Security Power Tools

By Bryan Burns, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch

Publisher: O'Reilly Media

Released: August 2007

Pages: 860

What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.

Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.

Security Power Tools details best practices for:

Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation
Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes
Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux
Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing
Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes
Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg

A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools.

Legal and Ethics
1. Chapter 1 Legal and Ethics Issues
  1. Core Issues
  2. Computer Trespass Laws: No "Hacking" Allowed
  3. Reverse Engineering
  4. Vulnerability Reporting
  5. What to Do from Now On
Reconnaissance
1. Chapter 2 Network Scanning
  1. How Scanners Work
  2. Superuser Privileges
  3. Three Network Scanners to Consider
  4. Host Discovery
  5. Port Scanning
  6. Specifying Custom Ports
  7. Specifying Targets to Scan
  8. Different Scan Types
  9. Tuning the Scan Speed
  10. Application Fingerprinting
  11. Operating System Detection
  12. Saving Nmap Output
  13. Resuming Nmap Scans
  14. Avoiding Detection
  15. Conclusion
2. Chapter 3 Vulnerability Scanning
  1. Nessus
  2. Nikto
  3. WebInspect
3. Chapter 4 LAN Reconnaissance
  1. Mapping the LAN
  2. Using ettercap and arpspoof on a Switched Network
  3. Dealing with Static ARP Tables
  4. Getting Information from the LAN
  5. Manipulating Packet Data
4. Chapter 5 Wireless Reconnaissance
  1. Get the Right Wardriving Gear
  2. 802.11 Network Basics
  3. 802.11 Frames
  4. How Wireless Discovery Tools Work
  5. Netstumbler
  6. Kismet at a Glance
  7. Using Kismet
  8. Sorting the Kismet Network List
  9. Using Network Groups with Kismet
  10. Using Kismet to Find Networks by Probe Requests
  11. Kismet GPS Support Using gpsd
  12. Looking Closer at Traffic with Kismet
  13. Capturing Packets and Decrypting Traffic with Kismet
  14. Wireshark at a Glance
  15. Using Wireshark
  16. AirDefense Mobile I was a founding employee of AirDefense, Inc. I wrote a considerable portion of AirDefense Mobile's core engine, and while I no longer work for AirDefense, Inc., I remain a shareholder.
  17. AirMagnet Analyzers
  18. Other Wardriving Tools
5. Chapter 6 Custom Packet Generation
  1. Why Create Custom Packets?
  2. Scapy
  3. Packet-Crafting Examples with Scapy
  4. Packet Mangling with Netfilter
  5. References
Penetration
1. Chapter 7 Metasploit
  1. Metasploit Interfaces
  2. Updating Metasploit
  3. Choosing an Exploit
  4. Choosing a Payload
  5. Setting Options
  6. Running an Exploit
  7. Managing Sessions and Jobs
  8. The Meterpreter
  9. Security Device Evasion
  10. Sample Evasion Output
  11. Evasion Using NOPs and Encoders
  12. In Conclusion
2. Chapter 8 Wireless Penetration
  1. WEP and WPA Encryption
  2. Aircrack
  3. Installing Aircrack-ng
  4. Running Aircrack-ng
  5. Airpwn
  6. Basic Airpwn Usage
  7. Airpwn Configuration Files
  8. Using Airpwn on WEP-Encrypted Networks
  9. Scripting with Airpwn
  10. Karma
  11. Conclusion
3. Chapter 9 Exploitation Framework Applications
  1. Task Overview
  2. Core Impact Overview
  3. Network Reconnaissance with Core Impact
  4. Core Impact Exploit Search Engine
  5. Running an Exploit
  6. Running Macros
  7. Bouncing Off an Installed Agent
  8. Enabling an Agent to Survive a Reboot
  9. Mass Scale Exploitation
  10. Writing Modules for Core Impact
  11. The Canvas Exploit Framework
  12. Porting Exploits Within Canvas
  13. Using Canvas from the Command Line
  14. Digging Deeper with Canvas
  15. Advanced Exploitation with MOSDEF
  16. Writing Exploits for Canvas
  17. Exploiting Alternative Tools
4. Chapter 10 Custom Exploitation
  1. Understanding Vulnerabilities
  2. Analyzing Shellcode
  3. Testing Shellcode
  4. Creating Shellcode
  5. Disguising Shellcode
  6. Execution Flow Hijacking
  7. References
Control
1. Chapter 11 Backdoors
  1. Choosing a Backdoor
  2. VNC
  3. Creating and Packaging a VNC Backdoor
  4. Connecting to and Removing the VNC Backdoor
  5. Back Orifice 2000
  6. Configuring a BO2k Server
  7. Configuring a BO2k Client
  8. Adding New Servers to the BO2k Workspace
  9. Using the BO2k Backdoor
  10. BO2k Powertools
  11. Encryption for BO2k Communications
  12. Concealing the BO2k Protocol
  13. Removing BO2k
  14. A Few Unix Backdoors
2. Chapter 12 Rootkits
  1. Windows Rootkit: Hacker Defender
  2. Linux Rootkit: Adore-ng
  3. Detecting Rootkits Techniques
  4. Windows Rootkit Detectors
  5. Linux Rootkit Detectors
  6. Cleaning an Infected System
  7. The Future of Rootkits
Defense
1. Chapter 13 Proactive Defense: Firewalls
  1. Firewall Basics
  2. Network Address Translation
  3. Securing BSD Systems with ipfw/natd
  4. Securing GNU/Linux Systems with netfilter/iptables
  5. Securing Windows Systems with Windows Firewall/Internet Connection Sharing
  6. Verifying Your Coverage
2. Chapter 14 Host Hardening
  1. Controlling Services
  2. Turning Off What You Do Not Need
  3. Limiting Access
  4. Limiting Damage
  5. Bastille Linux
  6. SELinux
  7. Password Cracking
  8. Chrooting
  9. Sandboxing with OS Virtualization
3. Chapter 15 Securing Communications
  1. The SSH-2 Protocol
  2. SSH Configuration
  3. SSH Authentication
  4. SSH Shortcomings
  5. SSH Troubleshooting
  6. Remote File Access with SSH
  7. SSH Advanced Use
  8. Using SSH Under Windows
  9. File and Email Signing and Encryption
  10. GPG
  11. Create Your GPG Keys
  12. Encryption and Signature with GPG
  13. PGP Versus GPG Compatibility
  14. Encryption and Signature with S/MIME
  15. Stunnel
  16. Disk Encryption
  17. Windows Filesystem Encryption with PGP Disk
  18. Linux Filesystem Encryption with LUKS
  19. Conclusion
4. Chapter 16 Email Security and Anti-Spam
  1. Norton Antivirus
  2. The ClamAV Project
  3. ClamWin
  4. Freshclam
  5. Clamscan
  6. clamd and clamdscan
  7. ClamAV Virus Signatures
  8. Procmail
  9. Basic Procmail Rules
  10. Advanced Procmail Rules
  11. ClamAV with Procmail
  12. Unsolicited Email
  13. Spam Filtering with Bayesian Filters
  14. SpamAssassin
  15. SpamAssassin Rules
  16. Plug-ins for SpamAssassin
  17. SpamAssassin with Procmail
  18. Anti-Phishing Tools
  19. Conclusion
5. Chapter 17 Device Security Testing
  1. Replay Traffic with Tcpreplay
  2. Traffic IQ Pro
  3. ISIC Suite
  4. Protos
Monitoring
1. Chapter 18 Network Capture
  1. tcpdump
  2. Ethereal/Wireshark
  3. pcap Utilities: tcpflow and Netdude
  4. Python/Scapy Script Fixes Checksums
  5. Conclusion
2. Chapter 19 Network Monitoring
  1. Snort
  2. Implementing Snort
  3. Honeypot Monitoring
  4. Gluing the Stuff Together
3. Chapter 20 Host Monitoring
  1. Using File Integrity Checkers
  2. File Integrity Hashing
  3. The Do-It-Yourself Way with rpmverify
  4. Comparing File Integrity Checkers
  5. Prepping the Environment for Samhain and Tripwire
  6. Database Initialization with Samhain and Tripwire
  7. Securing the Baseline Storage with Samhain and Tripwire
  8. Running Filesystem Checks with Samhain and Tripwire
  9. Managing File Changes and Updating Storage Database with Samhain and Tripwire
  10. Recognizing Malicious Activity with Samhain and Tripwire
  11. Log Monitoring with Logwatch
  12. Improving Logwatch's Filters
  13. Host Monitoring in Large Environments with Prelude-IDS
  14. Conclusion
Discovery
1. Chapter 21 Forensics
  1. Netstat
  2. The Forensic ToolKit
  3. Sysinternals
2. Chapter 22 Application Fuzzing
  1. Which Fuzzer to Use
  2. Different Types of Fuzzers for Different Tasks
  3. Writing a Fuzzer with Spike
  4. The Spike API
  5. File-Fuzzing Apps
  6. Fuzzing Web Applications
  7. Configuring WebProxy
  8. Automatic Fuzzing with WebInspect
  9. Next-Generation Fuzzing
  10. Fuzzing or Not Fuzzing
3. Chapter 23 Binary Reverse Engineering
  1. Interactive Disassembler
  2. Sysinternals
  3. OllyDbg
  4. Other Tools

Colophon

Bryan Burns

Bryan Burns is the technical editor and general project leader of this book. He is the Chief Security Architect for Juniper Networks with more than a decade of experience in the security networking field and with numerous posts at leading network security companies.All other contributors are security engineers and researchers working at Juniper Networks in various posts both in the security network lab and in the field.

View Bryan Burns's full profile page.
Dave Killion

Dave Killion (NSCA, NSCP) is a senior security research engineer with Juniper Networks, Inc. Formerly with the U.S. Army's Information Operations Task Force as an Information Warfare Specialist, he currently researches, develops, and releases signatures for the NetScreen Deep Inspection and Intrusion Detection and Prevention platforms. Dave has also presented at several security conventions including DefCon and ToorCon, with a proof-of-concept network monitoring evasion device in affiliation with several local security interest groups that he helped form. Dave lives south of Silicon Valley with his wife Dawn and two children, Rebecca and Justin.

View Dave Killion's full profile page.
Nicolas Beauchesne

Nicolas Beauchesne is a network security engineer specializing in network penetration. He has worked with Juniper Networks for the past two years.

View Nicolas Beauchesne's full profile page.
Eric Moret

Eric Moret is originally from France and lives with his wife and two children in the San Francisco Bay Area. He obtained his Masters degree in Computer Sciences in 1997. He currently works at Juniper Networks where he manages a team dedicated to testing and releasing network protocol decoders for security appliance products. In addition to writing he enjoys traveling the world, photography and, depending on the season, snow boarding the Sierra Nevada or scuba diving Mexican caves.

View Eric Moret's full profile page.
Julien Sobrier

Julien Sobrier is a network security engineer at Zscaler. He works on the web security in the cloud. He was previously working for Juniper Networks. His experience was on the Intrusion Detection and Preventions systems. He is also the creator of http://safe.mn/, a URL shortener focused on security.

View Julien Sobrier's full profile page.
Michael Lynn

Michael Lynn is a network security engineer at Juniper Networks. He has worked there for the past two years.

View Michael Lynn's full profile page.
Eric Markham

Eric Markham is a security engineer. He has been with Juniper Networks for the past five years.

View Eric Markham's full profile page.
Chris Iezzoni

Chris Iezzoni has been a security researcher and signature developer with Juniper's security team for several years.

View Chris Iezzoni's full profile page.
Philippe Biondi

Philippe Biondi is a research engineer at EADS Innovation Works. He works in the IT security lab, and is the creator of many programs like Scapy or ShellForge.

View Philippe Biondi's full profile page.
Jennifer Stisa Granick

Jennifer Stisa Granick is the Civil Liberties Director at the Electronic Frontier Foundation. Before EFF, Granick was a Lecturer in Law and Executive Director of the Center for Internet and Society at Stanford Law School where she taught Cyberlaw and Computer Crime Law. She practices in the full spectrum of Internet law issues including computer crime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally.

Before teaching at Stanford, Jennifer spent almost a decade practicing criminal defense law in California. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from the New College of the University of South Florida.

View Jennifer Stisa Granick's full profile page.
Steve Manzuik

Steve Manzuik has more than 13 thirteen years of experience in the information technology and security industry. Steve founded and was the technical lead for Entrench Technologies. Prior to Entrench, Mr. Manzuik was a manager in Ernst & Young's Security & Technology Solutions practice. Steve co-authored Hack Proofing Your Network, Second Edition (Syngress, 1928994709).

View Steve Manzuik's full profile page.
Paul Guersch

Paul Guersch is a security technical writer and one of the developmental editors of Security Power Tools (O'Reilly). He has been with Juniper Networks for a year and a half.

View Paul Guersch 's full profile page.

Description

Table of Contents

Product Details

About the Author

Colophon

Recommended for You

Recently Viewed

Asterisk: The Future of Telephony

By Jim Van Meggelen, Jared Smith, Leif Madsen

September 2005

Nokia Smartphone Hacks

Tips & Tools for Your Smallest Computer

By Michael Juntao Yuan

July 2005

Ebook: $19.99

Print & Ebook: $27.45

Print: $24.95

Linux System Programming

Talking Directly to the Kernel and C Library

By Robert Love

September 2007

Ebook: $39.99

Print & Ebook: $54.99

Print: $49.99

Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews

oreilly Security Power Tools

4.5

(based on 4 reviews)

Reviews

Reviewed by 4 customers

Sort by

Displaying reviews 1-4

11/5/2008

5.0

Very good book for people interested in security

By Kumar Sharshembiev

from Undisclosed

Comments about oreilly Security Power Tools:

This book covers most of the stuff you will need to have a good idea about server,PC and network security.Especially good topics related to network scanning with nmap ,metasploit and wireless security.

I think it would great if they added more topics on how to set up a firewall.But overall I used it for systems work that I do and also for some of my security classes.It will have everything from beginning from basic security to network monitoring and other complex issues.

In terms of readability it was good because I am new to security and I didn't have any problems reading and understanding it.I definitely recommend for any CS majors or sys admins.

10/15/2008

5.0

Excellent: Practical Advice

By jdruin

from Undisclosed

Comments about oreilly Security Power Tools:

Security Power Tools

Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi

O'Reilly _ 1st Edition

http://oreilly.com/catalog/9780596009632/index.html

This is a detailed overview of tools that can be used to detect and defend against various security threats. The book generally groups software by category, with a section/chapter devoted to each tool. The software tool is thoroughly covered from download to installation to configuration. A fair amount of theory is covered for the various attack vectors discuss but the book focuses on practical, real-world examples.

The topics covered vary across a wide range but each is still covered with a good amount of depth which accounts for the books large size (856 pages). For each threat model covered, various tools that can be used for detection, avoidance, and protection are discussed along with user guides on how to acquire and set up the tools. The software discussed is generally open source and free of charge. Packages for all major PC operating systems are covered. Linux and Windows get the lion's share of attention but Mac and Unix are covered as well. Of course most of the Linux tools are Unix tools as well. Many of the Windows tools talked about are Linux ports.

I enjoyed the book overall and in particular I enjoyed the ability to "follow along" by downloading and working with the software packages covered in each section. Security professionals and hobbyist will certainly recognize many of the tools but a few might be new to many and even on the popular tools, some interesting features might not be know to all.

Summary:

- Practical explanations of each security topic are given for real world use.

- Focus is on example and practice

- A great book for security professionals and security hobbyist.

2/14/2008

(2 of 2 customers found this review helpful)

4.0

SPT - - A Security Tool Primer Worth Reading

By Ben Nell

from Undisclosed

Comments about oreilly Security Power Tools:

Security Power Tools (SPT) is O'Reilly Publishing's sister manual to their popular Unix Power Tools. It is written as a primer to various security tools, organized within seven sections, covering Legal and Ethics, Reconnaissance, Penetration, Control, Defense, Monitoring, and Discovery. While the target audience of SPT is security professionals, the book weighs in at just over 800 pages and probably has something for everyone working in a technical facet of IT.

Having said that, I really enjoyed reading this book. I read it nearly cover-to-cover, and while I was at least familiar with most of the material in the book, I was still able to find gems of knowledge, even in tools that I work with on a daily basis. Expect to read about some tools that you may already know about, like Nmap, Nessus, and The Metasploit Framework, but keep reading for a heap of other useful applications that you may not be familiar with.

One of the strengths of the book is the varying backgrounds of its contributing authors; just as the book covers a diverse tool set, the expertise of the authors is also diverse. The book was written collaboratively by twelve individuals, made up primarily of Juniper Networks' J-Security team. Despite an opportunity for vendor-bias towards Juniper products, the book remained vendor-neutral. The majority of the book focuses on open-source and free-ware applications, although there is commercial software covered as well. In fact, Chapter 9 - Exploitation Framework Applications covers Canvas and Core Impact exclusively; both commercial applications.

One of the chapters that makes this book unique is the chapter on Law and Ethics, written by Jennifer Stisa Granick. You may recognize Ms Granick from her representation of Michael Lynn in during the Cisco Gate ordeal at Black Hat 2005 (coincidentally, Michael Lynn is also one of the contributing authors of this book). She provides an insightful discussion on not only the legal implications of security work, but also the role that ethics plays in some of those "gray" areas that security professionals may find themselves in.

Another chapter that sets this book apart is Chapter 6 - Custom Packet Generation, which primarily focuses on the use of Scapy. The chapter is written by Phillipe Biondi, the author of Scapy, and he provides an excellent argument to "Decode, Do Not Interpret". He discusses the advantages of writing tools that will provide you with raw decoded information, without an interpretation of that information. For instance, if you scanned a port on a remote host, Biondi would argue that it would be better for your tool to tell you that the remote host returned a RST packet rather than telling you that the port is closed. Beyond this valuable discussion, Biondi provides a very thorough discussion of the uses of Scapy, along with several good examples. This chapter alone makes this book worth buying.

While I liked this book, there were also some problems that prevented me from giving it a 5-star rating. For starters, the preface describes the overwhelming amount of content that was edited out of this book to keep it within size constraints, yet there was quite a bit of content that detracted from the value-density of the book. As I mentioned previously, the majority of SPT is a security primer and should not be considered a reference. Given this position, I believe that there was too much step-by-step installation and setup content. As an example, Chapter 16 - E-Mail Security and Anti-Spam covered the installation and management of the Norton Anti-Virus client. I can appreciate the security-related value of anti-virus software, but I felt that a step-by-step walk through of a Norton product was irrelevant.

Additionally, while I previously stated that the diverse expertise of the authors was a benefit, the varied writing style detracted from the readability of the book. Content aside, I found some chapters to be fun to read while others were boring, due to a particular author's writing style.

In summary, I would recommend this book to anyone interested in an overview of where to get started in researching security tools for a particular purpose. While none of the discussions in the book are exhaustive, they will definitely get you started and arm you with enough information to know what you want and where to get it.

1/30/2008

4.0

Very good book. I recommend.

By RAMRAMI

from Undisclosed

Comments about oreilly Security Power Tools:

This a good book. I recommend.

Each chapter is written as tutorial and not as man or help. It represent a good security toolbox.

The chapter on scapy is very good and well described.

I prefer the chapter on social engineering.

Azzeddine

Displaying reviews 1-4

Save a Tree - Go Digital what is this?

Ebook: $47.99

Formats: APK, DAISY, ePub, Mobi, PDF

Print & Ebook: $65.99

Print: $59.99

Safari Books Online - Read now >

Legal and Ethics

Chapter 1 Legal and Ethics Issues

Reconnaissance

Chapter 2 Network Scanning

Chapter 3 Vulnerability Scanning

Chapter 4 LAN Reconnaissance

Chapter 5 Wireless Reconnaissance

Chapter 6 Custom Packet Generation

Penetration

Chapter 7 Metasploit

Chapter 8 Wireless Penetration

Chapter 9 Exploitation Framework Applications

Chapter 10 Custom Exploitation

Control

Chapter 11 Backdoors

Chapter 12 Rootkits

Defense

Chapter 13 Proactive Defense: Firewalls

Chapter 14 Host Hardening

Chapter 15 Securing Communications

Chapter 16 Email Security and Anti-Spam

Chapter 17 Device Security Testing

Monitoring

Chapter 18 Network Capture

Chapter 19 Network Monitoring

Chapter 20 Host Monitoring

Discovery

Chapter 21 Forensics

Chapter 22 Application Fuzzing

Chapter 23 Binary Reverse Engineering

Colophon

Bryan Burns

Dave Killion

Nicolas Beauchesne

Eric Moret

Julien Sobrier

Michael Lynn

Eric Markham

Chris Iezzoni

Philippe Biondi

Jennifer Stisa Granick

Steve Manzuik

Paul Guersch

About O'Reilly

Community

More O'Reilly Sites

Partner Sites

Shop O'Reilly