1. Chapter 1 Network Security Assessment

   1. The Business Benefits

   2. IP: The Foundation of the Internet

   3. Classifying Internet-Based Attackers

   4. Assessment Service Definitions

   5. Network Security Assessment Methodology

   6. The Cyclic Assessment Approach

2. Chapter 2 The Tools Required

   1. The Operating Systems

   2. Free Network Scanning Tools

   3. Commercial Network Scanning Tools

   4. Protocol-Dependent Assessment Tools

3. Chapter 3 Internet Host and Network Enumeration

   1. Web Search Engines

   2. NIC Querying

   3. DNS Querying

   4. Enumeration Technique Recap

   5. Enumeration Countermeasures

4. Chapter 4 IP Network Scanning

   1. ICMP Probing

   2. TCP Port Scanning

   3. UDP Port Scanning

   4. IDS Evasion and Filter Circumvention

   5. Low-Level IP Assessment

   6. Network Scanning Recap

   7. Network Scanning Countermeasures

5. Chapter 5 Assessing Remote Information Services

   1. Remote Information Services

   2. systat and netstat

   3. DNS

   4. finger

   5. auth

   6. SNMP

   7. LDAP

   8. rwho

   9. RPC rusers

   10. Remote Information Services Countermeasures

6. Chapter 6 Assessing Web Services

   1. Web Services

   2. Identifying the Web Service

   3. Identifying Subsystems and Components

   4. Investigating Web Service Vulnerabilities

   5. Accessing Poorly Protected Information

   6. Assessing CGI Scripts and Custom ASP Pages

   7. Web Services Countermeasures

7. Chapter 7 Assessing Remote Maintenance Services

   1. Remote Maintenance Services

   2. SSH

   3. Telnet

   4. R-Services

   5. X Windows

   6. Microsoft Remote Desktop Protocol

   7. VNC

   8. Citrix

   9. Remote Maintenance Services Countermeasures

8. Chapter 8 Assessing FTP and Database Services

   1. FTP

   2. FTP Banner Grabbing and Enumeration

   3. FTP Brute-Force Password Guessing

   4. FTP Bounce Attacks

   5. Circumventing Stateful Filters Using FTP

   6. FTP Process Manipulation Attacks

   7. FTP Services Countermeasures

   8. Database Services

   9. Microsoft SQL Server

   10. Oracle

   11. MySQL

   12. Database Services Countermeasures

9. Chapter 9 Assessing Windows Networking Services

   1. Microsoft Windows Networking Services

   2. Microsoft RPC Services

   3. The NetBIOS Name Service

   4. The NetBIOS Datagram Service

   5. The NetBIOS Session Service

   6. The CIFS Service

   7. Unix Samba Vulnerabilities

   8. Windows Networking Services Countermeasures

10. Chapter 10 Assessing Email Services

    1. Email Service Protocols

    2. SMTP

    3. POP-2 and POP-3

    4. IMAP

    5. Email Services Countermeasures

11. Chapter 11 Assessing IP VPN Services

    1. IPsec VPNs

    2. Attacking IPsec VPNs

    3. Check Point VPN Security Issues

    4. Microsoft PPTP

    5. VPN Services Countermeasures

12. Chapter 12 Assessing Unix RPC Services

    1. Enumerating Unix RPC Services

    2. RPC Service Vulnerabilities

    3. Unix RPC Services Countermeasures

13. Chapter 13 Application-Level Risks

    1. The Fundamental Hacking Concept

    2. The Reasons Why Software Is Vulnerable

    3. Network Service Vulnerabilities and Attacks

    4. Classic Buffer-Overflow Vulnerabilities

    5. Heap Overflows

    6. Integer Overflows

    7. Format String Bugs

    8. Memory Manipulation Attacks Recap

    9. Mitigating Process Manipulation Risks

    10. Recommended Secure Development Reading

14. Chapter 14 Example Assessment Methodology

    1. Network Scanning

    2. Accessible Network Service Identification

    3. Investigation of Known Vulnerabilities

    4. Network Service Testing

    5. Methodology Flow Diagram

    6. Recommendations

    7. Closing Comments

1. Appendix A TCP, UDP Ports, and ICMP Message Types

   1. TCP Ports

   2. UDP Ports

   3. ICMP Message Types

2. Appendix B Sources of Vulnerability Information

   1. Security Mailing Lists

   2. Vulnerability Databases and Lists

   3. Underground Web Sites

   4. Security Events and Conferences

3. Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animals on the cover of Network Security Assessment are porcupine fish (Diodon hystrix). This fish is found in oceans throughout the world, most often among or near coral reef areas. Its tube-shaped body ranges in length from 3 to 19 inches with relatively small fins. When threatened, the fish inflates itself by taking in tiny gulps of water until the stomach is full; the body expands in seconds to double or triple size, and its spines become erect. (Smaller species have spines that are permanently bristly.) The porcupine fish is covered with evenly spaced dark spots, which distinguishes it from other puffers.

The fish has a a single tooth in each jaw; fused at the midline, they form a parrotlike beak. A nocturnal hunter, it moves its body over a small area of sand and spurts tiny jets of water to uncover its prey, usually mollusks and crustaceans. The porcupine fish is popular as an aquarium specimen; it's also blown up, dried, and sold as a souvenir.

In earlier centuries, certain Pacific island warriors used the porcupine fish to fashion a battle helmet. They would catch a fish, let it inflate, and then bury it in sand for about a week. When dug up, the fish, now a hard ball, would be cut open to make a hard, head-shaped piece that looked most formidable.

The porcupine fish isn't listed as endangered or vulnerable with the World Conservation Union. Mary Anne Weeks Mayo was the production editor and proofreader, and Derek DiMatteo was the copyeditor for Network Security Assessment. Reg Aubry and Claire Cloutier provided quality control. Jamie Peppard, Mary Agner, and Marlowe Shaeffer provided production assistance. Julie Hawks wrote the index.

Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Emma produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.

Melanie Wang designed the interior layout, based on a series design by David Futato. This book was converted by Julie Hawks to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand 9 and Adobe Photoshop 6. The tip and warning icons were drawn by Christopher Bing. This colophon was compiled by Mary Anne Weeks Mayo.