Special Ops: Host and Network Security for Microsoft Unix and OracleBy
- . Syngress
Special Ops: Internal Network Security Guide is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? This book attacks the problem of the soft, chewy center in internal networks. We use a two-pronged approach-Tactical and Strategic-to give readers a complete guide to internal penetration testing. Content includes the newest vulnerabilities and exploits, assessment methodologies, host review guides, secure baselines and case studies to bring it all together. We have scoured the Internet and assembled some of the best to function as Technical Specialists and Strategic Specialists. This creates a diversified project removing restrictive corporate boundaries. The unique style of this book will allow it to cover an incredibly broad range of topics in unparalleled detail. Chapters within the book will be written using the same concepts behind software development. Chapters will be treated like functions within programming code, allowing the authors to call on each other's data. These functions will supplement the methodology when specific technologies are examined thus reducing the common redundancies found in other security books.This book is designed to be the "one-stop shop" for security engineers who want all their information in one place. The technical nature of this may be too much for middle management; however technical managers can use the book to help them understand the challenges faced by the engineers who support their businesses.
Published: January 2003
- Foreword by Stuart McClurePart I: METHODOLOGYChapter 1: Defining Scope for the ProjectChapter 2: Identifying TargetsChapter 3: High Severity VulnerabilitiesChapter 4: Vulnerability MappingChapter 5: Penetration TechniquesPart II: TACTICALChapter 6: Windows 2000 Operating SystemChapter 7: Windows XP Operating SystemChapter 8: Windows Active DirectoryChapter 9: Exchange Server & OWAChapter 10: Terminal ServerChapter 11: Microsoft IISChapter 12: Attacking Web ApplicationsChapter 13: Attacking and Defending SQLChapter 14: Attacking and Defending OracleChapter 15: Defending UNIXChapter 16: Attacking and Defending SolarisChapter 17: Creating Custom ToolsChapter 18: Network ArchitectureChapter 19: Building and Attacking Wireless NetworksPart III: STRATEGICChapter 20: Internal Security TeamsChapter 21: Public Source InformationChapter 22: Security PoliciesChapter 23: Internal Education Programs