Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2002
Pages: 260
Pages: 260
- Real World Linux Security: Intrusion Prevention, Detection, and Recovery, Second Edition
- Table of Contents
- Copyright
- Prentice Hall PTR Open Source Technology Series
- About Prentice Hall Professional Technical Reference
- List of Figures
- List of Tables
- Foreword
- Acknowledgments
- About the Author
- Chapter 1. Introduction
- Section 1.1 Introduction to the Second Edition
- Section 1.2 Who Should Read This Book?
- Section 1.3 How This Book Is Organized
- Section 1.4 What Are You Protecting?
- Section 1.5 Who Are Your Enemies?
- Section 1.6 What They Hope to Accomplish
- Section 1.7 Costs: Protection versus Break-Ins
- Section 1.8 Protecting Hardware
- Section 1.9 Protecting Network and Modem Access
- Section 1.10 Protecting System Access
- Section 1.11 Protecting Files
- Section 1.12 Preparing for and Detecting an Intrusion
- Section 1.13 Recovering from an Intrusion
- Part I: Securing Your System
- Chapter 2. Quick Fixes for Common Problems
- Section 2.1 Understanding Linux Security
- Section 2.2 The Seven Most Deadly Sins
- Section 2.3 PasswordsA Key Point for Good Security
- Section 2.4 Advanced Password Techniques
- Section 2.5 Protecting the System from User Mistakes
- Section 2.6 Forgiveness Is Better than Permission
- Section 2.7 Dangers and Countermeasures During Initial System Setup
- Section 2.8 Limiting Unreasonable Access
- Section 2.9 Firewalls and the Corporate Moat
- Section 2.10 Turn Off Unneeded Services
- Section 2.11 High Security Requires Minimum Services
- Section 2.12 Replace These Weak Doors with Brick
- Section 2.13 New Lamps for Old
- Section 2.14 United We Fall, Divided We Stand
- Chapter 3. Quick and Easy Hacking and How to Avoid It
- Section 3.1 X Marks the Hole
- Section 3.2 Law of the JunglePhysical Security
- Section 3.3 Physical Actions
- Section 3.4 Selected Short Subjects
- Section 3.5 Terminal Device Attacks
- Section 3.6 Disk Sniffing
- Chapter 4. Common Hacking by Subsystem
- Section 4.1 NFS, mountd, and portmap
- Section 4.2 Sendmail
- Section 4.3 Telnet
- Section 4.4 FTP
- Section 4.5 The rsh, rcp, TTrexecTT, and TTrloginTT Services
- Section 4.6 DNS (named, a.k.a. BIND)
- Section 4.7 POP and IMAP Servers
- Section 4.8 Doing the Samba
- Section 4.9 Stop Squid from Inking Out Their Trail
- Section 4.10 The syslogd Service
- Section 4.11 The print Service (lpd)
- Section 4.12 The ident Service
- Section 4.13 INND and News
- Section 4.14 Protecting Your DNS Registration
- Chapter 5. Common Hacker Attacks
- Section 5.1 Rootkit Attacks (Script Kiddies)
- Section 5.2 Packet Spoofing Explained
- Section 5.3 SYN Flood Attack Explained
- Section 5.4 Defeating SYN Flood Attacks
- Section 5.5 Defeating TCP Sequence Spoofing
- Section 5.6 Packet Storms, Smurf Attacks, and Fraggles
- Section 5.7 Buffer Overflows or Stamping on Memory with gets()
- Section 5.8 Spoofing Techniques
- Section 5.9 Man-in-the-Middle Attack
- Chapter 6. Advanced Security Issues
- Section 6.1 Configuring Netscape for Higher Security
- Section 6.2 Stopping Access to IO Devices
- Section 6.3 Scouting Out Apache (httpd) Problems
- Section 6.4 Special Techniques for Web Servers
- Section 6.5 One-Way Credit Card Data Path for Top Security
- Section 6.6 Hardening for Very High Security
- Section 6.7 Restricting Login Location and Times
- Section 6.8 Obscure but Deadly Problems
- Section 6.9 Defeating Login Simulators
- Section 6.10 Stopping Buffer Overflows with Libsafe
- Chapter 7. Establishing Security Policies
- Section 7.1 General Policy
- Section 7.2 Personal Use Policy
- Section 7.3 Accounts Policy
- Section 7.4 E-Mail Policy
- Section 7.5 Instant Messenger (IM) Policy
- Section 7.6 Web Server Policy
- Section 7.7 File Server and Database Policy
- Section 7.8 Firewall Policy
- Section 7.9 Desktop Policy
- Section 7.10 Laptop Policy
- Section 7.11 Disposal Policy
- Section 7.12 Network Topology Policy
- Section 7.13 Problem Reporting Policy
- Section 7.14 Ownership Policy
- Section 7.15 Policy Policy
- Chapter 8. Trusting Other Computers
- Section 8.1 Secure Systems and Insecure Systems
- Section 8.2 Trust No OneThe Highest Security
- Section 8.3 Linux and UNIX Systems Within Your Control
- Section 8.4 Mainframes Within Your Control
- Section 8.5 A Window Is Worth a Thousand Cannons
- Section 8.6 Firewall Vulnerabilities
- Section 8.7 Virtual Private Networks
- Section 8.8 Viruses and Linux
- Chapter 9. Gutsy Break-Ins
- Section 9.1 Mission Impossible Techniques
- Section 9.2 Spies
- Section 9.3 Fanatics and Suicide Attacks
- Chapter 10. Case Studies
- Section 10.1 Confessions of a Berkeley System Mole
- Section 10.2 Knights of the Realm (Forensics)
- Section 10.3 Ken Thompson Cracks the Navy
- Section 10.4 The Virtual Machine Trojan
- Section 10.5 AOL s DNS Change Fiasco
- Section 10.6 I m Innocent, I Tell Ya
- Section 10.7 Cracking with a Laptop and a Pay Phone
- Section 10.8 Take a Few Cents off the Top
- Section 10.9 Nonprofit Organization Runs Out of Luck
- Section 10.10 Persistence with Recalcitrant SysAdmins Pays Off
- Section 10.11 .Net Shipped with Nimda
- Chapter 11. Recent Break-Ins
- Section 11.1 Fragmentation Attacks
- Section 11.2 IP Masquerading Fails for ICMP
- Section 11.3 The Ping of Death Sinks Dutch Shipping Company
- Section 11.4 Captain, We re Being Scanned (Stealth Scans)
- Section 11.5 Cable Modems: A Cracker s Dream
- Section 11.6 Using Sendmail to Block E-Mail Attacks
- Section 11.7 Sendmail Account Guessing
- Section 11.8 The Mysterious Ingreslock
- Section 11.9 You re Being Tracked
- Section 11.10 Distributed Denial of Service (Coordinated) Attacks
- Section 11.11 Stealth Trojan Horses
- Section 11.12 Linuxconf via TCP Port 98
- Section 11.13 Evil HTML Tags and Script
- Section 11.14 Format Problems with syslog()
- Part II: Preparing for an Intrusion
- Chapter 12. Hardening Your System
- Section 12.1 Protecting User Sessions with SSH
- Section 12.2 Virtual Private Networks (VPNs)
- Section 12.3 Pretty Good Privacy (PGP)
- Section 12.4 Using GPG to Encrypt Files the Easy Way
- Section 12.5 Firewalls with IP Tables and DMZ
- Section 12.6 Firewalls with IP Chains and DMZ
- Chapter 13. Preparing Your Hardware
- Section 13.1 Timing Is Everything
- Section 13.2 Advanced Preparation
- Section 13.3 Switch to Auxiliary Control (Hot Backups)
- Chapter 14. Preparing Your Configuration
- Section 14.1 TCP Wrappers
- Section 14.2 Adaptive Firewalls: Raising the Drawbridge with the Cracker Trap
- Section 14.3 Ending Cracker Servers with a Kernel Mod
- Section 14.4 Fire Drills
- Section 14.5 Break into Your Own System with Tiger Teams
- Chapter 15. Scanning Your Own System
- Section 15.1 The Nessus Security Scanner
- Section 15.2 The SARA and SAINT Security Auditors
- Section 15.3 The nmap Network Mapper
- Section 15.4 The Snort Attack Detector
- Section 15.5 Scanning and Analyzing with SHADOW
- Section 15.6 John the Ripper
- Section 15.7 Store the RPM Database Checksums
- Part III: Detecting an Intrusion
- Chapter 16. Monitoring Activity
- Section 16.1 Log Files
- Section 16.2 Log Files: Measures and Countermeasures
- Section 16.3 Using Logcheck to Check Log Files You Never Check
- Section 16.4 Using PortSentry to Lock Out Hackers
- Section 16.5 HostSentry
- Section 16.6 Paging the SysAdmin: Cracking in Progress
- Section 16.7 An Example for Automatic Paging
- Section 16.8 Building on Your Example for Automatic Paging
- Section 16.9 Paging telnet and rsh Usage
- Section 16.10 Using Arpwatch to Catch ARP and MAC Attacks
- Section 16.11 Monitoring Port Usage
- Section 16.12 Monitoring Attacks with Ethereal
- Section 16.13 Using tcpdump to Monitor Your LAN
- Section 16.14 Monitoring the Scanners with Deception Tool Kit (DTK)
- Section 16.15 Monitoring Processes
- Section 16.16 Cron: Watching the Crackers
- Section 16.17 Caller ID
- Chapter 17. Scanning Your System for Anomalies
- Section 17.1 Finding Suspicious Files
- Section 17.2 Tripwire
- Section 17.3 Detecting Deleted Executables
- Section 17.4 Detecting Promiscuous Network Interface Cards
- Section 17.5 Finding Promiscuous Processes
- Section 17.6 Detecting Defaced Web Pages Automatically
- Part IV: Recovering From an Intrusion
- Chapter 18. Regaining Control of Your System
- Section 18.1 Finding the Cracker s Running Processes
- Section 18.2 Handling Running Cracker Processes
- Section 18.3 Drop the Modems, Network, Printers, and System
- Chapter 19. Finding and Repairing the Damage
- Section 19.1 Check Your varlog Logs
- Section 19.2 The syslogd and klogd Daemons
- Section 19.3 Remote Logging
- Section 19.4 Interpreting Log File Entries
- Section 19.5 Check Other Logs
- Section 19.6 Check TCP Wrapper Responses
- Section 19.7 How the File System Can Be Damaged
- Section 19.8 Planting False Data
- Section 19.9 Altered Monitoring Programs
- Section 19.10 Stuck in the House of Mirrors
- Section 19.11 Getting Back in Control
- Section 19.12 Finding Cracker-Altered Files
- Section 19.13 Sealing the Crack
- Section 19.14 Finding set-UID Programs
- Section 19.15 Finding the mstream Trojan
- Chapter 20. Finding the Attacker s System
- Section 20.1 Tracing a Numeric IP Address with nslookup
- Section 20.2 Tracing a Numeric IP Address with dig
- Section 20.3 Who s a Commie: Finding .com Owners
- Section 20.4 Finding Entities Directly from the IP Address
- Section 20.5 Finding a G-Man: Looking Up .gov Systems
- Section 20.6 Using ping
- Section 20.7 Using traceroute
- Section 20.8 Neighboring Systems Results
- Section 20.9 A Recent International Tracking of a Cracker
- Section 20.10 Be Sure You Found the Attacker
- Section 20.11 Other SysAdmins: Do They Care?
- Chapter 21. Having the Cracker Crack Rocks
- Section 21.1 Police: Dragnet or Keystone Kops?
- Section 21.2 Prosecution
- Section 21.3 Liability of ISPs Allowing Illegal Activity
- Section 21.4 Counteroffenses
- Appendix A. Internet Resources for the Latest Intrusions and Defenses
- Section A.1 Mailing ListsThe Mandatory Ones
- Section A.2 Mailing ListsThe Optional Ones
- Section A.3 News Groups
- Section A.4 URLs for Security Sites
- Section A.5 URLs for Security Tools
- Section A.6 URLs for Documentation
- Section A.7 URLs for General Tools
- Section A.8 URLs for Specifications and Definitions
- Section A.9 Vendor Software and Updates
- Section A.10 Other Software Updates
- Appendix B. Books, CD-ROMs, and Videos
- Section B.1 Linux System Security
- Section B.2 Building Linux and OpenBSD Firewalls
- Section B.3 Samba: Integrating UNIX and Windows
- Section B.4 Linux Sendmail Administration
- Section B.5 Secrets and Lies: Digital Security in a Networked World
- Section B.6 The Cuckoo s Egg
- Section B.7 Hackers
- Section B.8 UNIX Complete
- Section B.9 The Computer Contradictionary
- Section B.10 U.S. Department of Defense DISA Resources
- Section B.11 Internetworking with TCPIP Vols. I, II, and III
- Section B.12 Linux Application Development
- Section B.13 Consultants: The Good, the Bad, and the Slick
- Appendix C. Network Services and Ports
- Appendix D. Danger Levels
- Appendix E. About the CD-ROM
- Section E.1 The Author s GPG Public Key
- Appendix F. Abbreviations
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2002
Pages: 260
Pages: 260