The ultimate hands-on guide to IT security and proactive defense The Network Security Test Lab is a hands-on, step-by-step guide to ultimate IT security implementation. Covering the full complement of malware, viruses, and other attack technologies, this essential guide walks you through the security assessment and penetration testing process, and provides the set-up guidance you need to build your own security-testing lab. You'll look inside the actual attacks to decode their methods, and learn how to run attacks in an isolated sandbox to better understand how attackers target systems, and how to build the defenses that stop them. You'll be introduced to tools like Wireshark, Networkminer, Nmap, Metasploit, and more as you discover techniques for defending against network attacks, social networking bugs, malware, and the most prevalent malicious traffic. You also get access to open source tools, demo software, and a bootable version of Linux to facilitate hands-on learning and help you implement your new skills. Security technology continues to evolve, and yet not a week goes by without news of a new security breach or a new exploit being released. The Network Security Test Lab is the ultimate guide when you are on the front lines of defense, providing the most up-to-date methods of thwarting would-be attackers. Get acquainted with your hardware, gear, and test platform Learn how attackers penetrate existing security systems Detect malicious activity and build effective defenses Investigate and analyze attacks to inform defense strategy The Network Security Test Lab is your complete, essential guide.

Table of Contents:
Introduction xxi Chapter 1 Building a Hardware and Software Test Platform 1 Why Build a Lab? 2 Hardware Requirements 4 Physical Hardware 5 Equipment You Already Have 6 New Equipment Purchases 7 Used Equipment Purchases 7 Online Auctions 8 Thrift Stores 9 Company Sales 10 Virtual Hardware 10 VMware 12 VirtualBox 15 Hacker Hardware 16 Software Requirements 18 Operating Systems 19 Microsoft Windows 19 Linux 20 Navigating in Linux 23 Linux Basics 25 Mac Os X 28 Software and Applications 28 Learning Applications 29 Hacking Software 31 Summary 32 Key Terms 33 Exercises 34 Equipment Checklist 34 Installing VMware Workstation 35 Exploring Linux Operating System Options 35 Using VMware to Build a Windows Image 35 Using VMware Converter to Create a Virtual Machine 36 Exploring Other Operating System Options 37 Running Kali from VMware 37 Installing Tools on Your Windows Virtual Machine 38 Chapter 2 Passive Information Gathering 39 Starting at the Source 40 Scrutinizing Key Employees 43 Dumpster Diving (Electronic) 45 Analyzing Web Page Coding 48 Exploiting Website Authentication Methods 51 Mining Job Ads and Analyzing Financial Data 53 Using Google to Mine Sensitive Information 56 Exploring Domain Ownership 57 Whois 59 Regional Internet Registries 61 Domain Name System 63 Identifying Web Server Software 66 Web Server Location 69 Summary 70 Key Terms 70 Exercises 72 IP Address and Domain Identification 72 Information Gathering 72 Google Hacking 74 Banner Grabbing 74 Telnet 75 Netcat 75 VisualRoute 76 Chapter 3 Analyzing Network Traffic 77 Why Packet Analysis Is Important 77 How to Capture Network Traffic 78 Promiscuous Mode 78 Hubs and Switches 79 Hubbing Out and Using Taps 79 Switches 79 Capturing Network Traffic 82 Managed and Unmanaged Switches 83 ARP Cache Poisoning 85 Flooding 91 DHCP Redirection 92 Redirection and Interception with ICMP 94 Preventing Packet Capture 94 Dynamic Address Inspection 95 DHCP Snooping 95 Preventing VLAN Hopping 96 Detecting Packet Capture 97 Wireshark 99 Wireshark Basics 99 Filtering and Decoding Traffic 102 Basic Data Capture—A Layer-by-Layer Review 108 Physical—Data-Link Layer 108 Network-Internet Layer 110 Transport—Host-Host Layer 111 Application Layer 115 Other Network Analysis Tools 115 Summary 118 Key Terms 118 Exercises 119 Fun with Packets 119 Packet Analysis with tcpdump 120 Packet Filters 121 Making a One-Way Data Cable 122 Chapter 4 Detecting Live Systems and Analyzing Results 125 TCP/IP Basics 125 The Network Access Layer 127 The Internet Layer 128 The Host-to-Host Layer 132 Transmission Control Protocol 132 User Datagram Protocol 134 The Application Layer 134 Detecting Live Systems with ICMP 138 ICMP—Ping 138 Traceroute 142 Port Scanning 147 TCP and UDP Port Scanning 147 Advanced Port-Scanning Techniques 151 Idle Scan 151 Analyzing Port Scans 155 Port-Scanning Tools 156 Nmap 157 SuperScan 160 Other Scanning Tools 161 OS Fingerprinting 161 Passive Fingerprinting 162 Active Fingerprinting 164 How Nmap OS Fingerprinting Works 165 Scanning Countermeasures 167 Summary 171 Key Terms 171 Exercises 172 Understanding Wireshark 172 Interpreting TCP Flags 174 Performing an ICMP Packet Decode 175 Port Scanning with Nmap 176 Traceroute 177 An Analysis of a Port Scan 178 OS Fingerprinting 179 Chapter 5 Enumerating Systems 181 Enumeration 181 Router and Firewall Enumeration 182 Router Enumeration 182 Firewall Enumeration 187 Router and Firewall Enumeration Countermeasures 191 Windows Enumeration 191 Server Message Block and Interprocess Communication 194 Enumeration and the IPC$ Share 195 Windows Enumeration Countermeasures 195 Linux/Unix Enumeration 196 Enumeration of Application Layer Protocols 197 Simple Network Management Protocol 197 SNMP Enumeration Countermeasures 200 Enumeration of Other Applications 200 Advanced Enumeration 202 SCADA Systems 202 User Agent Strings 210 Mapping the Attack Surface 213 Password Speculation and Cracking 213 Sniffing Password Hashes 216 Exploiting a Vulnerability 218 Protecting Passwords 221 Summary 221 Key Terms 222 Exercises 223 SNMP Enumeration 223 Enumerating Routing Protocols 225 Enumeration with DumpSec 227 Identifying User Agent Strings 227 Browser Enumeration 229 Chapter 6 Automating Encryption and Tunneling Techniques 231 Encryption 232 Secret Key Encryption 233 Data Encryption Standard 235 Triple DES 236 Advanced Encryption Standard 237 One‐Way Functions (Hashes) 237 md Series 238 Sha 238 Public Key Encryption 238 Rsa 239 Diffie‐Hellman 239 El Gamal 240 Elliptic Curve Cryptography 240 Hybrid Cryptosystems 241 Public Key Authentication 241 Public Key Infrastructure 242 Certificate Authority 242 Registration Authority 242 Certificate Revocation List 243 Digital Certificates 243 Certificate Distribution System 244 Encryption Role in Authentication 244 Password Authentication 245 Password Hashing 246 Challenge‐Response 249 Session Authentication 250 Session Cookies 250 Basic Authentication 251 Certificate‐Based Authentication 251 Tunneling Techniques to Obscure Traffic 252 Internet Layer Tunneling 252 Transport Layer Tunneling 254 Application Layer Tunneling 256 Attacking Encryption and Authentication 259 Extracting Passwords 259 Password Cracking 260 Dictionary Attack 261 Brute‐Force Attack 261 Rainbow Table 263 Other Cryptographic Attacks 263 Summary 264 Key Terms 264 Exercises 266 CrypTool 266 Extract an E‐mail Username and Password 268 RainbowCrack 268 John the Ripper 270 Chapter 7 Automated Attack and Penetration Tools 273 Why Attack and Penetration Tools Are Important 274 Vulnerability Assessment Tools 274 Source Code Assessment Tools 275 Application Assessment Tools 276 System Assessment Tools 276 Attributes of a Good System Assessment Tool 278 Nessus 279 Automated Exploit Tools 286 Metasploit 286 Armitage 287 Metasploit Console 288 Metasploit Command‐Line Interface 289 Updating Metasploit 290 BeEF 290 Core Impact 291 Canvas 292 Determining Which Tools to Use 292 Picking the Right Platform 292 Summary 293 Key Terms 294 Exercises 294 Exploring N‐Stalker, a Vulnerability Assessment Tool 294 Exploring Searchsploit on Kali Linux 295 Metasploit Kali 296 Chapter 8 Securing Wireless Systems 299 Wi-Fi Basics 300 Wireless Clients and NICs 301 Wireless Access Points 302 Wireless Communication Standards 302 Bluetooth Basics 304 Wi-Fi Security 305 Wired Equivalent Privacy 305 Wi-Fi Protected Access 307 802.1x Authentication 309 Wireless LAN Threats 310 Wardriving 310 NetStumbler 312 Kismet 314 Eavesdropping 314 Rogue and Unauthorized Access Points 318 Denial of Service 319 Exploiting Wireless Networks 320 Finding and Assessing the Network 320 Setting Up Airodump 321 Configuring Aireplay 321 Deauthentication and ARP Injection 322 Capturing IVs and Cracking the WEP KEY 322 Other Wireless Attack Tools 323 Exploiting Bluetooth 324 Securing Wireless Networks 324 Defense in Depth 325 Misuse Detection 326 Summary 326 Key Terms 327 Exercises 328 Using NetStumbler 328 Using Wireshark to Capture Wireless Traffic 329 Chapter 9 An Introduction to Malware 331 History of Malware 331 Types of Malware 334 Viruses 334 Worms 337 Logic Bombs 338 Backdoors and Trojans 338 Packers, Crypters, and Wrappers 340 Rootkits 343 Crimeware Kits 345 Botnets 347 Advanced Persistent Threats 350 Spyware and Adware 350 Common Attack Vectors 351 Social Engineering 351 Faking It! 352 Pretending through Email 352 Defenses against Malware 353 Antivirus 353 File Integrity Verification 355 User Education 355 Summary 356 Key Terms 356 Exercises 357 Virus Signatures 357 Building Trojans 358 Rootkits 358 Finding Malware 362 Chapter 10 Detecting Intrusions and Analyzing Malware 365 An Overview of Intrusion Detection 365 IDS Types and Components 367 IDS Engines 368 An Overview of Snort 370 Platform Compatibility 371 Limiting Access to the IDS 371 Verification of Configuration 372 Building Snort Rules 373 The Rule Header 374 Logging with Snort 375 Rule Options 376 Advanced Snort: Detecting Buffer Overflows 377 Responding to Attacks and Intrusions 379 Analyzing Malware 381 Tracking Malware to Its Source 382 Identifying Domains and Malicious Sites 382 Building a Testbed 386 Virtual and Physical Targets 386 Operating Systems 387 Network Isolation 387 Testbed Tools 388 Malware Analysis Techniques 390 Static Analysis 390 Dynamic Analysis 394 Summary 397 Key Terms 397 Exercises 398 Building a Snort Windows System 398 Analyzing Malware Communication 400 Analyzing Malware with VirusTotal 401 Chapter 11 Forensic Detection 403 Computer Forensics 404 Acquisition 405 Drive Removal and Hashing 407 Drive-Wiping 409 Logical and Physical Copies 410 Logical Copies 411 Physical Copies 411 Imaging the Drive 412 Authentication 413 Trace-Evidence Analysis 416 Browser Cache 418 Email Evidence 419 Deleted or Overwritten Files and Evidence 421 Other Trace Evidence 422 Hiding Techniques 422 Common File-Hiding Techniques 423 Advanced File-Hiding Techniques 425 Steganography 426 Detecting Steganographic Tools 429 Antiforensics 430 Summary 431 Key Terms 431 Exercises 432 Detecting Hidden Files 432 Basic File-Hiding 432 Advanced File-Hiding 433 Reading Email Headers 433 Use S-Tools to Embed and Encrypt a Message 435 Index 439