网络安全渗透测试与防护
丛 书 名:
ICT建设与运维岗位能力培养丛书
作 译 者:王立进
出 版 日 期:2024-11-01
书 代 号:G0483840
I S B N:9787121483844
图书简介:
本书根据网络安全服务工程师的技能要求及网络安全管理与评估赛项规范,以网络安全服务工程师的工作情景为主线进行边写 ,内容包括搭建网络攻防环境、信息收集与漏洞扫描、 LINUX系统渗透测试与加固、 WINDOWS系统渗透测试与加固、数据库系统渗透测试与加固、信息系统应急响应、 Web系统安全性测试、无线网络安全性测试。本书内容针对性、适用性强,在同类高职院校网络安全类类教材中是一部具有先进性的"岗课赛证融通”教材。
-
配 套 资 源
-
图 书 内 容
内容简介
本书根据网络安全服务工程师的技能要求及网络安全管理与评估赛项规范,以网络安全服务工程师的工作情景为主线进行边写 ,内容包括搭建网络攻防环境、信息收集与漏洞扫描、 LINUX系统渗透测试与加固、 WINDOWS系统渗透测试与加固、数据库系统渗透测试与加固、信息系统应急响应、 Web系统安全性测试、无线网络安全性测试。本书内容针对性、适用性强,在同类高职院校网络安全类类教材中是一部具有先进性的"岗课赛证融通”教材。图书详情
ISBN:9787121483844开 本:16(185*260)页 数:224字 数:358本书目录
项目一 渗透测试环境搭建 ·······································································.1 1.1 项目情境 ······················································································.2 1.2 项目任务 ······················································································.3 任务 1-1 安装与配置 Kali Linux 操作机 ··············································.3 任务 1-2 安装与管理 Kali Linux 软件 ················································.21 任务 1-3 安装与配置 Linux 靶机 ······················································.26 任务 1-4 安装与配置 Windows 靶机 ··················································.30 1.3 项目拓展——渗透测试方法论 ··························································.45 1.4 练习题 ························································································.48 项目二 信息收集与漏洞扫描 ···································································.50 2.1 项目情境 ·····················································································.51 2.2 项目任务 ·····················································································.51 任务 2-1 通过公开网站收集信息 ·····················································.51 任务 2-2 使用 Nmap 工具收集信息 ··················································.56 任务 2-3 使用 Nmap 工具扫描漏洞 ··················································.61 任务 2-4 使用 Nessus 工具扫描漏洞 ·················································.65 任务 2-5 检查主机弱口令 ······························································.74 2.3 项目拓展——深入认识漏洞 ·····························································.78 2.4 练习题 ························································································.79 网络安全 渗透测试与防护 VI 项目三 Linux 操作系统渗透测试与加固 ·····················································.81 3.1 项目情境 ·····················································································.82 3.2 项目任务 ·····················································································.82 任务 3-1 利用 vsFTPd 后门漏洞进行渗透测试 ····································.82 任务 3-2 利用 Samba MS-RPC Shell 命令注入漏洞进行渗透测试 ·················.87 任务 3-3 利用 Samba Sysmlink 默认配置目录遍历漏洞进行渗透测试 ··········.90 任务 3-4 利用脏牛漏洞提升权限 ·····················································.94 任务 3-5 Linux 操作系统安全加固 ····················································.97 3.3 项目拓展——脏牛漏洞利用思路解析 ···············································.101 3.4 练习题 ······················································································.102 项目四 Windows 操作系统渗透测试与加固 ··············································.104 4.1 项目情境 ···················································································.105 4.2 项目任务 ···················································································.105 任务 4-1 利用 MS17_010_externalblue 漏洞进行渗透测试 ····················.105 任务 4-2 利用 CVE-2019-0708 漏洞进行渗透测试 ······························.113 任务 4-3 利用 Trusted Service Paths 漏洞提权 ····································.117 任务 4-4 社会工程学攻击测试 ······················································.123 任务 4-5 利用 CVE-2020-0796 漏洞进行渗透测试 ······························.126 任务 4-6 Windows 操作系统安全加固 ·············································.133 4.3 项目拓展——社会工程学工具包 ·····················································.144 4.4 练习题 ······················································································.145 项目五 数据库系统渗透测试与加固 ························································.147 5.1 项目情境 ···················································································.148 5.2 项目任务 ···················································································.148 任务 5-1 暴力破解 MySQL 弱口令 ·················································.148 任务 5-2 利用 UDF 对 MySQL 数据库提权 ·······································.153 任务 5-3 利用弱口令对 SQL Server 数据库进行渗透测试 ····················.159 目录 VII 任务 5-4 利用 SQL Server 数据库的 xp_cmdshell 组件提权 ···················.163 任务 5-5 数据库系统安全加固 ······················································.167 5.3 项目拓展——MySQL 数据库权限深入解析 ········································.172 5.4 练习题 ······················································································.174 项目六 无线网络渗透测试与加固 ···························································.176 6.1 项目情境 ···················································································.177 6.2 项目任务 ···················································································.177 任务 6-1 无线网络嗅探 ·······························································.177 任务 6-2 破解 WEP 加密的无线网络 ··············································.182 任务 6-3 对 WPS 渗透测试 ···························································.186 任务 6-4 伪造钓鱼热点获取密码 ···················································.189 任务 6-5 无线网络安全加固 ·························································.198 6.3 项目拓展——WiFi 加密算法 ··························································.201 6.4 练习题 ······················································································.202 项目七 渗透测试报告撰写与沟通汇报 ·····················································.205 7.1 项目情境 ···················································································.206 7.2 项目任务 ···················································································.206 任务 7-1 渗透测试报告撰写 ·························································.206 任务 7-2 项目沟通汇报 ·······························································.211 7.3 项目拓展-问题回答技巧 ·······························································.212 7.4 练习题 ······················································································.213 参考文献 ····························································································.215 严正声明 ····························································································.216展开前 言
2018 年 4 月 20 日至 21 日,习近平总书记在全国网络安全和信息化工作会议上强调:“没有网络安全就没有国家安全,就没有经济社会稳定运行,广大人民群众利益也难以得到保障。”这充分表明了网络安全的重要战略地位。网络渗透测试是提高信息系统安全的有效手段,是受用户欢迎的网络安全服务类型。要想实现信息系统安全,需要大量掌握网络安全技术,尤其是掌握网络安全渗透测试及防护的人才。 本书分为七个项目,分别为渗透测试环境搭建、信息收集与漏洞扫描、Linux 操作系统渗透测试与加固、Windows 操作系统渗透测试与加固、数据库系统渗透测试与加固、无线网络渗透测试与加固、渗透测试报告撰写与沟通汇报。每个项目主要包括项目情景、项目任务、项目拓展、练习题四部分,其中,项目情景让学生清楚将来从事的工作内容,项目任务由渗透测试工程师的典型工作任务组成,项目拓展为学生深入学习指明方向,练习题让学生巩固所学的知识。 本书以学生为中心,以“岗课赛证”融通为主旨,以为社会培养高素质的网络安全技能人才为己任,创新性地将渗透测试技术与实践相结合。本书特点如下。 (1)易于学生学习,体现以学生为中心的理念。本书模拟真实任务,图文并茂,提升学生的学习兴趣;依据学情分析,通过温馨提示解释生疏的知识,解决了学生学习交叉学科知识难的问题;将知识点融入任务,通过任务的实施加深对知识的理解;采用段首句凝练段落,帮助学生学习记忆;任务实施步骤翔实,实现在做中学、在做中教。 (2)易于教师讲授,提升授课效率。本书配套资源丰富,内含二维码视频,配套 PPT课件、参考题库、教案与教学计划等;每个项目都配置教学导航;渗透测试环境容易搭建,便于开展实训教学。 (3)推进岗课赛证融通,助力教学改革。本书根据渗透测试工程师岗位要求及网络安网络安全 渗透测试与防护 全大赛知识点编写教学内容,贴近社会需求;融入“网络安全风险管理职业技能等级证书”的相关知识点。 (4)创新呈现方式,全面提高学生能力。本书由基础到综合,将复杂的知识点分解为多个简单的知识点进行讲解;按照渗透测试对象进行分类,便于学生全面掌握相关知识;将相关知识点汇集成表,便于学生类比记忆;学思结合,回顾总结,易于学生理解掌握;将渗透测试技术融入任务实施过程,使学生既掌握了技术与技能,又熟悉了项目实施流程。 (5)无缝融入课程思政,落实立德树人的根本任务。本书无缝引入党的二十大精神,帮助学生树立正确的网络安全观,提升职业使命感和专业认同感;在任务实施当中培养学生精益求精的工匠精神,养成循序渐进、严谨认真的工作态度;通过项目拓展鼓励学生创新、提高。 山东科技职业学院的王立进、张宗宝,北京启明星辰信息安全技术有限公司的张镇负责本书的编著及质量控制,山东科技职业学院的徐同花、张卓对本书进行了核对,正月十六工作室的王静萍、梁汉荣、陈诺为本书提供了技术支持,北京邮电大学网络空间安全学院教授、博士生导师辛阳担任主审。在本书的编著过程中,参考了诸葛建伟、杨波等信息安全专家及学者的专著、教材、博客,在此一并表示感谢。由于网络安全渗透测试技术涉及知识面广,加之编著者水平有限,时间仓促,书中难免有不足之处,欢迎各位读者批评指正。 编著者 2024 年 1 月展开作者简介
王立进,山东科技职业学院副教授,国家级职业教育教师教学创新团队成员,曾获国家级教学成果二等奖、山东省教学成果特等奖,具有CISSP、CCNP、PMP等专业认证证书。精通WEB攻防、防火墙、入侵检测、信息安全管理与评估等技术。具有在启明星辰等知名信息安全公司超过20年的企业工作经验,期间曾被聘任为北京邮电大学计算机学院兼职副教授、硕士研究生企业导师 -
样 章 试 读
-
图 书 评 价 我要评论
