Network Security Hacks

Larger Cover

100 Industrial-Strength Tips & Tools

By Andrew Lockhart

Publisher: O'Reilly Media

Released: April 2004

Pages: 320

To the uninitiated, the title may seem like an oxymoron: after all, aren't hacks what network security is supposed to prevent? But if you're network administrator, this book's title not only makes sense; it makes a lot of sense. You know that a busy administrator needs a hatful of devilishly effective security hacks to keep your 12-hour days from becoming all-nighters.

Network Security Hacks is not a long-winded treatise on security theory. Instead, this information packed little book provides 100 quick, practical, and clever things to do to help make your Linux, UNIX, or Windows networks more secure today.

This compendium of security hacks doesn't just cover securing TCP/IP-based services, but also provides intelligent host-based security techniques. Loaded with concise but powerful examples of applied encryption, intrusion detection, logging, trending, and incident response, Network Security Hacks will demonstrate effective methods for defending your servers and networks from a variety of devious and subtle attacks.

Network Security Hacks show how to detect the presence (and track every keystroke) of network intruders, methods for protecting your network and data using strong encryption, and even techniques for laying traps for would-be system crackers. Important security tools are presented, as well as clever methods for using them to reveal real, timely, useful information about what is happening on your network.

O'Reilly's Hacks Series reclaims the term "hacking" for the good guys--innovators who use their ingenuity to solve interesting problems, explore and experiment, unearth shortcuts, and create useful tools. Network Security Hacks lives up to reputation the Hacks series has earned by providing the "roll-up-your sleeves and get-it-done" hacks that most network security tomes don't offer. Every hack can be read in just a few minutes but will save hours of searching for the right answer.

Using just one of these amazing hacks will make this slim book's price seem like a remarkable deal. The other 99 make Network Security Hacks absolutely invaluable.

Chapter 1 Unix Host Security
1. Hacks #1-20
2. Secure Mount Points
3. Scan for SUID and SGID Programs
4. Scan For World- and Group-Writable Directories
5. Create Flexible Permissions Hierarchies with POSIX ACLs
6. Protect Your Logs from Tampering
7. Delegate Administrative Roles
8. Automate Cryptographic Signature Verification
9. Check for Listening Services
10. Prevent Services from Binding to an Interface
11. Restrict Services with Sandboxed Environments
12. Use proftp with a MySQL Authentication Source
13. Prevent Stack-Smashing Attacks
14. Lock Down Your Kernel with grsecurity
15. Restrict Applications with grsecurity
16. Restrict System Calls with Systrace
17. Automated Systrace Policy Creation
18. Control Login Access with PAM
19. Restricted Shell Environments
20. Enforce User and Group Resource Limits
21. Automate System Updates
Chapter 2 Windows Host Security
1. Hacks #21-30
2. Check Servers for Applied Patches
3. Get a List of Open Files and Their Owning Processes
4. List Running Services and Open Ports
5. Enable Auditing
6. Secure Your Event Logs
7. Change Your Maximum Log File Sizes
8. Disable Default Shares
9. Encrypt Your Temp Folder
10. Clear the Paging File at Shutdown
11. Restrict Applications Available to Users
Chapter 3 Network Security
1. Hacks #31-53
2. Detect ARP Spoofing
3. Create a Static ARP Table
4. Firewall with Netfilter
5. Firewall with OpenBSD’s PacketFilter
6. Create an Authenticated Gateway
7. Firewall with Windows
8. Keep Your Network Self-Contained
9. Test Your Firewall
10. MAC Filtering with Netfilter
11. Block OS Fingerprinting
12. Fool Remote Operating System Detection Software
13. Keep an Inventory of Your Network
14. Scan Your Network for Vulnerabilities
15. Keep Server Clocks Synchronized
16. Create Your Own Certificate Authority
17. Distribute Your CA to Clients
18. Encrypt IMAP and POP with SSL
19. Set Up TLS-Enabled SMTP
20. Detect Ethernet Sniffers Remotely
21. Install Apache with SSL and suEXEC
22. Secure BIND
23. Secure MySQL
24. Share Files Securely in Unix
Chapter 4 Logging
1. Hacks #54-60
2. Run a Central Syslog Server
3. Steer Syslog
4. Integrate Windows into Your Syslog Infrastructure
5. Automatically Summarize Your Logs
6. Monitor Your Logs Automatically
7. Aggregate Logs from Remote Sites
8. Log User Activity with Process Accounting
Chapter 5 Monitoring and Trending
1. Hacks #61-66
2. Monitor Availability
3. Graph Trends
4. Run ntop for Real-Time Network Stats
5. Audit Network Traffic
6. Collect Statistics with Firewall Rules
7. Sniff the Ether Remotely
Chapter 6 Secure Tunnels
1. Hacks #67-81
2. Set Up IPsec Under Linux
3. Set Up IPsec Under FreeBSD
4. Set Up IPsec in OpenBSD
5. PPTP Tunneling
6. Opportunistic Encryption with FreeS/WAN
7. Forward and Encrypt Traffic with SSH
8. Quick Logins with SSH Client Keys
9. Squid Proxy over SSH
10. Use SSH as a SOCKS Proxy
11. Encrypt and Tunnel Traffic with SSL
12. Tunnel Connections Inside HTTP
13. Tunnel with VTun and SSH
14. Automatic vtund.conf Generator
15. Create a Cross-Platform VPN
16. Tunnel PPP
Chapter 7 Network Intrusion Detection
1. Hacks #82-95
2. Detect Intrusions with Snort
3. Keep Track of Alerts
4. Real-Time Monitoring
5. Manage a Sensor Network
6. Write Your Own Snort Rules
7. Prevent and Contain Intrusions with Snort_inline
8. Automated Dynamic Firewalling with SnortSam
9. Detect Anomalous Behavior
10. Automatically Update Snort’s Rules
11. Create a Distributed Stealth Sensor Network
12. Use Snort in High-Performance Environments with Barnyard
13. Detect and Prevent Web Application Intrusions
14. Simulate a Network of Vulnerable Hosts
15. Record Honeypot Activity
Chapter 8 Recovery and Response
1. Hacks #96-100
2. Image Mounted Filesystems
3. Verify File Integrity and Find Compromised Files
4. Find Compromised Packages with RPM
5. Scan for Root Kits
6. Find the Owner of a Network

Colophon

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The image on the cover of Network Security Hacks is barbed wire. The type of barbed wire pictured in the cover image was patented by Joseph Glidden in 1874. Glidden improved on earlier attempts at manufacturing wire fencing by fashioning sharp barbs, spacing them along a smooth wire, and then twisting another wire around the first to hold the barbs in place. Advertised as "Cheaper than dirt and stronger than steel," barbed wire was immediately adopted by farmers in the American west as a way to control their herds. The days of free-roaming cattle and cowboys were soon numbered, but battles over barbs were fought both in court and on the ranch. Opponents called barbed wire "the Devil's rope," and the Cole Porter song "Don't Fence Me In" mourned this change in the western landscape. Barbed wire was here to stay, though--in addition to agricultural use, it has become a ubiquitous component of warfare and is a common feature of high-security areas such as prisons. Genevieve d'Entremont was the production editor and copyeditor for Network Security Hacks. Brian Sawyer proofread the book. Philip Dangler and Claire Cloutier provided quality control. Jamie Peppard provided production support. Ellen Troutman-Zaig wrote the index. Rob Flickenger wrote the Preface.

Hanna Dyer designed the cover of this book, based on a series design by Edie Freedman. The cover image is a photograph from gettyimages.com. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's Helvetica Neue and ITC Garamond fonts.

Melanie Wang designed the interior layout, based on a series design by David Futato. This book was converted by Andrew Savikas to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Helvetica Neue Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand 9 and Adobe Photoshop 6. This colophon was written by Philip Dangler.

Description

Table of Contents

Product Details

Colophon

Recommended for You

Chapter 1 Unix Host Security

Hacks #1-20

Secure Mount Points

Scan for SUID and SGID Programs

Scan For World- and Group-Writable Directories

Create Flexible Permissions Hierarchies with POSIX ACLs

Protect Your Logs from Tampering

Delegate Administrative Roles

Automate Cryptographic Signature Verification

Check for Listening Services

Prevent Services from Binding to an Interface

Restrict Services with Sandboxed Environments

Use proftp with a MySQL Authentication Source

Prevent Stack-Smashing Attacks

Lock Down Your Kernel with grsecurity

Restrict Applications with grsecurity

Restrict System Calls with Systrace

Automated Systrace Policy Creation

Control Login Access with PAM

Restricted Shell Environments

Enforce User and Group Resource Limits

Automate System Updates

Chapter 2 Windows Host Security

Hacks #21-30

Check Servers for Applied Patches

Get a List of Open Files and Their Owning Processes

List Running Services and Open Ports

Enable Auditing

Secure Your Event Logs

Change Your Maximum Log File Sizes

Disable Default Shares

Encrypt Your Temp Folder

Clear the Paging File at Shutdown

Restrict Applications Available to Users

Chapter 3 Network Security

Hacks #31-53

Detect ARP Spoofing

Create a Static ARP Table

Firewall with Netfilter

Firewall with OpenBSD’s PacketFilter

Create an Authenticated Gateway

Firewall with Windows

Keep Your Network Self-Contained

Test Your Firewall

MAC Filtering with Netfilter

Block OS Fingerprinting

Fool Remote Operating System Detection Software

Keep an Inventory of Your Network

Scan Your Network for Vulnerabilities

Keep Server Clocks Synchronized

Create Your Own Certificate Authority

Distribute Your CA to Clients

Encrypt IMAP and POP with SSL

Set Up TLS-Enabled SMTP

Detect Ethernet Sniffers Remotely

Install Apache with SSL and suEXEC

Secure BIND

Secure MySQL

Share Files Securely in Unix

Chapter 4 Logging

Hacks #54-60

Run a Central Syslog Server

Steer Syslog

Integrate Windows into Your Syslog Infrastructure

Automatically Summarize Your Logs

Monitor Your Logs Automatically

Aggregate Logs from Remote Sites

Log User Activity with Process Accounting

Chapter 5 Monitoring and Trending

Hacks #61-66

Monitor Availability

Graph Trends

Run ntop for Real-Time Network Stats

Audit Network Traffic

Collect Statistics with Firewall Rules

Sniff the Ether Remotely

Chapter 6 Secure Tunnels

Hacks #67-81

Set Up IPsec Under Linux

Set Up IPsec Under FreeBSD