Muutke küpsiste eelistusi

E-raamat: Bulletproofing TCP/IP-based Windows NT/2000 Networks [Wiley Online]

(4-Degree Consulting, Macon, Georgia)
  • Formaat: 300 pages
  • Ilmumisaeg: 20-Apr-2001
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 470841605
  • ISBN-13: 9780470841600
Teised raamatud teemal:
  • Wiley Online
  • Hind: 169,12 €*
  • * hind, mis tagab piiramatu üheaegsete kasutajate arvuga ligipääsu piiramatuks ajaks
Bulletproofing TCP/IP-based Windows NT/2000 NetworksSuurem pilt
  • Formaat: 300 pages
  • Ilmumisaeg: 20-Apr-2001
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 470841605
  • ISBN-13: 9780470841600
Teised raamatud teemal:
Wiley Online e-raamatudRohkem infot Wiley Online kohta
Raamatu kodulehekülg: https://onlinelibrary.wiley.com/doi/book/10.1002/0470841605
Find out about TCP/IP-based network attack methods and threats to Windows NT/2000 computers and the preventive measures you can use to protect your infrastructure. Bulletproofing TCP/IP-based Windows NT/2000 Networks details the use of router access lists, firewalls, virus scanners and encryption. It includes examples of the configuration of hardware and software to prevent or minimize the effect of a wide range of communications-based attacks against TCP/IP networks and Windows NT/2000 hosts connected to such networks.

- Covers how TCP/IP operates and how TCP/IP attacks occur.
- Detailed coverage on how to secure both TCP/IP networks and the Windows NT/2000- host on such networks against different attack methods.
- Describes a new attack method, 'script-form attack', which could cause a company financial problems, and its prevention.
- Uses practical real-world examples of methods used to block potential attacks.

Aimed at TCP/IP network managers, LAN admiistrators, Windows NT/2000 administrators and network professionals. It can also be used for high level undergraduate and graduate electrical engineering and computer science courses covering network security.
Preface xv
Acknowledgements xviii
Introduction
1(18)
Rationale for security measures
2(13)
No organization may be safe
2(1)
Effect of attacks
3(1)
Social engineering
4(1)
Dumpster diving
5(1)
The Script-form attach
6(5)
Counter measures
11(2)
The Computer Fraud and Abuse Act
13(1)
Major provisions
14(1)
Book preview
15(4)
The TCP/IP protocol suite
15(1)
Network attack methods
16(1)
The security role of the router
16(1)
The role of the firewall
17(1)
The role of virus scanners and encryption
17(1)
Host attack methods
17(1)
Working with Windows
18(1)
The role of the scanner
18(1)
The TCP/IP protocol suite
19(66)
Comparison to the ISO Reference Model
19(1)
The network layer
20(1)
ICMP
21(1)
The transport layer
21(1)
TCP
21(1)
UDP
22(1)
Port numbers
22(1)
Application data delivery
22(1)
The Internet Protocol
23(41)
The IPv4 header
24(1)
Vers field
24(1)
Hlen and Total Length fields
25(1)
Type of Service field
25(1)
Identification field
26(1)
Flags field
27(1)
Fragment Offset field
27(1)
Time to Live field
28(1)
Protocol field
28(1)
Checksum field
28(3)
Source and Destination address fields
31(1)
Options and Padding fields
32(1)
IP addressing
32(1)
Overview
32(1)
The basic addressing scheme
33(1)
Address classes
34(2)
Address formats
36(1)
Address composition and notation
36(1)
Special IP addresses
37(1)
Class A
38(1)
Class B
39(1)
Class C
39(1)
Class D
40(1)
Class E
41(1)
Reserved addresses
41(1)
Subnetting and the subnet mask
42(3)
Host addresses on subnets
45(1)
The subnet mask
46(2)
Configuration examples
48(3)
Classless networking
51(3)
ICMP and ARP
54(1)
ICMP
54(1)
The ICMPv4 header
54(1)
Type field
55(1)
Code field
55(1)
ARP
56(1)
Need for address resolution
57(2)
Operation
59(1)
Hardware Type field
59(1)
Protocol Type field
60(1)
Hardware Length field
60(1)
Protocol Length field
61(1)
Operation field
61(1)
Sender Hardware Address field
61(1)
Sender IP Address field
61(1)
Target Hardware Address field
61(1)
Target IP Address field
61(2)
ARP Notes
63(1)
The transport layer
64(21)
TCP
65(1)
The TCP header
65(1)
Source and destination port fields
66(1)
Port numbers
67(1)
Well-known ports
67(2)
Registered port numbers
69(1)
Dynamic port numbers
69(1)
Sequence number field
69(1)
Acknowledgment number field
70(1)
Hlen field
70(1)
Reserved field
71(1)
Code bits field
71(1)
URG bit
71(1)
ACK bit
72(1)
PSH bit
72(1)
RST bit
72(1)
SYN bit
72(1)
FIN bit
72(1)
Window field
72(1)
Checksum field
73(1)
Urgent pointer field
73(1)
Options field
73(1)
Padding field
74(1)
Operation
75(1)
Connection types
75(1)
The three-way-handshake
76(2)
Segment size support
78(1)
The window field and flow control
78(1)
Timers
79(1)
Delayed ACK timer
79(1)
FIN-WAIT-2 timer
80(1)
Persist timer
80(1)
Keep alive
80(1)
Slow start and congestion avoidance
80(2)
UDP
82(1)
The UDP header
82(1)
Source and destination port fields
83(1)
Length field
83(1)
Checksum field
83(1)
Operation
83(2)
Network attack methods
85(20)
IP address spoofing
85(7)
Background
86(1)
Obtaining an IP address to spoof
86(1)
Reconfiguring the protocol stack
87(1)
Spoofing example
88(2)
Why address hiding is difficult to locate
90(1)
Address selection
91(1)
General software-based attacks
92(3)
Ping of death
92(1)
Bogus Java applets
93(1)
Dictionary attacks
94(1)
Application-based attacks
95(5)
Email-based attacks
95(2)
FTP attacks
97(1)
mget and mput
98(2)
Denial of service
100(2)
Directed broadcasts
100(1)
SYN attack
101(1)
UDP flooding
102(2)
Router disturbance
104(1)
The security role of the router
105(50)
Access control
105(9)
Address and message identity
106(1)
Cisco EXEC sessions
106(1)
Password protection
107(1)
Telnet access
108(1)
Password encryption
109(1)
Using the enable secret command
110(1)
Access list restrictions
110(1)
Protecting the hardwired connection
111(2)
Considering SNMP
113(1)
Access lists
114(41)
Interface consideration
114(2)
Types of access list
116(1)
Standard IP access lists
116(1)
Keywords
116(1)
Source address
116(1)
The wildcard-mask
117(1)
The host keyword
118(1)
The any keyword
118(1)
The log keyword
118(1)
Extended IP access list
119(1)
The list number field
120(1)
The protocol field
120(1)
Source address and wildcard-mask fields
120(1)
Source port number field
121(1)
Destination address and wildcard-mask fields
121(1)
Destination port number
121(1)
Options
121(1)
Rules and guidelines
122(1)
Top down processing
123(1)
Access list additions
123(1)
Access list placement
123(1)
Statement placement
124(1)
Access list application
124(1)
Filtering direction
124(1)
Router generated packets
124(1)
Creating and applying an access list
124(1)
Specifying an interface
125(1)
Using the ip access-group command
125(2)
Limiting ICMP
127(2)
Permitting echo-reply
129(1)
Permitting pings
129(1)
Considering destination unreachable
129(1)
Anti-spoofing statements
130(1)
New capabilities in access lists
131(1)
Named access lists
131(1)
Overview
131(1)
Standard named IP access lists
131(1)
Extended named IP access lists
132(1)
Editing capability
133(1)
Dynamic access lists
133(1)
Rationale for use
134(1)
Utilization
134(3)
Reflexive access lists
137(1)
Overview
138(1)
Rationale for use
138(1)
Creation
138(2)
Limitations
140(1)
Time-based access lists
141(1)
Creation
141(1)
Example
142(1)
TCP intercept
142(1)
Context-based access control
142(1)
Overview
143(1)
Operation
144(1)
CBAC example
144(1)
Interselection
145(1)
The inspect statement
146(3)
Applying the inspection rules
149(1)
Using CBAC
150(3)
Summary
153(2)
The role of the firewall
155(28)
Access list limitations
155(3)
Repeated logon attempts
156(1)
Application harm
157(1)
Proxy services
158(9)
Operation
159(1)
Firewall location
160(4)
Types of proxy service
164(2)
Limitations
166(1)
Operational examples
167(12)
The Technologic Interceptor
167(1)
Using classes
167(2)
Alert generation
169(1)
Packet filtering
170(3)
Check Point FireWall-1
173(1)
The Graphic User Interface
173(1)
Network objects
174(1)
FireWall-1 rules
175(2)
Management functions
177(2)
The gap to consider
179(1)
Network address translation
179(4)
Types of address translation
180(1)
Static NAT
180(1)
Pooled NAT
181(1)
Port address translation
181(2)
The role of the virus scanner and encryption
183(22)
Virus overview
183(15)
Logic bombs
183(1)
Worms
184(1)
Trojan horse
184(1)
Virus effect
184(1)
Types of virus
185(1)
Boot and FAT infectors
185(1)
System file infectors
186(1)
Command infectors
186(1)
Infection prevention
186(1)
Detection software
187(1)
Virus scanning
187(1)
Desktop program example
187(1)
General features
188(2)
File scanning control
190(1)
The scanning process
191(1)
Virus information
191(2)
Controlling the virus scan
193(1)
Email scanning
193(1)
Protecting the enterprise
194(2)
Optional features
196(1)
Infection symptoms
197(1)
Recovery operations
197(1)
Encryption
198(7)
Private key DES
199(2)
Leased line versus switched network operations
201(1)
Public key encryption
202(1)
Advantage of use
203(1)
RSA
203(1)
Example
204(1)
Host attack methods
205(20)
The Microsoft Security Advisor
206(1)
Host attack categories
207(5)
Physical security
207(1)
Password security
208(1)
User security
208(1)
Network security
209(1)
DoS/DDoS attacks
209(2)
Malformed packet attacks
211(1)
Preventive measures
212(1)
Security checklist
212(1)
Registry settings
212(7)
SynAttack Protect
215(1)
TcpMaxHalfOpen
216(1)
TcpMaxHalf Open Retried
216(1)
Enable PMTU Discovery
216(1)
NoNameReleaseOnDemand
216(1)
EnableDeadGWDetect
216(1)
KeepAliveTime
217(1)
PerformRouterDiscovery
217(1)
EnableICMPRedirects
217(2)
Other registry changes to consider
219(2)
Displaying a legal notice
220(1)
Remove OS/2 and POSIX subsystems
220(1)
Remove all net shares
221(1)
Remove the Shutdown button at logon
221(1)
Restrict anonymous network access
221(1)
Other attack methods to consider
221(4)
Trojan horse attacks
222(1)
RPC denial of service
222(1)
Malformed FTP requests
223(1)
Screen saver vulnerability
223(1)
Last user logon
224(1)
Working with Windows
225(38)
General security-related considerations
225(12)
Tracking known fixes
226(1)
Applying service packs
226(1)
NT versus 2000
227(1)
User Manager
227(1)
Built-in accounts to consider
228(1)
Password assignment
229(2)
Group membership
231(1)
Profile
232(1)
Logon hours
233(1)
Workstation access
233(1)
Account control
234(1)
Dialin control
235(1)
Managing security policies
235(1)
Controlling password use
236(1)
Setting user rights
237(11)
Auditing
239(4)
Shares
243(1)
Auditing files and directories
244(3)
Working with logs
247(1)
Working with FTP
248(7)
TCP port use
249(1)
Anonymous connections
249(1)
User session control
249(1)
Messages
250(1)
Directories
251(1)
Logging
252(1)
Controlling access via IP address
253(2)
Internet Information Server
255(8)
Web site properties
256(1)
Multiple site support
257(1)
Operator control
258(1)
Directory security
259(2)
Authentication
261(1)
Home directory
262(1)
The role of the scanner
263(24)
Intrusion detection versus scanning software
264(2)
Intrusion detection operation
264(1)
Limitations
264(1)
Scanning software
265(1)
BindView HackerShield
266(9)
Device discovery
266(1)
Working with groups
266(3)
Viewing reports
269(1)
cgi script considerations
270(1)
Open ports
271(4)
Other types of scanning programs
275(1)
The Internet Scanner
275(12)
Creating a scan
276(2)
Policy creation
278(1)
Policy properties
279(2)
Selecting exploits for the scanner
281(1)
Considering account lockout
282(1)
Scanning a local host
283(4)
Index 287


Gilbert Held is an internationally recognized author and lecturer who specializes in the applications of computer and communications technology. With over 30 years ofexperience in managing communications networks, he conducts seminars on topics that include LAN/WAN internetworking, data compression, and PC hardware and software. Held has written numerous books on computers and communications technology and has been recognized for his technical excellence in writing.
Püsilink: https://www.kriso.ee/db/9780470841600_pe.html
Märksõnad: