Cover image for Network Security Hacks, 2nd Edition

Book description

In the fast-moving world of computers, things are always changing. Since the first edition of this strong-selling book appeared two years ago, network security techniques and tools have evolved rapidly to meet new and more sophisticated threats that pop up with alarming regularity. The second edition offers both new and thoroughly updated hacks for Linux, Windows, OpenBSD, and Mac OS X servers that not only enable readers to secure TCP/IP-based services, but helps them implement a good deal of clever host-based security techniques as well.

This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending and incident response.

In fact, this "roll up your sleeves and get busy" security book features updated tips, tricks & techniques across the board to ensure that it provides the most current information for all of the major server software packages. These hacks are quick, clever, and devilishly effective.

Table of Contents

  1. Network Security Hacks
  2. Copyright
  3. Credits
    1. About the Author
    2. Contributors
    3. Acknowledgments
  4. Preface
    1. Why Network Security Hacks?
    2. How This Book Is Organized
    3. Conventions Used in This Book
    4. Safari Enabled
    5. Using Code Examples
    6. How to Contact Us
    7. Got a Hack?
  5. 1. Unix Host Security
    1. Hack #1. Secure Mount Points
    2. Hack #2. Scan for SUID and SGID Programs
    3. Hack #3. Scan for World- and Group-Writable Directories
    4. Hack #4. Create Flexible Permissions Hierarchies with POSIX ACLs
      1. Enabling ACLs
      2. Managing ACLs
    5. Hack #5. Protect Your Logs from Tampering
    6. Hack #6. Delegate Administrative Roles
    7. Hack #7. Automate Cryptographic Signature Verification
    8. Hack #8. Check for Listening Services
    9. Hack #9. Prevent Services from Binding to an Interface
    10. Hack #10. Restrict Services with Sandboxed Environments
      1. Using chroot()
      2. Using FreeBSD’s jail()
    11. Hack #11. Use proftpd with a MySQL Authentication Source
      1. See Also
    12. Hack #12. Prevent Stack-Smashing Attacks
    13. Hack #13. Lock Down Your Kernel with grsecurity
      1. Patching the Kernel
      2. Configuring Kernel Options
        1. Low security
        2. Medium security
        3. High security
        4. Customized security settings
    14. Hack #14. Restrict Applications with grsecurity
    15. Hack #15. Restrict System Calls with systrace
    16. Hack #16. Create systrace Policies Automatically
    17. Hack #17. Control Login Access with PAM
      1. Limiting Access by Origin
      2. Restricting Access by Time
    18. Hack #18. Restrict Users to SCP and SFTP
      1. Setting Up rssh
      2. Configuring chroot()
    19. Hack #19. Use Single-Use Passwords for Authentication
      1. OPIE Under FreeBSD
      2. S/Key Under OpenBSD
    20. Hack #20. Restrict Shell Environments
    21. Hack #21. Enforce User and Group Resource Limits
    22. Hack #22. Automate System Updates
  6. 2. Windows Host Security
    1. Hack #23. Check Servers for Applied Patches
      1. Using HFNetChk
      2. See Also
    2. Hack #24. Use Group Policy to Configure Automatic Updates
      1. Some Recommendations
      2. Digging Deeper
    3. Hack #25. List Open Files and Their Owning Processes
    4. Hack #26. List Running Services and Open Ports
    5. Hack #27. Enable Auditing
    6. Hack #28. Enumerate Automatically Executed Programs
    7. Hack #29. Secure Your Event Logs
    8. Hack #30. Change Your Maximum Log File Sizes
    9. Hack #31. Back Up and Clear the Event Logs
      1. The Code
      2. Running the Hack
    10. Hack #32. Disable Default Shares
    11. Hack #33. Encrypt Your Temp Folder
    12. Hack #34. Back Up EFS
      1. Backing Up Encrypted Data and EFS Keys
      2. Restoring EFS Keys
      3. Backing Up Recovery Agent Keys
    13. Hack #35. Clear the Paging File at Shutdown
    14. Hack #36. Check for Passwords That Never Expire
      1. The Code
      2. Running the Hack
  7. 3. Privacy and Anonymity
    1. Hack #37. Evade Traffic Analysis
      1. Onion Routing
      2. Installing Tor
      3. Installing Privoxy
      4. Configuring Privoxy for Tor
      5. See Also
    2. Hack #38. Tunnel SSH Through Tor
      1. See Also
    3. Hack #39. Encrypt Your Files Seamlessly
    4. Hack #40. Guard Against Phishing
      1. SpoofGuard
      2. Installing SpoofGuard
      3. How SpoofGuard Works
    5. Hack #41. Use the Web with Fewer Passwords
      1. PwdHash
      2. Remote PwdHash
    6. Hack #42. Encrypt Your Email with Thunderbird
      1. Setting Up Thunderbird
      2. Providing a Public/Private Key Pair
        1. Importing an existing key pair
        2. Generating a new key pair
      3. Sending and Receiving Encrypted Email
    7. Hack #43. Encrypt Your Email in Mac OS X
      1. Installing GPG
      2. Creating a GPG Key
      3. Installing GPGMail
      4. Sending and Receiving Encrypted Email
  8. 4. Firewalling
    1. Hack #44. Firewall with Netfilter
      1. Setting the Filtering Policy
      2. Rule Examples
      3. A Word About Stateful Inspection
      4. Ordering Rules
    2. Hack #45. Firewall with OpenBSD’s PacketFilter
      1. Configuring PF
      2. Global Options
      3. Traffic Normalization Rules
      4. Filtering Rules
    3. Hack #46. Protect Your Computer with the Windows Firewall
      1. Allow Programs to Bypass the Firewall
      2. Tracking Firewall Activity with a Windows Firewall Log
      3. Problems with Email and the Windows Firewall
      4. Hacking the Hack
      5. See Also
    4. Hack #47. Close Down Open Ports and Block Protocols
    5. Hack #48. Replace the Windows Firewall
      1. Installing CORE FORCE
      2. The Configuration Wizard
      3. Manual Configuration
    6. Hack #49. Create an Authenticated Gateway
    7. Hack #50. Keep Your Network Self-Contained
    8. Hack #51. Test Your Firewall
    9. Hack #52. MAC Filter with Netfilter
    10. Hack #53. Block Tor
  9. 5. Encrypting and Securing Services
    1. Hack #54. Encrypt IMAP and POP with SSL
    2. Hack #55. Use TLS-Enabled SMTP with Sendmail
    3. Hack #56. Use TLS-Enabled SMTP with Qmail
    4. Hack #57. Install Apache with SSL and suEXEC
      1. Apache 1.x
      2. Apache 2.x
    5. Hack #58. Secure BIND
      1. See Also
    6. Hack #59. Set Up a Minimal and Secure DNS Server
      1. Installing daemontools
      2. Installing Djbdns
      3. Adding Records
    7. Hack #60. Secure MySQL
    8. Hack #61. Share Files Securely in Unix
  10. 6. Network Security
    1. Hack #62. Detect ARP Spoofing
    2. Hack #63. Create a Static ARP Table
    3. Hack #64. Protect Against SSH Brute-Force Attacks
      1. Changing the Port
      2. Disabling Password Authentication
      3. Firewalling the SSH Daemon
        1. Limiting connections to your sshd
        2. Parsing logs and blocking an IP
        3. Rate-limiting SYN packets
    4. Hack #65. Fool Remote Operating System Detection Software
    5. Hack #66. Keep an Inventory of Your Network
    6. Hack #67. Scan Your Network for Vulnerabilities
      1. Nessus 2.x
      2. Nessus 3.x
    7. Hack #68. Keep Server Clocks Synchronized
    8. Hack #69. Create Your Own Certificate Authority
      1. Creating the CA
      2. Signing Certificates
    9. Hack #70. Distribute Your CA to Clients
    10. Hack #71. Back Up and Restore a Certificate Authority with Certificate Services
      1. Backing Up a CA
      2. The Certification Authority Backup Wizard
      3. Restoring a CA to a Working Server
      4. Restoring a CA to a Different Server
      5. Decommissioning the Old CA
    11. Hack #72. Detect Ethernet Sniffers Remotely
      1. Sniffing Shared Mediums
      2. Sniffing in Switched Environments
      3. Installing SniffDet
      4. Testing with ARP Queries
    12. Hack #73. Help Track Attackers
    13. Hack #74. Scan for Viruses on Your Unix Servers
      1. Installing ClamAV
      2. Configuring clamd
    14. Hack #75. Track Vulnerabilities
      1. Mailing Lists
      2. RSS Feeds
      3. Cassandra
      4. Summary
  11. 7. Wireless Security
    1. Hack #76. Turn Your Commodity Wireless Routers into a Sophisticated Security Platform
    2. Hack #77. Use Fine-Grained Authentication for Your Wireless Network
      1. Deploying the RADIUS Server
      2. Configuring Your AP
    3. Hack #78. Deploy a Captive Portal
      1. The Authentication Server
      2. Installing the Gateway
  12. 8. Logging
    1. Hack #79. Run a Central Syslog Server
    2. Hack #80. Steer Syslog
    3. Hack #81. Integrate Windows into Your Syslog Infrastructure
      1. Using NTsyslog
      2. Using Eventlog to Syslog
    4. Hack #82. Summarize Your Logs Automatically
    5. Hack #83. Monitor Your Logs Automatically
      1. Installing swatch
      2. Configuration Syntax
    6. Hack #84. Aggregate Logs from Remote Sites
      1. Compiling syslog-ng
      2. Configuring syslog-ng
      3. Translating Your syslog.conf
    7. Hack #85. Log User Activity with Process Accounting
    8. Hack #86. Centrally Monitor the Security Posture of Your Servers
      1. Installation
      2. Adding Agents
      3. Installing a Windows Agent
      4. Configuration
      5. Active Responses
      6. See Also
  13. 9. Monitoring and Trending
    1. Hack #87. Monitor Availability
      1. Installing Nagios
      2. Installing Plug-ins
      3. Configuring Nagios
        1. Adding hosts to monitor
        2. Creating host groups
        3. Creating contacts and contact groups
        4. Configuring services to monitor
        5. Defining time periods
    2. Hack #88. Graph Trends
    3. Hack #89. Get Real-Time Network Stats
    4. Hack #90. Collect Statistics with Firewall Rules
    5. Hack #91. Sniff the Ether Remotely
  14. 10. Secure Tunnels
    1. Hack #92. Set Up IPsec Under Linux
    2. Hack #93. Set Up IPsec Under FreeBSD
      1. Client Configuration
      2. Gateway Configuration
      3. Using x.509 Certificates
    3. Hack #94. Set Up IPsec in OpenBSD
      1. Password Authentication
      2. Certificate Authentication
    4. Hack #95. Encrypt Traffic Automatically with Openswan
    5. Hack #96. Forward and Encrypt Traffic with SSH
    6. Hack #97. Automate Logins with SSH Client Keys
    7. Hack #98. Use a Squid Proxy over SSH
    8. Hack #99. Use SSH As a SOCKS Proxy
    9. Hack #100. Encrypt and Tunnel Traffic with SSL
      1. Building Stunnel
      2. Configuring stunnel
      3. Encrypting Services
    10. Hack #101. Tunnel Connections Inside HTTP
    11. Hack #102. Tunnel with VTun and SSH
      1. Configuring VTun
      2. Testing VTun
      3. Encrypting the Tunnel
    12. Hack #103. Generate VTun Configurations Automatically
      1. The Code
      2. Running the Hack
    13. Hack #104. Create a Cross-Platform VPN
      1. Installing OpenVPN
      2. Testing OpenVPN
      3. Creating Your Configuration
      4. Using OpenVPN and Windows
      5. Using OpenVPN with Mac OS X
    14. Hack #105. Tunnel PPP
      1. See Also
  15. 11. Network Intrusion Detection
    1. Hack #106. Detect Intrusions with Snort
      1. Installing Snort
      2. Testing Snort
      3. Configuring Snort
      4. See Also
    2. Hack #107. Keep Track of Alerts
    3. Hack #108. Monitor Your IDS in Real Time
      1. Creating the Database
      2. Setting Up the Server
      3. Installing a Sensor
        1. Patching Snort
        2. Patching Barnyard
      4. Finishing Up
    4. Hack #109. Manage a Sensor Network
      1. Installing the Prerequisites
      2. Setting Up the Console
      3. Setting Up an Agent
      4. Adding an Agent to the Console
    5. Hack #110. Write Your Own Snort Rules
      1. Rule Basics
        1. Actions
        2. Protocols
        3. IP addresses
        4. Ports
      2. Options
        1. Adding human-readable messages
        2. Inspecting packet content
        3. Matching TCP flags
      3. Thresholding
        1. Thresholding by signature ID
        2. Thresholding with rule options
      4. Suppression
    6. Hack #111. Prevent and Contain Intrusions with Snort_inline
    7. Hack #112. Automatically Firewall Attackers with SnortSam
      1. Installing SnortSam
      2. Configuring SnortSam
      3. See Also
    8. Hack #113. Detect Anomalous Behavior
    9. Hack #114. Automatically Update Snort’s Rules
    10. Hack #115. Create a Distributed Stealth Sensor Network
    11. Hack #116. Use Snort in High-Performance Environments with Barnyard
      1. Installation
      2. Configuring Snort
      3. Configuring Barnyard
      4. Testing Barnyard
    12. Hack #117. Detect and Prevent Web Application Intrusions
      1. Installing mod_security
      2. Enabling and Configuring mod_security
      3. Creating Filters
      4. See Also
    13. Hack #118. Scan Network Traffic for Viruses
      1. Patching Snort
      2. Configuring the Preprocessor
        1. Ports to scan
        2. Direction to scan
        3. Blocking propagation
        4. Miscellaneous options
      3. Trying It Out
    14. Hack #119. Simulate a Network of Vulnerable Hosts
      1. Compiling honeyd
      2. Configuring honeyd
      3. Running honeyd
      4. Testing honeyd
    15. Hack #120. Record Honeypot Activity
      1. Installing the Linux Client
      2. Setting Up the Server
      3. Installing the Windows Client
  16. 12. Recovery and Response
    1. Hack #121. Image Mounted Filesystems
    2. Hack #122. Verify File Integrity and Find Compromised Files
      1. Building and Installing Tripwire
      2. Configuring Tripwire
      3. Day-to-Day Use
      4. See Also
    3. Hack #123. Find Compromised Packages
      1. Using RPM
      2. Using Other Package Managers
    4. Hack #124. Scan for Rootkits
    5. Hack #125. Find the Owner of a Network
      1. Getting DNS Information
      2. Getting Netblock Information
  17. About the Author
  18. Colophon
  19. Copyright