This book consists of 14 chapters and 2 appendixes. At the end of each chapter is a checklist that summarizes the threats and techniques described in that chapter along with effective countermeasures. The appendixes provide useful reference material, including listings of TCP and UDP ports, along with ICMP message types and their functions. Details of popular vulnerabilities in Microsoft Windows and Unix-based operating platforms are also listed. Here is a brief description of each chapter and appendix.
Chapter 1, discusses the rationale behind network security assessment and introduces security as a process, not a product.
Chapter 2, covers the various Unix-based operating systems and tool kits that determined attackers and network security professionals use.
Chapter 3, logically walks through the Internet-based options that a potential attacker has to map your network, from open web searches to DNS sweeping and querying of authoritative name servers.
Chapter 4, discusses all known IP network scanning techniques and their relevant application, also listing tools and systems that support such scanning types. IDS evasion and low-level packet analysis techniques are also covered.
Chapter 5, defines the techniques and tools that execute information leak attacks against services such as LDAP, auth, finger, and DNS. Some process manipulation attacks are discussed here when appropriate.
Chapter 6, comprehensively covers the assessment of web services including IIS, Apache, OpenSSL, and other components such as Frontpage Extensions and Outlook Web Access. Risk mitigation strategies are also detailed, including use of egress network filtering and web service configuration.
Chapter 7, details the tools and techniques used to correctly assess all common maintenance services (including SSH, VNC, X Windows, Microsoft Terminal Services, etc.). Increasingly, these services are targets of information leak and brute-force attacks, resulting in a compromise even though the underlying software isn't strictly vulnerable.
Chapter 8, outlines assessment strategies for testing FTP and database services correctly. I cover Unix-based FTP services along with common enterprise database services, such as Oracle and Microsoft SQL Server.
Chapter 9, comprehensively tackles security issues with each and every component (including MSRPC, NetBIOS, and CIFS) in a port-by-port fashion. Information-leak, brute-force, and process-manipulation attacks against each component are detailed, from the DCE locator service listening on port 135 through to the CIFS direct listener on port 445.
Chapter 10, details assessment of SMTP, POP-3, and IMAP services that transport email. Often, these services can fall foul to information-leak and brute-force attacks, and, in some instances, process manipulation.
Chapter 11, covers assessment of IP services that provide secure inbound network access, including IPsec, Check Point FWZ, and Microsoft PPTP.
Chapter 12, comprehensively covers assessment of Unix RPC services found running on Linux, Solaris, IRIX, and other platforms. RPC services are commonly abused to gain access to hosts, so it is imperative that any accessible services are correctly assessed.
Chapter 13, defines the various types of application-level vulnerabilities that hacker tools and scripts exploit. By grouping vulnerabilities in this way, a timeless risk management model can be realized because all future application-level risks will fall into predefined groups.
Chapter 14, gives step-by-step details of real assessment methodologies used to test a small network containing a Cisco IOS router, Sun Solaris mail server, and a Windows 2000 web server. By running through the whole process, you will gain insight into the overall methodology and its effective application.
Appendix A, contains definitive listings and details of tools and systems that can be used to easily assess services found.
Appendix B, lists good sources of publicly accessible vulnerability and exploit information so that vulnerability matrices can be devised to quickly identify areas of potential risk when assessing networks and hosts.