These are not mutually exclusive; you can exploit the spanning tree protocol, for example, to launch a denial-of-service (DOS) attack. These were chosen because they help illustrate different aspects of network security; the principles on which they rely are unlikely to vanish any time soon, and they allow for the possibility of gaining something of interest to the attacker, from money to high-value data.
The following skills are uncovered in this book
Chapter 1 (Denial of Service) :- Illustrates how even sophisticated networks can be crippled by a determined hacker with relatively few resources.
Chapter 2 (War Dialing) :- Illustrates how a hacker can circumvent the hardened security perimeter of a network to access “softer” targets.
Chapter 3 (Penetration Testing) :- Discusses the various tools and techniques used for penetration testing that are readily available to both the defenders and the attackers.
Chapter 4 (Protocol Tunneling) :- Presents a method for deliberately subverting your network perimeter to “tunnel” prohibited traffic into and out of your network.
Chapter 5 (Spanning Tree Attacks) :- Discusses the “layer 2” network responsible for knitting together your switches, routers, and other devices into a reliable network and illustrates one way in which to exploit the weak security of this layer.
Chapter 6 (Man-in-the-Middle) :- Discusses a very common attack pattern and just what an attacker can accomplish once he or she has inserted himself or herself into your data stream.
Chapter 7 (Password Replay) :- Focuses on the security of passwords and other static security measures and how an attacker can use various techniques to gain unauthorized access.
This book is intended to provide practical, usable information. However, the world of network security is evolving very rapidly, and the attack that works today may (hopefully) not work tomorrow. It is more important, then, to understand the principles on which the attacks and exploits are based in order to properly plan either a network attack or a network defense. The authors chose the contents of this book because we believe that, underlying the attacks presented here, there are important principles of network security. The attacks are deadly because they exploit principles,assumptions, and practices that are true today and that we believe are likely to remain true for the foreseeable future.