Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Network Security Hacks
SPECIAL OFFER: Upgrade this ebook with O’Reilly Copyright Credits
About the Author Contributors Acknowledgments
Preface
Why Network Security Hacks? How This Book Is Organized Conventions Used in This Book Safari Enabled Using Code Examples How to Contact Us Got a Hack?
1. Unix Host Security
Hack #1. Secure Mount Points Hack #2. Scan for SUID and SGID Programs Hack #3. Scan for World- and Group-Writable Directories Hack #4. Create Flexible Permissions Hierarchies with POSIX ACLs
Enabling ACLs Managing ACLs
Hack #5. Protect Your Logs from Tampering Hack #6. Delegate Administrative Roles Hack #7. Automate Cryptographic Signature Verification Hack #8. Check for Listening Services Hack #9. Prevent Services from Binding to an Interface Hack #10. Restrict Services with Sandboxed Environments
Using chroot() Using FreeBSD’s jail()
Hack #11. Use proftpd with a MySQL Authentication Source
See Also
Hack #12. Prevent Stack-Smashing Attacks Hack #13. Lock Down Your Kernel with grsecurity
Patching the Kernel Configuring Kernel Options
Low security Medium security High security Customized security settings
Hack #14. Restrict Applications with grsecurity Hack #15. Restrict System Calls with systrace Hack #16. Create systrace Policies Automatically Hack #17. Control Login Access with PAM
Limiting Access by Origin Restricting Access by Time
Hack #18. Restrict Users to SCP and SFTP
Setting Up rssh Configuring chroot()
Hack #19. Use Single-Use Passwords for Authentication
OPIE Under FreeBSD S/Key Under OpenBSD
Hack #20. Restrict Shell Environments Hack #21. Enforce User and Group Resource Limits Hack #22. Automate System Updates
2. Windows Host Security
Hack #23. Check Servers for Applied Patches
Using HFNetChk See Also
Hack #24. Use Group Policy to Configure Automatic Updates
Some Recommendations Digging Deeper
Hack #25. List Open Files and Their Owning Processes Hack #26. List Running Services and Open Ports Hack #27. Enable Auditing Hack #28. Enumerate Automatically Executed Programs Hack #29. Secure Your Event Logs Hack #30. Change Your Maximum Log File Sizes Hack #31. Back Up and Clear the Event Logs
The Code Running the Hack
Hack #32. Disable Default Shares Hack #33. Encrypt Your Temp Folder Hack #34. Back Up EFS
Backing Up Encrypted Data and EFS Keys Restoring EFS Keys Backing Up Recovery Agent Keys
Hack #35. Clear the Paging File at Shutdown Hack #36. Check for Passwords That Never Expire
The Code Running the Hack
3. Privacy and Anonymity
Hack #37. Evade Traffic Analysis
Onion Routing Installing Tor Installing Privoxy Configuring Privoxy for Tor See Also
Hack #38. Tunnel SSH Through Tor
See Also
Hack #39. Encrypt Your Files Seamlessly Hack #40. Guard Against Phishing
SpoofGuard Installing SpoofGuard How SpoofGuard Works
Hack #41. Use the Web with Fewer Passwords
PwdHash Remote PwdHash
Hack #42. Encrypt Your Email with Thunderbird
Setting Up Thunderbird Providing a Public/Private Key Pair
Importing an existing key pair Generating a new key pair
Sending and Receiving Encrypted Email
Hack #43. Encrypt Your Email in Mac OS X
Installing GPG Creating a GPG Key Installing GPGMail Sending and Receiving Encrypted Email
4. Firewalling
Hack #44. Firewall with Netfilter
Setting the Filtering Policy Rule Examples A Word About Stateful Inspection Ordering Rules
Hack #45. Firewall with OpenBSD’s PacketFilter
Configuring PF Global Options Traffic Normalization Rules Filtering Rules
Hack #46. Protect Your Computer with the Windows Firewall
Allow Programs to Bypass the Firewall Tracking Firewall Activity with a Windows Firewall Log Problems with Email and the Windows Firewall Hacking the Hack See Also
Hack #47. Close Down Open Ports and Block Protocols Hack #48. Replace the Windows Firewall
Installing CORE FORCE The Configuration Wizard Manual Configuration
Hack #49. Create an Authenticated Gateway Hack #50. Keep Your Network Self-Contained Hack #51. Test Your Firewall Hack #52. MAC Filter with Netfilter Hack #53. Block Tor
5. Encrypting and Securing Services
Hack #54. Encrypt IMAP and POP with SSL Hack #55. Use TLS-Enabled SMTP with Sendmail Hack #56. Use TLS-Enabled SMTP with Qmail Hack #57. Install Apache with SSL and suEXEC
Apache 1.x Apache 2.x
Hack #58. Secure BIND
See Also
Hack #59. Set Up a Minimal and Secure DNS Server
Installing daemontools Installing Djbdns Adding Records
Hack #60. Secure MySQL Hack #61. Share Files Securely in Unix
6. Network Security
Hack #62. Detect ARP Spoofing Hack #63. Create a Static ARP Table Hack #64. Protect Against SSH Brute-Force Attacks
Changing the Port Disabling Password Authentication Firewalling the SSH Daemon
Limiting connections to your sshd Parsing logs and blocking an IP Rate-limiting SYN packets
Hack #65. Fool Remote Operating System Detection Software Hack #66. Keep an Inventory of Your Network Hack #67. Scan Your Network for Vulnerabilities
Nessus 2.x Nessus 3.x
Hack #68. Keep Server Clocks Synchronized Hack #69. Create Your Own Certificate Authority
Creating the CA Signing Certificates
Hack #70. Distribute Your CA to Clients Hack #71. Back Up and Restore a Certificate Authority with Certificate Services
Backing Up a CA The Certification Authority Backup Wizard Restoring a CA to a Working Server Restoring a CA to a Different Server Decommissioning the Old CA
Hack #72. Detect Ethernet Sniffers Remotely
Sniffing Shared Mediums Sniffing in Switched Environments Installing SniffDet Testing with ARP Queries
Hack #73. Help Track Attackers Hack #74. Scan for Viruses on Your Unix Servers
Installing ClamAV Configuring clamd
Hack #75. Track Vulnerabilities
Mailing Lists RSS Feeds Cassandra Summary
7. Wireless Security
Hack #76. Turn Your Commodity Wireless Routers into a Sophisticated Security Platform Hack #77. Use Fine-Grained Authentication for Your Wireless Network
Deploying the RADIUS Server Configuring Your AP
Hack #78. Deploy a Captive Portal
The Authentication Server Installing the Gateway
8. Logging
Hack #79. Run a Central Syslog Server Hack #80. Steer Syslog Hack #81. Integrate Windows into Your Syslog Infrastructure
Using NTsyslog Using Eventlog to Syslog
Hack #82. Summarize Your Logs Automatically Hack #83. Monitor Your Logs Automatically
Installing swatch Configuration Syntax
Hack #84. Aggregate Logs from Remote Sites
Compiling syslog-ng Configuring syslog-ng Translating Your syslog.conf
Hack #85. Log User Activity with Process Accounting Hack #86. Centrally Monitor the Security Posture of Your Servers
Installation Adding Agents Installing a Windows Agent Configuration Active Responses See Also
9. Monitoring and Trending
Hack #87. Monitor Availability
Installing Nagios Installing Plug-ins Configuring Nagios
Adding hosts to monitor Creating host groups Creating contacts and contact groups Configuring services to monitor Defining time periods
Hack #88. Graph Trends Hack #89. Get Real-Time Network Stats Hack #90. Collect Statistics with Firewall Rules Hack #91. Sniff the Ether Remotely
10. Secure Tunnels
Hack #92. Set Up IPsec Under Linux Hack #93. Set Up IPsec Under FreeBSD
Client Configuration Gateway Configuration Using x.509 Certificates
Hack #94. Set Up IPsec in OpenBSD
Password Authentication Certificate Authentication
Hack #95. Encrypt Traffic Automatically with Openswan Hack #96. Forward and Encrypt Traffic with SSH Hack #97. Automate Logins with SSH Client Keys Hack #98. Use a Squid Proxy over SSH Hack #99. Use SSH As a SOCKS Proxy Hack #100. Encrypt and Tunnel Traffic with SSL
Building Stunnel Configuring stunnel Encrypting Services
Hack #101. Tunnel Connections Inside HTTP Hack #102. Tunnel with VTun and SSH
Configuring VTun Testing VTun Encrypting the Tunnel
Hack #103. Generate VTun Configurations Automatically
The Code Running the Hack
Hack #104. Create a Cross-Platform VPN
Installing OpenVPN Testing OpenVPN Creating Your Configuration Using OpenVPN and Windows Using OpenVPN with Mac OS X
Hack #105. Tunnel PPP
See Also
11. Network Intrusion Detection
Hack #106. Detect Intrusions with Snort
Installing Snort Testing Snort Configuring Snort See Also
Hack #107. Keep Track of Alerts Hack #108. Monitor Your IDS in Real Time
Creating the Database Setting Up the Server Installing a Sensor
Patching Snort Patching Barnyard
Finishing Up
Hack #109. Manage a Sensor Network
Installing the Prerequisites Setting Up the Console Setting Up an Agent Adding an Agent to the Console
Hack #110. Write Your Own Snort Rules
Rule Basics
Actions Protocols IP addresses Ports
Options
Adding human-readable messages Inspecting packet content Matching TCP flags
Thresholding
Thresholding by signature ID Thresholding with rule options
Suppression
Hack #111. Prevent and Contain Intrusions with Snort_inline Hack #112. Automatically Firewall Attackers with SnortSam
Installing SnortSam Configuring SnortSam See Also
Hack #113. Detect Anomalous Behavior Hack #114. Automatically Update Snort’s Rules Hack #115. Create a Distributed Stealth Sensor Network Hack #116. Use Snort in High-Performance Environments with Barnyard
Installation Configuring Snort Configuring Barnyard Testing Barnyard
Hack #117. Detect and Prevent Web Application Intrusions
Installing mod_security Enabling and Configuring mod_security Creating Filters See Also
Hack #118. Scan Network Traffic for Viruses
Patching Snort Configuring the Preprocessor
Ports to scan Direction to scan Blocking propagation Miscellaneous options
Trying It Out
Hack #119. Simulate a Network of Vulnerable Hosts
Compiling honeyd Configuring honeyd Running honeyd Testing honeyd
Hack #120. Record Honeypot Activity
Installing the Linux Client Setting Up the Server Installing the Windows Client
12. Recovery and Response
Hack #121. Image Mounted Filesystems Hack #122. Verify File Integrity and Find Compromised Files
Building and Installing Tripwire Configuring Tripwire Day-to-Day Use See Also
Hack #123. Find Compromised Packages
Using RPM Using Other Package Managers
Hack #124. Scan for Rootkits Hack #125. Find the Owner of a Network
Getting DNS Information Getting Netblock Information
About the Author Colophon SPECIAL OFFER: Upgrade this ebook with O’Reilly
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab
.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion