Book description
The practical guide to simulating, detecting, and responding to network attacks
Create step-by-step testing plans
Learn to perform social engineering and host reconnaissance
Evaluate session hijacking methods
Exploit web server vulnerabilities
Detect attempts to breach database security
Use password crackers to obtain access information
Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
Scan and penetrate wireless networks
Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
Test UNIX, Microsoft, and Novell servers for vulnerabilities
Learn the root cause of buffer overflows and how to prevent them
Perform and prevent Denial of Service attacks
Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.
Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.
Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.
Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.
“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”
–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®
Table of contents
- About This eBook
- Title Page
- Copyright Page
- About the Authors
- About the Technical Reviewers
- Dedications
- Acknowledgments
- Contents at a Glance
- Contents
- Icons Used in This Book
- Command Syntax Conventions
- Foreword
- Introduction
- Part I: Overview of Penetration Testing
-
Part II: Performing the Test
-
Chapter 4. Performing Social Engineering
- Human Psychology
- What It Takes to Be a Social Engineer
- First Impressions and the Social Engineer
- Tech Support Impersonation
- Third-Party Impersonation
- E-Mail Impersonation
- End User Impersonation
- Customer Impersonation
- Reverse Social Engineering
- Protecting Against Social Engineering
- Case Study
- Summary
- Chapter 5. Performing Host Reconnaissance
- Chapter 6. Understanding and Attempting Session Hijacking
- Chapter 7. Performing Web Server Attacks
- Chapter 8. Performing Database Attacks
- Chapter 9. Password Cracking
- Chapter 10. Attacking the Network
- Chapter 11. Scanning and Penetrating Wireless Networks
- Chapter 12. Using Trojans and Backdoor Applications
- Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers
- Chapter 14. Understanding and Attempting Buffer Overflows
- Chapter 15. Denial-of-Service Attacks
- Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test
-
Chapter 4. Performing Social Engineering
-
Appendixes
- A. Preparing a Security Policy
-
B. Tools
- Performing Host Reconnaissance (Chapter 5)
- Understanding and Attempting Session Hijacking (Chapter 6)
- Performing Web-Server Attacks (Chapter 7)
- Performing Database Attacks (Chapter 8)
- Cracking Passwords (Chapter 9)
- Attacking the Network (Chapter 10)
- Scanning and Penetrating Wireless Networks (Chapter 11)
- Using Trojans and Backdoor Applications (Chapter 12)
- Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)
- Understanding and Attempting Buffer Overflows (Chapter 14)
- Denial-of-Service Attacks (Chapter 15)
- Glossary
- Index
Product information
- Title: Penetration Testing and Network Defense
- Author(s):
- Release date: October 2005
- Publisher(s): Cisco Press
- ISBN: 1587052083
You might also like
book
Ethical Hacking and Penetration Testing Guide
Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to …
book
Computer Network Security
Developed in collaboration with a training and certification team from Cisco, Computer Network Security is an …
book
Network Intrusion Detection, Third Edition
The Chief Information Warfare Officer for the entire United States teaches you how to protect your …
book
Penetration Testing: A Survival Guide
A complete pentesting guide facilitating smooth backtracking for working hackers About This Book Conduct network testing, …