Assessing Network Security of Kevin Lam; David LeBlanc; Ben Smith as eBook reading on PaperC.

Please ugprade your Internet Explorer to use all of the PaperC functions.

Assessing Network Security

Please follow http://www.adobe.com/go/getflashplayer and install the Adobe Flash Player.

Do you like this document?

Notes

Please login to add notes

Inhaltsverzeichnis
Notes
About this book

+ Cover
Page 1
- Copyright
  Page 2
Dedication
Page 3
Contents at a Glance
Page 5
Table of Contents
Page 7
Acknowledgments
Page 21
Foreword
Page 23
Introduction
Page 27
+ Part I Planning and Performing Security Assessments
Page 31
+ Part II Penetration Testing for Nonintrusive Attacks
Page 145
+ Part III Penetration Testing for Intrusive Attacks
Page 251
+ Part IV Security Assessment Case Studies
Page 427
+ Part V Appendixes
Page 525
- + Appendix A Checklists
  Page 527
  - + Penetration Test Checklists
    Page 527
    
    Chapter 8: Information Reconnaissance
    Page 527
    
    Chapter 9: Host Discovery Using DNS and NetBIOS
    Page 527
    
    Chapter 10: Network and Host Discovery
    Page 528
    
    Chapter 11: Port Scanning
    Page 528
    
    Chapter 12: Obtaining Information from a Host
    Page 529
    
    Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
    Page 530
    
    Chapter 14: Automated Vulnerability Detection
    Page 531
    
    Chapter 15: Password Attacks
    Page 531
    
    Chapter 16: Denial of Service Attacks
    Page 532
    
    Chapter 17: Application Attacks
    Page 532
    
    Chapter 18: Database Attacks
    Page 532
    
    Chapter 19: Network Sniffing
    Page 533
    
    Chapter 20: Spoofing
    Page 533
    
    Chapter 21: Session Hijacking
    Page 533
    
    Chapter 22: How Attackers Avoid Detection
    Page 534
    
    Chapter 23: Attackers Using Non-Network Methods to Gain Access
    Page 534
    
    Chapter 24: Web Threats
    Page 534
    
    Chapter 25: E-Mail Threats
    Page 535
    
    Chapter 26: Domain Controller Threats
    Page 535
    
    Chapter 27: Extranet and VPN Threats
    Page 535
  - + Countermeasures Checklists
    Page 536
    
    Chapter 8: Information Reconnaissance
    Page 536
    
    Chapter 9: Host Discovery Using DNS and NetBIOS
    Page 536
    
    Chapter 10: Network and Host Discovery
    Page 537
    
    Chapter 11: Port Scanning
    Page 537
    
    Chapter 12: Obtaining Information from a Host
    Page 537
    
    Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
    Page 538
    
    Chapter 15: Password Attacks
    Page 538
    
    Chapter 16: Denial of Service Attacks
    Page 539
    
    Chapter 17: Application Attacks
    Page 539
    
    Chapter 18: Database Attacks
    Page 539
    
    Chapter 19: Network Sniffing
    Page 540
    
    Chapter 20: Spoofing
    Page 540
    
    Chapter 21: Session Hijacking
    Page 540
    
    Chapter 22: How Attackers Avoid Detection
    Page 541
    
    Chapter 23: Attackers Using Non-Network Methods to Gain Access
    Page 541
    
    Chapter 24: Web Threats
    Page 541
    
    Chapter 25: E-Mail Threats
    Page 542
    
    Chapter 26: Domain Controller Threats
    Page 542
    
    Chapter 27: Extranet and VPN Threats
    Page 543
- + Appendix B References
  Page 545
+ About the Authors
Page 557
System Requirements
Page 561

Don’t wait for an attacker to find and exploit your security vulnerabilities—take the lead by assessing the state of your network’s security. This book delivers advanced network testing strategies, including vulnerability scanning and penetration testing, from members of the Microsoft security teams. These real-world practitioners provide hands-on guidance on how to perform security assessments, uncover security vulnerabilities, and apply appropriate countermeasures. The companion CD features time-saving tools and scripts that you can use to reveal and help correct security vulnerabilities in your own network.

Sharpen and advance your security assessment skills, including how to:

Detect vulnerabilities and perform penetration tests
Conduct and properly report an IT security audit
Find hidden hosts by using DNS, WINS, and NetBIOS
Sweep your network to analyze network topology, existing hosts, and multi- homed systems
Determine the status of ICP and UDP ports by using port scanning

Recognize and help counter common network threats, including:

War dialing, war driving, and Bluetooth attacks
Packet and network sniffing
IP, e-mail, and DNS spoofing
Password cracking
Communication interceptions and modifications
IDS and IPS attacker detection avoidance
Spam and other e-mail abuses

CD features:

Tools for testing e-mail, databases, and Web servers
Scripts for finding common information leaks and other potential security issues
Complete eBook in PDF format

A Note Regarding the CD or DVD

The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.