You are previewing Maximum Security, Fourth Edition.
O'Reilly logo
Maximum Security, Fourth Edition

Book Description

Maximum Security, Fourth Edition provides updated, comprehensive, platform-by-platform coverage of security issues, and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. This book provides information for security administrators and others interested in computer and network security and provides them with techniques to take steps to protect their systems.

Table of Contents

  1. Copyright
    1. Dedication
  2. About the Lead Author
  3. About the Contributing Authors
  4. Acknowledgments
  5. We Want to Hear from You!
  6. Reader Services
  7. Introduction
    1. Why Did We Write This Book?
    2. System Requirements
      1. Absolute Requirements
      2. Archiving Tools
      3. Text and Typesetting Viewers
      4. Programming Languages
    3. About Examples in This Book
      1. About Links and References in This Book
    4. A Final Note
  8. I. Security Concepts
    1. 1. Building a Roadmap for Securing Your Enterprise
      1. Reactive Versus Proactive Models
      2. Understanding Your Enterprise
        1. Workflow and Security
      3. Risk Assessment: Evaluating Your Enterprise’s Security Posture
      4. Identifying Digital Assets
      5. Protecting Assets
        1. Identifying and Removing Vulnerabilities
        2. Standardization and Proactive Policies
      6. Incident Response Policy
      7. Training Users and Administrators
      8. 40,000-Foot Review
      9. Summary
    2. 2. The State of the Net: A World at War
      1. Hacking, Cracking, and Other Malicious Behavior
      2. Governments at War
        1. Can the Internet Be Used for Espionage?
        2. Can the Internet Be Used for Terrorism?
        3. The Threat Gets More Personal
        4. Who Holds the Cards?
        5. Can the United States Protect the National Information Infrastructure?
        6. What Would an Information Attack Look Like?
      3. The State of the Government
        1. The National Infrastructure Protection Center (NIPC)
        2. Summary of Government Vulnerabilities
      4. The State of the Corporate Sector
        1. Credit Card Theft Goes Cyber: The StarWave Incident
        2. Credit Card Theft Hits Overdrive
        3. The Trends
          1. The Ernst & Young LLP/ComputerWorld Information Security Survey
      5. A Warning
      6. Summary
      7. Additional Information
        1. Internet Resources on Information Warfare
        2. Books on Information Warfare
    3. 3. Hackers and Crackers
      1. The Difference Between Hackers and Crackers
      2. Tools of the Trade
        1. Reconnaissance
          1. Social Engineering
          2. Port Scanners and Passive Operating System Identification
          3. Nmap
          4. hping2
        2. Passive Operating System Identification Fingerprinting
      3. Exploits and the SANS Top 20
        1. Exploits
        2. The SANS Top 20
          1. Windows-Specific Exploits
          2. Unix-Specific Exploits
      4. Summary
    4. 4. Mining the Data Monster
      1. Information Overload
      2. How Much Security Do You Need?
      3. General Sources
        1. The Computer Emergency Response Team (CERT)
        2. The U.S. Department of Energy Computer Incident Advisory Capability
        3. The National Institute of Standards and Technology Computer Security Resource Clearinghouse
          1. The BugTraq Archives
          2. The Forum of Incident Response and Security Teams (FIRST)
      4. Mailing Lists
      5. Usenet Newsgroups
      6. Vendor Security Mailing Lists, Patch Depositories, and Resources
        1. Silicon Graphics Security Headquarters
        2. The Sun Security Bulletin Archive
          1. The ISS Security Center
          2. Eugene Spafford’s Security Hotlist
          3. SANS Institute
          4. International Association of Computer Investigative Specialists (IACIS)
      7. Summary
    5. 5. Internal Security
      1. Internal Security: The Red-Headed Stepchild
      2. Internal Risks: Types of Harm and Vectors
        1. Well-meaning/Unwitting Employees
        2. Scofflaw Employees
        3. IT Employees
      3. Risk Mitigation Policies
        1. Physical Security
        2. The Hiring Process
        3. Establishing Desktop Lockdown
        4. Restricting Content
        5. Administrative Collaboration
      4. Products
        1. Desktop Management
        2. Laptop/PDA Security
          1. PDA Security
          2. Laptop Security
        3. Physical Security
        4. Content Management
      5. Resources
      6. Summary
  9. II. Hacking 101
    1. 6. A Brief TCP/IP Primer
      1. What Is TCP/IP?
        1. The Open Systems Interconnection (OSI) Reference Model
          1. Network-Level Protocols
          2. Application-Level Protocols
        2. The History of TCP/IP
        3. The RFCs
        4. Implementations of TCP/IP
      2. How Does TCP/IP Work?
      3. The Individual Protocols
        1. Network-Level Protocols
          1. The Address Resolution Protocol (ARP)
          2. The Internet Control Message Protocol (ICMP)
          3. The Internet Protocol (IP)
            1. IP Network Addressing
            2. IP Routing
          4. The Transmission Control Protocol (TCP)
            1. TCP Connection Termination
          5. User Datagram Protocol (UDP)
        2. Application-Level Protocols—The Ports
          1. Hypertext Transfer Protocol (HTTP)
          2. Domain Name System (DNS)
          3. Telnet
          4. File Transfer Protocol (FTP)
            1. Mechanical Operation of FTP
            2. FTPD: An FTP Server Daemon
          5. Simple Mail Transfer Protocol (SMTP)
          6. Secure Shell Protocol (SSH)
      4. IPsec, IPv6, VPNs, and Looking Ahead
      5. Summary
    2. 7. Spoofing Attacks
      1. What Is Spoofing?
      2. Internet Security Fundamentals
        1. Methods of Authentication
        2. RHOSTS
      3. The Mechanics of a Spoofing Attack
        1. The Ingredients of a Successful Spoofing Attack
        2. Opening a More Suitable Hole
        3. Who Can Be Spoofed?
        4. How Common Are Spoofing Attacks?
        5. Spoofing/Hijacking Utilities
          1. 1644
          2. Hunt
          3. ipspoof
          4. Juggernaut
          5. rbone
          6. Spoofit
          7. synk4.c (Syn Flooder by Zakath)
      4. Documents Related Specifically to IP Spoofing
      5. How Do I Prevent IP Spoofing Attacks?
      6. Other Strange and Offbeat Spoofing Attacks
        1. ARP Spoofing
        2. DNS Spoofing
        3. Web Spoofing
          1. The Partner Password Setup
          2. The Referrer Setup
          3. The Session-Specific URL Setup
          4. A Solution
      7. Summary
    3. 8. Personal Privacy
      1. Degrees of Exposure
        1. Human Intelligence
      2. Web Browsing and Invasion of Privacy
        1. Internet Architecture and Privacy
        2. How User Information Is Stored on Servers
        3. finger
          1. Solutions for the finger Problem
        4. MasterPlan
        5. Beyond finger
      3. Browser Security
        1. IP Address and Cache Snooping
        2. Cookies
          1. Combating Cookies
        3. Ads and Web Bugs
          1. Protecting Yourself from Ads and Web Bugs
        4. Spyware
      4. Your Email Address and Usenet
        1. Google Groups
        2. The WHOIS Service
      5. At Work
      6. A Warning
        1. Internet Resources
        2. Articles and Papers and Related Web Sites
    4. 9. Dispelling Some of the Myths
      1. When Can Attacks Occur?
        1. How Do I Become a Hacker’s Target?
        2. Dial-Up Versus Persistent Connections
        3. Which Computer Operating Systems Are Vulnerable?
        4. My Firewall Will Stop the Pesky Crackers!
      2. What Kinds of Attackers Exist?
        1. Script Kiddies—Your Biggest Threat?
        2. Black Hats—“The Dark Side”
        3. White Hats—The Good Guys
      3. Operating Systems Used by Crackers
        1. Windows Operating Systems
        2. Linux/NetBSD/FreeBSD
        3. OpenBSD
      4. Is There a Typical Attack?
        1. Denial-of-Service Attacks
        2. Viruses, Trojans, and Malicious Scripts or Web Content
        3. Web Defacement/“Tagging”
        4. Attacks from the Inside
      5. Who Gets Targeted Most Frequently?
        1. Home and Small Business Internet Users
        2. Larger Businesses and Corporations
        3. Government and Military Institutions
        4. Financial Institutions
      6. What Is the Motivation Behind Attacks?
        1. Notoriety, or the “Elite” Factor
        2. Maliciousness and Destruction
          1. Destructive Pranks or Lack of Cause
          2. Disgruntled Employees
        3. Making a Political Statement
        4. Financial Gain
          1. Theft or Unauthorized Transfer of Funds
          2. Theft of Intellectual Property and Corporate Espionage
          3. Credit Card Theft and “Carding”
        5. Cracking for Knowledge
        6. Breaking In to Break In
      7. Summary
  10. III. A Defender’s Toolkit
    1. 10. Firewalls
      1. What Is a Firewall?
      2. Other Features Found in Firewall Products
      3. Firewalls Are Not Bulletproof
      4. A Look Under the Hood of Firewalling Products
        1. Packet Filter-Based Firewalls
          1. Personal Firewalls
        2. Stateful Packet Filter-Based Firewalls
        3. Proxy-Based Firewalls
      5. Programmers Bypassing the Firewall
      6. Pitfalls of Firewalling
      7. Firewall Appliances
      8. Building Firewalls in the Real World
        1. Identifying Topology, Application, and Protocol Needs
        2. Analyze Trust Relationships and Communication Paths in Your Organization
        3. Evaluate and Choose a Firewall Product
        4. Deploying and Testing Your Firewall
      9. Sample Failures of Firewall Technology
        1. The “Whoops, Where Did My Web Server Go?” Problem
        2. Using SSH to Bypass RuleSets
      10. Commercial Firewalls
        1. BlackICE
        2. BorderManager
        3. FireBOX
        4. Firewall-1
        5. FireWall Server
        6. GNAT Box Firewall
        7. Guardian
        8. NetScreen
        9. PIX Firewall
        10. SideWinder
        11. Sonicwall
        12. Symantec Enterprise Firewall
        13. Tiny Personal Firewall
        14. ZoneAlarm Pro
      11. Summary
        1. Books and Publications
        2. Internet Resources
    2. 11. Vulnerability Assessment Tools (Scanners)
      1. The History of Vulnerability Scanners
      2. How Vulnerability Scanners Work
      3. What to Look For When Choosing a Scanner
      4. Fundamental Shortcomings
      5. Top Vulnerability Scanners
        1. Retina
        2. NetRecon
        3. ISS Internet Scanner
        4. Cybercop Scanner
        5. The Open Source Nessus Project
        6. Whisker
      6. Other Vulnerability Scanners
        1. HackerShield
        2. Update
        3. Cisco Scanner
        4. SAINT
        5. SARA, TARA, and WebMon
        6. STAT
        7. Security Analyzer
      7. Summary
    3. 12. Intrusion Detection Systems
      1. An Introduction to Intrusion Detection
        1. Who Should Be Using an IDS
      2. Network-Based IDSs
      3. Host-Based ID Systems
      4. Anomaly-Based IDSs
      5. What to Look for When Choosing an IDS
        1. Common Evaluation Criteria
      6. Snort and Other Open Source IDS Solutions
      7. Intrusion Detection Product Listing
        1. Cisco Secure IDS
        2. Computer Associates eTrust Intrusion Detection
        3. Enterasys Dragon IDS
        4. Intrusion SecureNet NID/SecureHost HID
        5. IntruVert IntruShield
        6. ISS RealSecure
        7. ISS BlackICE
        8. NFR Security Intrusion Detection System
        9. nSecure Software nPatrol
        10. Symantec NetProwler and Intruder Alert
      8. Summary
    4. 13. Logging Tools
      1. Why Log?
      2. Logs from a Cracking Perspective
      3. Forming a Logging Strategy
      4. Network Monitoring and Data Collection
        1. SWATCH (The System Watcher)
        2. Watcher
        3. lsof (List Open Files)
        4. Private-I
        5. WebSense
        6. Win-Log version 1
          1. SNIPS
      5. Tools for Analyzing Log Files
        1. NetTracker
        2. LogSurfer
        3. WebTrends for Firewalls and VPNs
        4. Analog
      6. Summary
    5. 14. Password Security
      1. An Introduction to Password Cracking
        1. Password Cryptography 101
        2. ROT-13
        3. DES and Crypt
      2. The Password-Cracking Process
      3. The Password Crackers
      4. Password Crackers for Windows
        1. L0phtCrack/LC4
        2. John the Ripper by Solar Designer
        3. NTCrack
          1. NT Accessories
          2. Notes on NT Password Security
      5. Unix Password Cracking
        1. About Unix Password Security
        2. Crack
        3. John the Ripper by Solar Designer
        4. PaceCrack95 (pacemkr@bluemoon.net)
        5. Star Cracker by the Sorcerer
      6. Cracking Cisco, Application, and Other Password Types
        1. Cracking Cisco IOS Passwords
        2. Commercial Application Password Crackers
        3. ZipCrack by Michael A. Quinlan
        4. AMI Decode (Author Unknown)
        5. PGPCrack by Mark Miller
      7. Improving Your Site’s Passwords
        1. Windows NT/2000
        2. Passfilt Pro
        3. Password Bouncer
        4. Unix
        5. LDAP Servers
      8. Other Resources
        1. Internet Resources
        2. Publications and Reports
      9. Summary
    6. 15. Sniffers
      1. Sniffers as Security Risks
        1. Local Area Networks and Data Traffic
        2. Packet Transport and Delivery
      2. What Level of Risk Do Sniffers Represent?
      3. Has Anyone Actually Seen a Sniffer Attack?
      4. What Information Do Sniffers Capture?
      5. Where Is One Likely to Find a Sniffer?
      6. Where Can I Get a Sniffer?
        1. Commercial Sniffers
          1. Sniffer Technologies and Products from Network Associates
          2. Finisar-Systems Surveyor
          3. PacketView by Klos Technologies
          4. Ranger Network Probe from Network Communications
          5. LANWatch by Precision Guesswork
          6. EtherPeek and AiroPeek from WildPackets Inc.
          7. NetMinder Ethernet by Neon Software
          8. LinkView Classic Network Analyzer by Acterna
          9. ProConvert from WildPackets, Inc.
          10. LANdecoder32 by Triticom
          11. Vericept
        2. Freely Available Sniffers
          1. Snoop
          2. Esniff
          3. TCPDUMP
          4. LinSniff
      7. Defeating Sniffer Attacks
        1. Detecting and Eliminating Sniffers
        2. Safe Topology
        3. Encrypted Sessions
      8. Summary
      9. Further Reading on Sniffers
  11. IV. Weapons of Mass Destruction
    1. 16. Denial-of-Service Attacks
      1. What Is Denial of Service?
        1. How Denial of Service Works
          1. Bandwidth Consumption
          2. Resource Saturation
          3. System and Application Crash
      2. Exploitation and Denial of Service
        1. Email Bomb Resource Attacks
          1. Email Bomb Packages
          2. Dealing with Email Bombs
          3. Email Bombs as Security Risks
          4. Email Bombing Viruses
          5. List Linking
          6. A Word About Mail Relay
          7. Mail Relaying Blocking Lists
        2. Protocol Attacks
      3. Denial-of-Service Attack Index
        1. Recent DoS Attacks
          1. BIND
          2. Smurf
          3. Fraggle
          4. ICMP Flood
          5. SYN Flood
          6. UDP Flood
        2. Historical List of Well-Known DoS Attacks
          1. Teardrop
          2. Bonk/Boink Attacks
          3. Jolt2
          4. LAND
          5. Winnuke
          6. DNSKiller
          7. arnudp100.c
        3. Distributed Denial-of-Service Attacks
          1. Trinoo (Trin00)
          2. Tribe Flood Network (TFN)
          3. TFN2k
          4. Stacheldraht
      4. Summary
      5. Other DoS Resources
    2. 17. Viruses and Worms
      1. Understanding Viruses and Worms
        1. What Is a Computer Virus?
        2. What Is a Computer Worm?
      2. Objects at Risk of Virus Infection
      3. Who Writes Viruses, and Why?
        1. How Are Viruses Created?
        2. What Does “In the Wild” Really Mean?
        3. How Do Viruses Work?
          1. Boot Sector Infectors
          2. File Viruses (Parasitic Viruses)
          3. Multipartite Viruses
          4. Macro Viruses
          5. Script Viruses
        4. Memetic Viruses
        5. How Do Worms Work?
        6. Virus Characteristics
      4. Antivirus Utilities
        1. Network Associates
        2. Norton Anti-Virus
        3. AVG AntiVirus
        4. eSafe
        5. Antigen
        6. PC-Cillin
        7. Sophos Anti-Virus
        8. F-PROT Anti-Virus
        9. Integrity Master
      5. Future Trends in Viral Malware
      6. Publications and Sites
      7. Summary
    3. 18. Trojans
      1. What Is a Trojan?
        1. Origin of the Species
        2. Definitions
        3. I Didn’t Mean It
        4. Trojan Classifications
          1. Destructive Trojans
          2. Privacy-Invasive Trojans
          3. Network Trojans
          4. Back Door Trojans
          5. Remote Access Tools
          6. Droppers
          7. Jokes
          8. Bombs
          9. Rootkits
          10. DDoS Agents
          11. Worms
      2. Where Do Trojans Come From?
      3. How Often Are Trojans Really Discovered?
      4. What Level of Risk Do Trojans Represent?
      5. How Do I Detect a Trojan?
        1. MD5
        2. Tripwire
        3. TAMU/TARA
        4. On Other Platforms
      6. Resources
      7. Summary
  12. V. Architecture, Platforms, and Security
    1. 19. Network Architecture Considerations
      1. Network Architecture
        1. Network Components
          1. Access Devices
          2. Security Devices
          3. Servers and Systems
          4. Organization and Layout
        2. Threats
          1. External Attacks
          2. Internal Attacks
          3. Physical Attacks
        3. Approach to Network Architecture
        4. Security Zones
          1. The Great Beyond
          2. Internal Networks
          3. Intermediate Networks
      2. Protecting the Castle
        1. Isolation and Separation
          1. Network Data
            1. Segments
            2. Switches and Hubs
            3. Routers
            4. Network Numbers
            5. Physical Considerations
        2. Network Separation
          1. Network Management
          2. Monitoring
          3. Remote Access
        3. Network Isolation
          1. Services Differentiation
            1. DNS
            2. Email
            3. Web Serving
          2. Virtual Local Area Networks
          3. Firewalls
      3. Summary
    2. 20. Microsoft
      1. Windows 9x and Windows Me
        1. The Password List Password Scheme
          1. Cracking PWL Files
            1. Glide
          2. Flushing the Password Out of Cached Memory
        2. Summary on Windows 9x and Windows Me
      2. Windows NT
        1. General Windows NT Security Vulnerabilities
          1. The Netmon Protocol Parsing Vulnerability
          2. The Predictable LPC Message Identifier Vulnerability
          3. The Registry Permissions Vulnerability
          4. The Remote Registry Access Authentication Vulnerability
          5. The Winsock Mutex Vulnerability
        2. Other Important Vulnerabilities of Lesser Significance
      3. Internal Windows NT Security
        1. Internal Security in General
          1. The RDISK Hole
        2. Achieving Good Internal Security
        3. A Tip on Setting Up a Secure Windows NT Server from Scratch
        4. Summary of Windows NT
      4. Windows 2000
        1. Improvements to Security
        2. Windows 2000 Distributed Security Overview
        3. General Windows 2000 Security Vulnerabilities
          1. The Malformed Data Transfer Request Vulnerability
          2. The Windows 2000 Directory Service Restore Mode Password Vulnerability
          3. The Netmon Protocol Parsing Vulnerability
          4. The Network Dynamic Data Exchange (DDE) Agent Request Vulnerability
          5. The Phone Book Service Buffer Overflow Vulnerability
          6. The Telnet Client NTLM Authentication Vulnerability
          7. The Telnet Server Flooding Vulnerability
        4. Summary of Windows 2000
      5. Windows XP
        1. Windows XP Security Improvements
      6. Modern Vulnerabilities in Microsoft Applications
        1. Microsoft Internet Explorer
          1. Incorrect VBScript Handling Vulnerability
          2. The Active Setup Download Vulnerability
          3. The Cached Web Credentials Vulnerability
          4. The IE Script Vulnerability
          5. The SSL Certificate Validation Vulnerability
          6. The Unauthorized Cookie Access Vulnerability
        2. Microsoft Exchange Server
          1. Microsoft Exchange Encapsulated SMTP Address Vulnerability
          2. Microsoft Exchange Malformed MIME Header Vulnerability
          3. Microsoft Exchange NNTP Denial-of-Service Vulnerability
          4. Microsoft Exchange SMTP Denial of Service Vulnerability
          5. Microsoft Exchange Error Message Vulnerability
          6. Microsoft Exchange User Account Vulnerability
        3. Internet Information Server
          1. Buffer Overrun in HTR ISAPI Extension Vulnerability
          2. Cross-Site Scripting in IIS Help File Search Facility Vulnerability
          3. The IIS Cross-Site Scripting Vulnerabilities
          4. The IIS Malformed Web Form Submission Vulnerability
          5. The IIS New Variant of File Fragment Reading via .HTR Vulnerability
          6. The IIS Session ID Cookie Marking Vulnerability
          7. The IIS Web Server File Request Parsing Vulnerability
          8. The Invalid URL Vulnerability
          9. The Myriad Escaped Characters Vulnerability
          10. The Web Server Folder Traversal Vulnerability
        4. Tools
          1. Administrator Assistant Tool Kit
          2. FileAdmin
          3. Security Analyst
          4. LANguard Network Security Scanner
          5. LANguard Security Reporter
          6. NT Crack
          7. Administrator’s Pak
          8. NTFSDOS Pro
          9. RemoteRecover
          10. PC Firewall ASaP
          11. RegAdmin
          12. Sniffer Basic
          13. Somarsoft DumpSec
          14. Somarsoft DumpEvt
          15. Somarsoft DumpReg
          16. Virtuosity
        5. Access Control Software
          1. Cetus StormWindow
          2. ConfigSafe Complete Recovery v4 by imagine LAN, Inc.
          3. DECROS Security Card by DECROS, Ltd.
          4. Desktop Surveillance Enterprise and Personal Editions
          5. Omniquad Detective
          6. Windows Task-Lock by Posum LLC
          7. WP WinSafe
          8. Secure Shell
        6. Good Online Sources of Information
          1. The Windows NT Security FAQ
          2. NTBugTraq
          3. NTSECURITY.com for Windows 2000 and Windows NT
          4. Expert Answers for Windows XP, Windows 2000, Windows NT, and Windows 9x/Me
          5. Windows IT Security (Formerly NTSecurity.net)
          6. “An Introduction to the Windows 2000 Public Key Infrastructure”
          7. Windows and .NET Magazine Online
          8. Securing Windows NT Installation
          9. Checklist for Upgrading to Windows 2000 Server
          10. The University of Texas at Austin Computation Center NT Archive
        7. Books on Windows 2000 and Windows NT Security
      7. Summary
    3. 21. Unix
      1. A Whistle-Stop Tour of Unix History
      2. Classifying Unix Distributions
        1. Immature
        2. Mainstream
        3. How Secure Is Open Source?
        4. Hardened Operating Systems
          1. OpenBSD
          2. Immunix
        5. Linux Kernel Patch
        6. Multilevel Trusted Systems
          1. Hewlett-Packard Praesidium VirtualVault
          2. Trusted Solaris
          3. AIX TCSEC Evaluated C2 Security
          4. Trusted BSD
          5. NSA
          6. Realities of Running TOS
      3. Security Considerations in Choosing a Distribution
      4. Unix Security Risks
        1. User Accounts
        2. Filesystem Security
          1. File Attributes
          2. Permissions in Practice
          3. The set-uid/set-gid Privilege
          4. The umask
        3. Filesystem Risks
        4. Filesystem Countermeasures
        5. The set-uid Problem
      5. Breaking set-uid Programs for Fun and Profit
        1. Useful Tools for the Explorer
          1. tcpdump
          2. Ethereal
          3. netcat
          4. Ltrace
          5. netsed
          6. Subterfugue
          7. Test Limitations
      6. Rootkits and Defenses
        1. Rootkit Countermeasures
        2. Kernel Rootkits
        3. Protecting Against Kernel Attacks
          1. Rootkit Detection
      7. Host Network Security
        1. Network Services: General Purpose Versus “Fit for Purpose”
          1. What Are Network Services?
        2. The Risks of Running Network Services
        3. Securing Network Services
        4. Disabling Network Services
        5. A Word About Privileged Ports
        6. Protecting Against Service Hijacking Attacks
        7. Detecting Fake Servers
      8. Telnet
        1. TELNET Protocol Risks
          1. Information Leakage
          2. I Spy with My Little Eye
          3. Remote Determination of Network Service Versions
          4. Remote Operating System Identification
        2. Securing Telnet
      9. An Essential Tool: Secure Shell
        1. The SSH Protocols
        2. SSH Servers
        3. SSH Clients
        4. SSH Resources
      10. FTP
        1. FTP Risks
        2. Securing FTP
      11. The r Services
        1. r Services Risks
        2. Countermeasures
      12. REXEC
        1. REXECREXEC Risks
        2. Securing REXEC
      13. SMTP
        1. SMTP Risks
        2. Securing SMTP
      14. DNS
        1. DNS Risks
        2. Securing DNS
      15. finger
      16. SNMP
        1. SNMP Risks
        2. Securing SNMP
      17. Network File System
        1. NFS Risks
        2. Securing NFS
      18. The Caveats of chroot
      19. Better the Daemon You Know…
      20. Assessing Your Unix Systems for Vulnerabilities
        1. Host Lockdown
        2. Host-Hardening Resources
          1. Sun Solaris
          2. YAASP (Yet Another Solaris Security Package)
          3. TITAN (Toolkit for Interactively Toughening Advanced Networks and Systems)
          4. GNU/Linux
          5. Bastille Linux
          6. Hewlett-Packard HP-UX
          7. IBM AIX
          8. FreeBSD
      21. Summary
    4. 22. Novell NetWare
      1. The OS Facts of Life
      2. Watching the Big Three
        1. Server Environment
          1. Physical Security
          2. Securing an Insecure Console
            1. NetWare 4.11 Console Lock
          3. RCONSOLE
          4. Unix Compatibility Utilities
            1. WWW Services
            2. NETBASIC.NLM
          5. Server Environment Parameters
            1. Bindery Context
        2. Client Environment
          1. Windows: The Weakest Link
        3. Novell Directory Services (NDS) Environment
          1. A Good Start: Intruder Detection
          2. User Names: Admin
          3. Guest and Other No-Password Users
            1. Enforcing User Authentication Policies
          4. Understanding and Applying NDS “Best Practices”
            1. Unintended Consequences of Container Rights
          5. NDS Auditing Tools
          6. AuditWare for NDS
          7. bv-Control for NDS
          8. JRButils
          9. LT Auditor+ 8.0
          10. Commercial Secure Remote Control Products
          11. SecureConsole for NetWare 3.4
          12. AdRem sfConsole
          13. Useful Freeware
            1. BURGLAR.NLM
            2. HOBJLOC.NLM
            3. REMOTE.EXE
            4. SETPWD.NLM
      3. Further Reading
      4. Summary
    5. 23. Routers, Switches, and Hubs
      1. The Problems with Infrastructure Equipment
      2. Keeping Up with OS Revisions
      3. Securing Hubs
      4. Securing Switches
      5. Securing and Configuring Routers
        1. Securing Login Points
        2. Keeping Administrators Accountable
        3. Disabling Unnecessary Services
      6. Network Management Considerations
        1. Centralizing Logging
        2. Password Storage Considerations
        3. Time Synchronization
        4. SNMP Considerations
      7. Preventing Spoofing and Other Packet Games
        1. Egress Filtering
        2. Ingress Filtering
        3. Stopping Silly Packet Games
      8. Summary
      9. Further Reading and Reference
    6. 24. Macintosh
      1. Mac OS X—Apple’s New Operating System
      2. Establishing the Macintosh as a Server
        1. WebSTAR Server Suite Recruited by U.S. Army
        2. Hotline for Sharing Ideas and Files
        3. Mac OS X Server Ability
      3. Vulnerabilities on the Macintosh Platform
        1. AtEase Access Bug
        2. AtEase PowerBook 3400 Bug
        3. Denial of Service by Port Over flow
        4. DiskGuard Security
        5. FWB Hard Disk Toolkit 2.5 Vulnerability
        6. MacDNS Bug
        7. Network Assistant
        8. Password Security on Mac OS 8.0 Upgrades
        9. Sequence of Death and WebSTAR
        10. Mac OS X Software Vulnerabilities
        11. Localhost Security Concern
      4. About File Sharing and Security
        1. Mac OS 9 File Security
        2. Mac OS X File Security
      5. Server Management and Security
        1. EtherPeek
        2. InterMapper 3.6
        3. MacAnalysis
        4. MacSniffer—Mac OS X
        5. ettercap
        6. HenWen with Snort
        7. StreamEdit
        8. MacRadius
        9. Network Security Guard
        10. Oyabun Tools
        11. Silo 1.03
        12. Nmap
        13. Timbuktu Notes
      6. Firewall Protection
        1. IPNetSentry
        2. NetBarrier
        3. Norton Personal Firewall
      7. Internal Security
        1. Mac OS X Screensaver Password Protection
        2. Mac OS X Login
        3. BootLogger
        4. DiskLocker
        5. Empower
        6. Ferret
        7. Filelock
        8. FullBack
        9. Invisible Oasis
        10. TypeRecorder
        11. KeysOff and KeysOff Enterprise
        12. LockOut
        13. OnGuard Emergency Passwords
        14. Password Key
        15. Password Security Control Panel Emergency Password
        16. Aladdin Secure Delete
        17. SecurityWare Locks
        18. Stealth Signal
        19. Mac OS X Single User Root Mode
        20. Super Save 2.02
        21. SubRosa Utilities
        22. Open Firmware Password Protection
      8. Password Crackers and Related Utilities
        1. FMP Password Viewer Gold 2.0
        2. FMProPeeker 1.1
        3. Macintosh Hacker’s Workshop
        4. John the Ripper
        5. Killer Cracker
        6. MacKrack
        7. MagicKey 3.2.3a
        8. MasterKeyII
        9. McAuthority
        10. Meltino
        11. Password Killer
      9. Anonymous Email and Mailbombing
        1. Caem
        2. Bomba
        3. NailMail X
        4. Spic & Spam
        5. ATT Blitz
      10. Macintosh Viruses, Worms, and Antivirus Solutions
        1. MacVirus.Info
        2. .Mac
        3. Norton Anti-Virus
        4. Intego VirusBarrier
        5. Disinfectant
        6. AutoStart Worm Remover
        7. The Little Dutch Moose
        8. Mac OS X Virus Overview
      11. Spyware and Detection
        1. MacScan
      12. Resources
        1. Books and Reports
        2. Sites with Tools and Munitions
        3. E-Zines and Web Sites
    7. 25. Policies, Procedures, and Enforcement
      1. The Importance of Security Policies
      2. Site and Infrastructure Security Policy
        1. Facilities and Physical Security Considerations
        2. Infrastructure and Computing Environment
          1. Physical Access to Computer Systems and Facilities
          2. Physical Security Considerations for Laptop Computers and PDAs
          3. Voice and Data Network Security
          4. Remote Network Access
          5. Security Monitoring and Auditing
          6. Authentication and Access Control
      3. Acceptable Use
        1. Administrative Security Policies
        2. Acceptable Use Policies for Users
      4. Enforcement of Policy
      5. Summary
        1. Password Security
        2. Audits and Analysis
        3. Site Security Policies
        4. Incident Handling
        5. System Configuration
  13. VI. Security and Integrated Services
    1. 26. Secure Application Development, Languages, and Extensions
      1. Security and Software
      2. What Is a Secure Application?
        1. The Enemy Within (Your Code)
        2. Configuration Issues
        3. Race Conditions
        4. Buffer Overflows
        5. Data Protection
        6. Temporary Storage
        7. Denial of Service
        8. Input and Output Methods
      3. A Security Architecture
        1. Components of a Security Architecture
          1. Set the Stage for Security
          2. Consider the Functionality Not Provided
          3. Come Here for Guaranteed Security
        2. Security Requirements
          1. To Secure or Not to Secure
          2. Assessing Authentication and Access Control Requirements
          3. Requirements for Data Storage
          4. Network and Entry Point Security Requirements
            1. Network, Application, and System Interactions
            2. Operating System Interactions
          5. Throw Away That Security Blanket
        3. Identification of the Risk Areas
        4. Security Response
      4. Security-Aware Designs
        1. Design Phase Analysis
          1. The Global Viewpoint
            1. Case Study Phase I
          2. The Organizational Viewpoint
            1. Case Study Phase II
          3. The Component Viewpoint
            1. Case Study Phase III
      5. Secure Coding Practices
        1. Pitfalls by the C
        2. A Perl of an Application
        3. Mi Java Es Su Java
        4. C#/.NET
        5. The Shell Game and Unix
        6. Internet Appliances
      6. Summary
    2. 27. Wireless Security Auditing
      1. Wireless LAN Topology
      2. Access Points
        1. Linksys WAP11 Access Point
          1. Tech Specs
        2. NetGear ME102 Access Point
          1. Tech Specs
      3. Antennas
        1. Radome-Enclosed Yagi Antenna: HyperLink HG2415Y
          1. Tech Specs
        2. Parabolic Grid Antenna: HyperLink HG2419G
          1. Tech Specs
        3. SigMax Omni-Directional: Signull SMISMCO10
          1. Tech Specs
        4. SigMax Circular Yagi: Signull SMISMCY12
          1. Tech Specs
        5. TechnoLab Log Periodic Yagi
          1. Tech Specs
      4. Wireless Networking Cards
        1. ORiNOCO PC Card
      5. Handheld Devices
        1. Compaq iPAQ
          1. Tech Specs
      6. Constructing a Wireless Test Lab
      7. Wireless Attacks
      8. Surveillance
      9. War Driving
      10. Client-to-Client Hacking
      11. Rogue Access Points
      12. Jamming (Denial of Service)
      13. Practical WEP Cracking
      14. Summary
  14. VII. References
    1. A. Security Bibliography—Further Reading
      1. General Internet Security
      2. TCP/IP
      3. On NetWare
    2. B. How to Get More Information
      1. Establishment Resources
        1. Sites on the WWW
        2. Reports and Publications
          1. General
          2. Java
          3. Databases and Security
        3. Articles
        4. Tools
          1. Windows
          2. Macintosh Security Tools
          3. Password Crackers
          4. Scanners and Related Utilities
          5. Mail Bombers
          6. Intrusion Detectors
        5. Technical Reports, Government Standards, and Papers
          1. The Rainbow Books and Related Documentation
          2. Other Governmental Security Documents and Advisories
          3. Intrusion Detection
        6. Mailing Lists
      2. Underground Resources
    3. C. Vendor Information and Security Standards
      1. Vendor Security Information
        1. Hewlett-Packard
        2. IBM
        3. Linux
          1. Caldera
          2. Debian
          3. Red Hat
          4. SuSE
        4. Microsoft
        5. Sun Microsystems
      2. RFC Documents Relevant to Security
    4. D. What’s on the CD-ROM
    5. Glossary
  15. 28. CD-ROM