Product Description

There are hundreds--if not thousands--of techniques used to compromise both Windows and Unix-based systems. Malicious code and new exploit scripts are released on a daily basis, and each evolution becomes more and more sophisticated. Keeping up with the myriad of systems used by hackers in the wild is a formidable task, and scrambling to patch each potential vulnerability or address each new attack one-by-one is a bit like emptying the Atlantic with paper cup. If you're a network administrator, the pressure is on you to defend your systems from attack. But short of devoting your life to becoming a security expert, what can you do to ensure the safety of your mission critical systems? Where do you start? Using the steps laid out by professional security analysts and consultants to identify and assess risks, Network Security Assessment offers an efficient testing model that an administrator can adopt, refine, and reuse to create proactive defensive strategies to protect their systems from the threats that are out there, as well as those still being developed. This thorough and insightful guide covers offensive technologies by grouping and analyzing them at a higher level--from both an offensive and defensive standpoint--helping administrators design and deploy networks that are immune to offensive exploits, tools, and scripts. Network administrators who need to develop and implement a security assessment program will find everything they're looking for--a proven, expert-tested methodology on which to base their own comprehensive program--in this time-saving new book.

Product Details

• Amazon Sales Rank: #534786 in Books
• Published on: 2004-03-19
• Original language: English
• Number of items: 1
• Binding: Paperback
• 371 pages

About the Author
Chris McNab is the Technical Director of Matta, a vendor-independent security consulting outfit based in the United Kingdom. Since 2000, Chris has presented and run applied hacking courses across Europe, training a large number of financial, retail, and government clients in practical attack and penetration techniques, so that they can assess and protect their own networks effectively. Chris speaks at a number of security conferences and seminars, and is routinely called to comment on security events and other breaking news. He has appeared on television and radio stations in the UK (including BBC 1 and Radio 4), and in a number of publications and computing magazines. Responsible for the provision of security assessment services at Matta, Chris and his team undertake Internet-based, internal, application, and wireless security assessment work, providing clients with practical and sound technical advice relating to secure network design and hardening strategies. Chris boasts a 100% success rate when compromising the networks of multinational corporations and financial services companies over the last five years.

Excerpted from Network Security Assessment by Chris McNab. Copyright © 2004. Reprinted by permission. All rights reserved.
Chapter 4 -IP Network Scanning

This chapter focuses on the technical execution of IP network scanning. After undertaking initial reconnaissance to identify IP address spaces of interest, network scanning builds a clearer picture of accessible hosts and their network services. Network scanning and reconnaissance is the real data gathering exercise of an Internet-based security assessment. The rationale behind IP network scanning is to gain insight into the following elements of a given network:

• ICMP message types that generate responses from target hosts
• Accessible TCP and UDP network services running on the target hosts
• Operating platforms of target hosts and their configuration
• Areas of vulnerability within target host IP stack implementations (including sequence number predictability for TCP spoofing and session hijacking)
• Configuration of filtering and security systems (including firewalls, border routers, switches, and IDS sensors)

Performing both network scanning and reconnaissance tasks paints a clear picture of the network topology and its security mechanisms. Before penetrating the target network, further assessment steps involve gathering specific information about the TCP and UDP network services that are running, including their versions and enabled options.

ICMP Probing
The Internet Control Message Protocol (ICMP) identifies potentially weak and poorly protected networks. ICMP is a short messaging protocol that’s used by systems administrators and end users for continuity testing of networks (e.g., using the ping or traceroute commands). From a network scanning and probing perspective, the following types of ICMP messages are useful:

Type 8 (echo request)
Echo request messages are also known as ping packets. You can use a scanning tool such as nmap to perform ping sweeping and easily identify hosts that are accessible.

Type 13 (timestamp request)
A timestamp request message requests system time information from the target host. The response is in a decimal format and is the number of milliseconds elapsed since midnight GMT.

Type 15 (information request)
The ICMP information request message was intended to support self-configuring systems such as diskless workstations at boot time, to allow them to discover their network address. Protocols such as RARP, BOOTP, or DHCP do so more robustly, so type 15 messages are rarely used.

Type 17 (subnet address mask request)
An address mask request message reveals the subnet mask used by the target host. This information is useful when mapping networks and identifying the size of subnets and network spaces used by organizations.

Firewalls of security-conscious organizations often blanket-filter inbound ICMP messages and so ICMP probing isn’t effective; however, ICMP isn’t filtered in most networks because ICMP messages are often useful for network troubleshooting purposes.

There are a handful of other ICMP message types that have relevant security applications
(such as ICMP type 5 redirect messages sent by routers), but they aren’t related
to network scanning.

Table 4-1 outlines popular operating systems and their responses to certain types of
direct ICMP query messages.

Indirect ICMP query messages can be sent to the broadcast address of a given subnet (such as 192.168.0.255 in a 192.168.0.0/24 network). Operating systems respond in different ways to indirect queries issued to a broadcast address, as shown in Table 4-2.

Ofir Arkin of the Sys-Security Group has undertaken a lot of research into ICMP over recent years, publishing white papers dedicated entirely to the use of ICMP probes for OS fingerprinting. For quality in-depth details of ICMP probing techniques, please consult his research available from his web site.

Customer Reviews

Recommended for any InfoSec specialist
Although much of the book material I have known before, but the author illustrates the subject very well, and gives brilliant methodologies on how to perform pen tests.

"Network Security Assessment"
The defacement of websites are increasing day by day. It doesn't
matter whether they are windows or *nix. Numerous exploits and
malicious codes are released every day. Researchers published new
vulnerabilities everyday online. So, the need arises to secure your perimeter from hackers and crackers. There are numerous freeware and commercial products available for this purpose. The book "Network Security Assessment" covers the same issue in detail and describes how you can secure your perimeter. It describes numerous tools and shows how one can use these to explore vulnerabilities and misconfigurations in your network. It offers proactive defence measures to secure your network.

"Network Security Assessment" provides a good framework for anyone who is involved in network security. I've read a number of security books. But, I think this book is a text book for security engineers. The book starts from the basic concepts of network enumeration using basic scanning tools like nmap and discuss many server issues like http/ftp/smtp server etc.

It explains systematic use of tools and techniques for penetration testing. I strongly recommend this book for security engg and penetration testers.

i dod not recieve the item yet sence i piad 2months a go
this is samething i never came a cross or saw in the amazon the person or the shop what ever they or he/she never answer my email, i did piad another book from the shop cost me money while i already bought from then