Securing Network Infrastructure电子书

Title Page

Copyright and Credits

Securing Network Infrastructure

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this course

Download the color images

Conventions used

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Get in touch

Reviews

Introduction to Network Vulnerability Scanning

Basic networks and their components

Network Vulnerability Scanning

Flow of procedures

Discovery

Port scanning

Vulnerability scanning

Uses

Complexity

Scope of the scan

Network architecture

Network access

Response

Summary

Understanding Network Scanning Tools

Introducing Nessus and Nmap

Useful features of Nessus

Policies

Plugin Rules

Customized Reports

Scanners

Various features of Nmap

Host discovery

Scan techniques

Port specification and scan order

Service or version detection

Script scan

OS detection

Timing and performance

Evasion and spoofing

Output

Target specification

Installing and activating Nessus

Getting ready

How to do it …

How it works…

There's more…

Downloading and installing Nmap

Getting ready

How to do it…

How it works…

There's more…

Updating Nessus

Getting ready

How to do it…

There's more…

Updating Nmap

Getting ready

How to do it…

Removing Nessus

Getting ready

How to do it…

There's more…

Removing Nmap

How to do it…

There's more…

Port Scanning

Introduction

How to specify a target

Getting ready

How do it…

How it works...

How to perform host discovery

How do it…

How it works…

How to identify open ports

How do it…

How it works…

How to manage specification and scan order

How do it…

How it works…

How to perform a script and version scan

How do it…

How it works …

How to detect operating system

How do it…

How it works…

How to detect and bypass network protection systems

How do it…

How it works…

How to use Zenmap

How do it…

How it works…

Vulnerability Scanning

Introduction

How to manage Nessus policies

Getting ready

How to do it…

How it works...

How to manage Nessus settings

Getting ready

How to do it…

How it works...

How to manage Nessus user accounts

Getting ready

How to do it…

How it works...

How to choose a Nessus scan template and policy

Getting ready

How to do it…

How it works...

How to perform a vulnerability scan using Nessus

Getting ready

How to do it…

How it works...

How to manage Nessus scans

Getting ready

How to do it…

How it works...

Configuration Audits

Introducing compliance scans

Selecting a compliance scan policy

Plugins

Synopsis

Description

Solution

Plugin information

Risk information

Vulnerability information

Reference information

Compliance standards

Getting ready

How do it…

How it works...

Introducing configuration audits

Database audit

Network device audit

Operating system audit

Application audit

Performing an operating system audit

Getting ready

How do it…

How it works...

Performing a database audit

Getting ready

How do it…

How it works...

Performing a web application scan

Getting ready

How do it…

How it works...

Report Analysis and Confirmation

Introduction

Understanding Nmap outputs

Getting ready

How do it…

How it works...

Understanding Nessus outputs

Nessus

HTML

CSV

Nessus DB

Getting ready

How do it…

How it works...

How to confirm Nessus vulnerabilities using Nmap and other tools

Getting ready

How do it…

How it works...

Understanding the Customization and Optimization of Nessus and Nmap

Introduction

Understanding Nmap Script Engine and its customization

Syntax

Environment variables

Script template

Getting ready

How do it…

How it works...

Understanding the Nessus Audit policy and its customization

Getting ready

How do it…

How it works...

Network Scanning for IoT, SCADA/ICS

Introduction to SCADA/ICS

Using Nmap to scan SCADA/ICS

Getting ready

How do it…

How it works...

There's more...

Using Nessus to scan SCADA/ICS systems

Getting ready

How do it..

How it works...

There's more...

Vulnerability Management Governance

Security basics

The CIA triad

Confidentiality

Integrity

Availability

Identification

Authentication

Authorization

Auditing

Accounting

Non–repudiation

Vulnerability

Threats

Exposure

Risk

Safeguards

Attack vectors

Understanding the need for security assessments

Types of security tests

Security testing

Vulnerability assessment versus penetration testing

Security assessment

Security audit

Business drivers for vulnerability management

Regulatory compliance

Satisfying customer demands

Response to some fraud/incident

Gaining a competitive edge

Safeguarding/protecting critical infrastructures

Calculating ROIs

Setting up the context

Bottom-up

Top-down

Policy versus procedure versus standard versus guideline

Vulnerability assessment policy template

Penetration testing standards

Penetration testing lifecycle

Industry standards

Open Web Application Security Project testing guide

Benefits of the framework

Penetration testing execution standard

Benefits of the framework

Summary

Exercises

Setting Up the Assessment Environment

Setting up a Kali virtual machine

Basics of Kali Linux

Environment configuration and setup

Web server

Secure Shell (SSH)

File Transfer Protocol (FTP)

Software management

List of tools to be used during assessment

Summary

Security Assessment Prerequisites

Target scoping and planning

Gathering requirements

Preparing a detailed checklist of test requirements

Suitable time frame and testing hours

Identifying stakeholders

Deciding upon the type of vulnerability assessment

Types of vulnerability assessment

Types of vulnerability assessment based on the location

External vulnerability assessment

Internal vulnerability assessment

Based on knowledge about environment/infrastructure

Black-box testing

White-box testing

Gray-box testing

Announced and unannounced testing

Automated testing

Authenticated and unauthenticated scans

Agentless and agent-based scans

Manual testing

Estimating the resources and deliverables

Preparing a test plan

Getting approval and signing NDAs

Confidentiality and nondisclosure agreements

Summary

Information Gathering

What is information gathering?

Importance of information gathering

Passive information gathering

Reverse IP lookup

Site report

Site archive and way-back

Site metadata

Looking for vulnerable systems using Shodan

Advanced information gathering using Maltego

theHarvester

Active information gathering

Active information gathering with SPARTA

Recon-ng

Dmitry

Summary

Enumeration and Vulnerability Assessment

What is enumeration?

Enumerating services

HTTP

FTP

SMTP

SMB

DNS

SSH

VNC

Using Nmap scripts

http-methods

smb-os-discovery

http-sitemap-generator

mysql-info

Vulnerability assessments using OpenVAS

Summary

Gaining Network Access

Gaining remote access

Direct access

Target behind router

Cracking passwords

Identifying hashes

Cracking Windows passwords

Password profiling

Password cracking with Hydra

Creating backdoors using Backdoor Factory

Exploiting remote services using Metasploit

Exploiting vsftpd

Exploiting Tomcat

Hacking embedded devices using RouterSploit

Social engineering using SET

Summary

Assessing Web Application Security

Importance of web application security testing

Application profiling

Common web application security testing tools

Authentication

Credentials over a secure channel

Authentication error messages

Password policy

Method for submitting credentials

OWASP mapping

Authorization

OWASP mapping

Session management

Cookie checks

Cross-Site Request Forgery

OWASP mapping

Input validation

OWASP mapping

Security misconfiguration

OWASP mapping

Business logic flaws

Testing for business logic flaws

Auditing and logging

OWASP mapping

Cryptography

OWASP mapping

Testing tools

OWASP ZAP

Burp Suite

Summary

Privilege Escalation

What is privilege escalation?

Horizontal versus vertical privilege escalation

Horizontal privilege escalation

Vertical privilege escalation

Privilege escalation on Windows

Privilege escalation on Linux

Summary

Maintaining Access and Clearing Tracks

Maintaining access

Clearing tracks and trails

Anti-forensics

Summary

Vulnerability Scoring

Requirements for vulnerability scoring

Vulnerability scoring using CVSS

Base metric group

Exploitability metrics

Attack vector

Attack complexity

Privileges required

User interaction

Scope

Impact metrics

Confidentiality impact

Integrity impact

Availability impact

Temporal metric group

Exploit code maturity

Remediation level

Report confidence

CVSS calculator

Summary

Threat Modeling

What is threat modeling?

Benefits of threat modeling

Threat modeling terminology

How to model threats?

Threat modeling techniques

STRIDE

DREAD

Threat modeling tools

Microsoft Threat Modeling Tool

SeaSponge

Summary

Patching and Security Hardening

Defining patching?

Patch enumeration

Windows patch enumeration

Linux patch enumeration

Security hardening and secure configuration reviews

Using CIS benchmarks

Summary

Vulnerability Reporting and Metrics

Importance of reporting

Type of reports

Executive reports

Detailed technical reports

Reporting tools

Dradis

KeepNote

Collaborative vulnerability management with Faraday v2.6

Metrics

Mean time to detect

Mean time to resolve

Scanner coverage

Scan frequency by asset group

Number of open critical/high vulnerabilities

Average risk by BU, asset group, and so on

Number of exceptions granted

Vulnerability reopen rate

Percentage of systems with no open high/critical vulnerability

Vulnerability ageing

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think