:: Hacknotes - Network Security Portable Reference ::
ลองดูเนื้อหาภายในเล่มกันก่อนนะครับ
■ 1 Security Principles and Components
...Asset and Risk Based INFOSEC Lifecycle Model
.........ARBIL Outer Wheel
.........ARBIL Inner Wheel
...Confidentiality, Integrity, and Availability the CIA Model
.........Confidentiality
.........Integrity
.........Availability
...A Glimpse at the Hacking Process
.........Attack Trees
.........Information Security Threats List
...INFOSEC Target Model
.........Vulnerability List
...Network Security Safeguards and Best Practices
.........Network Security Best Practices
■ 2 INFOSEC Risk Assessment and Management
...Risk Management Using the SMIRA Process
...What Is Risk Management?
...What Is Risk Assessment?
.........Risk Assessment Components
...Risk Assessment Terminology and ComponentDefinitions
.........Asset
.........Threat
.........Threat Agent/Actor and Threat Act
.........Threat Indicators
.........Vulnerability
.........Threat Consequences
.........Impact
.........Risk
.........Safeguards and Controls
...Conducting a Risk Assessment
■ 3 Hacking Concepts
...Hacking Model
.........Reconnaissance
.........Compromise
.........Leverage
...Targeting List
...Attack Trees
.........Infrastructure
.........Application
■ 4 Reconnaissance
...Collect and Assess
.........Identification of the Enterprise
.........Identification of Registered Domains
.........Identification of Addresses
...Scan
.........DNS Discovery
.........ICMP Scan
.........TCP Scan
.........UDP Scan
...Enumerate
.........Services Enumeration
.........Advanced Stack Enumeration
.........Source Port Scanning
...Application Enumeration
.........Service Enumeration
.........Banner Nudges
.........Client Connections
■ 5 Attack, Compromise, and Escalate
...UNIX Exploits
.........Remote UNIX Attacks
.........Remote Attacks on Insecure Services
.........Local UNIX Attacks
...Windows Exploits
...Windows 9x/ME
.........Remote Attacks—Windows 9x/ME
.........Local Attacks—Windows 9x/ME
...Windows NT/2000
.........Remote Attacks—Windows NT/2000
.........Local Attacks—Windows
.........Native Application Attacks—Windows NT/2000
■ 6 Wireless Network Security
...Wireless Networks
.........Overview of 802.11 Wireless Standards
...Attacking the Wireless Arena
...The Future of 802.11 Security
■ 7 Web Application Security
...A Dangerous Web
.........Beyond Firewalls
...Overall Web Security
.........Securing the Servers and Their Environments
.........Securing Web Applications
...Categories of Web Application Security
.........Authentication
.........Authorization
.........Session Management
.........Input Parameters
.........Encryption
.........Miscellaneous
...General Web Application Assessment/Hacking
.........Methodology
■ 8 Common Intruder Tactics
...Social Engineering
.........They Seem Legitimate!
.........Final Thoughts on Social Engineering
...Network Sniffing—What Are Sniffers?
.........Why Will a Hacker Use Them?
.........Commonly Used Sniffers
.........How Do You Detect Sniffers?
...Exploiting Software Design and Implementation Flaws
.........Buffers—What Are They?
.........Developing the Exploit Code
.........Final Thoughts on Design and Implementation Flaws
...War Dialing and PBX Hacking
.........Overview of Security Implications
.........Types of Dial-Up Systems to Protect
.........Top Three War Dialing Tools
■ 9 Incident Response
...Signs of Being Hacked
.........Trojan Horse Programs
.........Rootkits
...Identifying a Compromise
.........Network
.........User Accounts and User Groups
.........File Systems/Volumes and Processes
.........Logging
...Incident Recovery Checklist
.........Stage One: Identify and Disable
.........Stage Two: Notify and Plan
.........Stage Three: Implement Countermeasures and Heighten Awareness
.........Stage Four: Recover and Rebuild
.........Stage Five: Wrap Up and Analyze
■ 10 Security Assessment/Hardening Checklists
...System Assessment and Hardening Concepts
...System and Host Hardening Methodology
...Checklists
.........Microsoft Windows
.........UNIX
.........Web Server
.........FTP Service
.........Mail
.........Router
.........Wired Network
.........Wireless Network
.........Physical Security
■ Appendix: Web Resources
...Various Security News and Informational Sites
...Exploits and Hacking Information
...Various Word Lists for Brute-Forcing
...Default Password Lists
...Lookup Port Numbers
...Information about Trojan Horses
...Education/Certification/Organizations
...Publications
...Security Mailing Lists
...Conferences
...Government Affiliated
...Miscellaneous Interesting Items
**Hidden Content: To see this hidden content your post count must be 20 or greater.**
