Assessing Network Security
Don't wait for an attacker to find and exploit your security vulnerabilities-take the lead by assessing the state of your network's security. This book delivers advanced network testing strategies, including vulnerability scanning and penetration testing, from members of the Microsoft sec...
| Autor principal: | |
|---|---|
| Otros Autores: | , |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Sebastopol :
Microsoft Press
2009.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009626923906719 |
Tabla de Contenidos:
- Assessing Network Security; Foreword; Introduction; Organization of This Book; System Requirements; Support; I. Planning and Performing Security Assessments; Why Does Network Security Fail?; Policy Factors; Misconfiguration; Poor Assumptions; Ignorance; Failure to Stay Up-to-Date; Types of Security Assessments; Identify Common Security Mistakes; Search for Computers with Known Vulnerabilities; Test for Exposure to Common Attacks; Penetration Testing; Weakness in People and Processes; IT Security Auditing; Frequently Asked Questions; 2. Key Principles of Security
- Allowing the Right Users Access to the Right InformationDefending Every Layer as if It Were the Last Layer of Defense; Keeping a Record of Attempts to Access Information; Compartmentalizing and Isolating Resources; Avoiding the Mistakes Everyone Else Makes; Controlling the Cost of Meeting Security Objectives; Risk Management; Identifying Assets and Determining Their Value; Predicting Threats and Vulnerabilities to Assets; Documenting the Security Risks; Determining a Risk Management Strategy; Monitoring Assets; Tracking Changes to Risks; Risk Management Strategies; Mitigation; Transference
- AvoidanceImmutable Laws; Frequently Asked Questions; 3. Using Vulnerability Scanning to Assess Network Security; Recorded State; Well-Defined Configurations; Defining the Target Scope; Defining Types of Vulnerabilities; Determining Goals; Choosing a Technology; Checklist for Evaluating Tools; Creating a Process for Scanning for Vulnerabilities; Assigning Risk Levels to Vulnerabilities; Identifying Vulnerabilities That Have not Been Remediated; Determining Improvement in Network Security Over Time; Creating a Process for Analyzing the Results; Frequently Asked Questions
- 4. Conducting a Penetration TestFinancial Gain; Challenge; Activism; Revenge; Espionage; Information Warfare; Defining the Penetration Test Engagement; Gaining Administrator Access to a System or Systems; Gaining Physical Access to a Device or Location; Getting Caught by Security Administrators; Compromising Applications; Denying Others Use of a Service; Causing Direct Financial Damage to an Organization; Setting the Scope; Performing the Penetration Test; Determining How Vulnerabilities Were Compromised; Locating Assets that Could be Accessed, Altered, or Destroyed
- Determining Whether the Attack Was DetectedIdentifying the Attack Footprint; Making Recommendations; Frequently Asked Questions; 5. Performing IT Security Audits; Technical Policies; Physical Policies; Processes and Procedures; Operations; Preliminary Decisions; Regulatory Considerations; Operational Considerations; Organizational Considerations; Planning and Performing the Audit; Setting the Scope and Timeline; Obtaining Legal and Management Approval; Completing the Audit; Analyzing and Reporting the Results; Frequently Asked Questions; 6. Reporting Your Findings; Technically Accurate
- Objective
