Network vulnerability assessment: identify security loopholes in your network's infrastructure
Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Birmingham, Mumbai
Packt
2018
|
| Schlagworte: | |
| Zusammenfassung: | Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Vulnerability Management Governance -- Security basics -- The CIA triad -- Confidentiality -- Integrity -- Availability -- Identification -- Authentication -- Authorization -- Auditing -- Accounting -- Non-repudiation -- Vulnerability -- Threats -- Exposure -- Risk -- Safeguards -- Attack vectors -- Understanding the need for security assessments -- Types of security tests -- Security testing -- Vulnerability assessment versus penetration testing -- Security assessment -- Security audit -- Business drivers for vulnerability management -- Regulatory compliance -- Satisfying customer demands -- Response to some fraud/incident -- Gaining a competitive edge -- Safeguarding/protecting critical infrastructures -- Calculating ROIs -- Setting up the context -- Bottom-up -- Top-down -- Policy versus procedure versus standard versus guideline -- Vulnerability assessment policy template -- Penetration testing standards -- Penetration testing lifecycle -- Industry standards -- Open Web Application Security Project testing guide -- Benefits of the framework -- Penetration testing execution standard -- Benefits of the framework -- Summary -- Exercises -- Chapter 2: Setting Up the Assessment Environment -- Setting up a Kali virtual machine -- Basics of Kali Linux -- Environment configuration and setup -- Web server -- Secure Shell (SSH) -- File Transfer Protocol (FTP) -- Software management -- List of tools to be used during assessment -- Summary -- Chapter 3: Security Assessment Prerequisites -- Target scoping and planning -- Gathering requirements -- Preparing a detailed checklist of test requirements -- Suitable time frame and testing hours -- Identifying stakeholders -- Deciding upon the type of vulnerability assessment Types of vulnerability assessment -- Types of vulnerability assessment based on the location -- External vulnerability assessment -- Internal vulnerability assessment -- Based on knowledge about environment/infrastructure -- Black-box testing -- White-box testing -- Gray-box testing -- Announced and unannounced testing -- Automated testing -- Authenticated and unauthenticated scans -- Agentless and agent-based scans -- Manual testing -- Estimating the resources and deliverables -- Preparing a test plan -- Getting approval and signing NDAs -- Confidentiality and nondisclosure agreements -- Summary -- Chapter 4: Information Gathering -- What is information gathering? -- Importance of information gathering -- Passive information gathering -- Reverse IP lookup -- Site report -- Site archive and way-back -- Site metadata -- Looking for vulnerable systems using Shodan -- Advanced information gathering using Maltego -- theHarvester -- Active information gathering -- Active information gathering with SPARTA -- Recon-ng -- Dmitry -- Summary -- Chapter 5: Enumeration and Vulnerability Assessment -- What is enumeration? -- Enumerating services -- HTTP -- FTP -- SMTP -- SMB -- DNS -- SSH -- VNC -- Using Nmap scripts -- http-methods -- smb-os-discovery -- http-sitemap-generator -- mysql-info -- Vulnerability assessments using OpenVAS -- Summary -- Chapter 6: Gaining Network Access -- Gaining remote access -- Direct access -- Target behind router -- Cracking passwords -- Identifying hashes -- Cracking Windows passwords -- Password profiling -- Password cracking with Hydra -- Creating backdoors using Backdoor Factory -- Exploiting remote services using Metasploit -- Exploiting vsftpd -- Exploiting Tomcat -- Hacking embedded devices using RouterSploit -- Social engineering using SET -- Summary -- Chapter 7: Assessing Web Application Security |
| Beschreibung: | VI, 241 Seiten Diagramme |
| ISBN: | 9781788627252 |
Internformat
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV045884780 | ||
| 003 | DE-604 | ||
| 005 | 20190802 | ||
| 007 | t | ||
| 008 | 190517s2018 |||| |||| 00||| eng d | ||
| 020 | |a 9781788627252 |9 978-1-78862-725-2 | ||
| 035 | |a (OCoLC)1111873557 | ||
| 035 | |a (DE-599)BVBBV045884780 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-11 | ||
| 084 | |a ST 277 |0 (DE-625)143643: |2 rvk | ||
| 084 | |a ST 200 |0 (DE-625)143611: |2 rvk | ||
| 100 | 1 | |a Rahalkar, Sagar |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Network vulnerability assessment |b identify security loopholes in your network's infrastructure |c Sagar Rahalkar |
| 264 | 1 | |a Birmingham, Mumbai |b Packt |c 2018 | |
| 264 | 4 | |c © 2018 | |
| 300 | |a VI, 241 Seiten |b Diagramme | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 520 | 3 | |a Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model | |
| 520 | 3 | |a Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Vulnerability Management Governance -- Security basics -- The CIA triad -- Confidentiality -- Integrity -- Availability -- Identification -- Authentication -- Authorization -- Auditing -- Accounting -- Non-repudiation -- Vulnerability -- Threats -- Exposure -- Risk -- Safeguards -- Attack vectors -- Understanding the need for security assessments -- Types of security tests -- Security testing -- Vulnerability assessment versus penetration testing -- Security assessment -- Security audit -- Business drivers for vulnerability management -- Regulatory compliance -- Satisfying customer demands -- Response to some fraud/incident -- Gaining a competitive edge -- Safeguarding/protecting critical infrastructures -- Calculating ROIs -- Setting up the context -- Bottom-up -- Top-down -- Policy versus procedure versus standard versus guideline -- Vulnerability assessment policy template -- Penetration testing standards -- Penetration testing lifecycle -- Industry standards -- Open Web Application Security Project testing guide -- Benefits of the framework -- Penetration testing execution standard -- Benefits of the framework -- Summary -- Exercises -- Chapter 2: Setting Up the Assessment Environment -- Setting up a Kali virtual machine -- Basics of Kali Linux -- Environment configuration and setup -- Web server -- Secure Shell (SSH) -- File Transfer Protocol (FTP) -- Software management -- List of tools to be used during assessment -- Summary -- Chapter 3: Security Assessment Prerequisites -- Target scoping and planning -- Gathering requirements -- Preparing a detailed checklist of test requirements -- Suitable time frame and testing hours -- Identifying stakeholders -- Deciding upon the type of vulnerability assessment | |
| 520 | 3 | |a Types of vulnerability assessment -- Types of vulnerability assessment based on the location -- External vulnerability assessment -- Internal vulnerability assessment -- Based on knowledge about environment/infrastructure -- Black-box testing -- White-box testing -- Gray-box testing -- Announced and unannounced testing -- Automated testing -- Authenticated and unauthenticated scans -- Agentless and agent-based scans -- Manual testing -- Estimating the resources and deliverables -- Preparing a test plan -- Getting approval and signing NDAs -- Confidentiality and nondisclosure agreements -- Summary -- Chapter 4: Information Gathering -- What is information gathering? -- Importance of information gathering -- Passive information gathering -- Reverse IP lookup -- Site report -- Site archive and way-back -- Site metadata -- Looking for vulnerable systems using Shodan -- Advanced information gathering using Maltego -- theHarvester -- Active information gathering -- Active information gathering with SPARTA -- Recon-ng -- Dmitry -- Summary -- Chapter 5: Enumeration and Vulnerability Assessment -- What is enumeration? -- Enumerating services -- HTTP -- FTP -- SMTP -- SMB -- DNS -- SSH -- VNC -- Using Nmap scripts -- http-methods -- smb-os-discovery -- http-sitemap-generator -- mysql-info -- Vulnerability assessments using OpenVAS -- Summary -- Chapter 6: Gaining Network Access -- Gaining remote access -- Direct access -- Target behind router -- Cracking passwords -- Identifying hashes -- Cracking Windows passwords -- Password profiling -- Password cracking with Hydra -- Creating backdoors using Backdoor Factory -- Exploiting remote services using Metasploit -- Exploiting vsftpd -- Exploiting Tomcat -- Hacking embedded devices using RouterSploit -- Social engineering using SET -- Summary -- Chapter 7: Assessing Web Application Security | |
| 653 | 0 | |a Computer networks-Security measures | |
| 776 | 0 | 8 | |i Erscheint auch als |n Online-Ausgabe |z 978-1-78862-472-5 |
| 999 | |a oai:aleph.bib-bvb.de:BVB01-031267870 | ||
Datensatz im Suchindex
| _version_ | 1804180036590239744 |
|---|---|
| any_adam_object | |
| author | Rahalkar, Sagar |
| author_facet | Rahalkar, Sagar |
| author_role | aut |
| author_sort | Rahalkar, Sagar |
| author_variant | s r sr |
| building | Verbundindex |
| bvnumber | BV045884780 |
| classification_rvk | ST 277 ST 200 |
| ctrlnum | (OCoLC)1111873557 (DE-599)BVBBV045884780 |
| discipline | Informatik |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>05064nam a2200349 c 4500</leader><controlfield tag="001">BV045884780</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20190802 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">190517s2018 |||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781788627252</subfield><subfield code="9">978-1-78862-725-2</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1111873557</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV045884780</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-11</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 200</subfield><subfield code="0">(DE-625)143611:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Rahalkar, Sagar</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Network vulnerability assessment</subfield><subfield code="b">identify security loopholes in your network's infrastructure</subfield><subfield code="c">Sagar Rahalkar</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham, Mumbai</subfield><subfield code="b">Packt</subfield><subfield code="c">2018</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">© 2018</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">VI, 241 Seiten</subfield><subfield code="b">Diagramme</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1="3" ind2=" "><subfield code="a">Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model</subfield></datafield><datafield tag="520" ind1="3" ind2=" "><subfield code="a">Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Vulnerability Management Governance -- Security basics -- The CIA triad -- Confidentiality -- Integrity -- Availability -- Identification -- Authentication -- Authorization -- Auditing -- Accounting -- Non-repudiation -- Vulnerability -- Threats -- Exposure -- Risk -- Safeguards -- Attack vectors -- Understanding the need for security assessments -- Types of security tests -- Security testing -- Vulnerability assessment versus penetration testing -- Security assessment -- Security audit -- Business drivers for vulnerability management -- Regulatory compliance -- Satisfying customer demands -- Response to some fraud/incident -- Gaining a competitive edge -- Safeguarding/protecting critical infrastructures -- Calculating ROIs -- Setting up the context -- Bottom-up -- Top-down -- Policy versus procedure versus standard versus guideline -- Vulnerability assessment policy template -- Penetration testing standards -- Penetration testing lifecycle -- Industry standards -- Open Web Application Security Project testing guide -- Benefits of the framework -- Penetration testing execution standard -- Benefits of the framework -- Summary -- Exercises -- Chapter 2: Setting Up the Assessment Environment -- Setting up a Kali virtual machine -- Basics of Kali Linux -- Environment configuration and setup -- Web server -- Secure Shell (SSH) -- File Transfer Protocol (FTP) -- Software management -- List of tools to be used during assessment -- Summary -- Chapter 3: Security Assessment Prerequisites -- Target scoping and planning -- Gathering requirements -- Preparing a detailed checklist of test requirements -- Suitable time frame and testing hours -- Identifying stakeholders -- Deciding upon the type of vulnerability assessment</subfield></datafield><datafield tag="520" ind1="3" ind2=" "><subfield code="a">Types of vulnerability assessment -- Types of vulnerability assessment based on the location -- External vulnerability assessment -- Internal vulnerability assessment -- Based on knowledge about environment/infrastructure -- Black-box testing -- White-box testing -- Gray-box testing -- Announced and unannounced testing -- Automated testing -- Authenticated and unauthenticated scans -- Agentless and agent-based scans -- Manual testing -- Estimating the resources and deliverables -- Preparing a test plan -- Getting approval and signing NDAs -- Confidentiality and nondisclosure agreements -- Summary -- Chapter 4: Information Gathering -- What is information gathering? -- Importance of information gathering -- Passive information gathering -- Reverse IP lookup -- Site report -- Site archive and way-back -- Site metadata -- Looking for vulnerable systems using Shodan -- Advanced information gathering using Maltego -- theHarvester -- Active information gathering -- Active information gathering with SPARTA -- Recon-ng -- Dmitry -- Summary -- Chapter 5: Enumeration and Vulnerability Assessment -- What is enumeration? -- Enumerating services -- HTTP -- FTP -- SMTP -- SMB -- DNS -- SSH -- VNC -- Using Nmap scripts -- http-methods -- smb-os-discovery -- http-sitemap-generator -- mysql-info -- Vulnerability assessments using OpenVAS -- Summary -- Chapter 6: Gaining Network Access -- Gaining remote access -- Direct access -- Target behind router -- Cracking passwords -- Identifying hashes -- Cracking Windows passwords -- Password profiling -- Password cracking with Hydra -- Creating backdoors using Backdoor Factory -- Exploiting remote services using Metasploit -- Exploiting vsftpd -- Exploiting Tomcat -- Hacking embedded devices using RouterSploit -- Social engineering using SET -- Summary -- Chapter 7: Assessing Web Application Security</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">Computer networks-Security measures</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe</subfield><subfield code="z">978-1-78862-472-5</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-031267870</subfield></datafield></record></collection> |
| id | DE-604.BV045884780 |
| illustrated | Not Illustrated |
| indexdate | 2024-07-10T08:29:22Z |
| institution | BVB |
| isbn | 9781788627252 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-031267870 |
| oclc_num | 1111873557 |
| open_access_boolean | |
| owner | DE-11 |
| owner_facet | DE-11 |
| physical | VI, 241 Seiten Diagramme |
| publishDate | 2018 |
| publishDateSearch | 2018 |
| publishDateSort | 2018 |
| publisher | Packt |
| record_format | marc |
| spelling | Rahalkar, Sagar Verfasser aut Network vulnerability assessment identify security loopholes in your network's infrastructure Sagar Rahalkar Birmingham, Mumbai Packt 2018 © 2018 VI, 241 Seiten Diagramme txt rdacontent n rdamedia nc rdacarrier Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Vulnerability Management Governance -- Security basics -- The CIA triad -- Confidentiality -- Integrity -- Availability -- Identification -- Authentication -- Authorization -- Auditing -- Accounting -- Non-repudiation -- Vulnerability -- Threats -- Exposure -- Risk -- Safeguards -- Attack vectors -- Understanding the need for security assessments -- Types of security tests -- Security testing -- Vulnerability assessment versus penetration testing -- Security assessment -- Security audit -- Business drivers for vulnerability management -- Regulatory compliance -- Satisfying customer demands -- Response to some fraud/incident -- Gaining a competitive edge -- Safeguarding/protecting critical infrastructures -- Calculating ROIs -- Setting up the context -- Bottom-up -- Top-down -- Policy versus procedure versus standard versus guideline -- Vulnerability assessment policy template -- Penetration testing standards -- Penetration testing lifecycle -- Industry standards -- Open Web Application Security Project testing guide -- Benefits of the framework -- Penetration testing execution standard -- Benefits of the framework -- Summary -- Exercises -- Chapter 2: Setting Up the Assessment Environment -- Setting up a Kali virtual machine -- Basics of Kali Linux -- Environment configuration and setup -- Web server -- Secure Shell (SSH) -- File Transfer Protocol (FTP) -- Software management -- List of tools to be used during assessment -- Summary -- Chapter 3: Security Assessment Prerequisites -- Target scoping and planning -- Gathering requirements -- Preparing a detailed checklist of test requirements -- Suitable time frame and testing hours -- Identifying stakeholders -- Deciding upon the type of vulnerability assessment Types of vulnerability assessment -- Types of vulnerability assessment based on the location -- External vulnerability assessment -- Internal vulnerability assessment -- Based on knowledge about environment/infrastructure -- Black-box testing -- White-box testing -- Gray-box testing -- Announced and unannounced testing -- Automated testing -- Authenticated and unauthenticated scans -- Agentless and agent-based scans -- Manual testing -- Estimating the resources and deliverables -- Preparing a test plan -- Getting approval and signing NDAs -- Confidentiality and nondisclosure agreements -- Summary -- Chapter 4: Information Gathering -- What is information gathering? -- Importance of information gathering -- Passive information gathering -- Reverse IP lookup -- Site report -- Site archive and way-back -- Site metadata -- Looking for vulnerable systems using Shodan -- Advanced information gathering using Maltego -- theHarvester -- Active information gathering -- Active information gathering with SPARTA -- Recon-ng -- Dmitry -- Summary -- Chapter 5: Enumeration and Vulnerability Assessment -- What is enumeration? -- Enumerating services -- HTTP -- FTP -- SMTP -- SMB -- DNS -- SSH -- VNC -- Using Nmap scripts -- http-methods -- smb-os-discovery -- http-sitemap-generator -- mysql-info -- Vulnerability assessments using OpenVAS -- Summary -- Chapter 6: Gaining Network Access -- Gaining remote access -- Direct access -- Target behind router -- Cracking passwords -- Identifying hashes -- Cracking Windows passwords -- Password profiling -- Password cracking with Hydra -- Creating backdoors using Backdoor Factory -- Exploiting remote services using Metasploit -- Exploiting vsftpd -- Exploiting Tomcat -- Hacking embedded devices using RouterSploit -- Social engineering using SET -- Summary -- Chapter 7: Assessing Web Application Security Computer networks-Security measures Erscheint auch als Online-Ausgabe 978-1-78862-472-5 |
| spellingShingle | Rahalkar, Sagar Network vulnerability assessment identify security loopholes in your network's infrastructure |
| title | Network vulnerability assessment identify security loopholes in your network's infrastructure |
| title_auth | Network vulnerability assessment identify security loopholes in your network's infrastructure |
| title_exact_search | Network vulnerability assessment identify security loopholes in your network's infrastructure |
| title_full | Network vulnerability assessment identify security loopholes in your network's infrastructure Sagar Rahalkar |
| title_fullStr | Network vulnerability assessment identify security loopholes in your network's infrastructure Sagar Rahalkar |
| title_full_unstemmed | Network vulnerability assessment identify security loopholes in your network's infrastructure Sagar Rahalkar |
| title_short | Network vulnerability assessment |
| title_sort | network vulnerability assessment identify security loopholes in your network s infrastructure |
| title_sub | identify security loopholes in your network's infrastructure |
| work_keys_str_mv | AT rahalkarsagar networkvulnerabilityassessmentidentifysecurityloopholesinyournetworksinfrastructure |