Flylib.com
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260
BUY ON AMAZON
Real World Linux Security: Intrusion Prevention, Detection, and Recovery, Second Edition
Table of Contents
Copyright
Prentice Hall PTR Open Source Technology Series
About Prentice Hall Professional Technical Reference
List of Figures
List of Tables
Foreword
Acknowledgments
About the Author
Chapter 1. Introduction
Section 1.1 Introduction to the Second Edition
Section 1.2 Who Should Read This Book?
Section 1.3 How This Book Is Organized
Section 1.4 What Are You Protecting?
Section 1.5 Who Are Your Enemies?
Section 1.6 What They Hope to Accomplish
Section 1.7 Costs: Protection versus Break-Ins
Section 1.8 Protecting Hardware
Section 1.9 Protecting Network and Modem Access
Section 1.10 Protecting System Access
Section 1.11 Protecting Files
Section 1.12 Preparing for and Detecting an Intrusion
Section 1.13 Recovering from an Intrusion
Part I: Securing Your System
Chapter 2. Quick Fixes for Common Problems
Section 2.1 Understanding Linux Security
Section 2.2 The Seven Most Deadly Sins
Section 2.3 PasswordsA Key Point for Good Security
Section 2.4 Advanced Password Techniques
Section 2.5 Protecting the System from User Mistakes
Section 2.6 Forgiveness Is Better than Permission
Section 2.7 Dangers and Countermeasures During Initial System Setup
Section 2.8 Limiting Unreasonable Access
Section 2.9 Firewalls and the Corporate Moat
Section 2.10 Turn Off Unneeded Services
Section 2.11 High Security Requires Minimum Services
Section 2.12 Replace These Weak Doors with Brick
Section 2.13 New Lamps for Old
Section 2.14 United We Fall, Divided We Stand
Chapter 3. Quick and Easy Hacking and How to Avoid It
Section 3.1 X Marks the Hole
Section 3.2 Law of the JunglePhysical Security
Section 3.3 Physical Actions
Section 3.4 Selected Short Subjects
Section 3.5 Terminal Device Attacks
Section 3.6 Disk Sniffing
Chapter 4. Common Hacking by Subsystem
Section 4.1 NFS, mountd, and portmap
Section 4.2 Sendmail
Section 4.3 Telnet
Section 4.4 FTP
Section 4.5 The rsh, rcp, TTrexecTT, and TTrloginTT Services
Section 4.6 DNS (named, a.k.a. BIND)
Section 4.7 POP and IMAP Servers
Section 4.8 Doing the Samba
Section 4.9 Stop Squid from Inking Out Their Trail
Section 4.10 The syslogd Service
Section 4.11 The print Service (lpd)
Section 4.12 The ident Service
Section 4.13 INND and News
Section 4.14 Protecting Your DNS Registration
Chapter 5. Common Hacker Attacks
Section 5.1 Rootkit Attacks (Script Kiddies)
Section 5.2 Packet Spoofing Explained
Section 5.3 SYN Flood Attack Explained
Section 5.4 Defeating SYN Flood Attacks
Section 5.5 Defeating TCP Sequence Spoofing
Section 5.6 Packet Storms, Smurf Attacks, and Fraggles
Section 5.7 Buffer Overflows or Stamping on Memory with gets()
Section 5.8 Spoofing Techniques
Section 5.9 Man-in-the-Middle Attack
Chapter 6. Advanced Security Issues
Section 6.1 Configuring Netscape for Higher Security
Section 6.2 Stopping Access to IO Devices
Section 6.3 Scouting Out Apache (httpd) Problems
Section 6.4 Special Techniques for Web Servers
Section 6.5 One-Way Credit Card Data Path for Top Security
Section 6.6 Hardening for Very High Security
Section 6.7 Restricting Login Location and Times
Section 6.8 Obscure but Deadly Problems
Section 6.9 Defeating Login Simulators
Section 6.10 Stopping Buffer Overflows with Libsafe
Chapter 7. Establishing Security Policies
Section 7.1 General Policy
Section 7.2 Personal Use Policy
Section 7.3 Accounts Policy
Section 7.4 E-Mail Policy
Section 7.5 Instant Messenger (IM) Policy
Section 7.6 Web Server Policy
Section 7.7 File Server and Database Policy
Section 7.8 Firewall Policy
Section 7.9 Desktop Policy
Section 7.10 Laptop Policy
Section 7.11 Disposal Policy
Section 7.12 Network Topology Policy
Section 7.13 Problem Reporting Policy
Section 7.14 Ownership Policy
Section 7.15 Policy Policy
Chapter 8. Trusting Other Computers
Section 8.1 Secure Systems and Insecure Systems
Section 8.2 Trust No OneThe Highest Security
Section 8.3 Linux and UNIX Systems Within Your Control
Section 8.4 Mainframes Within Your Control
Section 8.5 A Window Is Worth a Thousand Cannons
Section 8.6 Firewall Vulnerabilities
Section 8.7 Virtual Private Networks
Section 8.8 Viruses and Linux
Chapter 9. Gutsy Break-Ins
Section 9.1 Mission Impossible Techniques
Section 9.2 Spies
Section 9.3 Fanatics and Suicide Attacks
Chapter 10. Case Studies
Section 10.1 Confessions of a Berkeley System Mole
Section 10.2 Knights of the Realm (Forensics)
Section 10.3 Ken Thompson Cracks the Navy
Section 10.4 The Virtual Machine Trojan
Section 10.5 AOL s DNS Change Fiasco
Section 10.6 I m Innocent, I Tell Ya
Section 10.7 Cracking with a Laptop and a Pay Phone
Section 10.8 Take a Few Cents off the Top
Section 10.9 Nonprofit Organization Runs Out of Luck
Section 10.10 Persistence with Recalcitrant SysAdmins Pays Off
Section 10.11 .Net Shipped with Nimda
Chapter 11. Recent Break-Ins
Section 11.1 Fragmentation Attacks
Section 11.2 IP Masquerading Fails for ICMP
Section 11.3 The Ping of Death Sinks Dutch Shipping Company
Section 11.4 Captain, We re Being Scanned (Stealth Scans)
Section 11.5 Cable Modems: A Cracker s Dream
Section 11.6 Using Sendmail to Block E-Mail Attacks
Section 11.7 Sendmail Account Guessing
Section 11.8 The Mysterious Ingreslock
Section 11.9 You re Being Tracked
Section 11.10 Distributed Denial of Service (Coordinated) Attacks
Section 11.11 Stealth Trojan Horses
Section 11.12 Linuxconf via TCP Port 98
Section 11.13 Evil HTML Tags and Script
Section 11.14 Format Problems with syslog()
Part II: Preparing for an Intrusion
Chapter 12. Hardening Your System
Section 12.1 Protecting User Sessions with SSH
Section 12.2 Virtual Private Networks (VPNs)
Section 12.3 Pretty Good Privacy (PGP)
Section 12.4 Using GPG to Encrypt Files the Easy Way
Section 12.5 Firewalls with IP Tables and DMZ
Section 12.6 Firewalls with IP Chains and DMZ
Chapter 13. Preparing Your Hardware
Section 13.1 Timing Is Everything
Section 13.2 Advanced Preparation
Section 13.3 Switch to Auxiliary Control (Hot Backups)
Chapter 14. Preparing Your Configuration
Section 14.1 TCP Wrappers
Section 14.2 Adaptive Firewalls: Raising the Drawbridge with the Cracker Trap
Section 14.3 Ending Cracker Servers with a Kernel Mod
Section 14.4 Fire Drills
Section 14.5 Break into Your Own System with Tiger Teams
Chapter 15. Scanning Your Own System
Section 15.1 The Nessus Security Scanner
Section 15.2 The SARA and SAINT Security Auditors
Section 15.3 The nmap Network Mapper
Section 15.4 The Snort Attack Detector
Section 15.5 Scanning and Analyzing with SHADOW
Section 15.6 John the Ripper
Section 15.7 Store the RPM Database Checksums
Part III: Detecting an Intrusion
Chapter 16. Monitoring Activity
Section 16.1 Log Files
Section 16.2 Log Files: Measures and Countermeasures
Section 16.3 Using Logcheck to Check Log Files You Never Check
Section 16.4 Using PortSentry to Lock Out Hackers
Section 16.5 HostSentry
Section 16.6 Paging the SysAdmin: Cracking in Progress
Section 16.7 An Example for Automatic Paging
Section 16.8 Building on Your Example for Automatic Paging
Section 16.9 Paging telnet and rsh Usage
Section 16.10 Using Arpwatch to Catch ARP and MAC Attacks
Section 16.11 Monitoring Port Usage
Section 16.12 Monitoring Attacks with Ethereal
Section 16.13 Using tcpdump to Monitor Your LAN
Section 16.14 Monitoring the Scanners with Deception Tool Kit (DTK)
Section 16.15 Monitoring Processes
Section 16.16 Cron: Watching the Crackers
Section 16.17 Caller ID
Chapter 17. Scanning Your System for Anomalies
Section 17.1 Finding Suspicious Files
Section 17.2 Tripwire
Section 17.3 Detecting Deleted Executables
Section 17.4 Detecting Promiscuous Network Interface Cards
Section 17.5 Finding Promiscuous Processes
Section 17.6 Detecting Defaced Web Pages Automatically
Part IV: Recovering From an Intrusion
Chapter 18. Regaining Control of Your System
Section 18.1 Finding the Cracker s Running Processes
Section 18.2 Handling Running Cracker Processes
Section 18.3 Drop the Modems, Network, Printers, and System
Chapter 19. Finding and Repairing the Damage
Section 19.1 Check Your varlog Logs
Section 19.2 The syslogd and klogd Daemons
Section 19.3 Remote Logging
Section 19.4 Interpreting Log File Entries
Section 19.5 Check Other Logs
Section 19.6 Check TCP Wrapper Responses
Section 19.7 How the File System Can Be Damaged
Section 19.8 Planting False Data
Section 19.9 Altered Monitoring Programs
Section 19.10 Stuck in the House of Mirrors
Section 19.11 Getting Back in Control
Section 19.12 Finding Cracker-Altered Files
Section 19.13 Sealing the Crack
Section 19.14 Finding set-UID Programs
Section 19.15 Finding the mstream Trojan
Chapter 20. Finding the Attacker s System
Section 20.1 Tracing a Numeric IP Address with nslookup
Section 20.2 Tracing a Numeric IP Address with dig
Section 20.3 Who s a Commie: Finding .com Owners
Section 20.4 Finding Entities Directly from the IP Address
Section 20.5 Finding a G-Man: Looking Up .gov Systems
Section 20.6 Using ping
Section 20.7 Using traceroute
Section 20.8 Neighboring Systems Results
Section 20.9 A Recent International Tracking of a Cracker
Section 20.10 Be Sure You Found the Attacker
Section 20.11 Other SysAdmins: Do They Care?
Chapter 21. Having the Cracker Crack Rocks
Section 21.1 Police: Dragnet or Keystone Kops?
Section 21.2 Prosecution
Section 21.3 Liability of ISPs Allowing Illegal Activity
Section 21.4 Counteroffenses
Appendix A. Internet Resources for the Latest Intrusions and Defenses
Section A.1 Mailing ListsThe Mandatory Ones
Section A.2 Mailing ListsThe Optional Ones
Section A.3 News Groups
Section A.4 URLs for Security Sites
Section A.5 URLs for Security Tools
Section A.6 URLs for Documentation
Section A.7 URLs for General Tools
Section A.8 URLs for Specifications and Definitions
Section A.9 Vendor Software and Updates
Section A.10 Other Software Updates
Appendix B. Books, CD-ROMs, and Videos
Section B.1 Linux System Security
Section B.2 Building Linux and OpenBSD Firewalls
Section B.3 Samba: Integrating UNIX and Windows
Section B.4 Linux Sendmail Administration
Section B.5 Secrets and Lies: Digital Security in a Networked World
Section B.6 The Cuckoo s Egg
Section B.7 Hackers
Section B.8 UNIX Complete
Section B.9 The Computer Contradictionary
Section B.10 U.S. Department of Defense DISA Resources
Section B.11 Internetworking with TCPIP Vols. I, II, and III
Section B.12 Linux Application Development
Section B.13 Consultants: The Good, the Bad, and the Slick
Appendix C. Network Services and Ports
Appendix D. Danger Levels
Appendix E. About the CD-ROM
Section E.1 The Author s GPG Public Key
Appendix F. Abbreviations
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Understanding SQL Basics and Creating Database Files
Working with Functions, Parameters, and Data Types
Working with Comparison Predicates and Grouped Queries
Understanding SQL Subqueries
Writing Advanced Queries and Subqueries
VBScript Programmers Reference
Variables and Procedures
Error Handling and Debugging
Remote Scripting
Appendix D Visual Basic Constants Supported in VBScript
Appendix K The Variant Subtypes
Documenting Software Architectures: Views and Beyond
What the Module Viewtype Is For and What Its Not For
For Further Reading
For Further Reading
ECS Software Architecture View Template
C&C Communicating-Processes View
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Creating, Destroying, and Viewing Databases
Summary
Client 1Connecting to the Server
The PostgreSQL BGWRITER process
Point-in-time Recovery
The Oracle Hackers Handbook: Hacking and Defending Oracle
The Oracle Network Architecture
Attacking the TNS Listener and Dispatchers
Indirect Privilege Escalation
Running Operating System Commands
Appendix A Default Usernames and Passwords
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
Strings and Regular Expressions
Multithreading
Windows Programming
ASP.NET Web Applications
Useful COM Interop
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies