Securing Network Infrastructure
上QQ阅读APP看书,第一时间看更新

What this book covers

Chapter 1, Introduction to Network Vulnerability Scanning, introduces basic network components and their architecture. It also explains the methods and methodologies of network vulnerability scanning and the complexities involved in it and looks at mitigation planning for identified vulnerabilities.

Chapter 2, Understanding Network Scanning Tools, consists of recipes that will give you a basic understanding of the Nessus and Nmap tools, including the technical requirements to install these tools and the details of their workings. The chapter then dives into the installation and removal instructions for Nessus and Nmap.

Chapter 3, Port Scanning, consists of recipes on techniques for performing port scanning. It begins with instructions and details regarding host discovery, moving to open ports, scripts, and version scanning. It also gives insights into evading network protection systems while performing port scans.

Chapter 4, Vulnerability Scanning, consists of recipes on managing the features of Nessus, such as policies, settings, and user accounts. You will also get to grips with the steps for performing a network vulnerability scan using Nessus before then managing the scan results.

Chapter 5, Configuration Audits, consists of recipes for performing configuration audits and gap analyses on multiple platforms using Nessus. It takes you through a step-by-step process for creating, selecting, and configuring policies to perform configuration audits on operating systems, databases, and web applications.

Chapter 6, Report Analysis and Confirmation, will teach you how to create effective reports by analyzing the results from Nmap and Nessus scans. The recipes in this chapter will give a detailed insight into the supported report types and the level of customization these tools allow. It also gives details on some techniques for confirming vulnerabilities reported by Nessus and Nmap using various tools.

Chapter 7, Understanding the Customization and Optimization of Nessus and Nmap, teaches you about the creation of custom scripts and audit files for Nmap and Nessus. These recipes provide step-by-step procedures for replicating the method for the customization of audit files.

Chapter 8, Network Scanning for IoT, SCADA/ICS, consists of recipes for understanding the network scanning procedure for SCADA and ICS systems. The recipes outline methods for using Nmap and Nessus to perform port scanning and network vulnerability scanning by ensuring the high availability of these critical systems.

Chapter 9, Vulnerability Management Governance, is about understanding the essentials of vulnerability management program from a governance perspective and introducing the reader to some absolute basic security terminology and the essential prerequisites for initiating a security assessment.

Chapter 10, Setting Up the Assessment Environment, will introduce various methods and techniques for setting up a comprehensive vulnerability assessment and penetration testing environment.

Chapter 11, Security Assessment Prerequisites, is about knowing the prerequisites of security assessment. We will learn what all planning and scoping are required along with documentation to perform a successful security assessment.

Chapter 12, Information Gathering, is about learning various tools and techniques for gathering information about the target system. We will learn to apply various techniques and use multiple tools to effectively gather as much information as possible about the targets in scope. The information gathered from this stage would be used as input to the
next stage.

Chapter 13, Enumeration and Vulnerability Assessment, is about exploring various tools and techniques for enumerating the targets in scope and performing a vulnerability assessment on them.

Chapter 14, Gaining Network Access, is about getting insights on how to gain access to a compromised system using various techniques and covert channels.

Chapter 15, Assessing Web Application Security, is about learning various aspects of web application security.

Chapter 16, Privilege Escalation, is about knowing various concepts related to privilege escalation. The reader would get familiar with various privilege escalation concepts along with practical techniques of escalating privileges on compromised Windows and Linux systems.

Chapter 17, Maintaining Access and Clearing Tracks, is about maintaining access on the compromised system and cleaning up tracks using anti-forensic techniques. We will learn to make persistent backdoors on the compromised system and use Metasploit's antiforensic abilities to clear the penetration trails

Chapter 18, Vulnerability Scoring, is about understanding the importance of correct vulnerability scoring. We will understand the need of standard vulnerability scoring and gain hands-on knowledge on scoring vulnerabilities using CVSS.

Chapter 19, Threat Modeling, is about understanding and preparing threat models. We will understand the essential concepts of threat modeling and gain practical knowledge on using various tools for threat modeling.

Chapter 20, Patching and Security Hardening, is about understanding various aspects of patching and security hardening. We will understand the importance of patching along with practical techniques of enumerating patch levels on target systems and developing secure configuration guidelines for hardening the security of the infrastructure.

Chapter 21, Vulnerability Reporting and Metrics, is about exploring various metrics which could be built around the vulnerability management program. The reader would be able to understand the importance, design and implement metrics to measure the success of the organizational vulnerability management program.