A
- A (address) records, Name Server
- AAAA records, Service Locator
- acceptance strategy for risks, Risk Management Strategies
- access, Making Security Easy, Making Security Easy, Immutable Laws, Setting the Goals, Define the Vulnerability, Interrogating a Host, Frequently Asked Questions
- accounts with., Frequently Asked Questions (see )
- administrator, Setting the Goals, Interrogating a Host
- assessments, Define the Vulnerability
- deny as default, Making Security Easy, Immutable Laws
- user, Making Security Easy
- access control lists (ACLs), File Shares
- Account Operators group, Group Information
- accounts, Online Password Testing, Countermeasures, Frequently Asked Questions, Enumerating Services on Your Domain Controller, Enumerating Services on Your Domain Controller, Exploiting Unpatched Domain Controllers, Exploiting Unpatched Domain Controllers, Identifying Group Membership
- Administrator account, Frequently Asked Questions, Exploiting Unpatched Domain Controllers
- identifying nonessential, Enumerating Services on Your Domain Controller
- lockouts, Online Password Testing, Countermeasures
- nonessential, threats from, Enumerating Services on Your Domain Controller
- privileged, attacking, Exploiting Unpatched Domain Controllers
- securing, Identifying Group Membership
- ACK flag, TCP Connect Scans
- ACK numbers, Network-Level Session Hijacking
- ACK scans, FIN Scans
- ACK storms, Hijacking a TCP Session, TCP ACK Packet Storms, ARP Table Modifications
- ACLs (access control lists), File Shares
- Active Directory, Using NetBIOS, Domain Controller Threats, Domain Controller Threats, Password Attacks, Disabling Reversible Encryption, Disabling Reversible Encryption, Educating Users to Use Secure Passwords, Using the System Key Utility, Attacking Privileged Domain Accounts and Groups
- elevation of privileges, Using the System Key Utility
- importance, Domain Controller Threats
- LAN Manager hashes, disabling, Password Attacks
- LDAP with, Using NetBIOS
- password attacks on, Domain Controller Threats
- reversible encryption, disabling, Disabling Reversible Encryption
- Schema Admins, Attacking Privileged Domain Accounts and Groups
- strong passwords, forcing, Disabling Reversible Encryption
- syskey utility, Educating Users to Use Secure Passwords
- active fingerprinting, Fingerprinting
- activism as attacker motivation, Activism
- address (A) records, Name Server
- Address Resolution Protocol., Using Trap Accounts (see )
- administrative policies, assessing, Policy
- administrators, Misconfiguration, Misconfiguration, Setting the Goals, Getting Caught by Security Administrators, Interrogating a Host, Frequently Asked Questions, Frequently Asked Questions, Countermeasures, Exploiting Unpatched Domain Controllers, Exploiting Unpatched Domain Controllers, Exploring the Internal Network
- access penetration goal, Setting the Goals
- accounts for, Frequently Asked Questions, Exploiting Unpatched Domain Controllers
- assessments, role in, Misconfiguration
- being caught by, penetration goal, Getting Caught by Security Administrators
- determining, Exploring the Internal Network
- elevation of privileges attacks, Exploiting Unpatched Domain Controllers
- group, interrogating hosts for, Interrogating a Host
- password attacks using, Frequently Asked Questions
- Spida worm, Countermeasures
- vulnerability from, Misconfiguration
- ADMmutate polymorphic shellcode engine, Canonicalization
- AirMagnet, Detecting Wireless Networks
- AirSnort, Detecting Wireless Networks
- Alerter service, User Sessions
- alternate file streams, Hiding Files on UNIX Systems
- American Registry for Internet Numbers (ARIN), IP Network Block Assignment
- amplification attacks, Flooding Attacks
- anomaly detection, Countermeasures
- Antisniff, Using Trap Accounts
- antivirus software, Enable E-Mail Client Protection, Attaching Malicious Files, What Is Being Done About Spam
- (see also )
- Apache web server, countermeasures for, Frequently Asked Questions
- APIs, Network Deployment Records, Detecting Missing Patches
- detecting database servers, Network Deployment Records
- detecting patches with, Detecting Missing Patches
- application attacks, Ignorance, Vulnerability Scanning, Defining the Target, Operating System Skills, TCP Fingerprinting, Frequently Asked Questions, Countermeasures, Application Attacks, Heap Overruns, Heap Overruns, Countermeasures, Countermeasures, Countermeasures, Integer Overflows, Understanding Session Hijacking, Countermeasures
- buffer overruns., Ignorance (see )
- countermeasures, Countermeasures, Integer Overflows
- enumerating applications, Vulnerability Scanning
- fingerprinting, TCP Fingerprinting, Frequently Asked Questions
- format string bugs, Heap Overruns
- integer overflows, Countermeasures
- managed code, Countermeasures
- overview, Application Attacks
- password storage by applications, Countermeasures
- printf functions, Heap Overruns
- session hijacking, Countermeasures
- skills building, Operating System Skills
- vulnerability scanning targets, as, Defining the Target
- Web applications, Understanding Session Hijacking
- AppShield, Frequently Asked Questions
- architecture, network, Compartmentalizing and Isolating Resources, Compartmentalizing and Isolating Resources, Trace Routing, Manual Detection, Countermeasures
- choke points for, Compartmentalizing and Isolating Resources
- compartmentalization principle for, Compartmentalizing and Isolating Resources
- discovering., Trace Routing (see )
- reviews, Manual Detection, Countermeasures
- ARIN (American Registry for Internet Numbers), IP Network Block Assignment
- ARP (Address Resolution Protocol), Myth #2: Switches Are Immune to Network Sniffing Attacks, Using Trap Accounts, ARP Table Modifications
- network sniffing indication, Using Trap Accounts
- switch table modification, Myth #2: Switches Are Immune to Network Sniffing Attacks
- table modifications, ARP Table Modifications
- ASP.NET XSS countermeasures, Countermeasures
- Assembly language, Compiled Languages
- assessing risks., Misconfiguration, Controlling the Cost of Meeting Security Objectives, Learning to Manage Risk, Learning to Manage Risk, Learning to Manage Risk, Documenting the Security Risks, Documenting the Security Risks, Define the Vulnerability, Interpreted Languages, Scanning Techniques
- (see also )
- access assessments, Define the Vulnerability
- asset identification, Learning to Manage Risk
- documentation, Documenting the Security Risks
- practicing, Interpreted Languages
- ranking systems, Documenting the Security Risks
- setting scope, Learning to Manage Risk
- steps for, Controlling the Cost of Meeting Security Objectives
- threat modeling, Learning to Manage Risk
- tools for., Scanning Techniques (see )
- assessments, security., Misconfiguration (see )
- ASSET framework, Analyzing and Reporting the Results
- asset identification, Learning to Manage Risk
- assumptions, avoiding, Operations
- asymmetric conditions, Flooding Attacks
- attachments, malicious., E-Mail Threats, Countermeasures, Countermeasures, Countermeasures, Countermeasures, Educate Users, Educate Users, Educate Users, Educate Users, Educate Users, Enable E-Mail Client Protection, Enable E-Mail Client Protection, Enable E-Mail Client Protection, Install Antivirus Software, Install Antivirus Software, Install Antivirus Software, Install Antivirus Software, Spoofed E-Mails, Attaching Malicious Files, Attaching Malicious Files, What Is Being Done About Spam
- (see also )
- address book security, Enable E-Mail Client Protection
- antivirus software, Enable E-Mail Client Protection, Attaching Malicious Files, What Is Being Done About Spam
- assessing, Educate Users
- countermeasures, Countermeasures
- default scans, Install Antivirus Software
- defined, E-Mail Threats
- Eicar test file, Install Antivirus Software
- enabling client protection, Educate Users
- Hide Known Extensions option, Educate Users
- LoveLetter worm, Spoofed E-Mails
- Microsoft updates, Countermeasures
- multiple extensions, Educate Users
- Outlook security levels, Educate Users
- policies for, Install Antivirus Software
- scanning recommended, Countermeasures
- server-based threats, Attaching Malicious Files
- user education, Countermeasures
- ZIP files, Install Antivirus Software
- attackers, motivations of, Conducting a Penetration Test, What the Attacker Is Thinking About, What the Attacker Is Thinking About, Financial Gain, Financial Gain, Activism, Activism, Activism, Activism, Activism, Espionage
- activists, Activism
- challenges, Financial Gain
- commercial software vulnerabilities, Financial Gain
- espionage, Activism
- fame, What the Attacker Is Thinking About
- financial gain, What the Attacker Is Thinking About
- former employees, Activism
- industrial espionage, Activism
- information warfare, Espionage
- overview, Conducting a Penetration Test
- revenge, Activism
- Attrib.exe, Countermeasures
- auditing intrusions., Defending Every Layer as if It Were the Last Layer of Defense, Disruption of Service, Detecting Weak Passwords, Tampering with Log Files
- (see also )
- DoS attack audits, Disruption of Service
- recording all attempts principle, Defending Every Layer as if It Were the Last Layer of Defense
- weak password attacks, Detecting Weak Passwords
- audits, security., Policy (see )
- authentication, Document Mitigation Plans, Service Locator, Disabling a Service Set ID Broadcasting, Disabling a Service Set ID Broadcasting, Open System Authentication, Device Detection, Countermeasures, Spoofing E-Mail
- Bluetooth, Device Detection
- e-mail, Spoofing E-Mail
- kerberos, Service Locator
- open system authentication, WEP, Disabling a Service Set ID Broadcasting
- options for strengthening, Document Mitigation Plans
- shared key authentication, WEP, Open System Authentication
- WEP, Disabling a Service Set ID Broadcasting
- Windows Authentication, Countermeasures
- automated review of Web sites, Automated Review
- automated vulnerability assessment., Scanning Techniques (see )
- avoidance strategy for risks, Mitigation
- avoiding detection, How Attackers Avoid Detection, How Attackers Avoid Detection, How Attackers Avoid Detection, How Attackers Avoid Detection, Countermeasures, Countermeasures, Countermeasures, Countermeasures, Countermeasures, Countermeasures, Detection Mechanisms, Countermeasures, Countermeasures, Session Splicing Attacks, Packet Fragmentation Attacks, Fragmentation Time-Out Attacks, Fragmentation Time-Out Attacks, Canonicalization, Canonicalization, Countermeasures, Countermeasures, How Attackers Avoid Detection Post-Intrusion, Countermeasures, Countermeasures, Hiding Files on UNIX Systems, NTFS Alternate File Streams, Steganography, Steganography, Tampering with Log Files, Countermeasures, Countermeasures, Countermeasures, Frequently Asked Questions
- ADMmutate polymorphic shellcode engine, Canonicalization
- alternate file streams, Hiding Files on UNIX Systems
- canonicalization attacks, Canonicalization
- countermeasures, How Attackers Avoid Detection, Countermeasures, Detection Mechanisms, Fragmentation Time-Out Attacks, Tampering with Log Files
- decoy attacks, Countermeasures
- fragmentation attacks, Countermeasures
- fragroute, Countermeasures
- hidden file attribute, Countermeasures
- hiding data, Countermeasures
- IDSs, attacking, Countermeasures
- importance of testing for, How Attackers Avoid Detection
- IPSs, attacking, Countermeasures
- log file tampering, Steganography
- log flooding, How Attackers Avoid Detection
- logging mechanism attacks, Countermeasures
- packet fragmentation attacks, Session Splicing Attacks
- post-intrusion overview, Countermeasures
- renaming or replacing files, NTFS Alternate File Streams
- resource for, Countermeasures
- responsibility for, Frequently Asked Questions
- rootkits, How Attackers Avoid Detection Post-Intrusion
- session splicing attacks, Countermeasures
- slow attacks, Fragmentation Time-Out Attacks
- steganography, Steganography
- syslog attacks, Countermeasures
- techniques, list, How Attackers Avoid Detection
- time-out fragmentation attacks, Packet Fragmentation Attacks
- tools for testing, Countermeasures
- Windows Event Logger attacks, Countermeasures
- avoiding mistakes everyone else makes, principle, Compartmentalizing and Isolating Resources
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.