O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Practical Network Scanning

Book Description

Get more from your network by securing its infrastructure and increasing its effectiveness

About This Book
  • Learn to choose the best network scanning toolset for your system
  • Implement different concepts of network scanning such as port scanning and OS detection
  • Adapt a practical approach to securing your network
Who This Book Is For

If you are a security professional who is responsible for securing an organization's infrastructure, then this book is for you.

What You Will Learn
  • Achieve an effective security posture to design security architectures
  • Learn vital security aspects before moving to the Cloud
  • Launch secure applications with Web Application Security and SQL Injection
  • Explore the basics of threat detection/response/ mitigation with important use cases
  • Learn all about integration principles for PKI and tips to secure it
  • Design a WAN infrastructure and ensure security over a public WAN
In Detail

Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization.

Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization.

By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.

Style and approach

A practical guide that offers a simple way to easily understand network security concepts and apply them to strengthen your network.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Practical Network Scanning
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
  6. Fundamental Security Concepts
    1. Why security?
    2. Building blocks of information security
    3. Computer security
    4. Network security
      1. Firewalls
      2. Intrusion detection systems / intrusion prevention systems
      3. Multitier topology
    5. Internet security
      1. Password
      2. System upgrade and updates
      3. Phishing
        1. Beware of phishing phone calls
        2. Phishing protection
    6. Security issues, threats, and attacks
      1. IoT security risk
      2. Computer security risk
      3. Security Risk-Border Gateway Protocol
      4. Security and threats
        1. Natural disasters
        2. Human threats
      5. Security vulnerabilities
        1. Technology weaknesses
        2. Configuration weaknesses 
        3. Security policy weaknesses
      6. Using unencrypted or weak encryption for a website
    7. Summary
    8. Questions
    9. Further reading
  7. Secure Network Design
    1. Access control 
      1. Asset classification and physical security
      2. Authentication, authorization, and accounting
    2. Network management and security design
      1. Network segmentation
      2. Segmentation strategy steps
      3. Network protection consideration and design
    3. Hardening your TCP/IP stack
    4. DoS and DDoS attacks 
      1. Volume-based attacks
      2. Application layer attacks
      3. Low-rate attacks
    5. IP spoofing
      1. Anti-spoofing using access lists
      2. Encryption
      3. Anti-spoofing using RPF checks
    6. Ping sweeps and Port scans
      1. Mitigation
    7. DNS vulnerabilities 
      1. How does DNS work?
      2. DNS protocol attacks
      3. Mitigation
    8. Two factor authentication
    9. Summary 
    10. Questions
    11. Further reading
  8. Server-Level Security
    1. Classification of data
    2. Physical security 
    3. Disk encryption
      1. Full-disk encryption
        1. Bitlocker
        2. Virtual Trusted Platform Module – vTPM 
        3. Encrypt your Hyper-V Guest VMs 
        4. Cloud VM disk encryption
        5. What is encryption at rest?
    4. Hardening server security
      1. Check for open ports or services
      2. System firewall configuration
      3. System update
      4. Disable USB
      5. Hard disk encryption
      6. BIOS protection
      7. Check the installed packages
      8. Password policies
      9. Secure and encrypt remote access
      10. Implement activity logging
      11. Document the host information
    5. Authentication NTLM versus Kerberos
    6. Password policies
    7. Server-level permissions
    8. Server antivirus and malware protection
    9. Local security policies
    10. Summary
    11. Questions
    12. Further reading
  9. Cloud Security Design
    1. Cloud offerings
      1. IaaS
      2. PaaS
      3. SaaS
    2. Public versus private
      1. Public IaaS versus private IaaS
      2. Public PaaS versus private PaaS
      3. Public SaaS versus private SaaS
    3. Shared technology and shared danger
    4. Security approach for cloud computing
      1. Traditional enterprise network model
      2. Hybrid data center and cloud network
      3. Network security devices for IaaS
        1. Firewall Virtual Appliance
        2. Virtual TAP vTAP
        3. Virtual Router
        4. Virtual web application firewalls
    5. DDoS attack protection
    6. Data loss prevention
    7. Exploited system vulnerabilities
    8. Summary 
    9. Questions
    10. Further reading
  10. Application Security Design
    1. GDPR
      1. Getting consent
      2. Access to data
      3. Encryption
    2. SQL Injection
      1. Prevention of SQL Injection attack on web applications
        1. Employing comprehensive data sanitization
        2. Deploying a Web Application Firewall
        3. Limit database privileges
        4. Finding vulnerabilities
    3. WAFs
      1. WAF protection against common web attacks
    4. Blacklisting and whitelisting
      1. What is blacklisting?
        1. Benefit and disadvantage of blacklisting
      2. What is whitelisting?
        1. Benefit and disadvantage of whitelisting
      3. Which is better?
    5. Using HTTPS for everything
      1. HTTP versus HTTPS
      2. Web application security
        1. SSL/TLS deployment
          1. SSL/TLS key size
          2. Signing algorithm
          3. Secure protocol
        2. Preventing an authentication hacking attack
        3. Use cookies securely
        4. Vulnerabilities scan
        5. Server security
        6. Introduce a bug bounty program
    6. Summary
    7. Questions
    8. Further reading
  11. Threat Detection and Response
    1. Network threat detection
      1. Detection methods
        1. Intrusion detection system
          1. Types of IDSs
        2. Network capture solution 
        3. Threat detection with Netflow/IPFIX
          1. NetFlow vs. IPFIX
    2. Endpoint threat detection
      1. What’s an endpoint
        1. Endpoint Detection and Response (EDR) system
      2. Case Study – Why EDR system is required?
      3. Security policy 
      4. How to choose an EDR solution ?
    3. Security information and event management
      1. SIEM—Event versus incident and data breach
        1. What is an event?
        2. What is a security incident?
        3. What is a data breach?
      2. How do SIEM systems work?
        1. Event generator sensors
        2. Event and log collection or data aggregation
        3. Correlation
        4. Reporting and Alerting
        5. Dashboards
        6. Automation
        7. Log management
        8. SIEM commercial products 
    4. Summary
    5. Questions
    6. Further reading
  12. Vulnerability Assessment
    1. Infrastructure concerns
      1. What is vulnerability assessment?
        1. Plan
        2. Network discovery
        3. Vulnerability scan
        4. Report
        5. Remediation
      2. Why do we need vulnerability assessment?
        1. Types of vulnerability assessment
          1. Network-based assessment
          2. Host-based assessment
    2. Nessus installation, configuration, and vulnerability assessment methodology
      1. Installation
        1. Policies
    3. Sample report
    4. Summary
    5. Questions
    6. Further reading
  13. Remote OS Detection
    1. Reasons for OS detection 
      1. Network operating system inventory – trace your infrastructure 
    2. Determining vulnerability of target hosts
    3. Tailoring exploits
    4. OS detection technique with Nmap
      1. Nmap tool
      2. Operating system detection
    5. TCP/IP fingerprinting methods supported by Nmap
      1. TCP/UDP/IP basic
      2. The FIN probe
      3. TCP ISN sampling
      4. TCP initial window
      5. Type of service
      6. Time-to-live (TTL)
      7. Don't Fragment (DF) bit
    6. Understanding an Nmap fingerprint
    7. OS matching algorithms
      1. Defense against port scans
    8. Summary
    9. Questions
    10. Further reading
  14. Public Key Infrastructure-SSL
    1. Foundation of SSL
      1. How do I know that SSL is working?
      2. Why no PadLock?
      3. SSL certificate
        1. The evolution of SSL and TLS
          1. Current Supported Standard
          2. Why hasn't TLS 1.3 been implemented yet?
          3. Time to say goodbye to SSL and early TLS
        2. SSL certificate component 
          1. Root certificate
          2. Intermediate certificate
          3. SSL certificates classes 
    2. TLS versus SSL
    3. Public Key Infrastructure
      1. Symmetric encryption
      2. Asymmetric encryption
      3. Hash function
    4. Attacks against PKI
    5. Microsoft Windows and IIS
    6. OpenSSL
    7. SSL Management tools
    8. Summary 
    9. Questions
    10. Further reading
  15. Firewall Placement and Detection Techniques
    1. Technical requirements
    2. Firewall and design considerations
      1. Firewall terminology
      2. Firewall generations
      3. Firewall performance
      4. Firewall placement  and design network topology
        1. Single firewall architecture
          1. Single firewall architecture with a single IP subnet
          2. Single firewall architecture with multiple IP subnets
        2. Multilayer firewall architecture
          1. Firewall sandwich design
    3. Demilitarized Zone
      1. DMZ to Internal Access Policy 
    4. OSI model versus TCP/IP model
    5. Firewall performance, capabilities, and function
      1. Firewall management
      2. Application proxies
      3. Detecting firewalls
      4. Debugging tools
    6. Summary
    7. Questions
    8. Further Reading
  16. VPN and WAN Encryption
    1. Overview
    2. Classes of VPN
    3. Type of VPN protocol
      1. Point-to-Point tunneling protocol
      2. Layer 2 Tunneling Protocol
      3. Secure Socket Tunneling protocol
      4. Internet Protocol Security
      5. SSL VPN
      6. MPLS VPN
    4. VPN Design
    5. IKE V1 versus IKE V2
    6. WAN Encryption technique
      1. IPsec Layer-3 encryption
      2. MACsec—Layer-2 Encryption
      3. Optical Network—Layer-1 Encryption
    7. Summary 
    8. Questions
    9. Further Reading
  17. Summary and Scope of Security Technologies
    1. DDoS protection
      1. Remotely triggered black hole routing (RTBH)
        1. Black hole traffic from the source of the attack
        2. Black hole traffic to the destination of the attack
    2. BGP FlowSpec
      1. DDoS scrubbing
      2. Blockchain Technology for Fighting DDoS Attacks
    3. AI in cyber security 
    4. Next Gen SIEM
    5. Software Defined Networking Firewall
    6. Bring-Your-Own-Identity (BYOI)
    7. Summary
    8. Further reading 
  18. Assessment
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
    11. Chapter 11
  19. Other Books you may enjoy
    1. Leave a review - let other readers know what you think