Description
Book SynopsisThe ultimate hands-on guide to IT security and proactive defense The Network Security Test Lab is a hands-on, step-by-step guide to ultimate IT security implementation. Covering the full complement of malware, viruses, and other attack technologies, this essential guide walks you through the security assessment and penetration testing process, and provides the set-up guidance you need to build your own security-testing lab. You''ll look inside the actual attacks to decode their methods, and learn how to run attacks in an isolated sandbox to better understand how attackers target systems, and how to build the defenses that stop them. You''ll be introduced to tools like Wireshark, Networkminer, Nmap, Metasploit, and more as you discover techniques for defending against network attacks, social networking bugs, malware, and the most prevalent malicious traffic. You also get access to open source tools, demo software, and a bootable version of Linux to facilitate hands-on
Table of Contents
Introduction xxi
Chapter 1 Building a Hardware and Software Test Platform 1
Why Build a Lab? 2
Hardware Requirements 4
Physical Hardware 5
Equipment You Already Have 6
New Equipment Purchases 7
Used Equipment Purchases 7
Online Auctions 8
Thrift Stores 9
Company Sales 10
Virtual Hardware 10
VMware 12
VirtualBox 15
Hacker Hardware 16
Software Requirements 18
Operating Systems 19
Microsoft Windows 19
Linux 20
Navigating in Linux 23
Linux Basics 25
Mac Os X 28
Software and Applications 28
Learning Applications 29
Hacking Software 31
Summary 32
Key Terms 33
Exercises 34
Equipment Checklist 34
Installing VMware Workstation 35
Exploring Linux Operating System Options 35
Using VMware to Build a Windows Image 35
Using VMware Converter to Create a Virtual Machine 36
Exploring Other Operating System Options 37
Running Kali from VMware 37
Installing Tools on Your Windows Virtual Machine 38
Chapter 2 Passive Information Gathering 39
Starting at the Source 40
Scrutinizing Key Employees 43
Dumpster Diving (Electronic) 45
Analyzing Web Page Coding 48
Exploiting Website Authentication Methods 51
Mining Job Ads and Analyzing Financial Data 53
Using Google to Mine Sensitive Information 56
Exploring Domain Ownership 57
Whois 59
Regional Internet Registries 61
Domain Name System 63
Identifying Web Server Software 66
Web Server Location 69
Summary 70
Key Terms 70
Exercises 72
IP Address and Domain Identification 72
Information Gathering 72
Google Hacking 74
Banner Grabbing 74
Telnet 75
Netcat 75
VisualRoute 76
Chapter 3 Analyzing Network Traffic 77
Why Packet Analysis Is Important 77
How to Capture Network Traffic 78
Promiscuous Mode 78
Hubs and Switches 79
Hubbing Out and Using Taps 79
Switches 79
Capturing Network Traffic 82
Managed and Unmanaged Switches 83
ARP Cache Poisoning 85
Flooding 91
DHCP Redirection 92
Redirection and Interception with ICMP 94
Preventing Packet Capture 94
Dynamic Address Inspection 95
DHCP Snooping 95
Preventing VLAN Hopping 96
Detecting Packet Capture 97
Wireshark 99
Wireshark Basics 99
Filtering and Decoding Traffic 102
Basic Data Capture—A Layer-by-Layer Review 108
Physical—Data-Link Layer 108
Network-Internet Layer 110
Transport—Host-Host Layer 111
Application Layer 115
Other Network Analysis Tools 115
Summary 118
Key Terms 118
Exercises 119
Fun with Packets 119
Packet Analysis with tcpdump 120
Packet Filters 121
Making a One-Way Data Cable 122
Chapter 4 Detecting Live Systems and Analyzing Results 125
TCP/IP Basics 125
The Network Access Layer 127
The Internet Layer 128
The Host-to-Host Layer 132
Transmission Control Protocol 132
User Datagram Protocol 134
The Application Layer 134
Detecting Live Systems with ICMP 138
ICMP—Ping 138
Traceroute 142
Port Scanning 147
TCP and UDP Port Scanning 147
Advanced Port-Scanning Techniques 151
Idle Scan 151
Analyzing Port Scans 155
Port-Scanning Tools 156
Nmap 157
SuperScan 160
Other Scanning Tools 161
OS Fingerprinting 161
Passive Fingerprinting 162
Active Fingerprinting 164
How Nmap OS Fingerprinting Works 165
Scanning Countermeasures 167
Summary 171
Key Terms 171
Exercises 172
Understanding Wireshark 172
Interpreting TCP Flags 174
Performing an ICMP Packet Decode 175
Port Scanning with Nmap 176
Traceroute 177
An Analysis of a Port Scan 178
OS Fingerprinting 179
Chapter 5 Enumerating Systems 181
Enumeration 181
Router and Firewall Enumeration 182
Router Enumeration 182
Firewall Enumeration 187
Router and Firewall Enumeration Countermeasures 191
Windows Enumeration 191
Server Message Block and Interprocess Communication 194
Enumeration and the IPC$ Share 195
Windows Enumeration Countermeasures 195
Linux/Unix Enumeration 196
Enumeration of Application Layer Protocols 197
Simple Network Management Protocol 197
SNMP Enumeration Countermeasures 200
Enumeration of Other Applications 200
Advanced Enumeration 202
SCADA Systems 202
User Agent Strings 210
Mapping the Attack Surface 213
Password Speculation and Cracking 213
Sniffing Password Hashes 216
Exploiting a Vulnerability 218
Protecting Passwords 221
Summary 221
Key Terms 222
Exercises 223
SNMP Enumeration 223
Enumerating Routing Protocols 225
Enumeration with DumpSec 227
Identifying User Agent Strings 227
Browser Enumeration 229
Chapter 6 Automating Encryption and Tunneling Techniques 231
Encryption 232
Secret Key Encryption 233
Data Encryption Standard 235
Triple DES 236
Advanced Encryption Standard 237
One‐Way Functions (Hashes) 237
md Series 238
Sha 238
Public Key Encryption 238
Rsa 239
Diffie‐Hellman 239
El Gamal 240
Elliptic Curve Cryptography 240
Hybrid Cryptosystems 241
Public Key Authentication 241
Public Key Infrastructure 242
Certificate Authority 242
Registration Authority 242
Certificate Revocation List 243
Digital Certificates 243
Certificate Distribution System 244
Encryption Role in Authentication 244
Password Authentication 245
Password Hashing 246
Challenge‐Response 249
Session Authentication 250
Session Cookies 250
Basic Authentication 251
Certificate‐Based Authentication 251
Tunneling Techniques to Obscure Traffic 252
Internet Layer Tunneling 252
Transport Layer Tunneling 254
Application Layer Tunneling 256
Attacking Encryption and Authentication 259
Extracting Passwords 259
Password Cracking 260
Dictionary Attack 261
Brute‐Force Attack 261
Rainbow Table 263
Other Cryptographic Attacks 263
Summary 264
Key Terms 264
Exercises 266
CrypTool 266
Extract an E‐mail Username and Password 268
RainbowCrack 268
John the Ripper 270
Chapter 7 Automated Attack and Penetration Tools 273
Why Attack and Penetration Tools Are Important 274
Vulnerability Assessment Tools 274
Source Code Assessment Tools 275
Application Assessment Tools 276
System Assessment Tools 276
Attributes of a Good System Assessment Tool 278
Nessus 279
Automated Exploit Tools 286
Metasploit 286
Armitage 287
Metasploit Console 288
Metasploit Command‐Line Interface 289
Updating Metasploit 290
BeEF 290
Core Impact 291
Canvas 292
Determining Which Tools to Use 292
Picking the Right Platform 292
Summary 293
Key Terms 294
Exercises 294
Exploring N‐Stalker, a Vulnerability Assessment Tool 294
Exploring Searchsploit on Kali Linux 295
Metasploit Kali 296
Chapter 8 Securing Wireless Systems 299
Wi-Fi Basics 300
Wireless Clients and NICs 301
Wireless Access Points 302
Wireless Communication Standards 302
Bluetooth Basics 304
Wi-Fi Security 305
Wired Equivalent Privacy 305
Wi-Fi Protected Access 307
802.1x Authentication 309
Wireless LAN Threats 310
Wardriving 310
NetStumbler 312
Kismet 314
Eavesdropping 314
Rogue and Unauthorized Access Points 318
Denial of Service 319
Exploiting Wireless Networks 320
Finding and Assessing the Network 320
Setting Up Airodump 321
Configuring Aireplay 321
Deauthentication and ARP Injection 322
Capturing IVs and Cracking the WEP KEY 322
Other Wireless Attack Tools 323
Exploiting Bluetooth 324
Securing Wireless Networks 324
Defense in Depth 325
Misuse Detection 326
Summary 326
Key Terms 327
Exercises 328
Using NetStumbler 328
Using Wireshark to Capture Wireless Traffic 329
Chapter 9 An Introduction to Malware 331
History of Malware 331
Types of Malware 334
Viruses 334
Worms 337
Logic Bombs 338
Backdoors and Trojans 338
Packers, Crypters, and Wrappers 340
Rootkits 343
Crimeware Kits 345
Botnets 347
Advanced Persistent Threats 350
Spyware and Adware 350
Common Attack Vectors 351
Social Engineering 351
Faking It! 352
Pretending through Email 352
Defenses against Malware 353
Antivirus 353
File Integrity Verification 355
User Education 355
Summary 356
Key Terms 356
Exercises 357
Virus Signatures 357
Building Trojans 358
Rootkits 358
Finding Malware 362
Chapter 10 Detecting Intrusions and Analyzing Malware 365
An Overview of Intrusion Detection 365
IDS Types and Components 367
IDS Engines 368
An Overview of Snort 370
Platform Compatibility 371
Limiting Access to the IDS 371
Verification of Configuration 372
Building Snort Rules 373
The Rule Header 374
Logging with Snort 375
Rule Options 376
Advanced Snort: Detecting Buffer Overflows 377
Responding to Attacks and Intrusions 379
Analyzing Malware 381
Tracking Malware to Its Source 382
Identifying Domains and Malicious Sites 382
Building a Testbed 386
Virtual and Physical Targets 386
Operating Systems 387
Network Isolation 387
Testbed Tools 388
Malware Analysis Techniques 390
Static Analysis 390
Dynamic Analysis 394
Summary 397
Key Terms 397
Exercises 398
Building a Snort Windows System 398
Analyzing Malware Communication 400
Analyzing Malware with VirusTotal 401
Chapter 11 Forensic Detection 403
Computer Forensics 404
Acquisition 405
Drive Removal and Hashing 407
Drive-Wiping 409
Logical and Physical Copies 410
Logical Copies 411
Physical Copies 411
Imaging the Drive 412
Authentication 413
Trace-Evidence Analysis 416
Browser Cache 418
Email Evidence 419
Deleted or Overwritten Files and Evidence 421
Other Trace Evidence 422
Hiding Techniques 422
Common File-Hiding Techniques 423
Advanced File-Hiding Techniques 425
Steganography 426
Detecting Steganographic Tools 429
Antiforensics 430
Summary 431
Key Terms 431
Exercises 432
Detecting Hidden Files 432
Basic File-Hiding 432
Advanced File-Hiding 433
Reading Email Headers 433
Use S-Tools to Embed and Encrypt a Message 435
Index 439
