網(wǎng)絡(luò)安全滲透測試與防護(hù)
定 價(jià):43.8 元
- 作者:王立進(jìn)
- 出版時(shí)間:2024/11/1
- ISBN:9787121483844
- 出 版 社:電子工業(yè)出版社
- 中圖法分類:TP393.08
- 頁碼:224
- 紙張:
- 版次:01
- 開本:16開
本書根據(jù)網(wǎng)絡(luò)安全服務(wù)工程師的技能要求及網(wǎng)絡(luò)安全管理與評估賽項(xiàng)規(guī)范���,以網(wǎng)絡(luò)安全服務(wù)工程師的工作情景為主線進(jìn)行邊寫 ��,內(nèi)容包括搭建網(wǎng)絡(luò)攻防環(huán)境�����、信息收集與漏洞掃描�、 LINUX系統(tǒng)滲透測試與加固�����、 WINDOWS系統(tǒng)滲透測試與加固�����、數(shù)據(jù)庫系統(tǒng)滲透測試與加固、信息系統(tǒng)應(yīng)急響應(yīng)���、 Web系統(tǒng)安全性測試、無線網(wǎng)絡(luò)安全性測試��。本書內(nèi)容針對性���、適用性強(qiáng)�����,在同類高職院校網(wǎng)絡(luò)安全類類教材中是一部具有先進(jìn)性的"崗課賽證融通”教材�。
王立進(jìn)���,山東科技職業(yè)學(xué)院副教授�����,國家級職業(yè)教育教師教學(xué)創(chuàng)新團(tuán)隊(duì)成員�����,曾獲國家級教學(xué)成果二等獎��、山東省教學(xué)成果特等獎��,具有CISSP�����、CCNP��、PMP等專業(yè)認(rèn)證證書���。精通WEB攻防�、防火墻�����、入侵檢測�����、信息安全管理與評估等技術(shù)���。具有在啟明星辰等知名信息安全公司超過20年的企業(yè)工作經(jīng)驗(yàn)�,期間曾被聘任為北京郵電大學(xué)計(jì)算機(jī)學(xué)院兼職副教授、碩士研究生企業(yè)導(dǎo)師
項(xiàng)目一 滲透測試環(huán)境搭建 ·······································································.1
1.1 項(xiàng)目情境 ······················································································.2
1.2 項(xiàng)目任務(wù) ······················································································.3
任務(wù) 1-1 安裝與配置 Kali Linux 操作機(jī) ··············································.3
任務(wù) 1-2 安裝與管理 Kali Linux 軟件 ················································.21
任務(wù) 1-3 安裝與配置 Linux 靶機(jī) ······················································.26
任務(wù) 1-4 安裝與配置 Windows 靶機(jī) ··················································.30
1.3 項(xiàng)目拓展——滲透測試方法論 ··························································.45
1.4 練習(xí)題 ························································································.48
項(xiàng)目二 信息收集與漏洞掃描 ···································································.50
2.1 項(xiàng)目情境 ·····················································································.51
2.2 項(xiàng)目任務(wù) ·····················································································.51
任務(wù) 2-1 通過公開網(wǎng)站收集信息 ·····················································.51
任務(wù) 2-2 使用 Nmap 工具收集信息 ··················································.56
任務(wù) 2-3 使用 Nmap 工具掃描漏洞 ··················································.61
任務(wù) 2-4 使用 Nessus 工具掃描漏洞 ·················································.65
任務(wù) 2-5 檢查主機(jī)弱口令 ······························································.74
2.3 項(xiàng)目拓展——深入認(rèn)識漏洞 ·····························································.78
2.4 練習(xí)題 ························································································.79
網(wǎng)絡(luò)安全 滲透測試與防護(hù)
VI
項(xiàng)目三 Linux 操作系統(tǒng)滲透測試與加固 ·····················································.81
3.1 項(xiàng)目情境 ·····················································································.82
3.2 項(xiàng)目任務(wù) ·····················································································.82
任務(wù) 3-1 利用 vsFTPd 后門漏洞進(jìn)行滲透測試 ····································.82
任務(wù) 3-2 利用 Samba MS-RPC Shell 命令注入漏洞進(jìn)行滲透測試 ·················.87
任務(wù) 3-3 利用 Samba Sysmlink 默認(rèn)配置目錄遍歷漏洞進(jìn)行滲透測試 ··········.90
任務(wù) 3-4 利用臟牛漏洞提升權(quán)限 ·····················································.94
任務(wù) 3-5 Linux 操作系統(tǒng)安全加固 ····················································.97
3.3 項(xiàng)目拓展——臟牛漏洞利用思路解析 ···············································.101
3.4 練習(xí)題 ······················································································.102
項(xiàng)目四 Windows 操作系統(tǒng)滲透測試與加固 ··············································.104
4.1 項(xiàng)目情境 ···················································································.105
4.2 項(xiàng)目任務(wù) ···················································································.105
任務(wù) 4-1 利用 MS17_010_externalblue 漏洞進(jìn)行滲透測試 ····················.105
任務(wù) 4-2 利用 CVE-2019-0708 漏洞進(jìn)行滲透測試 ······························.113
任務(wù) 4-3 利用 Trusted Service Paths 漏洞提權(quán) ····································.117
任務(wù) 4-4 社會工程學(xué)攻擊測試 ······················································.123
任務(wù) 4-5 利用 CVE-2020-0796 漏洞進(jìn)行滲透測試 ······························.126
任務(wù) 4-6 Windows 操作系統(tǒng)安全加固 ·············································.133
4.3 項(xiàng)目拓展——社會工程學(xué)工具包 ·····················································.144
4.4 練習(xí)題 ······················································································.145
項(xiàng)目五 數(shù)據(jù)庫系統(tǒng)滲透測試與加固 ························································.147
5.1 項(xiàng)目情境 ···················································································.148
5.2 項(xiàng)目任務(wù) ···················································································.148
任務(wù) 5-1 暴力破解 MySQL 弱口令 ·················································.148
任務(wù) 5-2 利用 UDF 對 MySQL 數(shù)據(jù)庫提權(quán) ·······································.153
任務(wù) 5-3 利用弱口令對 SQL Server 數(shù)據(jù)庫進(jìn)行滲透測試 ····················.159
目錄
VII
任務(wù) 5-4 利用 SQL Server 數(shù)據(jù)庫的 xp_cmdshell 組件提權(quán) ···················.163
任務(wù) 5-5 數(shù)據(jù)庫系統(tǒng)安全加固 ······················································.167
5.3 項(xiàng)目拓展——MySQL 數(shù)據(jù)庫權(quán)限深入解析 ········································.172
5.4 練習(xí)題 ······················································································.174
項(xiàng)目六 無線網(wǎng)絡(luò)滲透測試與加固 ···························································.176
6.1 項(xiàng)目情境 ···················································································.177
6.2 項(xiàng)目任務(wù) ···················································································.177
任務(wù) 6-1 無線網(wǎng)絡(luò)嗅探 ·······························································.177
任務(wù) 6-2 破解 WEP 加密的無線網(wǎng)絡(luò) ··············································.182
任務(wù) 6-3 對 WPS 滲透測試 ···························································.186
任務(wù) 6-4 偽造釣魚熱點(diǎn)獲取密碼 ···················································.189
任務(wù) 6-5 無線網(wǎng)絡(luò)安全加固 ·························································.198
6.3 項(xiàng)目拓展——WiFi 加密算法 ··························································.201
6.4 練習(xí)題 ······················································································.202
項(xiàng)目七 滲透測試報(bào)告撰寫與溝通匯報(bào) ·····················································.205
7.1 項(xiàng)目情境 ···················································································.206
7.2 項(xiàng)目任務(wù) ···················································································.206
任務(wù) 7-1 滲透測試報(bào)告撰寫 ·························································.206
任務(wù) 7-2 項(xiàng)目溝通匯報(bào) ·······························································.211
7.3 項(xiàng)目拓展-問題回答技巧 ·······························································.212
7.4 練習(xí)題 ······················································································.213
參考文獻(xiàn) ····························································································.215
嚴(yán)正聲明 ····························································································.216
書單推薦
