Penetration Testing and Network Defense,9781587052088

Penetration Testing and Network Defense

by ;
Edition: 1st
ISBN13: 9781587052088
ISBN10: 1587052083
Format: Paperback
Pub. Date: 2005-10-31
Publisher(s): Cisco Press
List Price: $71.99

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$83.99
*To support the delivery of the digital material to you, a non-refundable digital delivery fee of $3.99 will be charged on each digital item.
$83.99*
Add to Cart

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

Buy from our Marketplace starting at $5.50

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

The practical guide to simulating, detecting, and responding to network attacks bull; bull;Create step-by-step testing plans bull;Learn to perform social engineering and host reconnaissance bull;Evaluate session hijacking methods bull;Exploit web server vulnerabilities bull;Detect attempts to breach database security bull;Use password crackers to obtain access information bull;Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches bull;Scan and penetrate wireless networks bull;Understand the inner workings of Trojan Horses, viruses, and other backdoor applications bull;Test UNIX, Microsoft, and Novell servers for vulnerabilities bull;Learn the root cause of buffer overflows and how to prevent them bull;Perform and prevent Denial of Service attacks Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network. Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organizationrs"s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks. Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks. Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources. "This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade." Bruce Murphy, Vice President, World Wide Security Services, Cisco Systemsreg;

Author Biography

Andrew Whitaker, CCSP™, is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco® courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies.

 

Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.

Table of Contents

Foreword xxii
Introduction xxiii
Part I Overview of Penetration Testing
3(44)
Understanding Penetration Testing
5(16)
Defining Penetration Testing
5(3)
Assessing the Need for Penetration Testing
8(5)
Proliferation of Viruses and Worms
9(1)
Wireless LANs
9(1)
Complexity of Networks Today
10(1)
Frequency of Software Updates
10(1)
Availability of Hacking Tools
10(1)
The Nature of Open Source
11(1)
Reliance on the Internet
11(1)
Unmonitored Mobile Users and Telecommuters
12(1)
Marketing Demands
12(1)
Industry Regulations
12(1)
Administrator Trust
13(1)
Business Partnerships
13(1)
Hacktivism
13(1)
Attack Stages
13(1)
Choosing a Penetration Testing Vendor
14(2)
Preparing for the Test
16(1)
Summary
17(4)
Legal and Ethical Considerations
21(14)
Ethics of Penetration Testing
21(2)
Laws
23(8)
U.S. Laws Pertaining to Hacking
24(1)
1973 U.S. Code of Fair Information Practices
25(1)
1986 Computer Fraud and Abuse Act (CFAA)
25(2)
State Laws
27(1)
Regulatory Laws
28(1)
1996 U.S. Kennedy-Kasselbaum Health Insurance Portability and Accountability Act (HIPAA)
28(1)
Graham-Leach-Bliley (GLB)
29(1)
USA Patriot ACT
30(1)
2002 Federal Information Security Management Act (FISMA)
30(1)
2003 Sarbanes-Oxley Act (SOX)
30(1)
Non-U.S. Laws Pertaining to Hacking
31(1)
Logging
31(1)
To Fix or Not to Fix
32(1)
Summary
32(3)
Creating a Test Plan
35(12)
Step-by-Step Plan
35(2)
Defining the Scope
36(1)
Social Engineering
36(1)
Session Hijacking
36(1)
Trojan/Backdoor
37(1)
Open-Source Security Testing Methodology Manual
37(3)
Documentation
40(4)
Executive Summary
40(2)
Project Scope
42(1)
Results Analysis
42(2)
Summary
44(1)
Appendixes
44(1)
Summary
44(3)
Part II Performing the Test
47(486)
Performing Social Engineering
49(28)
Human Psychology
50(5)
Conformity Persuasion
50(1)
Logic Persuasion
51(1)
Need-Based Persuasion
52(1)
Authority-Based Persuasion
53(1)
Reciprocation-Based Social Engineering
53(1)
Similarity-Based Social Engineering
54(1)
Information-Based Social Engineering
54(1)
What It Takes to Be a Social Engineer
55(5)
Using Patience for Social Engineering
56(1)
Using Confidence for Social Engineering
57(1)
Using Trust for Social Engineering
58(1)
Using Inside Knowledge for Social Engineering
59(1)
First Impressions and the Social Engineer
60(1)
Tech Support Impersonation
61(1)
Third-Party Impersonation
62(2)
E-Mail Impersonation
64(5)
End User Impersonation
69(1)
Customer Impersonation
69(1)
Reverse Social Engineering
70(1)
Protecting Against Social Engineering
71(1)
Case Study
72(3)
Summary
75(2)
Performing Host Reconnaissance
77(50)
Passive Host Reconnaissance
78(11)
A Company Website
79(8)
Edgar Filings
87(1)
NNTP Usenet Newsgroups
87(1)
User Group Meetings
88(1)
Business Partners
88(1)
Active Host Reconnaissance
89(7)
NSLookup/Whois Lookups
89(3)
SamSpade
92(3)
Visual Route
95(1)
Port Scanning
96(6)
TCP Connect() Scan
98(1)
SYN Scan
99(1)
NULL Scan
99(1)
FIN Scan
100(1)
ACK Scan
100(1)
Xmas-Tree Scan
101(1)
Dumb Scan
101(1)
NMap
102(7)
NMap Switches and Techniques
103(2)
Compiling and Testing NMap
105(1)
Fingerprinting
106(1)
Footprinting
107(2)
Detecting a Scan
109(9)
Intrusion Detection
109(1)
Anomaly Detection Systems
109(1)
Misuse Detection System
109(1)
Host-Based IDSs
110(1)
Network-Based IDSs
110(1)
Network Switches
111(1)
Examples of Scan Detection
112(1)
Detecting a TCP Connect() Scan
113(1)
Detecting a SYN Scan
114(1)
Detecting FIN, NULL, and Xmas-Tree Scans
115(2)
Detecting OS Guessing
117(1)
Case Study
118(4)
Summary
122(5)
Understanding and Attempting Session Hijacking
127(50)
Defining Session Hijacking
127(4)
Nonblind Spoofing
128(1)
Blind Spoofing
129(1)
TCP Sequence Prediction (Blind Hijacking)
130(1)
Tools
131(6)
Juggernaut
131(3)
Hunt
134(2)
TTY-Watcher
136(1)
T-Sight
136(1)
Other Tools
137(1)
Beware of ACK Storms
137(2)
Kevin Mitnick's Session Hijack Attack
139(4)
Detecting Session Hijacking
143(24)
Detecting Session Hijacking with a Packet Sniffer
145(1)
Configuring Ethereal
145(2)
Watching a Hijacking with Ethereal
147(6)
Detecting Session Hijacking with Cisco IDS
153(3)
Signature 1300: TCP Segment Overwrite
156(1)
Signature 3250: TCP Hijack
157(5)
Signature 3251: TCP Hijacking Simplex Mode
162(2)
Watching a Hijacking with IEV
164(3)
Protecting Against Session Hijacking
167(1)
Case Study
168(5)
Summary
173(1)
Resources
174(3)
Performing Web Server Attacks
177(70)
Understanding Web Languages
177(19)
HTML
179(2)
DHTML
181(2)
XML
183(1)
XHTML
184(1)
JavaScript
185(1)
JScript
186(1)
VBScript
186(1)
Perl
187(1)
ASP
188(3)
CGI
191(1)
PHP Hypertext Preprocessor
192(1)
ColdFusion
193(1)
Java Once Called Oak
193(1)
Client-Based Java
194(1)
Server-Based Java
194(2)
Website Architecture
196(2)
E-Commerce Architecture
198(5)
Apache HTTP Server Vulnerabilities
199(1)
IIS Web Server
199(1)
Showcode.asp
200(1)
Privilege Escalation
201(1)
Buffer Overflows
202(1)
Web Page Spoofing
203(2)
Cookie Guessing
205(4)
Hidden Fields
207(2)
Brute Force Attacks
209(8)
Brutus
211(1)
HTTP Brute Forcer
211(1)
Detecting a Brute Force Attack
212(3)
Protecting Against Brute Force Attacks
215(2)
Tools
217(8)
NetCat
217(1)
Vulnerability Scanners
218(3)
IIS Xploit
221(1)
execiis-win32.exe
221(1)
CleanIISLog
222(1)
IntelliTamper
222(1)
Web Server Banner Grabbing
223(1)
Hacking with Google
224(1)
Detecting Web Attacks
225(7)
Detecting Directory Traversal
226(2)
Detecting Whisker
228(4)
Protecting Against Web Attacks
232(6)
Securing the Operating System
232(2)
Securing Web Server Applications
234(1)
IIS
234(2)
Apache
236(1)
Securing Website Design
236(1)
Securing Network Architecture
237(1)
Case Study
238(6)
Summary
244(3)
Performing Database Attacks
247(32)
Defining Databases
249(4)
Oracle
250(1)
Structure
250(1)
SQL
250(1)
MySQL
251(1)
Structure
251(1)
SQL
251(1)
SQL Server
252(1)
Structure
252(1)
SQL
253(1)
Database Default Accounts
253(1)
Testing Database Vulnerabilities
253(8)
SQL Injection
256(1)
System Stored Procedures
257(2)
xp_cmdshell
259(1)
Connection Strings
259(1)
Password Cracking/Brute Force Attacks
260(1)
Securing Your SQL Server
261(5)
Authentication
261(2)
Service Accounts
263(1)
Public Role
263(1)
Guest Account
264(1)
Sample Databases
264(1)
Network Libraries
264(1)
Ports
265(1)
Detecting Database Attacks
266(4)
Auditing
266(2)
Failed Logins
268(1)
System Stored Procedures
269(1)
SQL Injection
270(1)
Protecting Against Database Attacks
270(2)
Case Study
272(5)
Summary
277(1)
References and Further Reading
277(2)
Password Cracking
279(42)
Password Hashing
280(4)
Using Salts
282(1)
Microsoft Password Hashing
282(2)
UNIX Password Hashing
284(1)
Password-Cracking Tools
284(21)
John the Ripper
285(2)
Pwdump3
287(2)
L0phtcrack
289(9)
Nutcracker
298(1)
Hypnopaedia
299(1)
Snadboy Revelation
300(2)
Boson GetPass
302(1)
RainbowCrack
303(2)
Detecting Password Cracking
305(4)
Network Traffic
306(1)
System Log Files
306(1)
Account Lockouts
307(1)
Physical Access
308(1)
Dumpster Diving and Key Logging
308(1)
Social Engineering
308(1)
Protecting Against Password Cracking
309(7)
Password Auditing
309(1)
Logging Account Logins
309(2)
Account Locking
311(1)
Password Settings
311(1)
Password Length
312(1)
Password Expiration
312(1)
Password History
313(1)
Physical Protection
313(2)
Employee Education and Policy
315(1)
Case Study
316(3)
Summary
319(2)
Attacking the Network
321(28)
Bypassing Firewalls
321(2)
Evading Intruder Detection Systems
323(1)
Testing Routers for Vulnerabilities
324(9)
CDP
324(2)
HTTP Service
326(2)
Password Cracking
328(1)
Modifying Routing Tables
329(4)
Testing Switches for Vulnerabilities
333(4)
VLAN Hopping
333(1)
Spanning Tree Attacks
334(1)
MAC Table Flooding
335(1)
ARP Attacks
335(1)
VTP Attacks
336(1)
Securing the Network
337(5)
Securing Firewalls
337(1)
Securing Routers
338(1)
Disabling CDP
338(1)
Disabling or Restricting the HTTP Service
338(1)
Securing Router Passwords
338(1)
Enabling Authentication for Routing Protocols
339(2)
Securing Switches
341(1)
Securing Against VLAN Hopping
341(1)
Securing Against Spanning Tree Attacks
341(1)
Securing Against MAC Table Flooding and ARP Attacks
341(1)
Securing Against VTP Attacks
342(1)
Case Study
342(5)
Summary
347(2)
Scanning and Penetrating Wireless Networks
349(18)
History of Wireless Networks
349(1)
Antennas and Access Points
350(1)
Wireless Security Technologies
351(2)
Service Set Identifiers (SSIDs)
351(1)
Wired Equivalent Privacy (WEP)
352(1)
MAC Filtering
352(1)
802.1x Port Security
352(1)
IPSec
353(1)
War Driving
353(1)
Tools
354(3)
NetStumbler
354(1)
StumbVerter
354(1)
DStumbler
355(1)
Kismet
355(1)
GPSMap
356(1)
AiroPeek NX
357(1)
AirSnort
357(1)
WEPCrack
357(1)
Detecting Wireless Attacks
357(5)
Unprotected WLANs
357(1)
DoS Attacks
358(1)
Rogue Access Points
358(1)
MAC Address Spoofing
358(1)
Unallocated MAC Addresses
359(1)
Preventing Wireless Attacks
359(2)
Preventing Man-in-the-Middle Attacks
361(1)
Establishing and Enforcing Standards for Wireless Networking
362(1)
Case Study
362(3)
Summary
365(2)
Using Trojans and Backdoor Applications
367(72)
Trojans, Viruses, and Backdoor Applications
367(1)
Common Viruses and Worms
368(10)
Chernobyl
369(1)
I Love You
370(1)
Melissa
371(1)
BugBear
372(1)
MyDoom
373(1)
W32/Klez
373(2)
Blaster
375(1)
SQL Slammer
376(1)
Sasser
377(1)
Trojans and Backdoors
378(45)
Back Orifice 2000
378(11)
Tini
389(1)
Donald Dick
390(5)
Rootkit
395(1)
NetCat
395(3)
SubSeven
398(13)
Brown Orifice
411(1)
Beast
412(1)
Beast Server Settings
412(5)
Beast Client
417(6)
Detecting Trojans and Backdoor Applications
423(9)
MD5 Checksums
424(1)
Monitoring Ports Locally
424(2)
Netstat
426(2)
fport
428(1)
TCPView
429(1)
Monitoring Ports Remotely
429(1)
Anti-virus and Trojan Scanners Software
430(1)
Intrusion Detection Systems
431(1)
Prevention
432(1)
Case Study
433(3)
Summary
436(3)
Penetrating UNIX, Microsoft, and Novell Servers
439(22)
General Scanners
440(5)
Nessus
440(1)
SAINT
441(1)
SARA
442(2)
ISS
444(1)
NetRecon
445(1)
UNIX Permissions and Root Access
445(3)
Elevation Techniques
446(1)
Stack Smashing Exploit
446(1)
rpc.statd Exploit
446(1)
irix-login.c
447(1)
Rootkits
447(1)
Linux Rootkit IV
447(1)
Beastkit
448(1)
Microsoft Security Models and Exploits
448(2)
Elevation Techniques
449(1)
PipeUpAdmin
449(1)
HK
449(1)
Rootkits
450(1)
Novell Server Permissions and Vulnerabilities
450(2)
Pandora
451(1)
NovelFFS
451(1)
Detecting Server Attacks
452(1)
Preventing Server Attacks
452(4)
Case Study
456(2)
Summary
458(3)
Understanding and Attempting Buffer Overflows
461(20)
Memory Architecture
461(4)
Stacks
461(3)
Heaps
464(1)
NOPs
464(1)
Buffer Overflow Examples
465(8)
Simple Example
465(1)
Linux Privilege Escalation
466(5)
Windows Privilege Escalation
471(2)
Preventing Buffer Overflows
473(3)
Library Tools to Prevent Buffer Overflows
475(1)
Compiler-Based Solutions to Prevent Buffer Overflows
475(1)
Using a Non-Executable Stack to Prevent Buffer Overflows
475(1)
Case Study
476(3)
Summary
479(2)
Denial-of-Service Attacks
481(20)
Types of DoS Attacks
483(3)
Ping of Death
483(1)
Smurf and Fraggle
484(1)
LAND Attack
485(1)
SYN Flood
486(1)
Tools for Executing DoS Attacks
486(3)
Datapool
486(2)
Jolt2
488(1)
Hgod
489(1)
Other Tools
489(1)
Detecting DoS Attacks
489(4)
Appliance Firewalls
490(1)
Host-Based IDS
490(1)
Signature-Based Network IDS
490(3)
Network Anomaly Detectors
493(1)
Preventing DoS Attacks
493(4)
Hardening
494(1)
Network Hardening
494(2)
Application Hardening
496(1)
Intrusion Detection Systems
497(1)
Case Study
497(2)
Summary
499(2)
Case Study: A Methodical Step-By-Step Penetration Test
501(32)
Case Study: LCN Gets Tested
503(30)
Planning the Attack
503(1)
Gathering Information
504(6)
Scanning and Enumeration
510(1)
External Scanning
511(1)
Wireless Scanning
511(1)
Gaining Access
512(1)
Gaining Access via the Website
512(10)
Gaining Access via Wireless
522(2)
Maintain Access
524(1)
Covering Tracks
524(1)
Writing the Report
524(1)
DAWN Security
525(1)
Executive Summary
525(1)
Objective
525(1)
Methodology
525(1)
Findings
526(1)
Summary
526(1)
Graphical Summary
526(1)
Technical Testing Report
527(1)
Black-Box Testing
527(3)
Presenting and Planning the Follow-Up
530(3)
Part III Appendixes
533(38)
Appendix A Preparing a Security Policy
535(12)
Appendix B Tools
547(24)
Glossary 571(12)
Index 583

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.