Flylib.com
Penetration Testing and Network Defense
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
Year: 2005
Pages: 209
Authors:
Andrew Whitaker
,
Daniel Newman
BUY ON AMAZON
Penetration Testing and Network Defense
Table of Contents
Copyright
About the Authors
About the Technical Reviewers
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Foreword
Introduction
Who Should Read this Book
Ethical Considerations
How This Book Is Organized
Part I: Overview of Penetration Testing
Chapter 1. Understanding Penetration Testing
Defining Penetration Testing
Assessing the Need for Penetration Testing
Attack Stages
Choosing a Penetration Testing Vendor
Preparing for the Test
Summary
Chapter 2. Legal and Ethical Considerations
Ethics of Penetration Testing
Laws
Logging
To Fix or Not to Fix
Summary
Chapter 3. Creating a Test Plan
Step-by-Step Plan
Open-Source Security Testing Methodology Manual
Documentation
Summary
Part II: Performing the Test
Chapter 4. Performing Social Engineering
Human Psychology
What It Takes to Be a Social Engineer
First Impressions and the Social Engineer
Tech Support Impersonation
Third-Party Impersonation
E-Mail Impersonation
End User Impersonation
Customer Impersonation
Reverse Social Engineering
Protecting Against Social Engineering
Case Study
Summary
Chapter 5. Performing Host Reconnaissance
Passive Host Reconnaissance
Active Host Reconnaissance
Port Scanning
NMap
Detecting a Scan
Case Study
Summary
Chapter 6. Understanding and Attempting Session Hijacking
Defining Session Hijacking
Tools
Beware of ACK Storms
Kevin Mitnick s Session Hijack Attack
Detecting Session Hijacking
Protecting Against Session Hijacking
Case Study
Summary
Resources
Chapter 7. Performing Web Server Attacks
Understanding Web Languages
Website Architecture
E-Commerce Architecture
Web Page Spoofing
Cookie Guessing
Brute Force Attacks
Tools
Detecting Web Attacks
Protecting Against Web Attacks
Case Study
Summary
Chapter 8. Performing Database Attacks
Defining Databases
Testing Database Vulnerabilities
Securing Your SQL Server
Detecting Database Attacks
Protecting Against Database Attacks
Case Study
Summary
References and Further Reading
Chapter 9. Password Cracking
Password Hashing
Password-Cracking Tools
Detecting Password Cracking
Protecting Against Password Cracking
Case Study
Summary
Chapter 10. Attacking the Network
Bypassing Firewalls
Evading Intruder Detection Systems
Testing Routers for Vulnerabilities
Testing Switches for Vulnerabilities
Securing the Network
Case Study
Summary
Chapter 11. Scanning and Penetrating Wireless Networks
History of Wireless Networks
Antennas and Access Points
Wireless Security Technologies
War Driving
Tools
Detecting Wireless Attacks
Case Study
Summary
Chapter 12. Using Trojans and Backdoor Applications
Trojans, Viruses, and Backdoor Applications
Common Viruses and Worms
Trojans and Backdoors
Detecting Trojans and Backdoor Applications
Prevention
Case Study
Summary
Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers
General Scanners
UNIX Permissions and Root Access
Microsoft Security Models and Exploits
Novell Server Permissions and Vulnerabilities
Detecting Server Attacks
Preventing Server Attacks
Case Study
Summary
Chapter 14. Understanding and Attempting Buffer Overflows
Memory Architecture
Buffer Overflow Examples
Preventing Buffer Overflows
Case Study
Summary
Chapter 15. Denial-of-Service Attacks
Types of DoS Attacks
Tools for Executing DoS Attacks
Detecting DoS Attacks
Preventing DoS Attacks
Case Study
Summary
Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test
Case Study: LCN Gets Tested
DAWN Security
Part III: Appendixes
Appendix A. Preparing a Security Policy
What Is a Security Policy?
Risk Assessment
Basic Policy Requirements
Security Policy Implementation and Review
Preparing a Security Policy in Ten Basic Steps
Reference Links
Appendix B. Tools
Performing Host Reconnaissance (Chapter 5)
Understanding and Attempting Session Hijacking (Chapter 6)
Performing Web-Server Attacks (Chapter 7)
Performing Database Attacks (Chapter 8)
Cracking Passwords (Chapter 9)
Attacking the Network (Chapter 10)
Scanning and Penetrating Wireless Networks (Chapter 11)
Using Trojans and Backdoor Applications (Chapter 12)
Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)
Understanding and Attempting Buffer Overflows (Chapter 14)
Denial-of-Service Attacks (Chapter 15)
Glossary
A
B
C
D
E
F
H
I
J-K-L
M
N
O-P
R
S
T
U
V
W
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_Q
index_R
index_S
index_T
index_U
index_V
index_W
index_X
index_Z
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
Year: 2005
Pages: 209
Authors:
Andrew Whitaker
,
Daniel Newman
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Oracle Structures
PL/SQL
Optimizing: The Crystal Reports Side
Optimizing: Reducing Parses
Appendix B Functions
CompTIA Project+ Study Guide: Exam PK0-003
Assessment Test
Answers to Assessment Test
IT Project Management Overview
Cost Planning
Project Closure
Beginning Cryptography with Java
Asymmetric Key Cryptography
Distinguished Names and Certificates
Key and Certificate Management Using Keystores
CMS and S/MIME
SSL and TLS
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Overview of Java UI Toolkits and SWT/JFace
Basic SWT Widgets
Combos and Lists
Tables
Programming OLE in Windows
.NET-A Complete Development Cycle
References for Further Reading
Evaluating .NET for Windows Client Applications
Prototyping
References for Further Reading
Advanced GDI+ Operations
Java All-In-One Desk Reference For Dummies
Adding Some Methods to Your Madness
Using Arrays
Using the LinkedList Class
Creating Generic Collection Classes
Getting Input from the User
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies