PenTest’s Network Audit, Unix Testing, Auditing Cisco, Routers & Switches PenTest eBook | TEASER

January 9, 2014

Free Articles admin Comments Off

Read a sample of Chapter 3: GPEN Study Guide

You will find there covered topics like: Pen-testing Foundations, Pen-testing process, Legal Issues, Reconnaissance, Intro to Linux and Scanning Goals and Techniques.

PenTest's Network Audit, Unix Testing, Auditing Cisco, Routers & Switches | PenTest eBook | TEASERPenTest’s Network Audit, Unix Testing, Auditing Cisco, Routers & Switches | PenTest eBook | TEASER – free articles
PenTest's Network Audit, Unix Testing, Auditing Cisco, Routers & Switches | PenTest eBook | TEASER

Follow the steps below to download the magazine:
  1. Register, accept the Disclaimer and choose subscription option.
    By choosing the Free Account option you will only be able to download the teaser of each issue.
  2. Verify your account using the verification link sent to your email address.
  3. Check the password sent on your email address and use it to log in.
  4. Click the download button to get the issue.

IMPORTANT: the registration on the website includes subscription to our newsletter.


Brief summary of full publication:
We will specifically focus on Cisco routers. This is primarily because Cisco has the greatest market share Internet-based Routers. Additionally, the Cisco IOS as perhaps the most universal feature set comprehensively covering many options. The addition of stateful packet filtering all stateful inspection and a wide range of protocols that are supported (dependent on licensing) make Cisco the ideal subject for discussions of router audits.
We look at testing systems over the network. System testing is possible over the network, and provides
a means to test compliance with:
• Change control processes,
• Patching and vulnerability mitigation,
• Malware (ensuring that no additional ports are listening),
• Basic Security configurations,
• Baselines Tests of systems, and
• Ensuring that no new or unauthorized hosts or networks have been connected.
System testing requires knowledge of many system types. In addition to Windows, the tester needs to understand the Linux and *NIX operating systems. Even in the most Windows focused network, it is common to discover a *NIX system running an oft overlooked but essential function that is critical to the organisation.

There are a variety of ways in which a user can authenticate in UNIX. The two primary differences involve
authentication to the operating system against authentication to an application alone. In the case of an application
such as a window manager (e.g. X-Window), authentication to the application is in fact of authenticating to the
operating system itself. Additionally, authentication may be divided into both local and networked authentication.

Let’s take a detailed look at the Table of Contents:

Chapter 1: Auditing Cisco Routers and Switches
Functions of a Router, Architectures and Components; Modes of Operation; Configuration Files and States; How a Router Can Play a Role in your Security Infrastructure; Router Technology, a TCP/IP Perspective; Understanding the Auditing Issues with Routers; Password Management; Sample Router Architectures in Corporate WANs; Router Audit Tool (RAT) and Nipper; RAT; Nipper; Security Access Controls Performed by a Router; Security of the Router Itself and Auditing for Router Integrity; Identifying Security Vulnerabilities; Audit Steps over Routers; Show access-lists; Sample Commands; Cisco router check lists

Chapter 2: An Introduction to Network Audit
What is a Vulnerability Assessment?; The importance of Vulnerability Assessments; A Survey of Vulnerability Assessment Tools; Network Mapping; Pre-Mapping Tasks; What the Hackers Want to Know; Auditing Perimeter Defenses; Auditing Routers, Switches and other network infrastructure; The Methodology; Protection Testing?; Miscellaneous Tests; Network and Vulnerability Scanning
Nessus; Essential Net Tools (EST); CIS – Cerberus Internet Scanner

Chapter 3: GPEN Study Guide
Pen-testing Process; Legal Issues; Reconnaissance: Inventory, Whois, Web Reconnaissance, Metadata, DNS 73; Intro to Linux: Outcome Statement, Shell History, Basic UNIX commands, The Essential Commands, File Commands, Finding out about other users on the system, Authentication and Validation, Usernames, UIDS, the Superuser, File System Access Control; Scanning Goals and Techniques; Network Tracing, Scanning, and Nmap: Network Tracing using Traceroute, Traceroute, Port Scanning Fundamentals, Port Scanning with NMAP, Amap Scanner; Vulnerability Scanning; Enumerating Users: Methods of Acquisition, Unix/Linux Accounts, Windows Accounts; Netcat and Hping; Exploitation: Exploitation?, Exploitation Categories, Exploitation, Metasploit; Command Shell vs. Terminal Access: Command Shell vs. Terminal Access, Windows Targets, Linux Targets, Relays; Remote Command Execution; Password Attacks: Password Attacks: Motivation and Definitions, Password Attack Tips, Dealing with Account Lockout, Password Guessing with THC-Hydra, Password Attacks, Obtaining, Password Hashes – Windows, Linux and Unix Password Schemes, John the Ripper, Cain, Rainbow Table Attacks, Ophcrack Exercise, Pass-the-Hash Attacks, When to use which password attack?; Wireless Fundamentals: Cloaked ESSIDs, Locating Access Points, Wireless Client Attacks, Traffic Injection, Airpwn, Session Hijacking, Access Point Impersonation, Karma, Karma Metasploit Integration; Web Application Overview: Injection Attacks, Cross Site Request Forgery (XSRF) Attacks, Cross Site Scripting Attacks, Command Injection, SQL Injection, Blind SQL Injection

Chapter 4: 100+ Unix Commands
Introduction and objectives; Basic UNIX commands; The Essential Commands; Authentication and Validation; File System Access Control; Restricting Superuser Access; Finer Points of Find; Finding out About the System Configuration; What Tools to Use; Password Assessment Tools; Controlling Services; Enabling .rhosts; Kernel Tuning for Security; Security and the cron System; Backups and Archives; Logging; Tricks and Techniques; Appendixes; “uname”; Command SummaryComments

Tagged with:

Comments are closed.

IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa