[FOX-Ebook]Network Security Assessment: Know Your Network, 3rd Edition

How secure is your network? The best way to find out is to attack it, using the same tactics attackers employ to identify and exploit weaknesses. With the third edition of this practical book, you’ll learn how to perform network-based penetration testing in a structured manner. Security expert Chris McNab demonstrates common vulnerabilities, and the steps you can take to identify them in your environment.

System complexity and attack surfaces continue to grow. This book provides a process to help you mitigate risks posed to your network. Each chapter includes a checklist summarizing attacker techniques, along with effective countermeasures you can use immediately.

Learn how to effectively test system components, including:

• Common services such as SSH, FTP, Kerberos, SNMP, and LDAP
• Microsoft services, including NetBIOS, SMB, RPC, and RDP
• SMTP, POP3, and IMAP email services
• IPsec and PPTP services that provide secure network access
• TLS protocols and features providing transport security
• Web server software, including Microsoft IIS, Apache, and Nginx
• Frameworks including Rails, Django, Microsoft ASP.NET, and PHP
• Database servers, storage protocols, and distributed key-value stores

Table of Contents

Chapter 1 Introduction to Network Security Assessment
Chapter 2 Assessment Workflow and Tools
Chapter 3 Vulnerabilities and Adversaries
Chapter 4 Internet Network Discovery
Chapter 5 Local Network Discovery
Chapter 6 IP Network Scanning
Chapter 7 Assessing Common Network Services
Chapter 8 Assessing Microsoft Services
Chapter 9 Assessing Mail Services
Chapter 10 Assessing VPN Services
Chapter 11 Assessing TLS Services
Chapter 12 Web Application Architecture
Chapter 13 Assessing Web Servers
Chapter 14 Assessing Web Application Frameworks
Chapter 15 Assessing Data Stores
Appendix A Common Ports and Message Types