SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Register your product to gain access to bonus material or receive a coupon.
The practical guide to simulating, detecting, and responding to network attacks
Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.
Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.
Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.
Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.
“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”
–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®
Building a Human Firewall: Raising Awareness to Protect Against Social Engineering
Penetration Testing and Network Defense: Performing Host Reconnaissance
Download - 544 KB -- Chapter 5: Performing Host Reconnaissance
Download the sample pages (includes Chapter 3 and Index)
Foreword
Introduction
Part I Overview of Penetration Testing
Chapter 1 Understanding Penetration Testing
Defining Penetration Testing
Assessing the Need for Penetration Testing
Proliferation of Viruses and Worms
Wireless LANs
Complexity of Networks Today
Frequency of Software Updates
Availability of Hacking Tools
The Nature of Open Source
Reliance on the Internet
Unmonitored Mobile Users and Telecommuters
Marketing Demands
Industry Regulations
Administrator Trust
Business Partnerships
Hacktivism
Attack Stages
Choosing a Penetration Testing Vendor
Preparing for the Test
Summary
Chapter 2 Legal and Ethical Considerations
Ethics of Penetration Testing
Laws
U.S. Laws Pertaining to Hacking
1973 U.S. Code of Fair Information Practices
1986 Computer Fraud and Abuse Act (CFAA)
State Laws
Regulatory Laws
1996 U.S. Kennedy-Kasselbaum Health Insurance Portability and Accountability
Act (HIPAA)
Graham-Leach-Bliley (GLB)
USA PATRIOT ACT
2002 Federal Information Security Management Act (FISMA)
2003 Sarbanes-Oxley Act (SOX)
Non-U.S. Laws Pertaining to Hacking
Logging
To Fix or Not to Fix
Summary
Chapter 3 Creating a Test Plan
Step-by-Step Plan
Defining the Scope
Social Engineering
Session Hijacking
Trojan/Backdoor
Open-Source Security Testing Methodology Manual
Documentation
Executive Summary
Project Scope
Results Analysis
Summary
Appendixes
Summary
Part II Performing the Test
Chapter 4 Performing Social Engineering
Human Psychology
Conformity Persuasion
Logic Persuasion
Need-Based Persuasion
Authority-Based Persuasion
Reciprocation-Based Social Engineering
Similarity-Based Social Engineering
Information-Based Social Engineering
What It Takes to Be a Social Engineer
Using Patience for Social Engineering
Using Confidence for Social Engineering
Using Trust for Social Engineering
Using Inside Knowledge for Social Engineering
First Impressions and the Social Engineer
Tech Support Impersonation
Third-Party Impersonation
E-Mail Impersonation
End User Impersonation
Customer Impersonation
Reverse Social Engineering
Protecting Against Social Engineering
Case Study
Summary
Chapter 5 Performing Host Reconnaissance
Passive Host Reconnaissance
A Company Website
EDGAR Filings
NNTP USENET Newsgroups
User Group Meetings
Business Partners
Active Host Reconnaissance
NSLookup/Whois Lookups
SamSpade
Visual Route
Port Scanning
TCP Connect() Scan
SYN Scan
NULL Scan
FIN Scan
ACK Scan
Xmas-Tree Scan
Dumb Scan
NMap
NMap Switches and Techniques
Compiling and Testing NMap
Fingerprinting
Footprinting
Detecting a Scan
Intrusion Detection
Anomaly Detection Systems
Misuse Detection System
Host-Based IDSs
Network-Based IDSs
Network Switches
Examples of Scan Detection
Detecting a TCP Connect() Scan
Detecting a SYN Scan
Detecting FIN, NULL, and Xmas-Tree Scans
Detecting OS Guessing
Case Study
Summary
Chapter 6 Understanding and Attempting Session Hijacking
Defining Session Hijacking
Nonblind Spoofing
Blind Spoofing
TCP Sequence Prediction (Blind Hijacking)
Tools
Juggernaut
Hunt
TTY-Watcher
T-Sight
Other Tools
Beware of ACK Storms
Kevin Mitnick’s Session Hijack Attack
Detecting Session Hijacking
Detecting Session Hijacking with a Packet Sniffer
Configuring Ethereal
Watching a Hijacking with Ethereal
Detecting Session Hijacking with Cisco IDS
Signature 1300: TCP Segment Overwrite
Signature 3250: TCP Hijack
Signature 3251: TCP Hijacking Simplex Mode
Watching a Hijacking with IEV
Protecting Against Session Hijacking
Case Study
Summary
Resources
Chapter 7 Performing Web Server Attacks
Understanding Web Languages
HTML
DHTML
XML
XHTML
JavaScript
JScript
VBScript
Perl
ASP
CGI
PHP Hypertext Preprocessor
ColdFusion
Java Once Called Oak
Client-Based Java
Server-Based Java
Website Architecture
E-Commerce Architecture
Apache HTTP Server Vulnerabilities
IIS Web Server
Showcode.asp
Privilege Escalation
Buffer Overflows
Web Page Spoofing
Cookie Guessing
Hidden Fields
Brute Force Attacks
Brutus
HTTP Brute Forcer
Detecting a Brute Force Attack
Protecting Against Brute Force Attacks
Tools
NetCat
Vulnerability Scanners
IIS Xploit
execiis-win32.exe
CleanIISLog
IntelliTamper
Web Server Banner Grabbing
Hacking with Google
Detecting Web Attacks
Detecting Directory Traversal
Detecting Whisker
Protecting Against Web Attacks
Securing the Operating System
Securing Web Server Applications
IIS
Apache
Securing Website Design
Securing Network Architecture
Case Study
Summary
Chapter 8 Performing Database Attacks
Defining Databases
Oracle
Structure
SQL
MySQL
Structure
SQL
SQL Server
Structure
SQL
Database Default Accounts
Testing Database Vulnerabilities
SQL Injection
System Stored Procedures
xp_cmdshell
Connection Strings
Password Cracking/Brute Force Attacks
Securing Your SQL Server
Authentication
Service Accounts
Public Role
Guest Account
Sample Databases
Network Libraries
Ports
Detecting Database Attacks
Auditing
Failed Logins
System Stored Procedures
SQL Injection
Protecting Against Database Attacks
Case Study
Summary
References and Further Reading
Chapter 9 Password Cracking
Password Hashing
Using Salts
Microsoft Password Hashing
UNIX Password Hashing
Password-Cracking Tools
John the Ripper
Pwdump3
L0phtcrack
Nutcracker
Hypnopædia
Snadboy Revelation
Boson GetPass
RainbowCrack
Detecting Password Cracking
Network Traffic
System Log Files
Account Lockouts
Physical Access
Dumpster Diving and Key Logging
Social Engineering
Protecting Against Password Cracking
Password Auditing
Logging Account Logins
Account Locking
Password Settings
Password Length
Password Expiration
Password History
Physical Protection
Employee Education and Policy
Case Study
Summary
Chapter 10 Attacking the Network
Bypassing Firewalls
Evading Intruder Detection Systems
Testing Routers for Vulnerabilities
CDP
HTTP Service
Password Cracking
Modifying Routing Tables
Testing Switches for Vulnerabilities
VLAN Hopping
Spanning Tree Attacks
MAC Table Flooding
ARP Attacks
VTP Attacks
Securing the Network
Securing Firewalls
Securing Routers
Disabling CDP
Disabling or Restricting the HTTP Service
Securing Router Passwords
Enabling Authentication for Routing Protocols
Securing Switches
Securing Against VLAN Hopping
Securing Against Spanning Tree Attacks
Securing Against MAC Table Flooding and ARP Attacks
Securing Against VTP Attacks
Case Study
Summary
Chapter 11 Scanning and Penetrating Wireless Networks
History of Wireless Networks
Antennas and Access Points
Wireless Security Technologies
Service Set Identifiers (SSIDs)
Wired Equivalent Privacy (WEP)
MAC Filtering
802.1x Port Security
IPSec
War Driving
Tools
NetStumbler
StumbVerter
DStumbler
Kismet
GPSMap
AiroPeek NX
AirSnort
WEPCrack
Detecting Wireless Attacks
Unprotected WLANs
DoS Attacks
Rogue Access Points
MAC Address Spoofing
Unallocated MAC Addresses
Preventing Wireless Attacks
Preventing Man-in-the-Middle Attacks
Establishing and Enforcing Standards for Wireless Networking
Case Study
Summary
Chapter 12 Using Trojans and Backdoor Applications
Trojans, Viruses, and Backdoor Applications
Common Viruses and Worms
Chernobyl
I Love You
Melissa
BugBear
MyDoom
W32/Klez
Blaster
SQL Slammer
Sasser
Trojans and Backdoors
Back Orifice 2000
Tini
Donald Dick
Rootkit
NetCat
SubSeven
Brown Orifice
Beast
Beast Server Settings
Beast Client
Detecting Trojans and Backdoor Applications
MD5 Checksums
Monitoring Ports Locally
Netstat
fport
TCPView
Monitoring Ports Remotely
Anti-virus and Trojan Scanners Software
Intrusion Detection Systems
Prevention
Case Study
Summary
Chapter 13 Penetrating UNIX, Microsoft, and Novell Servers
General Scanners
Nessus
SAINT
SARA
ISS
NetRecon
UNIX Permissions and Root Access
Elevation Techniques
Stack Smashing Exploit
rpc.statd Exploit
irix-login.c
Rootkits
Linux Rootkit IV
Beastkit
Microsoft Security Models and Exploits
Elevation Techniques
PipeUpAdmin
HK
Rootkits
Novell Server Permissions and Vulnerabilities
Pandora
NovelFFS
Detecting Server Attacks
Preventing Server Attacks
Case Study
Summary
Chapter 14 Understanding and Attempting Buffer Overflows
Memory Architecture
Stacks
Heaps
NOPs
Buffer Overflow Examples
Simple Example
Linux Privilege Escalation
Windows Privilege Escalation
Preventing Buffer Overflows
Library Tools to Prevent Buffer Overflows
Compiler-Based Solutions to Prevent Buffer Overflows
Using a Non-Executable Stack to Prevent Buffer Overflows
Case Study
Summary
Chapter 15 Denial-of-Service Attacks
Types of DoS Attacks
Ping of Death
Smurf and Fraggle
LAND Attack
SYN Flood
Tools for Executing DoS Attacks
Datapool
Jolt2
Hgod
Other Tools
Detecting DoS Attacks
Appliance Firewalls
Host-Based IDS
Signature-Based Network IDS
Network Anomaly Detectors
Preventing DoS Attacks
Hardening
Network Hardening
Application Hardening
Intrusion Detection Systems
Case Study
Summary
Chapter 16 Case Study: A Methodical Step-By-Step Penetration Test
Case Study: LCN Gets Tested
Planning the Attack
Gathering Information
Scanning and Enumeration
External Scanning
Wireless Scanning
Gaining Access
Gaining Access via the Website
Gaining Access via Wireless
Maintain Access
Covering Tracks
Writing the Report
DAWN Security
Executive Summary
Objective
Methodology
Findings
Summary
Graphical Summary
Technical Testing Report
Black-Box Testing
Presenting and Planning the Follow-Up
Part III Appendixes
Appendix A Preparing a Security Policy
Appendix B Tools
Glossary
Appendix B: Tools (PDF)
Download - 122 KB -- Index