The network security test lab : a step-by-step guide /: a step-by-step guide. (2015)
- Record Type:
- Book
- Title:
- The network security test lab : a step-by-step guide /: a step-by-step guide. (2015)
- Main Title:
- The network security test lab : a step-by-step guide
- Further Information:
- Note: Michael Gregg.
- Authors:
- Gregg, Michael (Michael C.)
- Contents:
- Introduction xxi Chapter 1 Building a Hardware and Software Test Platform 1 Why Build a Lab? 2 Hardware Requirements 4 Physical Hardware 5 Equipment You Already Have 6 New Equipment Purchases 7 Used Equipment Purchases 7 Online Auctions 8 Thrift Stores 9 Company Sales 10 Virtual Hardware 10 VMware 12 VirtualBox 15 Hacker Hardware 16 Software Requirements 18 Operating Systems 19 Microsoft Windows 19 Linux 20 Navigating in Linux 23 Linux Basics 25 Mac OS X 28 Software and Applications 28 Learning Applications 29 Hacking Software 31 Summary 32 Key Terms 33 Exercises 34 Equipment Checklist 34 Installing VMware Workstation 35 Exploring Linux Operating System Options 35 Using VMware to Build a Windows Image 35 Using VMware Converter to Create a Virtual Machine 36 Exploring Other Operating System Options 37 Running Kali from VMware 37 Installing Tools on Your Windows Virtual Machine 38 Chapter 2 Passive Information Gathering 39 Starting at the Source 40 Scrutinizing Key Employees 43 Dumpster Diving (Electronic) 45 Analyzing Web Page Coding 48 Exploiting Website Authentication Methods 51 Mining Job Ads and Analyzing Financial Data 53 Using Google to Mine Sensitive Information 56 Exploring Domain Ownership 57 WHOIS 59 Regional Internet Registries 61 Domain Name System 63 Identifying Web Server Software 66 Web Server Location 69 Summary 70 Key Terms 70 Exercises 72 IP Address and Domain Identifi cation 72 Information Gathering 72 Google Hacking 74 Banner Grabbing 74 Telnet 75 NetcatIntroduction xxi Chapter 1 Building a Hardware and Software Test Platform 1 Why Build a Lab? 2 Hardware Requirements 4 Physical Hardware 5 Equipment You Already Have 6 New Equipment Purchases 7 Used Equipment Purchases 7 Online Auctions 8 Thrift Stores 9 Company Sales 10 Virtual Hardware 10 VMware 12 VirtualBox 15 Hacker Hardware 16 Software Requirements 18 Operating Systems 19 Microsoft Windows 19 Linux 20 Navigating in Linux 23 Linux Basics 25 Mac OS X 28 Software and Applications 28 Learning Applications 29 Hacking Software 31 Summary 32 Key Terms 33 Exercises 34 Equipment Checklist 34 Installing VMware Workstation 35 Exploring Linux Operating System Options 35 Using VMware to Build a Windows Image 35 Using VMware Converter to Create a Virtual Machine 36 Exploring Other Operating System Options 37 Running Kali from VMware 37 Installing Tools on Your Windows Virtual Machine 38 Chapter 2 Passive Information Gathering 39 Starting at the Source 40 Scrutinizing Key Employees 43 Dumpster Diving (Electronic) 45 Analyzing Web Page Coding 48 Exploiting Website Authentication Methods 51 Mining Job Ads and Analyzing Financial Data 53 Using Google to Mine Sensitive Information 56 Exploring Domain Ownership 57 WHOIS 59 Regional Internet Registries 61 Domain Name System 63 Identifying Web Server Software 66 Web Server Location 69 Summary 70 Key Terms 70 Exercises 72 IP Address and Domain Identifi cation 72 Information Gathering 72 Google Hacking 74 Banner Grabbing 74 Telnet 75 Netcat 75 VisualRoute 76 Chapter 3 Analyzing Network Traffic 77 Why Packet Analysis Is Important 77 How to Capture Network Traffi c 78 Promiscuous Mode 78 Hubs and Switches 79 Hubbing Out and Using Taps 79 Switches 79 Capturing Network Traffi c 82 Managed and Unmanaged Switches 83 ARP Cache Poisoning 85 Flooding 91 DHCP Redirection 92 Redirection and Interception with ICMP 94 Preventing Packet Capture 94 Dynamic Address Inspection 95 DHCP Snooping 95 Preventing VLAN Hopping 96 Detecting Packet Capture 97 Wireshark 99 Wireshark Basics 99 Filtering and Decoding Traffi c 102 Basic Data Capture&mdash;A Layer-by-Layer Review 108 Physical&mdash;Data-Link Layer 108 Network-Internet Layer 110 Transport&mdash;Host-Host Layer 111 Application Layer 115 Other Network Analysis Tools 115 Summary 118 Key Terms 118 Exercises 119 Fun with Packets 119 Packet Analysis with tcpdump 120 Packet Filters 121 Making a One-Way Data Cable 122 Chapter 4 Detecting Live Systems and Analyzing Results 125 TCP/IP Basics 125 The Network Access Layer 127 The Internet Layer 128 The Host-to-Host Layer 132 Transmission Control Protocol 132 User Datagram Protocol 134 The Application Layer 134 Detecting Live Systems with ICMP 138 ICMP&mdash;Ping 138 Traceroute 142 Port Scanning 147 TCP and UDP Port Scanning 147 Advanced Port-Scanning Techniques 151 Idle Scan 151 Analyzing Port Scans 155 Port-Scanning Tools 156 Nmap 157 SuperScan 160 Other Scanning Tools 161 OS Fingerprinting 161 Passive Fingerprinting 162 Active Fingerprinting 164 How Nmap OS Fingerprinting Works 165 Scanning Countermeasures 167 Summary 171 Key Terms 171 Exercises 172 Understanding Wireshark 172 Interpreting TCP Flags 174 Performing an ICMP Packet Decode 175 Port Scanning with Nmap 176 Traceroute 177 An Analysis of a Port Scan 178 OS Fingerprinting 179 Chapter 5 Enumerating Systems 181 Enumeration 181 Router and Firewall Enumeration 182 Router Enumeration 182 Firewall Enumeration 187 Router and Firewall Enumeration Countermeasures 191 Windows Enumeration 191 Server Message Block and Interprocess Communication 194 Enumeration and the IPC$ Share 195 Windows Enumeration Countermeasures 195 Linux/Unix Enumeration 196 Enumeration of Application Layer Protocols 197 Simple Network Management Protocol 197 SNMP Enumeration Countermeasures 200 Enumeration of Other Applications 200 Advanced Enumeration 202 SCADA Systems 202 User Agent Strings 210 Mapping the Attack Surface 213 Password Speculation and Cracking 213 Sniffi ng Password Hashes 216 Exploiting a Vulnerability 218 Protecting Passwords 221 Summary 221 Key Terms 222 Exercises 223 SNMP Enumeration 223 Enumerating Routing Protocols 225 Enumeration with DumpSec 227 Identifying User Agent Strings 227 Browser Enumeration 229 Chapter 6 Automating Encryption and Tunneling Techniques 231 Encryption 232 Secret Key Encryption 233 Data Encryption Standard 235 Triple DES 236 Advanced Encryption Standard 237 One?]Way Functions (Hashes) 237 MD Series 238 SHA 238 Public Key Encryption 238 RSA 239 Diffie?]Hellman 239 El Gamal 240 Elliptic Curve Cryptography 240 Hybrid Cryptosystems 241 Public Key Authentication 241 Public Key Infrastructure 242 Certificate Authority 242 Registration Authority 242 Certificate Revocation List 243 Digital Certificates 243 Certificate Distribution System 244 Encryption Role in Authentication 244 Password Authentication 245 Password Hashing 246 Challenge?]Response 249 Session Authentication 250 Session Cookies 250 Basic Authentication 251 Certificate?]Based Authentication 251 Tunneling Techniques to Obscure Traffi c 252 Internet Layer Tunneling 252 Transport Layer Tunneling 254 Application Layer Tunneling 256 Attacking Encryption and Authentication 259 Extracting Passwords 259 Password Cracking 260 Dictionary Attack 261 Brute?]Force Attack 261 Rainbow Table 263 Other Cryptographic Attacks 263 Summary 264 Key Terms 264 Exercises 266 CrypTool 266 Extract an E?]mail Username and Password 268 RainbowCrack 268 John the Ripper 270 Chapter 7 Automated Attack and Penetration Tools 273 Why Attack and Penetration Tools Are Important 274 Vulnerability Assessment Tools 274 Source Code Assessment Tools 275 Application Assessment Tools 276 System Assessment Tools 276 Attributes of a Good System Assessment Tool 278 Nessus 279</p&g … (more)
- Edition:
- 1st
- Publisher Details:
- Hoboken : John Wiley & Sons
- Publication Date:
- 2015
- Extent:
- 1 online resource
- Subjects:
- 005.8
Computer networks -- Security measures -- Testing - Languages:
- English
- ISBNs:
- 9781118987131
- Related ISBNs:
- 9781118987155
- Notes:
- Note: Description based on CIP data; resource not viewed.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.41510
- Ingest File:
- 02_195.xml