Read Penetration Testing and Network Defense Andrew Whitaker Daniel P Newman 9781587052088 Books

Download As PDF : Penetration Testing and Network Defense Andrew Whitaker Daniel P Newman 9781587052088 Books

The practical guide to simulating, detecting, and responding to network attacks 

• Create step-by-step testing plans
• Learn to perform social engineering and host reconnaissance
• Evaluate session hijacking methods
• Exploit web server vulnerabilities
• Detect attempts to breach database security
• Use password crackers to obtain access information
• Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
• Scan and penetrate wireless networks
• Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
• Test UNIX, Microsoft, and Novell servers for vulnerabilities
• Learn the root cause of buffer overflows and how to prevent them
• Perform and prevent Denial of Service attacks

Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.

 

Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.

 

Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.

 

Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.

 

“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”

–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®

Read Penetration Testing and Network Defense Andrew Whitaker Daniel P Newman 9781587052088 Books

"I found the book a bit dated. The book seemed more about Network Defense than Pen testing. For someone interested in Pen testing, there are much better books available"

Product details Paperback 624 pages Publisher Cisco Press; 1 edition (November 10, 2005) Language English ISBN-10 1587052083

Tags : Penetration Testing and Network Defense [Andrew Whitaker, Daniel P. Newman] on . <P style= MARGIN 0in 0in 0pt soNormal>The practical guide to simulating, detecting, and responding to network attacks </P> <UL> <LI>Create step-by-step testing plans <LI>Learn to perform social engineering and host reconnaissance <LI>Evaluate session hijacking methods <LI>Exploit web server vulnerabilities <LI>Detect attempts to breach database security <LI>Use password crackers to obtain access information <LI>Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches <LI>Scan and penetrate wireless networks <LI>Understand the inner workings of Trojan Horses,Andrew Whitaker, Daniel P. Newman,Penetration Testing and Network Defense,Cisco Press,1587052083,Security - General,Software Development Engineering - General,Software Development Engineering - Systems Analysis Design,Computer networks - Security measures,Computer security - Evaluation,Penetration testing (Computer security),COMPUTER,COMPUTER DATA SECURITY,COMPUTER PROGRAMS TESTING,COMPUTERS / Networking / Vendor Specific,COMPUTERS / Security / General,COMPUTERS / Security / Online Safety Privacy,COMPUTERS / Software Development Engineering / Systems Analysis Design,Computer - Internet,Computer Applications,Computer Books General,Computer/General,Computers,Data security data encryption,How-to/Do-it-yourself,Non-Fiction,OPEN SOURCE SOFTWARE,Professional,Security - Online Safety Privacy,Software engineering,Systems analysis design,United States,COMPUTERS / Networking / Vendor Specific,COMPUTERS / Security / General,COMPUTERS / Security / Online Safety Privacy,COMPUTERS / Software Development Engineering / Systems Analysis Design,Security - Online Safety Privacy,Computer - Internet,Computer Data Security,Computers,Computer Books General,Data security data encryption,Software engineering,Systems analysis design

Penetration Testing and Network Defense Andrew Whitaker Daniel P Newman 9781587052088 Books Reviews :

Penetration Testing and Network Defense Andrew Whitaker Daniel P Newman 9781587052088 Books Reviews

• This is my first ethical hacker book, it is very exciting!!. Covers almost every aspect of penetration testing in good length. Explains many types of scans a penetration tester can and can't perform, gives specific reason why you should choose to perform those different types of scan, which ones you should use to keep from being detected.
  It gives an easy to understand explanation of types of attacks, how to performed, tools needed, and how to protect/detect from such attacks. It also discusses the difficulty of detecting certain of attacks.
  It also has an entire chapter regarding the legal considerations and implication of penetration testing. And the great thing about this book is that even though it is cisco book, it covers many divices and operatings system.
• Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
  
  ISBN 1587052083, Paperback 624 pages, Publisher Cisco Press (October 31, 2005)
  
  Cisco is the leading of networking technology of the 20 and 21 century, and understand that security is no one time mission but require network design, testing etc. to build a secure environment. As part of Cisco Press release on security topics, I found a nice book
  
  Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
  
  That's introduce an interesting method to guide how to build a secure environment and protect
  
  Networks by using Cisco and third party tools (Most of them from the open source filed).
  
  Authors background
  
  Andrew Whitaker, CCSP(tm), is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco® courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies.
  
  Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.
  
  Readers Pre-Requirements
  
  Although I couldn't found pre-requirements for the book readers, I can recommended using this book to readers that answer to the following pre-requirements
  
  1. Have basic knowledgebase in Linux/Unix administrations.
  
  2. Have good knowledgebase in TCP/IP Networking design and implementations
  
  (Recommended to have at least CCNA and CCDA Certifications)
  
  3. Have at least two years of experience in SMB-Enterprise infrastructure administrations.
  
  Book Structure
  
  The book build as 16 self study chapters that's cover most of the information that's ethical hacker (or beginner penetration tester) needs.
  
  The book begin with a nice introduction on the reasons that companies should use penetration testing and divided this reasons to major stages that's parallel to known security models (Like C.I.A. Confidentiality, Integrity, Availability).
  
  The next chapters review the requirements to penetration testing and legal issues with penetration testing.
  
  Chapter 2 - Legal and Ethics Considerations - Should cover more information from my point of view and add a warning message to people that work as penetration testers that need legal support from the law team from the test company and the target test company should be used.
  
  Most of the companies and the management (Usually in states outside the United States) don't understand the consequence of this tests and don't know what to do with the test results.
  
  Also, due the privacy invasion and the current laws against privacy invasion - this topic is very important to understand and to know how to handle.
  
  Add this information to this book can help to complete the missing information in Chapter 2.
  
  The next chapters cover most of the public known attack technique and give a real life scansions and solutions for attacks.
  
  My conclusion is The book is recommended to each IT staff and beginner penetration tester.
  
  Best Regards,
  
  Yuval Sinay
• I found the book a bit dated. The book seemed more about Network Defense than Pen testing. For someone interested in Pen testing, there are much better books available
• This book is an excellent resource for anyone considering investing in an ethical hack or penetration test. It would also be a good read for anyone on a security team in an organization that is getting ready to undergo penetration testing. It is clearly laid out and well edited.
  
  I don't believe that you can learn to become a penetration tester from the book, most of the tools are a bit older, I think the technical development must end in 2004 and the authors skip some steps from time to time especially in the NOTE sections.
  
  My least favorite chapter was 2, Legal and Ethical Considerations, in my view, one to three pages per regulation is not just superficial, but potentially dangerous. The social engineering chapter is better than most similar attempts. I enjoyed Chapter 7, Web Server Attacks and intend to read that one again. I was really enjoying Chapter 11 Wireless, until I hit page 361, this is an example of what I mean by skipping a step or two! It is all do this, do that, with nary a clue on how. One of the ultimate tests for a security book is how well the book can explain buffer overflows. Many times, it is fairly clear the authors themselves don't know what a buffer overflow is and they mumble something about Smashing the Stack and I close the book on the spot. I have little doubt that Whitaker and Newman know what a buffer overflow is, but I doubt any reader of the book will learn it from the book. Please do not get me wrong, this is a good book, a very good book, but that is a hard concept to really teach. I am sure this will go to second edition and I hope that can be an area of focus.
  
  I like the list of tools in the back of the book. In my view the section on choosing a penetration testing vendor is worth the price of the book. I really wish I had read something like that years ago, I could have saved money and heartache.