Network Security Hacks 107
| Network Security Hacks | |
| author | Andrew Lockhart |
| pages | 312 |
| publisher | O'Reilly |
| rating | 8 |
| reviewer | Anton Chuvakin |
| ISBN | 0596006438 |
| summary | Surprisingly good; packs a lot of network security knowledge into a small book. |
The book is structured around many security subjects. These are: UNIX, Windows, Network Security, Logging (covering collecting, summarizing and analyzing log files), Monitoring, (covering system and network monitoring and collecting various statistics), Tunnels (covering various kind of VPNs and encrypted communication), Intrusion Detection, and Recovery and Response (short section covering very basic forensics).
Each section has a dozen or more tips, each taking from a page to several pages. For example, looking for SUID and SGID files takes just half a page, while installing and configuring Snort NIDS takes several pages. As a result, the style is understandably terse and to-the point.
The book ended up being one cool collection of tips, ranging from mundane ('how to configure iptables on Linux') to fairly esoteric ('how to use MySQL as an authenticating backend for an FTP server'). If you've always wanted to use 'grsecurity' or 'systrace,' but thought they were too complicated - grab the book and give it a shot. If you want to set up a fancy encrypted tunnel between two networks, it covers that too. Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place. Network Security Hacks covers selected topics in host security, SSH and VPNs, IDS, monitoring and even touches upon forensics. I also liked its multi-platform coverage, with a slight but unmistakable UNIX/Linux bias.
Overall, Network Security Hacks is a great book, provided you don't try to find in it something it isn't; it is a neat collection of simple network security tips. I somewhat disliked that many tips don't go beyond 'how to install a tool' and so stop short of discussing how to use it best. Another gripe: I'd rather some of the tips skipped the obvious (such as "./configure; make; make install") and focused on little known and cool ways to use technology for security. Network Security Hacks will be useful for people involved with system and network management, those starting up in the security field, as well as for more advanced professionals (as a way to check their knowledge and skills). Also, it helps folks to jump straight to effective ways of doing things in the areas where their skills are less developed.
For example, I knew it was possible to use SSH to create a makeshift VPN, but this books is the first I've seen with a really good description of doing so. Similarly, I found some neat MySQL hardening tips in the book. Overall, there is a lot in the book for most people who are somehow involved in computer security, particularly if they're also running UNIX or Linux.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company, author of Security Warrior (and contributor to Know Your Enemy II), and maintainer of security portal info-secure.org You can purchase Network Security Hacks from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
Happy Day! (Score:5, Funny)
Re:Happy Day! (Score:2, Funny)
Hmmm (Score:5, Funny)
Re:Hmmm (Score:1, Funny)
Re:Hmmm (Score:3, Funny)
Heh, sounds like some techs I know.
Cheers
Stor
Re:Hmmm (Score:1)
How to change the Windows XP Product Activation Key Code [techtarget.com]
and here...
Crackz-Serialz.com | 10000s of cracks and serials online [crackz-serialz.com]
Good book (Score:5, Interesting)
Re:Good book (Score:5, Funny)
A note to other geeks out there: I had to learn the hard way that, yes officer, you are expected to purchase this book before leaving the store.
Beginner's book (Score:4, Interesting)
Re:Beginner's book (Score:5, Interesting)
Anyone else more then a little bothered by this statement?
Re:Beginner's book (Score:2)
Anyone else more then a little bothered by this statement?
Bothered/insulted or bothered/worried?
Re:Beginner's book (Score:3)
Though it a nice little insult to everyone trying, they don't care so much that someone who has never done security before can handle all those pansy ass hackers.
Why is military IT not as good as it could be? (Score:5, Insightful)
When their time to re-enlist comes up, they can take that knowledge (and security clearance) and go get paid 5-10 times what the service pays them to work for a contactor to the NSA, FBI, CIA, or the big defense contractors.
Why would you stay?
Wonder why there are so many guys not re-enlisting? Is it that they don't want to serve or go back to Iraq? Nope. They see the private security guys there making 10-20 times what they make for the same job...
I see a trend here.
Re:Why is military IT not as good as it could be? (Score:2)
Re:Why is military IT not as good as it could be? (Score:2, Insightful)
The financial incentive was there before 9/11. Several years ago, a college friend who has a B.S. in mechanical engineering let slip the amount of her naval officer's pay. It was about 2/3 what I was getting in private industry with a liberal arts degree. Knowing her personality, she wasn't in it for the money, but out of dedication to the U.S.
It really bugs me that our military personnel get the short end of the stick, financially, when they face risks most of us do not. (After all, did YOUR boss deci
Re:Why is military IT not as good as it could be? (Score:1)
Geek 1:
1. Go to college for CS for 4 years
2. Graduate with 30K student loan debt
3. Spend months looking for job
4. Working at Walmart at 62 to work off the effects of said student loans, several medical bills incurred during breaks between jobs with no health insurance, and no retirement savings
5. ???
6. Profit
Geek 2:
1. Enlist at 17 (or commission after college at 21-22)
2. Military medical care for
Re:Beginner's book (Score:5, Interesting)
- Network Security Hacks [amazon.com]
- Network Security Assessment [amazon.com]
- Security Warrior [amazon.com]
and I have to say that all of them have weak content.
I don't proclaim to be an expert by any means, but security cannot be administered in such small nuggets of mostly outdated tricks/hacks.
Example: Hack 40: Block OS Fingerprinting. It briefly mentions nmap's -O option and then immediately demonstrates a fairly complex pf filter on OpenBSD. Does the author explain _any_ of the valid and invalid TCP flags that nmap uses? no. Does the author explain any adverse affects of silently dropping _all_ traffic that is satisfied by this complex ruleset? no. Does the author ever mention passive OS fingerprinting? Does it even mention the simplest/non-intrusive methods used to fool active OS fingerprinters like changing the IP default TTL or manipulating the TCP initial sequence number generation parameters? How do we port these rulesets to ipfw? netfilter? PIX conduits? In short, for this rule to be the slightest bit useful, we must assume that it works perfectly (does not drop a single legitimate frame/packet/segment) and simply cut-and-paste this solution in to our bastion host and hope it works.
In that sense, you might as well be dealing with the Windows-centric mindset of cut-and-paste and hope it works.
Re:Beginner's book (Score:2)
O'Reilly's weak security titles (Score:1)
Looking at my bookshelf in the office, the publishers of security titles I actually purchase from so as to have the hardcopy available for reading/reference/travel are New Riders, Syngress, and Auerbach. O'Reilly isn't represented.
= jombee
Re:O'Reilly's weak security titles (Score:2)
So, the argument is, is it sufficient to be well-versed in tools or is it more important to possess a strong understanding of the underlying protocols?
Of course, we could take it to another level and ask why there are so many books that take a bo
Re:O'Reilly's weak security titles (Score:2)
AS for why books don't act like that- two reasons. First, many people want the lowdown on the tools so they can put it on their resume. Second, its easier. A lot easier. A lot of people writing these books don't understand the concepts, and even fewer who do can explain them. Forget the old saw about those who can't teach- te
Google (Score:5, Insightful)
Well duh...
Google knows everything, therefore includes any book, just like sea water contains sugar (and almost any known chemical compound) but it's so diluted it would make a lousy sweetener. Therefore, books are good, whether or not Google contains the information in the book.
Re:Google (Score:5, Insightful)
Google groups knows damn near everything. I have been using it since it was Deja News and I have to say, I have learned more from it than the next top ten resources at my disposal combined. Type in the most specific keywords and 'Re' (this gives you reponses to questions) and you will get answers fast. Google groups is god.
Re:Google (Score:5, Funny)
Agreed. It's a wonderful supplement to MSDN when Microsoft neglects to tell you how to actually use their own APIs.
Re:Google (Score:1)
In my experience, C# is not too bad a language, and has some nice improvements over Java 1.4, but the documentation is nowhere near as good.
Re:Google (Score:2, Funny)
Can you write this u into a "technology trends" article and submit it to slashdot?
Re:Google (Score:5, Funny)
Re:Google (Score:5, Funny)
yes [google.com]
Re:Google (Score:3, Insightful)
Re:Google (Score:2)
Wow... this 'Goo-gel' sounds pretty interesting. if you ask me, these guys should make some sort of filtering software based on keywords found in all that 'diluted' seawater, so as to be able to retrieve only relavant information for a person... maybe if they used some web-based application, or interface.... but they would ha
Re:Google (Score:4, Insightful)
Re:Google (Score:3, Insightful)
Or subscribe to a good technical rag, or skim the newsgroups or mail lists regularly.
As they like to say, "Knowing is half the battle"... yeah, simply knowing that something exists and what it might be called. I may not know anything
Re:Google (Score:2)
Google is often a two step process (Score:1)
For instance, I heard about a liquid that will solidify in the presence of a magnetic field. I type "liquid solidify magnetic field" into google. Then, looking though the pages, I find the term "magnetorheological fluid", which makes a much more refined search.
"Ah, that's how it is done!" (Score:5, Funny)
Wyle E. Hacker (Score:1)
Wyle E, sitting in front of a computer trying to hack the nation's defense computers to use starwars satellites to send a deathray down to the road runner's location.
Thought bubble appears showing the roadrunner turning into a cooked turkey.
After a short time, the screen flashes red. Wyle E. starts wiping his HD and eating his printouts and disks.
Just as he finishes, the FBI break in and arrest him. Next, we see them holding Wyle E. over a plastic bag, waiting for the evidence to dro
You could just google the table of contents (Score:4, Interesting)
sorry ...but im not impressed (Score:3, Insightful)
Sorry if im being mean but you can learn just as much by reading the manpages or by using google after the how-tos.
If you really want to learn something useful about networks I suggest the good old Richard Stevens [amazon.com]
Re:sorry ...but im not impressed (Score:1, Informative)
God damn, fine, I'll do it myself.
Addison Wesley - TCP-IP Illustrated Volume 1 - The Protocols (W. Richard Stevens)(1993).chm [ed2k]
Damn lazy kids.
Call me weird... (Score:2, Informative)
O'Reilly discount (Score:5, Informative)
This deal ends today (7/8) so hurry out:
Hackers and Painters
Network Security Hacks
Windows XP Hacks
Hardware Hacking
Ipod and Itunes: The missing manual
Hardware Hacking projects for geeks
Adobe photoshop CS one on one
Mac OS X Panther: the missing manual
Re:O'Reilly discount (Score:2)
What...?
best, cheapest way to test network security (Score:5, Funny)
First tip: Secure mountpoints (Score:5, Informative)
This is a biggie. You can prevent users from creating code in /home if you want, and you can keep runnable stuff out of /tmp or /var.
Debian does a really great job of keeping those paths pure so that packages don't rely on them having runnable things. This means great strides in security if you mount with those options, save one terrible exception: dselect wants to run scripts in tmp :(
Re:First tip: Secure mountpoints (Score:3, Informative)
Re:First tip: Secure mountpoints (Score:5, Informative)
Not quite. You can still run stuff as an argument, like:
perl /home/pacotaco/something.pl
Re:First tip: Secure mountpoints (Score:2)
a) you aren't executing the script, you are executing perl
b) it's aweful hard to exploit anything that way, where as if you place an executable called 'ls' in
Re:First tip: Secure mountpoints (Score:1, Informative)
The worst interpreter for this is in fact the userland ELF linker, ld.so. For example:
Re:First tip: Secure mountpoints (Score:1, Interesting)
#!/usr/local/bin/tcc -run
#include
int main(int argc, char **argv)
{
return EXIT_SUCCESS;
}
But the Tiny C Compiler arent in the default installs.. and this doesnt even come close to yours
Haven't finished it yet... (Score:5, Interesting)
Most of the Windows hacks are a matter of downloading 3rd party software, however there was one registry hack to turn off Default SMB shares (C$ and ADMIN$), this was the only Win Hack.
I have enjoyed reading so far, and will get around to finishing it...eventually. Much like the other hack books there are hacks in here for beginners, intermediates, and wizards.
Re:Haven't finished it yet... (Score:2)
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-09 11:17 GMT
Interesting ports on cafe (192.168.0.1):
(The 1647 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
20/tcp open ftp-data
21/tcp open ftp
80/tcp open http
113/tcp open auth
240/tcp open unknown
6
Faking Signatures (Score:2)
While its often funny as hell to set a server signature to something like "General Electric Toaster Oven, Microsoft Windows 3.11", I gotta wonder if doing this results in more malicious pokes at a system? Obviously a hardcore cracker is gonn know its bogus, and I'm willing to bet this only makes him/her more determined to correctly identify the target.
Anybody have some stories/thoughts/example data?
BOFH hack -- restricted shell (Score:5, Interesting)
bash: SHELL: readonly variable
bash: PATH: readonly variable
bash-2.05b$ ls
bash: ls: No such file or directory
bash-2.05b$
Now users cannot run anything that is not symlinked to their home directory.
Re:BOFH hack -- restricted shell (Score:2)
Re:BOFH hack -- restricted shell (Score:1, Informative)
My 2 cents...
Re:BOFH hack -- restricted shell (Score:2, Funny)
snort setup (Score:5, Interesting)
snort will detect the offensive network traffic and put it into the alert log file. Logsurfer will then trigger and email me with a notice, it will run a program I wrote to blacklist the attacking IP (my program checks to make sure the IP is not already banned and makes sure the IP is not my own so I do not get locked out). Finally, my program updates the firewall to block the bastard.
The only hole I see in this setup is a DoS by attacking with different spoofed "from IPs" until the firewall rules are too big, or too many legit servers are banned.
Re:snort setup (Score:1)
--gabe
Re:snort setup (Score:1)
Re:snort setup (Score:1, Informative)
The exploit uses the method you describe, spoofing the source addresses so you block a machine that you should actually trust.
If you use snort then you've upped the stakes a bit in that the spoofed traffic is quite a lot harder to create but its not impossible. You only need to lose DNS access and the system will be knackered.
It's a nice idea, pro-active IDS, but unfort
Re:snort setup (Score:2)
What do you think of it? How does it compare with what you've done?
And how about the Snort DDOS rules? [snort.org]
Re:snort setup (Score:1)
Fortunately, I have whitelisted important services like DNS. But I am still very cautious about this, because it is actually much easier than you might think to trigger a positive (or even a false positive) for snort. A false positive for example would be, IIRC, sending an email (accepted or not) that doe
Book scripts download. (Score:1)
Thanks in advance.
cool, looks good (Score:1)
SecurityFocus.com (Score:1)