|
|
|
|
| Copyright | ||
|
| About the Lead Author | ||
|
| About the Contributing Authors | ||
|
| Tell Us What You Think! | ||
|
| Part I: Setting the Stage | ||
|
|
| Chapter 1. Why This Book Was Written | |
|
|
| The Need for Information Security | |
|
|
| The Root of the Problem | |
|
|
| Network and Host Misconfigurations | |
|
|
| Why Education in Security Is Important | |
|
|
| From the Eye of the Beholder | |
| ||||
|
|
| Chapter 2. How to Use This Book | |
|
|
| How to Use This Book? Duh! | |
|
|
| Methods of Using This Book | |
|
|
| The Book's Parts | |
|
|
| This Book's Limitations | |
|
|
| Odds and Ends to Know About Maximum Security | |
|
|
| Cool Stuff on the CD-ROM | |
|
|
| Programming Languages | |
|
|
| Summary | |
| ||||
| ||||
|
| Part II: Security Concepts | ||
|
|
| Chapter 3. Building a Roadmap for Securing Your Enterprise | |
|
|
| Proactive Versus Reactive Models | |
|
|
| Benchmarking Your Current Security Posture | |
|
|
| Identifying Digital Assets | |
|
|
| Protecting Assets | |
|
|
| Incident Response | |
|
|
| Training Users and Administrators | |
|
|
| Tying It All Together | |
|
|
| Summary | |
| ||||
|
|
| Chapter 4. A Brief Primer on TCP/IP | |
|
|
| What Is TCP/IP? | |
|
|
| How Does TCP/IP Work? | |
|
|
| The Individual Protocols | |
|
|
| IPsec, IPv6, VPNs, and Looking Ahead | |
|
|
| Summary | |
| ||||
|
|
| Chapter 5. Hackers and Crackers | |
|
|
| The Difference Between Hackers and Crackers | |
|
|
| Tools of the Trade | |
|
|
| Exploits and the SANS Top 10 | |
|
|
| Summary | |
| ||||
|
|
| Chapter 6. The State of the Net: A World at War | |
|
|
| Hacking, Cracking, and Other Malicious Behavior | |
|
|
| Governments at War | |
|
|
| The State of the Government | |
|
|
| The State of the Corporate Sector | |
|
|
| A Warning | |
|
|
| Summary | |
| ||||
| ||||
|
| Part III: Hacking 101: The Tricks of the Trade | ||
|
|
| Chapter 7. Spoofing Attacks | |
|
|
| What Is Spoofing? | |
|
|
| Internet Security Fundamentals | |
|
|
| The Mechanics of a Spoofing Attack | |
|
|
| Documents Related Specifically to IP Spoofing | |
|
|
| How Do I Prevent IP Spoofing Attacks? | |
|
|
| Other Strange and Offbeat Spoofing Attacks | |
|
|
| Summary | |
| ||||
|
|
| Chapter 8. Hiding One's Identity | |
|
|
| Degrees of Exposure | |
|
|
| Web Browsing and Invasion of Privacy | |
|
|
| Browser Security | |
|
|
| Your Email Address and Usenet | |
|
|
| A Warning | |
| ||||
|
|
| Chapter 9. Dispelling Some of the Myths | |
|
|
| When Can Attacks Occur? | |
|
|
| What Kinds of Attackers Exist? | |
|
|
| Operating Systems Used by Crackers | |
|
|
| Is There a Typical Attack? | |
|
|
| Who Gets Targeted Most Frequently? | |
|
|
| What Is the Motivation Behind Attacks? | |
|
|
| Summary | |
| ||||
| ||||
|
| Part IV: The Defender's Toolkit | ||
|
|
| Chapter 10. Firewalls | |
|
|
| What Is a Firewall? | |
|
|
| Other Features Found in Firewall Products | |
|
|
| Firewalls Are Not Bulletproof | |
|
|
| A Look Under the Hood of Firewalling Products | |
|
|
| Pitfalls of Firewalling | |
|
|
| Firewall Appliances | |
|
|
| Building Firewalls in the Real World | |
|
|
| Sample Failures of Firewall Technology | |
|
|
| Building a Firewall with the Firewall Toolkit (FWTK) | |
|
|
| Commercial Firewalls | |
|
|
| Summary | |
| ||||
|
|
| Chapter 11. Vulnerability Assessment Tools (Scanners) | |
|
|
| The History of Vulnerability Scanners | |
|
|
| How Vulnerability Scanners Work | |
|
|
| What to Look For When Choosing a Scanner | |
|
|
| Fundamental Shortcomings | |
|
|
| Top Vulnerability Scanners | |
|
|
| Other Vulnerability Scanners | |
|
|
| Summary | |
| ||||
|
|
| Chapter 12. Intrusion Detection Systems (IDSs) | |
|
|
| An Introduction to Intrusion Detection | |
|
|
| Network-Based IDSs | |
|
|
| Host-Based ID Systems | |
|
|
| What to Look for When Choosing an IDS | |
|
|
| SNORT and Other Open Source IDS Solutions | |
|
|
| Intrusion Detection Product Listing | |
|
|
| Summary | |
|
|
| Further References | |
| ||||
|
|
| Chapter 13. Logging and Auditing Tools | |
|
|
| Why Log? | |
|
|
| Logs from a Cracking Perspective | |
|
|
| Forming a Logging Strategy | |
|
|
| Network Monitoring and Data Collection | |
|
|
| Tools for Analyzing Log Files | |
|
|
| Specialized Logging Utilities | |
|
|
| Summary | |
| ||||
|
|
| Chapter 14. Password Crackers | |
|
|
| An Introduction to Password Cracking | |
|
|
| The Password-Cracking Process | |
|
|
| The Password Crackers | |
|
|
| Password Crackers for Windows NT | |
|
|
| UNIX Password Cracking | |
|
|
| Cracking Cisco, Application, and Other Password Types | |
|
|
| Other Resources | |
|
|
| Summary | |
| ||||
|
|
| Chapter 15. Sniffers | |
|
|
| Sniffers as Security Risks | |
|
|
| What Level of Risk Do Sniffers Represent? | |
|
|
| Has Anyone Actually Seen a Sniffer Attack? | |
|
|
| What Information Do Sniffers Capture? | |
|
|
| Where Is One Likely to Find a Sniffer? | |
|
|
| Where Can I Get a Sniffer? | |
|
|
| Defeating Sniffer Attacks | |
|
|
| Summary | |
|
|
| Further Reading on Sniffers | |
| ||||
| ||||
|
| Part V: Virtual Weapons of Mass Destruction | ||
|
|
| Chapter 16. Denial of Service Attacks | |
|
|
| What Is Denial of Service? | |
|
|
| Exploitation and Denial of Service | |
|
|
| Denial of Service Attack Index | |
|
|
| Summary | |
|
|
| Other DoS Resources | |
| ||||
|
|
| Chapter 17. Viruses and Worms | |
|
|
| Understanding Viruses and Worms | |
|
|
| Objects at Risk of Virus Infection | |
|
|
| Who Writes Viruses, and Why? | |
|
|
| Anti-Virus Utilities | |
|
|
| Future Trends in Viral Malware | |
|
|
| Publications and Sites | |
|
|
| Summary | |
| ||||
|
|
| Chapter 18. Trojans | |
|
|
| What Is a Trojan? | |
|
|
| Where Do Trojans Come From? | |
|
|
| How Often Are Trojans Really Discovered? | |
|
|
| What Level of Risk Do Trojans Represent? | |
|
|
| How Do I Detect a Trojan? | |
|
|
| Resources | |
|
|
| Summary | |
| ||||
| ||||
|
| Part VI: Platforms and Security | ||
|
|
| Chapter 19. Microsoft | |
|
|
| DOS | |
|
|
| Windows for Workgroups, Windows 9x, and Windows Me | |
|
|
| Windows NT | |
|
|
| Internal Windows NT Security | |
|
|
| Windows 2000 | |
|
|
| Modern Vulnerabilities in Microsoft Applications | |
|
|
| Summary | |
| ||||
|
|
| Chapter 20. UNIX | |
|
|
| A Whistle-Stop Tour of UNIX History | |
|
|
| Classifying UNIX Distributions | |
|
|
| Security Considerations in Choosing a Distribution | |
|
|
| UNIX Security Risks | |
|
|
| Breaking Set-uid Programs for Fun and Profit | |
|
|
| Rootkits and Defenses | |
|
|
| Host Network Security | |
|
|
| Telnet | |
|
|
| An Essential Tool: Secure Shell | |
|
|
| FTP | |
|
|
| The r Services | |
|
|
| REXEC | |
|
|
| SMTP | |
|
|
| DNS | |
|
|
| Finger | |
|
|
| SNMP | |
|
|
| Network File System | |
|
|
| The Caveats of chroot | |
|
|
| Better the Daemon You Know | |
|
|
| Assessing Your UNIX Systems for Vulnerabilities | |
|
|
| Summary | |
| ||||
|
|
| Chapter 21. Novell | |
|
|
| The OS Facts of Life | |
|
|
| Watching the Big Three | |
|
|
| Further Reading | |
|
|
| Summary | |
| ||||
|
|
| Chapter 22. Cisco Routers and Switches | |
|
|
| The Problems with Infrastructure Equipment | |
|
|
| Keeping Up with IOS Revisions | |
|
|
| Securing and Configuring Cisco Routers | |
|
|
| Network Management Considerations | |
|
|
| Preventing Spoofing and Other Packet Games | |
|
|
| Summary | |
|
|
| Further Reading and Reference | |
| ||||
|
|
| Chapter 23. Macintosh | |
|
|
| Establishing the Macintosh as a Server | |
|
|
| Vulnerabilities on the Macintosh Platform | |
|
|
| About File Sharing and Security | |
|
|
| Server Management and Security | |
|
|
| Internal Security | |
|
|
| Password Crackers and Related Utilities | |
|
|
| Anonymous Email and Mailbombing | |
|
|
| Macintosh OSX | |
|
|
| Tools Designed Specifically for America Online | |
|
|
| Summary | |
|
|
| Resources | |
| ||||
|
|
| Chapter 24. VAX/VMS | |
|
|
| The History of the VAX | |
|
|
| VMS | |
|
|
| Security in VMS | |
|
|
| Some Old Vulnerabilities | |
|
|
| Auditing and Monitoring | |
|
|
| Changing Times | |
|
|
| Summary | |
|
|
| Resources | |
| ||||
| ||||
|
| Part VII: Bringing It All Together | ||
|
|
| Chapter 25. Mining the Data Monster | |
|
|
| Information Overload | |
|
|
| How Much Security Do You Need? | |
|
|
| General Sources | |
|
|
| Mailing Lists | |
|
|
| Usenet Newsgroups | |
|
|
| Vendor Security Mailing Lists, Patch Depositories, and Resources | |
|
|
| Summary | |
| ||||
|
|
| Chapter 26. Policies, Procedures, and Enforcement | |
|
|
| The Importance of Security Policies | |
|
|
| Site and Infrastructure Security Policy | |
|
|
| Acceptable Use | |
|
|
| Enforcement of Policy | |
|
|
| Summary | |
| ||||
|
|
| Chapter 27. Internal Security | |
|
|
| Internal Security: The Red-Headed Stepchild | |
|
|
| Internal Risks: Types of Harm and Vectors | |
|
|
| Risk Mitigation Policies | |
|
|
| Products | |
|
|
| Resources | |
|
|
| Summary | |
| ||||
|
|
| Chapter 28. Network Architecture Considerations | |
|
|
| Network Architecture | |
|
|
| Protecting the Castle | |
|
|
| Summary | |
| ||||
|
|
| Chapter 29. Secure Application Development, Languages, and Extensions | |
|
|
| Security And Software | |
|
|
| What Is a Secure Application? | |
|
|
| A Security Architecture | |
|
|
| Security-Aware Designs | |
|
|
| Secure Coding Practices | |
|
|
| Summary | |
| ||||
| ||||
|
| Part VIII: Appendixes | ||
|
|
| Appendix A. Security Bibliography Further Reading | |
|
|
| General Internet Security | |
|
|
| TCP/IP | |
|
|
| On Netware | |
| ||||
|
|
| Appendix B . Internet 101 | |
|
|
| In the Beginning: 1962 1969 | |
|
|
| UNIX Is Born: 1969 1973 | |
|
|
| The Internet's Formative Years: 1972 1975 | |
|
|
| Moving On: The '90s Internet | |
|
|
| Summary | |
| ||||
|
|
| Appendix C. How to Get More Information | |
|
|
| Establishment Resources | |
| ||||
|
|
| Appendix D. Security Consultants | |
|
|
| The Listings | |
| ||||
|
|
| Appendix E. Vendor Information and Security Standards | |
|
|
| Vendor Security Information | |
|
|
| RFC Documents Relevant to Security | |
| ||||
|
|
| Appendix F. What's on the CD-ROM | |
|
|
| Bastille | |
|
|
| Ethereal | |
|
|
| Fragrouter: Network Intrusion Detection Evasion Toolkit | |
|
|
| Libnet Packet Assembly System | |
|
|
| MRTG | |
|
|
| Nmap: The Network Mapper | |
|
|
| Npasswd | |
|
|
| Ntop | |
|
|
| OpenSSH | |
|
|
| OpenSSL | |
|
|
| Scotty/Tkined | |
|
|
| Snort | |
|
|
| Sudo | |
|
|
| TITAN | |
|
|
| YASSP | |
|
|
| Zlib | |
| ||||
|
|
| Appendix G. Security Glossary | |
|
|
| Glossary Security Glossary | |
| ||||
| ||||
|
| Index |