Book description
Help beat the hackers at their own game! Discover how to take charge of system assets through hands-on vulnerability scanning, penetration testing, and other advanced testing techniques—straight from members of the Microsoft Security Team.
Publisher resources
Table of contents
- Assessing Network Security
- A Note Regarding Supplemental Files
- Acknowledgments
- Foreword
- Introduction
-
I. Planning and Performing Security Assessments
- 1. Introduction to Performing Security Assessments
-
2. Key Principles of Security
-
Making Security Easy
- Keeping Services Running
- Allowing the Right Users Access to the Right Information
- Defending Every Layer as if It Were the Last Layer of Defense
- Keeping a Record of Attempts to Access Information
- Compartmentalizing and Isolating Resources
- Avoiding the Mistakes Everyone Else Makes
- Controlling the Cost of Meeting Security Objectives
- Risk Management
- Immutable Laws
- Frequently Asked Questions
-
Making Security Easy
- 3. Using Vulnerability Scanning to Assess Network Security
- 4. Conducting a Penetration Test
- 5. Performing IT Security Audits
- 6. Reporting Your Findings
-
7. Building and Maintaining Your Security Assessment Skills
- Building Core Skills
- Staying Up-to-Date
- Frequently Asked Questions
-
II. Penetration Testing for Nonintrusive Attacks
- 8. Information Reconnaissance
- 9. Host Discovery Using DNS and NetBIOS
- 10. Network and Host Discovery
- 11. Port Scanning
- 12. Obtaining Information from a Host
- 13. War Dialing, War Driving, and Bluetooth Attacks
-
III. Penetration Testing for Intrusive Attacks
- 14. Automated Vulnerability Detection
- 15. Password Attacks
- 16. Denial of Service Attacks
- 17. Application Attacks
- 18. Database Attacks
- 19. Network Sniffing
- 20. Spoofing
- 21. Session Hijacking
- 22. How Attackers Avoid Detection
- 23. Attackers Using Non-Network Methods to Gain Access
-
IV. Security Assessment Case Studies
- 24. Web Threats
-
25. E-Mail Threats
- Client-Level Threats
- Server-Level Threats
-
Spam
- Why You Should Be Concerned About Spam
- Tricks and Techniques
- What Is Being Done About Spam
- Frequently Asked Questions
- 26. Domain Controller Threats
- 27. Extranet and VPN Threats
-
V. Appendixes
-
A. Checklists
-
Penetration Test Checklists
- Chapter 8: Information Reconnaissance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 14: Automated Vulnerability Detection
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
-
Countermeasures Checklists
- Chapter 8: Information Reconnaissance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
-
Penetration Test Checklists
-
B. References
- Chapter 1: Introduction to Performing Security Assessments
- Chapter 2: Key Principles of Security
- Chapter 3: Using Vulnerability Scanning to Assess Network Security
- Chapter 4: Conducting a Penetration Test
- Chapter 5: Performing IT Security Audits
- Chapter 6: Reporting Your Findings
- Chapter 7: Building and Maintaining Your Security Assessment Skills
- Chapter 8: Information Reconnaisance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 14: Automated Vulnerability Detection
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
- About the Authors
-
A. Checklists
- Index
- About the Authors
- Copyright
Product information
- Title: Assessing Network Security
- Author(s):
- Release date: July 2004
- Publisher(s): Microsoft Press
- ISBN: 9780735620339
You might also like
book
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis
This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It …
book
Certified Ethical Hacker (CEH) Version 10 Cert Guide, 3rd Edition
In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all …
book
Network Security First-Step, Second Edition
Network Security first-step Second Edition Tom Thomas and Donald Stoddard Your first step into the world …
book
CompTIA® Security+ SY0-501 Cert Guide
This is the most comprehensive core study tool for CompTIA's latest Security+ exam. Perfect for every …