Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Practical Network Scanning
Practical Network Scanning

Practical Network Scanning: Capture network vulnerabilities using standard tools such as Nmap and Nessus

Arrow left icon
Profile Icon Singh Chauhan
Arrow right icon
€32.99
Paperback May 2018 326 pages 1st Edition
eBook
€23.99 €26.99
Paperback
€32.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Singh Chauhan
Arrow right icon
€32.99
Paperback May 2018 326 pages 1st Edition
eBook
€23.99 €26.99
Paperback
€32.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€23.99 €26.99
Paperback
€32.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Practical Network Scanning

Fundamental Security Concepts

In  an ever-evolving world of technology, security and data privacy are of paramount importance. This chapter will address some of the basic concepts of IT infrastructure security. In order to secure a system, the key task is to identify and classify the information assets and define a security framework.

This chapter will cover what security means to network and system administrators. It will also explore how to build a secure network, incorporating the security principles defined in your framework. 

Let's get started with network infrastructure security. We will cover the following topics in this chapter:

  • Why security?
  • Building blocks of information security
  • Computer security
  • Network security
  • Internet security
  • Security issues, threats, and attacks

Why security?

As the internet grows and technology evolves for modern computer networks, network security has become one of the most crucial factors for everyone. This includes everyone from end users and small and medium-sized businesses (SMBs) to cloud service providers.

Due to a growing volume of network attacks, network security should be a priority when designing network architecture. To understand the importance of this, imagine what could happen if there was a network integrity breach at a bank, stock exchange, or other financial database.

The importance of network security is not just limited to the IT industry. It is also important within industries such as health care. Health records contain some of the most valuable information available, including Social Security numbers, home addresses, and patient health histories. If this data is accessed by unauthorized persons, it can be stolen or sold to the black market.

Security awareness is important for everybody and not just the IT department. If you work with internet enabled devices, it's your responsibility too. However, you can only control information security once you know how to secure it.

No one can get into your system until something is compromised. Similarly, if your door is locked from the outside, nobody can enter your house unless they gain access to a duplicate key or have a similar key built by getting physical access to the lock. A few examples of how a system might be compromised are as follows:

  • A targeted email could be sent to random users with an attachment (Drive by Download). If a user opened that attachment, their system would be compromised.
  • An email is received which poses as a domain such as banking and asks you to change your password through a provided link. Once you do this, your username and password can be stolen.
  • If a small typo is made when typing a website address into a browser, a similar page may open (Phishing) which is not genuine, and your credentials can be stolen.
  • Features provided by websites for resetting forgotten passwords can also be very risky. Let's say somebody knows my email ID and attempts to access my account by selecting a forgotten password option. If the security question asks for my date of birth, this can easily be found on my resume.
  • A password for an Excel file can easily be broken by a brute-force attack.
  • The most widespread types of ransomware encrypt all or some of the data on your PC, and then ask for a large payment (the ransom) in order to restore access to your data.
  • During DNS hijacking, an online attacker will override your computer's TCP/IP settings so that the DNS translation gets altered. For example, typing in abc.com will translate it into this IP: 140.166.226.26. However, a DNS hijacker will alter the translation so that abc.com will now send you the IP address of a different website.
  • Denial of Service network attacks disrupt the normal volume of traffic sent to targeted services with excessive amounts of traffic. This can be damaging in various ways. One example could be if a company has a Friday sale, and a competitor launches an attack on them in order to shut their services down and consequently increase their own sales.

According to research by British insurance company Lloyd's, the damage from hacks cost businesses $400 billion a year.

To further explore the cost of cybercrimes, visit the following webpage:  https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#612db25c3a91.

The market research firm Gartner estimates that global spending on cybersecurity is somewhere around $96 billion in 2018. By 2020, companies around the world are expected to spend around $170 billion—a growth rate of nearly ten percent in the next five years.

Building blocks of information security

Your data can be easily separated into the following three categories. This is especially important to know in order to determine the value of your data before planning for security:

  • Low Business Impact (LBI): If LBI data is disclosed, limited information loss could occur. Examples of this kind of data include name, gender, and/or the country of residence.
  • Moderate Business Impact (MBI): If MBI data is disclosed, disastrous information loss could occur, which directly damages the reputation of an organization. Examples of MBI data include first and last name, email ID, mailing address, and phone number.
  • High Business Impact (HBI): If HBI data is disclosed, serious information loss could occur. Access and permission must be controlled and limited to a need-to-know basis. Examples of HBI data include government IDs, credit card information, medical health records, passwords, and real-time location.

Proper security control measures are required to ensure tight security. The following flowchart helps us to understand the security process:

  • Risk Management Process: This is particularly important when designing a secure network. Risk management analysis must be done in advance as this aids designing secure infrastructure. Steps should include risk identification, risk analysis, risk ranking, and mitigation plans. For example, an ISP link can be a public or private Wide Area Network (WAN) connection. Data transfer between two sites over public infrastructure can be secured by implementing VPNs. Data transfer between two sites over private links can be future encrypted by link device. The purpose and funding of connection must be identified, and a proper risk assessment must be carried out before installing or activating any links.
  • InfoSec Design Process: Perimeter boundaries must be defined and documented. For example, connecting to WAN internet or connecting to another location over WAN must be defined. When I say boundaries, we should always take a layered approach. There is no ideal situation to ensure 100% security, but by implementing security on every layer, you can ensure tight security. A layered security method encompasses both technological and non-technological safety measures.

    For example, perimeter security can be protected by firewalls. Infrastructure details, such as server type and services running on the system, must be identified. Software and operating system bugs should be documented. IP space and security zones should be defined. System admin access should be controlled by security groups.

  • Verification process: The purpose of the verification process for each extranet/intranet connection is to generate all audit evidence documented in the compliance procedures of the security design. This will have information about users, remote IP, and tasks performed by them. Network scanning, penetration testing, and scorecard reporting provide an in-depth view of infrastructure security.

    A periodic audit is always required in order to know if there is unexpected activity.  Firewall logs, TCP/IP headers from load balancers on IIS, and two-factor authentications are examples of a verification process.

  • Security implementation process: At this stage you should have the following items ready to be implemented:
    • Security policies—password policies and access control
    • Disaster recovery plan
    • Backup and recovery plan
    • WAN recovery plan
    • Network security zones
    • Database security
    • IIS or web security
    • Data and asset classification
    • Data encryption
    • Resource control for application users
    • Operating system security
    • Incident management and response
    • Change management and version control

Computer security

Computer security is not all about end user computing, it also includes server/application infrastructure. For any data transfer between server and client, both ends should be secure. Even the communication channel should be secure enough to avoid data theft.

We know that professionals understand network security, but how about end users? We can force users to implement security strategies, but is that enough? For better security, awareness is key. Security issues are constantly being found with the software we use every day, including common and reliable programs such as Windows, Internet Explorer, and Adobe's PDF Reader. It is therefore very important that we take some simple steps towards becoming more secure.

People often think of computer security as something technical and complicated, but that is not strictly the case. In the following, we will explore the most basic and important things you should do in order to make yourself safer online:

  • Use antivirus and antimalware and know which links are safe to click in emails
  • Be careful about programs you download and run; don't trust your pop-up notifications
  • On the server level, encryption chips can be used just to avoid physical theft of hardware

Most computer facilities continue to protect their physical assets far better than their data, even when the value of the data is several times greater than the value of the hardware.

Since awareness is especially important, we should also consider how much awareness we have within the organization. This can simply be achieved by sending a few emails that look genuine and getting the statistics of how many users opened such an email. Activities can be tracked in terms of number. For example, the statistics can be viewed for how many users shared their password and how many downloaded an attachment.

Network security

With today's complex network architecture and constantly growing networks, protecting data and maintaining confidentiality play a very important role. Complex networks consist of network traffic flowing between enterprise networks, data center networks and, of course, the cloud as well. A secure network helps us to protect against data loss, cyber-attacks and unauthorized access, thus providing a better user experience. Network security technologies equip multiple platforms with the ability to deal with the exact protection requirements.

Firewalls

A firewall is a network security appliance that accepts or rejects traffic flow based on configured rules and preconfigured policies. Placement of a firewall totally depends on the network architecture, which includes protection for network perimeters, subnets, and zones. Perimeter firewalls are always placed on a network's edge to filter packets entering the network. Perimeter firewalls are the first layer of security, and if malicious traffic has managed to bypass, host-based firewalls provide another layer of protection by allowing or denying packets coming into the end host device. This is called the multilayer security approach. Multiple firewalls can be set up to design a highly secure environment.

Firewalls are often deployed in other parts of the network to provide proper segmentation and data protection within enterprise infrastructure, on access layers and also in data centers.

Firewalls can be further classified as the following:

  • Simple packet filtering
  • Application proxy
  • Stateful inspection firewalls
  • Next-Generation Firewall

A traditional firewall provides functions such as Packet Address Translation (PAT), Network Address Translation (NAT), and Virtual Private Network (VPN). The basic characteristic of a traditional firewall is that it works according to the rules. For example, a user from subnet (10.10.10.0/24) wants to access Google DNS 8.8.8.8 on a UDP port 53.

A typical firewall rule will look like this:

Source IP

Destination IP

Protocol

Port

Action

10.10.10.0/24

8.8.8.8/32

UDP

53

Permit

However, Next-Generation Firewall works based on application and user-aware policies. Application-level control allows you to set policies depending on the user and the application.

For example, you can block peer-to-peer (P2P) downloads completely or disable Facebook chat without even blocking Facebook.

We will discuss firewalls in detail in upcoming chapters. The following diagram reflects zones and connectivity, which shows how firewall zones connect to multiple businesses:

  • Demilitarized zone (DMZ): Internet-facing applications are located in DMZ. Other services on other zones remain inaccessible to the internet. The most common services placed in DMZ include email services, FTP servers, and web servers.
  • Inside zone: The inside zone is known as the trusted zone to users. Applications in that area are considered highly secure. In the trusted area, security is maintained by denying all traffic from less trusted zones in any given firewall by default.
  • Cloud and internet zone: Let's not focus on naming these. They are standard segments we see on an enterprise network. These zones are considered to be below security zones.

Intrusion detection systems / intrusion prevention systems

There is a high chance that attacks may enter a network. Intrusion prevention system (IPS) / Intrusion detection system (IDS) is a proactive measure to detect and identify suspicious or undesirable activities that indicate intrusion. In IDS, deployment can be online or offline, and the basic idea is to redirect traffic you wish to monitor. There are multiple methods like switch port SPAN or fiber optic TAP solution, which can be used to redirect traffic. Pattern matching is used to detect known attacks by their signature and anomalies. Based on the activity, monitoring alerts can be set up to notify the network administrator.

As the following diagram shows, SPAN port is configured on a switch in order to redirect traffic to the IDS sensor. An actual SPAN port creates a copy of data flowing for a specific interface and redirects it to another port on the switch:

IPS offers proactive detection and prevention against unwanted network traffic. In an inline placement of IPS, all the traffic will travel via IPS devices. Based on the rules, actions can then be taken. When a signature is detected on an IPS device it can be used for resetting, blocking, and denying connections, as well as logging, monitoring, and alarming. A system admin can also define a policy-based approach with defined policy violation rules and actions to keep in mind when well-known signatures are released. Actions should be defined by the system admin.

The following diagram shows a topology for inline setup of IPS. All the traffic travels through IPS devices for traffic inspection. This is a bit different to doing a port SPAN, since all data goes through an IPS box. Consequently, you should be aware of what type of data has to be inspected:

There are a number of different attack types that can be prevented using an IPS, including:

  • Denial of Service
  • Distributed Denial of Service
  • Exploits
  • Worms
  • Viruses

Multitier topology

Multitier topology gives you flexibility to segment resources based on role and access policies. In a typical three-layer application, architecture that has web, app, and DB servers can be distributed based on location. Since web/app zone is something always exposed to end users, Demilitarized Zone (DMZ) IP space is always public. Subnet and database servers should not be directly accessible, hence why we should always allocate private IP space from RFC 1918.


This offers gradual access to control, based on IPs and resource locations. When designing a network, you can introduce a multi-layer firewall approach. In a multiple layer design approach, the basic idea is to isolate resources from each other, considering the fact that if one layer is compromised then others are not impacted.

Cross-premises IPsec tunneling provides you with a way to establish secure connections between two networks and multiple on-premises sites, or other virtual networks in Azure/AWS. This can secure data transfer by encrypting your data via the IPsec encryption using the IPsec framework. Virtual networks in AWS are called VPC and, in Azure, VNET.

Distributed Denial of Service: A Denial-of-Service (DoSattack or Distributed Denial-of-Service (DDoSattack  is an attempt to make a network resource out of service to its targeted users.

The real-world target would be online services such as e-commerce and the gaming industry, preventing the shop from doing any business by making front resources unavailable for end users. Just think about a situation during big billion-day sales hours if someone launches a DDOS attack and makes your e-commerce portal shut down.

The two most basic types of DDoS attacks are as follows:

  • WAN attacks: WAN DDoS attacks utilize available bandwidth on physical links with a high volume of packets with bigger payloads, or a high volume of packets with smaller payloads. Bigger payload network resources such as router or firewalls will process packets and consume all the bandwidth. With smaller payload network resources like routers, firewalls will try to process all the packets. However, due to limited CPU, cycle hardware resources won't be able to process genuine packets from end users and can fail under the load.
  • For example, let's assume you have a 10 Mbps WAN link and during attack BW, utilization is just 5 Mbps. However, a number of small packets can reach one million packets per second. In this case, assume that your network gear has no CPU cycle to process all tiny packets

    Another example would be if someone launched a DDOS attack using a large ICMP packet. This can choke your bandwidth and leave no space for the rest of the application.

  • The most common form of bandwidth attack is a packet-flooding attack, in which a large number of legitimate TCP, User Datagram Protocol (UDP), or Internet Control Message Protocol (ICMP) packets are directed to a targeted or aimed destination. Such attacks become more difficult to detect if attackers use techniques such as spoofing source addresses.
  • Application attacks: These DDoS attacks use the expected behavior of protocols such as TCP and HTTP. Application attacks are disruptive but small and silent in nature and extremely hard to detect since they use expected behavior. Application-layer attacks are easy to generate and require fewer packets with a small payload to achieve out of services for targeted applications. Application attacks are focused on web-application layers. For a small HTTP request, the actual server has to execute a lot of resources on the web server to fetch the content or resources. Every such server resource will have limited CPU and memory and can be easily targeted. In this example, I am not considering cloud-based web applications, where you have elasticity features enabled and with growth in the number of requests, server resources are automatically created to accommodate such requests.

 

Let us understand more about this with the help of an example:  

  • HTTP Floods: These are simple attacks in nature that try to access the same web page again and again in an automated fashion. They typically use the same range of IP addresses. Based on the trend, as this is being originated from the same source, the source pool can be blocked to mitigate attacks.
  • Randomized HTTP Floods: These are complex attacks that use a large pool of IP addresses from multiple locations and randomize the URLs. Since these kind of attacks originate from multiple locations, it is not easy to block the source IP. However, the rate limit can be fixed on server resources.

To simplify, DDoS is a form of attack where multiple compromised networks/hosts are used to target a single system. This is like a zombie attack and it is very tough to identify genuine users. Once infected, the internet-connected devices become part of a botnet army, driving malicious traffic toward a given target.

Internet security

These are the basic things you need to understand when you are working with online systems. When working with them day to day, we expose ourselves to risks.

Let's jump into the basic components of internet security.

Password

Since we own internet enabled devices, we are responsible for our own security. So, let's begin with our passwords. As users, we must choose a strong password. Alternatively, organizations should encourage users to choose one.

Password analysis shows that quite a common password used by users is 123456 and other similar, simple patterns. Most users choose the same password across multiple platforms. If a server or database is compromised by hackers, it would be easy to crack passwords such as this.

Few common web portals contain personal information. However, if an employee is required to create a username consisting of their first and last name or employee ID, and this is combined with a simple default password such as abcX123, then their information is easy to guess.

System upgrade and updates

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 triggered by the WannaCry ransomware crypto worm. This attack targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Such infection happens because people are running outdated software and attackers exploit this. This is not limited to PCs but also to mobile devices and other internet enabled devices.

Phishing

Phishing is a form of online fraud where you receive an email that looks similar to a trusted source. The message may ask you to validate, confirm, or update your account information by logging into fake websites. Targets are contacted via telephone, email, and text message, which are used to extract credit card details and passwords.

This is my own email box, which contains a message stating that I am supposed to get 13,17422 INR, and I need to update my details. While the attacker is using money as a temptation tool, it is important to think instead about your IT return. Is this type of mail really to be expected from the IT department? You can easily guess that this is not a genuine domain just by looking at the email header. Following the instructions of this message can consequently have disastrous consequences:

Beware of phishing phone calls

Attackers might call you on the phone and offer to solve your computer problems by selling you a software license or by obtaining your personal information in order to update your details in a backend system.

Once they've gained your trust, cybercriminals might ask for your username and password or ask you to go to a website to install software that will let them access your computer in order to fix it. Once you do this, your computer and your personal information is hijacked.

In the same way, a banking fraud can take place. This includes cybercriminals calling you and trying to persuade you to share your credit card and banking details.

Some signs of phishing phone calls include:

  • You have been specially selected for any offering
  • You have won money in a lottery
  • You have income tax refund
  • Someone asking about credit card CVV and other details to update a banking database

Phishing protection

Phishing attack protection requires steps to be taken by both users and enterprises. For users, awareness is the key. A spoofed message often contains some mistakes that expose its true identity. These can include spelling mistakes or changes to domain names, as seen in the earlier URL example. Users should also stop and think about why they're even receiving such an email or phone call.

You should report such emails to authorities so that appropriate actions can be taken.

Left arrow icon Right arrow icon

Key benefits

  • Learn to choose the best network scanning toolset for your system
  • Implement different concepts of network scanning such as port scanning and OS detection
  • Adapt a practical approach to securing your network

Description

Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization. Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.

Who is this book for?

If you are a security professional who is responsible for securing an organization's infrastructure, then this book is for you.

What you will learn

  • Achieve an effective security posture to design security architectures
  • Learn vital security aspects before moving to the Cloud
  • Launch secure applications with Web Application Security and SQL Injection
  • Explore the basics of threat detection/response/ mitigation with important use cases
  • Learn all about integration principles for PKI and tips to secure it
  • Design a WAN infrastructure and ensure security over a public WAN
Estimated delivery fee Deliver to Malta

Premium delivery 7 - 10 business days

€32.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : May 24, 2018
Length: 326 pages
Edition : 1st
Language : English
ISBN-13 : 9781788839235
Languages :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Malta

Premium delivery 7 - 10 business days

€32.95
(Includes tracking information)

Product Details

Publication date : May 24, 2018
Length: 326 pages
Edition : 1st
Language : English
ISBN-13 : 9781788839235
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 102.97
Mastering Wireshark 2
€32.99
Practical Network Scanning
€32.99
Mastering Metasploit
€36.99
Total 102.97 Stars icon

Table of Contents

14 Chapters
Fundamental Security Concepts Chevron down icon Chevron up icon
Secure Network Design Chevron down icon Chevron up icon
Server-Level Security Chevron down icon Chevron up icon
Cloud Security Design Chevron down icon Chevron up icon
Application Security Design Chevron down icon Chevron up icon
Threat Detection and Response Chevron down icon Chevron up icon
Vulnerability Assessment Chevron down icon Chevron up icon
Remote OS Detection Chevron down icon Chevron up icon
Public Key Infrastructure-SSL Chevron down icon Chevron up icon
Firewall Placement and Detection Techniques Chevron down icon Chevron up icon
VPN and WAN Encryption Chevron down icon Chevron up icon
Summary and Scope of Security Technologies Chevron down icon Chevron up icon
Assessment Chevron down icon Chevron up icon
Other Books you may enjoy Chevron down icon Chevron up icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the digital copy I get with my Print order? Chevron down icon Chevron up icon

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela