Practical network scanning : capture network vulnerabilities using standard tools such as Nmap and Nessus / Jacob Cox.

Format:

Book

Author/Creator:

Cox, Jacob, author.

Language:

English

Subjects (All):

Computer networks.

Physical Description:

1 online resource (1 volume) : illustrations

Edition:

1st edition

Place of Publication:

Birmingham ; Mumbai : Packt Publishing, 2018.

System Details:

text file

Summary:

Get more from your network by securing its infrastructure and increasing its effectiveness About This Book Learn to choose the best network scanning toolset for your system Implement different concepts of network scanning such as port scanning and OS detection Adapt a practical approach to securing your network Who This Book Is For If you are a security professional who is responsible for securing an organization's infrastructure, then this book is for you. What You Will Learn Achieve an effective security posture to design security architectures Learn vital security aspects before moving to the Cloud Launch secure applications with Web Application Security and SQL Injection Explore the basics of threat detection/response/ mitigation with important use cases Learn all about integration principles for PKI and tips to secure it Design a WAN infrastructure and ensure security over a public WAN In Detail Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization. Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system. Style and approach A practical guide that offers a simple way to easily understand network security concepts and apply them to strengthen your network.

Contents:

Cover

Title Page

Copyright and Credits

Packt Upsell

Contributors

Table of Contents

Preface

Chapter 1: Fundamental Security Concepts

Why security?

Building blocks of information security

Computer security

Network security

Firewalls

Intrusion detection systems / intrusion prevention systems

Multitier topology

Internet security

Password

System upgrade and updates

Phishing

Beware of phishing phone calls

Phishing protection

Security issues, threats, and attacks

IoT security risk

Computer security risk

Security Risk-Border Gateway Protocol

Security and threats

Natural disasters

Human threats

Security vulnerabilities

Technology weaknesses

Configuration weaknesses

Security policy weaknesses

Using unencrypted or weak encryption for a website

Summary

Questions

Further reading

Chapter 2: Secure Network Design

Access control

Asset classification and physical security

Authentication, authorization, and accounting

Network management and security design

Network segmentation

Segmentation strategy steps

Network protection consideration and design

Hardening your TCP/IP stack

DoS and DDoS attacks

Volume-based attacks

Application layer attacks

Low-rate attacks

IP spoofing

Anti-spoofing using access lists

Encryption

Anti-spoofing using RPF checks

Ping sweeps and Port scans

Mitigation

DNS vulnerabilities

How does DNS work?

DNS protocol attacks

Two factor authentication

Chapter 3: Server-Level Security

Classification of data

Physical security

Disk encryption

Full-disk encryption

Bitlocker

Virtual Trusted Platform Module - vTPM

Encrypt your Hyper-V Guest VMs

Cloud VM disk encryption

What is encryption at rest?.

Hardening server security

Check for open ports or services

System firewall configuration

System update

Disable USB

Hard disk encryption

BIOS protection

Check the installed packages

Password policies

Secure and encrypt remote access

Implement activity logging

Document the host information

Authentication NTLM versus Kerberos

Server-level permissions

Server antivirus and malware protection

Local security policies

Chapter 4: Cloud Security Design

Cloud offerings

IaaS

PaaS

SaaS

Public versus private

Public IaaS versus private IaaS

Public PaaS versus private PaaS

Public SaaS versus private SaaS

Shared technology and shared danger

Security approach for cloud computing

Traditional enterprise network model

Hybrid data center and cloud network

Network security devices for IaaS

Firewall Virtual Appliance

Virtual TAP vTAP

Virtual Router

Virtual web application firewalls

DDoS attack protection

Data loss prevention

Exploited system vulnerabilities

Chapter 5: Application Security Design

GDPR

Getting consent

Access to data

SQL Injection

Prevention of SQL Injection attack on web applications

Employing comprehensive data sanitization

Deploying a Web Application Firewall

Limit database privileges

Finding vulnerabilities

WAFs

WAF protection against common web attacks

Blacklisting and whitelisting

What is blacklisting?

Benefit and disadvantage of blacklisting

What is whitelisting?

Benefit and disadvantage of whitelisting

Which is better?

Using HTTPS for everything

HTTP versus HTTPS

Web application security

SSL/TLS deployment

SSL/TLS key size

Signing algorithm.

Secure protocol

Preventing an authentication hacking attack

Use cookies securely

Vulnerabilities scan

Server security

Introduce a bug bounty program

Chapter 6: Threat Detection and Response

Network threat detection

Detection methods

Intrusion detection system

Types of IDSs

Network capture solution

Threat detection with Netflow/IPFIX

NetFlow vs. IPFIX

Endpoint threat detection

What's an endpoint

Endpoint Detection and Response (EDR) system

Case Study - Why EDR system is required?

Security policy

How to choose an EDR solution ?

Security information and event management

SIEM-Event versus incident and data breach

What is an event?

What is a security incident?

What is a data breach?

How do SIEM systems work?

Event generator sensors

Event and log collection or data aggregation

Correlation

Reporting and Alerting

Dashboards

Automation

Log management

SIEM commercial products

Chapter 7: Vulnerability Assessment

Infrastructure concerns

What is vulnerability assessment?

Plan

Network discovery

Vulnerability scan

Report

Remediation

Why do we need vulnerability assessment?

Types of vulnerability assessment

Network-based assessment

Host-based assessment

Nessus installation, configuration, and vulnerability assessment methodology

Installation

Policies

Sample report

Chapter 8: Remote OS Detection

Reasons for OS detection

Network operating system inventory - trace your infrastructure

Determining vulnerability of target hosts

Tailoring exploits

OS detection technique with Nmap

Nmap tool

Operating system detection

TCP/IP fingerprinting methods supported by Nmap.

TCP/UDP/IP basic

The FIN probe

TCP ISN sampling

TCP initial window

Type of service

Time-to-live (TTL)

Don't Fragment (DF) bit

Understanding an Nmap fingerprint

OS matching algorithms

Defense against port scans

Chapter 9: Public Key Infrastructure - SSL

Foundation of SSL

How do I know that SSL is working?

Why no PadLock?

SSL certificate

The evolution of SSL and TLS

Current Supported Standard

Why hasn't TLS 1.3 been implemented yet?

Time to say goodbye to SSL and early TLS

SSL certificate component

Root certificate

Intermediate certificate

SSL certificates classes

TLS versus SSL

Public Key Infrastructure

Symmetric encryption

Asymmetric encryption

Hash function

Attacks against PKI

Microsoft Windows and IIS

OpenSSL

SSL Management tools

Chapter 10: Firewall Placement and Detection Techniques

Technical requirements

Firewall and design considerations

Firewall terminology

Firewall generations

Firewall performance

Firewall placement and design network topology

Single firewall architecture

Single firewall architecture with a single IP subnet

Single firewall architecture with multiple IP subnets

Multilayer firewall architecture

Firewall sandwich design

Demilitarized Zone

DMZ to Internal Access Policy

OSI model versus TCP/IP model

Firewall performance, capabilities, and function

Firewall management

Application proxies

Detecting firewalls

Debugging tools

Further Reading

Chapter 11: VPN and WAN Encryption

Overview

Classes of VPN

Type of VPN protocol

Point-to-Point tunneling protocol

Layer 2 Tunneling Protocol

Secure Socket Tunneling protocol

Internet Protocol Security

SSL VPN.

MPLS VPN

VPN Design

IKE V1 versus IKE V2

WAN Encryption technique

IPsec Layer-3 encryption

MACsec-Layer-2 Encryption

Optical Network-Layer-1 Encryption

Chapter 12: Summary and Scope of Security Technologies

DDoS protection

Remotely triggered black hole routing (RTBH)

Black hole traffic from the source of the attack

Black hole traffic to the destination of the attack

BGP FlowSpec

DDoS scrubbing

Blockchain Technology for Fighting DDoS Attacks

AI in cyber security

Next Gen SIEM

Software Defined Networking Firewall

Bring-Your-Own-Identity (BYOI)

Assessment

Other Books you may enjoy

Index.

Notes:

Includes bibliographical references.

Description based on print version record.

ISBN:

9781788832496

1788832493

OCLC:

1040599376