Penetration Testing and Network Defense

Penetration Testing and Network Defense

by Andrew Whitaker, Daniel P. Newman
Released October 2005
Publisher(s): Cisco Press
ISBN: 1587052083

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The practical guide to simulating, detecting, and responding to network attacks 

  • Create step-by-step testing plans

  • Learn to perform social engineering and host reconnaissance

  • Evaluate session hijacking methods

  • Exploit web server vulnerabilities

  • Detect attempts to breach database security

  • Use password crackers to obtain access information

  • Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches

  • Scan and penetrate wireless networks

  • Understand the inner workings of Trojan Horses, viruses, and other backdoor applications

  • Test UNIX, Microsoft, and Novell servers for vulnerabilities

  • Learn the root cause of buffer overflows and how to prevent them

  • Perform and prevent Denial of Service attacks

    • Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.

    Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.

    Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.

    Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.

    “This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”

    –Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®

    Table of contents

    1. About This eBook
    2. Title Page
    3. Copyright Page
    4. About the Authors
    5. About the Technical Reviewers
    6. Dedications
    7. Acknowledgments
    8. Contents at a Glance
    9. Contents
    10. Icons Used in This Book
    11. Command Syntax Conventions
    12. Foreword
    13. Introduction
      1. Who Should Read this Book
      2. Ethical Considerations
      3. How This Book Is Organized
    14. Part I: Overview of Penetration Testing
      1. Chapter 1. Understanding Penetration Testing
        1. Defining Penetration Testing
        2. Assessing the Need for Penetration Testing
        3. Attack Stages
        4. Choosing a Penetration Testing Vendor
        5. Preparing for the Test
        6. Summary
      2. Chapter 2. Legal and Ethical Considerations
        1. Ethics of Penetration Testing
        2. Laws
        3. Logging
        4. To Fix or Not to Fix
        5. Summary
      3. Chapter 3. Creating a Test Plan
        1. Step-by-Step Plan
        2. Open-Source Security Testing Methodology Manual
        3. Documentation
        4. Summary
    15. Part II: Performing the Test
      1. Chapter 4. Performing Social Engineering
        1. Human Psychology
        2. What It Takes to Be a Social Engineer
        3. First Impressions and the Social Engineer
        4. Tech Support Impersonation
        5. Third-Party Impersonation
        6. E-Mail Impersonation
        7. End User Impersonation
        8. Customer Impersonation
        9. Reverse Social Engineering
        10. Protecting Against Social Engineering
        11. Case Study
        12. Summary
      2. Chapter 5. Performing Host Reconnaissance
        1. Passive Host Reconnaissance
        2. Active Host Reconnaissance
        3. Port Scanning
        4. NMap
        5. Detecting a Scan
        6. Case Study
        7. Summary
      3. Chapter 6. Understanding and Attempting Session Hijacking
        1. Defining Session Hijacking
        2. Tools
        3. Beware of ACK Storms
        4. Kevin Mitnick’s Session Hijack Attack
        5. Detecting Session Hijacking
        6. Protecting Against Session Hijacking
        7. Case Study
        8. Summary
        9. Resources
      4. Chapter 7. Performing Web Server Attacks
        1. Understanding Web Languages
        2. Website Architecture
        3. E-Commerce Architecture
        4. Web Page Spoofing
        5. Cookie Guessing
        6. Brute Force Attacks
        7. Tools
        8. Detecting Web Attacks
        9. Protecting Against Web Attacks
        10. Case Study
        11. Summary
      5. Chapter 8. Performing Database Attacks
        1. Defining Databases
        2. Testing Database Vulnerabilities
        3. Securing Your SQL Server
        4. Detecting Database Attacks
        5. Protecting Against Database Attacks
        6. Case Study
        7. Summary
        8. References and Further Reading
      6. Chapter 9. Password Cracking
        1. Password Hashing
        2. Password-Cracking Tools
        3. Detecting Password Cracking
        4. Protecting Against Password Cracking
        5. Case Study
        6. Summary
      7. Chapter 10. Attacking the Network
        1. Bypassing Firewalls
        2. Evading Intruder Detection Systems
        3. Testing Routers for Vulnerabilities
        4. Testing Switches for Vulnerabilities
        5. Securing the Network
        6. Case Study
        7. Summary
      8. Chapter 11. Scanning and Penetrating Wireless Networks
        1. History of Wireless Networks
        2. Antennas and Access Points
        3. Wireless Security Technologies
        4. War Driving
        5. Tools
        6. Detecting Wireless Attacks
        7. Case Study
        8. Summary
      9. Chapter 12. Using Trojans and Backdoor Applications
        1. Trojans, Viruses, and Backdoor Applications
        2. Common Viruses and Worms
        3. Trojans and Backdoors
        4. Detecting Trojans and Backdoor Applications
        5. Prevention
        6. Case Study
        7. Summary
      10. Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers
        1. General Scanners
        2. UNIX Permissions and Root Access
        3. Microsoft Security Models and Exploits
        4. Novell Server Permissions and Vulnerabilities
        5. Detecting Server Attacks
        6. Preventing Server Attacks
        7. Case Study
        8. Summary
      11. Chapter 14. Understanding and Attempting Buffer Overflows
        1. Memory Architecture
        2. Buffer Overflow Examples
        3. Preventing Buffer Overflows
        4. Case Study
        5. Summary
      12. Chapter 15. Denial-of-Service Attacks
        1. Types of DoS Attacks
        2. Tools for Executing DoS Attacks
        3. Detecting DoS Attacks
        4. Preventing DoS Attacks
        5. Case Study
        6. Summary
      13. Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test
        1. Case Study: LCN Gets Tested
        2. DAWN Security
    16. Appendixes
      1. A. Preparing a Security Policy
        1. What Is a Security Policy?
        2. Risk Assessment
        3. Basic Policy Requirements
        4. Security Policy Implementation and Review
        5. Preparing a Security Policy in Ten Basic Steps
        6. Reference Links
      2. B. Tools
        1. Performing Host Reconnaissance (Chapter 5)
        2. Understanding and Attempting Session Hijacking (Chapter 6)
        3. Performing Web-Server Attacks (Chapter 7)
        4. Performing Database Attacks (Chapter 8)
        5. Cracking Passwords (Chapter 9)
        6. Attacking the Network (Chapter 10)
        7. Scanning and Penetrating Wireless Networks (Chapter 11)
        8. Using Trojans and Backdoor Applications (Chapter 12)
        9. Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)
        10. Understanding and Attempting Buffer Overflows (Chapter 14)
        11. Denial-of-Service Attacks (Chapter 15)
      3. Glossary
    17. Index

    Product information

    • Title: Penetration Testing and Network Defense
    • Author(s): Andrew Whitaker, Daniel P. Newman
    • Release date: October 2005
    • Publisher(s): Cisco Press
    • ISBN: 1587052083