Penetration Testing and Cisco Network Defense
12%
off

Penetration Testing and Cisco Network Defense

3.3 (10 ratings by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 10 business days
When will my order arrive?

Description

The practical guide to simulating, detecting, and responding to network attacks * Create step-by-step testing plans * Learn to perform social engineering and host reconnaissance * Evaluate session hijacking methods * Exploit web server vulnerabilities * Detect attempts to breach database security * Use password crackers to obtain access information * Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches * Scan and penetrate wireless networks * Understand the inner workings of Trojan Horses, viruses, and other backdoor applications * Test UNIX, Microsoft, and Novell servers for vulnerabilities * Learn the root cause of buffer overflows and how to prevent them * Perform and prevent Denial of Service attacks Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network. Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization's network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks. Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks. Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources. "This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade." -Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems(R)show more

Product details

  • Paperback | 624 pages
  • 185.42 x 226.06 x 38.1mm | 975.22g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587052083
  • 9781587052088
  • 1,375,294

Back cover copy

The practical guide to simulating, detecting, and responding to network attacks Create step-by-step testing plans Learn to perform social engineering and host reconnaissance Evaluate session hijacking methods Exploit web server vulnerabilities Detect attempts to breach database security Use password crackers to obtain access information Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches Scan and penetrate wireless networks Understand the inner workings of Trojan Horses, viruses, and other backdoor applications Test UNIX, Microsoft, and Novell servers for vulnerabilities Learn the root cause of buffer overflows and how to prevent them Perform and prevent Denial of Service attacks Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. "Penetration Testing and Network Defense "offers detailed steps on how to emulate an outside attacker in order to assess the security of a network. Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization's network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks. "Penetration Testing and Network Defense" also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks. Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources. "This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade." -Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems(R)show more

About Daniel P. Newman

Andrew Whitaker, CCSP(TM), is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco(R) courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies. Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.show more

Table of contents

Foreword Introduction Part I Overview of Penetration Testing Chapter 1 Understanding Penetration Testing Defining Penetration Testing Assessing the Need for Penetration Testing Proliferation of Viruses and Worms Wireless LANs Complexity of Networks Today Frequency of Software Updates Availability of Hacking Tools The Nature of Open Source Reliance on the Internet Unmonitored Mobile Users and Telecommuters Marketing Demands Industry Regulations Administrator Trust Business Partnerships Hacktivism Attack Stages Choosing a Penetration Testing Vendor Preparing for the Test Summary Chapter 2 Legal and Ethical Considerations Ethics of Penetration Testing Laws U.S. Laws Pertaining to Hacking 1973 U.S. Code of Fair Information Practices 1986 Computer Fraud and Abuse Act (CFAA) State Laws Regulatory Laws 1996 U.S. Kennedy-Kasselbaum Health Insurance Portability and Accountability Act (HIPAA) Graham-Leach-Bliley (GLB) USA PATRIOT ACT 2002 Federal Information Security Management Act (FISMA) 2003 Sarbanes-Oxley Act (SOX) Non-U.S. Laws Pertaining to Hacking Logging To Fix or Not to Fix Summary Chapter 3 Creating a Test Plan Step-by-Step Plan Defining the Scope Social Engineering Session Hijacking Trojan/Backdoor Open-Source Security Testing Methodology Manual Documentation Executive Summary Project Scope Results Analysis Summary Appendixes Summary Part II Performing the Test Chapter 4 Performing Social Engineering Human Psychology Conformity Persuasion Logic Persuasion Need-Based Persuasion Authority-Based Persuasion Reciprocation-Based Social Engineering Similarity-Based Social Engineering Information-Based Social Engineering What It Takes to Be a Social Engineer Using Patience for Social Engineering Using Confidence for Social Engineering Using Trust for Social Engineering Using Inside Knowledge for Social Engineering First Impressions and the Social Engineer Tech Support Impersonation Third-Party Impersonation E-Mail Impersonation End User Impersonation Customer Impersonation Reverse Social Engineering Protecting Against Social Engineering Case Study Summary Chapter 5 Performing Host Reconnaissance Passive Host Reconnaissance A Company Website EDGAR Filings NNTP USENET Newsgroups User Group Meetings Business Partners Active Host Reconnaissance NSLookup/Whois Lookups SamSpade Visual Route Port Scanning TCP Connect() Scan SYN Scan NULL Scan FIN Scan ACK Scan Xmas-Tree Scan Dumb Scan NMap NMap Switches and Techniques Compiling and Testing NMap Fingerprinting Footprinting Detecting a Scan Intrusion Detection Anomaly Detection Systems Misuse Detection System Host-Based IDSs Network-Based IDSs Network Switches Examples of Scan Detection Detecting a TCP Connect() Scan Detecting a SYN Scan Detecting FIN, NULL, and Xmas-Tree Scans Detecting OS Guessing Case Study Summary Chapter 6 Understanding and Attempting Session Hijacking Defining Session Hijacking Nonblind Spoofing Blind Spoofing TCP Sequence Prediction (Blind Hijacking) Tools Juggernaut Hunt TTY-Watcher T-Sight Other Tools Beware of ACK Storms Kevin Mitnick's Session Hijack Attack Detecting Session Hijacking Detecting Session Hijacking with a Packet Sniffer Configuring Ethereal Watching a Hijacking with Ethereal Detecting Session Hijacking with Cisco IDS Signature 1300: TCP Segment Overwrite Signature 3250: TCP Hijack Signature 3251: TCP Hijacking Simplex Mode Watching a Hijacking with IEV Protecting Against Session Hijacking Case Study Summary Resources Chapter 7 Performing Web Server Attacks Understanding Web Languages HTML DHTML XML XHTML JavaScript JScript VBScript Perl ASP CGI PHP Hypertext Preprocessor ColdFusion Java Once Called Oak Client-Based Java Server-Based Java Website Architecture E-Commerce Architecture Apache HTTP Server Vulnerabilities IIS Web Server Showcode.asp Privilege Escalation Buffer Overflows Web Page Spoofing Cookie Guessing Hidden Fields Brute Force Attacks Brutus HTTP Brute Forcer Detecting a Brute Force Attack Protecting Against Brute Force Attacks Tools NetCat Vulnerability Scanners IIS Xploit execiis-win32.exe CleanIISLog IntelliTamper Web Server Banner Grabbing Hacking with Google Detecting Web Attacks Detecting Directory Traversal Detecting Whisker Protecting Against Web Attacks Securing the Operating System Securing Web Server Applications IIS Apache Securing Website Design Securing Network Architecture Case Study Summary Chapter 8 Performing Database Attacks Defining Databases Oracle Structure SQL MySQL Structure SQL SQL Server Structure SQL Database Default Accounts Testing Database Vulnerabilities SQL Injection System Stored Procedures xp_cmdshell Connection Strings Password Cracking/Brute Force Attacks Securing Your SQL Server Authentication Service Accounts Public Role Guest Account Sample Databases Network Libraries Ports Detecting Database Attacks Auditing Failed Logins System Stored Procedures SQL Injection Protecting Against Database Attacks Case Study Summary References and Further Reading Chapter 9 Password Cracking Password Hashing Using Salts Microsoft Password Hashing UNIX Password Hashing Password-Cracking Tools John the Ripper Pwdump3 L0phtcrack Nutcracker Hypnopaedia Snadboy Revelation Boson GetPass RainbowCrack Detecting Password Cracking Network Traffic System Log Files Account Lockouts Physical Access Dumpster Diving and Key Logging Social Engineering Protecting Against Password Cracking Password Auditing Logging Account Logins Account Locking Password Settings Password Length Password Expiration Password History Physical Protection Employee Education and Policy Case Study Summary Chapter 10 Attacking the Network Bypassing Firewalls Evading Intruder Detection Systems Testing Routers for Vulnerabilities CDP HTTP Service Password Cracking Modifying Routing Tables Testing Switches for Vulnerabilities VLAN Hopping Spanning Tree Attacks MAC Table Flooding ARP Attacks VTP Attacks Securing the Network Securing Firewalls Securing Routers Disabling CDP Disabling or Restricting the HTTP Service Securing Router Passwords Enabling Authentication for Routing Protocols Securing Switches Securing Against VLAN Hopping Securing Against Spanning Tree Attacks Securing Against MAC Table Flooding and ARP Attacks Securing Against VTP Attacks Case Study Summary Chapter 11 Scanning and Penetrating Wireless Networks History of Wireless Networks Antennas and Access Points Wireless Security Technologies Service Set Identifiers (SSIDs) Wired Equivalent Privacy (WEP) MAC Filtering 802.1x Port Security IPSec War Driving Tools NetStumbler StumbVerter DStumbler Kismet GPSMap AiroPeek NX AirSnort WEPCrack Detecting Wireless Attacks Unprotected WLANs DoS Attacks Rogue Access Points MAC Address Spoofing Unallocated MAC Addresses Preventing Wireless Attacks Preventing Man-in-the-Middle Attacks Establishing and Enforcing Standards for Wireless Networking Case Study Summary Chapter 12 Using Trojans and Backdoor Applications Trojans, Viruses, and Backdoor Applications Common Viruses and Worms Chernobyl I Love You Melissa BugBear MyDoom W32/Klez Blaster SQL Slammer Sasser Trojans and Backdoors Back Orifice 2000 Tini Donald Dick Rootkit NetCat SubSeven Brown Orifice Beast Beast Server Settings Beast Client Detecting Trojans and Backdoor Applications MD5 Checksums Monitoring Ports Locally Netstat fport TCPView Monitoring Ports Remotely Anti-virus and Trojan Scanners Software Intrusion Detection Systems Prevention Case Study Summary Chapter 13 Penetrating UNIX, Microsoft, and Novell Servers General Scanners Nessus SAINT SARA ISS NetRecon UNIX Permissions and Root Access Elevation Techniques Stack Smashing Exploit rpc.statd Exploit irix-login.c Rootkits Linux Rootkit IV Beastkit Microsoft Security Models and Exploits Elevation Techniques PipeUpAdmin HK Rootkits Novell Server Permissions and Vulnerabilities Pandora NovelFFS Detecting Server Attacks Preventing Server Attacks Case Study Summary Chapter 14 Understanding and Attempting Buffer Overflows Memory Architecture Stacks Heaps NOPs Buffer Overflow Examples Simple Example Linux Privilege Escalation Windows Privilege Escalation Preventing Buffer Overflows Library Tools to Prevent Buffer Overflows Compiler-Based Solutions to Prevent Buffer Overflows Using a Non-Executable Stack to Prevent Buffer Overflows Case Study Summary Chapter 15 Denial-of-Service Attacks Types of DoS Attacks Ping of Death Smurf and Fraggle LAND Attack SYN Flood Tools for Executing DoS Attacks Datapool Jolt2 Hgod Other Tools Detecting DoS Attacks Appliance Firewalls Host-Based IDS Signature-Based Network IDS Network Anomaly Detectors Preventing DoS Attacks Hardening Network Hardening Application Hardening Intrusion Detection Systems Case Study Summary Chapter 16 Case Study: A Methodical Step-By-Step Penetration Test Case Study: LCN Gets Tested Planning the Attack Gathering Information Scanning and Enumeration External Scanning Wireless Scanning Gaining Access Gaining Access via the Website Gaining Access via Wireless Maintain Access Covering Tracks Writing the Report DAWN Security Executive Summary Objective Methodology Findings Summary Graphical Summary Technical Testing Report Black-Box Testing Presenting and Planning the Follow-Up Part III Appendixes Appendix A Preparing a Security Policy Appendix B Tools Glossaryshow more

Rating details

10 ratings
3.3 out of 5 stars
5 30% (3)
4 0% (0)
3 40% (4)
2 30% (3)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X