Don’t wait for an attacker to find and exploit your security vulnerabilities—take the lead by assessing the state of your network’s security. This book delivers advanced network testing strategies, including vulnerability scanning and penetration testing, from members of the Microsoft security teams. These real-world practitioners provide hands-on guidance on how to perform security assessments, uncover security vulnerabilities, and apply appropriate countermeasures. The companion CD features time-saving tools and scripts that you can use to reveal and help correct security vulnerabilities in your own network.
Sharpen and advance your security assessment skills, including how to:
- Detect vulnerabilities and perform penetration tests
- Conduct and properly report an IT security audit
- Find hidden hosts by using DNS, WINS, and NetBIOS
- Sweep your network to analyze network topology, existing hosts, and multi-homed systems
- Determine the status of ICP and UDP ports by using port scanning
Recognize and help counter common network threats, including:
- War dialing, war driving, and Bluetooth attacks
- Packet and network sniffing
- IP, e-mail, and DNS spoofing
- Password cracking
- Communication interceptions and modifications
- IDS and IPS attacker detection avoidance
- Spam and other e-mail abuses
CD features:
- Tools for testing e-mail, databases, and Web servers
- Scripts for finding common information leaks and other potential security issues
- Complete eBook in PDF format
A Note Regarding the CD or DVD
The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.
p>Ben Smith is a senior security strategist at Microsoft, where he works on developing the company's long-term security strategy. Prior to joining the Microsoft Security Strategies team, he was the lead subject matter expert on security for Microsoft Training & Certification. In addition to being a featured speaker at IT industry conferences, Ben recently consulted with the U.S. National Science Foundation on creating methods for preparing a cyber security workforce. Ben is also the chair of the vendor-neutral security certification, CompTIA Security+. He is a Microsoft Certified Systems Engineer (MCSE), Microsoft Certified Trainer (MCT), Certified Information Systems Security Professional (CISSP), and a Cisco Certified Network Associate (CCNA). Ben lives near Redmond, Washington, with his wife Beth Boatright.
Kevin Lam is a Microsoft security technologist, part of the team responsible for assessing the security status of Microsoft products, network infrastructure, and services. He’s also worked as technical lead on penetration testing teams for several leading security companies.
David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft®. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.
Kevin Lam is a Microsoft security technologist, part of the team responsible for assessing the security status of Microsoft products, network infrastructure, and services. He’s also worked as technical lead on penetration testing teams for several leading security companies.
