Home Page Icon
Home Page
Table of Contents for
About the Authors
Close
About the Authors
by David LeBlanc, Kevin Lam, Ben Smith
Assessing Network Security
Assessing Network Security
Acknowledgments
Foreword
Introduction
Who Should Read This Book
Organization of This Book
System Requirements
Support
1. Introduction to Performing Security Assessments
Role of Security Assessments in Network Security
Why Does Network Security Fail?
Human Factors
Policy Factors
Misconfiguration
Poor Assumptions
Ignorance
Failure to Stay Up-to-Date
Types of Security Assessments
Vulnerability Scanning
Enumerate Computers, Operating Systems, and Applications
Identify Common Security Mistakes
Search for Computers with Known Vulnerabilities
Test for Exposure to Common Attacks
Penetration Testing
How Vulnerabilities Are Exploited
Weakness in People and Processes
IT Security Auditing
Frequently Asked Questions
2. Key Principles of Security
Making Security Easy
Keeping Services Running
Allowing the Right Users Access to the Right Information
Defending Every Layer as if It Were the Last Layer of Defense
Keeping a Record of Attempts to Access Information
Compartmentalizing and Isolating Resources
Avoiding the Mistakes Everyone Else Makes
Controlling the Cost of Meeting Security Objectives
Risk Management
Learning to Manage Risk
Setting the Scope
Identifying Assets and Determining Their Value
Predicting Threats and Vulnerabilities to Assets
Documenting the Security Risks
Determining a Risk Management Strategy
Monitoring Assets
Tracking Changes to Risks
Risk Management Strategies
Acceptance
Mitigation
Transference
Avoidance
Immutable Laws
Frequently Asked Questions
3. Using Vulnerability Scanning to Assess Network Security
Setting a Scope for the Project
Defining the Target
Enumeration
Recorded State
Well-Defined Configurations
Defining the Target Scope
Defining Types of Vulnerabilities
Determining Goals
Choosing a Technology
Tools and Managed vs. Unmanaged Targets
Checklist for Evaluating Tools
Creating a Process for Scanning for Vulnerabilities
Detecting Vulnerabilities
Assigning Risk Levels to Vulnerabilities
Identifying Vulnerabilities That Have not Been Remediated
Determining Improvement in Network Security Over Time
Creating a Process for Analyzing the Results
Frequently Asked Questions
4. Conducting a Penetration Test
What the Attacker Is Thinking About
Notoriety, Acceptance, and Ego
Financial Gain
Challenge
Activism
Revenge
Espionage
Information Warfare
Defining the Penetration Test Engagement
Setting the Goals
Gaining Control of Confidential Information
Gaining Administrator Access to a System or Systems
Gaining Physical Access to a Device or Location
Getting Caught by Security Administrators
Compromising Applications
Denying Others Use of a Service
Causing Direct Financial Damage to an Organization
Setting the Scope
Performing the Penetration Test
Locating Areas of Weakness in Network or Application Defenses
Determining How Vulnerabilities Were Compromised
Locating Assets that Could be Accessed, Altered, or Destroyed
Determining Whether the Attack Was Detected
Identifying the Attack Footprint
Making Recommendations
Frequently Asked Questions
5. Performing IT Security Audits
Components of an IT Security Audit
Policy
Administrative Policies
Technical Policies
Physical Policies
Processes and Procedures
Operations
Preliminary Decisions
Legal Considerations
Regulatory Considerations
Operational Considerations
Organizational Considerations
Planning and Performing the Audit
Building Your Audit Framework
Setting the Scope and Timeline
Obtaining Legal and Management Approval
Completing the Audit
Analyzing and Reporting the Results
Frequently Asked Questions
6. Reporting Your Findings
Guidelines for Reporting Your Findings
Concise and Professional
Technically Accurate
Objective
Measurable
Framework for Reporting Your Findings
Define the Vulnerability
Access
Difficulty
Value of the Asset to the Attacker
Document Mitigation Plans
Identify Where Changes Should Occur
Assign Responsibility for Implementing Approved Recommendations
Frequently Asked Questions
7. Building and Maintaining Your Security Assessment Skills
Building Core Skills
Improving Network, Operating System, and Application Skills
Network Skills
Operating System Skills
Application Skills
Developing Programming Skills
Compiled Languages
Interpreted Languages
Practicing Security Assessments
Evaluating Tools
Verifying Results and Countermeasures
Sharpening Your Skills
Building a Network to Practice Security Assessments
Staying Up-to-Date
Finding a Course
Choosing an Instructor
Hands-On Experience
Training Qualifications
Industry Credentials
References
Evaluating materials
Assessing the Training Venue
Choosing a Conference
Vendor-Sponsored
Vendor-Agnostic
Academic
Internet-Based Resources
Internet Mailing Lists
Security Bulletins
Security Websites
Frequently Asked Questions
II. Penetration Testing for Nonintrusive Attacks
8. Information Reconnaissance
Understanding Information Reconnaissance
Registrar Information
Determining Your Registrar Information
Countermeasures
IP Network Block Assignment
Determining Your Organization’s IP Network Block Assignment
Countermeasures
Web Pages
Reviewing Web Server Content
Manual Review
Automated Review
Countermeasures
Search Engines
Reviewing Your Website with Search Engines
Countermeasures
Public Discussion Forums
Taking a Snapshot of Your Organization’s Exposure
Countermeasures
Frequently Asked Questions
10. Network and Host Discovery
Network Sweeping Techniques
ICMP Sweeps
UDP Sweeps
TCP Sweeps
Broadcast Sweeps
Countermeasures
Network Topology Discovery
Trace Routing
Firewalking
Countermeasures
Frequently Asked Questions
11. Port Scanning
TCP Connect Scans
Custom TCP Scans
SYN Scans
FIN Scans
SYN/ACK and ACK Scans
XMAS Scans
Null Scans
Idle Scans
UDP Scans
FTP Bounce Scans
Port Scanning Tips and Tricks
Fragmentation and Port Scans
Port Scanning Countermeasures
Frequently Asked Questions
12. Obtaining Information from a Host
Fingerprinting
IP and ICMP Fingerprinting
TCP Fingerprinting
Countermeasures
Application Fingerprinting
Countermeasures
What’s On That Port?
Interrogating a Host
User Information
Group Information
File Shares
Operating System Information
User Sessions
Service Users
Countermeasures
Frequently Asked Questions
13. War Dialing, War Driving, and Bluetooth Attacks
Modem Detection—War Dialing
Anatomy of a War Dialing Attack
Identify Telephone Number Blocks to Dial
Detect Dial-Up Systems
Assess Vulnerability
Countermeasures
Wireless LAN Detection—War Driving
MAC Address Filtering
Disabling a Service Set ID Broadcasting
Wired Equivalent Privacy
Authentication
Open System Authentication
Shared Key Authentication
Data Encryption
Anatomy of a War Driving Attack
Detecting Wireless Networks
Assessing Vulnerability
Countermeasures
Bluetooth Attacks
Device Detection
Countermeasures
Data Theft
Countermeasures
Services Theft
Countermeasures
Network Sniffing
Countermeasures
Frequently Asked Questions
III. Penetration Testing for Intrusive Attacks
14. Automated Vulnerability Detection
Scanning Techniques
Banner Grabbing and Fingerprinting
Exploiting the Vulnerability
Inference Testing
Replaying Network Sniffs
Patch Detection
Selecting a Scanner
Vulnerability Checks
Scanner Speed
Reliability and Scalability
Check Accuracy
Update Frequency
Reporting Features
Scanning Approaches
Host-Based Scanners
Network-Based Scanners
Dangers of Using Automated Scanners
Tips for Using Scanners Safely
Frequently Asked Questions
15. Password Attacks
Where to Find Passwords
Brute Force Attacks
Online Password Testing
Offline Password Testing
Offline Password Attack Strategies
Dictionary Attacks
Variant Dictionary Attacks
Brute Force Attacks
Countermeasures
Password Disclosure Attacks
File System Passwords
Encrypted Passwords
Sniffing for Passwords
Keystroke Loggers
Countermeasures
Frequently Asked Questions
16. Denial of Service Attacks
Flooding Attacks
Testing Flooding Attacks
Countermeasures
Resource Starvation Attacks
CPU Starvation Attacks
Testing for CPU Starvation Attacks
Countermeasures
Memory Starvation Attacks
Disk Storage Consumption Attacks
Testing for Disk Storage Consumption
Countermeasures
Disruption of Service
Frequently Asked Questions
17. Application Attacks
Buffer Overruns
Stack Overruns
Heap Overruns
Format String Bugs
Countermeasures
Integer Overflows
Countermeasures
Finding Buffer Overruns
Frequently Asked Questions
18. Database Attacks
Database Server Detection
Detecting Database Servers on Your Network
Network Deployment Records
Port Scanning
Application Programming Interfaces (APIs)
SQL Query Analyzer Tool
Microsoft Baseline Security Analyzer
Odbcping Utility
SQLPing Utility
Countermeasures
Missing Product Patches
Detecting Missing Patches
Countermeasures
Unauthorized Access
Detecting the Potential for Unauthorized Access
Countermeasures
Weak Passwords
Detecting Weak Passwords
Countermeasures
Network Sniffing
Detecting Network Sniffing Threats
Countermeasures
SQL Injection
Detecting SQL Injection Vectors
Countermeasures
Frequently Asked Questions
19. Network Sniffing
Understanding Network Sniffing
Debunking Network Sniffing Myths
Myth #1: An Attacker Can Remotely Sniff Networks
Myth #2: Switches Are Immune to Network Sniffing Attacks
Media Access Control Table Flooding
Address Resolution Protocol Table Modifications
Internet Control Message Protocol Redirects
Compromising Switches
Detecting Network Sniffing Threats
Manual Detection
Reviewing Network Architecture
Monitoring DNS Queries
Measuring Latency
Using False MAC Addresses and ICMP Packets
Using Trap Accounts
Using Non-Broadcast ARP Packet
Using Automated Detection Tools
Detecting Microsoft Network Monitor Installations
Countermeasures
Frequently Asked Questions
20. Spoofing
IP Spoofing
Countermeasures
Spoofing E-Mail
Countermeasures
DNS Spoofing
Attacking the Client
Attacking the DNS Server
Attacking Server Update Zones
Attacking Through the Name Registry
Countermeasures
Frequently Asked Questions
21. Session Hijacking
Understanding Session Hijacking
Network-Level Session Hijacking
Hijacking a TCP Session
Hijacking a UDP Session
Determining Your Susceptibility to Threats
Countermeasures
Tricks and Techniques
TCP ACK Packet Storms
ARP Table Modifications
TCP Resynchronizing
Remotely Modifying Routing Tables
Host-Level Session Hijacking
User Session Hijacking
Countermeasures
Server Port Hijacking
Detecting Hijack-Susceptible Ports
Countermeasures
Application-Level Hijacking
Detecting Attacks
Countermeasures
Frequently Asked Questions
22. How Attackers Avoid Detection
Log Flooding
Countermeasures
Logging Mechanisms
Countermeasures
Detection Mechanisms
Countermeasures
Fragmentation
Session Splicing Attacks
Packet Fragmentation Attacks
Fragmentation Time-Out Attacks
Countermeasures
Canonicalization
Countermeasures
Decoys
Countermeasures
How Attackers Avoid Detection Post-Intrusion
Using Rootkits
Countermeasures
Hiding Data
Hidden File Attribute
Hiding Files on Windows Systems
Hiding Files on UNIX Systems
NTFS Alternate File Streams
Replacing and Renaming Files
Steganography
Tampering with Log Files
Countermeasures
Frequently Asked Questions
23. Attackers Using Non-Network Methods to Gain Access
Gaining Physical Access to Information Resources
Physical Intrusion
Computers
Wiring Closets
Mailrooms, File Cabinets, Labs, and Equipment Rooms
Remote Surveillance
Looking in Windows
High-Tech Shoulder Surfing
Electronic Eavesdropping
Sniffing Wireless Networks
Capturing Traffic Downstream
Retrieving Voice Mail
Targeted Equipment Theft
Dumpsters and Recycling Bins
Lease Returns, Auctions, and Equipment Resales
Computers
Removable Storage Devices and Specialized Hardware
Media
Documentation
Using Social Engineering
Bribery
Assuming a Position of Authority
Forgery
Flattery
Frequently Asked Questions
IV. Security Assessment Case Studies
24. Web Threats
Client-Level Threats
Cross-Site Scripting Attacks
Finding XSS Vectors
Countermeasures
Unpatched Web Browser Attacks
Countermeasures
Server-Level Threats
Repudiation
Information Disclosure
Server Header Exposure
Countermeasures
Directory Browsing
Countermeasures
Elevation of Privileges
Missing Patches
Countermeasures
Unknown Vulnerabilities
Countermeasures
Mitigating Buffer Overruns with URLScan
MaxUrl
MaxQueryString
"Max-" Header Prefix
MaxAllowedContentLength
Nonessential Services
Operating System Services
Countermeasures
Web Server Services
Countermeasures
Canonicalization Attacks
Countermeasures
Denial of Service
Service-Level Threats
Unauthorized Access
Countermeasures
Network Sniffing
Countermeasures
Tampering
Countermeasures
Information Disclosure
Countermeasures
Frequently Asked Questions
25. E-Mail Threats
Client-Level Threats
Attaching Malicious Files
Countermeasures
Educate Users
Enable E-Mail Client Protection
Install Antivirus Software
Create Policy
Exploiting Unpatched E-Mail Clients
Countermeasures
Embedding Malicious Content
Countermeasures
Exploiting User Trust
Spoofed E-Mails
Countermeasures
Phishing Attacks
Countermeasures
E-Mail Scams
Countermeasures
Server-Level Threats
Attaching Malicious Files
Countermeasures
Spoofing E-Mail
Countermeasures
Exploiting Unpatched E-Mail Servers
Countermeasures
Spam
Why You Should Be Concerned About Spam
Tricks and Techniques
Confirming E-Mail Addresses Using Unsubscribe Requests
Countermeasures
Using Web Beacons
Countermeasures
Using Windows Messenger Service to Spam
Countermeasures
Bypassing Spam Filters
Countermeasures
Harvesting User E-Mails from Public Discussion Forums
Countermeasures
Randomizing the Contents of Spam
Countermeasures
Abusing Third-Party Mail Relays
Countermeasures
What Is Being Done About Spam
Frequently Asked Questions
26. Domain Controller Threats
Password Attacks
Countermeasures
Disabling LAN Manager Hashes
Disabling Reversible Encryption
Forcing Strong Passwords Across Domains
Educating Users to Use Secure Passwords
Using the System Key Utility
Elevation of Privilege
Exploiting Nonessential Services
Enumerating Services on Your Domain Controller
Exploiting Nonessential Accounts
Identifying Your Nonessential Accounts
Countermeasures
Exploiting Unpatched Domain Controllers
Countermeasures
Attacking Privileged Domain Accounts and Groups
Identifying Group Membership
Countermeasures
Denial of Service
Countermeasures
Physical Security Threats
Countermeasures
Frequently Asked Questions
V. Appendixes
A. Checklists
Penetration Test Checklists
Chapter 8: Information Reconnaissance
Chapter 9: Host Discovery Using DNS and NetBIOS
Chapter 10: Network and Host Discovery
Chapter 11: Port Scanning
Chapter 12: Obtaining Information from a Host
Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
Chapter 14: Automated Vulnerability Detection
Chapter 15: Password Attacks
Chapter 16: Denial of Service Attacks
Chapter 17: Application Attacks
Chapter 18: Database Attacks
Chapter 19: Network Sniffing
Chapter 20: Spoofing
Chapter 21: Session Hijacking
Chapter 22: How Attackers Avoid Detection
Chapter 23: Attackers Using Non-Network Methods to Gain Access
Chapter 24: Web Threats
Chapter 25: E-Mail Threats
Chapter 26: Domain Controller Threats
Chapter 27: Extranet and VPN Threats
Countermeasures Checklists
Chapter 8: Information Reconnaissance
Chapter 9: Host Discovery Using DNS and NetBIOS
Chapter 10: Network and Host Discovery
Chapter 11: Port Scanning
Chapter 12: Obtaining Information from a Host
Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
Chapter 15: Password Attacks
Chapter 16: Denial of Service Attacks
Chapter 17: Application Attacks
Chapter 18: Database Attacks
Chapter 19: Network Sniffing
Chapter 20: Spoofing
Chapter 21: Session Hijacking
Chapter 22: How Attackers Avoid Detection
Chapter 23: Attackers Using Non-Network Methods to Gain Access
Chapter 24: Web Threats
Chapter 25: E-Mail Threats
Chapter 26: Domain Controller Threats
Chapter 27: Extranet and VPN Threats
B. References
Chapter 1: Introduction to Performing Security Assessments
Chapter 2: Key Principles of Security
Chapter 3: Using Vulnerability Scanning to Assess Network Security
Chapter 4: Conducting a Penetration Test
Chapter 5: Performing IT Security Audits
Chapter 6: Reporting Your Findings
Chapter 7: Building and Maintaining Your Security Assessment Skills
Chapter 8: Information Reconnaisance
Chapter 9: Host Discovery Using DNS and NetBIOS
Chapter 10: Network and Host Discovery
Chapter 11: Port Scanning
Chapter 12: Obtaining Information from a Host
Chapter 13: War Dialing, War Driving, and Bluetooth Attacks
Chapter 14: Automated Vulnerability Detection
Chapter 15: Password Attacks
Chapter 16: Denial of Service Attacks
Chapter 17: Application Attacks
Chapter 18: Database Attacks
Chapter 19: Network Sniffing
Chapter 20: Spoofing
Chapter 21: Session Hijacking
Chapter 22: How Attackers Avoid Detection
Chapter 23: Attackers Using Non-Network Methods to Gain Access
Chapter 24: Web Threats
Chapter 25: E-Mail Threats
Chapter 26: Domain Controller Threats
Chapter 27: Extranet and VPN Threats
About the Authors
Index
About the Authors
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
About the Authors
Assessing Network Security
Kevin Lam
David LeBlanc
Ben Smith
Copyright © 2009
2012-08-25T01:04:33-07:00
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset