Network Security Assessment
Know Your Network
(Sprache: Englisch)
How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration...
Leider schon ausverkauft
versandkostenfrei
Buch
41.00 €
Produktdetails
Produktinformationen zu „Network Security Assessment “
How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, military, and commercial networks. With this book, you can adopt, refine, and reuse this testing model to design and deploy networks that are hardened and immune from attack.
Network Security Assessment demonstrates how a determined attacker scours Internet-based networks in search of vulnerable components, from the network to the application level. This new edition is up-to-date on the latest hacking techniques, but rather than focus on individual issues, it looks at the bigger picture by grouping and analyzing threats at a high-level. By grouping threats in this way, you learn to create defensive strategies against entire attack categories, providing protection now and into the future.
Network Security Assessment helps you assess:
* Web services, including Microsoft IIS, Apache, Tomcat, and subsystems such as OpenSSL, Microsoft FrontPage, and Outlook Web Access (OWA)
* Web application technologies, including ASP, JSP, PHP, middleware, and backend databases such as MySQL, Oracle, and Microsoft SQL Server
* Microsoft Windows networking components, including RPC, NetBIOS, and CIFS services
* SMTP, POP3, and IMAP email services
* IP services that provide secure inbound network access, including IPsec, Microsoft PPTP, and SSL VPNs
* Unix RPC services on Linux, Solaris, IRIX, and other platforms
* Various types of application-level vulnerabilities that hacker tools and scripts exploit
Assessment is the first step any organization should take to start managing information risks correctly. With techniques to identify and assess risks in line with CESG CHECK and NSA IAM government standards, Network Security Assessment gives you a precise method to do just that.
Klappentext zu „Network Security Assessment “
How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, military, and commercial networks. With this book, you can adopt, refine, and reuse this testing model to design and deploy networks that are hardened and immune from attack.Network Security Assessment demonstrates how a determined attacker scours Internet-based networks in search of vulnerable components, from the network to the application level. This new edition is up-to-date on the latest hacking techniques, but rather than focus on individual issues, it looks at the bigger picture by grouping and analyzing threats at a high-level. By grouping threats in this way, you learn to create defensive strategies against entire attack categories, providing protection now and into the future.
Network Security Assessment helps you assess:
Web services, including Microsoft IIS, Apache, Tomcat, and subsystems such as OpenSSL, Microsoft FrontPage, and Outlook Web Access (OWA)
Web application technologies, including ASP, JSP, PHP, middleware, and backend databases such as MySQL, Oracle, and Microsoft SQL Server
Microsoft Windows networking components, including RPC, NetBIOS, and CIFS services
SMTP, POP3, and IMAP email services
IP services that provide secure inbound network access, including IPsec, Microsoft PPTP, and SSL VPNs
Unix RPC services on Linux, Solaris, IRIX, and other platforms
Various types of application-level vulnerabilities that hacker tools and scripts exploit
Assessment is the first step any organization should take to start managing information risks correctly. With techniques to identify and assess risks in line with CESG CHECK and NSA IAM government standards, Network Security Assessment gives you a precise method to do just that.
How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, military, and commercial networks. With this book, you can adopt, refine, and reuse this testing model to design and deploy networks that are hardened and immune from attack.
Network Security Assessment demonstrates how a determined attacker scours Internet-based networks in search of vulnerable components, from the network to the application level. This new edition is up-to-date on the latest hacking techniques, but rather than focus on individual issues, it looks at the bigger picture by grouping and analyzing threats at a high-level. By grouping threats in this way, you learn to create defensive strategies against entire attack categories, providing protection now and into the future.
Network Security Assessment helps you assess:
- Web services, including Microsoft IIS, Apache, Tomcat, and subsystems such as OpenSSL, Microsoft FrontPage, and Outlook Web Access (OWA)
- Web application technologies, including ASP, JSP, PHP, middleware, and backend databases such as MySQL, Oracle, and Microsoft SQL Server
- Microsoft Windows networking components, including RPC, NetBIOS, and CIFS services
- SMTP, POP3, and IMAP email services
- IP services that provide secure inbound network access, including IPsec, Microsoft PPTP, and SSL VPNs
- Unix RPC services on Linux, Solaris, IRIX, and other platforms
- Various types of application-level vulnerabilities that hacker tools and scripts exploit
Assessment is the first step any organization should take to start managing information risks correctly. With techniques to identify and assess risks in line with CESG CHECK and NSA IAM government standards, Network Security Assessment gives you a precise method to do just that.
Network Security Assessment demonstrates how a determined attacker scours Internet-based networks in search of vulnerable components, from the network to the application level. This new edition is up-to-date on the latest hacking techniques, but rather than focus on individual issues, it looks at the bigger picture by grouping and analyzing threats at a high-level. By grouping threats in this way, you learn to create defensive strategies against entire attack categories, providing protection now and into the future.
Network Security Assessment helps you assess:
- Web services, including Microsoft IIS, Apache, Tomcat, and subsystems such as OpenSSL, Microsoft FrontPage, and Outlook Web Access (OWA)
- Web application technologies, including ASP, JSP, PHP, middleware, and backend databases such as MySQL, Oracle, and Microsoft SQL Server
- Microsoft Windows networking components, including RPC, NetBIOS, and CIFS services
- SMTP, POP3, and IMAP email services
- IP services that provide secure inbound network access, including IPsec, Microsoft PPTP, and SSL VPNs
- Unix RPC services on Linux, Solaris, IRIX, and other platforms
- Various types of application-level vulnerabilities that hacker tools and scripts exploit
Assessment is the first step any organization should take to start managing information risks correctly. With techniques to identify and assess risks in line with CESG CHECK and NSA IAM government standards, Network Security Assessment gives you a precise method to do just that.
Inhaltsverzeichnis zu „Network Security Assessment “
InhaltsverzeichnisForeword Preface 1. Network Security Assessment The Business Benefits IP: The Foundation of the Internet Classifying Internet-Based Attackers Assessment Service Definitions Network Security Assessment Methodology The Cyclic Assessment Approach 2. Network Security Assessment Platform Virtualization Software Operating Systems Reconnaissance Tools Network Scanning Tools Exploitation Frameworks Web Application Testing Tools 3. Internet Host and Network Enumeration Querying Web and Newsgroup Search Engines Querying Domain WHOIS Registrars Querying IP WHOIS Registrars BGP Querying DNS Querying Web Server Crawling Automating Enumeration SMTP Probing Enumeration Technique Recap Enumeration Countermeasures 4. IP Network Scanning ICMP Probing TCP Port Scanning UDP Port Scanning IDS Evasion and Filter Circumvention Low-Level IP Assessment Network Scanning Recap Network Scanning Countermeasures 5. Assessing Remote Information Services Remote Information Services DNS Finger Auth NTP SNMP LDAP rwho RPC rusers Remote Information Services Countermeasures 6. Assessing Web Servers Web Servers Fingerprinting Accessible Web Servers Identifying and Assessing Reverse Proxy Mechanisms Enumerating Virtual Hosts and Web Sites Identifying Subsystems and Enabled Components Investigating Known Vulnerabilities Basic Web Server Crawling Web Servers Countermeasures 7. Assessing Web Applications Web Application Technologies Overview Web Application Profiling Web Application Attack Strategies Web Application Vulnerabilities Web Security Checklist 8. Assessing Remote Maintenance Services Remote Maintenance Services FTP SSH Telnet R-Services X Windows Citrix Microsoft Remote Desktop
... mehr
Protocol VNC Remote Maintenance Services Countermeasures 9. Assessing Database Services Microsoft SQL Server Oracle MySQL Database Services Countermeasures 10. Assessing Windows Networking Services Microsoft Windows Networking Services Microsoft RPC Services The NetBIOS Name Service The NetBIOS Datagram Service The NetBIOS Session Service The CIFS Service Unix Samba Vulnerabilities Windows Networking Services Countermeasures 11. Assessing Email Services Email Service Protocols SMTP POP-2 and POP-3 IMAP Email Services Countermeasures 12. Assessing IP VPN Services IPsec VPNs Attacking IPsec VPNs Microsoft PPTP SSL VPNs VPN Services Countermeasures 13. Assessing Unix RPC Services Enumerating Unix RPC Services RPC Service Vulnerabilities Unix RPC Services Countermeasures 14. Application-Level Risks The Fundamental Hacking Concept Why Software Is Vulnerable Network Service Vulnerabilities and Attacks Classic Buffer-Overflow Vulnerabilities Heap Overflows Integer Overflows Format String Bugs Memory Manipulation Attacks Recap Mitigating Process Manipulation Risks Recommended Secure Development Reading 15. Running Nessus Nessus Architecture Deployment Options and Prerequisites Nessus Installation Configuring Nessus Running Nessus Nessus Reporting Running Nessus Recap 16. Exploitation Frameworks Metasploit Framework CORE IMPACT Immunity CANVAS Exploitation Frameworks Recap A. TCP, UDP Ports, and ICMP Message TypesB. Sources of Vulnerability InformationC. Exploit Framework ModulesIndex
... weniger
Autoren-Porträt von Chris Mcnab
Chris McNab is the technical director of Matta, a vendor-independent security consulting outfit based in the United Kingdom. Since 2000, Chris has presented and run applied hacking courses across Europe, training a large number of financial, retail, and government clients in practical attack and penetration techniques, so that they can assess and protect their own networks effectively.
Bibliographische Angaben
- Autor: Chris Mcnab
- 2007, 2nd ed., 464 Seiten, mit Abbildungen, Maße: 17,6 x 23,6 cm, Kartoniert (TB), Englisch
- Verlag: O'Reilly Media
- ISBN-10: 0596510306
- ISBN-13: 9780596510305
Sprache:
Englisch
Kommentar zu "Network Security Assessment"
0 Gebrauchte Artikel zu „Network Security Assessment“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "Network Security Assessment".
Kommentar verfassen