Penetration Testing & Network Defense (häftad)
Fler böcker inom
Format
Häftad (Paperback)
Språk
Engelska
Antal sidor
594
Utgivningsdatum
2005-11-01
Upplaga
1
Förlag
CISCO PRESS
Medarbetare
Newman, Daniel
Illustratör/Fotograf
Illustrations
Illustrationer
Illustrations
Dimensioner
230 x 185 x 35 mm
Vikt
1020 g
Antal komponenter
1
ISBN
9781587052088

Penetration Testing & Network Defense

av Andrew Whitaker, Daniel Newman
Häftad,  Engelska, 2005-11-01

Slutsåld

The practical guide to simulating, detecting, and responding to network attacks
  • Create step-by-step testing plans
  • Learn to perform social engineering and host reconnaissance
  • Evaluate session hijacking methods
  • Exploit web server vulnerabilities
  • Detect attempts to breach database security
  • Use password crackers to obtain access information
  • Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
  • Scan and penetrate wireless networks
  • Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
  • Test UNIX, Microsoft, and Novell servers for vulnerabilities
  • Learn the root cause of buffer overflows and how to prevent them
  • Perform and prevent Denial of Service attacks
Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.

Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organizations network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.

Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.

Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.

This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.

Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems
Visa hela texten

Kundrecensioner

Har du läst boken? Sätt ditt betyg »

Fler böcker av författarna

Andrew Whitaker, Daniel Newman

Övrig information

Andrew Whitaker, CCSP', is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco(R) courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies. Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.

Innehållsförteckning

 

Foreword

Introduction

Part I                 Overview of Penetration Testing

Chapter 1           Understanding Penetration Testing

Defining Penetration Testing

Assessing the Need for Penetration Testing

Proliferation of Viruses and Worms

Wireless LANs

Complexity of Networks Today

Frequency of Software Updates

Availability of Hacking Tools

The Nature of Open Source

 Reliance on the Internet

Unmonitored Mobile Users and Telecommuters

Marketing Demands

Industry Regulations

Administrator Trust

Business Partnerships

Hacktivism

Attack Stages

Choosing a Penetration Testing Vendor

Preparing for the Test

Summary

Chapter 2           Legal and Ethical Considerations

Ethics of Penetration Testing

Laws

U.S. Laws Pertaining to Hacking

1973 U.S. Code of Fair Information Practices

1986 Computer Fraud and Abuse Act (CFAA)

State Laws

Regulatory Laws

1996 U.S. Kennedy-Kasselbaum Health Insurance Portability and Accountability
Act (HIPAA)

Graham-Leach-Bliley (GLB)

USA PATRIOT ACT

2002 Federal Information Security Management Act (FISMA)

2003 Sarbanes-Oxley Act (SOX)

 Non-U.S. Laws Pertaining to Hacking


Logging

To Fix or Not to Fix

Summary

Chapter 3           Creating a Test Plan

Step-by-Step Plan

Defining the Scope

Social Engineering

Session Hijacking

Trojan/Backdoor

Open-Source Security Testing Methodology Manual

Documentation

Executive Summary

Project Scope

Results Analysis

Summary

Appendixes

Summary

Part II                Performing the Test

Chapter 4           Performing Social Engineering

Human Psychology

Conformity Persuasion

Logic Persuasion

Need-Based Persuasion

Authority-Based Persuasion

Reciprocation-Based Social Engineering

Similarity-Based Social Engineering

Information-Based Social Engineering

What It Takes to Be a Social Engineer

Using Patience for Social Engineering

Using Confidence for Social Engineering

Using Trust for Social Engineering

Using Inside Knowledge for Social Engineering

First Impressions and the Social Engineer

Tech Support Impersonation

Third-Party Impersonation

E-Mail Impersonation

End User Impersonation

Customer Impersonation

Reverse Social Engineering

Protecting Again...

Du kanske gillar