Table of Contents | Penetration Testing and Network Defense

< Day Day Up >

Penetration Testing and Network Defense
By Andrew Whitaker, Daniel P. Newman
...............................................
Publisher: Cisco Press
Pub Date: November 04, 2005
ISBN: 1-58705-208-3
Pages: 624

Table of Contents | Index

About the Authors

About the Technical Reviewers

Acknowledgments

Icons Used in This Book

Command Syntax Conventions

Foreword

Introduction

Who Should Read this Book

Ethical Considerations

How This Book Is Organized

Part I: Overview of Penetration Testing

Chapter 1. Understanding Penetration Testing

Defining Penetration Testing

Assessing the Need for Penetration Testing

Attack Stages

Choosing a Penetration Testing Vendor

Preparing for the Test

Summary

Chapter 2. Legal and Ethical Considerations

Ethics of Penetration Testing

Laws

Logging

To Fix or Not to Fix

Summary

Chapter 3. Creating a Test Plan

Step-by-Step Plan

Open-Source Security Testing Methodology Manual

Documentation

Summary

Part II: Performing the Test

Chapter 4. Performing Social Engineering

Human Psychology

What It Takes to Be a Social Engineer

First Impressions and the Social Engineer

Tech Support Impersonation

Third-Party Impersonation

E-Mail Impersonation

End User Impersonation

Customer Impersonation

Reverse Social Engineering

Protecting Against Social Engineering

Case Study

Summary

Chapter 5. Performing Host Reconnaissance

Passive Host Reconnaissance

Active Host Reconnaissance

Port Scanning

NMap

Detecting a Scan

Case Study

Summary

Chapter 6. Understanding and Attempting Session Hijacking

Defining Session Hijacking

Tools

Beware of ACK Storms

Kevin Mitnick's Session Hijack Attack

Detecting Session Hijacking

Protecting Against Session Hijacking

Case Study

Summary

Resources

Chapter 7. Performing Web Server Attacks

Understanding Web Languages

Website Architecture

E-Commerce Architecture

Web Page Spoofing

Cookie Guessing

Brute Force Attacks

Tools

Detecting Web Attacks

Protecting Against Web Attacks

Case Study

Summary

Chapter 8. Performing Database Attacks

Defining Databases

Testing Database Vulnerabilities

Securing Your SQL Server

Detecting Database Attacks

Protecting Against Database Attacks

Case Study

Summary

References and Further Reading

Chapter 9. Password Cracking

Password Hashing

Password-Cracking Tools

Detecting Password Cracking

Protecting Against Password Cracking

Case Study

Summary

Chapter 10. Attacking the Network

Bypassing Firewalls

Evading Intruder Detection Systems

Testing Routers for Vulnerabilities

Testing Switches for Vulnerabilities

Securing the Network

Case Study

Summary

Chapter 11. Scanning and Penetrating Wireless Networks

History of Wireless Networks

Antennas and Access Points

Wireless Security Technologies

War Driving

Tools

Detecting Wireless Attacks

Case Study

Summary

Chapter 12. Using Trojans and Backdoor Applications

Trojans, Viruses, and Backdoor Applications

Common Viruses and Worms

Trojans and Backdoors

Detecting Trojans and Backdoor Applications

Prevention

Case Study

Summary

Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers

General Scanners

UNIX Permissions and Root Access

Microsoft Security Models and Exploits

Novell Server Permissions and Vulnerabilities

Detecting Server Attacks

Preventing Server Attacks

Case Study

Summary

Chapter 14. Understanding and Attempting Buffer Overflows

Memory Architecture

Buffer Overflow Examples

Preventing Buffer Overflows

Case Study

Summary

Chapter 15. Denial-of-Service Attacks

Types of DoS Attacks

Tools for Executing DoS Attacks

Detecting DoS Attacks

Preventing DoS Attacks

Case Study

Summary

Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test

Case Study: LCN Gets Tested

DAWN Security

Part III: Appendixes

Appendix A. Preparing a Security Policy

What Is a Security Policy?

Risk Assessment

Basic Policy Requirements

Security Policy Implementation and Review

Preparing a Security Policy in Ten Basic Steps

Reference Links

Appendix B. Tools

Performing Host Reconnaissance (Chapter 5)

Understanding and Attempting Session Hijacking (Chapter 6)

Performing Web-Server Attacks (Chapter 7)

Performing Database Attacks (Chapter 8)

Cracking Passwords (Chapter 9)

Attacking the Network (Chapter 10)

Scanning and Penetrating Wireless Networks (Chapter 11)

Using Trojans and Backdoor Applications (Chapter 12)

Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)

Understanding and Attempting Buffer Overflows (Chapter 14)

Denial-of-Service Attacks (Chapter 15)

Glossary

J K L

O P

Index

< Day Day Up >