- Assessing Network Security
- Acknowledgments
- Foreword
- Introduction
- 1. Introduction to Performing Security Assessments
- 2. Key Principles of Security
- Making Security Easy
- Keeping Services Running
- Allowing the Right Users Access to the Right Information
- Defending Every Layer as if It Were the Last Layer of Defense
- Keeping a Record of Attempts to Access Information
- Compartmentalizing and Isolating Resources
- Avoiding the Mistakes Everyone Else Makes
- Controlling the Cost of Meeting Security Objectives
- Risk Management
- Immutable Laws
- Frequently Asked Questions
- Making Security Easy
- 3. Using Vulnerability Scanning to Assess Network Security
- 4. Conducting a Penetration Test
- 5. Performing IT Security Audits
- 6. Reporting Your Findings
- 7. Building and Maintaining Your Security Assessment Skills
- Building Core Skills
- Staying Up-to-Date
- Frequently Asked Questions
- II. Penetration Testing for Nonintrusive Attacks
- 10. Network and Host Discovery
- 11. Port Scanning
- 12. Obtaining Information from a Host
- 13. War Dialing, War Driving, and Bluetooth Attacks
- III. Penetration Testing for Intrusive Attacks
- 14. Automated Vulnerability Detection
- 15. Password Attacks
- 16. Denial of Service Attacks
- 17. Application Attacks
- 18. Database Attacks
- 19. Network Sniffing
- 20. Spoofing
- 21. Session Hijacking
- 22. How Attackers Avoid Detection
- 23. Attackers Using Non-Network Methods to Gain Access
- IV. Security Assessment Case Studies
- 24. Web Threats
- 25. E-Mail Threats
- Client-Level Threats
- Server-Level Threats
- Spam
- Why You Should Be Concerned About Spam
- Tricks and Techniques
- What Is Being Done About Spam
- Frequently Asked Questions
- 26. Domain Controller Threats
- V. Appendixes
- A. Checklists
- Penetration Test Checklists
- Chapter 8: Information Reconnaissance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 14: Automated Vulnerability Detection
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
- Countermeasures Checklists
- Chapter 8: Information Reconnaissance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
- Penetration Test Checklists
- B. References
- Chapter 1: Introduction to Performing Security Assessments
- Chapter 2: Key Principles of Security
- Chapter 3: Using Vulnerability Scanning to Assess Network Security
- Chapter 4: Conducting a Penetration Test
- Chapter 5: Performing IT Security Audits
- Chapter 6: Reporting Your Findings
- Chapter 7: Building and Maintaining Your Security Assessment Skills
- Chapter 8: Information Reconnaisance
- Chapter 9: Host Discovery Using DNS and NetBIOS
- Chapter 10: Network and Host Discovery
- Chapter 11: Port Scanning
- Chapter 12: Obtaining Information from a Host
- Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
- Chapter 14: Automated Vulnerability Detection
- Chapter 15: Password Attacks
- Chapter 16: Denial of Service Attacks
- Chapter 17: Application Attacks
- Chapter 18: Database Attacks
- Chapter 19: Network Sniffing
- Chapter 20: Spoofing
- Chapter 21: Session Hijacking
- Chapter 22: How Attackers Avoid Detection
- Chapter 23: Attackers Using Non-Network Methods to Gain Access
- Chapter 24: Web Threats
- Chapter 25: E-Mail Threats
- Chapter 26: Domain Controller Threats
- Chapter 27: Extranet and VPN Threats
- About the Authors
- A. Checklists
- Index
- About the Authors
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.