Seven Deadliest Network Attacks (Syngress Seven Deadliest Attacks)

Cover Page
......Page 1
About the Authors......Page 2
Technical Editor......Page 3
Copyright Page......Page 4
Book Overview and Key Learning Points......Page 5
How This Book Is Organized......Page 6
Endnote......Page 8
Denial of Service......Page 9
How Denial of Service Works......Page 10
Overview of a Denial of Service Attack......Page 11
Launching the Attack......Page 17
Dangers of Denial of Service......Page 20
Defense against Denial of Service......Page 21
General Advice......Page 22
Network Configuration......Page 23
DDoS Appliances......Page 24
IDS/IPS Systems......Page 25
Reacting to DDoS Attacks......Page 26
Over-Provisioning and Adaptive Provisioning......Page 27
Attack......Page 28
Endnotes......Page 29
War Dialing......Page 30
How War Dialing Attacks Work......Page 32
Gathering Numbers for War Dialing......Page 33
Sweeping for Live Modems......Page 34
Modem Reply Types......Page 35
War Dialing Tools......Page 36
The Danger of War Dialing......Page 40
Unauthorized Employee Access......Page 41
The Future of War Dialing......Page 42
Defenses against War Dialing......Page 43
Attack Surface Reduction......Page 44
System Hardening......Page 45
Summary......Page 46
Endnotes......Page 47
Penetration “Testing”......Page 48
How Penetration Testing Software Works......Page 49
Nessus Vulnerability Scanning......Page 51
Metasploit Framework......Page 54
Hydra Password Attacks......Page 57
Future of Penetration Testing Tools......Page 59
Defenses against Penetration Testing Software......Page 60
Password Complexity, Lockouts, and Logging......Page 61
Egress Filtering and Proxies......Page 62
Logical Access Controls......Page 63
Summary......Page 64
Protocol Tunneling......Page 65
How Protocol Tunneling Works......Page 66
Setting Up a Channel with SSH......Page 68
SSH over HTTP......Page 74
Dangers of Protocol Tunneling......Page 75
Defending against Protocol Tunneling......Page 76
Detecting Protocol Tunneling......Page 77
The Future of Protocol Tunneling......Page 78
Summary......Page 79
Spanning Tree Attacks......Page 80
Layers of the Internet......Page 81
Understanding the Spanning Tree Protocol......Page 85
The Problem of Loops......Page 86
Solving the Loop Problem with the Spanning Tree Protocol......Page 88
Capturing BPDU Traffic......Page 91
Taking over the Root Bridge......Page 93
Denial of Service......Page 94
Man in the Middle......Page 95
Forging BPDU Frames......Page 97
Discovering the Network......Page 98
Dangers of Spanning Tree Attacks......Page 101
Root Guard and BPDU Guard......Page 102
The Future of Spanning Tree Attacks......Page 103
Endnote......Page 104
Man-in-the-Middle......Page 105
How Man-in-the-Middle Attacks Work......Page 106
Command Injection......Page 108
Dangers with Man-in-the-Middle Attacks......Page 109
Address Resolution Protocol Cache Poisoning......Page 110
Secure Sockets Layer Man-in-the-Middle......Page 114
Domain Name System Spoofing......Page 116
Future of Man-in-the-Middle Attacks......Page 117
Defense-in-Depth Approach......Page 118
Public Key Infrastructure......Page 119
Port Security......Page 120
Use Encrypted Protocols......Page 121
Low-Level Detection......Page 122
Summary......Page 123
Password Replay......Page 125
How Password Replay Works......Page 126
Simple Password Sniffing......Page 129
Password Replay......Page 131
Address Resolution Protocol Poison Routing......Page 134
Dangers of Password Replay......Page 137
Defending against Password Replay......Page 138
The Future of Password Replay......Page 139
Summary......Page 140
Endnote......Page 141
H......Page 142
P......Page 143
W......Page 144
Z......Page 145