Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Applied Network Security
  • Toc
  • feedback
Applied Network Security

Applied Network Security

By : Warun Levesque, Salmon, Michael McLafferty
close
Applied Network Security

Applied Network Security

By: Warun Levesque, Salmon, Michael McLafferty

Overview of this book

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network. The book begins by showing you how to identify malicious network behaviour and improve your wireless security. We will teach you what network sniffing is, the various tools associated with it, and how to scan for vulnerable wireless networks. Then we’ll show you how attackers hide the payloads and bypass the victim’s antivirus. Furthermore, we’ll teach you how to spoof IP / MAC address and perform an SQL injection attack and prevent it on your website. We will create an evil twin and demonstrate how to intercept network traffic. Later, you will get familiar with Shodan and Intrusion Detection and will explore the features and tools associated with it. Toward the end, we cover tools such as Yardstick, Ubertooth, Wifi Pineapple, and Alfa used for wireless penetration testing and auditing. This book will show the tools and platform to ethically hack your own network whether it is for your business or for your personal home Wi-Fi.
Table of Contents (18 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Introduction to Network Security
chevron up
Introduction to Network Security
Murphy's law
Hackers (and their types) defined
The hacking process
Ethical hacking issues
Current technologies
Recent events and statistics of network attacks
Security for individuals versus companies
Mitigation against threats
Building an assessment
Summary
References
2
Sniffing the Network
Sniffing the Network
What is network sniffing?
Lab 1-a scan to search for DDoS reflection UDP services
Using Wireshark filters
Wireshark filter cheat sheet
Lab 2
Sparta
Lab 3-scanning
Scanning a subnet
Evading firewalls
Gathering version info
Starting the listener
Summary
3
How to Crack Wi-Fi Passwords
How to Crack Wi-Fi Passwords
Why should we crack our own Wi-Fi?
What is packet injection?
Wi-Fi cracking tools
The Transmission Control Protocol (TCP) handshake
The short version (a cheat-sheet for the aircrack-ng suite)
Summary
4
Creating a RAT Using Msfvenom
Creating a RAT Using Msfvenom
Remote Access Trojans
Ways to disguise your RAT though Metasploit
Your defence
Summary
References
5
Veil Framework
Veil Framework
Veil-Evasion
Veil-Pillage
How do hackers hide their attack?
Intrusion with a PDF
Veil-PowerTools
What is antivirus protection?
Summary
References
6
Social Engineering Toolkit and Browser Exploitation
Social Engineering Toolkit and Browser Exploitation
Social engineering
What are web injections?
Cross site scripting (XSS) attacks
Browser exploitation with BeEF
Summary
7
Advanced Network Attacks
Advanced Network Attacks
What is an MITM attack?
Summary
8
Passing and Cracking the Hash
Passing and Cracking the Hash
What is a hash?
Cryptographic hash functions
How are hashes cracked?
How do pass the hash attacks impact businesses?
What defences are there against hash password attacks?
Summary
References
Links to download tools
9
SQL Injection
SQL Injection
What is SQL and how does it work?
SQL injection
Ways to defend against SQL injection attacks
Bypassing authentication
Finding vulnerabilities from a targeted sites
Hunting for web app vulnerabilities with Open Web Application Security Project (OWASP) ZAP
Summary
10
Scapy
Scapy
Scapy
Creating our first packet
The TCP three way handshake
Malformed packets
ACK scan
TCP port scanning
Summary
11
Web Application Exploits
Web Application Exploits
Web application exploits
What tools are used for web application penetration testing?
What is Autopwn?
What is BeEF and how to use it?
Summary
12
Evil Twins and Spoofing
Evil Twins and Spoofing
What is an evil twin?
What is address spoofing?
What is DNS spoofing?
How to detect an evil twin?
Summary
13
Injectable Devices
Injectable Devices
A deeper look into USB
How does the Rubber Ducky work?
Disabling ports
A KeyGrabber?
What the glitch?
Summary
14
The Internet of Things
The Internet of Things
What is the Internet of Things?
IOT and botnets
Summary
Sources
15
Detection Systems
Detection Systems
IDS
IPS
Host based
Network-based
Physical
Summary of differences
Security Information and Event Management (SIEM)
Splunk
Alert status
IDS versus IPS
Snort as an IPS
Lab 1-installing Snort and creating ICMP rules lab
Lab 2-create the following snort.conf and icmp.rules files
Lab 3-execute Snort
Lab 4-execute Snort as Daemon
Summary
16
Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra
Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra
The history of Wi-Fi - the WLAN standard
Wireless vulnerability
The Wi-Fi Pineapple
For penetration testing
Summary
17
Offensive Security and Threat Hunting
Offensive Security and Threat Hunting
What is offensive security?
SET browser exploit lab
Threat hunting platforms
Using the Pineapple for offensive security
Summary

Recent events and statistics of network attacks

The news has been full of cyber-attacks in recent years. The number and scale of attacks are increasing at an alarming rate. It is important for anyone in network security to study these attacks. Staying current with this kind of information will help in defending your network from similar attacks.

Since 2015, the medical and insurance industries have been heavily targeted for cyber-attacks. On May 5th, 2015, Premera Blue Cross was attacked. This attack is said to have compromised at least 11 million customer accounts containing personal data. The attack exposed customer names, birth dates, social security numbers, phone numbers, bank account information, mailing, and e-mail addresses. Another attack that was on a larger scale was the attack on Anthem. It is estimated that 80 million personal data records were stolen from customers, employees, and even the Chief Executive Officer of Anthem. Another more infamous cyber-attack recently was the Sony hack. This hack was a little different from the Anthem and Blue Cross attacks, because it was carried out by hacktivists instead of cyber criminals.

Even though both types of hacking are criminal, the fundamental reasoning and objectives underlying the attacks are quite different. The objective in the Sony attack was to disrupt and embarrass the executives at Sony as well as prevent a film from being released. No financial data was targeted. Instead the hackers went after personal e-mails of top executives. The hackers then released the e-mails to the public, causing humiliation to Sony and its executives. Many apologies were issued by Sony in the following weeks of the attack.

Large commercial retailers have also been a favorite target for hackers. An attack occurred against Home Depot in September of 2014. That attack was on a large scale. It is estimated that over 56 million credit cards were compromised during the Home Depot attack. A similar attack but on a smaller scale was carried out against Staples in October 2014. During this attack, over 1.4 million credit card numbers were stolen. The statistics on cyber security attacks are eye-opening.

It is estimated by some experts that cybercrime has a worldwide cost of 110 billion dollars a year. In a given year, over 15 million Americans will have their identity stolen through cyber-attacks, it is also estimated that 1.5 million people fall victim to cybercrime every day. These statistics are rapidly increasing and will continue to do so until more people take an active interest in network security.

Our defense

The baseline for preventing potential security issues typically begins with hardening the security infrastructure, including firewalls, DMZ, and physical security platforms, and entrusting only valid sources or individuals with personal data and or access to that data. That also includes being compliant with all regulations that apply to a given situation or business, and being aware of the types of breach as well as your potential vulnerabilities. Also understanding whether an individual or an organization is a higher risk target for attacks is beneficial. The question has to be asked, does one's organization promote security? This is done both at the personal and the business level to deter cyber-attacks.

After a decade of responding to incidents and helping customers recover from and increase their resilience against breaches, organizations may already have a security training and awareness (STA) program, or other training and programs. As the security and threat landscape evolves, organizations and individuals need to continually evaluate practices that are required and appropriate for the data they collect, transmit, retain, and destroy. Encryption of data at rest/in storage and in transit is a fundamental security requirement and the respective failure is frequently being cited as the cause for regulatory action and lawsuits.

Enforce effective password management policies. Least privilege user access (LUA) is a core security strategy component, and all accounts should run with as few privileges and access levels as possible. Conduct regular security design and code reviews including penetration tests and vulnerability scans to identify and mitigate vulnerabilities. Require e-mail authentication on all inbound and outbound mail servers to help detect malicious e-mails including spear phishing and spoofed e-mails. Continuously monitor in real time the security of your organization's infrastructure including collecting and analyzing all network traffic, and analyzing centralized logs (including firewall, IDS/IPS, VPN, and AV) using log management tools and reviewing network statistics. Identify anomalous activity, then investigate and revise your view of anomalous activity accordingly. User training is the biggest challenge, but it is arguably the most important defense.

End of Section 7
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete