Home Page Icon
Home Page
Table of Contents for
THREE. Incident Response and Defensive Technologies
Close
THREE. Incident Response and Defensive Technologies
by Michael Gregg, Sean-Philip Oriyano
Hacker Techniques, Tools, and Incident Handling
Copyright
Preface
Purpose of This Book
Learning Features
Audience
Acknowledgments
About the Authors
ONE. Hacker Techniques and Tools
1. Hacking: The Next Generation
Profiles of Hackers, Crackers, and Cybercriminals
The Hacker Mindset
A Look Back at the History of Computer Hacking
Ethical Hacking and Penetration Testing
The Role of Ethical Hacking
Common Hacking Methodologies
Performing a Penetration Test
The Role of the Law and Ethical Standards
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 1 ASSESSMENT
2. TCP/IP Review
Exploring the OSI Reference Model
The Role of Protocols
Layer 1: Physical Layer
Layer 2: Data Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
The Role of Encapsulation
Mapping the OSI to Functions and Protocols
OSI Layers and Services
TCP/IP (a Layer-by-Layer Review)
Physical/Network Access Layer
Physical/Network Equipment
Physical/Network Layer Protocols
Physical Layer Threats
Physical Layer Controls
Internetwork Layer
Internetworking Layer Equipment
Routing Protocols
Internetwork Layer Protocols
Internetwork Layer Threats
Internetwork Layer Controls
Host-to-Host Layer
Host-to-Host Layer Protocols
Host-to-Host Layer Threats
Host-to-Host Layer Controls
Application Layer
Application Layer Services
Application Layer Threats
Application Layer Controls
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 2 ASSESSMENT
3. Cryptographic Concepts
Cryptographic Basics
Cryptographic History
Symmetric Encryption
Asymmetric Encryption
Digital Signatures
Purpose of Public Key Infrastructure
The Role of Certificate Authorities (CAs)
Registration Authority (RA)
Certificate Revocation List (CRL)
Digital Certificates
PKI Attacks
Hashing
Common Cryptographic Systems
Cryptanalysis
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 3 ASSESSMENT
4. Physical Security
Basic Equipment Controls
Hard Drive and Mobile Device Encryption
Fax Machines and Public Branch Exchanges
Voice over IP (VoIP)
Physical Area Controls
Fences
Gates
Bollards
Facility Controls
Doors, Mantraps, and Turnstiles
Walls, Ceilings, and Floors
Windows
Guards and Dogs
Construction
Personal Safety Controls
Lighting
Alarms and Intrusion Detection
Closed-Circuit TV (CCTV)
Physical Access Controls
Locks
Lock Picking
Tokens and Biometrics
Avoiding Common Threats to Physical Security
Natural, Human, and Technical Threats
Physical Keyloggers and Sniffers
Wireless Interception and Rogue Access Points
Defense in Depth
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 4 ASSESSMENT
TWO. A Technical Overview of Hacking
5. Footprinting Tools and Techniques
The Information-Gathering Process
The Information on a Company Web Site
Discovering Financial Information
Google Hacking
Exploring Domain Information Leakage
Manual Registrar Query
Automatic Registrar Query
Whois
Nslookup
Internet Assigned Numbers Authority (IANA)
Determining a Network Range
Traceroute
Tracking an Organization's Employees
Exploiting Insecure Applications
Using Basic Countermeasures
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 5 ASSESSMENT
6. Port Scanning
Determining the Network Range
Identifying Active Machines
Wardialing
Wardriving
Pinging
Port Scanning
A Closer Look at TCP Port Scanning Techniques
Port Scanning Countermeasures
Mapping Open Ports
Nmap
Superscan
Scanrand
THC-Amap
OS Fingerprinting
Active OS Fingerprinting
Xprobe2
Nmap
Passive OS Fingerprinting
The p0f Tool
Mapping the Network
Cheops
Solarwinds
Analyzing the Results
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 6 ASSESSMENT
7. Enumeration and Computer System Hacking
Windows Basics
Controlling Access
Users
Groups
Security Identifiers
Commonly Attacked and Exploited Services
Enumeration
NULL Session
Working with Nbtstat
SuperScan
SNScan
System Hacking
Types of Password Cracking
Passive Online Attacks
Active Online Attacks
Offline Attacks
Dictionary Attacks
Hybrid Attacks
Brute-Force Attacks
Precomputed Hashes
Nontechnical Attacks
Shoulder Surfing
Keyboard Sniffing
Social Engineering
Using Password Cracking
Privilege Escalation
Active@ Password Changer
Trinity Rescue Kit
Planting Backdoors
Using PsTools
Rootkits
Covering Tracks
Disabling Auditing
Data Hiding
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 7 ASSESSMENT
8. Wireless Vulnerabilities
The Importance of Wireless Security
Emanations
Common Support and Availability
A Brief History of Wireless Technologies
802.11
802.11b
802.11a
802.11g
802.11n
Other Wireless Technologies
Bluetooth
WiMax
Working with and Securing Bluetooth
Bluetooth Security
Trusted Devices
Discoverable Devices
Bluejacking, Bluesnarfing, and Bluebugging
Viruses and Malware
Securing Bluetooth
Discovering
Working with Wireless LANs
CSMA/CD Versus CSMA/CA
Role of APs
Service Set Identifier (SSID)
Association with an AP
The Importance of Authentication
Working with RADIUS
Network Setup Options
Ad Hoc Network
Infrastructure Network
Threats to Wireless LANs
Wardriving
Misconfigured Security Settings
Unsecured Connections
Rogue APs
Promiscuous Clients
Wireless Network Viruses
Countermeasures
Wireless Hacking Tools
Netstumbler
inSSIDer
Protecting Wireless Networks
Default AP Security
Placement
Emanations
Rogue APs
Use Protection for Transmitted Data
MAC Filtering
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 8 ASSESSMENT
9. Web and Database Attacks
Attacking Web Servers
Categories of Risk
Vulnerabilities of Web Servers
Improper or Poor Web Design
Buffer Overflow
Denial of Service (DoS) Attack
Distributed Denial of Service (DDoS) Attack
Banner Information
Permissions
Error Messages
Unnecessary Features
User Accounts
Structured Query Language (SQL) Injections
Examining an SQL Injection
Vandalizing Web Servers
Input Validation
Cross-Site Scripting (XSS)
Anatomy of Web Applications
Insecure Logon Systems
Scripting Errors
Session Management Issues
Encryption Weaknesses
Database Vulnerabilities
A Look at Databases
Vulnerabilities
Locating Databases on the Network
Database Server Password Cracking
Locating Vulnerabilities in Databases
Out of Sight, Out of Mind
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 9 ASSESSMENT
10. Malware, Worms, and Viruses
Malware
Malware's Legality
Types of Malware
Malware's Targets
Viruses and How They Function
Viruses: A History
Types of Viruses
Logic Bombs
Polymorphic Viruses
Multipartite Viruses
Macro Viruses
Hoaxes
Prevention Techniques
Education
Antivirus
Applying Updates
Worms and How They Function
How Worms Work
Stopping Worms
The Power of Education
Antivirus and Firewalls
Spyware
Methods of Infection
Bundling with Software
Adware
Scareware
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 10 ASSESSMENT
11. Trojans and Backdoors
Significance of Trojans
Methods to Get Trojans onto a System
Targets of Trojans
Known Symptoms of an Infection
Detection of Trojans and Viruses
Vulnerability Scanners
Antivirus
Trojan Tools
An In-Depth Look at BO2K
Client Features
Native Server Support
Features Added by Plug-ins
Distribution Methods
Using Wrappers to Install Trojans
Trojan Construction Kits
Backdoors
Covert Communication
The Role of Keyloggers
Software
Port Redirection
Software Protection
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 11 ASSESSMENT
12. Sniffers, Session Hijacking, and Denial of Service Attacks
Sniffers
Passive Sniffing
Active Sniffing
MAC Flooding
Address Resolution Protocol (ARP) Poisoning
Sniffing Tools
What Can Be Sniffed?
Session Hijacking
Identifying an Active Session
Seizing Control of a Session
Session Hijacking Tools
Thwarting Session Hijacking Attacks
Denial of Service (DoS) Attacks
Categories of DoS Attacks
Consumption of Bandwidth
Consumption of Resources
Exploitation of Programming Defects
Tools for DoS
Distributed Denial of Service (DDoS) Attacks
Some Characteristics of DDoS Attacks
Tools for DDoS
Botnets
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 12 ASSESSMENT
13. Linux, Live CDs, and Automated Assessment Tools
Linux
A Look at the Interface
Basic Linux Navigation
Important Linux Directories
Users, Groups, and Special Accounts
Working with Permissions
Commonly Used Commands
Basic Command Structure
Ipchains and Iptables
Ipchains
IPtables
Live CDs
Special Purpose Live CDs
Trinity
Caine
Astaro
Damn Vulnerable Linux
Network Security Toolkit (NST)
Automated Assessment Tools
Source Code Scanners
Application Level Scanners
System-Level Scanners
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 13 ASSESSMENT
THREE. Incident Response and Defensive Technologies
14. Incident Response
What Is a Security Incident?
The Incident Response Process
Incident Response Policies, Procedures, and Guidelines
Phases of an Incident and Response
Incident Response Team
Incident Response Plans (IRPs)
The Role of Business Continuity Plans (BCPs)
Techniques That Support Business Continuity and Disaster Recovery
Recovering Systems
Recovering From a Security Incident
Loss Control and Damage Assessment
Business Impact Analysis
Planning for Disaster and Recovery
Testing and Evaluation
Testing and Evaluation
Preparation and Staging of Testing Procedures
Structured Walkthrough
Checklist
Simulations
Full Interruption
Frequency of Tests
Analysis of Test Results
Evidence Handling and Administration
Evidence Collection Techniques
Evidence Types
Chain of Custody
Computer Removal
Rules of Evidence
Security Reporting Options and Guidelines
Reporting a Security Incident
Affected Party Legal Considerations
Customers
Business Partners
Requirements of Regulated Industries
Payment Card Industry Data Security Standard (PCI DSS)
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 14 ASSESSMENT
15. Defensive Technologies
Intrusion Detection Systems (IDSs)
IDS Components
Components of NIDS
Components of HIDS
Setting Goals
Accountability
Limitations of an IDS
It Is Not the Only Problem Solver
Failed Hardware
Investigation of an Event
Analysis of Information Collected
Intrusion Prevention Systems (IPSs)
The Purpose of Firewalls
How Firewalls Work
Firewall Methodologies
Limitations of a Firewall
Implementing a Firewall
Authoring a Firewall Policy
Network Connectivity Policy
Contracted Worker Statement
Firewall Administrator Statement
Firewall Policy
Honeypots/Honeynets
Goals of Honeypots
Legal Issues
Role of Controls
Administrative Controls
Technical Controls
Physical Controls
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 15 ASSESSMENT
A. Answer Key
B. Standard Acronyms
Glossary of Key Terms
References
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
13. Linux, Live CDs, and Automated Assessment Tools
Next
Next Chapter
14. Incident Response
Part THREE. Incident Response and Defensive Technologies
CHAPTER 14
Incident Response
320
CHAPTER 15
Defensive Technologies
344
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset