Cargando…
Network security assessment /
"Network Security Assessment demonstrates how a determined attacker scours Internet-based networks in search of vulnerable components, from the network to the application level. This new edition is up-to-date on the latest hacking techniques, but rather than focus on individual issues, it looks...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Sebastopol, Calif. :
O'Reilly,
2007.
|
| Edición: | 2nd ed. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- 1. Network Security Assessment
- The Business Benefits
- IP: The Foundation of the Internet
- Classifying Internet-Based Attackers
- Assessment Service Definitions
- Network Security Assessment Methodology
- The Cyclic Assessment Approach
- 2. Network Security Assessment Platform
- Virtualization Software
- Operating Systems
- Reconnaissance Tools
- Network Scanning Tools
- Exploitation Frameworks
- Web Application Testing Tools
- 3. Internet Host and Network Enumeration
- Querying Web and Newsgroup Search Engines
- Querying Domain WHOIS Registrars
- Querying IP WHOIS Registrars
- BGP Querying
- DNS Querying
- Web Server Crawling
- Automating Enumeration
- SMTP Probing
- Enumeration Technique Recap
- Enumeration Countermeasures
- 4. IP Network Scanning
- ICMP Probing
- TCP Port Scanning
- UDP Port Scanning
- IDS Evasion and Filter Circumvention
- Low-Level IP Assessment
- Network Scanning Recap
- Network Scanning Countermeasures
- 5. Assessing Remote Information Services
- Remote Information Services
- DNS
- Finger
- Auth
- NTP
- SNMP
- LDAP
- rwho
- RPC rusers
- Remote Information Services Countermeasures
- 6. Assessing Web Servers
- Web Servers
- Fingerprinting Accessible Web Servers
- Identifying and Assessing Reverse Proxy Mechanisms
- Enumerating Virtual Hosts and Web Sites
- Identifying Subsystems and Enabled Components
- Investigating Known Vulnerabilities
- Basic Web Server Crawling
- Web Servers Countermeasures
- 7. Assessing Web Applications
- Web Application Technologies Overview
- Web Application Profiling
- Web Application Attack Strategies
- Web Application Vulnerabilities
- Web Security Checklist
- 8. Assessing Remote Maintenance Services
- Remote Maintenance Services
- FTP
- SSH
- Telnet
- R-Services
- X Windows
- Citrix
- Microsoft Remote Desktop Protocol
- VNC
- Remote Maintenance Services Countermeasures
- 9. Assessing Database Services
- Microsoft SQL Server
- Oracle
- MySQL
- Database Services Countermeasures
- 10. Assessing Windows Networking Services
- Microsoft Windows Networking Services
- Microsoft RPC Services
- The NetBIOS Name Service
- The NetBIOS Datagram Service
- The NetBIOS Session Service
- The CIFS Service
- Unix Samba Vulnerabilities
- Windows Networking Services Countermeasures
- 11. Assessing Email Services
- Email Service Protocols
- SMTP
- POP-2 and POP-3
- IMAP
- Email Services Countermeasures
- 12. Assessing IP VPN Services
- IPsec VPNs
- Attacking IPsec VPNs
- Microsoft PPTP
- SSL VPNs
- VPN Services Countermeasures
- 13. Assessing Unix RPC Services
- Enumerating Unix RPC Services
- RPC Service Vulnerabilities
- Unix RPC Services Countermeasures
- 14. Application-Level Risks
- The Fundamental Hacking Concept
- Why Software Is Vulnerable
- Network Service Vulnerabilities and Attacks
- Classic Buffer-Overflow Vulnerabilities
- Heap Overflows
- Integer Overflows
- Format String Bugs
- Memory Manipulation Attacks Recap
- Mitigating Process Manipulation Risks
- Recommended Secure Development Reading
- 15. Running Nessus
- Nessus Architecture
- Deployment Options and Prerequisites
- Nessus Installation
- Configuring Nessus
- Running Nessus
- Nessus Reporting
- Running Nessus Recap
- 16. Exploitation Frameworks
- Metasploit Framework
- CORE IMPACT
- Immunity CANVAS
- Exploitation Frameworks Recap
- A. TCP, UDP Ports, and ICMP Message Types
- B. Sources of Vulnerability Information
- C. Exploit Framework Modules.