Network Security Assessment

Name: Network Security Assessment | Know Your Network
Brand: O'Reilly
Price: 41.0 EUR
Availability: OutOfStock

Know Your Network

Chris McNab(Author)

O'Reilly (Publisher)

2nd Edition

Published on 11. December 2007

Book

504 pages

978-0-596-51030-5 (ISBN)

€41.00incl. 7% vat

Article exhausted; check for reprint

New edition available

Description

More details

Other editions

Person

Content

Inhaltsverzeichnis
Foreword
Preface
1. Network Security Assessment
The Business Benefits
IP: The Foundation of the Internet
Classifying Internet-Based Attackers
Assessment Service Definitions
Network Security Assessment Methodology
The Cyclic Assessment Approach
2. Network Security Assessment Platform
Virtualization Software
Operating Systems
Reconnaissance Tools
Network Scanning Tools
Exploitation Frameworks
Web Application Testing Tools
3. Internet Host and Network Enumeration
Querying Web and Newsgroup Search Engines
Querying Domain WHOIS Registrars
Querying IP WHOIS Registrars
BGP Querying
DNS Querying
Web Server Crawling
Automating Enumeration
SMTP Probing
Enumeration Technique Recap
Enumeration Countermeasures
4. IP Network Scanning
ICMP Probing
TCP Port Scanning
UDP Port Scanning
IDS Evasion and Filter Circumvention
Low-Level IP Assessment
Network Scanning Recap
Network Scanning Countermeasures
5. Assessing Remote Information Services
Remote Information Services
DNS
Finger
Auth
NTP
SNMP
LDAP
rwho
RPC rusers
Remote Information Services Countermeasures
6. Assessing Web Servers
Web Servers
Fingerprinting Accessible Web Servers
Identifying and Assessing Reverse Proxy Mechanisms
Enumerating Virtual Hosts and Web Sites
Identifying Subsystems and Enabled Components
Investigating Known Vulnerabilities
Basic Web Server Crawling
Web Servers Countermeasures
7. Assessing Web Applications
Web Application Technologies Overview
Web Application Profiling
Web Application Attack Strategies
Web Application Vulnerabilities
Web Security Checklist
8. Assessing Remote Maintenance Services
Remote Maintenance Services
FTP
SSH
Telnet
R-Services
X Windows
Citrix
Microsoft Remote Desktop Protocol
VNC
Remote Maintenance Services Countermeasures
9. Assessing Database Services
Microsoft SQL Server
Oracle
MySQL
Database Services Countermeasures
10. Assessing Windows Networking Services
Microsoft Windows Networking Services
Microsoft RPC Services
The NetBIOS Name Service
The NetBIOS Datagram Service
The NetBIOS Session Service
The CIFS Service
Unix Samba Vulnerabilities
Windows Networking Services Countermeasures
11. Assessing Email Services
Email Service Protocols
SMTP
POP-2 and POP-3
IMAP
Email Services Countermeasures
12. Assessing IP VPN Services
IPsec VPNs
Attacking IPsec VPNs
Microsoft PPTP
SSL VPNs
VPN Services Countermeasures
13. Assessing Unix RPC Services
Enumerating Unix RPC Services
RPC Service Vulnerabilities
Unix RPC Services Countermeasures
14. Application-Level Risks
The Fundamental Hacking Concept
Why Software Is Vulnerable
Network Service Vulnerabilities and Attacks
Classic Buffer-Overflow Vulnerabilities
Heap Overflows
Integer Overflows
Format String Bugs
Memory Manipulation Attacks Recap
Mitigating Process Manipulation Risks
Recommended Secure Development Reading
15. Running Nessus
Nessus Architecture
Deployment Options and Prerequisites
Nessus Installation
Configuring Nessus
Running Nessus
Nessus Reporting
Running Nessus Recap
16. Exploitation Frameworks
Metasploit Framework
CORE IMPACT
Immunity CANVAS
Exploitation Frameworks Recap
A. TCP, UDP Ports, and ICMP Message Types
B. Sources of Vulnerability Information
C. Exploit Framework Modules
Index

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen