Preface

Never in the history of computing has there been such a great opportunity for hackers. Falling prices and the increasing performance of computer equipment have made it possible for any hacker to afford a powerful computer system of his own. Inexpensive high-speed Internet access is available almost everywhere. Hacker tools have become widely available and easy to use, making anyone able to be a hacker.

At the same time, business are making dramatic changes in the way they use their information systems. Companies are downsizing from proprietary mainframes to open systems, there is a tremendous demand for the information on office PCs to be shared around the globe, and businesses are flocking to the Internet to provide new avenues for customers, enable remote mobile or work-from-home employees , and replace dedicated private networks with cheap virtual private networks. International networking, with the increasing number of computers and growing connectivity, has provided an ease of access to computers heretofore unknown.

Financial pressures are pushing companies to explore new opportunities. Companies are outsourcing operations. They are entering into new business arrangements with partners that require greater sharing of information with remote individuals who are not employees. These new environments are uncharted territories for many of the companies who are leaping online. Companies, administrators, and users are all having to change their understanding of their computational environment. There are new rules for using, managing, and evaluating this new environment. Reduction in staff has been made to contain costs, and has led to many systems with inexperienced managers, responsible for a greater number of systems with operating systems with which they are unfamiliar. The combination of ease of access with overworked and inexperienced system managers is a potentially explosive one.

Many companies are moving to UNIX system-based operating systems ” some because of mainframe downsizing, others because Linux is free, and others because they are tired of the alternatives. The more widespread an operating system, the more attractive it will be for hackers to attack. UNIX systems have traditionally been used by universities and research facilities. Since it is common in research and scientific areas, there is an abundance of information about the operating system. Also, universities and scientific research institutes are often more lax with security, providing a fruitful playground for hackers to learn and hack. UNIX operating systems are some of the most documented operating systems, and versions of the source code are widely available, making it a common target of hackers today.

In the computer industry, security has mostly been an afterthought. It is often thought that putting security into programs that don't demand it will only get in the way. Most software systems have evolved from older systems and quite often large software systems actually incorporate code from many sources, written by many authors. When you have software that does not have a single design, it is almost impossible to design security into it after the fact.

Computer security is part of the larger field of corporate information security and has a significant effect on system availability. Data security encompasses all aspects of management of proprietary information, including information classification, ownership, appropriate access, use, handling, and storage.

Vendors in the computer industry have spent a good deal of time and money addressing the other areas of data security and system availability. Most corporations have a disaster plan in place that has detailed contingency plans that cover fire, flood, and earthquake, but rarely do they cover security-based disasters. Even though only a small percentage of corporate losses is from this threat, a tremendous amount of money and resources is spent each year to reduce the losses from physical disasters. However, few company disaster plans cover contingencies for the losses due to computer security incidents, which are often the result of malicious activities, with the greatest share of these being the actions of disgruntled or dishonest employees, the rest being the result of outside threats. These outside threats account for only a tiny percentage of corporate losses. However, this tiny percentage gets the lion's share of the publicity. It can be much more damaging to the company's reputation than the actual damage it may cause to the data it compromises.

The tragic events of September 11 ^th have changed forever the way the world looks at security. Companies are putting security at the top of their lists ” as a concern, as an issue needing to be addressed, and as a budget item. The question "What about security?" is being asked at the beginning of a project with the requirement that it be addressed. Security is no longer an afterthought ” it is now being seen as the fundamental foundation for every project.

When the first edition of this book was originally conceived in the mid-nineties, it was very difficult to get information on how information systems were compromised. It was equally difficult to get a book published that described the process by which systems were compromised. Even though it was written to raise the awareness of system administrators that there were security issues which had to be addressed to avoid being attacked , there was fear that such a book would be used by hackers to attack systems. There is a thin line between informing system managers and providing a guidebook for hackers. It is unavoidable that some will utilize this book to attempt to hack into systems. Today, security information is a much more open topic. Everyone is aware of hackers. The headlines are full of hacker stories.

This book is designed to give system and security managers insight into the mind of a hacker and to provide tools to fight both existing and yet-to-come system attacks. You will see that even seemingly harmless services can become valuable tools in the hands of a skilled hacker who uses them to search for weak points in a system. The information here is broadly available to those who know where to look for it. Unfortunately, all too often it is the hacker who knows where to look and those responsible for computer security who do not. System managers generally do not have the time or inclination to peruse the dark corners of the Internet for hacking information and tools, and certainly they are not going to cruise the bulletin boards that are frequented by hackers.

This book is written with a dual viewpoint. We look through the eyes of a potential intruder and expose cracks in systems that can be widened to gain access or privileges, and we also take the system manager's viewpoint and explore methods of sealing those cracks. This dual viewpoint allows you to understand how a hacker thinks so you can block the intruder. It is organized by the processes hackers use to gain access, privileges, and control of a computer system, instead of simply illustrating how to secure each software subsystem. This helps you understand how the different subsystems can be used in harmony to attack a computer, and how the changes you make in one system can affect another and leave you without a secure computer system. This book explains why and how a problem can be leveraged into a security breach and discusses how to fix it. Understanding the why of a problem is a skill you can use throughout your career.

This edition of the book details building and securing a UNIX system, with specifics for HP-UX and Red Hat Linux systems.

This book puts the hacker under the microscope to bring to light the common motives and basic methods that are used. In so doing it gives you, the system manager, the knowledge to apply security effort efficiently and effectively to secure systems now and into the future.