Penetration Testing and Network Defense
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
EAN: 2147483647
Year: 2005
Pages: 209
Pages: 209
Authors: Andrew Whitaker, Daniel Newman
- Penetration Testing and Network Defense
- Table of Contents
- Copyright
- About the Authors
- About the Technical Reviewers
- Acknowledgments
- Icons Used in This Book
- Command Syntax Conventions
- Foreword
- Introduction
- Who Should Read this Book
- Ethical Considerations
- How This Book Is Organized
- Part I: Overview of Penetration Testing
- Chapter 1. Understanding Penetration Testing
- Defining Penetration Testing
- Assessing the Need for Penetration Testing
- Attack Stages
- Choosing a Penetration Testing Vendor
- Preparing for the Test
- Summary
- Chapter 2. Legal and Ethical Considerations
- Ethics of Penetration Testing
- Laws
- Logging
- To Fix or Not to Fix
- Summary
- Chapter 3. Creating a Test Plan
- Step-by-Step Plan
- Open-Source Security Testing Methodology Manual
- Documentation
- Summary
- Part II: Performing the Test
- Chapter 4. Performing Social Engineering
- Human Psychology
- What It Takes to Be a Social Engineer
- First Impressions and the Social Engineer
- Tech Support Impersonation
- Third-Party Impersonation
- E-Mail Impersonation
- End User Impersonation
- Customer Impersonation
- Reverse Social Engineering
- Protecting Against Social Engineering
- Case Study
- Summary
- Chapter 5. Performing Host Reconnaissance
- Passive Host Reconnaissance
- Active Host Reconnaissance
- Port Scanning
- NMap
- Detecting a Scan
- Case Study
- Summary
- Chapter 6. Understanding and Attempting Session Hijacking
- Defining Session Hijacking
- Tools
- Beware of ACK Storms
- Kevin Mitnick s Session Hijack Attack
- Detecting Session Hijacking
- Protecting Against Session Hijacking
- Case Study
- Summary
- Resources
- Chapter 7. Performing Web Server Attacks
- Understanding Web Languages
- Website Architecture
- E-Commerce Architecture
- Web Page Spoofing
- Cookie Guessing
- Brute Force Attacks
- Tools
- Detecting Web Attacks
- Protecting Against Web Attacks
- Case Study
- Summary
- Chapter 8. Performing Database Attacks
- Defining Databases
- Testing Database Vulnerabilities
- Securing Your SQL Server
- Detecting Database Attacks
- Protecting Against Database Attacks
- Case Study
- Summary
- References and Further Reading
- Chapter 9. Password Cracking
- Password Hashing
- Password-Cracking Tools
- Detecting Password Cracking
- Protecting Against Password Cracking
- Case Study
- Summary
- Chapter 10. Attacking the Network
- Bypassing Firewalls
- Evading Intruder Detection Systems
- Testing Routers for Vulnerabilities
- Testing Switches for Vulnerabilities
- Securing the Network
- Case Study
- Summary
- Chapter 11. Scanning and Penetrating Wireless Networks
- History of Wireless Networks
- Antennas and Access Points
- Wireless Security Technologies
- War Driving
- Tools
- Detecting Wireless Attacks
- Case Study
- Summary
- Chapter 12. Using Trojans and Backdoor Applications
- Trojans, Viruses, and Backdoor Applications
- Common Viruses and Worms
- Trojans and Backdoors
- Detecting Trojans and Backdoor Applications
- Prevention
- Case Study
- Summary
- Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers
- General Scanners
- UNIX Permissions and Root Access
- Microsoft Security Models and Exploits
- Novell Server Permissions and Vulnerabilities
- Detecting Server Attacks
- Preventing Server Attacks
- Case Study
- Summary
- Chapter 14. Understanding and Attempting Buffer Overflows
- Memory Architecture
- Buffer Overflow Examples
- Preventing Buffer Overflows
- Case Study
- Summary
- Chapter 15. Denial-of-Service Attacks
- Types of DoS Attacks
- Tools for Executing DoS Attacks
- Detecting DoS Attacks
- Preventing DoS Attacks
- Case Study
- Summary
- Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test
- Case Study: LCN Gets Tested
- DAWN Security
- Part III: Appendixes
- Appendix A. Preparing a Security Policy
- What Is a Security Policy?
- Risk Assessment
- Basic Policy Requirements
- Security Policy Implementation and Review
- Preparing a Security Policy in Ten Basic Steps
- Reference Links
- Appendix B. Tools
- Performing Host Reconnaissance (Chapter 5)
- Understanding and Attempting Session Hijacking (Chapter 6)
- Performing Web-Server Attacks (Chapter 7)
- Performing Database Attacks (Chapter 8)
- Cracking Passwords (Chapter 9)
- Attacking the Network (Chapter 10)
- Scanning and Penetrating Wireless Networks (Chapter 11)
- Using Trojans and Backdoor Applications (Chapter 12)
- Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)
- Understanding and Attempting Buffer Overflows (Chapter 14)
- Denial-of-Service Attacks (Chapter 15)
- Glossary
- A
- B
- C
- D
- E
- F
- H
- I
- J-K-L
- M
- N
- O-P
- R
- S
- T
- U
- V
- W
- Index
- index_SYMBOL
- index_A
- index_B
- index_C
- index_D
- index_E
- index_F
- index_G
- index_H
- index_I
- index_J
- index_K
- index_L
- index_M
- index_N
- index_O
- index_P
- index_Q
- index_R
- index_S
- index_T
- index_U
- index_V
- index_W
- index_X
- index_Z
Penetration Testing and Network Defense
ISBN: 1587052083
EAN: 2147483647
EAN: 2147483647
Year: 2005
Pages: 209
Pages: 209
Authors: Andrew Whitaker, Daniel Newman