Securing Network Infrastructure
Sairam Jetty Sagar Rahalkar更新时间:2021-08-20 10:16:38
最新章节:Leave a review - let other readers know what you thinkcoverpage
Title Page
Copyright and Credits
Securing Network Infrastructure
About Packt
Why subscribe?
Packt.com
Contributors
About the authors
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this course
Download the color images
Conventions used
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Get in touch
Reviews
Introduction to Network Vulnerability Scanning
Basic networks and their components
Network Vulnerability Scanning
Flow of procedures
Discovery
Port scanning
Vulnerability scanning
Uses
Complexity
Scope of the scan
Network architecture
Network access
Response
Summary
Understanding Network Scanning Tools
Introducing Nessus and Nmap
Useful features of Nessus
Policies
Plugin Rules
Customized Reports
Scanners
Various features of Nmap
Host discovery
Scan techniques
Port specification and scan order
Service or version detection
Script scan
OS detection
Timing and performance
Evasion and spoofing
Output
Target specification
Installing and activating Nessus
Getting ready
How to do it …
How it works…
There's more…
Downloading and installing Nmap
Getting ready
How to do it…
How it works…
There's more…
Updating Nessus
Getting ready
How to do it…
There's more…
Updating Nmap
Getting ready
How to do it…
Removing Nessus
Getting ready
How to do it…
There's more…
Removing Nmap
How to do it…
There's more…
Port Scanning
Introduction
How to specify a target
Getting ready
How do it…
How it works...
How to perform host discovery
How do it…
How it works…
How to identify open ports
How do it…
How it works…
How to manage specification and scan order
How do it…
How it works…
How to perform a script and version scan
How do it…
How it works …
How to detect operating system
How do it…
How it works…
How to detect and bypass network protection systems
How do it…
How it works…
How to use Zenmap
How do it…
How it works…
Vulnerability Scanning
Introduction
How to manage Nessus policies
Getting ready
How to do it…
How it works...
How to manage Nessus settings
Getting ready
How to do it…
How it works...
How to manage Nessus user accounts
Getting ready
How to do it…
How it works...
How to choose a Nessus scan template and policy
Getting ready
How to do it…
How it works...
How to perform a vulnerability scan using Nessus
Getting ready
How to do it…
How it works...
How to manage Nessus scans
Getting ready
How to do it…
How it works...
Configuration Audits
Introducing compliance scans
Selecting a compliance scan policy
Plugins
Synopsis
Description
Solution
Plugin information
Risk information
Vulnerability information
Reference information
Compliance standards
Getting ready
How do it…
How it works...
Introducing configuration audits
Database audit
Network device audit
Operating system audit
Application audit
Performing an operating system audit
Getting ready
How do it…
How it works...
Performing a database audit
Getting ready
How do it…
How it works...
Performing a web application scan
Getting ready
How do it…
How it works...
Report Analysis and Confirmation
Introduction
Understanding Nmap outputs
Getting ready
How do it…
How it works...
Understanding Nessus outputs
Nessus
HTML
CSV
Nessus DB
Getting ready
How do it…
How it works...
How to confirm Nessus vulnerabilities using Nmap and other tools
Getting ready
How do it…
How it works...
Understanding the Customization and Optimization of Nessus and Nmap
Introduction
Understanding Nmap Script Engine and its customization
Syntax
Environment variables
Script template
Getting ready
How do it…
How it works...
Understanding the Nessus Audit policy and its customization
Getting ready
How do it…
How it works...
Network Scanning for IoT SCADA/ICS
Introduction to SCADA/ICS
Using Nmap to scan SCADA/ICS
Getting ready
How do it…
How it works...
There's more...
Using Nessus to scan SCADA/ICS systems
Getting ready
How do it..
How it works...
There's more...
Vulnerability Management Governance
Security basics
The CIA triad
Confidentiality
Integrity
Availability
Identification
Authentication
Authorization
Auditing
Accounting
Non–repudiation
Vulnerability
Threats
Exposure
Risk
Safeguards
Attack vectors
Understanding the need for security assessments
Types of security tests
Security testing
Vulnerability assessment versus penetration testing
Security assessment
Security audit
Business drivers for vulnerability management
Regulatory compliance
Satisfying customer demands
Response to some fraud/incident
Gaining a competitive edge
Safeguarding/protecting critical infrastructures
Calculating ROIs
Setting up the context
Bottom-up
Top-down
Policy versus procedure versus standard versus guideline
Vulnerability assessment policy template
Penetration testing standards
Penetration testing lifecycle
Industry standards
Open Web Application Security Project testing guide
Benefits of the framework
Penetration testing execution standard
Benefits of the framework
Summary
Exercises
Setting Up the Assessment Environment
Setting up a Kali virtual machine
Basics of Kali Linux
Environment configuration and setup
Web server
Secure Shell (SSH)
File Transfer Protocol (FTP)
Software management
List of tools to be used during assessment
Summary
Security Assessment Prerequisites
Target scoping and planning
Gathering requirements
Preparing a detailed checklist of test requirements
Suitable time frame and testing hours
Identifying stakeholders
Deciding upon the type of vulnerability assessment
Types of vulnerability assessment
Types of vulnerability assessment based on the location
External vulnerability assessment
Internal vulnerability assessment
Based on knowledge about environment/infrastructure
Black-box testing
White-box testing
Gray-box testing
Announced and unannounced testing
Automated testing
Authenticated and unauthenticated scans
Agentless and agent-based scans
Manual testing
Estimating the resources and deliverables
Preparing a test plan
Getting approval and signing NDAs
Confidentiality and nondisclosure agreements
Summary
Information Gathering
What is information gathering?
Importance of information gathering
Passive information gathering
Reverse IP lookup
Site report
Site archive and way-back
Site metadata
Looking for vulnerable systems using Shodan
Advanced information gathering using Maltego
theHarvester
Active information gathering
Active information gathering with SPARTA
Recon-ng
Dmitry
Summary
Enumeration and Vulnerability Assessment
What is enumeration?
Enumerating services
HTTP
FTP
SMTP
SMB
DNS
SSH
VNC
Using Nmap scripts
http-methods
smb-os-discovery
http-sitemap-generator
mysql-info
Vulnerability assessments using OpenVAS
Summary
Gaining Network Access
Gaining remote access
Direct access
Target behind router
Cracking passwords
Identifying hashes
Cracking Windows passwords
Password profiling
Password cracking with Hydra
Creating backdoors using Backdoor Factory
Exploiting remote services using Metasploit
Exploiting vsftpd
Exploiting Tomcat
Hacking embedded devices using RouterSploit
Social engineering using SET
Summary
Assessing Web Application Security
Importance of web application security testing
Application profiling
Common web application security testing tools
Authentication
Credentials over a secure channel
Authentication error messages
Password policy
Method for submitting credentials
OWASP mapping
Authorization
OWASP mapping
Session management
Cookie checks
Cross-Site Request Forgery
OWASP mapping
Input validation
OWASP mapping
Security misconfiguration
OWASP mapping
Business logic flaws
Testing for business logic flaws
Auditing and logging
OWASP mapping
Cryptography
OWASP mapping
Testing tools
OWASP ZAP
Burp Suite
Summary
Privilege Escalation
What is privilege escalation?
Horizontal versus vertical privilege escalation
Horizontal privilege escalation
Vertical privilege escalation
Privilege escalation on Windows
Privilege escalation on Linux
Summary
Maintaining Access and Clearing Tracks
Maintaining access
Clearing tracks and trails
Anti-forensics
Summary
Vulnerability Scoring
Requirements for vulnerability scoring
Vulnerability scoring using CVSS
Base metric group
Exploitability metrics
Attack vector
Attack complexity
Privileges required
User interaction
Scope
Impact metrics
Confidentiality impact
Integrity impact
Availability impact
Temporal metric group
Exploit code maturity
Remediation level
Report confidence
CVSS calculator
Summary
Threat Modeling
What is threat modeling?
Benefits of threat modeling
Threat modeling terminology
How to model threats?
Threat modeling techniques
STRIDE
DREAD
Threat modeling tools
Microsoft Threat Modeling Tool
SeaSponge
Summary
Patching and Security Hardening
Defining patching?
Patch enumeration
Windows patch enumeration
Linux patch enumeration
Security hardening and secure configuration reviews
Using CIS benchmarks
Summary
Vulnerability Reporting and Metrics
Importance of reporting
Type of reports
Executive reports
Detailed technical reports
Reporting tools
Dradis
KeepNote
Collaborative vulnerability management with Faraday v2.6
Metrics
Mean time to detect
Mean time to resolve
Scanner coverage
Scan frequency by asset group
Number of open critical/high vulnerabilities
Average risk by BU asset group and so on
Number of exceptions granted
Vulnerability reopen rate
Percentage of systems with no open high/critical vulnerability
Vulnerability ageing
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-08-20 10:16:38