Security Power Tools

Bryan Burns, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch



What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.

Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.

Security Power Tools details best practices for:

  • Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation
  • Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes
  • Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux
  • Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing
  • Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes
  • Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg
A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools.


如果你能坐下來與世界上最有才華的安全工程師之一交流,並且問任何你想問的網絡安全問題,那該有多好?《Security Power Tools》正是讓你實現這一點!Juniper Networks的安全工程團隊成員和一些特邀專家揭示了如何使用、調整和推動最流行的網絡安全應用程序、工具和實用程序,並支持Windows、Linux、Mac OS X和Unix平台。

《Security Power Tools》設計成可瀏覽的,通過23個交叉引用的章節,提供了多種網絡安全方法,評估了行業內最佳的黑帽技術和白帽防禦策略。對於網絡管理員、工程師和顧問來說,這是一本必備的參考書,其中包含了各種免費軟件和商業工具的技巧、訣竅和操作指南,從中級級別的命令行操作到高級的自隱藏漏洞的編程。

《Security Power Tools》詳細介紹了以下最佳實踐:

- 偵察 - 包括用於網絡掃描的工具,如nmap;用於Windows和Linux的漏洞掃描工具;局域網偵察;幫助無線偵察的工具;以及自定義封包生成工具
- 渗透 - 如用於自動渗透遠程計算機的Metasploit框架;尋找無線網絡的工具;渗透框架應用程序;以及操作shellcode的技巧和工具
- 控制 - 包括配置多種工具用作後門;以及對Windows和Linux已知rootkit的評估
- 防禦 - 包括基於主機的防火牆;用於Windows和Linux網絡的主機硬化;使用ssh進行通信安全;電子郵件安全和防惡意軟件;以及設備安全測試
- 監控 - 如用於捕獲和分析封包的工具;使用Honeyd和snort進行網絡監控;以及對生產服務器進行文件更改的主機監控
- 發現 - 包括The Forensic Toolkit、SysInternals和其他流行的取證工具;應用程序fuzzer和fuzzing技術;以及使用Interactive Disassembler和Ollydbg等工具進行二進制逆向工程的藝術

一位斯坦福大學法學教授撰寫的實用且及時的網絡安全倫理章節為這本書增添了亮點,使其成為一本安全信息的寶庫。通過《Security Power Tools》,節省大量的煩惱,並為任何網絡安全困境做好準備。