You are previewing Maximum Security, Third Edition.
O'Reilly logo
Maximum Security, Third Edition

Book Description

Maximum Security, Third Edition provides comprehensive, platform-by-platform coverage of security issues and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. In one book, security managers and others interested in computer and network security can learn everything the hackers already know, and then take steps to protect their systems.

Table of Contents

  1. Copyright
  2. About the Lead Author
  3. About the Contributing Authors
  4. Tell Us What You Think!
  5. I. Setting the Stage
    1. 1. Why This Book Was Written
      1. The Need for Information Security
      2. The Root of the Problem
      3. Network and Host Misconfigurations
        1. Operating System and Application Flaws
        2. Deficiencies in Vendor QA Efforts and Response
          1. Allaire's ColdFusion Problems
          2. Microsoft PPTP
          3. Vendor Response
        3. Lack of Qualified People in the Field
      4. Why Education in Security Is Important
        1. The Corporate Sector
        2. The Schools
        3. The Government
      5. From the Eye of the Beholder
    2. 2. How to Use This Book
      1. How to Use This Book? Duh!
        1. This Book's General Structure
      2. Methods of Using This Book
        1. Learning the Basics of Information Security
        2. Using This Book to Secure a Computing Environment
        3. Using This Book for Heavy-Duty Security Research
      3. The Book's Parts
        1. Part I: "Setting the Stage"
        2. Part II: "Security Concepts"
        3. Part III: "Hacking 101: The Tricks of the Trade"
        4. Part IV: "The Defender's Toolkit"
        5. Part V: "Virtual Weapons of Mass Destruction"
        6. Part VI: "Platforms and Security"
        7. Part VII: "Bringing It All Together"
      4. This Book's Limitations
        1. Timeliness
        2. Utility
      5. Odds and Ends to Know About Maximum Security
      6. Cool Stuff on the CD-ROM
        1. FTP Clients
        2. Archive File Formats
        3. Text File Formats and Document Readers
      7. Programming Languages
      8. Summary
  6. II. Security Concepts
    1. 3. Building a Roadmap for Securing Your Enterprise
      1. Proactive Versus Reactive Models
      2. Benchmarking Your Current Security Posture
      3. Identifying Digital Assets
      4. Protecting Assets
        1. Identifying and Removing Vulnerabilities
        2. Developing Standardized Build Documents
        3. Developing and Deploying Policies and Procedures
      5. Incident Response
      6. Training Users and Administrators
      7. Tying It All Together
      8. Summary
    2. 4. A Brief Primer on TCP/IP
      1. What Is TCP/IP?
        1. The Open Systems Interconnection (OSI) Reference Model
          1. Network-Level Protocols
          2. Application-Level Protocols
        2. The History of TCP/IP
        3. The RFCs
        4. Implementations of TCP/IP
      2. How Does TCP/IP Work?
      3. The Individual Protocols
        1. Network-Level Protocols
          1. The Address Resolution Protocol (ARP)
          2. The Internet Control Message Protocol (ICMP)
          3. The Internet Protocol (IP)
            1. IP Network Addressing
          4. The Transmission Control Protocol (TCP)
            1. TCP Connection Termination
          5. User Datagram Protocol (UDP)
        2. Application Level Protocols—The Ports
          1. Hypertext Transfer Protocol (HTTP)
          2. Domain Name System (DNS)
          3. Telnet
          4. File Transfer Protocol (FTP)
            1. Mechanical Operation of FTP
            2. FTPD: An FTP Server Daemon
          5. Simple Mail Transfer Protocol (SMTP)
          6. Secure Shell Protocol (SSH)
      4. IPsec, IPv6, VPNs, and Looking Ahead
      5. Summary
    3. 5. Hackers and Crackers
      1. The Difference Between Hackers and Crackers
      2. Tools of the Trade
        1. Reconnaissance
          1. Social Engineering
          2. Port Scanners and Passive Operating System Identification
            1. NMAP
            2. HPING2
        2. Passive Operating System Identification Fingerprinting
      3. Exploits and the SANS Top 10
        1. Exploits
        2. The SANS Top 10
      4. Summary
    4. 6. The State of the Net: A World at War
      1. Hacking, Cracking, and Other Malicious Behavior
      2. Governments at War
        1. Can the Internet Be Used for Espionage?
        2. The Threat Gets More Personal
        3. Who Holds the Cards?
        4. Can the United States Protect the National Information Infrastructure?
        5. What Would an Information Attack Look Like?
      3. The State of the Government
        1. Defense Information Systems Network
        2. The United States Navy and NASA
        3. The Pentagon Attacks
          1. Other Cracked Government Sites
        4. Government Security
        5. The National Infrastructure Protection Center (NIPC)
        6. Summary of Government Vulnerabilities
      4. The State of the Corporate Sector
        1. Credit Card Theft Goes Cyber: The StarWave Incident
        2. Credit Card Theft Hits Overdrive
        3. The Trends
          1. Dan Farmer's Survey
          2. The Ernst & Young LLP/ComputerWorld Information Security Survey
      5. A Warning
      6. Summary
        1. Internet Resources on Information Warfare
        2. Books on Information Warfare
  7. III. Hacking 101: The Tricks of the Trade
    1. 7. Spoofing Attacks
      1. What Is Spoofing?
      2. Internet Security Fundamentals
        1. Methods of Authentication
        2. RHOSTS
      3. The Mechanics of a Spoofing Attack
        1. The Ingredients of a Successful Spoofing Attack
        2. Opening a More Suitable Hole
        3. Who Can Be Spoofed?
        4. How Common Are Spoofing Attacks?
        5. Spoofing/Hijacking Utilities
          1. 1644
          2. Hunt
          3. ipspoof
          4. Juggernaut
          5. rbone
          6. Spoofit
          7. synk4.c (Syn Flooder by Zakath)
      4. Documents Related Specifically to IP Spoofing
      5. How Do I Prevent IP Spoofing Attacks?
      6. Other Strange and Offbeat Spoofing Attacks
        1. ARP Spoofing
        2. DNS Spoofing
      7. Summary
    2. 8. Hiding One's Identity
      1. Degrees of Exposure
        1. Human Intelligence
      2. Web Browsing and Invasion of Privacy
        1. Internet Architecture and Privacy
        2. How User Information Is Stored on Servers
        3. Finger
          1. Solutions for the Finger Problem
        4. MasterPlan
        5. Beyond Finger
      3. Browser Security
        1. IP Address and Cache Snooping
        2. Cookies
          1. Combating Cookies
        3. Banner Ads and Web Bugs
          1. Protecting Yourself from Banner Ads and Web Bugs
      4. Your Email Address and Usenet
        1. DejaNews
        2. The WHOIS Service
      5. A Warning
        1. Internet Resources
        2. Articles and Papers and Related Web Sites
    3. 9. Dispelling Some of the Myths
      1. When Can Attacks Occur?
        1. How Do I Become a Hacker's Target?
        2. Dial-Up Versus Persistent Connections
        3. Which Computer Operating Systems Are Vulnerable?
        4. My Firewall Will Stop the Pesky Crackers!
      2. What Kinds of Attackers Exist?
        1. Script Kiddies—Your Biggest Threat?
        2. Black Hats—"The Dark Side"
        3. White Hats—The Good Guys
      3. Operating Systems Used by Crackers
        1. Windows Operating Systems
        2. Linux/NetBSD/FreeBSD
        3. OpenBSD
      4. Is There a Typical Attack?
        1. Denial of Service
        2. Viruses, Trojans, and Malicious Scripts or Web Content
        3. Web Defacement or "Tagging"
        4. Attacks from the Inside
      5. Who Gets Targeted Most Frequently?
        1. Home and Small Business Internet Users
        2. Larger Businesses and Corporations
        3. Government and Military Institutions
        4. Financial Institutions
      6. What Is the Motivation Behind Attacks?
        1. Notoriety, or the "Elite" Factor
        2. Maliciousness and Destruction
          1. Destructive Pranks or Lack of Cause
          2. Disgruntled Employees
        3. Making a Political Statement
        4. Financial Gain
          1. Theft or Unauthorized Transfer of Funds
          2. Theft of Intellectual Property and Corporate Espionage
          3. Credit Card Theft and "Carding"
        5. Cracking for Knowledge
        6. Breaking In to Break In
      7. Summary
  8. IV. The Defender's Toolkit
    1. 10. Firewalls
      1. What Is a Firewall?
      2. Other Features Found in Firewall Products
      3. Firewalls Are Not Bulletproof
      4. A Look Under the Hood of Firewalling Products
        1. Packet-Filter–Based Firewalls
        2. Stateful Packet-Filter–Based Firewalls
        3. Proxy-Based Firewalls
      5. Pitfalls of Firewalling
      6. Firewall Appliances
      7. Building Firewalls in the Real World
        1. Identifying Topology, Application, and Protocol Needs
        2. Analyze Trust Relationships and Communication Paths in Your Organization
        3. Evaluate and Choose a Firewall Product
        4. Deploying and Testing Your Firewall
      8. Sample Failures of Firewall Technology
        1. The "Whoops, Where Did My Web Server Go?" Problem
        2. Using SSH to Bypass Rule Sets
      9. Building a Firewall with the Firewall Toolkit (FWTK)
      10. Commercial Firewalls
        1. BorderManager
        2. FireBOX
        3. Firewall-1
        4. FireWall Server
        5. Gauntlet Internet Firewall
        6. GNAT Box Firewall
        7. Guardian
        8. NetScreen
        9. PIX Firewall
        10. Raptor Firewall
        11. SideWinder
        12. Sonicwall
      11. Summary
        1. Books and Publications
        2. Internet Resources
    2. 11. Vulnerability Assessment Tools (Scanners)
      1. The History of Vulnerability Scanners
      2. How Vulnerability Scanners Work
      3. What to Look For When Choosing a Scanner
      4. Fundamental Shortcomings
      5. Top Vulnerability Scanners
        1. Axent NetRecon
        2. ISS Internet Scanner
        3. Network Associates Cybercop Scanner
        4. The Open Source Nessus Project
        5. Whisker
      6. Other Vulnerability Scanners
        1. BindView HackerShield
        2. Cisco NetSonar
        3. SAINT
        4. SARA
        5. Webtrends Security Analyzer
      7. Summary
    3. 12. Intrusion Detection Systems (IDSs)
      1. An Introduction to Intrusion Detection
        1. Who Should Be Using an IDS
      2. Network-Based IDSs
      3. Host-Based ID Systems
      4. What to Look for When Choosing an IDS
        1. Common Evaluation Criteria
      5. SNORT and Other Open Source IDS Solutions
      6. Intrusion Detection Product Listing
        1. Anzen Flight Jacket
        2. Axent/Symantec NetProwler and Intruder Alert
        3. Cisco Secure IDS
        4. CyberSafe Centrax IDS
        5. Enterasys Dragon IDS
        6. ISS RealSecure
        7. Network ICE BlackICE Sentry
        8. NFR Security Intrusion Detection System
      7. Summary
      8. Further References
    4. 13. Logging and Auditing Tools
      1. Why Log?
      2. Logs from a Cracking Perspective
      3. Forming a Logging Strategy
      4. Network Monitoring and Data Collection
        1. SWATCH (The System Watcher)
        2. Watcher
        3. lsof (List Open Files)
        4. Private-I
        5. WebSense
        6. Win-Log version 1
          1. NOCOL/NetConsole v4
      5. Tools for Analyzing Log Files
        1. NestWatch
        2. NetTracker
        3. LogSurfer
        4. WebTrends for Firewalls and VPNs
        5. Analog
      6. Specialized Logging Utilities
        1. Courtney
        2. Gabriel
      7. Summary
    5. 14. Password Crackers
      1. An Introduction to Password Cracking
        1. Password Cryptography 101
          1. ROT-13
          2. DES and Crypt
      2. The Password-Cracking Process
      3. The Password Crackers
      4. Password Crackers for Windows NT
        1. L0phtCrack
        2. John the Ripper by Solar Designer
        3. NTCrack
          1. NT Accessories
          2. Notes on NT Password Security
      5. UNIX Password Cracking
        1. About UNIX Password Security
        2. Crack
        3. John the Ripper by Solar Designer
        4. CrackerJack by Jackal
        5. PaceCrack95 (pacemkr@bluemoon.net)
        6. Star Cracker by the Sorcerer
        7. Merlin by Computer Incident Advisory Capability (CIAC) DOE
      6. Cracking Cisco, Application, and Other Password Types
        1. Cracking Cisco IOS Passwords
        2. Commercial Application Password Crackers
        3. ZipCrack by Michael A. Quinlan
        4. Glide (Author Unknown)
        5. AMI Decode (Author Unknown)
        6. PGPCrack by Mark Miller
      7. Other Resources
        1. Internet Resources
        2. Publications and Reports
      8. Summary
    6. 15. Sniffers
      1. Sniffers as Security Risks
        1. Local Area Networks and Data Traffic
        2. Packet Transport and Delivery
      2. What Level of Risk Do Sniffers Represent?
      3. Has Anyone Actually Seen a Sniffer Attack?
      4. What Information Do Sniffers Capture?
      5. Where Is One Likely to Find a Sniffer?
      6. Where Can I Get a Sniffer?
        1. Commercial Sniffers
          1. Sniffer Portable Analysis Solutions from Network Associates
          2. Shomiti Systems Surveyor, Explorer, and Century LAN Analyzers
          3. PacketView by Klos Technologies
          4. Network Probe from Network Communications
          5. LANWatch by Precision Guesswork
          6. EtherPeek from WildPackets Inc. (formerly AG Group)
          7. NetMinder Ethernet by Neon Software
          8. DatagLANce Network Analyzer by IBM
          9. LinkView Network Analyzers by Acterna
          10. ProConvert from WildPackets, Inc. (formerly Net3 Group)
          11. LANdecoder32 by Triticom
          12. LanExplorer Protocol Analyzer from Sunrise Telecom
        2. Freely Available Sniffers
          1. Gobbler (Tirza van Rijn)
        3. Ethload (Vyncke, et al.)
        4. TCPDUMP
        5. LinSniff
        6. Sunsniff
        7. linux_sniffer.c
      7. Defeating Sniffer Attacks
        1. Detecting and Eliminating Sniffers
        2. Safe Topology
        3. Encrypted Sessions
      8. Summary
      9. Further Reading on Sniffers
  9. V. Virtual Weapons of Mass Destruction
    1. 16. Denial of Service Attacks
      1. What Is Denial of Service?
        1. How Denial of Service Works
          1. Bandwidth Consumption
          2. Resource Saturation
          3. System and Application Crash
      2. Exploitation and Denial of Service
        1. Email Bomb Resource Attacks
          1. Email Bomb Packages
          2. Dealing with Email Bombs
          3. Email Bombs as Security Risks
          4. List Linking
          5. A Word About Mail Relay
        2. Protocol Attacks
      3. Denial of Service Attack Index
        1. Recent DoS Attacks
          1. Smurf
          2. Fraggle
          3. ICMP Flood
          4. SYN Flood
          5. UDP Flood
        2. Historical List of Well-Known DoS Attacks
          1. Teardrop
          2. Bonk, Boink Attacks
          3. Newtear Attack
          4. INETINFO.EXE Attack
          5. Jolt
          6. Jolt2
          7. LAND
          8. Pong
          9. The Pentium Bug
          10. Winnuke
          11. Ping of Death
          12. DNSKiller
          13. arnudp100.c
        3. Distributed Denial of Service Attacks
          1. Trinoo (Trin00)
          2. Tribe Flood Network (TFN)
          3. TFN2k
          4. Stachledraht
      4. Summary
      5. Other DoS Resources
    2. 17. Viruses and Worms
      1. Understanding Viruses and Worms
        1. What Is a Computer Virus?
        2. What Is a Computer Worm?
      2. Objects at Risk of Virus Infection
      3. Who Writes Viruses, and Why?
        1. How Are Viruses Created?
        2. What Does "In the Wild" Really Mean?
        3. How Do Viruses Work?
          1. Boot Sector Infectors (BSIs)
          2. File Viruses (Parasitic Viruses)
          3. Multipartite Viruses
          4. Macro Viruses
          5. Script Viruses
        4. Memetic Viruses
        5. How Do Worms Work?
        6. Virus Characteristics
      4. Anti-Virus Utilities
        1. AntiViral Toolkit Pro (AVP)
        2. Network Associates
        3. Norton Anti-Virus
        4. eSafe
        5. PC-Cillin
        6. Sophos Anti-Virus
        7. Norman Virus Control
        8. F-PROT Anti-Virus
        9. Integrity Master
      5. Future Trends in Viral Malware
      6. Publications and Sites
      7. Summary
    3. 18. Trojans
      1. What Is a Trojan?
        1. Origin of the Species
        2. Definitions
        3. I Didn't Mean It
        4. Trojan Classifications
          1. Destructive Trojans
          2. Privacy-Invasive Trojans
          3. Back Door Trojans
          4. Remote Access Tools (RATs)
          5. Droppers
          6. Jokes
          7. Bombs
          8. Rootkits
          9. DDoS Agents
          10. Worms
      2. Where Do Trojans Come From?
      3. How Often Are Trojans Really Discovered?
      4. What Level of Risk Do Trojans Represent?
      5. How Do I Detect a Trojan?
        1. MD5
        2. Tripwire
        3. TAMU
        4. Hobgoblin
        5. On Other Platforms
      6. Resources
      7. Summary
  10. VI. Platforms and Security
    1. 19. Microsoft
      1. DOS
        1. IBM Compatibles in General
          1. The BIOS Password
        2. Key-Capture Utilities
        3. Access Control Software for DOS
          1. Dir Secure 2.0
          2. Secure File System
          3. Sentry
          4. Encrypt-It
          5. LCK100
          6. Gateway2
        4. Sites That House DOS Security Tools
          1. The Simtel DOS Security Index
          2. The CIAC DOS Security Tools Page
      2. Windows for Workgroups, Windows 9x, and Windows Me
        1. The Password List (PWL) Password Scheme
          1. Cracking PWL Files
            1. Glide
          2. Flushing the Password out of Cached Memory
        2. Summary on DOS, Windows for Workgroups, Windows 9x, and Windows Me
      3. Windows NT
        1. General Windows NT Security Vulnerabilities
          1. The Netmon Protocol Parsing Vulnerability
          2. The Predictable LPC Message Identifier Vulnerability
          3. The Registry Permissions Vulnerability
          4. The Remote Registry Access Authentication Vulnerability
          5. The Winsock Mutex Vulnerability
        2. Other Important Vulnerabilities of Lesser Significance
      4. Internal Windows NT Security
        1. Internal Security in General
          1. The RDISK Hole
        2. Achieving Good Internal Security
        3. A Tip on Setting Up a Secure Windows NT Server from Scratch
        4. Summary of Windows NT
      5. Windows 2000
        1. Improvements to Security
        2. Windows 2000 Distributed Security Overview
        3. General Windows 2000 Security Vulnerabilities
          1. The Windows 2000 Directory Service Restore Mode Password Vulnerability
          2. The Netmon Protocol Parsing Vulnerability
          3. The Network DDE Agent Request Vulnerability
          4. The Phone Book Service Buffer Overflow Vulnerability
          5. The Telnet Client NTLM Authentication Vulnerability
          6. The Telnet Server Flooding Vulnerability
        4. Summary of Windows 2000
      6. Modern Vulnerabilities in Microsoft Applications
        1. Microsoft Internet Explorer
          1. The Active Setup Download Vulnerability
          2. The Cached Web Credentials Vulnerability
          3. The IE Script Vulnerability
          4. The Microsoft Internet Explorer GetObject() File Disclosure Vulnerability
          5. The Office HTML Script Vulnerability
          6. The SSL Certificate Validation Vulnerability
          7. The Unauthorized Cookie Access Vulnerability
        2. Microsoft Exchange Server
          1. Microsoft Exchange Encapsulated SMTP Address Vulnerability
          2. Microsoft Exchange Malformed Bind Request Vulnerability
          3. Microsoft Exchange Malformed MIME Header Vulnerability
          4. Microsoft Exchange NNTP Denial-of-Service Vulnerability
          5. Microsoft Exchange SMTP Denial of Service Vulnerability
          6. Microsoft Exchange Error Message Vulnerability
          7. Microsoft Exchange User Account Vulnerability
        3. IIS (Internet Information Server)
          1. The IIS Cross-Site Scripting Vulnerabilities
          2. The IIS Malformed Web Form Submission Vulnerability
          3. The IIS New Variant of File Fragment Reading via .HTR Vulnerability
          4. The IIS Session ID Cookie Marking Vulnerability
          5. The IIS Web Server File Request Parsing Vulnerability
          6. The Invalid URL Vulnerability
          7. The Myriad Escaped Characters Vulnerability
          8. The Web Server Folder Traversal Vulnerability
        4. Tools
          1. Administrator Assistant Tool Kit
          2. Administrator's Pak
          3. AntiSniff 1.021
          4. FileAdmin
          5. Kane Security Analyst 5.0
          6. L0phtCrack 3.0
          7. LANguard Internet Access Control
          8. LANguard Security Reporter
          9. NT Crack
          10. NT Locksmith
          11. NTFSDOS Pro
          12. NTHandle
          13. NTRecover
          14. PC Firewall ASaP
          15. RedButton
          16. RegAdmin
          17. Remote Recover
          18. ScanNT Plus
          19. Sniffer Basic
          20. Somarsoft DumpSec
          21. Somarsoft DumpEvt
          22. Somarsoft DumpReg
          23. Virtuosity
        5. Access Control Software
          1. Cetus StormWindow
          2. Clasp2000
          3. ConfigSafe Complete Recovery v4 by imagine LAN, Inc.
          4. DECROS Security Card by DECROS, Ltd.
          5. Desktop Surveillance Enterprise and Personal Editions
          6. HDD-Protect 2.5c
          7. Omniquad Detective 2.1
          8. Secure4U 5.0
          9. StopLock Suite by Conclusive Logic, Inc.
          10. TrueFace
          11. Windows Task-Lock by Posum LLC
          12. WP WinSafe
          13. SafeGuard Easy
          14. Secure Shell
        6. Good Online Sources of Information
          1. The Windows NT Security FAQ
          2. NTBugTraq
          3. NTSECURITY.COM for Windows 2000 and Windows NT
          4. Expert Answers for Windows 2000, Windows NT, and Windows 9x/Me
          5. Windows IT Security (Formerly NTSecurity.net)
          6. "An Introduction to the Windows 2000 Public Key Infrastructure"
          7. Windows 2000 Magazine Online
          8. Securing Windows NT Installation
          9. Checklist for Upgrading to Windows 2000 Server
          10. The University of Texas at Austin Computation Center NT Archive
        7. Books on Windows 2000 and Windows NT Security
      7. Summary
    2. 20. UNIX
      1. A Whistle-Stop Tour of UNIX History
      2. Classifying UNIX Distributions
        1. Immature
        2. Mainstream
        3. How Secure Is Open Source?
        4. Hardened Operating Systems
          1. OpenBSD
          2. Immunix
        5. Linux Kernel Patch
        6. Multilevel Trusted Systems
          1. Hewlett-Packard Praesidium VirtualVault
          2. Argus Systems PitBull
          3. Trusted BSD
          4. NSA
          5. Realities of Running TOS
      3. Security Considerations in Choosing a Distribution
      4. UNIX Security Risks
        1. User Accounts
        2. Filesystem Security
          1. File Attributes
          2. Permissions in Practice
          3. The Set-uid/Set-gid Privilege
          4. The Umask
        3. Filesystem Risks
        4. Filesystem Countermeasures
        5. The Set-uid Problem
      5. Breaking Set-uid Programs for Fun and Profit
        1. Useful Tools for the Explorer
          1. Tcpdump
          2. Ethereal
          3. Netcat
          4. Ltrace
          5. Netsed
          6. Subterfugue
          7. Test Limitations
      6. Rootkits and Defenses
        1. Rootkit Countermeasures
        2. Kernel Rootkits
        3. Protecting Against Kernel Attacks
          1. Rootkit Detection
      7. Host Network Security
        1. Network Services: General Purpose Versus "Fit for Purpose"
          1. What Are Network Services?
        2. The Risks of Running Network Services
        3. Securing Network Services
        4. Disabling Network Services
        5. A Word About Privileged Ports
        6. Protecting Against Service Hijacking Attacks
        7. Detecting Fake Servers
      8. Telnet
        1. TELNET Protocol Risks
          1. Information Leakage
          2. I Spy with My Little Eye
          3. Remote Determination of Network Service Versions
          4. Remote Operating System Identification
        2. Securing Telnet
      9. An Essential Tool: Secure Shell
        1. The SSH Protocols
        2. SSH Servers
        3. SSH Clients
        4. SSH Resources
      10. FTP
        1. FTP Risks
        2. Securing FTP
      11. The r Services
        1. r Services Risks
        2. Countermeasures
      12. REXEC
        1. REXECREXEC Risks
        2. Securing REXEC
      13. SMTP
        1. SMTP Risks
        2. Securing SMTP
      14. DNS
        1. DNS Risks
        2. Securing DNS
      15. Finger
      16. SNMP
        1. SNMP Risks
        2. Securing SNMP
      17. Network File System
        1. NFS Risks
        2. Securing NFS
      18. The Caveats of chroot
      19. Better the Daemon You Know…
      20. Assessing Your UNIX Systems for Vulnerabilities
        1. Host Lockdown
        2. Host-Hardening Resources
          1. SUN Solaris
          2. GNU/Linux
          3. Hewlett-Packard HP-UX
          4. IBM AIX
          5. FreeBSD
      21. Summary
    3. 21. Novell
      1. The OS Facts of Life
      2. Watching the Big Three
        1. Server Environment
          1. Physical Security
          2. Securing an Insecure Console
            1. NetWare 4 Console Lock
          3. RCONSOLE
          4. UNIX-Compatibility Utilities
            1. WWW Services
            2. NETBASIC.NLM
            3. TOOLBOX.NLM
          5. Server Environment Parameters
            1. Bindery Context
        2. Client Environment
          1. Windows: The Weakest Link
        3. Novell Directory Services (NDS) Environment
          1. A Good Start: Intruder Detection
          2. User Names: Admin
          3. Guest and Other No-Password Users
            1. Enforcing User Authentication Policies
          4. Understanding and Applying NDS "Best Practices"
            1. Unintended Consequences of Container Rights
          5. NDS Auditing Tools
            1. AuditTrack
            2. AuditWare for NDS
            3. bv-Control for NDS
            4. JRButils
            5. Kane Security Analyst
            6. LT Auditor+
          6. Commercial Secure Remote Control Products
            1. SecureConsole for NetWare
            2. Secure Remote Console
          7. Useful Freeware
            1. BURGLAR.NLM
            2. HOBJLOC.NLM
            3. Pandora
            4. REMOTE.EXE
            5. SETPWD.NLM
      3. Further Reading
      4. Summary
    4. 22. Cisco Routers and Switches
      1. The Problems with Infrastructure Equipment
      2. Keeping Up with IOS Revisions
      3. Securing and Configuring Cisco Routers
        1. Securing Login Points
        2. Keeping Administrators Accountable
        3. Disabling Unnecessary Services
      4. Network Management Considerations
        1. Centralizing Logging
        2. Password Storage Considerations
        3. Time Synchronization
        4. SNMP Considerations
      5. Preventing Spoofing and Other Packet Games
        1. Egress Filtering
        2. Stopping Silly Packet Games
      6. Summary
      7. Further Reading and Reference
    5. 23. Macintosh
      1. Establishing the Macintosh as a Server
        1. WebSTAR Server Suite Recruited by U.S. Army
        2. Hotline for Sharing Ideas and Files
      2. Vulnerabilities on the Macintosh Platform
        1. AtEase Access Bug
        2. AtEase PowerBook 3400 Bug
        3. Denial of Service by Port Overflow
        4. DiskGuard Bug
        5. FWB Hard Disk Toolkit 2.5 Vulnerability
        6. MacDNS Bug
        7. Network Assistant
        8. Password Security on Mac OS 8.0 Upgrades
        9. Sequence of Death and WebStar
      3. About File Sharing and Security
        1. Mac OS 9 File Security
      4. Server Management and Security
        1. EtherPeek by WildPackets, Inc.
        2. InterMapper 3.0 by Dartmouth Software Development
        3. MacPork 3.0
        4. MacRadius by Cyno
        5. Network Security Guard
        6. Oyabun Tools
        7. Silo 1.0.4
        8. Timbuktu Pro 2000
      5. Internal Security
        1. BootLogger
        2. DiskLocker
        3. Empower by Magna
        4. Ferret
        5. Filelock
        6. FullBack
        7. Invisible Oasis
        8. KeysOff and KeysOff Enterprise
        9. LockOut
        10. MacPassword
        11. OnGuard Emergency Passwords
        12. Password Key
        13. Password Security Control Panel Emergency Password
        14. Secure-It Locks
        15. Super Save 2.02
      6. Password Crackers and Related Utilities
        1. FirstClass Thrash!
        2. FMP Password Viewer Gold 2.0
        3. FMProPeeker 1.1
        4. Killer Cracker
        5. MacKrack
        6. MagicKey 3.2.3a
        7. MasterKeyII
        8. McAuthority
        9. Meltino
        10. PassFinder
        11. Password Killer
      7. Anonymous Email and Mailbombing
      8. Macintosh OSX
      9. Tools Designed Specifically for America Online
      10. Summary
      11. Resources
        1. Books and Reports
        2. Sites with Tools and Munitions
        3. E-Zines
    6. 24. VAX/VMS
      1. The History of the VAX
      2. VMS
      3. Security in VMS
      4. Some Old Vulnerabilities
        1. The mount d Hole
        2. The Monitor Utility Hole
        3. Historical Problems: The Wank Worm Incident
      5. Auditing and Monitoring
        1. watchdog.com
        2. Stealth
        3. GUESS_PASSWORD
        4. WATCHER
        5. Checkpass
        6. Crypt
        7. DIAL
        8. CALLBACK.EXE
        9. TCPFILTER (G. Gerard)
      6. Changing Times
      7. Summary
      8. Resources
  11. VII. Bringing It All Together
    1. 25. Mining the Data Monster
      1. Information Overload
      2. How Much Security Do You Need?
      3. General Sources
        1. The Computer Emergency Response Team (CERT)
        2. The U.S. Department of Energy Computer Incident Advisory Capability
        3. The National Institute of Standards and Technology Computer Security Resource Clearinghouse
          1. The BUGTRAQ Archives
          2. The Forum of Incident Response and Security Teams (FIRST)
      4. Mailing Lists
      5. Usenet Newsgroups
      6. Vendor Security Mailing Lists, Patch Depositories, and Resources
        1. Silicon Graphics Security Headquarters
        2. The Sun Security Bulletin Archive
          1. The Xforce Vulnerability Database
          2. The National Institutes of Health
          3. Eugene Spafford's Security Hotlist
          4. SANS Institute
      7. Summary
    2. 26. Policies, Procedures, and Enforcement
      1. The Importance of Security Policies
      2. Site and Infrastructure Security Policy
        1. Facilities and Physical Security Considerations
        2. Infrastructure and Computing Environment
          1. Physical Access to Computer Systems and Facilities
            1. Public Terminals
            2. Desktop and Server Systems
          2. Physical Security Considerations for Laptop Computers and PDAs
          3. Voice and Data Network Security
          4. Remote Network Access
          5. Security Monitoring and Auditing
          6. Authentication and Access Control
      3. Acceptable Use
        1. Administrative Security Policies
        2. Acceptable Use Policies for Users
      4. Enforcement of Policy
      5. Summary
        1. Password Security
        2. Audits and Analysis
        3. Site Security Policies
        4. Incident Handling
        5. System Configuration
        6. Firewall Information
    3. 27. Internal Security
      1. Internal Security: The Red-Headed Stepchild
      2. Internal Risks: Types of Harm and Vectors
        1. Scofflaw Employees
          1. IT Employees
      3. Risk Mitigation Policies
        1. Physical Security
        2. The Hiring Process
        3. Establishing Desktop Lockdown
        4. Restricting Content
        5. Administrative Collaboration
      4. Products
        1. Desktop Management
        2. Laptop/PDA Security
          1. PDA Security
          2. Laptop Security
        3. Physical Security
        4. Content Management
      5. Resources
      6. Summary
    4. 28. Network Architecture Considerations
      1. Network Architecture
        1. Network Components
          1. Access Devices
          2. Security Devices
          3. Servers and Systems
          4. Organization and Layout
        2. Threats
          1. External Attacks
          2. Internal Attacks
          3. Physical Attacks
        3. Approach to Network Architecture
        4. Security Zones
          1. The Great Beyond
          2. Internal Networks
          3. Intermediate Networks
      2. Protecting the Castle
        1. Isolation and Separation
          1. Network Data
            1. Networking Concepts
            2. Segments
            3. Switches and Hubs
            4. Routers
            5. Network Numbers
            6. Physical Considerations
        2. Network Separation
          1. Network Management
          2. Monitoring
          3. Remote Access
        3. Network Isolation
          1. Services Differentiation
            1. DNS
            2. Email
            3. Web Serving
            4. File and Printer Sharing
            5. Network Login
          2. VLANS
          3. Firewalls
      3. Summary
    5. 29. Secure Application Development, Languages, and Extensions
      1. Security And Software
      2. What Is a Secure Application?
        1. The Enemy Within (Your Code)
        2. Configuration Issues
        3. Race Conditions
        4. Buffer Overflows
        5. Data Protection
        6. Temporary Storage
        7. Denial of Service
        8. Input and Output Methods
      3. A Security Architecture
        1. Components of a Security Architecture
          1. Set the Stage for Security
          2. Consider the Functionality Not Provided
          3. Come Here for Guaranteed Security
        2. Security Requirements
          1. To Secure or Not to Secure
          2. Assessing Authentication and Access Control Requirements
          3. Requirements for Data Storage
          4. Network and Entry Point Security Requirements
            1. Network, Application, and System Interactions
            2. Operating System Interactions
          5. Throw Away That Security Blanket
        3. Identification of the Risk Areas
        4. Security Response
      4. Security-Aware Designs
        1. Design Phase Analysis
          1. The Global Viewpoint
            1. Case Study, Phase I
          2. The Organizational Viewpoint
            1. Case Study, Phase II
          3. The Component Viewpoint
            1. Case Study, Phase III
      5. Secure Coding Practices
        1. Pitfalls by the C
        2. A Perl of an Application
        3. Mi Java Es Su Java
        4. The Shell Game and UNIX
        5. Internet Appliances
      6. Summary
  12. VIII. Appendixes
    1. A. Security Bibliography—Further Reading
      1. General Internet Security
      2. TCP/IP
      3. On Netware
    2. B . Internet 101
      1. In the Beginning: 1962–1969
      2. UNIX Is Born: 1969–1973
        1. About C
      3. The Internet's Formative Years: 1972–1975
        1. UNIX Comes of Age
        2. UNIX and the Internet Evolve Together
        3. The Basic Characteristics of UNIX
        4. What Kinds of Applications Run on UNIX?
        5. UNIX in Relation to Internet Security
      4. Moving On: The '90s Internet
        1. The Future
      5. Summary
    3. C. How to Get More Information
      1. Establishment Resources
        1. Sites on the WWW
        2. Reports and Publications
        3. Articles
          1. Tools
          2. Technical Reports, Government Standards, and Papers
          3. Mailing Lists
        4. Underground Resources
    4. D. Security Consultants
      1. The Listings
        1. ACROS, d.o.o. (Slovenia)
        2. Armor Security, Inc. (U.S.A.)
        3. AS Stallion Ltd. (Estonia)
        4. ASCIItech (Canada)
        5. AtBusiness Communications (Finland, Germany, Russia)
        6. Atlantic Computing Technology Corporation (U.S.A.)
        7. beTRUSTed (WorldWide)
        8. Cambridge Technology Partners, Inc. (Worldwide)
        9. Canaudit, Inc (U.S.A.)
        10. CobWeb Applications (U.K.)
        11. Command Systems (U.S.A.)
        12. Computer Associates Services eTrust (Worldwide)
        13. CorpNet Security (U.S.A.)
        14. Counterpane Internet Security (U.S.A.)
        15. Cryptek Secure Communications LLC (U.S.A.)
        16. CygnaCom Solutions (U.S.A.)
        17. Data Fellows (Europe, North America, Asia)
        18. Data Systems West (U.S.A.)
        19. DataLynx, Inc. (U.S.A.)
        20. Dataway, Inc. (U.S.A., Ireland)
        21. Delphi Consulting, LLC (U.S.A.)
        22. EAC Network Integrators (U.S.A.)
        23. ECG Management Consultants (U.S.A.)
        24. EGAN Group Pty Limited (Australia)
        25. Energis (U.K.)
        26. EnGarde Systems, Inc (U.S.A.)
        27. EnterEdge Technology LLC (U.S.A.)
        28. Ernst & Young LLP (U.S.A.)
        29. eSoft (U.S.A., U.K., Singapore)
        30. Espiria (U.S.A.)
        31. ESTec Systems Corporation (North America, Latin America, Asia)
        32. Flavio Marcelo Amaral (Brazil)
        33. FMJ/PADLOCK Computer Security Systems (U.S.A.)
        34. Galaxy Computer Services, Inc. (U.S.A.)
        35. Gemini Computers, Inc. (U.S.A.)
        36. Getronics Government Services (U.S.A.)
        37. GlobalCenter (U.S.A.)
        38. Global Privacy Solutions (U.S.A.)
        39. Graham Information Security and Management Services (Australia)
        40. Grand Designs Ltd./ConfluX.net (U.S.A.)
        41. Gregory R. Block (U.K.)
        42. The GSR Consulting Group Inc. (Canada)
        43. Guardent Inc (North America, U.K.)
        44. Hyperon Consulting (U.S.A.)
        45. I.T. NetworX Ltd. (Ireland)
        46. Infoconcept GmbH (Germany)
        47. INFOSEC Engineering (U.S.A.)
        48. Infosecure Australia (Australia)
        49. Ingenieurbüro Dr.-Ing Markus a Campo (Germany)
        50. Integrity Sciences, Inc. (U.S.A.)
        51. InterNet Guide Service, Inc. (U.S.A.)
        52. Internet Security Systems, Inc. (ISS) (U.S.A.)
        53. Interpact, Inc./http://Infowar.Com (U.S.A.)
        54. Jerboa, Inc. (U.S.A.)
        55. Karl Nagel & Company
        56. Kinetic, Inc. (U.S.A.)
        57. Learning Tree International (U.S.A.)
        58. Livermore Software Labs (Worldwide)
        59. Lucent Worldwide Services Security Consulting (U.S.A. and UK)
        60. Lunux Network Security Services (U.S.A.)
        61. Lurhq Corporation (U.S.A.)
        62. marchFIRST (U.S.A.)
        63. Maxon Services (Canada)
        64. Merdan Group, Inc. (U.S.A.)
        65. Merilus Technologies (U.S.A.)
        66. Milvets System Technology, Inc (U.S.A.)
        67. MIS Corporate Defence Solutions (Holland and U.K.)
        68. Myxa Corporation (U.S.A.)
        69. NetraCorp LLC. (U.S.A.)
        70. Nett & So GmbH (Germany)
        71. Network Associates, Inc.
        72. Network Security Assurance Group (U.S.A.)
        73. Network Technology Solutions, Inc. (U.S.A.)
        74. NH&A (U.S.A.)
        75. NovaTech Internet Security (Australia)
        76. Pacificnet Internet Services (U.S.A.)
        77. Pangeia Informatica LTDA (Brazil)
        78. Pentex Net, Inc. (U.S.A.)
        79. Predictive Systems (U.S.A.)
        80. PSINet Consulting Solutions (Worldwide)
        81. R.C. Consulting, Inc. (Canada)
        82. Rainbow Technologies, Spectra Division (U.S.A.)
        83. Ritter Software Engineering (U.S.A.)
        84. Saffire Systems (U.S.A.)
        85. SAGUS Security, Inc. (Canada)
        86. Schlumberger Network Solutions (U.S.A.)
        87. SecTek, Inc. (U.S.A.)
        88. Security First Technologies, Inc. (U.S.A.)
        89. Security Sciences (Europe, Middle East, North America, Africa)
        90. Siam Relay Ltd. (Thailand)
        91. http://Slmsoft.com (Canada)
        92. SmallWorks, Inc. (U.S.A.)
        93. STRATESEC, Inc. (U.S.A., WorldWide)
        94. Sword & Shield Enterprise Security, Inc. (U.S.A.)
        95. Symantec Security Services (Worldwide)
        96. Sysman Computers (P) Ltd. (India)
        97. Sytex, Inc. (U.S.A.)
        98. http://tec-gate.com (U.S.A.)
        99. Triumph Technologies, Inc. (U.S.A.)
        100. Utimaco SafeWare AG(Worldwide)
        101. Verio (U.S.A.)
        102. Visionary Corporate Computing Concepts (U.S.A.)
        103. http://VoteHere.net (U.S.A.)
        104. WatchGuard Technologies, Inc. (U.S.A.)
        105. WorldCom (U.K.)
    5. E. Vendor Information and Security Standards
      1. Vendor Security Information
        1. Hewlett-Packard
        2. IBM
        3. Linux
          1. Caldera
          2. Debian
          3. Red Hat
          4. SuSE
        4. Microsoft
        5. Sun Microsystems
      2. RFC Documents Relevant to Security
    6. F. What's on the CD-ROM
      1. Bastille
      2. Ethereal
      3. Fragrouter: Network Intrusion Detection Evasion Toolkit
      4. Libnet Packet Assembly System
      5. MRTG
      6. Nmap: The Network Mapper
      7. Npasswd
      8. Ntop
      9. OpenSSH
      10. OpenSSL
      11. Scotty/Tkined
      12. Snort
      13. Sudo
      14. TITAN
      15. YASSP
      16. Zlib
    7. G. Security Glossary