Table of Contents

Previous page
Table of content
Next page
 
   
  
• Table of Contents
• Examples
Real World Linux® Security: Intrusion Prevention, Detection, and Recovery, Second Edition
By Bob Toxen
 
Publisher: Prentice Hall PTR
Pub Date: November 13, 2002
ISBN: 0-13-046456-2
Pages: 848
Slots: 1   buy print version


   Copyright
   Prentice Hall PTR Open Source Technology Series
   About Prentice Hall Professional Technical Reference
   List of Figures
   List of Tables
   Foreword
   Acknowledgments
   About the Author
      Chapter 1.  Introduction
      Section 1.1.  Introduction to the Second Edition
      Section 1.2.  Who Should Read This Book?
      Section 1.3.  How This Book Is Organized
      Section 1.4.  What Are You Protecting?
      Section 1.5.  Who Are Your Enemies?
      Section 1.6.  What They Hope to Accomplish
      Section 1.7.  Costs: Protection versus Break-Ins
      Section 1.8.  Protecting Hardware
      Section 1.9.  Protecting Network and Modem Access
      Section 1.10.  Protecting System Access
      Section 1.11.  Protecting Files
      Section 1.12.  Preparing for and Detecting an Intrusion
      Section 1.13.  Recovering from an Intrusion
   Part I.  Securing Your System
        Chapter 2.  Quick Fixes for Common Problems
      Section 2.1.  Understanding Linux Security
      Section 2.2.  The Seven Most Deadly Sins
      Section 2.3.  Passwords A Key Point for Good Security
      Section 2.4.  Advanced Password Techniques
      Section 2.5.  Protecting the System from User Mistakes
      Section 2.6.  Forgiveness Is Better than Permission
      Section 2.7.  Dangers and Countermeasures During Initial System Setup
      Section 2.8.  Limiting Unreasonable Access
      Section 2.9.  Firewalls and the Corporate Moat
      Section 2.10.  Turn Off Unneeded Services
      Section 2.11.  High Security Requires Minimum Services
      Section 2.12.  Replace These Weak Doors with Brick
      Section 2.13.  New Lamps for Old
      Section 2.14.  United We Fall, Divided We Stand
        Chapter 3.  Quick and Easy Hacking and How to Avoid It
      Section 3.1.  X Marks the Hole
      Section 3.2.  Law of the Jungle Physical Security
      Section 3.3.  Physical Actions
      Section 3.4.  Selected Short Subjects
      Section 3.5.  Terminal Device Attacks
      Section 3.6.  Disk Sniffing
        Chapter 4.  Common Hacking by Subsystem
      Section 4.1.  NFS, mountd, and portmap
      Section 4.2.  Sendmail
      Section 4.3.  Telnet
      Section 4.4.  FTP
      Section 4.5.  The rsh, rcp, rexec, and rlogin Services
      Section 4.6.  DNS (named, a.k.a. BIND)
      Section 4.7.  POP and IMAP Servers
      Section 4.8.  Doing the Samba
      Section 4.9.  Stop Squid from Inking Out Their Trail
      Section 4.10.  The syslogd Service
      Section 4.11.  The print Service (lpd)
      Section 4.12.  The ident Service
      Section 4.13.  INND and News
      Section 4.14.  Protecting Your DNS Registration
        Chapter 5.  Common Hacker Attacks
      Section 5.1.  Rootkit Attacks (Script Kiddies)
      Section 5.2.  Packet Spoofing Explained
      Section 5.3.  SYN Flood Attack Explained
      Section 5.4.  Defeating SYN Flood Attacks
      Section 5.5.  Defeating TCP Sequence Spoofing
      Section 5.6.  Packet Storms, Smurf Attacks, and Fraggles
      Section 5.7.  Buffer Overflows or Stamping on Memory with gets()
      Section 5.8.  Spoofing Techniques
      Section 5.9.  Man-in-the-Middle Attack
        Chapter 6.  Advanced Security Issues
      Section 6.1.  Configuring Netscape for Higher Security
      Section 6.2.  Stopping Access to I/O Devices
      Section 6.3.  Scouting Out Apache (httpd) Problems
      Section 6.4.  Special Techniques for Web Servers
      Section 6.5.  One-Way Credit Card Data Path for Top Security
      Section 6.6.  Hardening for Very High Security
      Section 6.7.  Restricting Login Location and Times
      Section 6.8.  Obscure but Deadly Problems
      Section 6.9.  Defeating Login Simulators
      Section 6.10.  Stopping Buffer Overflows with Libsafe
        Chapter 7.  Establishing Security Policies
      Section 7.1.  General Policy
      Section 7.2.  Personal Use Policy
      Section 7.3.  Accounts Policy
      Section 7.4.  E-Mail Policy
      Section 7.5.  Instant Messenger (IM) Policy
      Section 7.6.  Web Server Policy
      Section 7.7.  File Server and Database Policy
      Section 7.8.  Firewall Policy
      Section 7.9.  Desktop Policy
      Section 7.10.  Laptop Policy
      Section 7.11.  Disposal Policy
      Section 7.12.  Network Topology Policy
      Section 7.13.  Problem Reporting Policy
      Section 7.14.  Ownership Policy
      Section 7.15.  Policy Policy
        Chapter 8.  Trusting Other Computers
      Section 8.1.  Secure Systems and Insecure Systems
      Section 8.2.  Trust No One The Highest Security
      Section 8.3.  Linux and UNIX Systems Within Your Control
      Section 8.4.  Mainframes Within Your Control
      Section 8.5.  A Window Is Worth a Thousand Cannons
      Section 8.6.  Firewall Vulnerabilities
      Section 8.7.  Virtual Private Networks
      Section 8.8.  Viruses and Linux
        Chapter 9.  Gutsy Break-Ins
      Section 9.1.  Mission Impossible Techniques
      Section 9.2.  Spies
      Section 9.3.  Fanatics and Suicide Attacks
        Chapter 10.  Case Studies
      Section 10.1.  Confessions of a Berkeley System Mole
      Section 10.2.  Knights of the Realm (Forensics)
      Section 10.3.  Ken Thompson Cracks the Navy
      Section 10.4.  The Virtual Machine Trojan
      Section 10.5.  AOL's DNS Change Fiasco
      Section 10.6.  I'm Innocent, I Tell Ya!
      Section 10.7.  Cracking with a Laptop and a Pay Phone
      Section 10.8.  Take a Few Cents off the Top
      Section 10.9.  Nonprofit Organization Runs Out of Luck
      Section 10.10.  Persistence with Recalcitrant SysAdmins Pays Off
      Section 10.11.  .Net Shipped with Nimda
        Chapter 11.  Recent Break-Ins
      Section 11.1.  Fragmentation Attacks
      Section 11.2.  IP Masquerading Fails for ICMP
      Section 11.3.  The Ping of Death Sinks Dutch Shipping Company
      Section 11.4.  Captain, We're Being Scanned! (Stealth Scans)
      Section 11.5.  Cable Modems: A Cracker's Dream
      Section 11.6.  Using Sendmail to Block E-Mail Attacks
      Section 11.7.  Sendmail Account Guessing
      Section 11.8.  The Mysterious Ingreslock
      Section 11.9.  You're Being Tracked
      Section 11.10.  Distributed Denial of Service (Coordinated) Attacks
      Section 11.11.  Stealth Trojan Horses
      Section 11.12.  Linuxconf via TCP Port 98
      Section 11.13.  Evil HTML Tags and Script
      Section 11.14.  Format Problems with syslog()
   Part II.  Preparing for an Intrusion
        Chapter 12.  Hardening Your System
      Section 12.1.  Protecting User Sessions with SSH
      Section 12.2.  Virtual Private Networks (VPNs)
      Section 12.3.  Pretty Good Privacy (PGP)
      Section 12.4.  Using GPG to Encrypt Files the Easy Way
      Section 12.5.  Firewalls with IP Tables and DMZ
      Section 12.6.  Firewalls with IP Chains and DMZ
        Chapter 13.  Preparing Your Hardware
      Section 13.1.  Timing Is Everything
      Section 13.2.  Advanced Preparation
      Section 13.3.  Switch to Auxiliary Control (Hot Backups)
        Chapter 14.  Preparing Your Configuration
      Section 14.1.  TCP Wrappers
      Section 14.2.  Adaptive Firewalls: Raising the Drawbridge with the Cracker Trap
      Section 14.3.  Ending Cracker Servers with a Kernel Mod
      Section 14.4.  Fire Drills
      Section 14.5.  Break into Your Own System with Tiger Teams
        Chapter 15.  Scanning Your Own System
      Section 15.1.  The Nessus Security Scanner
      Section 15.2.  The SARA and SAINT Security Auditors
      Section 15.3.  The nmap Network Mapper
      Section 15.4.  The Snort Attack Detector
      Section 15.5.  Scanning and Analyzing with SHADOW
      Section 15.6.  John the Ripper
      Section 15.7.  Store the RPM Database Checksums
   Part III.  Detecting an Intrusion
        Chapter 16.  Monitoring Activity
      Section 16.1.  Log Files
      Section 16.2.  Log Files: Measures and Countermeasures
      Section 16.3.  Using Logcheck to Check Log Files You Never Check
      Section 16.4.  Using PortSentry to Lock Out Hackers
      Section 16.5.  HostSentry
      Section 16.6.  Paging the SysAdmin: Cracking in Progress!
      Section 16.7.  An Example for Automatic Paging
      Section 16.8.  Building on Your Example for Automatic Paging
      Section 16.9.  Paging telnet and rsh Usage
      Section 16.10.  Using Arpwatch to Catch ARP and MAC Attacks
      Section 16.11.  Monitoring Port Usage
      Section 16.12.  Monitoring Attacks with Ethereal
      Section 16.13.  Using tcpdump to Monitor Your LAN
      Section 16.14.  Monitoring the Scanners with Deception Tool Kit (DTK)
      Section 16.15.  Monitoring Processes
      Section 16.16.  Cron: Watching the Crackers
      Section 16.17.  Caller ID
        Chapter 17.  Scanning Your System for Anomalies
      Section 17.1.  Finding Suspicious Files
      Section 17.2.  Tripwire
      Section 17.3.  Detecting Deleted Executables
      Section 17.4.  Detecting Promiscuous Network Interface Cards
      Section 17.5.  Finding Promiscuous Processes
      Section 17.6.  Detecting Defaced Web Pages Automatically
   Part IV.  Recovering From an Intrusion
        Chapter 18.  Regaining Control of Your System
      Section 18.1.  Finding the Cracker's Running Processes
      Section 18.2.  Handling Running Cracker Processes
      Section 18.3.  Drop the Modems, Network, Printers, and System
        Chapter 19.  Finding and Repairing the Damage
      Section 19.1.  Check Your /var/log Logs
      Section 19.2.  The syslogd and klogd Daemons
      Section 19.3.  Remote Logging
      Section 19.4.  Interpreting Log File Entries
      Section 19.5.  Check Other Logs
      Section 19.6.  Check TCP Wrapper Responses
      Section 19.7.  How the File System Can Be Damaged
      Section 19.8.  Planting False Data
      Section 19.9.  Altered Monitoring Programs
      Section 19.10.  Stuck in the House of Mirrors
      Section 19.11.  Getting Back in Control
      Section 19.12.  Finding Cracker-Altered Files
      Section 19.13.  Sealing the Crack
      Section 19.14.  Finding set-UID Programs
      Section 19.15.  Finding the mstream Trojan
        Chapter 20.  Finding the Attacker's System
      Section 20.1.  Tracing a Numeric IP Address with nslookup
      Section 20.2.  Tracing a Numeric IP Address with dig
      Section 20.3.  Who's a Commie: Finding .com Owners
      Section 20.4.  Finding Entities Directly from the IP Address
      Section 20.5.  Finding a G-Man: Looking Up .gov Systems
      Section 20.6.  Using ping
      Section 20.7.  Using traceroute
      Section 20.8.  Neighboring Systems' Results
      Section 20.9.  A Recent International Tracking of a Cracker
      Section 20.10.  Be Sure You Found the Attacker
      Section 20.11.  Other SysAdmins: Do They Care?
        Chapter 21.  Having the Cracker Crack Rocks
      Section 21.1.  Police: Dragnet or Keystone Kops?
      Section 21.2.  Prosecution
      Section 21.3.  Liability of ISPs Allowing Illegal Activity
      Section 21.4.  Counteroffenses
        Appendix A.  Internet Resources for the Latest Intrusions and Defenses
      Section A.1.  Mailing Lists The Mandatory Ones
      Section A.2.  Mailing Lists The Optional Ones
      Section A.3.  News Groups
      Section A.4.  URLs for Security Sites
      Section A.5.  URLs for Security Tools
      Section A.6.  URLs for Documentation
      Section A.7.  URLs for General Tools
      Section A.8.  URLs for Specifications and Definitions
      Section A.9.  Vendor Software and Updates
      Section A.10.  Other Software Updates
        Appendix B.  Books, CD-ROMs, and Videos
      Section B.1.  Linux System Security
      Section B.2.  Building Linux and OpenBSD Firewalls
      Section B.3.  Samba: Integrating UNIX and Windows
      Section B.4.  Linux Sendmail Administration
      Section B.5.  Secrets and Lies: Digital Security in a Networked World
      Section B.6.  The Cuckoo's Egg
      Section B.7.  Hackers
      Section B.8.  UNIX Complete
      Section B.9.  The Computer Contradictionary
      Section B.10.  U.S. Department of Defense DISA Resources
      Section B.11.  Internetworking with TCP/IP Vols. I, II, and III
      Section B.12.  Linux Application Development
      Section B.13.  Consultants: The Good, the Bad, and the Slick
        Appendix C.  Network Services and Ports
        Appendix D.  Danger Levels
        Appendix E.  About the CD-ROM
      Section E.1.  The Author's GPG Public Key
        Appendix F.  Abbreviations

Top

Previous page
Table of content
Next page
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260
BUY ON AMAZON
Project Management JumpStart
Cisco IOS Cookbook (Cookbooks (OReilly))
Competency-Based Human Resource Management
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
What is Lean Six Sigma
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy