Search Inside and Read Larger Cover Network Security Assessment, 3rd Edition Know Your Network By Publisher: O'Reilly Media Final Release Date: December 2016 Pages: 494 How secure is your network? The best way to find out is to attack it, using the same tactics attackers employ to identify and exploit weaknesses. With the third edition of this practical book, you’ll learn how to perform network-based penetration testing in a structured manner. Security expert Chris McNab demonstrates common vulnerabilities, and the steps you can take to identify them in your environment. System complexity and attack surfaces continue to grow. This book provides a process to help you mitigate risks posed to your network. Each chapter includes a checklist summarizing attacker techniques, along with effective countermeasures you can use immediately. Learn how to effectively test system components, including: Common services such as SSH, FTP, Kerberos, SNMP, and LDAP

Microsoft services, including NetBIOS, SMB, RPC, and RDP

SMTP, POP3, and IMAP email services

IPsec and PPTP services that provide secure network access

TLS protocols and features providing transport security

Web server software, including Microsoft IIS, Apache, and Nginx

Frameworks including Rails, Django, Microsoft ASP.NET, and PHP

Database servers, storage protocols, and distributed key-value stores Chapter 1 Introduction to Network Security Assessment The State of the Art Threats and Attack Surface Assessment Flavors What This Book Covers Chapter 2 Assessment Workflow and Tools Network Security Assessment Methodology Your Testing Platform Chapter 3 Vulnerabilities and Adversaries The Fundamental Hacking Concept Why Software Is Vulnerable Considering Attack Surface A Taxonomy of Software Security Errors Threat Modeling Attacking C/C++ Applications Logic Flaws and Other Bugs Cryptographic Weaknesses Vulnerabilities and Adversaries Recap Chapter 4 Internet Network Discovery Querying Search Engines and Websites Domain WHOIS IP WHOIS BGP Enumeration DNS Querying SMTP Probing Automating Enumeration Enumeration Technique Recap Enumeration Countermeasures Chapter 5 Local Network Discovery Data Link Protocols Local IP Protocols Local Network Discovery Recap Local Network Attack Countermeasures Chapter 6 IP Network Scanning Initial Network Scanning with Nmap Low-Level IP Assessment Vulnerability Scanning with NSE Bulk Vulnerability Scanning IDS and IPS Evasion Network Scanning Recap Network Scanning Countermeasures Chapter 7 Assessing Common Network Services FTP TFTP SSH Telnet IPMI DNS Multicast DNS NTP SNMP LDAP Kerberos VNC Unix RPC Services Common Network Service Assessment Recap Service Hardening and Countermeasures Chapter 8 Assessing Microsoft Services NetBIOS Name Service SMB Microsoft RPC Services Attacking SMB and RPC Remote Desktop Services Microsoft Services Testing Recap Microsoft Services Countermeasures Chapter 9 Assessing Mail Services Mail Protocols SMTP POP3 IMAP Mail Services Testing Recap Mail Services Countermeasures Chapter 10 Assessing VPN Services IPsec PPTP VPN Testing Recap VPN Services Countermeasures Chapter 11 Assessing TLS Services TLS Mechanics Understanding TLS Vulnerabilities Assessing TLS Endpoints TLS Service Assessment Recap TLS Hardening Web Application Hardening Chapter 12 Web Application Architecture Web Application Types Web Application Tiers Chapter 13 Assessing Web Servers Identifying Proxy Mechanisms Enumerating Valid Hosts Web Server Profiling Active Scanning Qualifying Web Server Vulnerabilities Web Server Hardening Chapter 14 Assessing Web Application Frameworks Framework and Data Store Profiling Understanding Common Flaws PHP Apache Tomcat JBoss Testing Apache Struts JDWP Adobe ColdFusion Django Rails Node.js Microsoft ASP.NET Application Framework Security Checklist Chapter 15 Assessing Data Stores MySQL PostgreSQL Microsoft SQL Server Oracle Database MongoDB Redis Memcached Apache Hadoop NFS Apple Filing Protocol iSCSI Data Store Countermeasures Appendix Common Ports and Message Types TCP Ports UDP Ports ICMP Message Types Appendix Sources of Vulnerability Information Twitter Accounts Bug Trackers Mailing Lists Security Events and Conferences Appendix Unsafe TLS Cipher Suites Title: Network Security Assessment, 3rd Edition By: Chris McNab Publisher: O'Reilly Media Formats: Print

Ebook

Safari Books Online Print: Ebook: Pages: 494 Print ISBN: 978-1-4919-1095-5 | ISBN 10: 1-4919-1095-X Ebook ISBN: 978-1-4919-1094-8 | ISBN 10: 1-4919-1094-1 Chris McNab Chris McNab is the author of "Network Security Assessment" and founder of AlphaSOC, a security analytics software company with offices in the United States and United Kingdom. Chris has presented at events including FIRST, OWASP, InfoSecurity Europe, InfoSec World, and the Cloud Security Alliance Congress, and works with client organizations around the world to understand and mitigate vulnerabilities within their environments.



During 2012 and 2013, Chris performed incident response and forensics work for organizations targeted by Alexsey Belan, who occupied the top spot on the FBI's Cyber Most Wanted list and is currently on the run in Europe. In 2011, Chris worked closely with the Attorney General of Guatemala under a United States Agency for International Development (USAID) project to secure the computer systems that underpin the legal system within the country. View Chris McNab's full profile page. Colophon The animals on the cover of Network Security Assessment are porcupine fish (Diodon hystrix). This fish is found in oceans throughout the world, most often among or near coral reef areas. Its tube-shaped body ranges in length from 3 to 19 inches with relatively small fins. When threatened, the fish inflates itself by taking in tiny gulps of water until the stomach is full; the body expands in seconds to double or triple size, and its spines become erect. (Smaller species have spines that are permanently bristly.) The porcupine fish is covered with evenly spaced dark spots, which distinguishes it from other puffers. The fish has a a single tooth in each jaw; fused at the midline, they form a parrotlike beak. A nocturnal hunter, it moves its body over a small area of sand and spurts tiny jets of water to uncover its prey, usually mollusks and crustaceans. The porcupine fish is popular as an aquarium specimen; it's also blown up, dried, and sold as a souvenir. In earlier centuries, certain Pacific island warriors used the porcupine fish to fashion a battle helmet. They would catch a fish, let it inflate, and then bury it in sand for about a week. When dug up, the fish, now a hard ball, would be cut open to make a hard, head-shaped piece that looked most formidable. The porcupine fish isn't listed as endangered or vulnerable with the World Conservation Union. Many of the animals on O'Reilly covers are endangered; all of them are important to the world. To learn more about how you can help, go to animals.oreilly.com . The cover image is a 19th-century engraving from the Dover Pictorial Archive. The cover fonts are URW Typewriter and Guardian Sans. The text font is Adobe Minion Pro; the heading font is Adobe Myriad Condensed; and the code font is Dalton Maag's Ubuntu Mono. Table of Contents Product Details About the Author Colophon Recommended for You Customer Reviews REVIEW SNAPSHOT® by PowerReviews oreilly 4.5 (based on 4 reviews) Ratings Distribution 5 Stars (2)

Expert (3) Reviewed by 4 customers Sort by Newest Oldest Highest rating Lowest rating Most helpful Least helpful Clear all filters Displaying reviews 1-4 Back to top (1 of 1 customers found this review helpful) 4.0 A worthy update. By Jay from Israel Pros Accurate

Helpful examples Cons Not comprehensive enough Best Uses Expert

Intermediate 5.0 Updated content now with diagrams By M from Singapore About Me Infosec Professional Pros Accurate

Easy to understand

Helpful examples

Well-written Cons Best Uses Expert

Intermediate

Novice 4.0 Good By Mpoed from Andromeda About Me Sys Admin Pros Accurate

Concise

Easy to understand

Well-written Cons Best Uses Expert

Intermediate (5 of 5 customers found this review helpful) 5.0 Must have book for advanced penetration testing By Raj from Chennai, India About Me Penetration Tester Pros Accurate

Concise

Displaying reviews 1-4 Back to top