Assessing Network Security: Testing Your Defenses

Overview

Don’t wait for an attacker to find and exploit your security vulnerabilities—take the lead by assessing the state of your network’s security. This book delivers advanced network testing strategies, including vulnerability scanning and penetration testing, from members of the Microsoft security teams. These real-world practitioners provide hands-on guidance on how to perform security assessments, uncover security vulnerabilities, and apply appropriate countermeasures. The companion CD features time-saving tools ...

See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (17) from $1.99   
  • New (4) from $45.88   
  • Used (13) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$45.88
Seller since 2015

Feedback rating:

(1)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
From the Publisher Don’t wait for an attacker to find and exploit your security vulnerabilities—take the lead by assessing the state of your network’s security. This book delivers ... advanced network testing strategies, including vulnerability scanning and penetration testing, from members of the Microsoft security teams. These real-world practitioners provide hands-on guidance on how to perform security assessments, uncover security vulnerabilities, and apply appropriate countermeasures. The companion CD features time-saving tools and scripts that you can use to reveal and help correct security vulnerabilities in your own network. Sharpen and advance your security assessment skills, including how to: •Detect vulnerabilities and perform penetration tests •Conduct and properly report an IT security audit •Find hidden hosts by using DNS, WINS, and NetBIOS •Sweep your network to analyze network topology, existing hosts, and multi-homed systems •Determine the status of ICP and UDP ports by using port scanning Recognize and help counter common network threats, including: •War dialing, war driving, and Bluetooth attacks •Packet and network sniffing •IP, e-mail, and DNS spoofing •Password cracking •Communication interceptions and modifications •IDS and IPS attacker detection avoidance •Spam and other e-mail abuses CD features: •Tools for testing e-mail, databases, and Web servers •Scripts for finding common information leaks and other potential security issues •Complete eBook in PDF format SRP: $49.99 You Save: $4.11 % Saving: 8.22 % Read more Show Less

Ships from: Oxnard, CA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Express, 48 States
$59.05
Seller since 2015

Feedback rating:

(348)

Condition: New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$65.00
Seller since 2015

Feedback rating:

(219)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$65.00
Seller since 2015

Feedback rating:

(219)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

Don’t wait for an attacker to find and exploit your security vulnerabilities—take the lead by assessing the state of your network’s security. This book delivers advanced network testing strategies, including vulnerability scanning and penetration testing, from members of the Microsoft security teams. These real-world practitioners provide hands-on guidance on how to perform security assessments, uncover security vulnerabilities, and apply appropriate countermeasures. The companion CD features time-saving tools and scripts that you can use to reveal and help correct security vulnerabilities in your own network.

Sharpen and advance your security assessment skills, including how to:

  • Detect vulnerabilities and perform penetration tests
  • Conduct and properly report an IT security audit
  • Find hidden hosts by using DNS, WINS, and NetBIOS
  • Sweep your network to analyze network topology, existing hosts, and multi-homed systems
  • Determine the status of ICP and UDP ports by using port scanning

Recognize and help counter common network threats, including:

  • War dialing, war driving, and Bluetooth attacks
  • Packet and network sniffing
  • IP, e-mail, and DNS spoofing
  • Password cracking
  • Communication interceptions and modifications
  • IDS and IPS attacker detection avoidance
  • Spam and other e-mail abuses

CD features:

  • Tools for testing e-mail, databases, and Web servers
  • Scripts for finding common information leaks and other potential security issues
  • Complete eBook in PDF format

A Note Regarding the CD or DVD

The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.

Read More Show Less

Product Details

  • ISBN-13: 9780735620339
  • Publisher: Microsoft Press
  • Publication date: 6/23/2004
  • Series: Pro-One-Offs Series
  • Pages: 592
  • Product dimensions: 7.26 (w) x 9.00 (h) x 1.59 (d)

Meet the Author

Ben Smith is a senior security strategist at Microsoft, where he works on developing the company's long-term security strategy. Prior to joining the Microsoft Security Strategies team, he was the lead subject matter expert on security for Microsoft Training & Certification. In addition to being a featured speaker at IT industry conferences, Ben recently consulted with the U.S. National Science Foundation on creating methods for preparing a cyber security workforce. Ben is also the chair of the vendor-neutral security certification, CompTIA Security+. He is a Microsoft Certified Systems Engineer (MCSE), Microsoft Certified Trainer (MCT), Certified Information Systems Security Professional (CISSP), and a Cisco Certified Network Associate (CCNA). Ben lives near Redmond, Washington, with his wife Beth Boatright.

Kevin Lam is a Microsoft security technologist, part of the team responsible for assessing the security status of Microsoft products, network infrastructure, and services. He’s also worked as technical lead on penetration testing teams for several leading security companies.

David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft®. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.

Read More Show Less

Table of Contents

Acknowledgments;
Foreword;
Introduction;
Who Should Read This Book;
Organization of This Book;
System Requirements;
Support;
Part I: Planning and Performing Security Assessments;
Chapter 1: Introduction to Performing Security Assessments;
Role of Security Assessments in Network Security;
Why Does Network Security Fail?;
Types of Security Assessments;
Frequently Asked Questions;
Chapter 2: Key Principles of Security;
Making Security Easy;
Risk Management;
Immutable Laws;
Frequently Asked Questions;
Chapter 3: Using Vulnerability Scanning to Assess Network Security;
Setting a Scope for the Project;
Determining Goals;
Choosing a Technology;
Creating a Process for Scanning for Vulnerabilities;
Creating a Process for Analyzing the Results;
Frequently Asked Questions;
Chapter 4: Conducting a Penetration Test;
What the Attacker Is Thinking About;
Defining the Penetration Test Engagement;
Performing the Penetration Test;
Frequently Asked Questions;
Chapter 5: Performing IT Security Audits;
Components of an IT Security Audit;
Preliminary Decisions;
Planning and Performing the Audit;
Frequently Asked Questions;
Chapter 6: Reporting Your Findings;
Guidelines for Reporting Your Findings;
Framework for Reporting Your Findings;
Frequently Asked Questions;
Chapter 7: Building and Maintaining Your Security Assessment Skills;
Building Core Skills;
Staying Up-to-Date;
Frequently Asked Questions;
Part II: Penetration Testing for Nonintrusive Attacks;
Chapter 8: Information Reconnaissance;
Understanding Information Reconnaissance;
Registrar Information;
IP Network Block Assignment;
Web Pages;
Search Engines;
Public Discussion Forums;
Frequently Asked Questions;
Chapter 9: Host Discovery Using DNS and NetBIOS;
Using DNS;
Using NetBIOS;
Using LDAP;
Frequently Asked Questions;
Chapter 10: Network and Host Discovery;
Network Sweeping Techniques;
Network Topology Discovery;
Frequently Asked Questions;
Chapter 11: Port Scanning;
TCP Connect Scans;
Custom TCP Scans;
UDP Scans;
FTP Bounce Scans;
Port Scanning Tips and Tricks;
Fragmentation and Port Scans;
Port Scanning Countermeasures;
Frequently Asked Questions;
Chapter 12: Obtaining Information from a Host;
Fingerprinting;
Application Fingerprinting;
What’s On That Port?;
Frequently Asked Questions;
Chapter 13: War Dialing, War Driving, and Bluetooth Attacks;
Modem Detection—War Dialing;
Wireless LAN Detection—War Driving;
Bluetooth Attacks;
Frequently Asked Questions;
Part III: Penetration Testing for Intrusive Attacks;
Chapter 14: Automated Vulnerability Detection;
Scanning Techniques;
Selecting a Scanner;
Scanning Approaches;
Frequently Asked Questions;
Chapter 15: Password Attacks;
Where to Find Passwords;
Brute Force Attacks;
Password Disclosure Attacks;
Frequently Asked Questions;
Chapter 16: Denial of Service Attacks;
Flooding Attacks;
Resource Starvation Attacks;
Disruption of Service;
Frequently Asked Questions;
Chapter 17: Application Attacks;
Buffer Overruns;
Integer Overflows;
Finding Buffer Overruns;
Frequently Asked Questions;
Chapter 18: Database Attacks;
Database Server Detection;
Missing Product Patches;
Unauthorized Access;
Weak Passwords;
Network Sniffing;
SQL Injection;
Frequently Asked Questions;
Chapter 19: Network Sniffing;
Understanding Network Sniffing;
Debunking Network Sniffing Myths;
Detecting Network Sniffing Threats;
Countermeasures;
Frequently Asked Questions;
Chapter 20: Spoofing;
IP Spoofing;
Spoofing E-Mail;
DNS Spoofing;
Frequently Asked Questions;
Chapter 21: Session Hijacking;
Understanding Session Hijacking;
Network-Level Session Hijacking;
Host-Level Session Hijacking;
Application-Level Hijacking;
Frequently Asked Questions;
Chapter 22: How Attackers Avoid Detection;
Log Flooding;
Logging Mechanisms;
Detection Mechanisms;
Fragmentation;
Canonicalization;
Decoys;
How Attackers Avoid Detection Post-Intrusion;
Frequently Asked Questions;
Chapter 23: Attackers Using Non-Network Methods to Gain Access;
Gaining Physical Access to Information Resources;
Using Social Engineering;
Frequently Asked Questions;
Part IV: Security Assessment Case Studies;
Chapter 24: Web Threats;
Client-Level Threats;
Server-Level Threats;
Service-Level Threats;
Frequently Asked Questions;
Chapter 25: E-Mail Threats;
Client-Level Threats;
Server-Level Threats;
Spam;
Frequently Asked Questions;
Chapter 26: Domain Controller Threats;
Password Attacks;
Elevation of Privilege;
Denial of Service;
Physical Security Threats;
Frequently Asked Questions;
Chapter 27: Extranet and VPN Threats;
Fundamentals of Secure Network Design;
Penetration Testing an Extranet;
A Sample Extranet Penetration Test;
Frequently Asked Questions;
Part V: Appendixes;
Appendix A: Checklists;
Penetration Test Checklists;
Countermeasures Checklists;
Appendix B: References;
Chapter 1: Introduction to Performing Security Assessments;
Chapter 2: Key Principles of Security;
Chapter 3: Using Vulnerability Scanning to Assess Network Security;
Chapter 4: Conducting a Penetration Test;
Chapter 5: Performing IT Security Audits;
Chapter 6: Reporting Your Findings;
Chapter 7: Building and Maintaining Your Security Assessment Skills;
Chapter 8: Information Reconnaisance;
Chapter 9: Host Discovery Using DNS and NetBIOS;
Chapter 10: Network and Host Discovery;
Chapter 11: Port Scanning;
Chapter 12: Obtaining Information from a Host;
Chapter 13: War Dialing, War Driving, and Bluetooth Attacks;
Chapter 14: Automated Vulnerability Detection;
Chapter 15: Password Attacks;
Chapter 16: Denial of Service Attacks;
Chapter 17: Application Attacks;
Chapter 18: Database Attacks;
Chapter 19: Network Sniffing;
Chapter 20: Spoofing;
Chapter 21: Session Hijacking;
Chapter 22: How Attackers Avoid Detection;
Chapter 23: Attackers Using Non-Network Methods to Gain Access;
Chapter 24: Web Threats;
Chapter 25: E-Mail Threats;
Chapter 26: Domain Controller Threats;
Chapter 27: Extranet and VPN Threats;
Appendix : About the Authors;

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted December 30, 2011

    Bought this from a store nook.

    I read this so i could assess the network security. Its not very secure.

    Was this review helpful? Yes  No   Report this review
  • Posted September 16, 2011

    One of the best books on penetration testing!

    I like how this book isnt like others and filled with outdated exploits and tools. The stuff in this book is platform agnostic and atomic so it doesnt get easily outdated.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)