Penetration Testing and Network Defense

Book Description

The practical guide to simulating, detecting, and responding to network attacks 

• Create step-by-step testing plans
• Learn to perform social engineering and host reconnaissance
• Evaluate session hijacking methods
• Exploit web server vulnerabilities
• Detect attempts to breach database security
• Use password crackers to obtain access information
• Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
• Scan and penetrate wireless networks
• Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
• Test UNIX, Microsoft, and Novell servers for vulnerabilities
• Learn the root cause of buffer overflows and how to prevent them
• Perform and prevent Denial of Service attacks

Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.

 

Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.

 

Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.

 

Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.

 

“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”

–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®

 

書籍描述

《滲透測試與網路防禦》是一本實用指南，介紹了模擬、偵測和應對網路攻擊的方法。

本書包含以下內容：
- 創建逐步測試計劃
- 學習進行社交工程和主機偵察
- 評估會話劫持方法
- 利用網頁伺服器漏洞進行攻擊
- 偵測企圖入侵資料庫安全性
- 使用密碼破解器獲取訪問資訊
- 繞過入侵防護系統（IPS）和防火牆保護，並干擾路由器和交換機的服務
- 掃描和入侵無線網路
- 了解特洛伊木馬、病毒和其他後門應用程式的內部運作
- 測試UNIX、Microsoft和Novell伺服器的漏洞
- 了解緩衝區溢位的根本原因以及如何預防
- 執行和防止拒絕服務攻擊

滲透測試是一個不斷發展的領域，但迄今尚未有一本明確的資源教導道德駭客如何在進行滲透測試時考慮道德和責任。《滲透測試與網路防禦》提供了詳細的步驟，教導如何模擬外部攻擊者以評估網路的安全性。

與其他駭客書籍不同，本書專注於滲透測試。它包含有關法律責任和道德問題的重要資訊，以及相關的程序和文件。本書使用流行的開源和商業應用程式，向讀者展示如何對組織的網路進行滲透測試，從創建測試計劃到進行社交工程和主機偵察，再到對有線和無線網路進行模擬攻擊。

《滲透測試與網路防禦》不僅僅是一本駭客書籍，它還展示了如何在實際網路中檢測攻擊。通過詳細介紹攻擊方法以及如何在網路上發現攻擊，本書能更好地幫助讀者防範駭客。您將學習如何配置、記錄和阻止這些攻擊，以及如何加固系統以保護內部和外部攻擊。

本書充滿了實際案例和逐步操作，既有趣又充滿實用建議，將幫助您評估網路安全性並制定保護敏感資料和公司資源的計劃。

“本書詳細解釋了當今使用的各種測試方法，並深入洞察了負責任的滲透測試專家如何執行他的工作。”
- Bruce Murphy，思科系統全球安全服務副總裁