Assessing Network Security



Similar documents
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Build Your Own Security Lab

Learn Ethical Hacking, Become a Pentester

Architecture Overview

Network Attacks and Defenses

CEH Version8 Course Outline

CYBERTRON NETWORK SOLUTIONS

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

CS5008: Internet Computing

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Ethical Hacking Course Layout

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Secure Software Programming and Vulnerability Analysis

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions


Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Contents Introduction xxvi Chapter 1: Understanding the Threats: Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

Network Security Audit. Vulnerability Assessment (VA)

Web App Security Audit Services

A Systems Engineering Approach to Developing Cyber Security Professionals

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Vulnerability Assessment and Penetration Testing

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

CMPT 471 Networking II

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

locuz.com Professional Services Security Audit Services

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

Network Security: A Practical Approach. Jan L. Harrington

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Payment Card Industry (PCI) Executive Report. Pukka Software

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

[CEH]: Ethical Hacking and Countermeasures

Penetration Testing. Presented by

Network Security Fundamentals

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing _06_2000_c1_sec3

FISMA / NIST REVISION 3 COMPLIANCE

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad

EC Council Certified Ethical Hacker V8

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

An Introduction to Network Vulnerability Testing

Malicious Network Traffic Analysis

How To Classify A Dnet Attack

Network and Host-based Vulnerability Assessment

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Cryptography and network security

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

Detailed Description about course module wise:

Understanding Security Testing

Running a Default Vulnerability Scan

External Supplier Control Requirements

Global Partner Management Notice

Denial of Service Attacks

Network Security Administrator

Network Threats and Vulnerabilities. Ed Crowley

Chapter 8 Security Pt 2

Running a Default Vulnerability Scan SAINTcorporation.com

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

INCIDENT RESPONSE CHECKLIST

Introduction p. 2. Introduction to Information Security p. 1. Introduction

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

McAfee Certified Assessment Specialist Network

Security Issues with Integrated Smart Buildings

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

INFORMATION SECURITY TRAINING

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

INTRUSION DETECTION SYSTEMS and Network Security

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

What is Web Security? Motivation

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

The Trivial Cisco IP Phones Compromise

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Networking: EC Council Network Security Administrator NSA

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

By David G. Holmberg, Ph.D., Member ASHRAE

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

Rapid Vulnerability Assessment Report

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

SONDRA SCHNEIDER JOHN NUNES

Transcription:

Microsoft Assessing Network Security Kevin Lam David LeBlanc Ben Smith

Acknowledgments Foreword Introduction xxi xxiii xxvii Parti 1 Introduction to Performing Security Assessments 3 Role of Security Assessments in Network Security 4 Why Does Network Security Fail? 5 Human Factors 6 Policy Factors 7 Misconfiguration 9 Poor Assumptions 11 Ignorance 12 Failure to Stay Up-to-Date 13 Types of Security Assessments 13 Vulnerability Scanning 14 Penetration Testing 16 IT Security Auditing 17 Frequently Asked Questions 18 2 Key Principles of Security 21 Making Security Easy 21 Keeping Services Running 22 Allowing the Right Users Access to the Right Information 22 Defending Every Layer as if It Were the Last Layer of Defense 22 Keeping a Record of Attempts to Access Information 23 Compartmentalizing and Isolating Resources 24 Avoiding the Mistakes Everyone Else Makes 25 Controlling the Cost of Meeting Security Objectives 26

viii Table of Contents Risk Management 27 Learning to Manage Risk 27 Risk Management Strategies 30 Immutable Laws 31 Frequently Asked Questions' 35 Using Vulnerability Scanning to Assess Network Security 37 Setting a Scope for the Project 38 Defining the Target 38 Defining the Target Scope 43 Defining Types of Vulnerabilities 44 Determining Goals 45 Choosing a Technology 46 Tools and Managed vs. Unmanaged Targets 47 Checklist for Evaluating Tools 49 Creating a Process for Scanning for Vulnerabilities 51 Detecting Vulnerabilities 51 Assigning Risk Levels to Vulnerabilities 53 Identifying Vulnerabilities That Have not Been Remediated 53 Determining Improvement in Network Security Over Time 53 Creating a Process for Analyzing the Results 54 Frequently Asked Questions 54 Conducting a Penetration Test 57 What the Attacker Is Thinking About 58 Notoriety, Acceptance, and Ego 59 Financial Gain 59 Challenge 61 Activism 62 Revenge 62 Espionage 62 Information Warfare 63 Defining the Penetration Test Engagement 64 Setting the Goals 64 Setting the Scope 69 Performing the Penetration Test 69 Locating Areas of Weakness in Network or Application Defenses 70

Table of Contents ix 6 Determining How Vulnerabilities Were Compromised Locating Assets that Could be Accessed, Altered, or Destroyed Determining Whether the Attack Was Detected Identifying the Attack Footprint Making Recommendations Frequently Asked Questions Performing IT Security Audits Components of an IT Security Audit Policy Processes and Procedures Operations Preliminary Decisions Legal Considerations Regulatory Considerations Operational Considerations Organizational Considerations Planning and Performing the Audit Building Your Audit Framework Setting the Scope and Timeline Obtaining Legal and Management Approval Completing the Audit Analyzing and Reporting the Results Frequently Asked Questions Reporting Your Findings Guidelines for Reporting Your Findings Concise and Professional Technically Accurate Objective Measurable Framework for Reporting Your Findings Define the Vulnerability Document Mitigation Plans Identify Where Changes Should Occur Assign Responsibility for Implementing Approved Recommendations Frequently Asked Questions 71 71 73 73 74 74 75 75 76 78 79 80 80 81 82 82 83 83 86 86 87 87 88 89 89 90 91 91 92 92 92 95 96 97 97

x Table of Contents 7 Building and Maintaining Your Security Assessment Skills 99 Building Core Skills 99 Improving Network, Operating System, and Application Skills 99 Developing Programming Skills 101 Practicing Security Assessments 103 Staying Up-to-Date - 105 Finding a Course 106 Choosing a Conference 110 Internet-Based Resources 111 Internet Mailing Lists 111 Security Bulletins 112 Security Websites 112 Frequently Asked Questions 114 Part ii Penetration Testing for Nonintrusive Attacks 8 Information Reconnaissance 117 Understanding Information Reconnaissance 118 Registrar Information 120 Determining Your Registrar Information 120 Countermeasures 122 IP Network Block Assignment 122 Determining Your Organization's IP Network Block Assignment 123 Countermeasures 125 Web Pages 125 Reviewing Web Server Content 126 Countermeasures 129 Search Engines 129 Reviewing Your Website with Search Engines 129 Countermeasures 132 Public Discussion Forums 133 Taking a Snapshot of Your Organization's Exposure 133 Countermeasures 134 Frequently Asked Questions 135

Table of Contents xi 9 Host Discovery Using DNS and NetBIOS 137 Using DNS 137 Common Record Types 138 Examining a Zone Transfer 146 Using NetBIOS 148 Using LDAP 151 Frequently Asked Questions 151 10 Network and Host Discovery 153 Network Sweeping Techniques 154 ICMP Sweeps 156 UDP Sweeps 158 TCP Sweeps 158 Broadcast Sweeps 159 Countermeasures 160 Network Topology Discovery 162 Trace Routing 163 Firewalking 164 Countermeasures 165 Frequently Asked Questions 165 11 Port Scanning 167 TCP Connect Scans 168 Custom TCP Scans 171 SYN Scans 172 FIN Scans 172 SYN/ACK and ACK Scans 173 XMAS Scans. 173 Null Scans 173 Idle Scans 173 UDP Scans 174 FTP Bounce Scans 176 Port Scanning Tips and Tricks 176 Fragmentation and Port Scans 177 Port Scanning Countermeasures 178 Frequently Asked Questions 178

xii Table of Contents 12 Obtaining Information from a Host 179 Fingerprinting 179 IP and ICMP Fingerprinting 180 TCP Fingerprinting 182 Countermeasures 183 Application Fingerprinting 183 Countermeasures 184 What's On That Port? 184 Interrogating a Host 186 Countermeasures 192 Frequently Asked Questions 192 13 War Dialing, War Driving, and Bluetooth Attacks 195 Modem Detection War Dialing 195 Anatomy of a War Dialing Attack 199 Countermeasures 202 Wireless LAN Detection War Driving 204 MAC Address Filtering 204 Disabling a Service Set ID Broadcasting 205 Wired Equivalent Privacy 207 Anatomy of a War Driving Attack 211 Countermeasures 213 Bluetooth Attacks 215 Device Detection 217 Data Theft 218 Services Theft 218 Network Sniffing 219 Frequently Asked Questions 219 part III Penetratioi Testing for Intrusiwe Mtacks 14 Automated Vulnerability Detection 223 Scanning Techniques 224 Banner Grabbing and Fingerprinting 225 Exploiting the Vulnerability 226

Table of Contents xiii Inference Testing 227 Replaying Network Sniffs 227 Patch Detection 228 Selecting a Scanner 228 Vulnerability Checks 229 Scanner Speed # 230 Reliability and Scalability 230 Check Accuracy 231 Update Frequency 232 Reporting Features 233 Scanning Approaches 234 Host-Based Scanners 234 Network-Based Scanners 235 Dangers of Using Automated Scanners 235 Tips for Using Scanners Safely 237 Frequently Asked Questions 237 15 Password Attacks 239 Where to Find Passwords 239 Brute Force Attacks 240 Online Password Testing 241 Offline Password Testing 244 Offline Password Attack Strategies 245 Countermeasures 247 Password Disclosure Attacks 249 File System Passwords 249 Encrypted Passwords 250 Sniffing for Passwords 250 Keystroke Loggers 251 Countermeasures 251 Frequently Asked Questions 252 16 Denial of Service Attacks 255 Flooding Attacks 256 Testing Flooding Attacks 260 Countermeasures 260

xiv Table of Contents Resource Starvation Attacks 261 CPU Starvation Attacks 261 Memory Starvation Attacks 262 Disk Storage Consumption Attacks 262 Disruption of Service 265 Frequently Asked Questions 266 17 Application Attacks ' 269 Buffer Overruns 270 Stack Overruns 271 Heap Overruns 273 Format String Bugs 275 Countermeasures 277 Integer Overflows 277 Countermeasures 279 Finding Buffer Overruns 279 Frequently Asked Questions 280 18 Database Attacks 281 Database Server Detection 282 Detecting Database Servers on Your Network 282 Countermeasures 286 Missing Product Patches 287 Detecting Missing Patches 288 Countermeasures 290 Unauthorized Access 291 Detecting the Potential for Unauthorized Access 291 Countermeasures 292 Weak Passwords 293 Detecting Weak Passwords 293 Countermeasures 294 Network Sniffing 295 Detecting Network Sniffing Threats 295 Countermeasures 295 SQL Injection 296

Table of Contents xv Detecting SQL Injection Vectors 297 Countermeasures 298 Frequently Asked Questions 299 19 Network Sniffing 301 Understanding Network Sniffing 301 Debunking Network Sniffing Myths 303 Myth #1: An Attacker Can Remotely Sniff Networks 304 Myth #2: Switches Are Immune to Network Sniffing Attacks 306 Detecting Network Sniffing Threats 308 Manual Detection. 309 Reviewing Network Architecture 310 Monitoring DNS Queries 310 Measuring Latency 310 Using False MAC Addresses and ICMP Packets 311 Using Trap Accounts 311 Using Non-Broadcast ARP Packets 312 Using Automated Detection Tools 312 Detecting Microsoft Network Monitor Installations 312 Countermeasures 313 Frequently Asked Questions 316 20 Spoofing 319 IP Spoofing 320 Countermeasures 322 Spoofing E-Mail 323 Countermeasures 324 DNS Spoofing 325 Attacking the Client 326 Attacking the DNS Server 327 Attacking Server Update Zones 328 Attacking Through the Name Registry 329 Countermeasures 329 Frequently Asked Questions 331 21 Session Hijacking 333 Understanding Session Hijacking 333 Network-Level Session Hijacking 335

xvi Table of Contents Hijacking a TCP Session 336 Hijacking a UDP Session 338 Determining Your Susceptibility to Threats 339 Countermeasures 339 Tricks and Techniques 340 Host-Level Session Hijacking 345 User Session Hijacking 346 Server Port Hijacking 346 Application-Level Hijacking 351 Detecting Attacks 352 Countermeasures 353 Frequently Asked Questions 354 22 How Attackers Avoid Detection 355 Log Flooding 356 Logging Mechanisms 358 Detection Mechanisms 358 Fragmentation 361 Canonicalization 365 Decoys 366 How Attackers Avoid Detection Post-Intrusion 367 Using Rootkits 368 Hiding Data 369 Tampering with Log Files 375 Frequently Asked Questions 377 23 Attackers Using Non-Network Methods to Gain Access 379 Gaining Physical Access to Information Resources 379 Physical Intrusion 380 Remote Surveillance 383 Targeted Equipment Theft 386 Dumpsters and Recycling Bins 388 Lease Returns, Auctions, and Equipment Resales 388 Using Social Engineering 390 Bribery 391 Assuming a Position of Authority 391

Table of Contents xvii Forgery 393 Flattery 393 Frequently Asked Questions 395 part iv Secpritf Issessmert Case Studies 24 Web Threats 399 Client-Level Threats 400 Cross-Site Scripting Attacks 400 Unpatched Web Browser Attacks 405 Server-Level Threats 406 Repudiation 407 Information Disclosure 409 Elevation of Privileges 413 Denial of Service 425 Service-Level Threats 425 Unauthorized Access 426 Network Sniffing 426 Tampering 427 Information Disclosure 427 Frequently Asked Questions 428 25 E-Mail Threats 431 Client-Level Threats 432 Attaching Malicious Files 432 Exploiting Unpatched E-Mail Clients 438 Embedding Malicious Content 439 Exploiting User Trust 439 Server-Level Threats 443 Attaching Malicious Files 444 Spoofing E-Mail 445 > Exploiting Unpatched E-Mail Servers 448 Spam 448 i. Why You Should Be Concerned About Spam 448 '- Tricks and Techniques 449 t What Is Being Done About Spam 453

xviii Table of Contents Frequently Asked Questions 454 26 Domain Controller Threats 457 Partv Password Attacks 457 Countermeasures 458 Elevation of Privilege 462 Exploiting Nonessential Services 463 Exploiting Nonessential Accounts 466 Exploiting Unpatched Domain Controllers 467 Attacking Privileged Domain Accounts and Groups 468 Denial of Service 472 Countermeasures 472 Physical Security Threats 472 Countermeasures 473 Frequently Asked Questions 475 27 Extranet and VPN Threats 477 Fundamentals of Secure Network Design 479 Dual-Homed Host 479 Screened Host 481 Screened Subnets 482 Split Screened Subnets 483 Penetration Testing an Extranet 483 A Sample Extranet Penetration Test 485 Gathering Information 485 Getting Your Foot in the Door 486 Exploring the Internal Network 487 Expanding Your Influence 490 Frequently Asked Questions 494 Appendixes A Checklists 497 Penetration Test Checklists 497 Chapter 8: Information Reconnaissance 497 Chapter 9: Host Discovery Using DNS and NetBIOS 497 Chapter 10: Network and Host Discovery 498

Table of Contents xix Chapter 11: Port Scanning 498 Chapter 12: Obtaining Information from a Host 499 Chapter 13: War Dialing, War Driving, and Bluetooth Attacks 500 Chapter 14: Automated Vulnerability Detection 501 Chapter 15: Password Attacks 501 Chapter 16: Denial of Service Attacks 502 Chapter 17: Application Attacks 502 Chapter 18: Database Attacks 502 Chapter 19: Network Sniffing 503 Chapter 20: Spoofing 503 Chapter 21: Session Hijacking 503 Chapter 22: How Attackers Avoid Detection 504 Chapter 23: Attackers Using Non-Network Methods to Gain Access 504 Chapter 24: Web Threats 504 Chapter 25: E-Mail Threats 505 Chapter 26: Domain Controller Threats 505 Chapter 27: Extranet and VPN Threats 505 Countermeasures Checklists 506 Chapter 8: Information Reconnaissance 506 Chapter 9: Host Discovery Using DNS and NetBIOS 506 Chapter 10: Network and Host Discovery 507 Chapter 11: Port Scanning 507 Chapter 12: Obtaining Information from a Host 507 Chapter 13: War Dialing, War Driving, and Bluetooth Attacks 508 Chapter 15: Password Attacks 508 Chapter 16: Denial of Service Attacks 509 Chapter 17: Application Attacks 509 Chapter 18: Database Attacks 509 Chapter 19: Network Sniffing 510 Chapter 20: Spoofing 510 Chapter 21: Session Hijacking 510 Chapter 22: How Attackers Avoid Detection 511

xx Table of Contents Chapter 23: Attackers Using Non-Network Methods to Gain Access 511 Chapter 24: Web Threats 511 Chapter 25: E-Mail Threats 512 Chapter 26: Domain Controller Threats 512 Chapter 27: Extranet and VPN Threats 513 B References 515 Chapter 1: Introduction to Performing Security Assessments 515 Chapter 2: Key Principles of Security 515 Chapter 3: Using Vulnerability Scanning to Assess Network Security 515 Chapter 4: Conducting a Penetration Test 516 Chapter 5: Performing IT Security Audits 516 Chapter 6: Reporting Your Findings 516 Chapter 7: Building and Maintaining Your Security Assessment Skills 516 Chapter 8: Information Reconnaisance 517 Chapter 9: Host Discovery Using DNS and NetBIOS 517 Chapter 10: Network and Host Discovery 518 Chapter 11: Port Scanning 518 Chapter 12: Obtaining Information from a Host 518 Chapter 13: War Dialing, War Driving, and Bluetooth Attacks 518 Chapter 14: Automated Vulnerability Detection 519 Chapter 15: Password Attacks 519 Chapter 16: Denial of Service Attacks 519 Chapter 17: Application Attacks 520 Chapter 18: Database Attacks 520 Chapter 19: Network Sniffing 522 Chapter 20: Spoofing 523 Chapter 21: Session Hijacking 523 Chapter 22: How Attackers Avoid Detection 523 Chapter 23: Attackers Using Non-Network Methods to Gain Access 524 Chapter 24: Web Threats 524 Chapter 25: E-Mail Threats 524 Chapter 26: Domain Controller Threats 525 Chapter 27: Extranet and VPN Threats 526 Index 529 What rln unn think rrf thte fromfe"?* Microsoft is interested in hearing your feedback about this publication so we can *W\W J WM_WMWe W* w«* JSK-J _,.* continually improve our books and learning resources for you. To participate in a brief <Ps*f irww* IB' IJHaiFTBSB"JP3M5 online survey, please visit: www.microsoft<:om/team'mg/booksurvey/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information