book

Penetration Testing and Network Defense

by Andrew Whitaker, Daniel P. Newman

October 2005

Intermediate to advanced

624 pages

15h 47m

English

Cisco Press

Read now

Unlock full access

Who Should Read this BookEthical ConsiderationsHow This Book Is Organized
Defining Penetration TestingAssessing the Need for Penetration TestingAttack StagesChoosing a Penetration Testing VendorPreparing for the TestSummary
Ethics of Penetration TestingLawsLoggingTo Fix or Not to FixSummary
Step-by-Step PlanOpen-Source Security Testing Methodology ManualDocumentationSummary
Human PsychologyWhat It Takes to Be a Social EngineerFirst Impressions and the Social EngineerTech Support ImpersonationThird-Party ImpersonationE-Mail ImpersonationEnd User ImpersonationCustomer ImpersonationReverse Social EngineeringProtecting Against Social EngineeringCase StudySummary
Passive Host ReconnaissanceActive Host ReconnaissancePort ScanningNMapDetecting a ScanCase StudySummary
Defining Session HijackingToolsBeware of ACK StormsKevin Mitnick’s Session Hijack AttackDetecting Session HijackingProtecting Against Session HijackingCase StudySummaryResources
Understanding Web LanguagesWebsite ArchitectureE-Commerce ArchitectureWeb Page SpoofingCookie GuessingBrute Force AttacksToolsDetecting Web AttacksProtecting Against Web AttacksCase StudySummary
Defining DatabasesTesting Database VulnerabilitiesSecuring Your SQL ServerDetecting Database AttacksProtecting Against Database AttacksCase StudySummaryReferences and Further Reading
Password HashingPassword-Cracking ToolsDetecting Password CrackingProtecting Against Password CrackingCase StudySummary
Bypassing FirewallsEvading Intruder Detection SystemsTesting Routers for VulnerabilitiesTesting Switches for VulnerabilitiesSecuring the NetworkCase StudySummary
History of Wireless NetworksAntennas and Access PointsWireless Security TechnologiesWar DrivingToolsDetecting Wireless AttacksCase StudySummary
Trojans, Viruses, and Backdoor ApplicationsCommon Viruses and WormsTrojans and BackdoorsDetecting Trojans and Backdoor ApplicationsPreventionCase StudySummary
General ScannersUNIX Permissions and Root AccessMicrosoft Security Models and ExploitsNovell Server Permissions and VulnerabilitiesDetecting Server AttacksPreventing Server AttacksCase StudySummary
Memory ArchitectureBuffer Overflow ExamplesPreventing Buffer OverflowsCase StudySummary
Types of DoS AttacksTools for Executing DoS AttacksDetecting DoS AttacksPreventing DoS AttacksCase StudySummary
Case Study: LCN Gets TestedDAWN Security
What Is a Security Policy?Risk AssessmentBasic Policy RequirementsSecurity Policy Implementation and ReviewPreparing a Security Policy in Ten Basic StepsReference Links
Performing Host Reconnaissance (Chapter 5)Understanding and Attempting Session Hijacking (Chapter 6)Performing Web-Server Attacks (Chapter 7)Performing Database Attacks (Chapter 8)Cracking Passwords (Chapter 9)Attacking the Network (Chapter 10)Scanning and Penetrating Wireless Networks (Chapter 11)Using Trojans and Backdoor Applications (Chapter 12)Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)Understanding and Attempting Buffer Overflows (Chapter 14)Denial-of-Service Attacks (Chapter 15)

Content preview from Penetration Testing and Network Defense

Appendix A. Preparing a Security Policy

The infamous security policy! What is it, what is in it, who creates it, and who enforces it? These are just some of the questions that a junior security officer has when the term security policy is mentioned. Creating your first functional e-mail usage security policy can be a daunting experience. You wonder if you will get it right and if the company will believe in the need for such a document. It takes abundant information gathering and preparation to gain company acceptance of why it should expend time and effort on a policy document that states some common sense things like, “Don’t use company e-mail servers as a central spam server for your home business.” In the end, however, your managers will ...