Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Network Security Hacks
SPECIAL OFFER: Upgrade this ebook with O’Reilly
Copyright
Credits
About the Author
Contributors
Acknowledgments
Preface
Why Network Security Hacks?
How This Book Is Organized
Conventions Used in This Book
Safari Enabled
Using Code Examples
How to Contact Us
Got a Hack?
1. Unix Host Security
Hack #1. Secure Mount Points
Hack #2. Scan for SUID and SGID Programs
Hack #3. Scan for World- and Group-Writable Directories
Hack #4. Create Flexible Permissions Hierarchies with POSIX ACLs
Enabling ACLs
Managing ACLs
Hack #5. Protect Your Logs from Tampering
Hack #6. Delegate Administrative Roles
Hack #7. Automate Cryptographic Signature Verification
Hack #8. Check for Listening Services
Hack #9. Prevent Services from Binding to an Interface
Hack #10. Restrict Services with Sandboxed Environments
Using chroot()
Using FreeBSD’s jail()
Hack #11. Use proftpd with a MySQL Authentication Source
See Also
Hack #12. Prevent Stack-Smashing Attacks
Hack #13. Lock Down Your Kernel with grsecurity
Patching the Kernel
Configuring Kernel Options
Low security
Medium security
High security
Customized security settings
Hack #14. Restrict Applications with grsecurity
Hack #15. Restrict System Calls with systrace
Hack #16. Create systrace Policies Automatically
Hack #17. Control Login Access with PAM
Limiting Access by Origin
Restricting Access by Time
Hack #18. Restrict Users to SCP and SFTP
Setting Up rssh
Configuring chroot()
Hack #19. Use Single-Use Passwords for Authentication
OPIE Under FreeBSD
S/Key Under OpenBSD
Hack #20. Restrict Shell Environments
Hack #21. Enforce User and Group Resource Limits
Hack #22. Automate System Updates
2. Windows Host Security
Hack #23. Check Servers for Applied Patches
Using HFNetChk
See Also
Hack #24. Use Group Policy to Configure Automatic Updates
Some Recommendations
Digging Deeper
Hack #25. List Open Files and Their Owning Processes
Hack #26. List Running Services and Open Ports
Hack #27. Enable Auditing
Hack #28. Enumerate Automatically Executed Programs
Hack #29. Secure Your Event Logs
Hack #30. Change Your Maximum Log File Sizes
Hack #31. Back Up and Clear the Event Logs
The Code
Running the Hack
Hack #32. Disable Default Shares
Hack #33. Encrypt Your Temp Folder
Hack #34. Back Up EFS
Backing Up Encrypted Data and EFS Keys
Restoring EFS Keys
Backing Up Recovery Agent Keys
Hack #35. Clear the Paging File at Shutdown
Hack #36. Check for Passwords That Never Expire
The Code
Running the Hack
3. Privacy and Anonymity
Hack #37. Evade Traffic Analysis
Onion Routing
Installing Tor
Installing Privoxy
Configuring Privoxy for Tor
See Also
Hack #38. Tunnel SSH Through Tor
See Also
Hack #39. Encrypt Your Files Seamlessly
Hack #40. Guard Against Phishing
SpoofGuard
Installing SpoofGuard
How SpoofGuard Works
Hack #41. Use the Web with Fewer Passwords
PwdHash
Remote PwdHash
Hack #42. Encrypt Your Email with Thunderbird
Setting Up Thunderbird
Providing a Public/Private Key Pair
Importing an existing key pair
Generating a new key pair
Sending and Receiving Encrypted Email
Hack #43. Encrypt Your Email in Mac OS X
Installing GPG
Creating a GPG Key
Installing GPGMail
Sending and Receiving Encrypted Email
4. Firewalling
Hack #44. Firewall with Netfilter
Setting the Filtering Policy
Rule Examples
A Word About Stateful Inspection
Ordering Rules
Hack #45. Firewall with OpenBSD’s PacketFilter
Configuring PF
Global Options
Traffic Normalization Rules
Filtering Rules
Hack #46. Protect Your Computer with the Windows Firewall
Allow Programs to Bypass the Firewall
Tracking Firewall Activity with a Windows Firewall Log
Problems with Email and the Windows Firewall
Hacking the Hack
See Also
Hack #47. Close Down Open Ports and Block Protocols
Hack #48. Replace the Windows Firewall
Installing CORE FORCE
The Configuration Wizard
Manual Configuration
Hack #49. Create an Authenticated Gateway
Hack #50. Keep Your Network Self-Contained
Hack #51. Test Your Firewall
Hack #52. MAC Filter with Netfilter
Hack #53. Block Tor
5. Encrypting and Securing Services
Hack #54. Encrypt IMAP and POP with SSL
Hack #55. Use TLS-Enabled SMTP with Sendmail
Hack #56. Use TLS-Enabled SMTP with Qmail
Hack #57. Install Apache with SSL and suEXEC
Apache 1.x
Apache 2.x
Hack #58. Secure BIND
See Also
Hack #59. Set Up a Minimal and Secure DNS Server
Installing daemontools
Installing Djbdns
Adding Records
Hack #60. Secure MySQL
Hack #61. Share Files Securely in Unix
6. Network Security
Hack #62. Detect ARP Spoofing
Hack #63. Create a Static ARP Table
Hack #64. Protect Against SSH Brute-Force Attacks
Changing the Port
Disabling Password Authentication
Firewalling the SSH Daemon
Limiting connections to your sshd
Parsing logs and blocking an IP
Rate-limiting SYN packets
Hack #65. Fool Remote Operating System Detection Software
Hack #66. Keep an Inventory of Your Network
Hack #67. Scan Your Network for Vulnerabilities
Nessus 2.x
Nessus 3.x
Hack #68. Keep Server Clocks Synchronized
Hack #69. Create Your Own Certificate Authority
Creating the CA
Signing Certificates
Hack #70. Distribute Your CA to Clients
Hack #71. Back Up and Restore a Certificate Authority with Certificate Services
Backing Up a CA
The Certification Authority Backup Wizard
Restoring a CA to a Working Server
Restoring a CA to a Different Server
Decommissioning the Old CA
Hack #72. Detect Ethernet Sniffers Remotely
Sniffing Shared Mediums
Sniffing in Switched Environments
Installing SniffDet
Testing with ARP Queries
Hack #73. Help Track Attackers
Hack #74. Scan for Viruses on Your Unix Servers
Installing ClamAV
Configuring clamd
Hack #75. Track Vulnerabilities
Mailing Lists
RSS Feeds
Cassandra
Summary
7. Wireless Security
Hack #76. Turn Your Commodity Wireless Routers into a Sophisticated Security Platform
Hack #77. Use Fine-Grained Authentication for Your Wireless Network
Deploying the RADIUS Server
Configuring Your AP
Hack #78. Deploy a Captive Portal
The Authentication Server
Installing the Gateway
8. Logging
Hack #79. Run a Central Syslog Server
Hack #80. Steer Syslog
Hack #81. Integrate Windows into Your Syslog Infrastructure
Using NTsyslog
Using Eventlog to Syslog
Hack #82. Summarize Your Logs Automatically
Hack #83. Monitor Your Logs Automatically
Installing swatch
Configuration Syntax
Hack #84. Aggregate Logs from Remote Sites
Compiling syslog-ng
Configuring syslog-ng
Translating Your syslog.conf
Hack #85. Log User Activity with Process Accounting
Hack #86. Centrally Monitor the Security Posture of Your Servers
Installation
Adding Agents
Installing a Windows Agent
Configuration
Active Responses
See Also
9. Monitoring and Trending
Hack #87. Monitor Availability
Installing Nagios
Installing Plug-ins
Configuring Nagios
Adding hosts to monitor
Creating host groups
Creating contacts and contact groups
Configuring services to monitor
Defining time periods
Hack #88. Graph Trends
Hack #89. Get Real-Time Network Stats
Hack #90. Collect Statistics with Firewall Rules
Hack #91. Sniff the Ether Remotely
10. Secure Tunnels
Hack #92. Set Up IPsec Under Linux
Hack #93. Set Up IPsec Under FreeBSD
Client Configuration
Gateway Configuration
Using x.509 Certificates
Hack #94. Set Up IPsec in OpenBSD
Password Authentication
Certificate Authentication
Hack #95. Encrypt Traffic Automatically with Openswan
Hack #96. Forward and Encrypt Traffic with SSH
Hack #97. Automate Logins with SSH Client Keys
Hack #98. Use a Squid Proxy over SSH
Hack #99. Use SSH As a SOCKS Proxy
Hack #100. Encrypt and Tunnel Traffic with SSL
Building Stunnel
Configuring stunnel
Encrypting Services
Hack #101. Tunnel Connections Inside HTTP
Hack #102. Tunnel with VTun and SSH
Configuring VTun
Testing VTun
Encrypting the Tunnel
Hack #103. Generate VTun Configurations Automatically
The Code
Running the Hack
Hack #104. Create a Cross-Platform VPN
Installing OpenVPN
Testing OpenVPN
Creating Your Configuration
Using OpenVPN and Windows
Using OpenVPN with Mac OS X
Hack #105. Tunnel PPP
See Also
11. Network Intrusion Detection
Hack #106. Detect Intrusions with Snort
Installing Snort
Testing Snort
Configuring Snort
See Also
Hack #107. Keep Track of Alerts
Hack #108. Monitor Your IDS in Real Time
Creating the Database
Setting Up the Server
Installing a Sensor
Patching Snort
Patching Barnyard
Finishing Up
Hack #109. Manage a Sensor Network
Installing the Prerequisites
Setting Up the Console
Setting Up an Agent
Adding an Agent to the Console
Hack #110. Write Your Own Snort Rules
Rule Basics
Actions
Protocols
IP addresses
Ports
Options
Adding human-readable messages
Inspecting packet content
Matching TCP flags
Thresholding
Thresholding by signature ID
Thresholding with rule options
Suppression
Hack #111. Prevent and Contain Intrusions with Snort_inline
Hack #112. Automatically Firewall Attackers with SnortSam
Installing SnortSam
Configuring SnortSam
See Also
Hack #113. Detect Anomalous Behavior
Hack #114. Automatically Update Snort’s Rules
Hack #115. Create a Distributed Stealth Sensor Network
Hack #116. Use Snort in High-Performance Environments with Barnyard
Installation
Configuring Snort
Configuring Barnyard
Testing Barnyard
Hack #117. Detect and Prevent Web Application Intrusions
Installing mod_security
Enabling and Configuring mod_security
Creating Filters
See Also
Hack #118. Scan Network Traffic for Viruses
Patching Snort
Configuring the Preprocessor
Ports to scan
Direction to scan
Blocking propagation
Miscellaneous options
Trying It Out
Hack #119. Simulate a Network of Vulnerable Hosts
Compiling honeyd
Configuring honeyd
Running honeyd
Testing honeyd
Hack #120. Record Honeypot Activity
Installing the Linux Client
Setting Up the Server
Installing the Windows Client
12. Recovery and Response
Hack #121. Image Mounted Filesystems
Hack #122. Verify File Integrity and Find Compromised Files
Building and Installing Tripwire
Configuring Tripwire
Day-to-Day Use
See Also
Hack #123. Find Compromised Packages
Using RPM
Using Other Package Managers
Hack #124. Scan for Rootkits
Hack #125. Find the Owner of a Network
Getting DNS Information
Getting Netblock Information
About the Author
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly
← Prev
Back
Next →
← Prev
Back
Next →