Hacking Exposed Cisco Networks Cisco Security Secrets & Solutions,9780072259179

Hacking Exposed Cisco Networks Cisco Security Secrets & Solutions

by ; ;
Edition: 1st
ISBN13: 9780072259179
ISBN10: 0072259175
Format: Paperback
Pub. Date: 2006-01-06
Publisher(s): McGraw-Hill Education
List Price: $60.90

Buy New

Usually Ships in 2-3 Business Days.
$58.00
Add to Cart

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$79.88
*To support the delivery of the digital material to you, a non-refundable digital delivery fee of $3.99 will be charged on each digital item.
$79.88*
Add to Cart

Used Book

We're Sorry
Sold Out

Buy from our Marketplace starting at $55.26

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Here is the first book to focus solely on Cisco network hacking, security auditing, and defense issues. Using the provenHacking Exposedmethodology, this book shows you how to locate and patch system vulnerabilities by looking at your Cisco network through the eyes of a hacker. The book covers device-specific and network-centered attacks and defenses and offers real-world case studies.

Author Biography

Dr. Andrew A. Vladimirov, CCNP, CCDP, CISSP, CWNA, CompTIA Linux+ (Bristol, UK) is a researcher with a wide area of expertise ranging from applied cryptography and network security to bioinformatics and neuroscience.

Konstanstin V. Gavrilenko (Bristol, UK) has over 12 years experience in IT and security.

Andrei A. Mikhailovsky (Bristol, UK) has expertise that includes user authentication mechanisms, database and directory services, wireless networking security and systems integration.

Table of Contents

Foreword xvii
Case Study: The Black Hat Hassle xx
Acknowledgments xxiii
Introduction xxv
Part I Foundations
Case Study: eBay Surprise
2(3)
Cisco Network Design Models and Security Overview
5(18)
Cisco Network Design Models: A Security Perspective
7(11)
The Flat Earth Model
7(2)
The Star Model
9(1)
The Two-Tier Model
10(1)
The Ring Model
11(1)
The Mesh and Partial Mesh Model
12(2)
Network Security Zones
14(3)
IDS Sensor Deployment Guidelines
17(1)
Cisco Hierarchical Design and Network Security
18(4)
The Core Layer
19(1)
The Distribution Layer
20(1)
The Access Layer
21(1)
Summary
22(1)
Cisco Network Security Elements
23(34)
Common Cisco Device Security Features
24(3)
Cisco Firewalls
27(6)
Packet-Filtering Firewalls
27(1)
Stateful Packet-Filtering Firewalls
28(1)
Proxy Filters
29(1)
PIX Firewall Failover
30(2)
Types of Cisco Firewall Hardware
32(1)
Cisco Secure IDS and Attack Prevention
33(9)
Hardware Standalone IDS Sensors
34(2)
Modular IDS Sensors
36(1)
Cisco IOS IDS Software
37(2)
Cisco PIX Firewalls as IDS Sensors
39(1)
Cisco Traffic Anomaly Detector XT 5600
40(1)
Cisco Secure IDS Management Consoles
41(1)
Cisco VPN Solutions
42(5)
IPSec
44(2)
PPTP
46(1)
Cisco AAA and Related Services
47(5)
Overview of AAA Methodology
47(1)
Cisco and AAA
48(4)
Security Implications of Cisco Internetwork Design and Security Elements
52(4)
Summary
56(1)
Real-World Cisco Security Issues
57(20)
Why Do Hackers Want to Enable Your Box?
58(4)
What Attackers Gain
59(3)
Cisco Appliances and Networks: an Attacker's Perspective
62(7)
Attacking Network Protocols
66(1)
Hiding Tracks and Forensics on Routers and Switches
67(2)
Cisco Network Device Security Auditing and Penetration Testing Foundations
69(2)
The Evaluation Process
70(1)
Summary
71(3)
Part II ``I Am Enabled'': Hacking the Box
Case Study: The One with a Nessus Report
74(3)
Profiling and Enumerating Cisco Networks
77(46)
Online Searching and ``Cisco Googledorks''
78(6)
Basic Searching
79(2)
Searching Using Google Operators
81(1)
Googling for Enable
82(2)
Routing Enumeration
84(37)
Autonomous System Discovery and Mapping: BGPv4 Interrogation
84(2)
Internet Routing Registries, Route Servers, and Looking Glasses Querying
86(6)
Mapping IP Addresses to Autonomous Systems
92(3)
Enumerating an Autonomous System
95(4)
Finding Autonomous Systems That Belong to an Organization
99(2)
AS Path Enumeration, Building BGP Trees, and Finding Border Routers
101(7)
Routing Domain Number Discovery and Network Mapping for IGPs
108(1)
Mapping RIP, IGRP, and IRDP
108(6)
Enumerating OSPF
114(2)
Analyzing OSPF Enumeration Data
116(5)
Summary
121(2)
Enumerating and Fingerprinting Cisco Devices
123(48)
Sniffing for Cisco-Specific Protocols
124(11)
Dissecting CDP Frames
128(5)
Passive Enumeration and Fingerprinting of Cisco Devices
133(2)
Active Enumeration and Fingerprinting of Cisco Devices
135(35)
Active Enumeration and Fingerprinting of Cisco Routers
136(7)
Active Enumeration and Fingerprinting of Catalyst Switches
143(6)
Active Enumeration and Fingerprinting of Other Cisco Appliances
149(7)
Using IOS 11.X Memory Leak to Enumerate Remote Cisco Routers
156(14)
Summary
170(1)
Getting In from the Outside: Dead Easy
171(66)
Password Attacks
172(17)
Mass Guessing/Bruteforcing Attacks Against Open Cisco Telnet Servers
173(7)
Password Guessing and Bruteforcing Attacks Against Other Open Cisco Services
180(9)
SNMP Community Guessing, Exploitation, and Safeguards
189(32)
Cisco SNMP Basics
189(4)
SNMP Mass Scanning
193(3)
SNMP Bruteforcing and Dictionary Attacks
196(3)
SNMP Browsing and Cisco Device Reconfiguration
199(8)
Command-Line Remote Cisco Device SNMP Manipulation---IOS Hosts
207(6)
Command-Line Remote Cisco Device SNMP Manipulation---CatOS Switches
213(8)
Exploiting TFTP Servers to Take Over Cisco Hosts
221(4)
Enumerating TFTP Servers
221(2)
Sniffing Out Cisco Configuration Files
223(1)
Bruteforcing TFTP Servers to Snatch Configs
224(1)
Cisco Device Wardialing
225(9)
Cisco Router Wardialing 101: Interfaces, Configurations, and Reverse Telnet
225(3)
Discovering the Numbers to Dial In
228(2)
Getting into a Cisco Router or an Access Server
230(4)
Summary
234(3)
Hacking Cisco Devices: The Intermediate Path
237(36)
A Primer on Protocol Implementation Investigation and Abuse: Cisco SNMP Attacks
238(22)
SilverCreek
240(3)
SimpleTester and SimpleSleuth
243(4)
Oulu University PROTOS Project
247(4)
From SNMP Fuzzing to DoS and Reflective DDoS
251(1)
From SNMP Stress Testing to Nongeneric DoS
252(1)
Hidden Menace---Undocumented SNMP Communities and Remote Access
253(3)
Getting In via Observation Skills Alone
256(3)
Brief SNMPv3 Security Analysis
259(1)
A Primer on Data Input Validation Attack---Cisco HTTP Exploitation
260(5)
Basics of Cisco Web Configuration Interface
260(3)
Cisco IOS HTTP Administrative Access
263(1)
Cisco ATA-186 HTTP Device Configuration Disclosure
264(1)
VPN Concentrator HTTP Device Information Leakage
265(1)
Other Cisco HTTPd Flaws---a More Sophisticated Approach
265(2)
Cisco IOS 2GB HTTP GET Buffer Overflow Vulnerability
266(1)
Assessing Security of a Cisco Web Service
267(5)
SPIKE and Its Relatives
268(3)
The Peach Fuzzer
271(1)
Summary
272(1)
Cisco IOS Exploitation: The Proper Way
273(24)
Cisco IOS Architecture Foundations
274(7)
Cisco IOS Memory Dissection
275(6)
An Exploitation Primer: IOS TFTP Buffer Overflow
281(10)
Defeating Check Heaps
284(7)
The Curse and the Blessing of IOS Reverse Engineering
291(4)
IOS Features and Commands That Can Be (Ab)used by Reverse Engineers
292(1)
A Minimalistic Reverse Engineering Arsenal
293(2)
Summary
295(2)
Cracking Secret Keys, Social Engineering, and Malicious Physical Access
297(20)
Cisco Appliance Password Cracking
298(10)
Cracking Type-7 Passwords
298(3)
Cracking MD5 Password Hashes
301(3)
Social Engineering Attacks
304(4)
Local Device Access
308(8)
Local Router Password Reset or Recovery
308(2)
Local Switch Password Reset or Recovery
310(3)
Local PIX Firewall Password Reset or Recovery
313(2)
Local Cisco VPN Concentrator Password Reset or Recovery
315(1)
Summary
316(1)
Exploiting and Preserving Access
317(44)
Common Cisco Router, Switch, or Firewall Reconfigurations by Attackers
318(22)
Is Anyone Here?
318(2)
Covering Tracks
320(3)
Looking Around
323(4)
Using a Hacked IOS Router to Hide Tracks
327(1)
Using a Hacked IOS Router or PIX Firewall to Allow Malicious Traffic Through
328(2)
Using a Hacked IOS Router to Mirror, Capture, and Modify Bypassing Traffic
330(2)
Sniffing Traffic from a Hacked PIX Firewall
332(1)
Sniffing the Network Using a Cisco Catalyst Switch
333(3)
(Ab)using Remote SPAN
336(1)
The Secret CatOS Enable Engineer Mode
337(3)
Further IOS Exploitation and Device Access Preservation
340(20)
IOS Binary Patching: Myth and Reality
340(13)
TCLing the Router for Fun and Profit
353(7)
Summary
360(1)
Denial of Service Attacks Against Cisco Devices
361(36)
DoS Attack Motives
362(1)
Types of DoS Attacks
363(1)
Consumption of Resources
363(1)
Disruption of Information Flow
364(1)
Disruption of Communication
364(1)
Cisco DoS Assessment Tools
364(3)
Cisco Global Exploiter
365(1)
Cisco TCP Test Tool
366(1)
Well-Known Cisco DoS Vulnerabilities
367(9)
Cisco Devices Generic DoS
367(1)
ICMP Remote DoS Vulnerabilities
367(2)
Malformed SNMP Message DoS Vulnerability
369(1)
Examples of Specific DoS Attacks Against Cisco Routers
370(1)
Cisco IOS Malformed IKE Packet Remote DoS Vulnerability
370(1)
Cisco 44020 Bug
370(2)
Examples of Specific DoS Attacks Against Catalyst Switches and Other Cisco Networking Devices
372(1)
Cisco Catalyst Memory Leak DoS Vulnerability
372(1)
Incorrect TCP Checksum Attack Disrupting Communication Through a PIX Firewall
373(1)
Cisco Broadband OS TCP/IP Stack DoS Vulnerability
373(1)
Cisco Aironet AP1x00 Malformed HTTP GET DoS Vulnerability
374(1)
Cisco Catalyst Nonstandard TCP Flags Remote DoS Vulnerability
375(1)
Abusing Cisco Appliances for Nasty DDoS Deeds
376(6)
Mass Cisco Pinging, the SNMP Way
376(1)
Mass Cisco Pinging, the Telnet Way MK I
376(2)
Mass Cisco Pinging, the Telnet Way MK II
378(1)
Mass Cisco Flood, the SNMP Way
379(3)
DDoS Massive: Revenge of the Kiddies
382(8)
Direct DDoS Attacks
382(1)
Reflective DDoS Attacks
382(1)
ihateperl.pl
383(1)
drdos
383(7)
Summary
390(4)
Part III Protocol Exploitation in Cisco Networking Environments
Case Study: The Flying OSPF Hell
394(3)
Spanning Tree, VLANs, EAP-LEAP, and CDP
397(46)
Spanning Tree Protocol Exploitation
398(17)
Inserting a Rogue Root Bridge
402(8)
Modifying a Traffic Path Without Becoming Root
410(1)
Recalculating STP and Data Sniffing
411(1)
STP DoS Attacks
412(3)
Exploiting VLANs
415(16)
DTP Abuse
415(1)
802.1q and ISL Exploitation
416(3)
Double Tagging VLAN Hopping
419(1)
Private VLAN Hopping
420(1)
Making Unidirectional Attacks Bidirectional
421(1)
VTP Exploitation
422(1)
VLAN Query Protocol (VQP) Attacks
423(3)
Lateral Means of Bypassing VLAN Segmentation
426(5)
Cisco EAP-LEAP Cracking
431(7)
EAP-LEAP Basics
432(1)
EAP-LEAP Cracking
432(6)
Attacking CDP
438(2)
A Sneaky CDP Attack
438(2)
Summary
440(3)
HSRP, GRE, Firewalls, and VPN Penetration
443(28)
HSRP Exploitation
444(3)
GRE Exploitation
447(6)
An MTU-Based Attack Against GRE
447(1)
GRE Packet Injection
448(5)
Cisco Firewall Penetration
453(6)
Attacking PIX Protocol Fixups
453(1)
Attacking PIX MailGuard
453(1)
Attacking PIX FTP Fixup
454(2)
TCP RESET Attacks Against PIX Firewalls
456(3)
Cisco VPN Hacking
459(11)
IPSec-Related Attacks
460(7)
Cisco PPTP Hacking
467(3)
Summary
470(1)
Routing Protocols Exploitation
471(122)
Introduction to Routing Attacks
472(2)
Setting Up a Rogue Router
474(1)
Attacking Distance-Vector Routing Protocols
474(24)
Attacking RIP
475(1)
Malicious Route Insertion via RIP
475(6)
RIP Downgrading Attack
481(1)
RIP MD5 Hash Cracking Attack
482(4)
Attacking IGRP
486(1)
Malicious Route Insertion via EIGRP
487(5)
DoS Attacks Against EIGRP Networks
492(2)
Attacking Authenticated EIGRP
494(4)
Attacking Link State Routing Protocols
498(14)
Malicious Route Insertion via OSPF
499(5)
Becoming a Designated or Backup Designated OSPF Router
504(2)
OSPF MD5 Hash Cracking Attack
506(1)
Direct Attack Against an OSPF Router: The OoopSPF Exploit
507(2)
Possible DoS Attacks Against OSPF
509(3)
Attacking BGPv4
512(16)
Malicious BGP Router Reconfiguration
513(3)
Attack Scenarios for Malicious BGP Router Reconfiguration
516(3)
BGP Router Masquerading Attack
519(1)
Man-in-the-Middle Attacks Against BGP Routers
520(2)
Cracking BGP MD5 Authentication
522(1)
Blind DoS Attacks Against BGP Routers
523(5)
Summary
528(2)
Part IV Appendixes
Case Study: The Epic Battle
530(3)
A. Network Appliance Security Testing Template
533(6)
B. Lab Router Interactive Cisco Auto Secure Configuration Example
539(10)
C. Undocumented Cisco Commands
549(44)
Index 593

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.