InhaltsangabeInhaltsverzeichnis Foreword Preface 1. Network Security Assessment The Business Benefits IP: The Foundation of the Internet Classifying Internet-Based Attackers Assessment Service Definitions Network Security Assessment Methodology The Cyclic Assessment Approach 2. Network Security Assessment Platform Virtualization Software Operating Systems Reconnaissance Tools Network Scanning Tools Exploitation Frameworks Web Application Testing Tools 3. Internet Host and Network Enumeration Querying Web and Newsgroup Search Engines Querying Domain WHOIS Registrars Querying IP WHOIS Registrars BGP Querying DNS Querying Web Server Crawling Automating Enumeration SMTP Probing Enumeration Technique Recap Enumeration Countermeasures 4. IP Network Scanning ICMP Probing TCP Port Scanning UDP Port Scanning IDS Evasion and Filter Circumvention LowLevel IP Assessment Network Scanning Recap Network Scanning Countermeasures 5. Assessing Remote Information Services Remote Information Services DNS Finger Auth NTP SNMP LDAP rwho RPC rusers Remote Information Services Countermeasures 6. Assessing Web Servers Web Servers Fingerprinting Accessible Web Servers Identifying and Assessing Reverse Proxy Mechanisms Enumerating Virtual Hosts and Web Sites Identifying Subsystems and Enabled Components Investigating Known Vulnerabilities Basic Web Server Crawling Web Servers Countermeasures 7. Assessing Web Applications Web Application Technologies Overview Web Application Profiling Web Application Attack Strategies Web Application Vulnerabilities Web Security Checklist 8. Assessing Remote Maintenance Services Remote Maintenance Services FTP SSH Telnet RServices X Windows Citrix Microsoft Remote Desktop Protocol VNC Remote Maintenance Services Countermeasures 9. Assessing Database Services Microsoft SQL Server Oracle MySQL Database Services Countermeasures 10. Assessing Windows Networking Services Microsoft Windows Networking Services Microsoft RPC Services The NetBIOS Name Service The NetBIOS Datagram Service The NetBIOS Session Service The CIFS Service Unix Samba Vulnerabilities Windows Networking Services Countermeasures 11. Assessing Email Services Email Service Protocols SMTP POP2 and POP3 IMAP Email Services Countermeasures 12. Assessing IP VPN Services IPsec VPNs Attacking IPsec VPNs Microsoft PPTP SSL VPNs VPN Services Countermeasures 13. Assessing Unix RPC Services Enumerating Unix RPC Services RPC Service Vulnerabilities Unix RPC Services Countermeasures 14. Application-Level Risks The Fundamental Hacking Concept Why Software Is Vulnerable Network Service Vulnerabilities and Attacks Classic Buffer-Overflow Vulnerabilities Heap Overflows Integer Overflows Format String Bugs Memory Manipulation Attacks Recap Mitigating Process Manipulation Risks Recommended Secure Development Reading 15. Running Nessus Nessus Architecture Deployment Options and Prerequisites Nessus Installation Configuring Nessus Running Nessus Nessus Reporting Running Nessus Recap 16. Exploitation Frameworks Metasploit Framework CORE IMPACT Immunity CANVAS Exploitation Frameworks Recap A. TCP, UDP Ports, and ICMP Message Types B. Sources of Vulnerability Information C. Exploit Framework Modules Index

Chris McNab is the author of "Network Security Assessment" and founder of AlphaSOC, a security analytics software company with offices in the United States and United Kingdom. Chris has presented at events including FIRST, OWASP, InfoSecurity Europe, InfoSec World, and the Cloud Security Alliance Congress, and works with client organizations around the world to understand and mitigate vulnerabilities within their environments.

Inhaltsverzeichnis Foreword Preface 1. Network Security Assessment      The Business Benefits      IP: The Foundation of the Internet      Classifying Internet-Based Attackers      Assessment Service Definitions      Network Security Assessment Methodology      The Cyclic Assessment Approach 2. Network Security Assessment Platform      Virtualization Software      Operating Systems      Reconnaissance Tools      Network Scanning Tools      Exploitation Frameworks      Web Application Testing Tools 3. Internet Host and Network Enumeration      Querying Web and Newsgroup Search Engines      Querying Domain WHOIS Registrars      Querying IP WHOIS Registrars      BGP Querying      DNS Querying      Web Server Crawling      Automating Enumeration      SMTP Probing      Enumeration Technique Recap      Enumeration Countermeasures 4. IP Network Scanning      ICMP Probing      TCP Port Scanning      UDP Port Scanning      IDS Evasion and Filter Circumvention      Low-Level IP Assessment      Network Scanning Recap      Network Scanning Countermeasures 5. Assessing Remote Information Services      Remote Information Services      DNS      Finger      Auth      NTP      SNMP      LDAP      rwho      RPC rusers      Remote Information Services Countermeasures 6. Assessing Web Servers      Web Servers      Fingerprinting Accessible Web Servers      Identifying and Assessing Reverse Proxy Mechanisms      Enumerating Virtual Hosts and Web Sites      Identifying Subsystems and Enabled Components      Investigating Known Vulnerabilities      Basic Web Server Crawling      Web Servers Countermeasures 7. Assessing Web Applications      Web Application Technologies Overview      Web Application Profiling      Web Application Attack Strategies      Web Application Vulnerabilities      Web Security Checklist 8. Assessing Remote Maintenance Services      Remote Maintenance Services      FTP      SSH      Telnet      R-Services      X Windows      Citrix      Microsoft Remote Desktop Protocol      VNC      Remote Maintenance Services Countermeasures 9. Assessing Database Services      Microsoft SQL Server      Oracle      MySQL      Database Services Countermeasures 10. Assessing Windows Networking Services      Microsoft Windows Networking Services      Microsoft RPC Services      The NetBIOS Name Service      The NetBIOS Datagram Service      The NetBIOS Session Service      The CIFS Service      Unix Samba Vulnerabilities      Windows Networking Services Countermeasures 11. Assessing Email Services      Email Service Protocols      SMTP      POP-2 and POP-3      IMAP      Email Services Countermeasures 12. Assessing IP VPN Services      IPsec VPNs      Attacking IPsec VPNs      Microsoft PPTP      SSL VPNs      VPN Services Countermeasures 13. Assessing Unix RPC Services      Enumerating Unix RPC Services      RPC Service Vulnerabilities      Unix RPC Services Countermeasures 14. Application-Level Risks      The Fundamental Hacking Concept      Why Software Is Vulnerable      Network Service Vulnerabilities and Attacks      Classic Buffer-Overflow Vulnerabilities      Heap Overflows      Integer Overflows      Format String Bugs      Memory Manipulation Attacks Recap      Mitigating Process Manipulation Risks      Recommended Secure Development Reading 15. Running Nessus      Nessus Architecture      Deployment Options and Prerequisites      Nessus Installation      Configuring Nessus      Running Nessus      Nessus Reporting      Running Nessus Recap 16. Exploitation Fra ...