Network security assessment
How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, mi...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Beijing ; Sebastopol, California :
O'Reilly Media, Inc
2007.
|
| Edición: | 2nd ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627065706719 |
Tabla de Contenidos:
- Table of Contents; Foreword; About Bob Ayers; Preface; Overview; Recognized Assessment Standards; NSA IAM; CESG CHECK; PCI Data Security Standards; Other Assessment Standards and Associations; Hacking Defined; Organization; Audience; Mirror Site for Tools Mentioned in This Book; Using Code Examples; Conventions Used in This Book; Comments and Questions; Acknowledgments; Guest Authors Featured in This Book; Network Security Assessment; The Business Benefits; IP: The Foundation of the Internet; Classifying Internet-Based Attackers; Assessment Service Definitions
- Network Security Assessment MethodologyInternet Host and Network Enumeration; Bulk Network Scanning and Probing; Investigation of Vulnerabilities; Exploitation of Vulnerabilities; The Cyclic Assessment Approach; Network Security Assessment Platform; Virtualization Software; VMware; Microsoft Virtual PC; Parallels; Operating Systems; Microsoft Windows Platforms; Linux Platforms; Apple Mac OS X; Reconnaissance Tools; Network Scanning Tools; Nmap; Nessus; Commercial Network Scanning Tools; Exploitation Frameworks; Metasploit Framework; Commercial Exploitation Frameworks
- Web Application Testing ToolsCommercial Web Application Scanning Tools; Internet Host and Network Enumeration; Querying Web and Newsgroup Search Engines; Google Search Functionality; Enumerating contact details with Google; Effective search query strings; Searching Newsgroups; Querying Netcraft; Querying Domain WHOIS Registrars; Using the Unix whois utility; Querying IP WHOIS Registrars; IP WHOIS Querying Tools and Examples; Querying WHOIS databases to enumerate objects for a given company; Using WHOIS web search engines; Harvesting user details through WHOIS
- Enumerating WHOIS maintainer objectsBGP Querying; DNS Querying; Forward DNS Querying; Forward DNS querying through nslookup; DNS Zone Transfer Techniques; Checking for DNS zone transfer weaknesses using host; Using dig to perform a DNS zone transfer using a specific name server; Information retrieved through DNS zone transfer; PTR record enumeration through DNS zone transfer; Forward DNS Grinding; Reverse DNS Sweeping; Web Server Crawling; Automating Enumeration; SMTP Probing; Enumeration Technique Recap; Enumeration Countermeasures; IP Network Scanning; ICMP Probing; ICMP Probing Tools; SING
- NmapICMPScan; Identifying Subnet Network and Broadcast Addresses; Gleaning Internal IP Addresses; OS Fingerprinting Using ICMP; TCP Port Scanning; Standard Scanning Methods; Vanilla connect() scanning; Half-open SYN flag scanning; Stealth TCP Scanning Methods; Inverse TCP flag scanning; ACK flag probe scanning; Third-Party and Spoofed TCP Scanning Methods; FTP bounce scanning; Proxy bounce scanning; Sniffer-based spoofed scanning; IP ID header scanning; UDP Port Scanning; Tools That Perform UDP Port Scanning; IDS Evasion and Filter Circumvention; Fragmenting Probe Packets; Fragtest; Fragroute
- Nmap
