book

Penetration Testing and Network Defense

by Andrew Whitaker, Daniel P. Newman

October 2005

Intermediate to advanced

624 pages

15h 47m

English

Cisco Press

Read now

Unlock full access

Who Should Read this BookEthical ConsiderationsHow This Book Is Organized
Defining Penetration TestingAssessing the Need for Penetration TestingAttack StagesChoosing a Penetration Testing VendorPreparing for the TestSummary
Ethics of Penetration TestingLawsLoggingTo Fix or Not to FixSummary
Step-by-Step PlanOpen-Source Security Testing Methodology ManualDocumentationSummary
Human PsychologyWhat It Takes to Be a Social EngineerFirst Impressions and the Social EngineerTech Support ImpersonationThird-Party ImpersonationE-Mail ImpersonationEnd User ImpersonationCustomer ImpersonationReverse Social EngineeringProtecting Against Social EngineeringCase StudySummary
Passive Host ReconnaissanceActive Host ReconnaissancePort ScanningNMapDetecting a ScanCase StudySummary
Defining Session HijackingToolsBeware of ACK StormsKevin Mitnick’s Session Hijack AttackDetecting Session HijackingProtecting Against Session HijackingCase StudySummaryResources
Understanding Web LanguagesWebsite ArchitectureE-Commerce ArchitectureWeb Page SpoofingCookie GuessingBrute Force AttacksToolsDetecting Web AttacksProtecting Against Web AttacksCase StudySummary
Defining DatabasesTesting Database VulnerabilitiesSecuring Your SQL ServerDetecting Database AttacksProtecting Against Database AttacksCase StudySummaryReferences and Further Reading
Password HashingPassword-Cracking ToolsDetecting Password CrackingProtecting Against Password CrackingCase StudySummary
Bypassing FirewallsEvading Intruder Detection SystemsTesting Routers for VulnerabilitiesTesting Switches for VulnerabilitiesSecuring the NetworkCase StudySummary
History of Wireless NetworksAntennas and Access PointsWireless Security TechnologiesWar DrivingToolsDetecting Wireless AttacksCase StudySummary
Trojans, Viruses, and Backdoor ApplicationsCommon Viruses and WormsTrojans and BackdoorsDetecting Trojans and Backdoor ApplicationsPreventionCase StudySummary
General ScannersUNIX Permissions and Root AccessMicrosoft Security Models and ExploitsNovell Server Permissions and VulnerabilitiesDetecting Server AttacksPreventing Server AttacksCase StudySummary
Memory ArchitectureBuffer Overflow ExamplesPreventing Buffer OverflowsCase StudySummary
Types of DoS AttacksTools for Executing DoS AttacksDetecting DoS AttacksPreventing DoS AttacksCase StudySummary
Case Study: LCN Gets TestedDAWN Security
What Is a Security Policy?Risk AssessmentBasic Policy RequirementsSecurity Policy Implementation and ReviewPreparing a Security Policy in Ten Basic StepsReference Links
Performing Host Reconnaissance (Chapter 5)Understanding and Attempting Session Hijacking (Chapter 6)Performing Web-Server Attacks (Chapter 7)Performing Database Attacks (Chapter 8)Cracking Passwords (Chapter 9)Attacking the Network (Chapter 10)Scanning and Penetrating Wireless Networks (Chapter 11)Using Trojans and Backdoor Applications (Chapter 12)Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)Understanding and Attempting Buffer Overflows (Chapter 14)Denial-of-Service Attacks (Chapter 15)

Content preview from Penetration Testing and Network Defense

Chapter 11. Scanning and Penetrating Wireless Networks

“It’s as BAD as you think, and they ARE out to get you!”

—Bumper sticker

On April 7, 2005, three men were convicted of hacking into the wireless network of a Lowe’s home improvement store and stealing credit card information from customers. The attack was launched from the parking lot of a Lowe’s store in Michigan, where the three men broke into the store’s wireless network, which had connections into the main database in North Carolina.

What these three men accomplished is becoming a common news headline as more malicious hackers are discovering how easy it is to break into wireless networks. Securing wireless networks is not an easy task. Although wireless networking provides the benefits ...