Book description
Help beat the hackers at their own game! Discover how to take charge of system assets through hands-on vulnerability scanning, penetration testing, and other advanced testing techniques—straight from members of the Microsoft Security Team.
Publisher resources
Table of contents
- Assessing Network Security
- A Note Regarding Supplemental Files
- Acknowledgments
- Foreword
- Introduction
-
I. Planning and Performing Security Assessments
- 1. Introduction to Performing Security Assessments
-
2. Key Principles of Security
-
Making Security Easy
- Keeping Services Running
- Allowing the Right Users Access to the Right Information
- Defending Every Layer as if It Were the Last Layer of Defense
- Keeping a Record of Attempts to Access Information
- Compartmentalizing and Isolating Resources
- Avoiding the Mistakes Everyone Else Makes
- Controlling the Cost of Meeting Security Objectives
- Risk Management
- Immutable Laws
- Frequently Asked Questions
-
Making Security Easy
- 3. Using Vulnerability Scanning to Assess Network Security
- 4. Conducting a Penetration Test
- 5. Performing IT Security Audits
- 6. Reporting Your Findings
-
7. Building and Maintaining Your Security Assessment Skills
- Building Core Skills
- Staying Up-to-Date
- Frequently Asked Questions
-
II. Penetration Testing for Nonintrusive Attacks
- 8. Information Reconnaissance
- 9. Host Discovery Using DNS and NetBIOS
- 10. Network and Host Discovery
- 11. Port Scanning
- 12. Obtaining Information from a Host
- 13. War Dialing, War Driving, and Bluetooth Attacks
-
III. Penetration Testing for Intrusive Attacks
- 14. Automated Vulnerability Detection
- 15. Password Attacks
- 16. Denial of Service Attacks
- 17. Application Attacks
- 18. Database Attacks
- 19. Network Sniffing
- 20. Spoofing
- 21. Session Hijacking
- 22. How Attackers Avoid Detection
- 23. Attackers Using Non-Network Methods to Gain Access
-
IV. Security Assessment Case Studies
- 24. Web Threats
-
25. E-Mail Threats
- Client-Level Threats
- Server-Level Threats
-
Spam
- Why You Should Be Concerned About Spam
- Tricks and Techniques
- What Is Being Done About Spam
- Frequently Asked Questions
- 26. Domain Controller Threats
- 27. Extranet and VPN Threats
-
V. Appendixes
-
A. Checklists
-
Penetration Test Checklists
- Chapter 8: Information Reconnaissance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 14: Automated Vulnerability Detection
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
-
Countermeasures Checklists
- Chapter 8: Information Reconnaissance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
-
Penetration Test Checklists
-
B. References
- Chapter 1: Introduction to Performing Security Assessments
- Chapter 2: Key Principles of Security
- Chapter 3: Using Vulnerability Scanning to Assess Network Security
- Chapter 4: Conducting a Penetration Test
- Chapter 5: Performing IT Security Audits
- Chapter 6: Reporting Your Findings
- Chapter 7: Building and Maintaining Your Security Assessment Skills
- Chapter 8: Information Reconnaisance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 14: Automated Vulnerability Detection
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
- About the Authors
-
A. Checklists
- Index
- About the Authors
- Copyright
Product information
- Title: Assessing Network Security
- Author(s):
- Release date: July 2004
- Publisher(s): Microsoft Press
- ISBN: 9780735620339
You might also like
book
CCNA Security 640-554 Quick Reference
As a final exam preparation tool, the CCNA Security 640-554 Quick Reference provides a concise review …
book
Security and Privacy in Cyber-Physical Systems
Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this …
book
CCNA Security Official Exam Certification Guide (Exam 640-553)
CCNA Security Official Exam Certification Guide Master the IINS 640-553 exam with this official study guide …
book
Network Security First-Step, Second Edition
Network Security first-step Second Edition Tom Thomas and Donald Stoddard Your first step into the world …