Chapter 8. Network Infrastructure
In This Chapter
Scanning network hosts
Assessing security with a network analyzer
Preventing denial-of-service and infrastructure vulnerabilities
To have secure operating systems and applications, you need to have a secure network. Devices such as routers, firewalls, and even generic hosts (including servers and workstations) must be assessed as part of the ethical hacking process.
There are thousands of possible network vulnerabilities, equally as many tools, and even more testing techniques. You probably don't have the time or resources available to test your network infrastructure systems for all possible vulnerabilities, using every tool and method imaginable. Instead, you need to focus on tests that will produce a good overall assessment of your network — and the tests I describe in this chapter produce exactly that.
You can eliminate many well-known, network-related vulnerabilities by simply patching your network hosts with the latest vendor software and firmware updates. Because most network infrastructure hosts are not publicly accessible, odds are that your network hosts will not be attacked from the outside and even when they are, the results are not likely to be detrimental. You can eliminate many other vulnerabilities by following some solid security practices on your network, as described in this chapter and in Network Security Bible, Second Edition by Eric Cole. The tests, tools, and techniques outlined in this chapter offer ...