Buying Options
Network Security Assessment, Second Edition
Print $39.99
Add to Cart
Print+Ebook $43.99
Add to Cart
Ebook $31.99
(Mobi, PDF, ePub)
Add to Cart
Safari Books Online
Add to Cart
What is this?
Print £30.99
Add to Cart
What is this?

Network Security Assessment, Second Edition

Know Your Network

By
Chris McNab
Publisher:
O'Reilly Media
Released:
November 2007
Pages:
512

Product Editions

  1. Network Security Assessment, Second Edition - November 2007
  2. Network Security Assessment - March 2004
Description
Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, military, and commercial networks. With this book, you can adopt, refine, and reuse this testing model to design and deploy networks that are hardened and immune from attack.
Full Description
Table of Contents

  1. Chapter 1 Network Security Assessment

    1. The Business Benefits

    2. IP: The Foundation of the Internet

    3. Classifying Internet-Based Attackers

    4. Assessment Service Definitions

    5. Network Security Assessment Methodology

    6. The Cyclic Assessment Approach

  2. Chapter 2 Network Security Assessment Platform

    1. Virtualization Software

    2. Operating Systems

    3. Reconnaissance Tools

    4. Network Scanning Tools

    5. Exploitation Frameworks

    6. Web Application Testing Tools

  3. Chapter 3 Internet Host and Network Enumeration

    1. Querying Web and Newsgroup Search Engines

    2. Querying Domain WHOIS Registrars

    3. Querying IP WHOIS Registrars

    4. BGP Querying

    5. DNS Querying

    6. Web Server Crawling

    7. Automating Enumeration

    8. SMTP Probing

    9. Enumeration Technique Recap

    10. Enumeration Countermeasures

  4. Chapter 4 IP Network Scanning

    1. ICMP Probing

    2. TCP Port Scanning

    3. UDP Port Scanning

    4. IDS Evasion and Filter Circumvention

    5. Low-Level IP Assessment

    6. Network Scanning Recap

    7. Network Scanning Countermeasures

  5. Chapter 5 Assessing Remote Information Services

    1. Remote Information Services

    2. DNS

    3. Finger

    4. Auth

    5. NTP

    6. SNMP

    7. LDAP

    8. rwho

    9. RPC rusers

    10. Remote Information Services Countermeasures

  6. Chapter 6 Assessing Web Servers

    1. Web Servers

    2. Fingerprinting Accessible Web Servers

    3. Identifying and Assessing Reverse Proxy Mechanisms

    4. Enumerating Virtual Hosts and Web Sites

    5. Identifying Subsystems and Enabled Components

    6. Investigating Known Vulnerabilities

    7. Basic Web Server Crawling

    8. Web Servers Countermeasures

  7. Chapter 7 Assessing Web Applications

    1. Web Application Technologies Overview

    2. Web Application Profiling

    3. Web Application Attack Strategies

    4. Web Application Vulnerabilities

    5. Web Security Checklist

  8. Chapter 8 Assessing Remote Maintenance Services

    1. Remote Maintenance Services

    2. FTP

    3. SSH

    4. Telnet

    5. R-Services

    6. X Windows

    7. Citrix

    8. Microsoft Remote Desktop Protocol

    9. VNC

    10. Remote Maintenance Services Countermeasures

  9. Chapter 9 Assessing Database Services

    1. Microsoft SQL Server

    2. Oracle

    3. MySQL

    4. Database Services Countermeasures

  10. Chapter 10 Assessing Windows Networking Services

    1. Microsoft Windows Networking Services

    2. Microsoft RPC Services

    3. The NetBIOS Name Service

    4. The NetBIOS Datagram Service

    5. The NetBIOS Session Service

    6. The CIFS Service

    7. Unix Samba Vulnerabilities

    8. Windows Networking Services Countermeasures

  11. Chapter 11 Assessing Email Services

    1. Email Service Protocols

    2. SMTP

    3. POP-2 and POP-3

    4. IMAP

    5. Email Services Countermeasures

  12. Chapter 12 Assessing IP VPN Services

    1. IPsec VPNs

    2. Attacking IPsec VPNs

    3. Microsoft PPTP

    4. SSL VPNs

    5. VPN Services Countermeasures

  13. Chapter 13 Assessing Unix RPC Services

    1. Enumerating Unix RPC Services

    2. RPC Service Vulnerabilities

    3. Unix RPC Services Countermeasures

  14. Chapter 14 Application-Level Risks

    1. The Fundamental Hacking Concept

    2. Why Software Is Vulnerable

    3. Network Service Vulnerabilities and Attacks

    4. Classic Buffer-Overflow Vulnerabilities

    5. Heap Overflows

    6. Integer Overflows

    7. Format String Bugs

    8. Memory Manipulation Attacks Recap

    9. Mitigating Process Manipulation Risks

    10. Recommended Secure Development Reading

  15. Chapter 15 Running Nessus

    1. Nessus Architecture

    2. Deployment Options and Prerequisites

    3. Nessus Installation

    4. Configuring Nessus

    5. Running Nessus

    6. Nessus Reporting

    7. Running Nessus Recap

  16. Chapter 16 Exploitation Frameworks

    1. Metasploit Framework

    2. CORE IMPACT

    3. Immunity CANVAS

    4. Exploitation Frameworks Recap

  1. Appendix TCP, UDP Ports, and ICMP Message Types

    1. TCP Ports

    2. UDP Ports

    3. ICMP Message Types

  2. Appendix Sources of Vulnerability Information

    1. Security Mailing Lists

    2. Vulnerability Databases and Lists

    3. Underground Web Sites

    4. Security Events and Conferences

  3. Appendix Exploit Framework Modules

    1. MSF

    2. CORE IMPACT

    3. Immunity CANVAS

  4. Colophon

View Full Table of Contents
Product Details
Title:
Network Security Assessment, Second Edition
By:
Chris McNab
Publisher:
O'Reilly Media
Formats:
  • Print
  • Ebook
  • Safari Books Online
Print Release:
November 2007
Ebook Release:
February 2009
Pages:
512
Print ISBN:
978-0-596-51030-5
| ISBN 10:
0-596-51030-6
Ebook ISBN:
978-0-596-10278-4
| ISBN 10:
0-596-10278-X
Customer Reviews
About the Author

  1. Chris McNab

    Chris McNab is the technical director of Matta, a vendor-independent security consulting outfit based in the United Kingdom. Since 2000, Chris has presented and run applied hacking courses across Europe, training a large number of financial, retail, and government clients in practical attack and penetration techniques, so that they can assess and protect their own networks effectively.

    Chris speaks at a number of security conferences and seminars, and is routinely called to comment on security events and other breaking news. He has appeared on television and radio stations in the UK (including BBC 1 and Radio 4), and in a number of publications and computing magazines.

    Responsible for the provision of security assessment services at Matta, Chris and his team undertake Internet-based, internal, application, and wireless security assessment work, providing clients with practical and sound technical advice relating to secure network design and hardening strategies. Chris boasts a 100% success rate when compromising the networks of multinational corporations and financial services companies over the last five years.

    View Chris McNab's full profile page.

Colophon

We figured we'd ask you to describe what the individual on the cover of Network Security Tools is doing. If you know, email ideas@oreilly.com.

The cover image is from Men: A Pictorial Archive from Nineteenth-Century Sources (Dover Pictorial Archive Series). The cover font is Adobe ITC Garamond. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed.

  • Book cover of Network Security Assessment
Got a Question?
icons
Favicon Service and support by Satisfaction