Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Applied Network Security
Applied Network Security

Applied Network Security: Proven tactics to detect and defend against all kinds of network attack

Arrow left icon
Profile Icon Michael McLafferty Profile Icon Salmon Profile Icon Warun Levesque
Arrow right icon
$48.99
Paperback Apr 2017 350 pages 1st Edition
eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Michael McLafferty Profile Icon Salmon Profile Icon Warun Levesque
Arrow right icon
$48.99
Paperback Apr 2017 350 pages 1st Edition
eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Applied Network Security

Introduction to Network Security

This world is changing rapidly with advancing network technologies. Unfortunately, sometimes the convenience of technology can outpace its security and safety. Technologies such as the Internet of Things are ushering in a new era of network communication. There are some who predict that by the year 2020 over 50 billion devices will be connected by the Internet of Things. Technologies such as the Internet of Things have created a critical need for network security professionals. There is currently a great shortfall within the network security field. We want to help change that by writing this book. We also want to change the mindset in the field of network security. Most current cyber security professionals practice defensive and passive security. They mostly focus on mitigation and forensic tactics to analyze the aftermath of an attack. We want to change this mindset to one of offensive security. Becoming a threat hunter and aggressively going after network attacks is how we want those who read this book to think. By writing this book, we will teach you how to become a threat hunter. We strongly believe that learning offensive security will help restore some balance to the networking world. The volume of cybercrime has gotten completely out of hand. Another main reason we are writing this book is to teach the reader how to apply network security. Network theory can only take you so far in understanding network security. It is necessary to use applied knowledge to fully learn all aspects of network security. Reading this book will provide detailed step-by-step instructions on how to use applied network security tools and methods. We also wrote this book to promote an understanding on how hackers attack and what tools they use. This book will give an insight into how a hacker thinks and what methods they use. Having knowledge of a hacker's tactics will give the reader a great advantage in protecting any network from attacks.

Murphy's law

Network security is the same as Murphy's law in the sense that, if something can go wrong it will go wrong. To be successful at understanding and applying network security, a person must master the three Ps: persistence, patience, and passion.

A cyber security professional must be persistent in their pursuit of a solution to a problem. Giving up is not an option. The answer will be there; it just may take more time than expected to find it. Having patience is also an important trait to master. When dealing with network anomalies, it is very easy to get frustrated. Taking a deep breath and keeping a cool head goes a long way towards finding the correct solution to your network security problems. Finally, developing a passion for cyber security is critical to being a successful network security professional. Having that passion will drive you to learn more and evolve on a daily basis to get better. Once you learn, then you will improve and perhaps go on to inspire others to embrace similar aspirations in cyber security.

Hackers (and their types) defined

A hacker is a person who uses computers to gain unauthorized access to data. There are many different types of hackers. There are white hat, grey hat, and black hat hackers. Some hackers are defined by their intention. For example, a hacker that attacks for political reasons may be known as a hacktivist. A white hat hacker has no criminal intent, but instead focuses on finding and fixing network vulnerabilities.

Often companies will hire a white hat hacker to test the security of their network for vulnerabilities. A grey hat hacker is someone who may have criminal intent, but not often for personal gain. Often a grey hat will seek to expose a network vulnerability without the permission from the owner of the network. A black hat hacker is purely criminal. Their sole objective is personal gain. Black hat hackers take advantage of network vulnerabilities however they can for maximum benefit. A cyber-criminal is another type of black hat hacker, who is motivated to attack for illegal financial gain. A more basic type of hacker is known as a script kiddie. A script kiddie is a person who knows how to use basic hacking tools, but doesn't understand how they work. They often lack the knowledge to launch any kind of real attack, but can still cause problems on a poorly protected network.

Hacker tools

There are a range of many different hacking tools. A tool such as Nmap, for example, is a great tool for both reconnaissance and scanning for network vulnerabilities. Some tools are grouped together to make toolkits and frameworks, such as the Social Engineering Toolkit and Metasploit framework.

The Metasploit framework is one of the most versatile and best supported hacking tool frameworks available. Metasploit is built around a collection of highly effective modules, such as msfvenom, and it provides access to an extensive database of exploits and vulnerabilities. There are also physical hacking tools. Devices such as the Rubber Ducky and Wi-Fi Pineapple are good examples. The Rubber Ducky is a USB payload injector that automatically injects a malicious virus into the device it's plugged into.

The Wi-Fi Pineapple can act as a rogue router and it can be used to launch man-in-the-middle attacks. The Wi-Fi Pineapple also has a range of modules that allow it to execute multiple attack vectors. These types of tool are known as penetration testing equipment. We will explore these tools and others in more detail, later in the book.

The hacking process

There are five main phases to the hacking process:

  • Reconnaissance: The reconnaissance phase is often the most time-consuming. This phase can last days, weeks, or even months sometimes depending on the target. The objective during the reconnaissance phase is to learn as much as possible about the potential target.
  • Scanning: In this phase the hacker will scan for exploitable vulnerabilities in the network. These scans will look for weaknesses such as open ports, open services, outdated applications (including operating systems), and the type of equipment being used on the network.
  • Access: In this phase the hacker will use the knowledge gained in the previous phases to gain access to sensitive data or use the network to attack other targets. The objective of this phase is to have the attacker gain some level of control over other devices on the network.
  • Maintaining access: During this phase a hacker will look at various options, such as creating a backdoor to maintain access to devices they have compromised. By creating a backdoor, a hacker can maintain a persistent attack on a network, without fear of losing access to the devices they have gained control over. However, when a backdoor is created, it increases the chance of a hacker being discovered. Backdoors are noisy and often leave a large footprint for IDS to follow.
  • Covering your tracks: This phase is about hiding the intrusion of the network by the hacker as to not alert any IDS that may be monitoring the network. The objective of this phase is to erase any trace that an attack occurred on the network.

Ethical hacking issues

Ethics can be different from person to person. Many times, ethics are a matter of interpretation and intent in terms of what your actions are trying to achieve. Ethical hacking can be perceived in a few different ways. For some, ethical hacking is a great and noble pursuit. It is a way to understand how a hacker thinks and attacks. Having this knowledge gives a big advantage to protecting a network from an attack.

"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."
- Sun Tzu

The majority of ethical hackers are white hat, although sometimes the methods an ethical hacker uses could be considered grey hat in application. It is important to always get clear, written permission and define the scope of what you can and cannot do while working on a network. Having written permission and a defined scope of what is expected will protect you should you ever become a scapegoat from some anomaly you have no knowledge about.

Since the 1986 Computer Fraud and Abuse Act was passed, it is illegal to access a computer without authorization and steal private government information or financial/credit card information. Breaking into a computer system is the technological version of trespassing. A hacker would say that no harm is done when they break into a computer system. People have a certain expectation of privacy. When that sense of privacy is taken away, a person loses something priceless, even if it seems intangible. There are many people who are unaware that there are different types of hacker, such as white, black, and grey hat hackers. They assume all hackers are malicious and not to be trusted. Being an ethical hacker comes with some stigmatization. An ethical hacker may cause fear and uncertainty within some people who lack this type of knowledge. That fear is often driven by the unknown, that unknown being the extent of an ethical hacker's capabilities.

As mentioned earlier, privacy is priceless. When an individual has the ability to take that away, they may be seen as a potential threat. That is why, as an ethical hacker, it is important to maintain a high ethical standard. Sometimes an ethical hacker may find themselves facing a complicated ethical situation. For example, it is not uncommon to find illegally pirated material on workplace computers such as music, movies, and games. Unless defined by the scope of the job, it may be up to the individual to inform the management about misuse of company computers and network resources. That would be more of an ethical decision made by the individual working on the network/user devices. A different twist on that scenario is finding child pornography on a workplace computer. In that situation, the network security individual who found the illegal material must immediately report it to both law enforcement and management. Failing to report something like that to law enforcement may leave the person who found it liable for criminal prosecution. An ethical hacker may have a complex role within network security, but as long as that person keeps a strong ethical standard they will be fine.

Current technologies

New technologies are continuously changing the landscape of network security. One of the best examples of this is the Internet of Things. A device, car, or building that is embedded with software, sensors, actuators, and some type of network connection is considered to contain the Internet of Things.

Objects with the Internet of Things collect and share data across the Web. Smart energy management systems have fully embraced this technology with great success. The Internet of Things has some amazing benefits, but also has some major and potentially devastating drawbacks. In 2014 two cyber security researchers demonstrated that it was possible to hack into a Jeep Cherokee and disable its brakes and transmission. This was done remotely using a vulnerability found in the Internet of Things.

Medical devices have also been subject to attacks. Some people now disable the Wi-Fi capability on their pacemaker, out of a real fear that a hacker could send a fatal electric shock through the device itself. Another interesting technology that is growing is called Software-defined networks (SDN). SDN allows network admins to manage network services through the abstraction of lower-level functionality. SDN architectures separate network control and forwarding functions, enabling network control to become directly programmable and the underlying infrastructure to be abstracted from applications and network services. This allows for much greater flexibility and scalability when working with modern computing environments.

The rise of smartphones, cloud services, and mobile data content has led to a change in how network architecture and infrastructure are implemented. Although these technologies are helping set new standards in efficiency and capacity, they come with many vulnerabilities that can cause great harm to individuals and businesses. That is why it is important for network security professionals to stay current on new technologies and practices to best protect their networks.

Recent events and statistics of network attacks

The news has been full of cyber-attacks in recent years. The number and scale of attacks are increasing at an alarming rate. It is important for anyone in network security to study these attacks. Staying current with this kind of information will help in defending your network from similar attacks.

Since 2015, the medical and insurance industries have been heavily targeted for cyber-attacks. On May 5th, 2015, Premera Blue Cross was attacked. This attack is said to have compromised at least 11 million customer accounts containing personal data. The attack exposed customer names, birth dates, social security numbers, phone numbers, bank account information, mailing, and e-mail addresses. Another attack that was on a larger scale was the attack on Anthem. It is estimated that 80 million personal data records were stolen from customers, employees, and even the Chief Executive Officer of Anthem. Another more infamous cyber-attack recently was the Sony hack. This hack was a little different from the Anthem and Blue Cross attacks, because it was carried out by hacktivists instead of cyber criminals.

Even though both types of hacking are criminal, the fundamental reasoning and objectives underlying the attacks are quite different. The objective in the Sony attack was to disrupt and embarrass the executives at Sony as well as prevent a film from being released. No financial data was targeted. Instead the hackers went after personal e-mails of top executives. The hackers then released the e-mails to the public, causing humiliation to Sony and its executives. Many apologies were issued by Sony in the following weeks of the attack.

Large commercial retailers have also been a favorite target for hackers. An attack occurred against Home Depot in September of 2014. That attack was on a large scale. It is estimated that over 56 million credit cards were compromised during the Home Depot attack. A similar attack but on a smaller scale was carried out against Staples in October 2014. During this attack, over 1.4 million credit card numbers were stolen. The statistics on cyber security attacks are eye-opening.

It is estimated by some experts that cybercrime has a worldwide cost of 110 billion dollars a year. In a given year, over 15 million Americans will have their identity stolen through cyber-attacks, it is also estimated that 1.5 million people fall victim to cybercrime every day. These statistics are rapidly increasing and will continue to do so until more people take an active interest in network security.

Our defense

The baseline for preventing potential security issues typically begins with hardening the security infrastructure, including firewalls, DMZ, and physical security platforms, and entrusting only valid sources or individuals with personal data and or access to that data. That also includes being compliant with all regulations that apply to a given situation or business, and being aware of the types of breach as well as your potential vulnerabilities. Also understanding whether an individual or an organization is a higher risk target for attacks is beneficial. The question has to be asked, does one's organization promote security? This is done both at the personal and the business level to deter cyber-attacks.

After a decade of responding to incidents and helping customers recover from and increase their resilience against breaches, organizations may already have a security training and awareness (STA) program, or other training and programs. As the security and threat landscape evolves, organizations and individuals need to continually evaluate practices that are required and appropriate for the data they collect, transmit, retain, and destroy. Encryption of data at rest/in storage and in transit is a fundamental security requirement and the respective failure is frequently being cited as the cause for regulatory action and lawsuits.

Enforce effective password management policies. Least privilege user access (LUA) is a core security strategy component, and all accounts should run with as few privileges and access levels as possible. Conduct regular security design and code reviews including penetration tests and vulnerability scans to identify and mitigate vulnerabilities. Require e-mail authentication on all inbound and outbound mail servers to help detect malicious e-mails including spear phishing and spoofed e-mails. Continuously monitor in real time the security of your organization's infrastructure including collecting and analyzing all network traffic, and analyzing centralized logs (including firewall, IDS/IPS, VPN, and AV) using log management tools and reviewing network statistics. Identify anomalous activity, then investigate and revise your view of anomalous activity accordingly. User training is the biggest challenge, but it is arguably the most important defense.

Security for individuals versus companies

One of the fundamental questions individuals need to ask themselves is, Is there a difference between individuals and an organization? Individual security is less likely due to the attack service area. However, there are tools and sites on the Internet that can be utilized to detect and mitigate data breaches for both: https://haveibeenpwned.com/ or http://map.norsecorp.com/ are good sites to start with. The issue is that individuals believe they are not a target because there is little to gain from attacking individuals, but in truth everyone has the ability to become a target.

Wi-Fi vulnerabilities

Protecting wireless networks can be very challenging at times. There are many vulnerabilities that a hacker can exploit to compromise a wireless network. One of the basic Wi-Fi vulnerabilities is broadcasting the Service Set Identifier (SSID) of your wireless network. Broadcasting the SSID makes the wireless network easier to find and target.

Another vulnerability in Wi-Fi networks is using Media Access Control (MAC) addresses for network authentication. A hacker can easily spoof or mimic a trusted MAC address to gain access to the network. Using weak encryption such as Wired Equivalent Privacy (WEP) will make your network an easy target for attack. There are many hacking tools available to crack any WEP key in under five minutes.

We will explore some of these tools later in this book. A major physical vulnerability in wireless networks is access points (APs). Sometimes APs will be placed in poor locations that can be easily accessed by a hacker. A hacker may install what is called a rogue AP. This rogue AP will monitor the network for data that a hacker can use to escalate their attack.

Often this tactic is used to harvest the credentials of high ranking management personnel, to gain access to encrypted databases that contain the personal/financial data of employees and customers, or both. Peer-to-peer technology can also be a vulnerability for wireless networks.

A hacker may gain access to a wireless network by using a legitimate user as an accepted entry point. Not using and enforcing security policies is also a major vulnerability found in wireless networks. Using security tools such as Active Directory (deployed properly) will make it harder for a hacker to gain access to a network. Hackers will often go after low-hanging fruit (easy targets), so having at least some deterrence will go a long way in protecting your wireless network.

Using Intrusion Detection Systems (IDS) in combination with Active Directory will immensely increase the defense of any wireless network, although the most effective factor is having a well-trained and informed cyber security professional watching over the network. The more a cyber security professional (threat hunter) understands the tactics of a hacker, the more effective that threat hunter will become in discovering and neutralizing a network attack. Although there are many challenges in protecting a wireless network, with the proper planning and deployment those challenges can be overcome.

Knowns and unknowns

The toughest thing about unknown risks to security is that they are unknown. Unless they are found, they can stay hidden. A common practice to determine an unknown risk would be to identify all the known risks and attempt to mitigate them as best as possible. There are many sites available that can assist in this venture. The most helpful are reports from CVE sites that identify vulnerabilities.

False positives

Positive Negative
True TP: correctly identified TN: correctly rejected
False FP: incorrectly identified FN: incorrectly rejected

As it is related to detection for an analyzed event, there are four situations that exist in this context, corresponding to the relationship between the results of the detection for an analyzed event. In this case, each of the corresponding situations is outlined as follows:

  • True positive (TP): This is when the analyzed event is correctly classified as an intrusion or as harmful/malicious.
    For example, a network security administrator enters their credentials into the Active Directory server and is granted administrator access.
  • True negative (TN): This is when the analyzed event is correctly classified and correctly rejected.
    For example, an attacker uses a port such as 4444 to communicate with a victim's device. An intrusion detection system detects network traffic on the authorized port and alerts the cyber security team to this potential malicious activity. The cyber security team quickly closes the port and isolates the infected device from the network.
  • False positive (FP): This is when the analyzed event is innocuous or otherwise clean in the context of security, however, the system classifies it as malicious or harmful.
    For example, a user types their password into a website's login text field. Instead of being granted access, the user is flagged for an SQL injection attempt by input sanitation. This is often caused when input sanitation is misconfigured.
  • False negative (FN): This is when the analyzed event is malicious, but it is classified as normal/innocuous.
    For example, an attacker inputs an SQL injection string into a text field found on a website to gain unauthorized access to database information. The website accepts the SQL injection as normal user behavior and grants access to the attacker. For detection, having systems correctly identify the given situation is paramount.

Mitigation against threats

There are many threats that a network faces. New network threats are emerging all the time. As a network security professional, it would be wise to have a good understanding of effective mitigation techniques. For example, a hacker using a packet sniffer can be mitigated by only allowing the network admin to run a network analyzer (packet sniffer) on the network. A packet sniffer can usually detect another packet sniffer on the network right away.

Although there are ways a knowledgeable hacker can disguise the packet sniffer as another piece of software, a hacker will not usually go to such lengths unless it is a highly-secured target. It is alarming that most businesses do not properly monitor their network or even at all.

It is important for any business to have a business continuity/disaster recovery plan. This plan is intended to allow a business to continue to operate and recover from a serious network attack. The most common deployment of the continuity/disaster recovery plan is after a DDoS attack. A DDoS attack could potentially cost a business or organization millions of dollars in lost revenue and productivity. One of the most effective and hardest to mitigate attacks is social engineering.

All the most devastating network attacks have begun with some type of social engineering attack. One good example is the hack against Snapchat on February 26th, 2016. "Last Friday, Snapchat's payroll department was targeted by an isolated e-mail phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information," Snapchat explained in a blog post. "Unfortunately, the phishing e-mail wasn't recognized for what it was - a scam - and payroll information about some current and former employees was disclosed externally." Socially engineered phishing e-mails, such as the one that affected Snapchat, are common attack vectors for hackers.

The one difference between phishing e-mails from a few years ago and those in 2016 is the level of social engineering hackers are putting into the e-mails. The Snapchat HR phishing e-mail indicated a high level of reconnaissance on the Chief Executive Officer of Snapchat. This reconnaissance most likely took months. This level of detail and targeting of an individual (The Chief Executive Officer) is more accurately known as a spear-phishing e-mail. Spear phishing campaigns go after one individual (fish) compared to phishing campaigns that are more general and may be sent to millions of users (fish). It is the same as casting a big open net into the water and seeing what comes back.

The only real way to mitigate against social engineering attacks is training and building awareness among users. Properly training the users that access the network will create a higher level of awareness of socially engineered attacks.

Building an assessment

Creating a network assessment is an important aspect of network security. A network assessment will allow for a better understanding of where vulnerabilities may be found within the network. It is important to know precisely what you are doing during a network assessment. If the assessment is done incorrectly, you could cause great harm to the network you are trying to protect.

Before you start the network assessment, you should determine the objectives of the assessment itself. Are you trying to identify if the network has any open ports that shouldn't be? Is your objective to quantify how much traffic flows through the network at any given time or a specific time?

Once you decide on the objectives of the network assessment, you will then be able to choose the types of tool you will use. Network assessment tools are often known as penetration testing tools. A person who employs these tools is known as a penetration tester or pen tester.

These tools are designed to find and exploit network vulnerabilities, so that they can be fixed before a real attack occurs. That is why it is important to know what you are doing when using penetration testing tools during an assessment. Later in this book, we will discuss and provide applied labs for some of the most powerful penetration testing tools available. We will also explain how to use them properly.

Sometimes network assessments require a team. It is important to have an accurate idea of the scale of the network before you pick your team. In a large enterprise network, it can be easy to become overwhelmed by tasks to complete without enough support. Once the scale of the network assessment is complete, the next step is to ensure you have written permission and scope from management. All parties involved in the network assessment must be clear on what can and cannot be done to the network during the assessment.

After the assessment is completed, the last step is creating a report to educate concerned parties about the findings. Providing detailed information and solutions to vulnerabilities will help keep the network up-to-date in terms of defense. The report will also be able to determine if there are any viruses lying dormant, waiting for an opportune time to attack the network. Network assessments should be conducted routinely and frequently to help ensure strong network security.

Summary

This chapter covered the fundamentals of network security. It began by explaining the importance of having network security and what should be done to secure the network. It also covered the different ways physical security can be applied. The importance of having security policies in place and wireless security was discussed. This chapter also spoke about wireless security policies and why they are important.

Chapter 2, Sniffing the Network, will cover various tools and methods to monitor network traffic.

Left arrow icon Right arrow icon

Key benefits

  • Deep dive into the advanced network security attacks and techniques by leveraging tools such as Kali Linux 2, MetaSploit, Nmap, and Wireshark
  • Become an expert in cracking WiFi passwords, penetrating anti-virus networks, sniffing the network, and USB hacks
  • This step-by-step guide shows you how to confidently and quickly detect vulnerabilities for your network before the hacker does

Description

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network. The book begins by showing you how to identify malicious network behaviour and improve your wireless security. We will teach you what network sniffing is, the various tools associated with it, and how to scan for vulnerable wireless networks. Then we’ll show you how attackers hide the payloads and bypass the victim’s antivirus. Furthermore, we’ll teach you how to spoof IP / MAC address and perform an SQL injection attack and prevent it on your website. We will create an evil twin and demonstrate how to intercept network traffic. Later, you will get familiar with Shodan and Intrusion Detection and will explore the features and tools associated with it. Toward the end, we cover tools such as Yardstick, Ubertooth, Wifi Pineapple, and Alfa used for wireless penetration testing and auditing. This book will show the tools and platform to ethically hack your own network whether it is for your business or for your personal home Wi-Fi.

Who is this book for?

This book is for network security professionals, cyber security professionals, and Pentesters who are well versed with fundamentals of network security and now want to master it. So whether you’re a cyber security professional, hobbyist, business manager, or student aspiring to becoming an ethical hacker or just want to learn more about the cyber security aspect of the IT industry, then this book is definitely for you.

What you will learn

  • Use SET to clone webpages including the login page
  • Understand the concept of Wi-Fi cracking and use PCAP file to obtain passwords
  • Attack using a USB as payload injector
  • Familiarize yourself with the process of trojan attacks
  • Use Shodan to identify honeypots, rogue access points, vulnerable webcams, and other exploits found in the database
  • Explore various tools for wireless penetration testing and auditing
  • Create an evil twin to intercept network traffic
  • Identify human patterns in networks attacks
Estimated delivery fee Deliver to Turkey

Standard delivery 10 - 13 business days

$12.95

Premium delivery 3 - 6 business days

$34.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 28, 2017
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781786466273
Category :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Estimated delivery fee Deliver to Turkey

Standard delivery 10 - 13 business days

$12.95

Premium delivery 3 - 6 business days

$34.95
(Includes tracking information)

Product Details

Publication date : Apr 28, 2017
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781786466273
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 152.97
Mastering Python Networking
$54.99
Penetration Testing Bootcamp
$48.99
Applied Network Security
$48.99
Total $ 152.97 Stars icon

Table of Contents

17 Chapters
Introduction to Network Security Chevron down icon Chevron up icon
Sniffing the Network Chevron down icon Chevron up icon
How to Crack Wi-Fi Passwords Chevron down icon Chevron up icon
Creating a RAT Using Msfvenom Chevron down icon Chevron up icon
Veil Framework Chevron down icon Chevron up icon
Social Engineering Toolkit and Browser Exploitation Chevron down icon Chevron up icon
Advanced Network Attacks Chevron down icon Chevron up icon
Passing and Cracking the Hash Chevron down icon Chevron up icon
SQL Injection Chevron down icon Chevron up icon
Scapy Chevron down icon Chevron up icon
Web Application Exploits Chevron down icon Chevron up icon
Evil Twins and Spoofing Chevron down icon Chevron up icon
Injectable Devices Chevron down icon Chevron up icon
The Internet of Things Chevron down icon Chevron up icon
Detection Systems Chevron down icon Chevron up icon
Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra Chevron down icon Chevron up icon
Offensive Security and Threat Hunting Chevron down icon Chevron up icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela