About

McGraw-Hill /Osborne
2100 Powell Street, 10th Floor
Emeryville, California 94608
U.S.A.

To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill /Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book.

Extreme Exploits: Advanced Defenses Against Hardcore Hacks

All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

234567890 FGR FGR 0198765

Executive Editor Jane K. Brownlow
Project Editor Claire Splan
Acquisitions Coordinator Jennifer Housh
Technical Editor Jim Lippard
Proofreader Paul Tyler
Composition & Illustration Apollo Publishing Services
Series Design Roberta Steele
Cover Design Dean Cook

This book was composed with Corel VENTURA Publisher.

Information has been obtained by McGraw-Hill /Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill /Osborne, or others, McGraw-Hill /Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

To my beloved wife, Sasha, and my sons, Chandler and Carter, who bring happiness to my life and inspire me to dream. To my sister, Caroline, and my parents, whose wisdom and virtue have strengthened my character and cultivated my ambition .

Victor

To my loving wife, Karin, who provided neverending encouragement. To my mother-in-law, Janice, who never fails to support my imagination .

Oliver

To God for giving me the skills to do this work, and to my wonderful family, who put up with me locked behind my office door for days on end.

Brett

About the Authors

Victor Oppleman Victor Oppleman is an accomplished author, speaker, and teacher in the field of network security and a specialized consultant to some of the world's most admired companies. Mr. Oppleman's open source software has been distributed to hundreds of thousands of computers worldwide and some is used in graduate-level college curricula to demonstrate advanced networking techniques. Early in his career as an engineer, Mr. Oppleman developed portions of the backbone systems infrastructure for Genuity, the first Internet data center company. Later, as a senior architect for BBN and GTE Internetworking, Mr. Oppleman developed security- related products and services centered on public key infrastructure (PKI). A great deal of Mr. Oppleman's professional career has been dedicated to tactical engineering and consulting for global telecom operators and critical infrastructure organizations in industries such as power and water, financial services, and defense. Some of the largest global companies frequently call upon Mr. Oppleman to perform advanced vulnerability assessments, provide expert counsel, and navigate complex regulatory issues concerning information security. An accomplished executive and engineer in network security, data hosting services, and software development, Mr. Oppleman also holds U.S. intellectual property patents in distributed adaptive routing and wireless consumer applications.

Oliver Friedrichs Oliver Friedrichs is a Senior Manager in Symantec Security Response, the organization responsible for the delivery of antivirus definitions, intrusion detection updates, and early warning technologies within Symantec.

Mr. Friedrichs served as co-founder and Director of Engineering at SecurityFocus until the company's acquisition by Symantec in 2002. At SecurityFocus Mr. Friedrichs managed the development of the industry's first early warning technology for Internet attacks, the DeepSight Threat Management System. Mr. Friedrichs also created and grew the DeepSight Threat Analyst team, providing thorough analysis of emerging Internet threats.

Prior to SecurityFocus, he served as co-founder and Vice President of Engineering at Secure Networks, Inc., which was acquired by Network Associates in 1998. At Secure Networks, Mr. Friedrichs architected and managed the development of Ballista network security auditing software, later rebranded CyberCop Scanner by Network Associates. At Network Associates Mr. Friedrichs also founded COVERT (Computer Vulnerability Exploitation Research Team) with the exclusive goal of researching and discovering new security vulnerabilities.

Mr. Friedrichs also architected and developed a prototype of the industry's first commercial penetration testing product, CORE Impact, developed and sold by CORE Security Technologies.

Mr. Friedrichs has over 13 years of expertise in security technologies, including network assessment, intrusion detection systems, firewalls, penetration testing, and honeypots. As a frequent speaker, he has shared his expertise with many of the world's most powerful organizations, including the Department of Homeland Security, U.S. Secret Service, the IRS, the DOD, NASA, AFOSI, and the Canadian DND.

Brett Watson Brett Watson has 17 years experience in network architecture and security, including large-scale IP networking, optical networking, and security and vulnerability assessments. Mr. Watson currently works for Internet Systems Consortium's DNS Operations, Analysis, and Research Center (DNS OARC) doing macroscopic analysis of global DNS behavior. Prior to joining ISC, Mr. Watson helped deploy and maintain the original MCI and Genuity IP backbones, and designed the first metropolitan IP-over-Gigibit Ethernet product for Metromedia Fiber Networks. Mr. Watson has spent the last several years performing custom network and vulnerability assessments, and consulting on information security issues for some of the largest healthcare, water, and power industries in the United States. In addition, Mr. Watson holds a patent for one of the first large-scale, content distribution platforms known as Hopscotch.

About the Contributing Authors

James Willett has over 12 years experience exercising winning management strategies with customers and team members alike to produce successful results while solving customer business problems. Mr. Willett is the founder of Jatell, a successful product development-consulting firm and has specialized in servicing clients ranging from the Fortune 500 to critical Internet infrastructure providers. Previously, Mr. Willett served as the Director of Professional Services for MainNerve, Inc. and was operationally responsible for managing all consulting processes and customer service delivery including its high-stakes information security clients. Prior to joining MainNerve, he held engineering and consulting positions where he was responsible for maintaining Intel-based systems and applications in production environments. Early in his career, Mr. Willett served with the United States Marine Corps as a Communications-Electronics Maintenance Chief. In that position, he managed the maintenance and repair of over 900 radio, telephone, switchboard, and computer systems in garrison and the field as well as all equipment, manuals, and personnel required to complete this task.

Zachary Kanner is an independent security software developer with a unique balance of commercial and open source development expertise. Most recently, Mr. Kanner was contracted to develop high-performance packet and flow analysis software and a distributed event and policy framework. Previously, Mr. Kanner served as Sr. Software Engineer at CenterBeam, where he developed systems automation and database software applications. Prior to joining CenterBeam, as a Core Engineer at Remedy Corporation, Mr. Kanner was instrumental in the development of version 5 of the Remedy Flashboards application, software used to perform time-based data collection and graphical display of applications developed within the Remedy AR System. Mr. Kanner also developed several applications designed to improve user administration and event management within the AR System environment. Remedy's AR System is deployed in over 7,000 installations at present. Early in his career. Mr. Kanner assisted in the startup of Ostream Software where he launched several products that augmented the capabilities of the Remedy AR System. One of these products was eventually sold to Remedy. Mr. Kanner has database design, software engineering, and network programming experience in several languages and development environments.

Jesse Dunagan serves as MainNerve's Principle Systems Architect, responsible for the company's systems engineering activities, processes, and service delivery. Prior to joining MainNerve, Mr. Dunagan served as Data Center Facilities Manager for StoreRunner Network, where he was responsible for day-to-day operations of a world-class data center. While at StoreRunner, Mr. Dunagan maintained an auspicious record of reliability in the company's critical operational infrastructure, which included responsibility over a tremendously heterogeneous operating environment. Early in his career, Jesse worked for the United States Marine Corps performing a variety of cutting-edge information systems projects for the 1 ^st Marine Division.

About the Tech Reviewer

Jim Lippard, CISM, CISSP, ISSMP, ISSAP is Director of Information Security Operations at Global Crossing, where he has responsibility for the company's global security operations. Mr. Lippard began his career in computing at Honeywell, where he was a GCOS system administrator during high school, and then a systems developer on the Multics operating system, for which he rewrote the interactive message facility. Mr. Lippard has also held senior security operations positions at Primenet, a national ISP; GlobalCenter, a large webhosting provider; and Frontier, a national telecommunications company; and was a "research philosopher" for Genuity when it was owned by the Bechtel Corporation. Mr. Lippard has a master's degree in philosophy with a minor in cognitive science from the University of Arizona.

Acknowledgments

We would like to thank our families. The space and time they afforded us allowed us to complete this book and their encouragement and support helped make those late nights alone in the office bearable.

Cheers to our colleagues for the wisdom they imparted and the creativity they mustered to aid us in developing such a broad scope of text.

Thanks also go to the driven, consummate professionals at McGraw-Hill/Osborne who brought this book from idea to bookshelves. Specifically, we thank Jane Brownlow for her zeal and vision, Claire Splan for her keen attention to detail, and the entire production staff for their skill and thoroughness.

Our technical editor, Jim Lippard, kept our ideas grounded and provided expert counsel on many of the book's strategic topics. We thank him for the times he went above and beyond "reviewing" by adding ideas and explanations we would have missed.

Special thanks also go to Rodney Joffe. Without Rodney's innovation and entrepreneurialism, the authors would never have met. Rodney's continued encouragement, advocacy , and benefaction for our endeavors are seemingly perpetual .

And finally, a resounding "Thank You" to the few individuals whose IP networks, leadership, and ingenuity we've grown to love and without whom our writing would be limited to concepts instead of experiences.