suture, Diefenbach’s operation, Wharton-
Jones operation.

This is much more common than entropion, but much less

injurious as the tarsi and lashes do not irritate the conjunctiva. It is
especially common in large dogs (hounds, mastiff) and usually
affects the inner part of the lower lid. Old age and debility contribute
materially to the condition, the lack of tone or paresis being an
important factor. It may, however, occur in any animal, from
conjunctivitis and swelling of the mucosa, from cicatrices or old
standing disease of the skin of the eyelids, or from imperfectly healed
wounds leaving distortions of the lower lid. It is most frequent in the
lower lid, and the slightest pendulous condition, which detaches the
tarsus from the bulb, and exposes a narrow zone of the conjunctiva is
considered to be an ectropion.
Symptoms. Beside the exposure of the zone of mucosa, there is the
overflow of tears, and in old standing and bad cases a hypertrophy of
the exposed conjunctiva, which projects as a fleshy-looking mass,
and weighs down the lid, with a continual tendency to aggravation.
Treatment. Where the main factor seems to be the infiltration of
the mucosa this may be reduced by scarification, or by the complete
excision of a fold of the membrane. Use an antiseptic wash (boric
acid) and the retraction of healing tends to brace up the lid against
the bulb.
Snellen’s suture is sometimes employed successfully. A silk thread
is armed at each end with a needle, and the needles are passed into
the conjunctiva just inside the tarsus and brought out through the
skin near the margin of the orbit, where they are tied round a small
roll of cotton. Several of these may be inserted side by side so as to
extend the whole length of the ectropion and they should be drawn
tight enough to correct the deformity. If left some days they will
usually determine cicatrices which will overcome the deformity.
The most common operation (Dieffenbach’s) is the excision of a
triangular portion of skin from just outside the lower lid and having
its base or upper side running horizontally outward from the outer
canthus. Then pare the margin of the lower lid for a distance equal to
the base of the triangle. Then bring together and suture the skin
forming the right and left sides of the triangle, and the raw edge of
the lid to the skin that formed the base of the triangle. In this way the
triangular sore formed by the operation is completely covered and
the margin of the lower lid is shortened so as to brace it up against
the bulb.
In case of cicatricial ectropion the Wharton-Jones operation is to
be adopted. A V-shaped incision is made in the skin of the lower lid
commencing just beneath the tarsus and carried down so that the
two lines of incision meet well down beneath the cicatrix. The
triangular flap of skin thus made, is detached by a bistuory from the
cicatricial tissue beneath, and allowed to shrink upward toward the
tarsus. Finally the two edges are sewed together from the angle
upward, as far as may be necessary to allow the proper application of
the tarsus against the bulb, and the remainder of these edges are
sutured to those of the triangular flap.
 TUMORS OF THE EYELIDS.

Warts. The most common tumors of the eyelids in horses, cattle,

and dogs are warts. These are most simply disposed of by seizing
them with rat-tooth forceps and clipping them off with sharp scissors
curved on the flat. Any bleeding may be checked by a pencil of silver
nitrate.
Sarcoma, melanoma, and epithelioma are common in
solipeds, especially in the gray and white. They usually form a
cauliflower-like mass red and angry and bleed easily. They may
occupy any part of the lid, the skin, the dark tarsal margin, the
connective tissue or the mucosa, and not unfrequently they involve
the eyeball, and the surrounding tissues, even the bones of the orbit.
Treatment. These may be excised like warts taking care to remove
every vestige of disease. In these cases I have usually found it
necessary to remove the entire bulb.
 FRACTURE OF THE ORBIT.

Nature and Causes. The usual seat of fracture is the orbital

process of the frontal bone, yet any portion of the orbital margin may
suffer, and even the inner wall or floor of the orbit may be broken by
a penetrating instrument. Horses and polled cattle and sheep are
especially exposed to the injury, while in horned stock the region is
in a measure protected. Carnivora, which have no bony orbital
process, are less liable but may still sustain fractures of the
remaining parts. Horses and polled ruminants suffer mainly from
beating the head on the ground or other solid body in the paroxysms
of colic and enteritis, or in nervous affections; horned stock suffer
from concussions in fighting and direct blows by the horns. All
animals suffer from blows with clubs, kicks and other mechanical
injuries.
Symptoms. With (and less frequently without) a skin wound, there
may be indication of depression, or mobility of the detached
segment, or its sharp edge may be felt, through the skin, or by the
sterilized finger introduced into the orbit. In case of a penetrating or
stab wound, which cannot be followed by the finger, it may be
followed by an aseptic probe and any fracture recognized. The
conjunctival sac must be first thoroughly washed out with an
antiseptic lotion, as the introduction of any septic germs into the
osseous wound, is likely to cause a dangerous infection or abscess.
Treatment. Simple, slight fractures with blunt instruments are
treated by rest and cooling, disinfectant lotions. If foreign bodies or
detached particles of bone are found in the wound they should be
extracted. Shot that are difficult to find, may be left, as they are often
aseptic and tend to become encapsuled. Should they cause abscess
they will usually be found in the pus sac and may then be removed.
Displaced bones may often be replaced by the finger in the orbit.
Sometimes they can be best reached by trephining the frontal or
maxillary sinus and introducing a lever through the cavity
(Hendrickx). If the sinus has been involved it must be opened in any
case. Cadiot advises bandages impregnated with black pitch to fix the
bones in certain cases. Antiseptic washes (sublimate 1 ∶ 5000) and
antiseptic cotton packing are demanded for all wounds.
 BRUISES AND WOUNDS OF THE ORBIT.

These may come from the same causes as fractures and though
less violent may occasion inflammation which involves the eye or
even the brain with fatal results. Thus in horses it has been a cause of
infective inflammation, with a fatal extension (Robellet); in cattle a
similar inflammation has extended to the cerebral meninges and
caused death (Leblanc), and in dogs an advance to the eyeball
threatens its destruction (Möller). Short of this necrosis is not
uncommon (Rey).
Treatment. This does not differ materially from that demanded by
penetrating wounds with fracture. A perfect cleansing and antisepsis
of the wound is the first demand. A solution of boric acid (4 per
cent.) or of mercuric chloride (1 ∶ 5000) liberally applied, and
maintained thereafter on soft pledgets of surgical cotton, will often
have the best results. All foreign bodies must be carefully removed,
lacerated flaps and shreds may require suturing, dead portions
excision, and finally abscesses or excessive exudate may require the
lance, but cooling, antiseptic lotions and an elevated position of the
head, are among the most prominent resorts.
 RETRO-BULBAR ABSCESS.

Schindelka has observed this in the horse, in connection with

petechial fever. If connected with meningeal abscess it will be
necessarily fatal. In favorable cases evacuate the pus as soon as
detected and dress with pledgets of cotton saturated with a mercuric
chloride solution (1:2000) or other antiseptic.
 PERIOSTITIS OF THE ORBIT.

This may be shown by the firm swelling of the bone and, in case a
wound has been formed, by the contact of the probe with the
denuded, hard, rough bone. When thus exposed or necrosed on the
surface, or when an exostosis has formed, the bone may be laid open
and scraped down to the healthy tissue, and then dressed with
antiseptic pledgets.
 TUMORS OF THE ORBIT.

These may be of different kinds, as sarcoma, encephaloid,

osteoma and actinomycosis. They demand thorough surgical
treatment, except perhaps in the case of the latter, which may
recover under iodide of potassium. Emmerich records an extensive
sarcoma of the orbit in a cow, weighing six pounds and extending
into the nasal sinuses, and chambers, and implicating the cerebral
meninges. Möller records cases of sarcoma and carcinoma of the
orbit in horses and dogs, and Leblanc in cattle. Melanosarcoma is not
uncommon in the orbits of gray horses which are changing to white.
Exotoses are common around the orbits of cattle.
If such growths do not show on the surface they cause a more or
less unsightly protrusion of the eyeball, owing to the presence of the
neoplasm in the depth of the orbit, and the removal of the bulb
becomes a necessity.
 DISEASE OF THE LACHRYMAL GLAND AND
DUCTS. DACRYO-ADENITIS.

Even in man these parts are remarkably free from disease, while in
the lower animals, we have literally no record of such conditions.
Inflammation of the gland (dacryo-adenitis) would be manifested by
a sensitive swelling under the outer part of the orbital process, and
upper eyelid and by lachrymation, and obstruction of the gland duct
and by a tense transparent rounded swelling inside the lid. A fistula
is possible from a penetrating wound of the lid in the same situation.
In both of the latter conditions an opening made through the
palpebral conjunctiva will allow the discharge of the tears in the
proper place, and healing of any external wound may be hastened by
suture or plaster.
 OBSTRUCTION OF THE LACHRYMAL PUNCTA.
ATRESIA. INFLAMMATION.

Congenital atresia of these puncta has been recorded in foals, by

Hollmann and obstruction as the result of inflammation, by Lafosse,
Verjaus and Tyvaert, and of the entrance of the seeds of bromus by
Stockfleth.
Apart from congenital atresia and impaction of foreign bodies the
symptoms are those of conjunctivitis, with escape of tears over the
face (epiphora). Injection of aseptic water into the lower puncta and
its escape by the upper, and by the nasal orifice, will determine the
patency or otherwise of the various channels.
Treatment consists in astringent collyria to check the
inflammation, in the removal of any foreign body, in the dilation or
slitting of the lachrymal canaliculi, and in case of complete atresia, in
incising the lachrymal sac. Slitting of the canaliculi is accomplished
by a small probe pointed bistuory (canaliculus knife). The lid is
drawn away from the carnucle, and the probe point inserted at first
downward, then inward and backward, and when it is well inside the
sac the handle is brought to the vertical and the walls of the duct slit
open.
In case of atresia Leblanc recommends to seize the inner canthus
with rat tooth forceps so as to include the structures about the sac
and to plunge the bistuory directly into the sac. Then by the aid of a
whalebone staff he passes three silk threads through the duct and
fixes them in place by attaching them to a copper ring at each end.
This is retained in place and moved daily until the passage has been
definitely healed and its permanency assured.
 WOUND AND FISTULA OF THE LACHRYMAL
SAC.

The lachrymal sac, which receives the tears from the canaliculi, is
situated in the infundibulum at the upper end of the lachrymal canal
and is in great measure protected against external injuries by the
prominent orbital edge of the lachrymal bone. Yet violent blows with
or without fracture, sometimes lead to rupture of the mucous walls
and the formation of a fistula. Wounds made with penetrating
bodies, more or less pointed are also liable to involve the sac. The
fistulous orifice may be through the skin at the inner canthus or
through the mucosa by the side of the carnucle. The cutaneous
opening may be a minute orifice from which tears and muco-
purulent matter escapes, to mat together the hairs on the side of the
face. Sometimes there is a reddish elevation, the size of a pin head,
and in fistula through the mucosa this is the rule, and the orifice is
elevated so that the tears flow out over the face. For the symptoms of
the attendant catarrh of the sac see below. In infected cases with
obstruction of the lachrymo-nasal duct, it has been known to extend
to the bone and even to open into the sinuses, or tooth follicles.
(Gerard, Leblanc).
The condition is found in horses, cattle and dogs.
Treatment. In fistula resulting from simple traumatism, nothing
more may be requisite than rest and soothing astringent
applications. Sutures are sometimes resorted to but are liable to
cause itching and do more harm than good. It is above all important
to keep the lachrymo-nasal duct patent, and for this purpose a lead
or silver stilet, or a thick catgut suture may be worn in the canal until
healing has ensued.
 CATARRH OF THE LACHRYMAL SAC.
DACRYOCYSTITIS.

Connected above through the canaliculi with the conjunctiva, and

below through the lachrymal duct with the nasal chamber this cavity
is liable to be more or less implicated in all cases of nasal catarrh and
conjunctivitis, (strangles, canine distemper, influenza). If the
lachrymal duct is obstructed so that the tears accumulate in the sac,
the tendency to catarrh is further enhanced by the distension and
weakening of its walls, and by the propagation of bacteria which have
entered with the tears, and find in them a favorable and abundant
culture medium; the diameter of the sac in the horse being about
⅔rds. of an inch. The presence of foreign bodies is another cause.
Lesions. Symptoms. Swelling at the inner canthus, which raises
the carnucle above the normal level, and the escape of tears over the
lower lid are the most prominent symptoms. If the swelling is
pressed it subsides, the contents, clear or purulent, escaping through
the lachrymal duct, to the nose, or through the puncta and
accumulating in the inner canthus or flowing over the cheek. The
hair beneath the inner canthus is matted together, or drops off
leaving bare patches. Wolff found in one case, a distension of the sac
to over two inches in breadth, and 1⅔ inches long. To the swelling
there is soon added conjunctival inflammation, closure of the puncta
by swelling and the escape of all tears over the face. Suppuration
supervenes in the sac, and in the larger animals the pent up pus often
makes its way outward, causing destructive ulceration of the walls of
the canaliculi and puncta, or of the walls of the sac, the skin, or even
the subjacent bone. In this way fistula results. Caries of the bone and
penetration of the molar alveoli may ensue. (Girard, Leblanc).
Treatment. The first object must be to secure a free drainage into
the nose. The evacuation of the sac by compression having been
accomplished, an astringent solution may be injected through the
nasal opening of the lachrymal duct. If the canal is pervious the sac
will be re-filled and will swell out as before. The injection may be 0.5
per cent. sulphate of zinc, 1 per cent. acetate of lead, 0.3 per cent.
nitrate of silver, 1 per cent. tannic acid, 2 per cent. boric acid, or 0.02
per cent. corrosive sublimate. Cocaine may be added in the
proportion of 5 per cent. The injection may be repeated thrice a day
at first, then twice, and finally once as the catarrh subsides.
If the injection fails to reach the sac, thoroughly sterilized, flexible
probes may be used, increasing the size as they can be passed
without too great pressure.
Or the puncta and canaliculi may be injected as in the human
subject, the conjunctiva having been first anæsthetized by cocaine, or
general ether or chloroform anæsthesia having been induced. The
slitting of the puncta and canaliculi may be resorted to, as spoken of
under atresia.
The frequent passage of a sound is usually resorted to, and a stilet
may even be worn, but there is always danger of resulting thickening
and narrowing of the duct, and, if healing can be secured without this
measure, it is to be preferred.
 STENOSIS OF THE LACHRYMO-NASAL DUCT.

Obliteration of the lachrymal duct may occur from stricture of the

canal, the result of wounds or other irritants: from pressure by the
inflamed mucosa in nasal catarrh or strangles: from polypus or
osseous tumor in the nose: from actinomycosis or other disease of
the bones.
The one manifest symptom is the escape of the tears on to the face.
To complete the diagnosis, injection of one punctum will cause
distension of the lachrymal sac.
Treatment. This may be attempted by bougies. In the horse a small
sound, metallic or whalebone bougie, thoroughly sterilized and
smeared with aseptic vaseline, or oil, is inserted from the nasal
opening and carefully passed on into the sac. In the dog the nasal
opening cannot be reached and the bougie must be passed by the
puncta and lachrymal sac. To secure the requisite dilation, it is
usually necessary to probe the passage daily, using a larger probe
when the first passes easily, until the canal has been sufficiently
dilated.
A second resort is to distend the canal by a liquid injection thrown
into the nasal opening. This will succeed when the obstruction is only
caused by concretions in the canal.
A somewhat similar resort is the insufflation of the duct by means
of a finely pointed tube inserted from below into the nasal orifice of
the duct.
Still another method is to make a new opening for the escape of
the tears into the nose. When the stenosis is at or near the nasal
opening of the duct, an artificial opening is easily made and usually
satisfactory. Under anæsthesia, a sterilized silver probe is passed
through the upper punctum, the sac and canal. When it meets
definite obstruction its position is ascertained inside the nose, and an
incision is made so as to allow its escape. The constant escape of
tears tends to prevent it from closing up again, but it is well to
examine into this until it has thoroughly healed. A silk thread worn
in the duct and held in place by a copper or aluminum ring on each
end may be resorted to.
Attempts have been made to establish a new outlet by boring
through the lachrymal bone into the nose, but without a permanent
success. It has also been advised to obliterate the lachrymal ducts
and sac, on the one hand and to excise the lachrymal gland on the
other, but the proposed cure is worse than the disease.
 DISEASE OF THE LACHRYMAL CARUNCLE.

The caruncle is inflamed in conjunctivitis. When this inflammation

leads to hypertrophy it is known as encanthis. This is a common
condition in dogs and the caruncle may increase to the size of a pea
or acorn, and by compressing the canaliculi it leads to a profuse
overflow of tears on the cheek. At first there is the acute congestion
of conjunctivitis, but later there may be induration and pallor.
The treatment of this condition consists in astringent and sedative
collyria in the early inflammatory stages, and later in the ablation of
the hypertrophied mass. The caruncle is seized with a pair of rat-
tooth forceps and snipped off with curved scissors, the free bleeding
being afterward checked by cold water.
In cases that seem, by reason of excessive vascularity ill adapted to
this method, the hypertrophied mass may be tied at its base with a
stout silk thread so as to cut off the supply of blood, and cause it to
slough off. A collyria of boric acid (4 per cent.) or mercuric chloride
(0.02 per cent.) may be used to prevent infection.
Tumors of the Caruncle are met with, such as fibroma (Wörz),
Sarcoma and Melanosarcoma. For all alike the complete extirpation
of the neoplasm is demanded.
 WOUNDS AND INFLAMMATION OF THE
MEMBRANA NICTITANS.

Like other parts of the ocular apparatus, the third eyelid and gland
of Harder are subject to accidental injuries of various kinds. What is
worse, ignorant persons seeing the cartilage and membrane
projected over the eye in ophthalmias and tetanus, have mistaken it
for a morbid product and deliberately cut it off in part. The condition
of the organ may be ascertained by parting the lids with the fingers
and pressing gently on the front of the eyeball, when the nictitating
membrane will be fully exposed.
If detached portions cannot be restored, but threaten to slough, or
cause distortions or unsightly and irritating neoplasms they should
be seized with forceps and snipped off with scissors. Otherwise the
treatment consists in soothing astringent and anodyne Collyria as in
conjunctivitis.
 TUMORS AND HYPERTROPHY OF THE
MEMBRANA NICTITANS.

Neoplasms of this organ may occur in any quadruped or bird and

may be recognized by the swelling of more or less of its substance, by
the unevenness of its free margin, or by distinct outgrowths from its
surface. They are especially common in dogs and pigs and may be
fibrous, epithelial or otherwise. The treatment is purely surgical and
in case of a malignant neoplasm should demand the removal of the
entire organ.
 ADENOMA OF THE GLAND OF HARDER.

Cases in dogs have been recorded by Fröhner and Schimmel, and it

might be expected in other carnivora, ruminants, pigs, rabbits and
birds. The treatment is by excision with forceps and scissors, and
subsequent treatment with an antiseptic zinc lotion.
 FOREIGN BODIES IN THE CONJUNCTIVAL SAC.

Frequency: seeds, glumes, awns, dust, sand, wood, metal; exudate; in

conjunctival pouch, under nictitans, in puncta. Filaria lachrymalis. Symptoms:
closure of lids, epiphora, congestion, inflammation, infection. Treatment: local
anæsthesia, forceps, lead pencil, pin’s head, collyria.

So common are foreign bodies in the conjunctival sac of the

domestic herbivora, that in any case of epiphora, hyperæmia or
inflammation of the mucosa, the first care should be given to see that
the condition is not caused by the presence of such an irritant. In
animals fed from high racks, seeds and glumes of the gramineæ,
awns of barley, and dust of various kinds often get into the eye and
stick fast. Under other conditions, insects, particles of sand, dust,
wood, metal, etc., prove equally injurious by their presence. Awns
and chaff are particularly liable to adhere to the mucosa and even to
become covered by an exudate, which renders them more firmly
adherent. Other objects lodge under the eyelids, or membrana
nictitans, or in folds of the mucosa. Their entrance into the lachrymal
puncta has already been referred to. The larger and more rounded
bodies are likely to be washed off by the excessive flow of tears,
assisted by the movements of the nictitating cartilage, but flat
glumes, or awns stick too closely to the surface, while the smaller
objects become entangled beneath the lids, or hair, or in the folds of
the mucous membrane. The filaria lachrymalis may be the cause of
trouble.
Symptoms. There is closure or semi-closure of the lids, the escape
of a profusion of tears over the cheek, and active congestion or
hyperæmia. A careful examination with everted lids, or even with
raised nictitans will usually reveal the foreign body. If overlooked or
neglected the hyperæmia rapidly advances to active inflammation,
with or without an infective complication. Foreign bodies blown into
the eye, as a rule carry with them more or less bacteria, and, if these
have any tendency to pathogenesis, the irritation of the mucosa
easily paves the way for their colonization. Thus, any grade or form
of conjunctivitis may supervene upon the introduction of a foreign
irritant.
Treatment. Nearly all such bodies are most easily and certainly
removed by a pair of fine forceps. It may be necessary to first
anæsthetize the eye with a 5 per cent. solution of cocaine. The clean
tip of the finger passed under the lid and nictitating membrane is a
safe and effective method. Less effective methods are to pick up the
offending body on the point of a lead pencil, or a small, blunt
metallic spud, or with a pin’s head covered with a clean pocket
handkerchief. This may be followed by an antiseptic (boric acid)
collyria, with or without cocaine or morphia.
 WOUNDS OF THE CONJUNCTIVA.

These occur in all domestic animals, but are especially frequent in

dogs and cats from scratching with the claws. In clumsy handling of
the eyelids, the mucosa is wounded by ragged and uneven nails.
Injuries and stings by insects which are attracted by the reflection
from the eye constitute a specially grave lesion, often proportionate
to the nature of the poison instilled.
Symptoms. There are usually closure of the eyelids, with exudation
and thickening of the conjunctiva especially in the vicinity of the
wound, a free flow of tears, mingled it may be with blood, and the
visible evidence of the lesion on the exposure of the injured part. If
the cornea is implicated, even the pupil is contracted, showing
photophobia.
Treatment. Slight noninfected wounds will heal readily under
simple astringent collyria, following upon the removal of any cause
of mechanical irritation. A solution of corrosive sublimate, 1:5000, or
of boric acid, 4 per cent. may be used. If photophobia exists ½ per
cent. of atropia sulphate or 1 per cent. of cocaine hydrochlorate will
usually give relief. Extensive wounds may require sutures, and
sloughing tissue may be excised with fine curved scissors. Excessive
granulations may be removed in the same way. For stings use a
potassium permanganate solution (2 grs. to 1 oz). Violent
inflammation may be met by a laxative and by leeching the
periorbital region.
 BURNS OF THE CONJUNCTIVA.

Burns may occur in all domestic animals from acids, alkalies,

quicklime, carbolic acid, boiling liquids, etc. The cornea usually
suffers, being the part most exposed. The caustics cause swelling,
blanching and finally exfoliation of the epithelium, or even of the
superficial layers of the cornea. In burns by hot liquids vesication
may be present. If the destruction extends deeply into the cornea
there may be escape of the aqueous humor and destruction of vision.
If less penetrating, there may still develop vascularity, and
permanent opacity by reason of the formation of a cicatrix or a
change of structure in the layers of the cornea, or, in dogs especially,
adhesion of the cornea to the eyelids (symblepharon). In the early
stages there is closure of the eyelids, with swelling, profuse
lachrymation, and photophobia.
Treatment. The first object is to remove or neutralize the offending
body. Thus sulphuric or other mineral acid would demand a free
irrigation with a 1 per cent. solution of carbonate of soda or potash.
For alkalies, carbonated water, or a 4 per cent. solution of boric acid
may be employed. For lime, Gosselin recommends free irrigation
with saccharated water. The first step, however, should be to wipe
out the particles of lime with a soft rag soaked in oil.
The pain may be met by a solution of cocaine (1 per cent.), or
atropia ½ per cent. In addition, we may irrigate with cold water or
apply weak antiseptic collyria, and employ derivation by the bowels
or the skin.