Flylib.com
Penetration Testing and Network Defense
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
Year: 2005
Pages: 209
Authors:
Andrew Whitaker
,
Daniel Newman
BUY ON AMAZON
Penetration Testing and Network Defense
Table of Contents
Copyright
About the Authors
About the Technical Reviewers
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Foreword
Introduction
Who Should Read this Book
Ethical Considerations
How This Book Is Organized
Part I: Overview of Penetration Testing
Chapter 1. Understanding Penetration Testing
Defining Penetration Testing
Assessing the Need for Penetration Testing
Attack Stages
Choosing a Penetration Testing Vendor
Preparing for the Test
Summary
Chapter 2. Legal and Ethical Considerations
Ethics of Penetration Testing
Laws
Logging
To Fix or Not to Fix
Summary
Chapter 3. Creating a Test Plan
Step-by-Step Plan
Open-Source Security Testing Methodology Manual
Documentation
Summary
Part II: Performing the Test
Chapter 4. Performing Social Engineering
Human Psychology
What It Takes to Be a Social Engineer
First Impressions and the Social Engineer
Tech Support Impersonation
Third-Party Impersonation
E-Mail Impersonation
End User Impersonation
Customer Impersonation
Reverse Social Engineering
Protecting Against Social Engineering
Case Study
Summary
Chapter 5. Performing Host Reconnaissance
Passive Host Reconnaissance
Active Host Reconnaissance
Port Scanning
NMap
Detecting a Scan
Case Study
Summary
Chapter 6. Understanding and Attempting Session Hijacking
Defining Session Hijacking
Tools
Beware of ACK Storms
Kevin Mitnick s Session Hijack Attack
Detecting Session Hijacking
Protecting Against Session Hijacking
Case Study
Summary
Resources
Chapter 7. Performing Web Server Attacks
Understanding Web Languages
Website Architecture
E-Commerce Architecture
Web Page Spoofing
Cookie Guessing
Brute Force Attacks
Tools
Detecting Web Attacks
Protecting Against Web Attacks
Case Study
Summary
Chapter 8. Performing Database Attacks
Defining Databases
Testing Database Vulnerabilities
Securing Your SQL Server
Detecting Database Attacks
Protecting Against Database Attacks
Case Study
Summary
References and Further Reading
Chapter 9. Password Cracking
Password Hashing
Password-Cracking Tools
Detecting Password Cracking
Protecting Against Password Cracking
Case Study
Summary
Chapter 10. Attacking the Network
Bypassing Firewalls
Evading Intruder Detection Systems
Testing Routers for Vulnerabilities
Testing Switches for Vulnerabilities
Securing the Network
Case Study
Summary
Chapter 11. Scanning and Penetrating Wireless Networks
History of Wireless Networks
Antennas and Access Points
Wireless Security Technologies
War Driving
Tools
Detecting Wireless Attacks
Case Study
Summary
Chapter 12. Using Trojans and Backdoor Applications
Trojans, Viruses, and Backdoor Applications
Common Viruses and Worms
Trojans and Backdoors
Detecting Trojans and Backdoor Applications
Prevention
Case Study
Summary
Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers
General Scanners
UNIX Permissions and Root Access
Microsoft Security Models and Exploits
Novell Server Permissions and Vulnerabilities
Detecting Server Attacks
Preventing Server Attacks
Case Study
Summary
Chapter 14. Understanding and Attempting Buffer Overflows
Memory Architecture
Buffer Overflow Examples
Preventing Buffer Overflows
Case Study
Summary
Chapter 15. Denial-of-Service Attacks
Types of DoS Attacks
Tools for Executing DoS Attacks
Detecting DoS Attacks
Preventing DoS Attacks
Case Study
Summary
Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test
Case Study: LCN Gets Tested
DAWN Security
Part III: Appendixes
Appendix A. Preparing a Security Policy
What Is a Security Policy?
Risk Assessment
Basic Policy Requirements
Security Policy Implementation and Review
Preparing a Security Policy in Ten Basic Steps
Reference Links
Appendix B. Tools
Performing Host Reconnaissance (Chapter 5)
Understanding and Attempting Session Hijacking (Chapter 6)
Performing Web-Server Attacks (Chapter 7)
Performing Database Attacks (Chapter 8)
Cracking Passwords (Chapter 9)
Attacking the Network (Chapter 10)
Scanning and Penetrating Wireless Networks (Chapter 11)
Using Trojans and Backdoor Applications (Chapter 12)
Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)
Understanding and Attempting Buffer Overflows (Chapter 14)
Denial-of-Service Attacks (Chapter 15)
Glossary
A
B
C
D
E
F
H
I
J-K-L
M
N
O-P
R
S
T
U
V
W
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_Q
index_R
index_S
index_T
index_U
index_V
index_W
index_X
index_Z
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
Year: 2005
Pages: 209
Authors:
Andrew Whitaker
,
Daniel Newman
BUY ON AMAZON
Visual C# 2005 How to Program (2nd Edition)
Self-Review Exercises
Case Study: Card Shuffling and Dealing Simulation
Menus
Terminology
XML Basics
Postfix: The Definitive Guide
How Messages Enter the Postfix System
Separate Message Store
Outbound Mail Relay
The Nature of Spam
C.4. Installation
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
The AJAX Revolution
The Pulsing Heart of ASP.NET AJAX
Partial Page Rendering
The AJAX Control Toolkit
Remote Method Calls with ASP.NET AJAX
Programming Microsoft ASP.NET 3.5
Web Forms Internals
Working with the Page
ASP.NET Iterative Controls
ASP.NET Mobile Controls
ASP.NET State Management
Java Concurrency in Practice
Publication and Escape
Immutability
Summary
Thinking about Performance
Section A.1. Class Annotations
Extending and Embedding PHP
Compiling on UNIX
Summary
Speaking the Windows Dialect
Summary
Appendix C. Extending and Embedding Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies