Table of Contents

Copyright

About the Lead Author

About the Contributing Authors

Tell Us What You Think!

Part I:  Setting the Stage

Chapter 1.  Why This Book Was Written

The Need for Information Security

The Root of the Problem

Network and Host Misconfigurations

Why Education in Security Is Important

From the Eye of the Beholder

Chapter 2.  How to Use This Book

How to Use This Book? Duh!

Methods of Using This Book

The Book's Parts

This Book's Limitations

Odds and Ends to Know About Maximum Security

Cool Stuff on the CD-ROM

Programming Languages

Summary

Part II:  Security Concepts

Chapter 3.  Building a Roadmap for Securing Your Enterprise

Proactive Versus Reactive Models

Benchmarking Your Current Security Posture

Identifying Digital Assets

Protecting Assets

Incident Response

Training Users and Administrators

Tying It All Together

Summary

Chapter 4.  A Brief Primer on TCP/IP

What Is TCP/IP?

How Does TCP/IP Work?

The Individual Protocols

IPsec, IPv6, VPNs, and Looking Ahead

Summary

Chapter 5.  Hackers and Crackers

The Difference Between Hackers and Crackers

Tools of the Trade

Exploits and the SANS Top 10

Summary

Chapter 6.  The State of the Net: A World at War

Hacking, Cracking, and Other Malicious Behavior

Governments at War

The State of the Government

The State of the Corporate Sector

A Warning

Summary

Part III:  Hacking 101: The Tricks of the Trade

Chapter 7.  Spoofing Attacks

What Is Spoofing?

Internet Security Fundamentals

The Mechanics of a Spoofing Attack

Documents Related Specifically to IP Spoofing

How Do I Prevent IP Spoofing Attacks?

Other Strange and Offbeat Spoofing Attacks

Summary

Chapter 8.  Hiding One's Identity

Degrees of Exposure

Web Browsing and Invasion of Privacy

Browser Security

Your Email Address and Usenet

A Warning

Chapter 9.  Dispelling Some of the Myths

When Can Attacks Occur?

What Kinds of Attackers Exist?

Operating Systems Used by Crackers

Is There a Typical Attack?

Who Gets Targeted Most Frequently?

What Is the Motivation Behind Attacks?

Summary

Part IV:  The Defender's Toolkit

Chapter 10.  Firewalls

What Is a Firewall?

Other Features Found in Firewall Products

Firewalls Are Not Bulletproof

A Look Under the Hood of Firewalling Products

Pitfalls of Firewalling

Firewall Appliances

Building Firewalls in the Real World

Sample Failures of Firewall Technology

Building a Firewall with the Firewall Toolkit (FWTK)

Commercial Firewalls

Summary

Chapter 11.  Vulnerability Assessment Tools (Scanners)

The History of Vulnerability Scanners

How Vulnerability Scanners Work

What to Look For When Choosing a Scanner

Fundamental Shortcomings

Top Vulnerability Scanners

Other Vulnerability Scanners

Summary

Chapter 12.  Intrusion Detection Systems (IDSs)

An Introduction to Intrusion Detection

Network-Based IDSs

Host-Based ID Systems

What to Look for When Choosing an IDS

SNORT and Other Open Source IDS Solutions

Intrusion Detection Product Listing

Summary

Further References

Chapter 13.  Logging and Auditing Tools

Why Log?

Logs from a Cracking Perspective

Forming a Logging Strategy

Network Monitoring and Data Collection

Tools for Analyzing Log Files

Specialized Logging Utilities

Summary

Chapter 14.  Password Crackers

An Introduction to Password Cracking

The Password-Cracking Process

The Password Crackers

Password Crackers for Windows NT

UNIX Password Cracking

Cracking Cisco, Application, and Other Password Types

Other Resources

Summary

Chapter 15.  Sniffers

Sniffers as Security Risks

What Level of Risk Do Sniffers Represent?

Has Anyone Actually Seen a Sniffer Attack?

What Information Do Sniffers Capture?

Where Is One Likely to Find a Sniffer?

Where Can I Get a Sniffer?

Defeating Sniffer Attacks

Summary

Further Reading on Sniffers

Part V:  Virtual Weapons of Mass Destruction

Chapter 16.  Denial of Service Attacks

What Is Denial of Service?

Exploitation and Denial of Service

Denial of Service Attack Index

Summary

Other DoS Resources

Chapter 17.  Viruses and Worms

Understanding Viruses and Worms

Objects at Risk of Virus Infection

Who Writes Viruses, and Why?

Anti-Virus Utilities

Future Trends in Viral Malware

Publications and Sites

Summary

Chapter 18.  Trojans

What Is a Trojan?

Where Do Trojans Come From?

How Often Are Trojans Really Discovered?

What Level of Risk Do Trojans Represent?

How Do I Detect a Trojan?

Resources

Summary

Part VI:  Platforms and Security

Chapter 19.  Microsoft

DOS

Windows for Workgroups, Windows 9x, and Windows Me

Windows NT

Internal Windows NT Security

Windows 2000

Modern Vulnerabilities in Microsoft Applications

Summary

Chapter 20.  UNIX

A Whistle-Stop Tour of UNIX History

Classifying UNIX Distributions

Security Considerations in Choosing a Distribution

UNIX Security Risks

Breaking Set-uid Programs for Fun and Profit

Rootkits and Defenses

Host Network Security

Telnet

An Essential Tool: Secure Shell

FTP

The r Services

REXEC

SMTP

DNS

Finger

SNMP

Network File System

The Caveats of chroot

Better the Daemon You Know

Assessing Your UNIX Systems for Vulnerabilities

Summary

Chapter 21.  Novell

The OS Facts of Life

Watching the Big Three

Further Reading

Summary

Chapter 22.  Cisco Routers and Switches

The Problems with Infrastructure Equipment

Keeping Up with IOS Revisions

Securing and Configuring Cisco Routers

Network Management Considerations

Preventing Spoofing and Other Packet Games

Summary

Further Reading and Reference

Chapter 23.  Macintosh

Establishing the Macintosh as a Server

Vulnerabilities on the Macintosh Platform

About File Sharing and Security

Server Management and Security

Internal Security

Password Crackers and Related Utilities

Anonymous Email and Mailbombing

Macintosh OSX

Tools Designed Specifically for America Online

Summary

Resources

Chapter 24.  VAX/VMS

The History of the VAX

VMS

Security in VMS

Some Old Vulnerabilities

Auditing and Monitoring

Changing Times

Summary

Resources

Part VII:  Bringing It All Together

Chapter 25.  Mining the Data Monster

Information Overload

How Much Security Do You Need?

General Sources

Mailing Lists

Usenet Newsgroups

Vendor Security Mailing Lists, Patch Depositories, and Resources

Summary

Chapter 26.  Policies, Procedures, and Enforcement

The Importance of Security Policies

Site and Infrastructure Security Policy

Acceptable Use

Enforcement of Policy

Summary

Chapter 27.  Internal Security

Internal Security: The Red-Headed Stepchild

Internal Risks: Types of Harm and Vectors

Risk Mitigation Policies

Products

Resources

Summary

Chapter 28.  Network Architecture Considerations

Network Architecture

Protecting the Castle

Summary

Chapter 29.  Secure Application Development, Languages, and Extensions

Security And Software

What Is a Secure Application?

A Security Architecture

Security-Aware Designs

Secure Coding Practices

Summary

Part VIII:  Appendixes

Appendix A.  Security Bibliography Further Reading

General Internet Security

TCP/IP

On Netware

Appendix B .  Internet 101

In the Beginning: 1962 1969

UNIX Is Born: 1969 1973

The Internet's Formative Years: 1972 1975

Moving On: The '90s Internet

Summary

Appendix C.  How to Get More Information

Establishment Resources

Appendix D.  Security Consultants

The Listings

Appendix E.  Vendor Information and Security Standards

Vendor Security Information

RFC Documents Relevant to Security

Appendix F.  What's on the CD-ROM

Bastille

Ethereal

Fragrouter: Network Intrusion Detection Evasion Toolkit

Libnet Packet Assembly System

MRTG

Nmap: The Network Mapper

Npasswd

Ntop

OpenSSH

OpenSSL

Scotty/Tkined

Snort

Sudo

TITAN

YASSP

Zlib

Appendix G.  Security Glossary

Glossary Security Glossary

Index