Network Security Assessment

There are hundreds--if not thousands--of techniques used to compromise both Windows and Unix-based systems. Malicious code and new exploit scripts are released on a daily basis, and each evolution becomes more and more sophisticated. Keeping up with the myriad of systems used by hackers in the wild is a formidable task, and scrambling to patch each potential vulnerability or address each new attack one-by-one is a bit like emptying the Atlantic with paper cup.

If you're a network administrator, the pressure is on you to defend your systems from attack. But short of devoting your life to becoming a security expert, what can you do to ensure the safety of your mission critical systems? Where do you start?

Using the steps laid out by professional security analysts and consultants to identify and assess risks, Network Security Assessment offers an efficient testing model that an administrator can adopt, refine, and reuse to create proactive defensive strategies to protect their systems from the threats that are out there, as well as those still being developed.

This thorough and insightful guide covers offensive technologies by grouping and analyzing them at a higher level--from both an offensive and defensive standpoint--helping administrators design and deploy networks that are immune to offensive exploits, tools, and scripts. Network administrators who need to develop and implement a security assessment program will find everything they're looking for--a proven, expert-tested methodology on which to base their own comprehensive program--in this time-saving new book.

Table of Contents：

Foreword 

Preface 

1. Network Security Assessment

      The Business Benefits 

      IP: The Foundation of the Internet 

      Classifying Internet-Based Attackers 

      Assessment Service Definitions 

      Network Security Assessment Methodology 

      The Cyclic Assessment Approach 

2. The Tools Required

      The Operating Systems 

      Free Network Scanning Tools 

      Commercial Network Scanning Tools 

      Protocol-Dependent Assessment Tools 

3. Internet Host and Network Enumeration

      Web Search Engines 

      NIC Querying 

      DNS Querying 

      Enumeration Technique Recap 

      Enumeration Countermeasures 

4. IP Network Scanning

      ICMP Probing 

      TCP Port Scanning 

      UDP Port Scanning 

      IDS Evasion and Filter Circumvention 

      Low-Level IP Assessment 

      Network Scanning Recap 

      Network Scanning Countermeasures 

5. Assessing Remote Information Services

      Remote Information Services 

      systat and netstat 

      DNS 

      finger 

      auth 

      SNMP 

      LDAP 

      rwho 

      RPC rusers 

      Remote Information Services Countermeasures 

6. Assessing Web Services

      Web Services 

      Identifying the Web Service 

      Identifying Subsystems and Components 

      Investigating Web Service Vulnerabilities 

      Accessing Poorly Protected Information 

      Assessing CGI Scripts and Custom ASP Pages 

      Web Services Countermeasures 

7. Assessing Remote Maintenance Services

      Remote Maintenance Services 

      SSH 

      Telnet 

      R-Services 

      X Windows 

      Microsoft Remote Desktop Protocol 

      VNC 

      Citrix 

      Remote Maintenance Services Countermeasures 

8. Assessing FTP and Database Services

      FTP 

      FTP Banner Grabbing and Enumeration 

      FTP Brute-Force Password Guessing 

      FTP Bounce Attacks 

      Circumventing Stateful Filters Using FTP 

      FTP Process Manipulation Attacks 

      FTP Services Countermeasures 

      Database Services 

      Microsoft SQL Server 

      Oracle 

      MySQL 

      Database Services Countermeasures 

9. Assessing Windows Networking Services

      Microsoft Windows Networking Services 

      Microsoft RPC Services 

      The NetBIOS Name Service 

      The NetBIOS Datagram Service 

      The NetBIOS Session Service 

      The CIFS Service 

      Unix Samba Vulnerabilities 

      Windows Networking Services Countermeasures 

10. Assessing Email Services

      Email Service Protocols 

      SMTP 

      POP-2 and POP-3 

      IMAP 

      Email Services Countermeasures 

11. Assessing IP VPN Services

      IPsec VPNs 

      Attacking IPsec VPNs 

      Check Point VPN Security Issues 

      Microsoft PPTP 

      VPN Services Countermeasures 

12. Assessing Unix RPC Services

      Enumerating Unix RPC Services 

      RPC Service Vulnerabilities 

      Unix RPC Services Countermeasures 

13. Application-Level Risks

      The Fundamental Hacking Concept 

      The Reasons Why Software Is Vulnerable 

      Network Service Vulnerabilities and Attacks 

      Classic Buffer-Overflow Vulnerabilities 

      Heap Overflows 

      Integer Overflows 

      Format String Bugs 

      Memory Manipulation Attacks Recap 

      Mitigating Process Manipulation Risks 

      Recommended Secure Development Reading 

14. Example Assessment Methodology

      Network Scanning 

      Accessible Network Service Identification 

      Investigation of Known Vulnerabilities 

      Network Service Testing 

      Methodology Flow Diagram 

      Recommendations 

      Closing Comments 

A. TCP, UDP Ports, and ICMP Message Types

      TCP Ports 

      UDP Ports 

      ICMP Message Types 

B. Sources of Vulnerability Information

      Security Mailing Lists 

      Vulnerability Databases and Lists 

      Underground Web Sites 

      Security Events and Conferences 

Index