You are previewing Network Security Hacks.
O'Reilly logo
Network Security Hacks

Book Description

To the uninitiated, the title may seem like an oxymoron: after all, aren't hacks what network security is supposed to prevent? But if you're network administrator, this book's title not only makes sense; it makes a lot of sense. You know that a busy administrator needs a hatful of devilishly effective security hacks to keep your 12-hour days from becoming all-nighters. Network Security Hacks is not a long-winded treatise on security theory. Instead, this information packed little book provides 100 quick, practical, and clever things to do to help make your Linux, UNIX, or Windows networks more secure today. This compendium of security hacks doesn't just cover securing TCP/IP-based services, but also provides intelligent host-based security techniques. Loaded with concise but powerful examples of applied encryption, intrusion detection, logging, trending, and incident response, Network Security Hacks will demonstrate effective methods for defending your servers and networks from a variety of devious and subtle attacks. Network Security Hacks show how to detect the presence (and track every keystroke) of network intruders, methods for protecting your network and data using strong encryption, and even techniques for laying traps for would-be system crackers. Important security tools are presented, as well as clever methods for using them to reveal real, timely, useful information about what is happening on your network. O'Reilly's Hacks Series reclaims the term "hacking" for the good guys--innovators who use their ingenuity to solve interesting problems, explore and experiment, unearth shortcuts, and create useful tools. Network Security Hacks lives up to reputation the Hacks series has earned by providing the "roll-up-your sleeves and get-it-done" hacks that most network security tomes don't offer. Every hack can be read in just a few minutes but will save hours of searching for the right answer. Using just one of these amazing hacks will make this slim book's price seem like a remarkable deal. The other 99 make Network Security Hacks absolutely invaluable.

Table of Contents

  1. Network Security Hacks
    1. Credits
      1. About the Author
      2. Contributors
      3. Acknowledgments
    2. Preface
      1. Why Network Security Hacks?
      2. How This Book Is Organized
      3. Conventions Used in This Book
      4. Using Code Examples
      5. How to Contact Us
      6. Got a Hack?
    3. 1. Unix Host Security
      1. Hacks #1-20
      2. Secure Mount Points
      3. Scan for SUID and SGID Programs
      4. Scan For World- and Group-Writable Directories
      5. Create Flexible Permissions Hierarchies with POSIX ACLs
      6. Protect Your Logs from Tampering
      7. Delegate Administrative Roles
      8. Automate Cryptographic Signature Verification
      9. Check for Listening Services
      10. Prevent Services from Binding to an Interface
      11. Restrict Services with Sandboxed Environments
      12. Use proftp with a MySQL Authentication Source
        1. See Also
      13. Prevent Stack-Smashing Attacks
      14. Lock Down Your Kernel with grsecurity
      15. Restrict Applications with grsecurity
      16. Restrict System Calls with Systrace
      17. Automated Systrace Policy Creation
      18. Control Login Access with PAM
      19. Restricted Shell Environments
      20. Enforce User and Group Resource Limits
      21. Automate System Updates
    4. 2. Windows Host Security
      1. Hacks #21-30
      2. Check Servers for Applied Patches
        1. See Also
      3. Get a List of Open Files and Their Owning Processes
      4. List Running Services and Open Ports
      5. Enable Auditing
      6. Secure Your Event Logs
      7. Change Your Maximum Log File Sizes
      8. Disable Default Shares
      9. Encrypt Your Temp Folder
      10. Clear the Paging File at Shutdown
      11. Restrict Applications Available to Users
    5. 3. Network Security
      1. Hacks #31-53
      2. Detect ARP Spoofing
      3. Create a Static ARP Table
      4. Firewall with Netfilter
      5. Firewall with OpenBSD’s PacketFilter
      6. Create an Authenticated Gateway
      7. Firewall with Windows
      8. Keep Your Network Self-Contained
      9. Test Your Firewall
      10. MAC Filtering with Netfilter
      11. Block OS Fingerprinting
      12. Fool Remote Operating System Detection Software
      13. Keep an Inventory of Your Network
      14. Scan Your Network for Vulnerabilities
      15. Keep Server Clocks Synchronized
      16. Create Your Own Certificate Authority
      17. Distribute Your CA to Clients
      18. Encrypt IMAP and POP with SSL
      19. Set Up TLS-Enabled SMTP
      20. Detect Ethernet Sniffers Remotely
      21. Install Apache with SSL and suEXEC
      22. Secure BIND
        1. See Also
      23. Secure MySQL
      24. Share Files Securely in Unix
    6. 4. Logging
      1. Hacks #54-60
      2. Run a Central Syslog Server
      3. Steer Syslog
        1. Mark Who?
      4. Integrate Windows into Your Syslog Infrastructure
      5. Automatically Summarize Your Logs
      6. Monitor Your Logs Automatically
      7. Aggregate Logs from Remote Sites
      8. Log User Activity with Process Accounting
    7. 5. Monitoring and Trending
      1. Hacks #61-66
      2. Monitor Availability
      3. Graph Trends
      4. Run ntop for Real-Time Network Stats
      5. Audit Network Traffic
      6. Collect Statistics with Firewall Rules
      7. Sniff the Ether Remotely
    8. 6. Secure Tunnels
      1. Hacks #67-81
      2. Set Up IPsec Under Linux
      3. Set Up IPsec Under FreeBSD
      4. Set Up IPsec in OpenBSD
      5. PPTP Tunneling
      6. Opportunistic Encryption with FreeS/WAN
      7. Forward and Encrypt Traffic with SSH
      8. Quick Logins with SSH Client Keys
        1. Security Concerns
      9. Squid Proxy over SSH
      10. Use SSH as a SOCKS Proxy
      11. Encrypt and Tunnel Traffic with SSL
      12. Tunnel Connections Inside HTTP
      13. Tunnel with VTun and SSH
      14. Automatic vtund.conf Generator
      15. Create a Cross-Platform VPN
      16. Tunnel PPP
        1. See Also
    9. 7. Network Intrusion Detection
      1. Hacks #82-95
      2. Detect Intrusions with Snort
        1. See Also
      3. Keep Track of Alerts
      4. Real-Time Monitoring
      5. Manage a Sensor Network
      6. Write Your Own Snort Rules
      7. Prevent and Contain Intrusions with Snort_inline
      8. Automated Dynamic Firewalling with SnortSam
      9. Detect Anomalous Behavior
      10. Automatically Update Snort’s Rules
      11. Create a Distributed Stealth Sensor Network
      12. Use Snort in High-Performance Environments with Barnyard
      13. Detect and Prevent Web Application Intrusions
        1. See Also
      14. Simulate a Network of Vulnerable Hosts
      15. Record Honeypot Activity
    10. 8. Recovery and Response
      1. Hacks #96-100
      2. Image Mounted Filesystems
      3. Verify File Integrity and Find Compromised Files
        1. See Also
      4. Find Compromised Packages with RPM
      5. Scan for Root Kits
      6. Find the Owner of a Network
    11. Index
    12. Colophon