更新时间:2021-06-25 21:11:39
封面
版权信息
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the authors
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions
Get in touch
Reviews
Exploring Security Threats
Important terms in network security
Threats
Vulnerability
Analyzing vulnerability
Introduction to an attack
Passive attacks
Active attacks
Spoofing attacks
Internet protocol – the heart of internet communication
How is an IP datagram spoofed?
IP spoofing
Scanning
Hijacking an online session
Flooding
ARP spoofing attacks
Mitigating ARP spoofing attacks
The DHCP process
Why DHCP snooping?
Trusted and untrusted sources
Ping of Death
TCP SYN flood attacks
Password attacks
Buffer overflow attacks
Malware
Network security tools
Wireshark
Metasploit
Kali Linux
Summary
Delving into Security Toolkits
Firewall functions
Rules of a firewall
Types of firewall
Packet-filtering firewall/stateless firewall
Circuit-level gateway firewall/stateful firewall
Application-layer firewall
Zone-based firewall
Intrusion prevention system
Intrusion detection system
Virtual Private Network
Benefits of VPN
Site-to-site VPNs
Remote-access VPN
Content security
Content Security Policy
Cisco Email Security Appliance
Cisco IronPort Web Security Appliance
Endpoint security
Understanding Security Policies
Need for a security policy
Five steps for a security policy
Security policy components
Best example for a security policy – a password policy
How to develop a policy
Risk
Risk analysis
Benefits of risk analysis
Quantitative risk
Qualitative risk
Weakness in technology
Weakness in configuration
Weakness in a security policy
Threat
Threat consequence
Disclosure
Threat action – exposure
Threat action – interception
Threat action – inference
Threat action – intrusion
Deception
Threat action – masquerade
Threat action - falsification
Threat action – repudiation
Disruption
Threat action – incapacitation
Types of threat
Asset
Why classifying of assets is required
Identifying the asset
Asset accountability
Creating a plan for asset classification
