Applied network security : master the art of detecting and averting advanced network security attacks and techniques / / Arthur Salmon, Warun Levesque, Michael McLafferty |
Autore | Salmon Arthur |
Edizione | [1st edition] |
Pubbl/distr/stampa | Birmingham, England ; ; Mumbai, [India] : , : Packt, , 2017 |
Descrizione fisica | 1 online resource (320 pages) : illustrations |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Business enterprises - Computer networks - Security measures |
Soggetto genere / forma | Electronic books. |
ISBN | 1-78646-968-5 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover -- Copyright -- Credits -- About the Authors -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: Introduction to Network Security -- Murphy's law -- Hackers (and their types) defined -- Hacker tools -- The hacking process -- Ethical hacking issues -- Current technologies -- Recent events and statistics of network attacks -- Our defense -- Security for individuals versus companies -- Wi-Fi vulnerabilities -- Knowns and unknowns -- False positives -- Mitigation against threats -- Building an assessment -- Summary -- References -- Chapter 2: Sniffing the Network -- What is network sniffing? -- Why network sniffing is important -- Scan a single IP -- Scan a host -- Scan a range of IPs -- Scan a subnet -- Nmap port selection -- Scan a single port -- Scan a range of ports -- Scan 100 most common ports (fast) -- Scan all 65535 ports -- Nmap port scan types -- Scan using TCP SYN scan (default) -- Scan using TCP connect -- Service and OS detection -- Detect OS and services -- Standard service detection -- More aggressive service detection -- Lighter banner-grabbing detection -- Nmap output formats -- Save default output to file -- Save in all formats -- Scan using a specific NSE script -- Scan with a set of scripts -- Lab 1-a scan to search for DDoS reflection UDP services -- Using Wireshark filters -- Wireshark filter cheat sheet -- Lab 2 -- Sparta -- Brute-force passwords -- Lab 3-scanning -- Scanning a subnet -- Spoofing and decoy scans -- Evading firewalls -- Gathering version info -- UDP scan -- The reason switch -- Using a list -- Output to a file -- Commands -- Starting the listener -- Countermeasures -- Summary -- Chapter 3: How to Crack Wi-Fi Passwords -- Why should we crack our own Wi-Fi? -- What's the right way to do it? -- The method -- The requirements -- What is packet injection?.
Wi-Fi cracking tools -- The steps -- The Transmission Control Protocol (TCP) handshake -- The password lists -- How to make a strong password -- The short version (a cheat-sheet for the aircrack-ng suite) -- Summary -- Chapter 4: Creating a RAT Using Msfvenom -- Remote Access Trojans -- Ways to disguise your RAT though Metasploit -- PDF-embedded RAT -- MS Word-embedded RAT -- Android RAT -- Your defence -- Summary -- References -- Chapter 5: Veil Framework -- Veil-Evasion -- Veil-Pillage -- How do hackers hide their attack? -- Intrusion with a PDF -- The scenario -- Veil-PowerTools -- What is antivirus protection? -- What are some vulnerabilities in antivirus protection? -- Evasion and antivirus signatures -- Summary -- References -- Chapter 6: Social Engineering Toolkit and Browser Exploitation -- Social engineering -- What are web injections? -- How SQL injections work -- Cross site scripting (XSS) attacks -- Preventative measures against XSS attacks -- How to reduce your chances of being attacked -- Browser exploitation with BeEF -- Browser hijacking -- BeEF with BetterCap -- BeEF with man-in-the-middle framework (MITMF) -- BeEF with SET -- Summary -- Chapter 7: Advanced Network Attacks -- What is an MITM attack? -- Related types of attacks -- Examples of MITM -- Tools for MITM attacks -- Installing MITMF using Kali Linux -- Summary -- Chapter 8: Passing and Cracking the Hash -- What is a hash? -- Authentication protocols -- Cryptographic hash functions -- How do hackers obtain the hash? -- What tools are used to get the hash? -- How are hashes cracked? -- How do pass the hash attacks impact businesses? -- What defences are there against hash password attacks? -- Summary -- References -- Links to download tools -- Chapter 9: SQL Injection -- What is SQL and how does it work? -- SQL command examples -- SQL injection. Examples of SQL injection attacks -- Ways to defend against SQL injection attacks -- Attack vectors for web applications -- Bypassing authentication -- Bypass blocked and filtered websites -- Finding vulnerabilities from a targeted sites -- Extracting data with SQLmap -- Hunting for web app vulnerabilities with Open Web Application Security Project (OWASP) ZAP -- Summary -- Chapter 10: Scapy -- Scapy -- Creating our first packet -- Sending and receiving -- Layering -- Viewing the packet -- Handling files -- The TCP three way handshake -- SYN scan -- A DNS query -- Malformed packets -- Ping of death -- Teardrop attack (aka Nestea) -- ARP cache poisoning -- ARP poisoning commands -- ACK scan -- TCP port scanning -- VLAN hopping -- Wireless sniffing -- OS fingerprinting ISN -- Sniffing -- Passive OS detection -- Summary -- Chapter 11: Web Application Exploits -- Web application exploits -- What tools are used for web application penetration testing? -- What is Autopwn? -- Using Autopwn2 -- What is BeEF and how to use it? -- Defenses against web application attacks -- Summary -- Chapter 12: Evil Twins and Spoofing -- What is an evil twin? -- What is address spoofing? -- What is DNS spoofing? -- What tools are used for setting up an evil twin? -- The dangers of public Wi-Fi and evil twins -- How to detect an evil twin? -- Summary -- Chapter 13: Injectable Devices -- A deeper look into USB -- A possible threat -- An evil USB -- How does the Rubber Ducky work? -- Disabling ports -- A KeyGrabber? -- What the glitch? -- Summary -- Chapter 14: The Internet of Things -- What is the Internet of Things? -- IOT vulnerabilities and cyber security -- IOT and botnets -- Summary -- Sources -- Chapter 15: Detection Systems -- IDS -- IPS -- Host based -- Network-based -- Physical -- Summary of differences -- Why? -- Who and when?. Security Information and Event Management (SIEM) -- Splunk -- Alert status -- IDS versus IPS -- Snort as an IPS -- How? -- Lab 1-installing Snort and creating ICMP rules lab -- Lab 2-create the following snort.conf and icmp.rules files -- Rule options -- Lab 3-execute Snort -- Show log alert -- Alert explanation -- Lab 4-execute Snort as Daemon -- Summary -- Chapter 16: Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra -- The history of Wi-Fi - the WLAN standard -- Wireless vulnerability -- The Wi-Fi Pineapple -- For penetration testing -- Lab 1-how to set up -- Getting connected -- Performing a scan -- Getting connected, managing your network, and broadcasting Wi-Fi -- Reporting data -- Logging data with Pineapple -- Reporting data -- Enabling the landing page -- Summary -- Chapter 17: Offensive Security and Threat Hunting -- What is offensive security? -- What tools are used for offensive security? -- SET browser exploit lab -- Threat hunting platforms -- Using the Pineapple for offensive security -- Lab 1-setting up an Evil Portal on the Pineapple -- Summary -- Index. |
Record Nr. | UNINA-9910465787003321 |
Salmon Arthur | ||
Birmingham, England ; ; Mumbai, [India] : , : Packt, , 2017 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Applied network security : master the art of detecting and averting advanced network security attacks and techniques / / Arthur Salmon, Warun Levesque, Michael McLafferty |
Autore | Salmon Arthur |
Edizione | [1st edition] |
Pubbl/distr/stampa | Birmingham, England ; ; Mumbai, [India] : , : Packt, , 2017 |
Descrizione fisica | 1 online resource (320 pages) : illustrations |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Business enterprises - Computer networks - Security measures |
ISBN | 1-78646-968-5 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover -- Copyright -- Credits -- About the Authors -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: Introduction to Network Security -- Murphy's law -- Hackers (and their types) defined -- Hacker tools -- The hacking process -- Ethical hacking issues -- Current technologies -- Recent events and statistics of network attacks -- Our defense -- Security for individuals versus companies -- Wi-Fi vulnerabilities -- Knowns and unknowns -- False positives -- Mitigation against threats -- Building an assessment -- Summary -- References -- Chapter 2: Sniffing the Network -- What is network sniffing? -- Why network sniffing is important -- Scan a single IP -- Scan a host -- Scan a range of IPs -- Scan a subnet -- Nmap port selection -- Scan a single port -- Scan a range of ports -- Scan 100 most common ports (fast) -- Scan all 65535 ports -- Nmap port scan types -- Scan using TCP SYN scan (default) -- Scan using TCP connect -- Service and OS detection -- Detect OS and services -- Standard service detection -- More aggressive service detection -- Lighter banner-grabbing detection -- Nmap output formats -- Save default output to file -- Save in all formats -- Scan using a specific NSE script -- Scan with a set of scripts -- Lab 1-a scan to search for DDoS reflection UDP services -- Using Wireshark filters -- Wireshark filter cheat sheet -- Lab 2 -- Sparta -- Brute-force passwords -- Lab 3-scanning -- Scanning a subnet -- Spoofing and decoy scans -- Evading firewalls -- Gathering version info -- UDP scan -- The reason switch -- Using a list -- Output to a file -- Commands -- Starting the listener -- Countermeasures -- Summary -- Chapter 3: How to Crack Wi-Fi Passwords -- Why should we crack our own Wi-Fi? -- What's the right way to do it? -- The method -- The requirements -- What is packet injection?.
Wi-Fi cracking tools -- The steps -- The Transmission Control Protocol (TCP) handshake -- The password lists -- How to make a strong password -- The short version (a cheat-sheet for the aircrack-ng suite) -- Summary -- Chapter 4: Creating a RAT Using Msfvenom -- Remote Access Trojans -- Ways to disguise your RAT though Metasploit -- PDF-embedded RAT -- MS Word-embedded RAT -- Android RAT -- Your defence -- Summary -- References -- Chapter 5: Veil Framework -- Veil-Evasion -- Veil-Pillage -- How do hackers hide their attack? -- Intrusion with a PDF -- The scenario -- Veil-PowerTools -- What is antivirus protection? -- What are some vulnerabilities in antivirus protection? -- Evasion and antivirus signatures -- Summary -- References -- Chapter 6: Social Engineering Toolkit and Browser Exploitation -- Social engineering -- What are web injections? -- How SQL injections work -- Cross site scripting (XSS) attacks -- Preventative measures against XSS attacks -- How to reduce your chances of being attacked -- Browser exploitation with BeEF -- Browser hijacking -- BeEF with BetterCap -- BeEF with man-in-the-middle framework (MITMF) -- BeEF with SET -- Summary -- Chapter 7: Advanced Network Attacks -- What is an MITM attack? -- Related types of attacks -- Examples of MITM -- Tools for MITM attacks -- Installing MITMF using Kali Linux -- Summary -- Chapter 8: Passing and Cracking the Hash -- What is a hash? -- Authentication protocols -- Cryptographic hash functions -- How do hackers obtain the hash? -- What tools are used to get the hash? -- How are hashes cracked? -- How do pass the hash attacks impact businesses? -- What defences are there against hash password attacks? -- Summary -- References -- Links to download tools -- Chapter 9: SQL Injection -- What is SQL and how does it work? -- SQL command examples -- SQL injection. Examples of SQL injection attacks -- Ways to defend against SQL injection attacks -- Attack vectors for web applications -- Bypassing authentication -- Bypass blocked and filtered websites -- Finding vulnerabilities from a targeted sites -- Extracting data with SQLmap -- Hunting for web app vulnerabilities with Open Web Application Security Project (OWASP) ZAP -- Summary -- Chapter 10: Scapy -- Scapy -- Creating our first packet -- Sending and receiving -- Layering -- Viewing the packet -- Handling files -- The TCP three way handshake -- SYN scan -- A DNS query -- Malformed packets -- Ping of death -- Teardrop attack (aka Nestea) -- ARP cache poisoning -- ARP poisoning commands -- ACK scan -- TCP port scanning -- VLAN hopping -- Wireless sniffing -- OS fingerprinting ISN -- Sniffing -- Passive OS detection -- Summary -- Chapter 11: Web Application Exploits -- Web application exploits -- What tools are used for web application penetration testing? -- What is Autopwn? -- Using Autopwn2 -- What is BeEF and how to use it? -- Defenses against web application attacks -- Summary -- Chapter 12: Evil Twins and Spoofing -- What is an evil twin? -- What is address spoofing? -- What is DNS spoofing? -- What tools are used for setting up an evil twin? -- The dangers of public Wi-Fi and evil twins -- How to detect an evil twin? -- Summary -- Chapter 13: Injectable Devices -- A deeper look into USB -- A possible threat -- An evil USB -- How does the Rubber Ducky work? -- Disabling ports -- A KeyGrabber? -- What the glitch? -- Summary -- Chapter 14: The Internet of Things -- What is the Internet of Things? -- IOT vulnerabilities and cyber security -- IOT and botnets -- Summary -- Sources -- Chapter 15: Detection Systems -- IDS -- IPS -- Host based -- Network-based -- Physical -- Summary of differences -- Why? -- Who and when?. Security Information and Event Management (SIEM) -- Splunk -- Alert status -- IDS versus IPS -- Snort as an IPS -- How? -- Lab 1-installing Snort and creating ICMP rules lab -- Lab 2-create the following snort.conf and icmp.rules files -- Rule options -- Lab 3-execute Snort -- Show log alert -- Alert explanation -- Lab 4-execute Snort as Daemon -- Summary -- Chapter 16: Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra -- The history of Wi-Fi - the WLAN standard -- Wireless vulnerability -- The Wi-Fi Pineapple -- For penetration testing -- Lab 1-how to set up -- Getting connected -- Performing a scan -- Getting connected, managing your network, and broadcasting Wi-Fi -- Reporting data -- Logging data with Pineapple -- Reporting data -- Enabling the landing page -- Summary -- Chapter 17: Offensive Security and Threat Hunting -- What is offensive security? -- What tools are used for offensive security? -- SET browser exploit lab -- Threat hunting platforms -- Using the Pineapple for offensive security -- Lab 1-setting up an Evil Portal on the Pineapple -- Summary -- Index. |
Record Nr. | UNINA-9910792984303321 |
Salmon Arthur | ||
Birmingham, England ; ; Mumbai, [India] : , : Packt, , 2017 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Applied network security : master the art of detecting and averting advanced network security attacks and techniques / / Arthur Salmon, Warun Levesque, Michael McLafferty |
Autore | Salmon Arthur |
Edizione | [1st edition] |
Pubbl/distr/stampa | Birmingham, England ; ; Mumbai, [India] : , : Packt, , 2017 |
Descrizione fisica | 1 online resource (320 pages) : illustrations |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Business enterprises - Computer networks - Security measures |
ISBN | 1-78646-968-5 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover -- Copyright -- Credits -- About the Authors -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: Introduction to Network Security -- Murphy's law -- Hackers (and their types) defined -- Hacker tools -- The hacking process -- Ethical hacking issues -- Current technologies -- Recent events and statistics of network attacks -- Our defense -- Security for individuals versus companies -- Wi-Fi vulnerabilities -- Knowns and unknowns -- False positives -- Mitigation against threats -- Building an assessment -- Summary -- References -- Chapter 2: Sniffing the Network -- What is network sniffing? -- Why network sniffing is important -- Scan a single IP -- Scan a host -- Scan a range of IPs -- Scan a subnet -- Nmap port selection -- Scan a single port -- Scan a range of ports -- Scan 100 most common ports (fast) -- Scan all 65535 ports -- Nmap port scan types -- Scan using TCP SYN scan (default) -- Scan using TCP connect -- Service and OS detection -- Detect OS and services -- Standard service detection -- More aggressive service detection -- Lighter banner-grabbing detection -- Nmap output formats -- Save default output to file -- Save in all formats -- Scan using a specific NSE script -- Scan with a set of scripts -- Lab 1-a scan to search for DDoS reflection UDP services -- Using Wireshark filters -- Wireshark filter cheat sheet -- Lab 2 -- Sparta -- Brute-force passwords -- Lab 3-scanning -- Scanning a subnet -- Spoofing and decoy scans -- Evading firewalls -- Gathering version info -- UDP scan -- The reason switch -- Using a list -- Output to a file -- Commands -- Starting the listener -- Countermeasures -- Summary -- Chapter 3: How to Crack Wi-Fi Passwords -- Why should we crack our own Wi-Fi? -- What's the right way to do it? -- The method -- The requirements -- What is packet injection?.
Wi-Fi cracking tools -- The steps -- The Transmission Control Protocol (TCP) handshake -- The password lists -- How to make a strong password -- The short version (a cheat-sheet for the aircrack-ng suite) -- Summary -- Chapter 4: Creating a RAT Using Msfvenom -- Remote Access Trojans -- Ways to disguise your RAT though Metasploit -- PDF-embedded RAT -- MS Word-embedded RAT -- Android RAT -- Your defence -- Summary -- References -- Chapter 5: Veil Framework -- Veil-Evasion -- Veil-Pillage -- How do hackers hide their attack? -- Intrusion with a PDF -- The scenario -- Veil-PowerTools -- What is antivirus protection? -- What are some vulnerabilities in antivirus protection? -- Evasion and antivirus signatures -- Summary -- References -- Chapter 6: Social Engineering Toolkit and Browser Exploitation -- Social engineering -- What are web injections? -- How SQL injections work -- Cross site scripting (XSS) attacks -- Preventative measures against XSS attacks -- How to reduce your chances of being attacked -- Browser exploitation with BeEF -- Browser hijacking -- BeEF with BetterCap -- BeEF with man-in-the-middle framework (MITMF) -- BeEF with SET -- Summary -- Chapter 7: Advanced Network Attacks -- What is an MITM attack? -- Related types of attacks -- Examples of MITM -- Tools for MITM attacks -- Installing MITMF using Kali Linux -- Summary -- Chapter 8: Passing and Cracking the Hash -- What is a hash? -- Authentication protocols -- Cryptographic hash functions -- How do hackers obtain the hash? -- What tools are used to get the hash? -- How are hashes cracked? -- How do pass the hash attacks impact businesses? -- What defences are there against hash password attacks? -- Summary -- References -- Links to download tools -- Chapter 9: SQL Injection -- What is SQL and how does it work? -- SQL command examples -- SQL injection. Examples of SQL injection attacks -- Ways to defend against SQL injection attacks -- Attack vectors for web applications -- Bypassing authentication -- Bypass blocked and filtered websites -- Finding vulnerabilities from a targeted sites -- Extracting data with SQLmap -- Hunting for web app vulnerabilities with Open Web Application Security Project (OWASP) ZAP -- Summary -- Chapter 10: Scapy -- Scapy -- Creating our first packet -- Sending and receiving -- Layering -- Viewing the packet -- Handling files -- The TCP three way handshake -- SYN scan -- A DNS query -- Malformed packets -- Ping of death -- Teardrop attack (aka Nestea) -- ARP cache poisoning -- ARP poisoning commands -- ACK scan -- TCP port scanning -- VLAN hopping -- Wireless sniffing -- OS fingerprinting ISN -- Sniffing -- Passive OS detection -- Summary -- Chapter 11: Web Application Exploits -- Web application exploits -- What tools are used for web application penetration testing? -- What is Autopwn? -- Using Autopwn2 -- What is BeEF and how to use it? -- Defenses against web application attacks -- Summary -- Chapter 12: Evil Twins and Spoofing -- What is an evil twin? -- What is address spoofing? -- What is DNS spoofing? -- What tools are used for setting up an evil twin? -- The dangers of public Wi-Fi and evil twins -- How to detect an evil twin? -- Summary -- Chapter 13: Injectable Devices -- A deeper look into USB -- A possible threat -- An evil USB -- How does the Rubber Ducky work? -- Disabling ports -- A KeyGrabber? -- What the glitch? -- Summary -- Chapter 14: The Internet of Things -- What is the Internet of Things? -- IOT vulnerabilities and cyber security -- IOT and botnets -- Summary -- Sources -- Chapter 15: Detection Systems -- IDS -- IPS -- Host based -- Network-based -- Physical -- Summary of differences -- Why? -- Who and when?. Security Information and Event Management (SIEM) -- Splunk -- Alert status -- IDS versus IPS -- Snort as an IPS -- How? -- Lab 1-installing Snort and creating ICMP rules lab -- Lab 2-create the following snort.conf and icmp.rules files -- Rule options -- Lab 3-execute Snort -- Show log alert -- Alert explanation -- Lab 4-execute Snort as Daemon -- Summary -- Chapter 16: Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra -- The history of Wi-Fi - the WLAN standard -- Wireless vulnerability -- The Wi-Fi Pineapple -- For penetration testing -- Lab 1-how to set up -- Getting connected -- Performing a scan -- Getting connected, managing your network, and broadcasting Wi-Fi -- Reporting data -- Logging data with Pineapple -- Reporting data -- Enabling the landing page -- Summary -- Chapter 17: Offensive Security and Threat Hunting -- What is offensive security? -- What tools are used for offensive security? -- SET browser exploit lab -- Threat hunting platforms -- Using the Pineapple for offensive security -- Lab 1-setting up an Evil Portal on the Pineapple -- Summary -- Index. |
Record Nr. | UNINA-9910812793603321 |
Salmon Arthur | ||
Birmingham, England ; ; Mumbai, [India] : , : Packt, , 2017 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|