- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Security threats are on the rise, and companies must be prepared to face them. One way companies are assessing security risk and the vulnerability of their networks is by hiring security firms to attempt to penetrate their networks or by developing in-house penetration testing skills to continually monitor network vulnerabilities. Penetration testing is a growing field, yet there is no definite resource on how to perform a penetration test and the ethics of testing. Penetration Testing and Cisco Network Defense offers detailed steps on how to emulate an outside attacker to assess the security of a network. Unlike other books on hacking, this book is specifically geared toward penetration testing. Divided into two parts, this book provides a set of guidelines and methodologies for understanding and performing internal penetration tests. It also shows how an attack can be detected on a network. Part one covers understanding penetration testing, assessing risks, and creating a testing plan. Part two focuses on the particulars of testing, and each chapter includes three essential components: the steps to perform a simulated attack using popular commercial and open-source applications; how to detect the attack with Cisco Intrusion Detection Sensor and Security Agent; suggestions on how to harden a system against attacks.
Contents
ForewordIntroductionPart I Overview of Penetration TestingChapter 1 Understanding Penetration TestingDefining Penetration TestingAssessing the Need for Penetration Testing Proliferation of Viruses and Worms Wireless LANs Complexity of Networks TodayFrequency of Software UpdatesAvailability of Hacking ToolsThe Nature of Open SourceReliance on the InternetUnmonitored Mobile Users and TelecommutersMarketing DemandsIndustry RegulationsAdministrator TrustBusiness PartnershipsHacktivismAttack StagesChoosing a Penetration Testing VendorPreparing for the TestSummaryChapter 2 Legal and Ethical ConsiderationsEthics of Penetration TestingLawsU.S. Laws Pertaining to Hacking1973 U.S. Code of Fair Information Practices1986 Computer Fraud and Abuse Act (CFAA)State LawsRegulatory Laws1996 U.S. Kennedy-Kasselbaum Health Insurance Portability and Accountability Act (HIPAA)Graham-Leach-Bliley (GLB)USA PATRIOT ACT2002 Federal Information Security Management Act (FISMA)2003 Sarbanes-Oxley Act (SOX)Non-U.S. Laws Pertaining to HackingLoggingTo Fix or Not to FixSummaryChapter 3 Creating a Test PlanStep-by-Step PlanDefining the ScopeSocial EngineeringSession HijackingTrojan/BackdoorOpen-Source Security Testing Methodology ManualDocumentationExecutive SummaryProject ScopeResults AnalysisSummaryAppendixesSummaryPart II Performing the TestChapter 4 Performing Social EngineeringHuman PsychologyConformity PersuasionLogic PersuasionNeed-Based PersuasionAuthority-Based PersuasionReciprocation-Based Social EngineeringSimilarity-Based Social EngineeringInformation-Based Social EngineeringWhat It Takes to Be a Social EngineerUsing Patience for Social EngineeringUsing Confidence for Social EngineeringUsing Trust for Social EngineeringUsing Inside Knowledge for Social EngineeringFirst Impressions and the Social EngineerTech Support ImpersonationThird-Party ImpersonationE-Mail ImpersonationEnd User ImpersonationCustomer ImpersonationReverse Social EngineeringProtecting Against Social EngineeringCase StudySummaryChapter 5 Performing Host ReconnaissancePassive Host ReconnaissanceA Company WebsiteEDGAR FilingsNNTP USENET NewsgroupsUser Group MeetingsBusiness PartnersActive Host ReconnaissanceNSLookup/Whois LookupsSamSpadeVisual RoutePort ScanningTCP Connect() ScanSYN ScanNULL ScanFIN ScanACK ScanXmas-Tree ScanDumb ScanNMapNMap Switches and TechniquesCompiling and Testing NMapFingerprintingFootprintingDetecting a ScanIntrusion DetectionAnomaly Detection SystemsMisuse Detection SystemHost-Based IDSsNetwork-Based IDSsNetwork SwitchesExamples of Scan DetectionDetecting a TCP Connect() ScanDetecting a SYN ScanDetecting FIN, NULL, and Xmas-Tree ScansDetecting OS GuessingCase StudySummaryChapter 6 Understanding and Attempting Session HijackingDefining Session HijackingNonblind SpoofingBlind SpoofingTCP Sequence Prediction (Blind Hijacking)ToolsJuggernautHuntTTY-WatcherT-SightOther ToolsBeware of ACK StormsKevin Mitnick's Session Hijack AttackDetecting Session HijackingDetecting Session Hijacking with a Packet SnifferConfiguring EtherealWatching a Hijacking with EtherealDetecting Session Hijacking with Cisco IDSSignature 1300: TCP Segment OverwriteSignature 3250: TCP HijackSignature 3251: TCP Hijacking Simplex ModeWatching a Hijacking with IEVProtecting Against Session HijackingCase StudySummaryResourcesChapter 7 Performing Web Server AttacksUnderstanding Web LanguagesHTMLDHTMLXMLXHTMLJavaScriptJScriptVBScriptPerlASPCGIPHP Hypertext PreprocessorColdFusionJava Once Called OakClient-Based JavaServer-Based JavaWebsite ArchitectureE-Commerce ArchitectureApache HTTP Server VulnerabilitiesIIS Web ServerShowcode.aspPrivilege EscalationBuffer OverflowsWeb Page SpoofingCookie GuessingHidden FieldsBrute Force AttacksBrutusHTTP Brute ForcerDetecting a Brute Force AttackProtecting Against Brute Force AttacksToolsNetCatVulnerability ScannersIIS Xploitexeciis-win32.exeCleanIISLogIntelliTamperWeb Server Banner GrabbingHacking with GoogleDetecting Web AttacksDetecting Directory TraversalDetecting WhiskerProtecting Against Web AttacksSecuring the Operating SystemSecuring Web Server ApplicationsIISApacheSecuring Website DesignSecuring Network ArchitectureCase StudySummaryChapter 8 Performing Database AttacksDefining DatabasesOracleStructureSQLMySQLStructureSQLSQL ServerStructureSQLDatabase Default AccountsTesting Database VulnerabilitiesSQL InjectionSystem Stored Proceduresxp_cmdshellConnection StringsPassword Cracking/Brute Force AttacksSecuring Your SQL ServerAuthenticationService AccountsPublic RoleGuest AccountSample DatabasesNetwork LibrariesPortsDetecting Database AttacksAuditingFailed LoginsSystem Stored ProceduresSQL InjectionProtecting Against Database AttacksCase StudySummaryReferences and Further ReadingChapter 9 Password CrackingPassword HashingUsing SaltsMicrosoft Password HashingUNIX Password HashingPassword-Cracking ToolsJohn the RipperPwdump3L0phtcrackNutcrackerHypnopaediaSnadboy RevelationBoson GetPassRainbowCrackDetecting Password CrackingNetwork TrafficSystem Log FilesAccount LockoutsPhysical AccessDumpster Diving and Key LoggingSocial EngineeringProtecting Against Password CrackingPassword AuditingLogging Account LoginsAccount LockingPassword SettingsPassword LengthPassword ExpirationPassword HistoryPhysical ProtectionEmployee Education and PolicyCase StudySummaryChapter 10 Attacking the NetworkBypassing FirewallsEvading Intruder Detection SystemsTesting Routers for VulnerabilitiesCDPHTTP ServicePassword CrackingModifying Routing TablesTesting Switches for VulnerabilitiesVLAN HoppingSpanning Tree AttacksMAC Table FloodingARP AttacksVTP AttacksSecuring the NetworkSecuring FirewallsSecuring RoutersDisabling CDPDisabling or Restricting the HTTP ServiceSecuring Router PasswordsEnabling Authentication for Routing ProtocolsSecuring SwitchesSecuring Against VLAN HoppingSecuring Against Spanning Tree AttacksSecuring Against MAC Table Flooding and ARP AttacksSecuring Against VTP AttacksCase StudySummaryChapter 11 Scanning and Penetrating Wireless NetworksHistory of Wireless NetworksAntennas and Access PointsWireless Security TechnologiesService Set Identifiers (SSIDs)Wired Equivalent Privacy (WEP)MAC Filtering802.1x Port SecurityIPSecWar DrivingToolsNetStumblerStumbVerterDStumblerKismetGPSMapAiroPeek NXAirSnortWEPCrackDetecting Wireless AttacksUnprotected WLANsDoS AttacksRogue Access PointsMAC Address SpoofingUnallocated MAC AddressesPreventing Wireless AttacksPreventing Man-in-the-Middle AttacksEstablishing and Enforcing Standards for Wireless NetworkingCase StudySummaryChapter 12 Using Trojans and Backdoor ApplicationsTrojans, Viruses, and Backdoor ApplicationsCommon Viruses and WormsChernobylI Love YouMelissaBugBearMyDoomW32/KlezBlasterSQL SlammerSasserTrojans and BackdoorsBack Orifice 2000TiniDonald DickRootkitNetCatSubSevenBrown OrificeBeastBeast Server SettingsBeast ClientDetecting Trojans and Backdoor ApplicationsMD5 ChecksumsMonitoring Ports LocallyNetstatfportTCPViewMonitoring Ports RemotelyAnti-virus and Trojan Scanners SoftwareIntrusion Detection SystemsPreventionCase StudySummaryChapter 13 Penetrating UNIX, Microsoft, and Novell ServersGeneral ScannersNessusSAINTSARAISSNetReconUNIX Permissions and Root AccessElevation TechniquesStack Smashing Exploitrpc.statd Exploitirix-login.cRootkitsLinux Rootkit IVBeastkitMicrosoft Security Models and ExploitsElevation TechniquesPipeUpAdminHKRootkitsNovell Server Permissions and VulnerabilitiesPandoraNovelFFSDetecting Server AttacksPreventing Server AttacksCase StudySummaryChapter 14 Understanding and Attempting Buffer OverflowsMemory ArchitectureStacksHeapsNOPsBuffer Overflow ExamplesSimple ExampleLinux Privilege EscalationWindows Privilege EscalationPreventing Buffer OverflowsLibrary Tools to Prevent Buffer OverflowsCompiler-Based Solutions to Prevent Buffer OverflowsUsing a Non-Executable Stack to Prevent Buffer OverflowsCase StudySummaryChapter 15 Denial-of-Service AttacksTypes of DoS AttacksPing of DeathSmurf and FraggleLAND AttackSYN FloodTools for Executing DoS AttacksDatapoolJolt2HgodOther ToolsDetecting DoS AttacksAppliance FirewallsHost-Based IDSSignature-Based Network IDSNetwork Anomaly DetectorsPreventing DoS AttacksHardeningNetwork HardeningApplication HardeningIntrusion Detection SystemsCase StudySummaryChapter 16 Case Study: A Methodical Step-By-Step Penetration TestCase Study: LCN Gets TestedPlanning the AttackGathering InformationScanning and EnumerationExternal ScanningWireless ScanningGaining AccessGaining Access via the WebsiteGaining Access via WirelessMaintain AccessCovering TracksWriting the ReportDAWN SecurityExecutive SummaryObjectiveMethodologyFindingsSummaryGraphical SummaryTechnical Testing ReportBlack-Box TestingPresenting and Planning the Follow-UpPart III AppendixesAppendix A Preparing a Security PolicyAppendix B ToolsGlossary
