Flylib.com
Penetration Testing and Network Defense
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
Year: 2005
Pages: 209
Authors:
Andrew Whitaker
,
Daniel Newman
BUY ON AMAZON
Penetration Testing and Network Defense
Table of Contents
Copyright
About the Authors
About the Technical Reviewers
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Foreword
Introduction
Who Should Read this Book
Ethical Considerations
How This Book Is Organized
Part I: Overview of Penetration Testing
Chapter 1. Understanding Penetration Testing
Defining Penetration Testing
Assessing the Need for Penetration Testing
Attack Stages
Choosing a Penetration Testing Vendor
Preparing for the Test
Summary
Chapter 2. Legal and Ethical Considerations
Ethics of Penetration Testing
Laws
Logging
To Fix or Not to Fix
Summary
Chapter 3. Creating a Test Plan
Step-by-Step Plan
Open-Source Security Testing Methodology Manual
Documentation
Summary
Part II: Performing the Test
Chapter 4. Performing Social Engineering
Human Psychology
What It Takes to Be a Social Engineer
First Impressions and the Social Engineer
Tech Support Impersonation
Third-Party Impersonation
E-Mail Impersonation
End User Impersonation
Customer Impersonation
Reverse Social Engineering
Protecting Against Social Engineering
Case Study
Summary
Chapter 5. Performing Host Reconnaissance
Passive Host Reconnaissance
Active Host Reconnaissance
Port Scanning
NMap
Detecting a Scan
Case Study
Summary
Chapter 6. Understanding and Attempting Session Hijacking
Defining Session Hijacking
Tools
Beware of ACK Storms
Kevin Mitnick s Session Hijack Attack
Detecting Session Hijacking
Protecting Against Session Hijacking
Case Study
Summary
Resources
Chapter 7. Performing Web Server Attacks
Understanding Web Languages
Website Architecture
E-Commerce Architecture
Web Page Spoofing
Cookie Guessing
Brute Force Attacks
Tools
Detecting Web Attacks
Protecting Against Web Attacks
Case Study
Summary
Chapter 8. Performing Database Attacks
Defining Databases
Testing Database Vulnerabilities
Securing Your SQL Server
Detecting Database Attacks
Protecting Against Database Attacks
Case Study
Summary
References and Further Reading
Chapter 9. Password Cracking
Password Hashing
Password-Cracking Tools
Detecting Password Cracking
Protecting Against Password Cracking
Case Study
Summary
Chapter 10. Attacking the Network
Bypassing Firewalls
Evading Intruder Detection Systems
Testing Routers for Vulnerabilities
Testing Switches for Vulnerabilities
Securing the Network
Case Study
Summary
Chapter 11. Scanning and Penetrating Wireless Networks
History of Wireless Networks
Antennas and Access Points
Wireless Security Technologies
War Driving
Tools
Detecting Wireless Attacks
Case Study
Summary
Chapter 12. Using Trojans and Backdoor Applications
Trojans, Viruses, and Backdoor Applications
Common Viruses and Worms
Trojans and Backdoors
Detecting Trojans and Backdoor Applications
Prevention
Case Study
Summary
Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers
General Scanners
UNIX Permissions and Root Access
Microsoft Security Models and Exploits
Novell Server Permissions and Vulnerabilities
Detecting Server Attacks
Preventing Server Attacks
Case Study
Summary
Chapter 14. Understanding and Attempting Buffer Overflows
Memory Architecture
Buffer Overflow Examples
Preventing Buffer Overflows
Case Study
Summary
Chapter 15. Denial-of-Service Attacks
Types of DoS Attacks
Tools for Executing DoS Attacks
Detecting DoS Attacks
Preventing DoS Attacks
Case Study
Summary
Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test
Case Study: LCN Gets Tested
DAWN Security
Part III: Appendixes
Appendix A. Preparing a Security Policy
What Is a Security Policy?
Risk Assessment
Basic Policy Requirements
Security Policy Implementation and Review
Preparing a Security Policy in Ten Basic Steps
Reference Links
Appendix B. Tools
Performing Host Reconnaissance (Chapter 5)
Understanding and Attempting Session Hijacking (Chapter 6)
Performing Web-Server Attacks (Chapter 7)
Performing Database Attacks (Chapter 8)
Cracking Passwords (Chapter 9)
Attacking the Network (Chapter 10)
Scanning and Penetrating Wireless Networks (Chapter 11)
Using Trojans and Backdoor Applications (Chapter 12)
Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)
Understanding and Attempting Buffer Overflows (Chapter 14)
Denial-of-Service Attacks (Chapter 15)
Glossary
A
B
C
D
E
F
H
I
J-K-L
M
N
O-P
R
S
T
U
V
W
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_Q
index_R
index_S
index_T
index_U
index_V
index_W
index_X
index_Z
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
Year: 2005
Pages: 209
Authors:
Andrew Whitaker
,
Daniel Newman
BUY ON AMAZON
MySQL Stored Procedure Programming
Our First Stored Procedure
Defining a Transaction
Conclusion
A Complete Example
Stored Programs as an Alternative to Expensive SQL
FileMaker Pro 8: The Missing Manual
Same Database, Multiple Windows
The Lowdown on Layouts
Comments
Script Steps
Working with Records
Network Security Architectures
References
DoS Design Considerations
References
Software-Based Teleworker Design
Guidelines on Antivirus Process
SQL Hacks
Hack 20. Uncover Trends in Your Data
Hack 47. Exploit an SQL Injection Vulnerability
Hack 61. Set Security Based on Rows
Hack 62. Issue Queries Without Using a Table
Sharing Data Across the Internet
Microsoft VBScript Professional Projects
Project Case Study Desktop Customization and Deployment
Mapping Network Printers and Disks
Developing Script Log Analyzers
Building the Web Sites Main Page
Report Distribution and Remote Archive Management
The Oracle Hackers Handbook: Hacking and Defending Oracle
Attacking the TNS Listener and Dispatchers
Attacking the Authentication Process
Oracle and PL/SQL
Attacking Oracle PL/SQL Web Applications
Accessing the File System
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies