What do you think?
Rate this book
Network Protocols for Security Professionals: Probe and identify network-based vulnerabilities and safeguard against network protocol breaches
Get to grips with network-based attacks and learn to defend your organization's network and network devices
Key FeaturesExploit vulnerabilities and use custom modules and scripts to crack authentication protocolsSafeguard against web, mail, database, DNS, voice, video, and collaboration server attacksMonitor and protect against brute-force attacks by implementing defense mechanismsBook DescriptionWith the increased demand for computer systems and the ever-evolving internet, network security now plays an even bigger role in securing IT infrastructures against attacks. Equipped with the knowledge of how to find vulnerabilities and infiltrate organizations through their networks, you'll be able to think like a hacker and safeguard your organization's network and networking devices. Network Protocols for Security Professionals will show you how.
This comprehensive guide gradually increases in complexity, taking you from the basics to advanced concepts. Starting with the structure of data network protocols, devices, and breaches, you'll become familiar with attacking tools and scripts that take advantage of these breaches. Once you've covered the basics, you'll learn about attacks that target networks and network devices. Your learning journey will get more exciting as you perform eavesdropping, learn data analysis, and use behavior analysis for network forensics. As you progress, you'll develop a thorough understanding of network protocols and how to use methods and tools you learned in the previous parts to attack and protect these protocols.
By the end of this network security book, you'll be well versed in network protocol security and security countermeasures to protect network protocols.
What you will learnUnderstand security breaches, weaknesses, and protection techniquesAttack and defend wired as well as wireless networksDiscover how to attack and defend LAN-, IP-, and TCP/UDP-based vulnerabilitiesFocus on encryption, authorization, and authentication principlesGain insights into implementing security protocols the right wayUse tools and scripts to perform attacks on network devicesWield Python, PyShark, and other scripting tools for packet analysisIdentify attacks on web servers to secure web and email servicesWho this book is forThis book is for red team and blue team pentesters, security professionals, or bug hunters. Anyone involved in network protocol management and security will also benefit from this book. Basic experience in network security will be an added advantage.
Table of ContentsData Centers and the Enterprise Network Architecture and its ComponentsNetwork Protocol Structures and OperationsSecurity Protocols and Their ImplementationUsing Network Security Tools, Scripts, and CodeFinding Protocol VulnerabilitiesFinding Network-Based AttacksDetecting Device-Based AttacksNetwork Traffic Analysis and EavesdroppingUsing Behavior Analysis and Anomaly DetectionDiscovering LAN, IP, and TCP/UDP-Based AttacksImplementing Wireless Network SecurityAttacking Routing ProtocolsDNS SecuritySecuring Web and Email ServicesEnterprise Applications Security – Databases
Key FeaturesExploit vulnerabilities and use custom modules and scripts to crack authentication protocolsSafeguard against web, mail, database, DNS, voice, video, and collaboration server attacksMonitor and protect against brute-force attacks by implementing defense mechanismsBook DescriptionWith the increased demand for computer systems and the ever-evolving internet, network security now plays an even bigger role in securing IT infrastructures against attacks. Equipped with the knowledge of how to find vulnerabilities and infiltrate organizations through their networks, you'll be able to think like a hacker and safeguard your organization's network and networking devices. Network Protocols for Security Professionals will show you how.
This comprehensive guide gradually increases in complexity, taking you from the basics to advanced concepts. Starting with the structure of data network protocols, devices, and breaches, you'll become familiar with attacking tools and scripts that take advantage of these breaches. Once you've covered the basics, you'll learn about attacks that target networks and network devices. Your learning journey will get more exciting as you perform eavesdropping, learn data analysis, and use behavior analysis for network forensics. As you progress, you'll develop a thorough understanding of network protocols and how to use methods and tools you learned in the previous parts to attack and protect these protocols.
By the end of this network security book, you'll be well versed in network protocol security and security countermeasures to protect network protocols.
What you will learnUnderstand security breaches, weaknesses, and protection techniquesAttack and defend wired as well as wireless networksDiscover how to attack and defend LAN-, IP-, and TCP/UDP-based vulnerabilitiesFocus on encryption, authorization, and authentication principlesGain insights into implementing security protocols the right wayUse tools and scripts to perform attacks on network devicesWield Python, PyShark, and other scripting tools for packet analysisIdentify attacks on web servers to secure web and email servicesWho this book is forThis book is for red team and blue team pentesters, security professionals, or bug hunters. Anyone involved in network protocol management and security will also benefit from this book. Basic experience in network security will be an added advantage.
Table of ContentsData Centers and the Enterprise Network Architecture and its ComponentsNetwork Protocol Structures and OperationsSecurity Protocols and Their ImplementationUsing Network Security Tools, Scripts, and CodeFinding Protocol VulnerabilitiesFinding Network-Based AttacksDetecting Device-Based AttacksNetwork Traffic Analysis and EavesdroppingUsing Behavior Analysis and Anomaly DetectionDiscovering LAN, IP, and TCP/UDP-Based AttacksImplementing Wireless Network SecurityAttacking Routing ProtocolsDNS SecuritySecuring Web and Email ServicesEnterprise Applications Security – Databases
580 pages, Kindle Edition
Published October 26, 2022
3 people are currently reading
6 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
March 11, 2023
Detailed and practical. Explains network attacks, then tells how to perform them as a red teamer, how to discover them, and how to defend against them. Includes plenty of diagrams and screenshots. Chapters end with questions. Written by InfoSec consultants.
Notes
Data Centers and the Enterprise Network Architecture and its Components
• Bandwidth: number of bits per second network can provide.
• Delay: Round-Trip Time (RTT) in seconds for packet to get to destination and response to get back to sender.
• Jitter: variations in delay, measured as percentage.
• Packet loss: percentage of packets lost in transmission.
• SDN domain: all devices under same SDN controller.
• Network orchestrator: used to control multiple SDN domains.
Network Protocol Structures and Operations
Protocol Data Unit (PDU)s
• L2: frame
• L3: packet
• L4: segment or message
Security Protocols and Their Implementation
IPSec
• IPSec tunnel mode: entire IP packet is encrypted, hidden inside new IP packet. Mostly used between firewalls in site-to-site topology or between client and firewall in client-to-site topology.
• IPSec transport mode: IPSec header is added to original IP packet. Used to protect layers 4 to 7. Commonly used in client-to-site VPNs, or between client and server, or between end nodes, which can be behind firewalls.
DNS Security
Attackers can exfiltrate data by tunneling via DNS, which is difficult to detect.
Securing Web and Email Services
HTTPS handshake
1. Client hello: client sends info about itself, supported cipher suites, max supported TLS version.
2. Server hello: server sends ACK and public key.
3. Client verifies public key and cert against list of trusted CAs, then stores public key.
4. Client key exchange: client sends ChangeCipherSpec message to agree on shared key.
5. Server verifies and sends ChangeCipherSpec Fin (Finish) message to start conversation.
Scanners, vulnerability checkers, other tools
• Kali Linux: security distro
• Burp Suite: tests web apps, mobile apps, thick clients, thin clients, APIs
• Acunetix: web app vulnerability scanner
• OWASP ZAP: vulnerability scanner
• Netsparker: automated web vulnerability scanner
• Qualys Cloud Platform (formerly QualysGuard): cloud-based tools
• TestSSL: SSL/TLS vulnerability scanner
• DVWA (Damn Vulnerable Web Application) web penetration testing platform
• Mutillidae: more advanced than DVWA
• Nikto: CLI tool to learn about open CGI directories, dangerous vulnerabilities
• SQLmap: automates scanning for SQL injections, exploits them
XSS attacks
• Reflected XSS: Attacker injects malicious code into web app. Server responds to attacker’s query with popup message in victim's browser.
• Stored XSS: Attacker injects and stores malicious scripts in DB. Victim visits page, clicks link.
• DOM XSS: Attacker injects malicious script directly into document objects, crafts malicious URL to pass on to victim.
Implement proper session management (e.g., secured session tokens) to mitigate session-based attacks (e.g., session hijacking, cookie tampering).
IP Telephony and Collaboration Services Security
SRTP, ZRTP: more secure, advanced versions of RTP
Notes
Data Centers and the Enterprise Network Architecture and its Components
• Bandwidth: number of bits per second network can provide.
• Delay: Round-Trip Time (RTT) in seconds for packet to get to destination and response to get back to sender.
• Jitter: variations in delay, measured as percentage.
• Packet loss: percentage of packets lost in transmission.
• SDN domain: all devices under same SDN controller.
• Network orchestrator: used to control multiple SDN domains.
Network Protocol Structures and Operations
Protocol Data Unit (PDU)s
• L2: frame
• L3: packet
• L4: segment or message
Security Protocols and Their Implementation
IPSec
• IPSec tunnel mode: entire IP packet is encrypted, hidden inside new IP packet. Mostly used between firewalls in site-to-site topology or between client and firewall in client-to-site topology.
• IPSec transport mode: IPSec header is added to original IP packet. Used to protect layers 4 to 7. Commonly used in client-to-site VPNs, or between client and server, or between end nodes, which can be behind firewalls.
DNS Security
Attackers can exfiltrate data by tunneling via DNS, which is difficult to detect.
Securing Web and Email Services
HTTPS handshake
1. Client hello: client sends info about itself, supported cipher suites, max supported TLS version.
2. Server hello: server sends ACK and public key.
3. Client verifies public key and cert against list of trusted CAs, then stores public key.
4. Client key exchange: client sends ChangeCipherSpec message to agree on shared key.
5. Server verifies and sends ChangeCipherSpec Fin (Finish) message to start conversation.
Scanners, vulnerability checkers, other tools
• Kali Linux: security distro
• Burp Suite: tests web apps, mobile apps, thick clients, thin clients, APIs
• Acunetix: web app vulnerability scanner
• OWASP ZAP: vulnerability scanner
• Netsparker: automated web vulnerability scanner
• Qualys Cloud Platform (formerly QualysGuard): cloud-based tools
• TestSSL: SSL/TLS vulnerability scanner
• DVWA (Damn Vulnerable Web Application) web penetration testing platform
• Mutillidae: more advanced than DVWA
• Nikto: CLI tool to learn about open CGI directories, dangerous vulnerabilities
• SQLmap: automates scanning for SQL injections, exploits them
XSS attacks
• Reflected XSS: Attacker injects malicious code into web app. Server responds to attacker’s query with popup message in victim's browser.
• Stored XSS: Attacker injects and stores malicious scripts in DB. Victim visits page, clicks link.
• DOM XSS: Attacker injects malicious script directly into document objects, crafts malicious URL to pass on to victim.
Implement proper session management (e.g., secured session tokens) to mitigate session-based attacks (e.g., session hijacking, cookie tampering).
IP Telephony and Collaboration Services Security
SRTP, ZRTP: more secure, advanced versions of RTP
Displaying 1 of 1 review