You are previewing Build Your Own Security Lab: A Field Guide for Network Testing.
O'Reilly logo
Build Your Own Security Lab: A Field Guide for Network Testing

Book Description

If your job is to design or implement IT security solutions or if you?re studying for any security certification, this is the how-to guide you?ve been looking for. Here?s how to assess your needs, gather the tools, and create a controlled environment in which you can experiment, test, and develop the solutions that work. With liberal examples from real-world scenarios, it tells you exactly how to implement a strategy to secure your systems now and in the future.

Table of Contents

  1. Copyright
  2. About the Author
  3. Credits
  4. Acknowledgements
  5. Introduction
    1. Overview of the Book and Technology
    2. How This Book Is Organized
    3. Who Should Read This Book
    4. Tools You Will Need
    5. What's on the DVD
    6. Summary (From Here, Up Next, and So On)
  6. 1. Hardware And Gear
    1. 1.1. Why Build a Lab?
    2. 1.2. Hackers Welcome
      1. 1.2.1. Hacker Software
      2. 1.2.2. Hacker Hardware
    3. 1.3. The Essential Gear
    4. 1.4. Obtaining Requisite Hardware/Software
      1. 1.4.1. Stuff You Already Have
      2. 1.4.2. New-Equipment Purchases
      3. 1.4.3. Used-Equipment Purchases
        1. 1.4.3.1. Online Auctions
        2. 1.4.3.2. Thrift Stores
        3. 1.4.3.3. Company Sales
    5. 1.5. Assembling the Network Lab
      1. 1.5.1. Starting Clean
      2. 1.5.2. Configuring the Network
      3. 1.5.3. Installing Operating Systems
        1. 1.5.3.1. Windows XP
        2. 1.5.3.2. Linux
      4. 1.5.4. Connecting Everything Together
      5. 1.5.5. Adding On
    6. 1.6. Summary
    7. 1.7. Key Terms
    8. 1.8. Exercises
      1. 1.8.1. Equipment Checklist
      2. 1.8.2. Exploring Linux Options
      3. 1.8.3. Exploring Other Operating System Options
  7. 2. Building a Software Test Platform
    1. 2.1. Server OS Installations
      1. 2.1.1. Microsoft Windows
      2. 2.1.2. Linux
        1. 2.1.2.1. Navigating in Linux
        2. 2.1.2.2. Linux Basics
      3. 2.1.3. Other Operating Systems
        1. 2.1.3.1. Mac OS X
        2. 2.1.3.2. ReactOS
        3. 2.1.3.3. Windows PE
    2. 2.2. Virtualization
      1. 2.2.1. VMware Workstation
      2. 2.2.2. VMware Server
      3. 2.2.3. Virtual PC
    3. 2.3. Client-Side Tools
    4. 2.4. Learning Applications
    5. 2.5. Summary
    6. 2.6. Key Terms
    7. 2.7. Exercises
      1. 2.7.1. Using VMware to Build a Windows Image
      2. 2.7.2. Using VMware to Build a ReactOS Image
      3. 2.7.3. Running BackTrack from VMware
  8. 3. Passive Information Gathering
    1. 3.1. Starting at the Source
      1. 3.1.1. Scrutinizing Key Employees
      2. 3.1.2. Dumpster Diving (Electronic)
      3. 3.1.3. Analyzing Web Page Coding
      4. 3.1.4. Exploiting Web Site Authentication Methods
    2. 3.2. Mining Job Ads and Analyzing Financial Data
    3. 3.3. Using Google to Mine Sensitive Information
    4. 3.4. Exploring Domain Ownership
      1. 3.4.1. WHOIS
      2. 3.4.2. Regional Internet Registries
      3. 3.4.3. Domain Name Server
      4. 3.4.4. Identifying Web Server Software
      5. 3.4.5. Web Server Location
    5. 3.5. Summary
    6. 3.6. Key Terms
    7. 3.7. Exercises
      1. 3.7.1. IP Address and Domain Identification
      2. 3.7.2. Information Gathering
      3. 3.7.3. Google Hacking
      4. 3.7.4. Banner Grabbing
        1. 3.7.4.1. Telnet
        2. 3.7.4.2. Netcat
      5. 3.7.5. VisualRoute
  9. 4. Detecting Live Systems
    1. 4.1. Detecting Active Systems
      1. 4.1.1. Wardriving
      2. 4.1.2. ICMP (Ping)
    2. 4.2. Port Scanning
      1. 4.2.1. TCP/IP Basics
        1. 4.2.1.1. The Network Access Layer
        2. 4.2.1.2. The Internet Layer
        3. 4.2.1.3. The Host-to-Host Layer
          1. 4.2.1.3.1. Transmission Control Protocol
          2. 4.2.1.3.2. User Datagram Protocol
        4. 4.2.1.4. The Application Layer
      2. 4.2.2. TCP and UDP Port Scanning
      3. 4.2.3. Advanced Port-Scanning Techniques
        1. 4.2.3.1. Idle Scan
      4. 4.2.4. Port-Scanning Tools
        1. 4.2.4.1. Nmap
        2. 4.2.4.2. SuperScan
        3. 4.2.4.3. Other Scanning Tools
    3. 4.3. OS Fingerprinting
      1. 4.3.1. Passive Fingerprinting
      2. 4.3.2. Active Fingerprinting
        1. 4.3.2.1. OS Fingerprinting Tools
    4. 4.4. Scanning Countermeasures
    5. 4.5. Summary
    6. 4.6. Key Terms
    7. 4.7. Exercises
      1. 4.7.1. Port Scanning with Nmap
      2. 4.7.2. Port Scanning with SuperScan
      3. 4.7.3. Using Look@LAN
      4. 4.7.4. Passive Fingerprinting
      5. 4.7.5. Active Fingerprinting
  10. 5. Enumerating Systems
    1. 5.1. Enumeration
      1. 5.1.1. SNMP Services
        1. 5.1.1.1. SNMP Enumeration Tools
        2. 5.1.1.2. SNMP Enumeration Countermeasures
      2. 5.1.2. Routing Devices
        1. 5.1.2.1. Routing Enumeration Tools
        2. 5.1.2.2. Routing Enumeration Countermeasures
      3. 5.1.3. Windows Devices
        1. 5.1.3.1. Server Message Block and Interprocess Communication
        2. 5.1.3.2. Enumeration and the IPC$ Share
        3. 5.1.3.3. Windows Enumeration Tools
        4. 5.1.3.4. Windows Enumeration Countermeasures
    2. 5.2. Advanced Enumeration
      1. 5.2.1.
        1. 5.2.1.1. Password Cracking
        2. 5.2.1.2. Protecting Passwords
        3. 5.2.1.3. Sniffing Password Hashes
        4. 5.2.1.4. Exploiting a Vulnerability
        5. 5.2.1.5. Buffer Overflows
    3. 5.3. Summary
    4. 5.4. Key Terms
    5. 5.5. Exercises
      1. 5.5.1. SNMP Enumeration
      2. 5.5.2. Enumerating Routing Protocols
      3. 5.5.3. Enumeration with DumpSec
      4. 5.5.4. Rainbow Table Attacks
  11. 6. Automated Attack and Penetration Tools
    1. 6.1. Why Attack and Penetration Tools Are Important
    2. 6.2. Vulnerability Assessment Tools
      1. 6.2.1. Source Code Assessment Tools
      2. 6.2.2. Application Assessment Tools
      3. 6.2.3. System Assessment Tools
        1. 6.2.3.1. Attributes of a Good System Assessment Tool
        2. 6.2.3.2. Nessus
    3. 6.3. Automated Exploit Tools
      1. 6.3.1. Metasploit
        1. 6.3.1.1. Metasploit Web
        2. 6.3.1.2. Metasploit Console
        3. 6.3.1.3. Metasploit Command-Line Interface
        4. 6.3.1.4. Updating Metasploit
      2. 6.3.2. ExploitTree
        1. 6.3.2.1. Exploitation Framework
      3. 6.3.3. Core Impact
      4. 6.3.4. CANVAS
    4. 6.4. Determining Which Tools to Use
    5. 6.5. Picking the Right Platform
    6. 6.6. Summary
    7. 6.7. Key Terms
    8. 6.8. Exercises
      1. 6.8.1. Metasploit BackTrack
      2. 6.8.2. Metasploit Windows
      3. 6.8.3. Exploring N-Stalker, a Vulnerability Assessment Tool
      4. 6.8.4. Exploring the SecurityForest.com Web Site
  12. 7. Understanding Cryptographic Systems
    1. 7.1. Encryption
      1. 7.1.1. Secret Key Encryption
        1. 7.1.1.1. Data Encryption Standard
          1. 7.1.1.1.1. Electronic Codebook Mode
          2. 7.1.1.1.2. Cipher Block Chaining Mode
          3. 7.1.1.1.3. Cipher Feedback Mode
          4. 7.1.1.1.4. Output Feedback Mode
        2. 7.1.1.2. Triple DES
        3. 7.1.1.3. Advanced Encryption Standard
      2. 7.1.2. One-Way Functions (Hashes)
        1. 7.1.2.1. MD Series
        2. 7.1.2.2. SHA
      3. 7.1.3. Public Key Encryption
        1. 7.1.3.1. RSA
        2. 7.1.3.2. Diffie-Hellman
        3. 7.1.3.3. El Gamal
        4. 7.1.3.4. Elliptic Curve Cryptosystem
      4. 7.1.4. Hybrid Cryptosystems
    2. 7.2. Authentication
      1. 7.2.1. Password Authentication
        1. 7.2.1.1. Password Hashing
        2. 7.2.1.2. Challenge-Response
      2. 7.2.2. Session Authentication
      3. 7.2.3. Public Key Authentication
      4. 7.2.4. Public Key Infrastructure
        1. 7.2.4.1. Certificate Authority
        2. 7.2.4.2. Registration Authority
        3. 7.2.4.3. Certificate Revocation List
        4. 7.2.4.4. Certificate-Based Authentication
          1. 7.2.4.4.1. Digital Certificates
          2. 7.2.4.4.2. Digital Signature Algorithm
    3. 7.3. Biometrics
    4. 7.4. Encryption and Authentication Attacks
      1. 7.4.1. Extracting Passwords
      2. 7.4.2. Password Cracking
        1. 7.4.2.1. Dictionary Attack
        2. 7.4.2.2. Brute-Force Attack
        3. 7.4.2.3. Rainbow Table
      3. 7.4.3. Other Cryptographic Attacks
    5. 7.5. Summary
    6. 7.6. Key Terms
    7. 7.7. Exercises
      1. 7.7.1. RainbowCrack
      2. 7.7.2. CrypTool
      3. 7.7.3. John the Ripper
  13. 8. Defeating Malware
    1. 8.1. The Evolving Threat
    2. 8.2. Viruses and Worms
      1. 8.2.1. Viruses
      2. 8.2.2. Worms
      3. 8.2.3. Timeline
      4. 8.2.4. Detecting and Preventing
      5. 8.2.5. Antivirus
    3. 8.3. Trojans
      1. 8.3.1. Infection Methods
      2. 8.3.2. Symptoms
      3. 8.3.3. Well-Known Trojans
      4. 8.3.4. Modern Trojans
      5. 8.3.5. Distributing Trojans
    4. 8.4. Rootkits
    5. 8.5. Spyware
    6. 8.6. Botnets
    7. 8.7. Phishing
    8. 8.8. Summary
    9. 8.9. Key Terms
    10. 8.10. Exercises
      1. 8.10.1. Virus Signatures
      2. 8.10.2. Building Trojans
      3. 8.10.3. Rootkits
      4. 8.10.4. Finding Malware
  14. 9. Securing Wireless Systems
    1. 9.1. Wi-Fi Basics
      1. 9.1.1. Wireless Clients and NICs
      2. 9.1.2. Wireless Access Points
      3. 9.1.3. Wireless Communication Standards
      4. 9.1.4. Bluetooth Basics
    2. 9.2. Wi-Fi Security
      1. 9.2.1. Wired Equivalent Privacy
      2. 9.2.2. Wi-Fi Protected Access
      3. 9.2.3. 802.1x Authentication
    3. 9.3. Wireless LAN Threats
      1. 9.3.1. Wardriving
        1. 9.3.1.1. NetStumbler
        2. 9.3.1.2. Kismet
      2. 9.3.2. Eavesdropping
      3. 9.3.3. Rogue and Unauthorized Access Points
      4. 9.3.4. Denial of Service
    4. 9.4. Exploiting Wireless Networks
      1. 9.4.1. Finding and Assessing the Network
      2. 9.4.2. Setting Up Aerodump
      3. 9.4.3. Configuring Aireplay
      4. 9.4.4. Deauthentication and ARP Injection
      5. 9.4.5. Capturing IVs and Cracking the WEP KEY
      6. 9.4.6. Other Wireless Attack Tools
      7. 9.4.7. Exploiting Bluetooth
    5. 9.5. Securing Wireless Networks
      1. 9.5.1. Defense in Depth
      2. 9.5.2. Misuse Detection
    6. 9.6. Summary
    7. 9.7. Key Terms
    8. 9.8. Exercises
      1. 9.8.1. Using NetStumbler
      2. 9.8.2. Using Wireshark to Capture Wireless Traffic
  15. 10. Intrusion Detection
    1. 10.1. Overview of Intrusion Detection and Prevention
    2. 10.2. IDS Types and Components
    3. 10.3. IDS Engines
    4. 10.4. An Overview of Snort
      1. 10.4.1. Platform Compatibility
      2. 10.4.2. Assessing Hardware Requirements
    5. 10.5. Installing Snort on a Windows System
      1. 10.5.1. MySQL
      2. 10.5.2. Limiting Access
      3. 10.5.3. Installing the Base Components
        1. 10.5.3.1. Basic Configuration
        2. 10.5.3.2. Verification of Configuration
          1. 10.5.3.2.1. Sniffer Mode
          2. 10.5.3.2.2. Packet Logger Mode
          3. 10.5.3.2.3. Network Intrusion Mode
    6. 10.6. Building Snort Rules
      1. 10.6.1. The Rule Header
      2. 10.6.2. Logging with Snort
      3. 10.6.3. Rule Options
      4. 10.6.4. Creating and Testing a Simple Rule Set
    7. 10.7. The Snort User Interface
      1. 10.7.1. IDS center
        1. 10.7.1.1. Installing IDS center
        2. 10.7.1.2. Configuring IDS center
      2. 10.7.2. Basic Analysis and Security Engine
    8. 10.8. Advanced Snort: Detecting Buffer Overflows
    9. 10.9. Responding to Attacks/Intrusions
    10. 10.10. Summary
    11. 10.11. Key Terms
    12. 10.12. Exercises
      1. 10.12.1. Building a Snort Windows System
      2. 10.12.2. Making a One-Way Data Cable
  16. 11. Forensic Detection
    1. 11.1. Computer Forensics
    2. 11.2. Acquisition
      1. 11.2.1. Drive Removal and Fingerprint
      2. 11.2.2. Drive-Wiping
      3. 11.2.3. Logical and Physical Copies
        1. 11.2.3.1. Logical Copies
        2. 11.2.3.2. Physical Copies
        3. 11.2.3.3. Imaging the Drive
    3. 11.3. Authentication
    4. 11.4. Trace-Evidence Analysis
      1. 11.4.1. Browser Cache
      2. 11.4.2. Email Evidence
      3. 11.4.3. Deleted/Overwritten Files and Evidence
      4. 11.4.4. Other Trace Evidence
    5. 11.5. Hiding Techniques
      1. 11.5.1. Common File-Hiding Techniques
      2. 11.5.2. Advanced File-Hiding Techniques
      3. 11.5.3. Steganography
        1. 11.5.3.1.
          1. 11.5.3.1.1. Detecting Steganographic Tools
    6. 11.6. Antiforensics
    7. 11.7. Summary
    8. 11.8. Key Terms
    9. 11.9. Exercises
      1. 11.9.1. Detecting Hidden Files
        1. 11.9.1.1. Basic File-Hiding
        2. 11.9.1.2. Advanced File-Hiding
      2. 11.9.2. Reading Email Headers
      3. 11.9.3. Use S-Tools to Embed and Encrypt a Message
  17. A. About the DVD
    1. A.1. System Requirements
    2. A.2. Using the DVD
    3. A.3. What's on the DVD
    4. A.4. Troubleshooting
    5. A.5. Customer Care