0%

Book Description

Plug the gaps in your network's infrastructure with resilient network security models

Key Features

  • Develop a cost-effective and end-to-end vulnerability management program
  • Explore best practices for vulnerability scanning and risk assessment
  • Understand and implement network enumeration with Nessus and Network Mapper (Nmap)

Book Description

Digitization drives technology today, which is why it's so important for organizations to design security mechanisms for their network infrastructures. Analyzing vulnerabilities is one of the best ways to secure your network infrastructure.

This Learning Path begins by introducing you to the various concepts of network security assessment, workflows, and architectures. You will learn to employ open source tools to perform both active and passive network scanning and use these results to analyze and design a threat model for network security. With a firm understanding of the basics, you will then explore how to use Nessus and Nmap to scan your network for vulnerabilities and open ports and gain back door entry into a network. As you progress through the chapters, you will gain insights into how to carry out various key scanning tasks, including firewall detection, OS detection, and access management to detect vulnerabilities in your network.

By the end of this Learning Path, you will be familiar with the tools you need for network scanning and techniques for vulnerability scanning and network protection.

This Learning Path includes content from the following Packt books:

  • Network Scanning Cookbook by Sairam Jetty
  • Network Vulnerability Assessment by Sagar Rahalkar

What you will learn

  • Explore various standards and frameworks for vulnerability assessments and penetration testing
  • Gain insight into vulnerability scoring and reporting
  • Discover the importance of patching and security hardening
  • Develop metrics to measure the success of a vulnerability management program
  • Perform configuration audits for various platforms using Nessus
  • Write custom Nessus and Nmap scripts on your own
  • Install and configure Nmap and Nessus in your network infrastructure
  • Perform host discovery to identify network devices

Who this book is for

This Learning Path is designed for security analysts, threat analysts, and security professionals responsible for developing a network threat model for an organization. Professionals who want to be part of a vulnerability management team and implement an end-to-end robust vulnerability management program will also find this Learning Path useful.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Securing Network Infrastructure
  3. About Packt
    1. Why subscribe?
    2. Packt.com
  4. Contributors
    1. About the authors
    2. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this course
      1. Download the color images
      2. Conventions used
      3. Sections
      4. Getting ready
      5. How to do it…
      6. How it works…
      7. There's more…
      8. See also
      9. Get in touch
      10. Reviews
  6. Introduction to Network Vulnerability Scanning
    1. Basic networks and their components
    2. Network Vulnerability Scanning
      1. Flow of procedures
        1. Discovery
        2. Port scanning
        3. Vulnerability scanning
    3. Uses
    4. Complexity
      1. Scope of the scan
      2. Network architecture
      3. Network access
    5. Response
    6. Summary
  7. Understanding Network Scanning Tools
    1. Introducing Nessus and Nmap
      1. Useful features of Nessus
      2. Policies
      3. Plugin Rules
        1. Customized Reports
      4. Scanners
      5. Various features of Nmap
        1. Host discovery
        2. Scan techniques
        3. Port specification and scan order
        4. Service or version detection
        5. Script scan
        6. OS detection
        7. Timing and performance
        8. Evasion and spoofing
        9. Output
        10. Target specification
    2. Installing and activating Nessus
      1. Getting ready
      2. How to do it …
      3. How it works…
      4. There's more…
    3. Downloading and installing Nmap
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    4. Updating Nessus
      1. Getting ready
      2. How to do it…
      3. There's more…
    5. Updating Nmap
      1. Getting ready
      2. How to do it…
    6. Removing Nessus
      1. Getting ready
      2. How to do it…
      3. There's more…
    7. Removing Nmap
      1. How to do it…
      2. There's more…
  8. Port Scanning
    1. Introduction
    2. How to specify a target
      1. Getting ready
      2. How do it…
      3. How it works...
    3. How to perform host discovery
      1. How do it…
      2. How it works…
    4. How to identify open ports
      1. How do it…
      2. How it works…
    5. How to manage specification and scan order
      1. How do it…
      2. How it works…
    6. How to perform a script and version scan
      1. How do it…
      2. How it works …
    7. How to detect operating system
      1. How do it…
      2. How it works…
    8. How to detect and bypass network protection systems
      1. How do it…
      2. How it works…
    9. How to use Zenmap
      1. How do it…
      2. How it works…
  9. Vulnerability Scanning
    1. Introduction
    2. How to manage Nessus policies
      1. Getting ready
      2. How to do it…
      3. How it works...
    3. How to manage Nessus settings
      1. Getting ready
      2. How to do it…
      3. How it works...
    4. How to manage Nessus user accounts
      1. Getting ready
      2. How to do it…
      3. How it works...
    5. How to choose a Nessus scan template and policy
      1. Getting ready
      2. How to do it…
      3. How it works...
    6. How to perform a vulnerability scan using Nessus
      1. Getting ready
      2. How to do it…
      3. How it works...
    7. How to manage Nessus scans
      1. Getting ready
      2. How to do it…
      3. How it works...
  10. Configuration Audits
    1. Introducing compliance scans
    2. Selecting a compliance scan policy
      1. Plugins
        1. Synopsis
        2. Description
        3. Solution
        4. Plugin information
        5. Risk information
        6. Vulnerability information
        7. Reference information
      2. Compliance standards
      3. Getting ready
      4. How do it…
      5. How it works...
    3. Introducing configuration audits
      1. Database audit
      2. Network device audit
      3. Operating system audit
      4. Application audit
    4. Performing an operating system audit
      1. Getting ready
      2. How do it…
      3. How it works...
    5. Performing a database audit
      1. Getting ready
      2. How do it…
      3. How it works...
    6. Performing a web application scan
      1. Getting ready
      2. How do it…
      3. How it works...
  11. Report Analysis and Confirmation
    1. Introduction
    2. Understanding Nmap outputs
      1. Getting ready
      2. How do it…
      3. How it works...
    3. Understanding Nessus outputs
      1. Nessus
      2. HTML
      3. CSV
      4. Nessus DB
      5. Getting ready
      6. How do it…
      7. How it works...
    4. How to confirm Nessus vulnerabilities using Nmap and other tools
      1. Getting ready
      2. How do it…
      3. How it works...
  12. Understanding the Customization and Optimization of Nessus and Nmap
    1. Introduction
    2. Understanding Nmap Script Engine and its customization
      1. Syntax
      2. Environment variables
      3. Script template
      4. Getting ready
      5. How do it…
      6. How it works...
    3. Understanding the Nessus Audit policy and its customization
      1. Getting ready
      2. How do it…
      3. How it works...
  13. Network Scanning for IoT, SCADA/ICS
    1. Introduction to SCADA/ICS
    2. Using Nmap to scan SCADA/ICS
      1. Getting ready
      2. How do it…
      3. How it works...
      4. There's more...
    3. Using Nessus to scan SCADA/ICS systems
      1. Getting ready
      2. How do it..
      3. How it works...
      4. There's more...
  14. Vulnerability Management Governance
    1. Security basics
      1. The CIA triad
        1. Confidentiality 
        2. Integrity
        3. Availability
      2. Identification
      3. Authentication
      4. Authorization
      5. Auditing 
      6. Accounting 
      7. Non–repudiation 
      8. Vulnerability 
      9. Threats 
      10. Exposure 
      11. Risk 
      12. Safeguards 
      13. Attack vectors 
    2. Understanding the need for security assessments
      1. Types of security tests
        1. Security testing
        2. Vulnerability assessment versus penetration testing
        3. Security assessment
        4. Security audit
    3. Business drivers for vulnerability management
      1. Regulatory compliance
      2. Satisfying customer demands
      3. Response to some fraud/incident
      4. Gaining a competitive edge
      5. Safeguarding/protecting critical infrastructures
    4. Calculating ROIs
    5. Setting up the context
      1. Bottom-up
      2. Top-down
    6. Policy versus procedure versus standard versus guideline
      1. Vulnerability assessment policy template
    7. Penetration testing standards
      1. Penetration testing lifecycle
    8. Industry standards
      1. Open Web Application Security Project testing guide
        1. Benefits of the framework
      2. Penetration testing execution standard
        1. Benefits of the framework
    9. Summary
    10. Exercises
  15. Setting Up the Assessment Environment
    1. Setting up a Kali virtual machine
    2. Basics of Kali Linux
    3. Environment configuration and setup
      1. Web server
      2. Secure Shell (SSH)
      3. File Transfer Protocol (FTP)
      4. Software management
    4. List of tools to be used during assessment
    5. Summary
  16. Security Assessment Prerequisites
    1. Target scoping and planning
    2. Gathering requirements
      1. Preparing a detailed checklist of test requirements
      2. Suitable time frame and testing hours
      3. Identifying stakeholders
    3. Deciding upon the type of vulnerability assessment
      1. Types of vulnerability assessment
        1. Types of vulnerability assessment based on the location
          1. External vulnerability assessment
          2. Internal vulnerability assessment
        2. Based on knowledge about environment/infrastructure
          1. Black-box testing
          2. White-box testing
          3. Gray-box testing
        3. Announced and unannounced testing
        4. Automated testing
          1. Authenticated and unauthenticated scans
          2. Agentless and agent-based scans
        5. Manual testing
    4. Estimating the resources and deliverables
    5. Preparing a test plan
    6. Getting approval and signing NDAs
      1. Confidentiality and nondisclosure agreements
    7. Summary
  17. Information Gathering
    1. What is information gathering?
      1. Importance of information gathering
    2. Passive information gathering
      1. Reverse IP lookup
      2. Site report
      3. Site archive and way-back
      4. Site metadata
      5. Looking for vulnerable systems using Shodan
      6. Advanced information gathering using Maltego
      7. theHarvester
    3. Active information gathering
      1. Active information gathering with SPARTA
      2. Recon-ng
      3. Dmitry
    4. Summary
  18. Enumeration and Vulnerability Assessment
    1. What is enumeration?
    2. Enumerating services
      1. HTTP
      2. FTP
      3. SMTP
      4. SMB
      5. DNS
      6. SSH
      7. VNC
    3. Using Nmap scripts
      1. http-methods
      2. smb-os-discovery
      3. http-sitemap-generator
      4. mysql-info
    4. Vulnerability assessments using OpenVAS
    5. Summary
  19. Gaining Network Access
    1. Gaining remote access
      1. Direct access
      2. Target behind router
    2. Cracking passwords
      1. Identifying hashes
      2. Cracking Windows passwords
      3. Password profiling
      4. Password cracking with Hydra
    3. Creating backdoors using Backdoor Factory
    4. Exploiting remote services using Metasploit
      1. Exploiting vsftpd
      2. Exploiting Tomcat
    5. Hacking embedded devices using RouterSploit
    6. Social engineering using SET
    7. Summary
  20. Assessing Web Application Security
    1. Importance of web application security testing
    2. Application profiling
    3. Common web application security testing tools
    4. Authentication
      1. Credentials over a secure channel
      2. Authentication error messages
      3. Password policy
      4. Method for submitting credentials
      5. OWASP mapping
    5. Authorization
      1. OWASP mapping
    6. Session management
      1. Cookie checks
      2. Cross-Site Request Forgery
      3. OWASP mapping
    7. Input validation
      1. OWASP mapping
    8. Security misconfiguration
      1. OWASP mapping
    9. Business logic flaws
      1. Testing for business logic flaws
    10. Auditing and logging
      1. OWASP mapping
    11. Cryptography
      1. OWASP mapping
    12. Testing tools
      1. OWASP ZAP
      2. Burp Suite
    13. Summary
  21. Privilege Escalation
    1. What is privilege escalation?
    2. Horizontal versus vertical privilege escalation
      1. Horizontal privilege escalation
      2. Vertical privilege escalation
    3. Privilege escalation on Windows
    4. Privilege escalation on Linux
    5. Summary
  22. Maintaining Access and Clearing Tracks
    1. Maintaining access
    2. Clearing tracks and trails
    3. Anti-forensics
    4. Summary
  23. Vulnerability Scoring
    1. Requirements for vulnerability scoring
    2. Vulnerability scoring using CVSS
      1. Base metric group
        1. Exploitability metrics
          1. Attack vector
          2. Attack complexity
          3. Privileges required
          4. User interaction
      2. Scope
        1. Impact metrics
          1. Confidentiality impact
          2. Integrity impact
          3. Availability impact
      3. Temporal metric group
        1. Exploit code maturity
        2. Remediation level
        3. Report confidence
    3. CVSS calculator
    4. Summary
  24. Threat Modeling
    1. What is threat modeling?
    2. Benefits of threat modeling
    3. Threat modeling terminology
    4. How to model threats?
    5. Threat modeling techniques
      1. STRIDE
      2. DREAD
    6. Threat modeling tools
      1. Microsoft Threat Modeling Tool
      2. SeaSponge
    7. Summary
  25. Patching and Security Hardening
    1. Defining patching?
    2. Patch enumeration
      1. Windows patch enumeration
      2. Linux patch enumeration
    3. Security hardening and secure configuration reviews
      1. Using CIS benchmarks
    4. Summary
  26. Vulnerability Reporting and Metrics
    1. Importance of reporting
    2. Type of reports
      1. Executive reports
      2. Detailed technical reports
    3. Reporting tools
      1. Dradis
      2. KeepNote
    4. Collaborative vulnerability management with Faraday v2.6
    5. Metrics
      1. Mean time to detect
      2. Mean time to resolve
      3. Scanner coverage
      4. Scan frequency by asset group
      5. Number of open critical/high vulnerabilities
      6. Average risk by BU, asset group, and so on
      7. Number of exceptions granted
      8. Vulnerability reopen rate
      9. Percentage of systems with no open high/critical vulnerability
      10. Vulnerability ageing
    6. Summary
  27. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think
44.212.26.248