ورود به حساب

نام کاربری گذرواژه

گذرواژه را فراموش کردید؟ کلیک کنید

حساب کاربری ندارید؟ ساخت حساب

ساخت حساب کاربری

نام نام کاربری ایمیل شماره موبایل گذرواژه

برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید


09117307688
09117179751

در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید

دسترسی نامحدود

برای کاربرانی که ثبت نام کرده اند

ضمانت بازگشت وجه

درصورت عدم همخوانی توضیحات با کتاب

پشتیبانی

از ساعت 7 صبح تا 10 شب

دانلود کتاب Information Systems Security Assessment Framework (ISSAF) Draft 0.2.1

دانلود کتاب چارچوب ارزیابی امنیت سیستم های اطلاعاتی (ISSAF) پیش نویس 0.2.1

Information Systems Security Assessment Framework (ISSAF) Draft 0.2.1

مشخصات کتاب

Information Systems Security Assessment Framework (ISSAF) Draft 0.2.1

ویرایش:  
نویسندگان:   
سری:  
 
ناشر: Open Information Systems Security Group 
سال نشر: 2005 
تعداد صفحات: 1264 
زبان: English  
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) 
حجم فایل: 10 مگابایت

قیمت کتاب (تومان) : 36,000



ثبت امتیاز به این کتاب

میانگین امتیاز به این کتاب :
       تعداد امتیاز دهندگان : 18


در صورت تبدیل فایل کتاب Information Systems Security Assessment Framework (ISSAF) Draft 0.2.1 به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.

توجه داشته باشید کتاب چارچوب ارزیابی امنیت سیستم های اطلاعاتی (ISSAF) پیش نویس 0.2.1 نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.


توضیحاتی درمورد کتاب به خارجی



فهرست مطالب

1 Executive Summary......Page 15
2.1.1 What are the Objectives of ISSAF?......Page 18
2.1.2 What are the Goals of ISSAF?......Page 19
2.1.3 Why we had come up with ISSAF?......Page 20
2.2 Target Audience......Page 21
2.3 Team......Page 22
2.4  Document Structure......Page 23
2.6 Licensing......Page 25
3 The Framework......Page 26
3.1.2 Project Chartering......Page 28
3.1.4 Budgeting......Page 29
3.1.7 Project kick-off......Page 30
3.2 Phase II – Assessment......Page 31
3.2.1.1 Assessment Preparation......Page 32
3.2.2 Controls Assessment......Page 33
3.4 Phase IV - Accreditation......Page 36
3.4.2 Evaluation......Page 37
3.5 Phase V – Maintenance......Page 38
4.2 Objective......Page 39
4.4 Engagement scope......Page 40
4.5 Engagement kickoff meeting (Internal)......Page 41
4.6 Communications plan......Page 42
4.7 Engagement kickoff Discussion with client......Page 43
4.8 Sample Status Report......Page 44
4.11 Set Milestones and Timelines......Page 46
4.14 Engagement estimated effort/cost/duration (Cost Optional)......Page 47
4.16 Engagement risks......Page 49
4.18 Engagement organization (Assessment Team & Client)......Page 50
4.20 SIGN-OFF Sheet......Page 51
4.21 Annexure - Assessment Administration Roadmap......Page 52
5 Good Practices– Pre Assessment, Assessment and Post Assessment......Page 55
5.1.1 Request for Proposal (RFP)......Page 61
5.1.2.3 Third Party Contract Evaluation Guidelines......Page 62
5.1.3 Sales and Marketing......Page 65
5.1.5 Define the scope of work......Page 66
5.1.6 Define the “Out of Scope” Areas......Page 67
5.1.7.2 Non Disclosure Agreement......Page 68
5.1.10 Maintain confidentiality of client data - before start of Project......Page 69
5.1.11.1 Layered Network Architecture Design......Page 70
5.2.1 Rules of Engagement......Page 79
5.2.2 Time of Assessment and Availability of Staff......Page 81
5.3.1.1 Planning and Preparation......Page 82
5.3.1.3 Report creation, merger and formatting......Page 83
5.3.3 After Presentation......Page 85
5.3.3.3 Maintain confidentiality of client data......Page 86
6.1 Background......Page 89
6.2  METHODOLOGY......Page 92
6.3 Risk Assessment Tool......Page 101
6.4 Risk Assessment Methodology Evaluation......Page 105
7.4 Assessment Questionnaire......Page 107
7.5 Assessment Questionnaire - Narrative......Page 110
7.5.1 Overview......Page 111
7.5.3 Some issues of design......Page 113
7.5.4.1 Establishing a Policy Template......Page 115
7.5.6.3 Internet Usage......Page 116
7.5.6.8 Incident Reporting Policy......Page 117
7.5.8.1 Physical Security of Information Systems......Page 118
7.5.8.7 Backup & Systems Availability Policy......Page 119
7.5.9.2 Systems Vulnerability Assessment & Penetration Testing......Page 120
8.4 Assessment Questionnaire......Page 121
8.5 Assessment Questionnaire - Narrative......Page 124
8.5.2 Segregation of Duties......Page 125
8.5.3 Two-person Controls......Page 126
8.5.6 Information Security Roles and Responsibilities......Page 127
8.5.6.3 Infrastructure Security Manager......Page 128
8.5.6.5 Applications & Database Security Manager......Page 129
8.5.6.6 Security Compliance Manager......Page 130
9 Enterprise Security & Controls Assessment......Page 131
Assessment Questionnaire......Page 132
Technical Controls and Security Assessment......Page 134
A Understanding Assessment Trends......Page 135
B.2 PHASE – II: ASSESSMENT......Page 136
B.2.2 Network Mapping......Page 138
B.2.4 Penetration......Page 139
B.2.5.1.1 Gain Least Privilege......Page 140
B.2.6 Enumerating Further......Page 141
B.2.8.1 Covert Channels......Page 142
B.2.9.2 Clear Logs......Page 143
B.2.9.5 Implement Root-kits......Page 144
B.3.1.2 Final Reporting......Page 145
B.3.2 Clean Up and Destroy Artifacts......Page 146
C Penetration Testing Methodology, Phase-II  Explained......Page 147
C.1 Information Gathering......Page 148
 Passive Information Gathering......Page 151
9.1.1 Locate the Target Web Presence......Page 152
9.1.2 Examine Domain Name System / Find Out Domain Registration Info and IP Block Owned......Page 154
9.1.3  Examine Domain Name System - Check for the Authoritative Name Servers......Page 158
9.1.4  Examine Domain Name System - Check for Reverse DNS lookup presence......Page 161
9.1.5  Examine Domain Name System - Check Spam/Attackers databases lookup......Page 163
9.1.6  Examine Domain Name System - Check to change whois information......Page 164
9.1.7  Search Job databases......Page 166
9.1.8  Examine target using Search Engines......Page 168
9.1.9  Search Security & Exchange Commission and Finance sites......Page 171
9.1.10  Search System/Network Survey Sites......Page 173
9.1.11  Search Uptime Statistics Sites......Page 174
9.1.12  Search on P2P networks......Page 175
9.1.13  Search on Internet Relay Chat (IRC)......Page 177
9.1.14  Search Underground Sites......Page 178
9.1.15  Search News Groups (NNTP) and Email lists......Page 180
9.1.16  Search Index Sites......Page 181
9.1.17  Search Employee's Personal Web Sites......Page 182
9.1.18 Email Systems – User Account Enumeration......Page 183
9.1.19 SMTP Headers Analysis – Email Received from Target......Page 186
9.1.20  SMTP Headers Analysis – Bounced E-mail......Page 188
9.1.21   SMTP Headers Analysis – Read Receipt......Page 190
9.1.22  Perform BGP (Border Gateway Protocol) Query......Page 192
9.1.23 DNS Interrogation - Perform Zone Transfer on Primary, Secondary and ISP name server......Page 194
9.1.24 DNS Interrogation - Perform Zone Transfer by dictionary attack......Page 200
9.1.25 DNS INTEROGATION - Finding IPv6 IP blocks in use though DNS queries......Page 202
9.1.26  Mirror Target Web Site......Page 204
9.1.27 Global Countermeasures......Page 206
C.2  Network Mapping (Scanning, OS Fingerprinting and Enumeration)......Page 208
9.1.28  Identify Live Hosts......Page 209
C.2.1.1 Find Open Ports......Page 211
C.2.1.2  ARP Discovery......Page 218
C.2.1.3 Identify Perimeter Network – Tracerouting......Page 220
C.2.1.5  Scan default firewall/router ports......Page 222
C.2.1.6  Perform FIN/ACK Scan......Page 224
C.2.1.7  Map Router / Firewall Rule-Base......Page 226
9.1.33 Tools......Page 228
C.2.1.8  Passive OS guessing......Page 229
C.2.1.9 Active OS guessing......Page 231
9.1.35  Perform War-dialing......Page 241
C.2.1.10  Systems Enumeration......Page 243
C.2.1.11  Windows Systems......Page 245
C.2.1.12  Novell Systems......Page 246
9.1.38 Global Countermeasure......Page 247
C.3  Vulnerability Assessment (Identification)......Page 248
C.5 Gaining Access and Privilege Escalation......Page 255
9.1.47 Gaining Access - Final Compromise on Target......Page 256
C.7 Compromise Remote Users/Sites......Page 257
9.1.49 Covert Channels......Page 259
9.1.51 Select the best available tool for the covert channel......Page 260
9.1.52 Methodology - Setup the covert channel in the target network......Page 261
C.8.1.1 Stream Profiling......Page 271
9.1.54 Countermeasures......Page 272
9.1.57 Backdoors - Application Level Firewalls......Page 273
C.8.1.5 Root-kits - Kernel-Level......Page 274
9.1.60 Hide Files......Page 275
C.9.1.1  Hide Files (Unix)......Page 276
C.9.1.2 Hide Files (Windows)......Page 278
C.9.1.3 Clear Logs (Windows)......Page 284
C.9.1.4  Clear Logs (Unix)......Page 285
9.1.64 Defeat integrity checking......Page 288
Audit (optional)......Page 289
D Handling False Detection rates......Page 290
-- Network Security......Page 293
E.1 FIRST PART: GATHERING AUTHENTICATION CREDENTIALS......Page 294
 Step One: Network Authentication Credentials Gathering as an Outsider Penetration Tester (Low privilege)......Page 296
E.1.1 Process (Steps to complete this task)......Page 297
E.1.2 Example uses of common testing tool(s)......Page 298
E.1.4 Countermeasures......Page 301
E.2.2 Objective......Page 302
E.2.4 Process (Steps to complete this task)......Page 303
E.2.5 Example uses of comman testing Tool(s)......Page 304
E.2.7 Countermesaures......Page 305
E.2.9 Contributor(s)......Page 306
E.3.4 Process......Page 307
E.3.5 Example......Page 308
E.3.7 Countermeasures......Page 310
E.3.9 Contributor(s)......Page 311
E.4.3 Expected Results......Page 312
E.4.4 Process......Page 313
E.4.7 Countermeasure(s)......Page 314
E.4.9 Contributor(s)......Page 315
E.5.6 Results......Page 316
E.5.9 Countermeasure(s)......Page 317
E.6.6 Results......Page 318
E.6.9 Countermeasure(s)......Page 319
E.7.1 Background I: Password Types......Page 320
E.7.2 Background II: algorithms, public and proprietary algorithms......Page 323
E.7.3 Background III: Mathematics......Page 324
E.7.4 Background IV: Rainbow Tables and Rainbow Cracking......Page 327
E.7.7 Countermeasure(s)......Page 329
E.7.9 Example......Page 330
E.7.11 Use of Cain......Page 332
E.7.12 Use of John The Ripper......Page 336
E.7.13 Use of Lepton’s Crack......Page 340
E.7.14 Cracking Strategy......Page 347
E.7.14.2 Investigation......Page 348
E.7.14.3 Dictionaries......Page 349
E.7.14.4 Building a Cracking Tactic......Page 350
E.7.15.2 Dictionary......Page 351
E.7.15.5 LM Half Passwords......Page 354
E.7.15.6 Basic brute force attempts......Page 355
E.7.15.7 “Instant” Cracking (Rainbow Cracking)......Page 356
E.7.16 Conclusion......Page 357
E.10 Countermeasure(s)......Page 358
F.5.1 Assess General Switch Security......Page 359
F.5.9 Vulnerabilities identification and target penetration......Page 360
F.6.5 Identify Switch’s feature......Page 361
F.7 Assess Port Security......Page 362
F.8 Test Content Addressable Memory (CAM) Security......Page 363
F.10 Assess VLAN Hopping Attacks......Page 366
F.11 Test VLAN Hopping Attacks by switch spoofing......Page 368
F.12  Test VLAN Hopping attacks by double encapsulation......Page 371
F.13 Assess Private VLAN Attack......Page 374
F.14 Bypass PVLAN using Layer-2 Proxy Attacks......Page 375
F.16.1 STP root bridge SUMPLANTACION......Page 377
F.17  Assess DHCP Starvation......Page 379
F.18 Assess Cisco Discovery Protocol Attacks......Page 380
F.19 Assess ARP Attacks......Page 382
F.20 Assess VTP Attacks......Page 384
F.21 Vlan Reconfiguration......Page 385
F.22 Layer 2 Port Authentication......Page 386
F.22.1 802.1x/EAP Switch Authentication......Page 387
F.22.2 802.1X Port Authentication......Page 388
F.23 Multicast brute force failover analysis......Page 389
F.24 Random Frame Stress Attack......Page 390
F.25 IP Telephony Considerations......Page 391
F.28 Further Reading[s]......Page 392
F.29 Appendix 1: Catalyst Switch Feature Support......Page 393
G Router Security Assessment......Page 394
G.1.1.1 Identify the router hostname......Page 397
G.1.1.3 OS detection + Versioning......Page 398
G.1.1.4 Perform protocol scanning......Page 399
G.1.1.5 Test Packet Leakage......Page 400
G.2.1.1 Misconfigurations......Page 401
G.2.1.2 Test VTY/TTY Connections......Page 402
G.2.1.3 Test HTTP Connections......Page 405
G.2.1.4 Test SNMP......Page 406
G.2.1.5 Test TFTP......Page 409
G.2.1.6 Test Finger......Page 411
G.2.1.7 Test CDP (cisco discovery protocol)......Page 413
G.2.1.8 Test NTP......Page 415
G.2.1.9 Test Access to Console Port......Page 416
G.2.1.10 Test Password Security......Page 417
G.2.1.11 Test Loose and Strict Source Routing......Page 419
G.2.1.12 Test IP Spoofing......Page 420
G.2.1.14 Test ICMP Redirects......Page 422
G.2.1.15 Test ARP Attacks......Page 423
G.3.1.1 Autonomous System Scanning......Page 424
G.3.1.2 RIP (Router Information Protocol) testing......Page 425
G.3.1.3 Open Shortest Path First (OSPF) testing......Page 427
G.3.1.4 Border Gateway Protocol (BGP) testing......Page 429
G.3.1.5 IRDP Testing......Page 430
G.3.1.6 EIGRP (Discovery)......Page 431
G.4 Denial of Service Assessment......Page 432
G.5.4 Change router banner......Page 433
G.5.10 Disable IP directed broadcast......Page 434
G.5.16 Authentication proxy and AAA......Page 435
H.1.4.1 Packet Filter Firewall......Page 436
H.1.4.4 Application Gateways......Page 437
H.1.5 Against what can a firewall not protect?......Page 438
H.2 Purpose......Page 439
H.8 Methodology / Process......Page 440
H.9.1 Expect Admin Prohibited Packets with Source of Firewall......Page 443
H.9.2 Traceroute and Identify Possible Network Range......Page 444
H.9.3 Perform Port Scan on Default Firewall Ports and Grab Banners......Page 446
H.9.4 Perform Port Scan on Default Firewall Ports and Grab Banners – Port Scanning......Page 447
H.9.5 Perform Port Scan On Default Firewall Ports and Grab Banners – Banner Grabbing......Page 449
H.9.6 Custom Packets......Page 451
H.9.7 Access Control List Enumeration......Page 453
H.9.8  Identify Firewall Architecture......Page 456
H.11.1 Firewalking......Page 458
H.11.2 Hpinging......Page 459
H.12 Port Redirection......Page 461
H.13.2 Filters......Page 463
H.14 Countermeasures......Page 464
H.16.1 Access Control List (ACL) Issues and Source Port Scanning......Page 465
H.16.2.2 CheckPoint 4.0 inter-module authentication weakness......Page 466
H.17 Global Countermeasures......Page 467
H.18.1.2 Nokia......Page 469
H.18.1.5 Watchguard SOHO......Page 470
H.18.1.6 Lucent Access Point 300......Page 472
H.18.1.8 Zywall......Page 473
H.18.1.11 BroadCom Firewall......Page 474
H.18.1.13 Microsoft ISA Firewall......Page 475
H.18.1.16 Novell Border Manager......Page 476
H.18.1.18 Watchguard Firebox......Page 478
H.18.1.19 Checkpoint Firewall......Page 479
H.18.1.20 Checkpoint Firewall......Page 480
H.19 Further Reading[s]......Page 482
I.1.2 Benefits of an IDS......Page 483
I.1.3.2 Network-based – Intrusion Detection Systems (NIDS)......Page 484
I.1.3.4 Pattern matching......Page 485
I.5 History......Page 486
I.8 Methodology / Process......Page 487
I.10.4 Is there any process to tune Firewall/Router rule-base based on IDS alerts?......Page 490
I.10.9 Is the IDS Management Team knows Operating Mechanism of It?......Page 491
I.13.1 Detection of sensor (Stealth)......Page 492
I.13.8 OS and dependencies......Page 493
I.14.7 Alerts......Page 494
I.14.22 OS and Dependencies......Page 495
I.15.10 Is the filters implemented to Minimize False Positives?......Page 496
I.17 List of Common IDS/IPS Products......Page 497
9.1.65.1 ISS Proventia G200 Rev A /Realsecure sensors......Page 500
9.1.65.3 NAI McAfee Intrushield 4000......Page 501
9.1.65.4 NetScreen-IDP 500......Page 502
9.1.65.5 Tipping Point UnityOne 1200......Page 503
9.1.65.7 Symantec ManHunt......Page 504
9.1.65.8 Cisco IDS......Page 505
J.2.1 Common Uses of VPNs......Page 506
J.2.1.2 Connecting networks over the Internet......Page 507
J.3 Basic VPN Requirements......Page 508
J.10.1 Concepts and Ports used......Page 509
J.11 VPN Fingerprinting......Page 511
J.13 PPTP/Security Flaw......Page 512
J.15 Vulnerabilities and Exploits......Page 513
J.16 Global Countermeasures......Page 515
K.3.2 Technical Requirements......Page 516
K.6 Methodology / Process......Page 517
K.6.1  Anti Virus test file......Page 518
K.6.2  Zip-of-Death test......Page 519
K.6.3 Sending mails with wordings like *Middlesex*......Page 520
K.6.4 Mail bombing test......Page 521
K.6.5 Stopping/Disabling of antivirus services by normal privileges......Page 522
K.6.6 Delete all executables and dll's found in the AV installation directory......Page 523
K.7.1 Check Anti Virus System Standards......Page 524
K.7.2  Check End User Antivirus Guidelines......Page 525
K.7.3.7 Selecting exclusions to the scan......Page 527
K.8.1 Administrator AV Report......Page 528
K.9 Threat Severity Review......Page 529
L.1.1 Managerial......Page 530
L.5.1 Data in transit between components of the SAN......Page 531
L.7 Storage Security Threats......Page 532
L.8.2 Identify vulnerabilities in the Storage Fabric.......Page 534
L.8.3  Find the Vulnerabilities in the Subsystems and the Media.......Page 536
L.9  Global Countermeasures......Page 537
M.1 WLAN Security Assessment Methodology Map......Page 539
§ MODES of WLAN Networks......Page 540
§ ENCRYPTION......Page 541
§ Considerations on building a box for war-driving......Page 543
§ Active Threats......Page 544
§ Audit & Review – Questionnaire......Page 546
§ Exploitation & Attacks......Page 547
M.5 Tools Usage......Page 550
§ GPS......Page 552
M.7 Software Description......Page 553
M.9 Further Readings......Page 558
N.1 IRC Security Issues......Page 560
N.2 Internet Explorer Insecurities......Page 561
N.3 Microsoft Outlook insecurities......Page 562
N.4.1 VNC......Page 563
O.1 User Identification: Security level......Page 566
O.2 User Identification: Keylock switch......Page 567
O.3 User Identification: Key Keylock switch......Page 568
O.4 User Identification: System value QDSCJOBITV......Page 570
O.5 User Identification: Virtual devices......Page 571
O.6 User Identification: System value QLMTSECOFR......Page 572
O.7 User Identification: Limited device sessions system level......Page 573
O.8 User Identification: System parameter QMAXGNACN......Page 574
O.9 User Identification: Public authorities......Page 575
O.10 User Identification: Authority adoption......Page 576
O.11 User Identification:  Machine Room......Page 577
O.12 User Identification:   UPS ( Uninterruptable Power Supply)......Page 578
O.13 User Identification: Workstation / Terminal......Page 579
O.14 User Identification: Back up Tapes......Page 580
O.15 User Identification: Register a New User......Page 581
O.16 User Identification: Register a User Who Leaves......Page 582
O.17 User Identification: Application and Ownership......Page 583
O.18 User Identification:  Day-to-Day Monitoring......Page 584
O.19 User Identification: Critical User Profiles......Page 585
O.20 User Identification: Privileged Profiles......Page 586
O.21 User Identification: IBM-Supplied User Profiles......Page 587
O.22 User Identification: Critical Objects......Page 588
O.23 User Identification: Event Monitoring......Page 589
O.24  User Identification: Access to Critical Objects......Page 590
O.25 User Identification: Security-related System Values......Page 591
P Lotus Notes Security......Page 592
-- Host Security......Page 597
Q.1 Methodology......Page 598
Q.2 Identify Live Hosts......Page 600
Q.4.1 Identify Users......Page 602
Q.4.1.1 rpcinfoUser Identification: Finger......Page 603
Q.4.1.2 User Identification: rwho......Page 606
Q.4.1.3 User Identification: ruser......Page 607
Q.4.1.4 User Identification: SMTP......Page 609
Q.4.1.5 User Identification: rpcinfo......Page 611
Q.5.1 Examine SNMP Service......Page 613
Q.5.1.2 Get MIB values by SNMPwalking and pilfer for information......Page 614
Q.5.2 Examine Trivial File Transfer Protocol (TFTP)......Page 617
Q.5.2.4 Guessing and grabbing the file......Page 618
Q.6.3 Buffer Overflows......Page 620
Q.6.5 Heap based Overflows......Page 621
Q.6.7 Format String Attacks......Page 622
Q.6.10 Examine NFS Share......Page 623
Q.6.11 X-Insecurities......Page 625
Q.6.12 RPC Attacks......Page 626
Q.6.13 Web Attacks......Page 627
Q.6.16 File and Directory Permission Attacks......Page 628
Q.6.17 Symlink Attacks......Page 630
Q.6.18 System Call Attacks......Page 633
Q.6.20 Key Logger Attacks......Page 634
Q.6.21 Physical Security Assessment......Page 635
R.1 Description......Page 636
R.6 Objective......Page 638
R.8.2 Passive Information Gathering......Page 639
R.8.2.1 Whois......Page 640
R.8.2.2 Search Engines......Page 642
R.8.3 Active Information Gathering......Page 644
R.8.3.1 Identify Users......Page 645
R.8.3.2 Identify Shares......Page 647
R.8.3.3 Identify Policies......Page 649
R.8.3.4 MIB Enumeration......Page 651
R.8.3.5 Identify Domains on the Network......Page 653
R.8.3.6 Identify Domain Controllers......Page 654
R.8.3.7 Identify Hosts of Domain......Page 655
R.8.4.1 Identify Live Hosts......Page 656
R.8.6.1 BruteForce Passwords – Remote Attack......Page 657
R.11.1 Browse List......Page 660
R.11.2 Identify Browser Masters......Page 662
R.11.3 Identify Domains on the Network......Page 664
R.11.4 Identify Domain Controllers......Page 665
R.11.5 Identify Browser Masters......Page 666
R.11.6 Identify Hosts of Domain......Page 667
R.14 Further Reading[s]......Page 668
R.15 Examine Common Protocols......Page 669
R.16.8 Mail Service Attacks......Page 670
R.16.9 NetBIOS Attacks......Page 671
R.16.10 SMB Attack......Page 672
R.16.11  MD4 Collision Attacks......Page 673
R.16.12  Scheduling Attacks......Page 674
R.16.13 Registry Attacks......Page 675
R.16.14 Port Redirection Attack......Page 676
R.16.16 Teardrop......Page 677
R.16.17 Teardrop2......Page 679
R.16.18 Land......Page 681
R.16.19 LaTierra......Page 682
R.16.22 GetAdmin......Page 683
R.16.23  Pipeup Admin Attack......Page 685
R.16.24 LPC Attack......Page 686
R.16.25 Key Logger Attacks......Page 687
R.16.26 Password Dumping......Page 688
R.16.27 DLL injection Attack......Page 690
R.16.28 Bypassing the Authentication: Booting from Alternate OS......Page 692
R.16.29  ERD Commander 2003......Page 694
R.16.30 File System Attacks: FAT Attacks......Page 696
R.16.31 File System Attacks: HPFS Attacks......Page 697
R.16.32 File System Attacks: NTFS Attacks......Page 698
R.16.33 File System Attacks: MSFS Attacks......Page 699
R.16.34 Denial of Service Attacks......Page 700
R.16.35 Denial of Service: NTCrash......Page 701
R.16.36 Denial of Service: CpuHog......Page 702
R.16.37 Rollback Attack......Page 703
S Novell Netware Security Assessment......Page 705
T.1.1 Summary......Page 707
T.1.2.4 .idc, .ida and .idq Bugs......Page 709
T.1.2.8 null.htw......Page 710
T.1.3.2 Web Dav......Page 711
T.1.3.5 Front page 2000 Extwnsions......Page 712
T.2 Refrence......Page 713
T.3.1 Steps to Secure:......Page 714
T.5 Global Countermeasures......Page 715
-- Application Security......Page 718
U.1 What is Web Application Security?......Page 719
U.6.1 Identifying Web Server vendor and version......Page 720
U.6.2 Identifying Web Server vendor and version - Banner Grabbing......Page 721
U.6.3 Identifying Web Server vendor and version - using automated tools......Page 723
U.6.4  Identifying Web Server vendor and version – using default files......Page 725
U.6.5 Identifying Web Server vendor and version – By Determining the extension of web pages on the web server......Page 727
U.6.6   Identifying Database Server vendor and version – By error......Page 728
U.6.7  Identifying Application Server......Page 730
U.6.8  Identifying Web Server Directory structure......Page 732
U.6.9  Copy web site (Offline)......Page 733
U.6.10.1 Find username by view source......Page 735
U.6.10.2 Find default Password by view source......Page 737
U.6.10.3 Find email addresses......Page 738
U.6.10.4 Check HTTP-EQUIV for auto redirection......Page 739
U.6.10.5 Find External links......Page 740
U.7.1 Test Common Gateway Interface......Page 741
U.8.1 Test Directory Traversal......Page 742
U.9.1 Test Product -specific Issues......Page 744
U.10.1 Attack on Secure HTTP......Page 745
U.11.1 Brute Force Attack......Page 746
U.12.1 Directories which are not mapped in the pages......Page 748
U.12.2 Browsable Directories’ check......Page 750
U.13.2 Cross Site Scripting......Page 751
U.13.3 Cross-Site Tracing......Page 754
U.14.1 URL Manipulation......Page 756
U.14.2 Hidden Form Fields Manipulation......Page 759
U.14.3 Cookie Manipulation......Page 761
U.15.1 Check vulnerabilities associated with web server version......Page 767
U.15.2 Run Automated Web Vulnerability Scanner......Page 768
U.15.3 Check vulnerabilities associated with modules running on web server......Page 769
U.16.1 Validate data......Page 770
U.16.2 Test Buffer overflow......Page 772
U.16.3 PHP Insertion......Page 773
U.17  Test SQL Injection......Page 777
U.17.1 Methodology......Page 778
U.20 Further Readig......Page 779
V.3 Test Environment......Page 780
V.5 Objective......Page 781
V.7.1.4 Get Control on Host......Page 782
V.9 Bypassing User Authentication......Page 783
V.10.1 Getting Name of the Table (Using having Clause)......Page 785
V.10.2 Getting all Columns of the Table: (Using Group by Clause)......Page 786
V.10.4 Finding Data types: (using aggregate functions)......Page 787
V.10.5 Getting Username & Password from table:......Page 789
V.10.6 Inserting Values in the Table:......Page 790
V.10.8 Deleting Entire Data from the Table: (using Delete or Drop statement)......Page 791
V.10.9 Displaying desired Information from the table in the Browser......Page 792
V.11.1 Getting Server Name......Page 794
V.11.3 Shutting Down the SQL Server:......Page 795
V.11.4 Brute Force to Find Password of SQL Server:......Page 796
V.11.5 Retrieving data from SQL Injections:......Page 797
V.11.6 Xp_regread and Xp_regwrite extended procedure:......Page 798
V.11.8 Adding Extended Stored Procedures......Page 799
V.11.9 To check, are there any rows in the table ‘authentication’?......Page 801
V.13 Run Automated Scanner......Page 802
V.14.2 HTTRACK......Page 803
V.14.3 Web Sleuth......Page 804
V.14.6 Curl......Page 805
V.16 References......Page 806
W.3 Source Code v/s Penetration Testing......Page 808
W.6 Authentication......Page 809
W.7 Session Management......Page 811
W.9 Data and Input Validation......Page 812
W.11 Buffer Overflows......Page 813
W.12 Error Handling (safe mode)......Page 815
W.13 Command Injection......Page 816
W.14 Audit Program......Page 817
W.15 Code Review and code analzers......Page 829
X.1 Methodology......Page 830
Y Application Security Evaluation Checklist......Page 831
-- Database Security......Page 834
Z.1.1.1 SQL Server Enumeration......Page 835
Z.1.1.2 SQL Server Brute Force......Page 837
Z.1.1.4 Authentication Mode......Page 839
Z.1.1.5 Login Audit Levels:......Page 840
Z.1.1.6 Database Initialization Configuration......Page 841
Z.1.1.8 Extended and Stored Procedures......Page 842
Z.1.1.9 Users and Roles......Page 844
Z.1.1.10  Roles:......Page 847
Z.1.1.11 User Privileges and Access Rights......Page 850
Z.2.1.1 TNS Listener Enumeration and Information Leak Attacks......Page 854
Z.2.1.2 TNS Listener Process-Manipulation Vulnerabilities......Page 856
Z.2.1.3 Oracle Brute-Force and Post-Authentication Issues......Page 857
Z.2.1.4 Post-Authentication Assessment......Page 859
Z.3  Database Services Countermeasures......Page 883
10.2 Review of Access Control System......Page 884
10.2.4 CCTV Monitoring......Page 885
10.3.2 Fire Suppression Equipment......Page 886
10.4.2 Water Detection......Page 887
10.4.4 Interference......Page 888
10.5.3 Electromagnetic Interception......Page 889
10.7 Further Readings......Page 890
11 Social Engineering......Page 891
11.1 Methodology......Page 894
11.2 Employee Trainings......Page 896
11.2.1 Handling Sensitive Information......Page 897
11.2.2 Password Storage......Page 898
11.2.3 Shoulder Surfing......Page 901
11.2.4 Revealing Passwords on Phone......Page 902
11.2.5 Physical Access to workstations......Page 904
11.3 Helpdesk......Page 907
11.4 Masquerading as a User......Page 908
11.4.1 Masquerading as Monitoring Staff......Page 910
11.5 Dumpster Diving......Page 912
11.6 Reverse Social Engineering......Page 914
11.8 Further Reading[s]......Page 916
12.1 Capacity Management......Page 917
12.2 Vulnerability Management......Page 918
12.2.1 Patch Management......Page 920
12.2.2 Configuration Management......Page 921
12.2.3 Change Management......Page 924
12.3.1.1 Logging......Page 926
12.3.1.2 Monitoring......Page 927
12.3.1.4 Operations Event Management......Page 928
12.5 Audit & Review......Page 929
12.7.1.2 Why Logs Are Important?......Page 930
12.7.1.3 How to Approach Log Capture and Analysis......Page 931
12.7.3 Events to Audit......Page 932
12.7.4 How logs should be protected from tampering.......Page 934
12.7.5 Log retention periods as per regulations & policies......Page 935
12.8.3 Why id & passwords should not be shared (due to accountability of individuals actions)......Page 936
12.10.2 How activity of these accounts must be reviewed?......Page 937
12.11.3 Escalation of audit findings......Page 938
12.11.4 Follow-up on audits......Page 939
13.1 Introduction......Page 947
13.1.2 Purpose......Page 948
13.1.4 Risks......Page 949
13.1.7 Pre-requisites......Page 950
13.1.8 Summary......Page 951
13.1.9.3 Phase 3 - Reinforcing Change Management......Page 952
13.1.10 Change Management Phase Diagram......Page 953
13.1.11.3 Goals......Page 954
13.1.11.4 Process Maturity......Page 955
13.1.11.5 Team Learning Maturity......Page 956
13.1.11.6 Managing Resistance......Page 957
13.2.1.1 Introduction......Page 958
13.2.1.3 Identify and Involve the Sponsor:......Page 959
13.2.1.5 Do's and Don'ts......Page 960
13.2.1.7 Define Roles & Responsibilities......Page 961
13.2.2.1 Introduction......Page 963
13.2.3.1 Introduction......Page 964
13.2.4 Metrics & Reports......Page 965
13.2.4.2 Process exceptions......Page 968
13.2.4.5 Reporting for Users and Business Management......Page 969
13.2.4.8 Risk Management Measures......Page 970
13.3 CHANGE MANAGEMENT PROCESSES......Page 972
13.3.3 Request For Change – Build Plan......Page 973
13.3.4.2 Tracking......Page 974
13.4 RFC WORKFLOW......Page 975
13.4.1.2 Emergency Enterprise or Standard Change......Page 976
13.4.1.4 1.0 Change Summary Information......Page 977
13.4.1.6 3.0 Alternative Solutions and Recommendation......Page 980
13.4.1.7 Review for Completeness (Section 1, 2, 3)......Page 982
13.4.1.8 4.0 CAB Approval to Build......Page 983
13.4.2.3 5.0 Implementation Strategy......Page 985
13.4.2.4 6.0 Logistical Review......Page 986
13.4.2.7 Completeness Check......Page 988
13.4.2.8 9.0 CAB Approval to Deploy......Page 989
13.4.4.1 Update RFC and Report to CAB......Page 990
13.4.4.5 Publish Metrics and Distribute......Page 991
13.5.1 Recommended Technologies......Page 992
13.5.3 Change Coordinator Checklist......Page 993
13.5.5 CMDB – Configuration Management DataBase......Page 995
13.5.6 Opportunity Evaluation Form......Page 996
13.5.7  Preliminary Analysis Form......Page 999
13.5.8 RFC – Request For Change Form......Page 1004
13.5.9 PIR - Post Implementation Review Form......Page 1012
13.5.10 Master Change Tracking Form......Page 1014
13.6.1.3 Audit Scope......Page 1016
13.6.1.4  PRELIMINARY DELIVERABLES......Page 1017
13.6.1.5 Sample Audit Checklists......Page 1018
13.7.1 Introduction......Page 1029
13.7.3 Tools......Page 1030
13.8 Glossary of Terms......Page 1031
13.9 References......Page 1032
14 Enterprise Security Awareness......Page 1034
14.1 Methodology For Security Awareness Program......Page 1038
14.3 Reminder Programs......Page 1039
15.1 Incident Analysis Evaluation Checklist......Page 1045
15.2.1 United States......Page 1048
15.2.4 Portugal......Page 1051
15.2.10 Others......Page 1052
16 Outsourcing Security Concerns......Page 1055
17 Business Continuity Management......Page 1056
17.1  INTENDED READER......Page 1060
17.3 SCOPE......Page 1061
17.4 BCP TEAM LEADER......Page 1063
17.5   BCP TEAM......Page 1066
17.6 RESPONSIBILITIES......Page 1067
17.7 MAINTENANCE OF PLAN......Page 1070
17.9  BUSINESS IMPACT ASSESSMENT......Page 1071
17.9.3 IDENTIFICATION OF THREATS & VULNERABILITIES......Page 1077
17.9.5 Assessment of Threats and Vulnerabilities......Page 1078
18.4 Assessment Questionnaire......Page 1087
18.5 Assessment Questionnaire - Narrative......Page 1090
18.6  Legal Aspects of Security Assessment Projects......Page 1091
18.6.1 Legal aspects of scanning......Page 1092
18.6.3 Legal aspects of Privacy......Page 1094
Appendix - Knowledge Base......Page 1096
1.1.4.1 General Information......Page 1097
1.1.4.3 Understand information security state......Page 1098
1.2.1 Background Information......Page 1099
1.2.2 Pre-fieldwork meeting with the IT management and/or team......Page 1100
1.2.3 Fieldwork......Page 1102
1.3  Template - Non Disclosure Agreement (NDA)......Page 1124
1.4  Template - Security Assessment Contract......Page 1127
1.5.2 Overview of Infrastructure......Page 1131
1.5.3 Domains which needs to be assessed......Page 1132
1.6.1.1 Scope of work......Page 1133
1.6.1.3 Methodology used......Page 1134
1.6.1.4 Summary of the Assessment Results......Page 1135
Start-End......Page 1138
1.......Page 1139
1.8 Diagram Legends......Page 1140
2.1 DoS Attacks: Instigation and Mitigation......Page 1141
2.2 Virus & Worms......Page 1145
2.3 Cryptography......Page 1160
3.1 Description......Page 1166
3.3.2 Perspective Two......Page 1167
3.4.2 Software......Page 1168
3.5.1.1 Designing the LAB (Virtual Lab / Economic scenario)......Page 1169
3.5.2 Diagram......Page 1171
3.5.3 Attack Scenarios......Page 1172
3.6.1 Lab Physical Security......Page 1173
3.6.1.1 Logical Access Control......Page 1174
3.7 Appendix......Page 1175
4 Handling False Detection Rates......Page 1176
4.1 Select appropriate verification techniques for each type of assessment activity......Page 1179
4.2  Estimate additional time/resources estimation for verifying each type of assessment activity......Page 1189
4.3  Define mandatory checks......Page 1190
4.4  Define sampling checks for Non-critical systems and issues......Page 1192
4.5  Estimate overall cost-benefit for additional checking......Page 1196
5 Windows (Desktop) Security Checklist......Page 1197
6.3 Check for unwanted users and lock default users.......Page 1203
6.7 Create separate partitions for log/tmp folders and smtp queue.......Page 1204
6.11 Check for nonuser and nogroup files......Page 1205
7.1.1 Process for Hardening Solaris......Page 1206
7.1.2 Minimum Hardening recommendations from SANS......Page 1207
7.2 Leading Tools for Hardening Solaris......Page 1209
7.3.1.3 File System......Page 1211
7.3.1.6 Kernal adjustments......Page 1212
7.3.2.1 Telnet......Page 1213
7.3.2.5 inetd Managed Services......Page 1214
7.3.2.8 Sendmail......Page 1215
7.3.7 Network Service Banners......Page 1216
7.4 Example (general) Hardening Script......Page 1217
7.5.1 Installation......Page 1219
7.5.2 Eliminating services......Page 1220
7.5.3 Logging and Tweaking......Page 1221
7.5.4 Connecting to Firewall......Page 1222
7.5.5.2 Lock down rhosts......Page 1223
7.5.5.5 Modify IP module......Page 1224
7.6 Additional steps......Page 1225
8.1.1 Cryptoraphy......Page 1227
8.1.2 Hacking......Page 1228
8.1.3 Security......Page 1231
8.2.1 Web Applications......Page 1234
8.2.2 Wireless......Page 1237
8.2.3  Network......Page 1239
8.2.4 Miscellaneous......Page 1242
8.3 Resources......Page 1244
9.1 Authors......Page 1255
9.2  Key Contributors......Page 1259
10 Feedback Form......Page 1261




نظرات کاربران

تمامی حقوق معنوی و مادی وبسایت متعلق به اینترنشنال لایبرری می باشد
نماد اعتماد الکترونیکی