Penetration Testing and Network Defense
| < Day Day Up > |
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] SAINT (Security Administrators Integrated Network Tool) salts SAM file sample databases on Microsoft SQL Server sample Executive Summary sample penetration test report SamSpade Sanfilippo, Salvatore Sapphire worm SARA (Security Auditor's Research Assistant) Sarbanes-Oxley Act Sasser worm 2nd scan detecting examples FIN scans NULL scans OS guessing scans SYN scans TCP Connect() scans Xmas tree scans scanners scanning stage of attacks scope of testing, defining 2nd script-kiddies scripting languages ASP JavaScript JScript Perl PHP VBScript securing firewalls network architecture operating system routers web server applications Apache IIS website design security policies authorship backup policies cost of protecting assets, calculating creating disaster recovery policies e-mail policies gaining company acceptance Internet policies password policies physical access policies remote access policies required topics threats to assets, identifying trust model types of selecting penetration testing vendor semi-directional antennasserver attacks detecting preventing server penetration, tools for performing server-based Java servers, honeypots service accounts, on Microsoft SQL Server session hijacking 2nd ACK storms blind spoofing case study 2nd detecting with packet sniffers detecting with Cisco IDS 2nd Kevin Mitnick's attack on Tsutomu Shimomura's computer 2nd monitoring with Ethereal 2nd nonblind spoofing protecting against TCP sequence prediction TTY-Watcher utilities Hunt Juggernaut T-Sight watching session replays versus session hijacking Shimomura, Tsutomu shoveling remote shells showcode.asp signature-based IDSs, evading detecting DoS attacks signatures, detecting session hijacking 2nd 3rd similarity-based persuasion Simon, William simplex connection hijacking single-server e-commerce architecture Site Security Handbook Slammer worm SMBdie Smith, David Smurf amplifiers Smurf attacks Snadboy Revelation social engineering 2nd 3rd behavioral profiling case study customers, impersonating defending against e-mail impersonation employees, impersonating end-users, impersonating human-based persuasion, types of authority-based persuasion conformity persuasion information-based persuasion logic persuasion need-based persuasion reciprocation-based persuasion similarity-based persuasion RSE tech support technology-based third parties, impersonating traits necessary for confidence patience possessing inside knowledge trust user group meetings web page spoofing wetware witness consultants as coaches sockets software, open source witness consultants as coaches characteristics of SOX (Sarbanes-Oxley) Act spacefiller viruses SPAN (Switched Port Analyzer) special-purpose application registers Spendor Datapool spoofed e-mail messages SQL (Structured Query Language) brute force server attacks, case study 2nd commands master database servers brute force attacks, detecting system stored procedures SQL injection 2nd testing vulnerability to SQL Slammer worm 2nd SQLPing2 SSIDs (service set identifiers) SSL infinite loops stack fingerprinting stack smashing exploit stacks non-executable, preventing buffer overflowsstages of attacks erasing evidence maintaining access obtaining access reconnaissance scanning standards for wireless networks, enforcing stored procedures 2nd extendedSTP (Spanning Tree Protocol) hardening switches against attacks testing switches for vulnerabilities structure of Microsoft SQL Servers of MySQL databases of Oracle databases StumbVerter SubSeven 2nd 3rd 4th superusers, assigning permissions to susceptibility of databases to attack switches ARP attacks, hardening against MAC table flooding attacks, hardening against NMAP STP attacks, hardening against testing for vulnerabilities via ARP attacks via MAC table flooding via STP via VLAN hopping via VTP attacks VLAN hopping VTP attacks, hardening against symptoms of session hijacking SYN floods 2nd SYN scans system log files, detecting password-cracking attacks system stored procedures system tablespace sysxlogins |
| < Day Day Up > |