Network Security Assessment

Tell a friend

Network Security Assessment Know Your Network By Chris McNab
March 2004
Pages: 396

| Table of Contents | Index | Sample Chapter | Colophon

Chapter 1 Network Security Assessment
1. The Business Benefits
2. IP: The Foundation of the Internet
3. Classifying Internet-Based Attackers
4. Assessment Service Definitions
5. Network Security Assessment Methodology
6. The Cyclic Assessment Approach
Chapter 2 The Tools Required
1. The Operating Systems
2. Free Network Scanning Tools
3. Commercial Network Scanning Tools
4. Protocol-Dependent Assessment Tools
Chapter 3 Internet Host and Network Enumeration
1. Web Search Engines
2. NIC Querying
3. DNS Querying
4. Enumeration Technique Recap
5. Enumeration Countermeasures
Chapter 4 IP Network Scanning
1. ICMP Probing
2. TCP Port Scanning
3. UDP Port Scanning
4. IDS Evasion and Filter Circumvention
5. Low-Level IP Assessment
6. Network Scanning Recap
7. Network Scanning Countermeasures
Chapter 5 Assessing Remote Information Services
1. Remote Information Services
2. systat and netstat
3. DNS
4. finger
5. auth
6. SNMP
7. LDAP
8. rwho
9. RPC rusers
10. Remote Information Services Countermeasures
Chapter 6 Assessing Web Services
1. Web Services
2. Identifying the Web Service
3. Identifying Subsystems and Components
4. Investigating Web Service Vulnerabilities
5. Accessing Poorly Protected Information
6. Assessing CGI Scripts and Custom ASP Pages
7. Web Services Countermeasures
Chapter 7 Assessing Remote Maintenance Services
1. Remote Maintenance Services
2. SSH
3. Telnet
4. R-Services
5. X Windows
6. Microsoft Remote Desktop Protocol
7. VNC
8. Citrix
9. Remote Maintenance Services Countermeasures
Chapter 8 Assessing FTP and Database Services
1. FTP
2. FTP Banner Grabbing and Enumeration
3. FTP Brute-Force Password Guessing
4. FTP Bounce Attacks
5. Circumventing Stateful Filters Using FTP
6. FTP Process Manipulation Attacks
7. FTP Services Countermeasures
8. Database Services
9. Microsoft SQL Server
10. Oracle
11. MySQL
12. Database Services Countermeasures
Chapter 9 Assessing Windows Networking Services
1. Microsoft Windows Networking Services
2. Microsoft RPC Services
3. The NetBIOS Name Service
4. The NetBIOS Datagram Service
5. The NetBIOS Session Service
6. The CIFS Service
7. Unix Samba Vulnerabilities
8. Windows Networking Services Countermeasures
Chapter 10 Assessing Email Services
1. Email Service Protocols
2. SMTP
3. POP-2 and POP-3
4. IMAP
5. Email Services Countermeasures
Chapter 11 Assessing IP VPN Services
1. IPsec VPNs
2. Attacking IPsec VPNs
3. Check Point VPN Security Issues
4. Microsoft PPTP
5. VPN Services Countermeasures
Chapter 12 Assessing Unix RPC Services
1. Enumerating Unix RPC Services
2. RPC Service Vulnerabilities
3. Unix RPC Services Countermeasures
Chapter 13 Application-Level Risks
1. The Fundamental Hacking Concept
2. The Reasons Why Software Is Vulnerable
3. Network Service Vulnerabilities and Attacks
4. Classic Buffer-Overflow Vulnerabilities
5. Heap Overflows
6. Integer Overflows
7. Format String Bugs
8. Memory Manipulation Attacks Recap
9. Mitigating Process Manipulation Risks
10. Recommended Secure Development Reading
Chapter 14 Example Assessment Methodology
1. Network Scanning
2. Accessible Network Service Identification
3. Investigation of Known Vulnerabilities
4. Network Service Testing
5. Methodology Flow Diagram
6. Recommendations
7. Closing Comments

Appendix A TCP, UDP Ports, and ICMP Message Types
1. TCP Ports
2. UDP Ports
3. ICMP Message Types
Appendix B Sources of Vulnerability Information
1. Security Mailing Lists
2. Vulnerability Databases and Lists
3. Underground Web Sites
4. Security Events and Conferences
Colophon

Return to Network Security Assessment

Table of Contents

Chapter 1 Network Security Assessment

The Business Benefits

IP: The Foundation of the Internet

Classifying Internet-Based Attackers

Assessment Service Definitions

Network Security Assessment Methodology

The Cyclic Assessment Approach

Chapter 2 The Tools Required

The Operating Systems

Free Network Scanning Tools

Commercial Network Scanning Tools

Protocol-Dependent Assessment Tools

Chapter 3 Internet Host and Network Enumeration

Web Search Engines

NIC Querying

DNS Querying

Enumeration Technique Recap

Enumeration Countermeasures

Chapter 4 IP Network Scanning

ICMP Probing

TCP Port Scanning

UDP Port Scanning

IDS Evasion and Filter Circumvention

Low-Level IP Assessment

Network Scanning Recap

Network Scanning Countermeasures

Chapter 5 Assessing Remote Information Services

Remote Information Services

systat and netstat

DNS

finger

auth

SNMP

LDAP

rwho

RPC rusers

Remote Information Services Countermeasures

Chapter 6 Assessing Web Services

Web Services

Identifying the Web Service

Identifying Subsystems and Components

Investigating Web Service Vulnerabilities

Accessing Poorly Protected Information

Assessing CGI Scripts and Custom ASP Pages

Web Services Countermeasures

Chapter 7 Assessing Remote Maintenance Services

Remote Maintenance Services

SSH

Telnet

R-Services

X Windows

Microsoft Remote Desktop Protocol

VNC

Citrix

Remote Maintenance Services Countermeasures

Chapter 8 Assessing FTP and Database Services

FTP

FTP Banner Grabbing and Enumeration

FTP Brute-Force Password Guessing

FTP Bounce Attacks

Circumventing Stateful Filters Using FTP

FTP Process Manipulation Attacks

FTP Services Countermeasures

Database Services

Microsoft SQL Server

Oracle

MySQL

Database Services Countermeasures

Chapter 9 Assessing Windows Networking Services

Microsoft Windows Networking Services

Microsoft RPC Services

The NetBIOS Name Service

The NetBIOS Datagram Service

The NetBIOS Session Service

The CIFS Service

Unix Samba Vulnerabilities

Windows Networking Services Countermeasures

Chapter 10 Assessing Email Services

Email Service Protocols