Information about http://www.wilyhacker.com/toc.pdf
vii 27 …
Tags: arp, communications security, computer security, encryption, ethics, ip addresses, protocols, security review, tcp sessions,Pages: 10
Language: english
Display cached document
Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
Page 8
Page 9
Page 10
vii
27
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘ 2.1.5 UDP
25
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘ 2.1.4 SCTP
24
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ TCP Sessions
23
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ TCP Open
22 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘
2.1.3 TCP
22 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘
2.1.2 ARP
21
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ IP Addresses
20
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘ 2.1.1 IP
19
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
2.1 Basic Protocols
19 2 A Security Review of Protocols: Lower Layers
18
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
1.7 WARNING
16
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘
1.6 The Ethics of Computer Security
15
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘ 1.5.4 Encryption--Communications Security
14 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘
1.5.3 DMZs
13
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 1.5.2 Gateways and Firewalls
11
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ 1.5.1 Host Security
11
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
1.5 Strategies for a Secure Network
10
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘
1.4 Perimeter Security
10
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
1.3 Host-Based Security
9 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ
1.2.2 Stance
7 ˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
1.2.1 Policy Questions
7
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
1.2 Picking a Security Policy
3
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
1.1 Security Truisms
3 1 Introduction
1 Getting Started I
xvii Preface to the First Edition
xiii Preface to the Second Edition
Contents
or by any means except that they may be downloaded from this source and printed for personal use.
Notice: For personal use only. These materials may not be reproduced or distributed in any form
©Copyright 2003 AT&T and Lumeta. All Rights Reserved.
64 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
3.8.1 Finger: Looking Up People
64 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
3.8 Information Services
63 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
3.7 The Network Time Protocol
62
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
3.6 Simple Network Management Protocol--SNMP
61 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.5.3 Ssh
59 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
3.5.2 The "r " Commands
58
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 3.5.1 Telnet
58
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
3.5 Remote Login
57 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
3.4.3 SMB Protocol
53 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.4.2 FTP
52
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 3.4.1 TFTP
52 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
3.4 File Transfer Protocols
52
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ 3.3.4 Andrew
51 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.3.3 NFS
50 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.3.2 NIS
47 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
3.3.1 RPC and Rpcbind
47 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
3.3 RPC-Based Protocols
47 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.2.2 SIP
46 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
3.2.1 H.323
46 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.2 Internet Telephony
45 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
3.1.5 Instant Messaging
45 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
3.1.4 IMAP Version 4
44 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
3.1.3 POP version 3
43 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
3.1.2 MIME
41
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
3.1.1 SMTP
41 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ
3.1 Messaging
41 3 Security Review: The Upper Layers
39 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
2.5.1 Fixing WEP
38 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
Wireless Security 2.5
37
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘ Network Address Translators 2.4
36 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
2.3.4 Filtering IPv6
36 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
2.3.3 DHCPv6
36 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
2.3.2 Neighbor Discovery
35 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
2.3.1 IPv6 Address Formats
34 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
IP version 6 2.3
33 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
2.2.3 BOOTP and DHCP
33 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
DNSsec
31 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
2.2.2 The Domain Name System
30 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
BGP
28 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
2.2.1 Routers and Routing Protocols
28 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
Managing Addresses and Names 2.2
27
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 2.1.6 ICMP
Contents viii
103
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘ 5.4 Authentication Failures
100 ˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
5.3 Bugs and Back Doors
98 ˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
5.2 Social Engineering
95
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 5.1 Stealing Passwords
95 5 Classes of Attacks
93 The Threats II
91
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ 4.6 Parting Thoughts
91
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ 4.5 The Web and Databases
89
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 4.4 Web Servers vs. Firewalls
87
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ 4.3.4 Choice of Server
86
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 4.3.3 Securing the Server Host
86
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ 4.3.2 Server-Side Scripts
85
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘ 4.3.1 Access Controls
85
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 4.3 Risks to the Server
83
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ 4.2.4 Browsers
82
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 4.2.3 JavaScript
80
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘ 4.2.2 Java and Applets
80
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 4.2.1 ActiveX
79
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 4.2 Risks to the Clients
78
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘ 4.1.4 URLs
77 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘
4.1.3 FTP
77 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘
4.1.2 SSL
76
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ Maintaining Connection State
74
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘ 4.1.1 HTTP
74
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 4.1 The Web Protocols
73 4 The Web: Threat or Menace?
71
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
3.12 The Small Services
71 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘
3.11.1 xdm
70
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.11 The X11 Window System
69
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
3.10 Peer-to-Peer Networking
69
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ 3.9.3 Other Proprietary Services
68
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
3.9.2 Oracle's SQL*Net
68
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘
3.9.1 RealAudio
68
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
3.9 Proprietary Protocols
67
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 3.8.6 Multicasting and the MBone
66
˘˘ˇ˘˘˘˘˘˘ˇ˘˘ 3.8.5 NNTP--Network News Transfer Protocol
65
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘
3.8.4 World Wide Web
65
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘
3.8.3 LDAP
64
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ 3.8.2 Whois--Database Lookup Service
ix Contents
132 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
6.9 Tiger Teams
132 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
6.8.10 Other Tools
131
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
6.8.9 Virus Construction Kits
131
˘˘ˇ˘˘˘˘˘˘ˇ
6.8.8 Ping of Death--Issuing Pathological Packets
131 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
6.8.7 DDoS Attack Tools
131 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
6.8.6 Nessus--Port Scanning
130
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
6.8.5 Juggernaut--TCP Hijack Tool
130
˘˘ˇ˘˘˘˘˘˘ˇ
6.8.4 Nbaudit--Check NetBIOS Share Information
130
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
6.8.3 Nmap--Find and Identify Hosts
129
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
6.8.2 Dsniff--Password Sniffing Tool
129
˘˘ˇ˘˘˘˘˘˘
6.8.1 Crack--Dictionary Attacks on U NIX Passwords
128 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
6.8 Hacking Tools
127 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ
6.7 Metastasis
127 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
6.6.1 Back Doors
126 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ
6.6 Covering Tracks
125 ˘˘˘˘˘ ˇ˘˘˘˘˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
6.5.2 Rootkit
124 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
6.5.1 Setuid root Programs
123 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
6.5 The Battle for the Host
122 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
6.4 Breaking into the Host
121 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
6.3 Scanning a Network
121 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘
6.2 Hacking Goals
119
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
6.1 Introduction
119 6 The Hacker's Workbench, and Other Munitions
117 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘
5.10 Active Attacks
117 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
5.9 Botnets
116 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
5.8.5 Backscatter
116 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
Increase the Capacity of the Target
114 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
Hunt Them Down Like Dogs
114 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
Improve the Processing Software
111 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
Filter Out the Bad Packets
111
˘˘˘˘˘ˇ˘˘˘˘ 5.8.4 What to Do About a Denial-of-Service Attack
110 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
5.8.3 DDoS
109
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘ Application-Level Attacks--Spam
109 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
SYN Packet Attacks
108 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
Killer and ICMP Packets
108 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
5.8.2 Attacking the Network Layer
108 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
5.8.1 Attacks on a Network Link
107
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
Denial-of-Service Attacks 5.8
106
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
Exponential Attacks--Viruses and Worms 5.7
105 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
Information Leakage 5.6
104 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
Protocol Failures 5.5
104 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
5.4.1 Authentication Races
Contents x
170
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 8.12 Adding SSL Support with Sslwrap
170 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ
8.11 Taming Named
169
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘ 8.10 Samba: An SMB Implementation
168
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 8.9 POP3 and IMAP
168
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 8.8.1 Postfix
168
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ 8.8 Mail Transfer Agents
167
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 8.7 Aftpd--A Simple Anonymous FTP Daemon
167
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 8.6.2 Security of This Web Server
166
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ 8.6.1 CGI Wrappers
165
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 8.6 Jailing the Apache Web Server
162
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ 8.5 Chroot--Caging Suspect Software
160
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘ 8.4.3 Ping, Traceroute, and Dig
159
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ 8.4.2 Using Tcpdump
159
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘ 8.4.1 Network Monitoring
159
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
8.4 Network Administration Tools
158 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
8.3 Syslog
158 ˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
8.2.4 Server Authentication
157
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 8.2.3 Authentication Shortcomings
157 ˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘
8.2.2 Two-Factor Authentication
154
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 8.2.1 Single-Factor Authentication for ssh
154
˘˘ˇ˘˘˘˘˘˘ˇ˘ ˇ˘˘˘˘˘˘ˇ˘˘˘
8.2 Ssh--Terminal and File Access
153
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
8.1 Inetd--Network Services
153 8 Using Some Tools and Services
150 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ
7.10 PKI
149
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ 7.9.2 Cryptographic Techniques
149
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ 7.9.1 Network-Based Authentication
149
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ 7.9 Host-to-Host Authentication
149
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 7.8 SASL: An Authentication Framework
148 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
7.7 RADIUS
147 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
7.6 Biometrics
147 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
7.5 Smart Cards
146
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 7.4 Lamport's One-Time Password Algorithm
145
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 7.3 Challenge/Response One-Time Passwords
144
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ 7.2 Time-Based One-Time Passwords
143
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 7.1.2 The Real Cost of Passwords
142
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘ 7.1.1 Rolling the Dice
138
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 7.1 Remembering Passwords
137 7 Authentication
135 Safer Tools and Services III
xi Contents
215
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘ 11.3 Building a Firewall from Scratch
214 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘
11.2 Proxies
212 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘
11.1 Rulesets
211 11 Firewall Engineering
210 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
10.5 Something New
209
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 10.4.2 ICMP
209 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
10.4.1 IPsec, GRE, and IP over IP
209 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
10.4 Other Services
209 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.3.5 X Windows
209
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 10.3.4 SMB
208 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.3.3 RealAudio
208
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ 10.3.2 H.323 and SIP
207
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 10.3.1 UDP
207 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
10.3 Services We Don't Like
206 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.2 Digging for Worms
206
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘ 10.1.8 ssh
204 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
10.1.7 POP3/IMAP
203 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.1.6 SMTP/Mail
203 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.1.5 NTP
202 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.1.4 TCP
202 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.1.3 FTP
202 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
10.1.2 Web
198
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 10.1.1 DNS
198
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘ 10.1 Reasonable Services to Filter
197 10 Filtering Services
194 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
9.6 What Firewalls Cannot Do
193 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
9.5 Distributed Firewalls
193
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 9.4.3 The Safety of Dynamic Packet Filters
191 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
9.4.2 Replication and Topology
188 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
9.4.1 Implementation Options
188
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ
9.4 Dynamic Packet Filters
186
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ
9.3 Circuit-Level Gateways
185
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
9.2 Application-Level Filtering
185 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
9.1.4 Packet-Filtering Performance
184 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
9.1.3 Sample Configurations
182 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
9.1.2 Routing Filters
179
˘˘˘˘˘ˇ˘˘˘˘˘˘ 9.1.1 Network Topology and Address-Spoofing
176 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
9.1 Packet Filters
175 9 Kinds of Firewalls
173 Firewalls and VPNs IV
Contents xii
257 ˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
13.5 Placement Classes
255 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘
13.4 Belt and Suspenders
253 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘
13.3 In Host We Trust
249
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘ 13.2 Intranet Routing Tricks
248
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ 13.1 Intranet Explorations
247 13 Network Layout
245 Protecting an Organization V
244
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘ 12.3.2 VPN in Hardware
243
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ 12.3.1 VPN in Software
242
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘ 12.3 Software vs. Hardware
242
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘ Networking on the Road
242
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ Connecting Through an ISP
241
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ Direct Connection to a Company
239
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ 12.2.3 Telecommuting
238
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ 12.2.2 Joint Ventures
237
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 12.2.1 Remote Branch Offices
236
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 12.2 Virtual Private Networks (VPNs)
234
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘ 12.1.1 Tunnels Good and Bad
234
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘ 12.1 Tunnels
233 12 Tunneling and VPNs
232
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ Computer-Assisted Inspection
232
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘ Manual Inspection
232
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ The Rules
232
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ 11.5.2 Rule Inspection
231
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ 11.5.1 Tiger Teams
230
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
11.5 Testing Firewalls
230
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ
11.4.6 Administration
229
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 11.4.5 Firewalking
229
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘ 11.4.4 The FTP Problem
228
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘ 11.4.3 Handling IP Fragments
228
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 11.4.2 Intentional Subversions
227
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘
11.4.1 Inadvertent Problems
227
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
11.4 Firewall Problems
226
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ 11.3.3 Application-Based Filtering
226 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘
Ipftest
220 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
11.3.2 Building a Firewall for an Organization
216
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 11.3.1 Building a Simple, Personal Firewall
xiii Contents
303 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
17.3 Crude Forensics
302 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
17.2 C LARK
302
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 17.1 Prelude
301 17 The Taking of Clark
298 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
16.6 Berferd Comes Home
296 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
16.5 Tracing Berferd
295 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘
16.4 The Jail
294 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
16.3 The Day After
290 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
16.2 An Evening with Berferd
287 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ
16.1 Unfriendly Acts
287 16 An Evening with Berferd
285 Lessons Learned VI
282 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
15.4.1 Snort
282 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ
15.4 IDS Tools
282 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
15.3 Administering an IDS
281 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
15.2 Types of IDSs
280
˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ 15.1 Where to Monitor
279 15 Intrusion Detection
277
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
14.7 Skinny-Dipping: Life Without a Firewall
275 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
14.6.6 Watching the Roost
274 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
14.6.5 Software Updates
273 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
14.6.4 Backup
272 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
14.6.3 Logging
271 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
14.6.2 Console Access
271 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
14.6.1 Access
271 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
14.6 Administering a Secure Host
270 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
14.5 Loading New Software
266 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
14.4 Field-Stripping a Host
265 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
14.3 Hardware Configuration
265
˘˘˘˘˘ˇ˘˘˘ 14.2.3 Secure Routers and Other Network Elements
265 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
14.2.2 Secure Servers
264 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
Multi-User Hosts
264
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ Single-User, U NIX-Like Systems
263 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
Windows and Macintoshes
263 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ
14.2.1 Secure Clients
260 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
14.2 Properties of Secure Hosts
259 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
14.1 What Do We Mean by "Secure"?
259 14 Safe Hosts in a Hostile Environment
Contents xiv
337
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘ A.2 Secret-Key Cryptography
335
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘ A.1 Notation
335 A An Introduction to Cryptography
333 Appendixes VII
332
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ 19.6 Conclusion
331
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 19.5 Internet Security
331
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 19.4 Internet Ubiquity
330
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘ 19.3 Microsoft and Security
330
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘ 19.2 DNSsec
329
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ 19.1 IPv6
329 19 Where Do We Go from Here?
327
˘˘˘˘
18.4.6 Generic Security Service Application Program Interface
327
˘˘˘˘˘ˇ˘˘˘˘˘˘
18.4.5 Transmission Security vs. Object Security
327 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘
PGP
326 ˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ
S/MIME
326
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘
18.4.4 Secure Electronic Mail
326
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘
18.4.3 Authenticating SNMP
325 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘
Security
324
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
Protocol Overview
323
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ
18.4.2 SSL--The Secure Socket Layer
322
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘
18.4.1 Remote Login: Ssh
322
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
18.4 Application-Level Encryption
320
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ
18.3.2 Key Management for IPsec
318 ˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘
18.3.1 ESP and AH
318
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
18.3 Network-Level Encryption
318 ˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
18.2 Link-Level Encryption
316
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘
18.1.1 Limitations
314
˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
18.1 The Kerberos Authentication System
313 18 Secure Communications over Insecure Networks
312
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘ 17.8 Lessons Learned
311
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘ 17.7 Better Forensics
311
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘ 17.6.2 What Did They Get of Value?
311
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘ 17.6.1 How Did They Become Root?
310
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ 17.6 How Did They Get In?
310
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘ 17.5 The Password File
306
˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ 17.4.2 /usr/var/tmp
305
˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘ 17.4.1 /usr/lib
304
˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ 17.4 Examining C LARK
xv Contents
397 Index
391 List of Acronyms
389 s List of
355 Bibliography
353 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
B.5 Conferences
352 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
B.4 Vendor Security Sites
352 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
B.3 Peoples' Pages
351 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘
B.2 Web Resources
350 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ ˇ˘˘
B.1 Mailing Lists
349 B Keeping Up
347 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
Timestamps A.8
346 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘
Secure Hash Functions A.7
344 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
Digital Signatures A.6
343 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
Exponential Key Exchange A.5
342 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
Public Key Cryptography A.4
342 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘
A.3.7 Master Keys
342 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘
A.3.6 One-Time Passwords
341 ˘˘ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘
A.3.5 Counter Mode
341 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
A.3.4 Cipher Feedback Mode
340 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
A.3.3 Output Feedback Mode
339
˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ A.3.2 Cipher Block Chaining Mode
339 ˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
A.3.1 Electronic Code Book Mode
339 ˘˘˘˘˘ ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘˘˘˘˘ˇ˘˘
Modes of Operation A.3
Contents xvi