Network Vulnerability Assessment

Network Vulnerability Assessment

by Sagar Rahalkar
Released August 2018
Publisher(s): Packt Publishing
ISBN: 9781788627252

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Build a network security threat model with this comprehensive learning guide

Key Features

  • Develop a network security threat model for your organization
  • Gain hands-on experience in working with network scanning and analyzing tools
  • Learn to secure your network infrastructure

Book Description

The tech world has been taken over by digitization to a very large extent, and so it's become extremely important for an organization to actively design security mechanisms for their network infrastructures. Analyzing vulnerabilities can be one of the best ways to secure your network infrastructure.

Network Vulnerability Assessment starts with network security assessment concepts, workflows, and architectures. Then, you will use open source tools to perform both active and passive network scanning. As you make your way through the chapters, you will use these scanning results to analyze and design a threat model for network security. In the concluding chapters, you will dig deeper into concepts such as IP network analysis, Microsoft Services, and mail services. You will also get to grips with various security best practices, which will help you build your network security mechanism.

By the end of this book, you will be in a position to build a security framework fit for an organization.

What you will learn

  • Develop a cost-effective end-to-end vulnerability management program
  • Implement a vulnerability management program from a governance perspective
  • Learn about various standards and frameworks for vulnerability assessments and penetration testing
  • Understand penetration testing with practical learning on various supporting tools and techniques
  • Gain insight into vulnerability scoring and reporting
  • Explore the importance of patching and security hardening
  • Develop metrics to measure the success of the vulnerability management program

Who this book is for

Network Vulnerability Assessment is for security analysts, threat analysts, and any security professionals responsible for developing a network threat model for an organization. This book is also for any individual who is or wants to be part of a vulnerability management team and implement an end-to-end robust vulnerability management program.

Publisher resources

View/Submit Errata

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Network Vulnerability Assessment
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
    5. Disclaimer
  6. Vulnerability Management Governance
    1. Security basics
      1. The CIA triad
        1. Confidentiality 
        2. Integrity
        3. Availability
      2. Identification
      3. Authentication
      4. Authorization
      5. Auditing 
      6. Accounting 
      7. Non–repudiation 
      8. Vulnerability 
      9. Threats 
      10. Exposure 
      11. Risk 
      12. Safeguards 
      13. Attack vectors 
    2. Understanding the need for security assessments
      1. Types of security tests
        1. Security testing
        2. Vulnerability assessment versus penetration testing
        3. Security assessment
        4. Security audit
    3. Business drivers for vulnerability management
      1. Regulatory compliance
      2. Satisfying customer demands
      3. Response to some fraud/incident
      4. Gaining a competitive edge
      5. Safeguarding/protecting critical infrastructures
    4. Calculating ROIs
    5. Setting up the context
      1. Bottom-up
      2. Top-down
    6. Policy versus procedure versus standard versus guideline
      1. Vulnerability assessment policy template
    7. Penetration testing standards
      1. Penetration testing lifecycle
    8. Industry standards
      1. Open Web Application Security Project testing guide
        1. Benefits of the framework
      2. Penetration testing execution standard
        1. Benefits of the framework
    9. Summary
    10. Exercises
  7. Setting Up the Assessment Environment
    1. Setting up a Kali virtual machine
    2. Basics of Kali Linux
    3. Environment configuration and setup
      1. Web server
      2. Secure Shell (SSH)
      3. File Transfer Protocol (FTP)
      4. Software management
    4. List of tools to be used during assessment
    5. Summary
  8. Security Assessment Prerequisites
    1. Target scoping and planning
    2. Gathering requirements
      1. Preparing a detailed checklist of test requirements
      2. Suitable time frame and testing hours
      3. Identifying stakeholders
    3. Deciding upon the type of vulnerability assessment
      1. Types of vulnerability assessment
        1. Types of vulnerability assessment based on the location
          1. External vulnerability assessment
          2. Internal vulnerability assessment
        2. Based on knowledge about environment/infrastructure
          1. Black-box testing
          2. White-box testing
          3. Gray-box testing
        3. Announced and unannounced testing
        4. Automated testing
          1. Authenticated and unauthenticated scans
          2. Agentless and agent-based scans
        5. Manual testing
    4. Estimating the resources and deliverables
    5. Preparing a test plan
    6. Getting approval and signing NDAs
      1. Confidentiality and nondisclosure agreements
    7. Summary
  9. Information Gathering
    1. What is information gathering?
      1. Importance of information gathering
    2. Passive information gathering
      1. Reverse IP lookup
      2. Site report
      3. Site archive and way-back
      4. Site metadata
      5. Looking for vulnerable systems using Shodan
      6. Advanced information gathering using Maltego
      7. theHarvester
    3. Active information gathering
      1. Active information gathering with SPARTA
      2. Recon-ng
      3. Dmitry
    4. Summary
  10. Enumeration and Vulnerability Assessment
    1. What is enumeration?
    2. Enumerating services
      1. HTTP
      2. FTP
      3. SMTP
      4. SMB
      5. DNS
      6. SSH
      7. VNC
    3. Using Nmap scripts
      1. http-methods
      2. smb-os-discovery
      3. http-sitemap-generator
      4. mysql-info
    4. Vulnerability assessments using OpenVAS
    5. Summary
  11. Gaining Network Access
    1. Gaining remote access
      1. Direct access
      2. Target behind router
    2. Cracking passwords
      1. Identifying hashes
      2. Cracking Windows passwords
      3. Password profiling
      4. Password cracking with Hydra
    3. Creating backdoors using Backdoor Factory
    4. Exploiting remote services using Metasploit
      1. Exploiting vsftpd
      2. Exploiting Tomcat
    5. Hacking embedded devices using RouterSploit
    6. Social engineering using SET
    7. Summary
  12. Assessing Web Application Security
    1. Importance of web application security testing
    2. Application profiling
    3. Common web application security testing tools
    4. Authentication
      1. Credentials over a secure channel
      2. Authentication error messages
      3. Password policy
      4. Method for submitting credentials
      5. OWASP mapping
    5. Authorization
      1. OWASP mapping
    6. Session management
      1. Cookie checks
      2. Cross-Site Request Forgery
      3. OWASP mapping
    7. Input validation
      1. OWASP mapping
    8. Security misconfiguration
      1. OWASP mapping
    9. Business logic flaws
      1. Testing for business logic flaws
    10. Auditing and logging
      1. OWASP mapping
    11. Cryptography
      1. OWASP mapping
    12. Testing tools
      1. OWASP ZAP
      2. Burp Suite
    13. Summary
  13. Privilege Escalation
    1. What is privilege escalation?
    2. Horizontal versus vertical privilege escalation
      1. Horizontal privilege escalation
      2. Vertical privilege escalation
    3. Privilege escalation on Windows
    4. Privilege escalation on Linux
    5. Summary
  14. Maintaining Access and Clearing Tracks
    1. Maintaining access
    2. Clearing tracks and trails
    3. Anti-forensics
    4. Summary
  15. Vulnerability Scoring
    1. Requirements for vulnerability scoring
    2. Vulnerability scoring using CVSS
      1. Base metric group
        1. Exploitability metrics
          1. Attack vector
          2. Attack complexity
          3. Privileges required
          4. User interaction
      2. Scope
        1. Impact metrics
          1. Confidentiality impact
          2. Integrity impact
          3. Availability impact
      3. Temporal metric group
        1. Exploit code maturity
        2. Remediation level
        3. Report confidence
    3. CVSS calculator
    4. Summary
  16. Threat Modeling
    1. What is threat modeling?
    2. Benefits of threat modeling
    3. Threat modeling terminology
    4. How to model threats?
    5. Threat modeling techniques
      1. STRIDE
      2. DREAD
    6. Threat modeling tools
      1. Microsoft Threat Modeling Tool
      2. SeaSponge
    7. Summary
  17. Patching and Security Hardening
    1. Defining patching?
    2. Patch enumeration
      1. Windows patch enumeration
      2. Linux patch enumeration
    3. Security hardening and secure configuration reviews
      1. Using CIS benchmarks
    4. Summary
  18. Vulnerability Reporting and Metrics
    1. Importance of reporting
    2. Type of reports
      1. Executive reports
      2. Detailed technical reports
    3. Reporting tools
      1. Dradis
      2. KeepNote
    4. Collaborative vulnerability management with Faraday v2.6
    5. Metrics
      1. Mean time to detect
      2. Mean time to resolve
      3. Scanner coverage
      4. Scan frequency by asset group
      5. Number of open critical/high vulnerabilities
      6. Average risk by BU, asset group, and so on
      7. Number of exceptions granted
      8. Vulnerability reopen rate
      9. Percentage of systems with no open high/critical vulnerability
      10. Vulnerability ageing
    6. Summary
  19. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Network Vulnerability Assessment
  • Author(s): Sagar Rahalkar
  • Release date: August 2018
  • Publisher(s): Packt Publishing
  • ISBN: 9781788627252