larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Penetration Testing and Network Defense

Book

  • Sorry, this book is no longer in print.
Not for Sale
  • Description
  • Extras
  • Sample Content
  • Updates
  • Copyright 2006
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 624
  • Edition: 1st
  • Book
  • ISBN-10: 1-58705-208-3
  • ISBN-13: 978-1-58705-208-8

The practical guide to simulating, detecting, and responding to network attacks 

  • Create step-by-step testing plans
  • Learn to perform social engineering and host reconnaissance
  • Evaluate session hijacking methods
  • Exploit web server vulnerabilities
  • Detect attempts to breach database security
  • Use password crackers to obtain access information
  • Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
  • Scan and penetrate wireless networks
  • Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
  • Test UNIX, Microsoft, and Novell servers for vulnerabilities
  • Learn the root cause of buffer overflows and how to prevent them
  • Perform and prevent Denial of Service attacks

Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.

Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.

Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.

Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.

“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”

–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®

Online Sample Chapter

Penetration Testing and Network Defense: Performing Host Reconnaissance

Downloadable Sample Chapter

Download - 544 KB -- Chapter 5: Performing Host Reconnaissance

Sample Pages

Download the sample pages (includes Chapter 3 and Index)

Table of Contents

Foreword

Introduction

Part I                 Overview of Penetration Testing

Chapter 1           Understanding Penetration Testing

Defining Penetration Testing

Assessing the Need for Penetration Testing

Proliferation of Viruses and Worms

Wireless LANs

Complexity of Networks Today

Frequency of Software Updates

Availability of Hacking Tools

The Nature of Open Source

 Reliance on the Internet

Unmonitored Mobile Users and Telecommuters

Marketing Demands

Industry Regulations

Administrator Trust

Business Partnerships

Hacktivism

Attack Stages

Choosing a Penetration Testing Vendor

Preparing for the Test

Summary

Chapter 2           Legal and Ethical Considerations

Ethics of Penetration Testing

Laws

U.S. Laws Pertaining to Hacking

1973 U.S. Code of Fair Information Practices

1986 Computer Fraud and Abuse Act (CFAA)

State Laws

Regulatory Laws

1996 U.S. Kennedy-Kasselbaum Health Insurance Portability and Accountability
Act (HIPAA)

Graham-Leach-Bliley (GLB)

USA PATRIOT ACT

2002 Federal Information Security Management Act (FISMA)

2003 Sarbanes-Oxley Act (SOX)

 Non-U.S. Laws Pertaining to Hacking


Logging

To Fix or Not to Fix

Summary

Chapter 3           Creating a Test Plan

Step-by-Step Plan

Defining the Scope

Social Engineering

Session Hijacking

Trojan/Backdoor

Open-Source Security Testing Methodology Manual

Documentation

Executive Summary

Project Scope

Results Analysis

Summary

Appendixes

Summary

Part II                Performing the Test

Chapter 4           Performing Social Engineering

Human Psychology

Conformity Persuasion

Logic Persuasion

Need-Based Persuasion

Authority-Based Persuasion

Reciprocation-Based Social Engineering

Similarity-Based Social Engineering

Information-Based Social Engineering

What It Takes to Be a Social Engineer

Using Patience for Social Engineering

Using Confidence for Social Engineering

Using Trust for Social Engineering

Using Inside Knowledge for Social Engineering

First Impressions and the Social Engineer

Tech Support Impersonation

Third-Party Impersonation

E-Mail Impersonation

End User Impersonation

Customer Impersonation

Reverse Social Engineering

Protecting Against Social Engineering

Case Study

Summary

Chapter 5           Performing Host Reconnaissance

Passive Host Reconnaissance

A Company Website

EDGAR Filings

NNTP USENET Newsgroups

User Group Meetings

Business Partners

Active Host Reconnaissance

NSLookup/Whois Lookups

SamSpade

Visual Route

Port Scanning

TCP Connect() Scan

SYN Scan

NULL Scan

FIN Scan

ACK Scan

Xmas-Tree Scan

Dumb Scan

NMap

NMap Switches and Techniques

Compiling and Testing NMap

Fingerprinting

Footprinting

Detecting a Scan

Intrusion Detection

Anomaly Detection Systems

Misuse Detection System

Host-Based IDSs

Network-Based IDSs

Network Switches

Examples of Scan Detection

Detecting a TCP Connect() Scan

Detecting a SYN Scan

Detecting FIN, NULL, and Xmas-Tree Scans

Detecting OS Guessing


Case Study

Summary

Chapter 6           Understanding and Attempting Session Hijacking

Defining Session Hijacking

Nonblind Spoofing

Blind Spoofing

TCP Sequence Prediction (Blind Hijacking)

Tools

Juggernaut

Hunt

TTY-Watcher

T-Sight

Other Tools

Beware of ACK Storms

Kevin Mitnick’s Session Hijack Attack

Detecting Session Hijacking

Detecting Session Hijacking with a Packet Sniffer

Configuring Ethereal

Watching a Hijacking with Ethereal

Detecting Session Hijacking with Cisco IDS

Signature 1300: TCP Segment Overwrite

Signature 3250: TCP Hijack

Signature 3251: TCP Hijacking Simplex Mode

Watching a Hijacking with IEV

Protecting Against Session Hijacking

Case Study

Summary

Resources

Chapter 7           Performing Web Server Attacks

Understanding Web Languages

HTML

DHTML

XML

XHTML

JavaScript

JScript

VBScript

Perl

ASP

CGI

PHP Hypertext Preprocessor

ColdFusion

Java Once Called Oak

Client-Based Java

Server-Based Java

Website Architecture

E-Commerce Architecture

Apache HTTP Server Vulnerabilities

IIS Web Server

Showcode.asp

Privilege Escalation

Buffer Overflows

Web Page Spoofing

Cookie Guessing

Hidden Fields

Brute Force Attacks

Brutus

HTTP Brute Forcer

Detecting a Brute Force Attack

Protecting Against Brute Force Attacks

Tools

NetCat

Vulnerability Scanners

IIS Xploit

execiis-win32.exe

CleanIISLog

IntelliTamper

Web Server Banner Grabbing

Hacking with Google

Detecting Web Attacks

Detecting Directory Traversal

Detecting Whisker

Protecting Against Web Attacks

Securing the Operating System

Securing Web Server Applications

IIS

Apache


Securing Website Design

Securing Network Architecture

Case Study

Summary

Chapter 8           Performing Database Attacks

Defining Databases

Oracle

Structure

SQL

MySQL

Structure

SQL

SQL Server

Structure

SQL

Database Default Accounts

 Testing Database Vulnerabilities

SQL Injection

System Stored Procedures

xp_cmdshell

Connection Strings

Password Cracking/Brute Force Attacks

Securing Your SQL Server

Authentication

Service Accounts

Public Role

Guest Account

Sample Databases

Network Libraries

Ports

Detecting Database Attacks

Auditing

Failed Logins

System Stored Procedures

SQL Injection

Protecting Against Database Attacks

Case Study

Summary

References and Further Reading


Chapter 9           Password Cracking

Password Hashing

Using Salts

Microsoft Password Hashing

UNIX Password Hashing

Password-Cracking Tools

John the Ripper

Pwdump3

L0phtcrack

Nutcracker

Hypnopædia

Snadboy Revelation

Boson GetPass

RainbowCrack

Detecting Password Cracking

Network Traffic

System Log Files

Account Lockouts

Physical Access

Dumpster Diving and Key Logging

Social Engineering

Protecting Against Password Cracking

Password Auditing

Logging Account Logins

Account Locking

Password Settings

Password Length

Password Expiration

Password History

Physical Protection

Employee Education and Policy

Case Study

Summary

Chapter 10         Attacking the Network

Bypassing Firewalls

Evading Intruder Detection Systems

Testing Routers for Vulnerabilities

CDP

HTTP Service


Password Cracking

Modifying Routing Tables

Testing Switches for Vulnerabilities

VLAN Hopping

Spanning Tree Attacks

MAC Table Flooding

ARP Attacks

VTP Attacks

Securing the Network

Securing Firewalls

Securing Routers

Disabling CDP

Disabling or Restricting the HTTP Service

Securing Router Passwords

Enabling Authentication for Routing Protocols

Securing Switches

Securing Against VLAN Hopping

Securing Against Spanning Tree Attacks

Securing Against MAC Table Flooding and ARP Attacks

Securing Against VTP Attacks

Case Study

Summary

Chapter 11         Scanning and Penetrating Wireless Networks

History of Wireless Networks

Antennas and Access Points

Wireless Security Technologies

Service Set Identifiers (SSIDs)

Wired Equivalent Privacy (WEP)

MAC Filtering

802.1x Port Security

IPSec

War Driving

Tools

NetStumbler

StumbVerter

DStumbler

Kismet

GPSMap

AiroPeek NX

AirSnort

WEPCrack

 Detecting Wireless Attacks

Unprotected WLANs

DoS Attacks

Rogue Access Points

MAC Address Spoofing

Unallocated MAC Addresses

Preventing Wireless Attacks

Preventing Man-in-the-Middle Attacks

Establishing and Enforcing Standards for Wireless Networking

Case Study

Summary

Chapter 12         Using Trojans and Backdoor Applications

Trojans, Viruses, and Backdoor Applications

Common Viruses and Worms

Chernobyl

I Love You

Melissa

BugBear

MyDoom

W32/Klez

Blaster

SQL Slammer

Sasser

Trojans and Backdoors

Back Orifice 2000

 Tini

Donald Dick

Rootkit

NetCat

SubSeven

Brown Orifice

Beast

Beast Server Settings

Beast Client

Detecting Trojans and Backdoor Applications

MD5 Checksums

Monitoring Ports Locally

Netstat

fport

TCPView

Monitoring Ports Remotely

Anti-virus and Trojan Scanners Software

Intrusion Detection Systems

Prevention

Case Study

Summary

Chapter 13         Penetrating UNIX, Microsoft, and Novell Servers

General Scanners

Nessus

SAINT

SARA

ISS

NetRecon

UNIX Permissions and Root Access

Elevation Techniques

Stack Smashing Exploit

rpc.statd Exploit

irix-login.c

Rootkits

Linux Rootkit IV

Beastkit

Microsoft Security Models and Exploits

Elevation Techniques

PipeUpAdmin

HK

Rootkits

Novell Server Permissions and Vulnerabilities

Pandora

NovelFFS

Detecting Server Attacks

Preventing Server Attacks

Case Study

Summary


Chapter 14         Understanding and Attempting Buffer Overflows

Memory Architecture

Stacks

Heaps

NOPs

Buffer Overflow Examples

Simple Example

Linux Privilege Escalation

Windows Privilege Escalation

Preventing Buffer Overflows

Library Tools to Prevent Buffer Overflows

Compiler-Based Solutions to Prevent Buffer Overflows

Using a Non-Executable Stack to Prevent Buffer Overflows

Case Study

Summary

Chapter 15         Denial-of-Service Attacks

Types of DoS Attacks

Ping of Death

Smurf and Fraggle

LAND Attack

SYN Flood

Tools for Executing DoS Attacks

Datapool

Jolt2

Hgod

Other Tools

Detecting DoS Attacks

Appliance Firewalls

Host-Based IDS

Signature-Based Network IDS

Network Anomaly Detectors

Preventing DoS Attacks

Hardening

Network Hardening

Application Hardening

Intrusion Detection Systems

Case Study

Summary


Chapter 16         Case Study: A Methodical Step-By-Step Penetration Test

Case Study: LCN Gets Tested

Planning the Attack

Gathering Information

Scanning and Enumeration

External Scanning

Wireless Scanning

Gaining Access

Gaining Access via the Website

Gaining Access via Wireless

Maintain Access

  Covering Tracks

Writing the Report

DAWN Security

Executive Summary

Objective

Methodology

Findings

Summary

Graphical Summary

Technical Testing Report

Black-Box Testing

Presenting and Planning the Follow-Up

Part III                  Appendixes

Appendix A            Preparing a Security Policy

Appendix B            Tools

Glossary                  

Appendix

Appendix B: Tools (PDF)

Index

Download - 122 KB -- Index

Errata

Errata -- 26 KB

Submit Errata

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020