In the fast-moving world of computers, things are always changing. Since the first edition of this strong-selling book appeared two years ago, network security techniques and tools have evolved rapidly to meet new and more sophisticated threats that pop up with alarming regularity. The second edition offers both new and thoroughly updated hacks for Linux, Windows, OpenBSD, and Mac OS X servers that not only enable readers to secure TCP/IP-based services, but helps them implement a good deal of clever host-based security techniques as well.
This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending and incident response.
In fact, this "roll up your sleeves and get busy" security book features updated tips, tricks & techniques across the board to ensure that it provides the most current information for all of the major server software packages. These hacks are quick, clever, and devilishly effective.
Chapter 1 Unix Host Security
Secure Mount Points
Scan for SUID and SGID Programs
Scan for World- and Group-Writable Directories
Create Flexible Permissions Hierarchies with POSIX ACLs
Protect Your Logs from Tampering
Delegate Administrative Roles
Automate Cryptographic Signature Verification
Check for Listening Services
Prevent Services from Binding to an Interface
Restrict Services with Sandboxed Environments
Use proftpd with a MySQL Authentication Source
Prevent Stack-Smashing Attacks
Lock Down Your Kernel with grsecurity
Restrict Applications with grsecurity
Restrict System Calls with systrace
Create systrace Policies Automatically
Control Login Access with PAM
Restrict Users to SCP and SFTP
Use Single-Use Passwords for Authentication
Restrict Shell Environments
Enforce User and Group Resource Limits
Automate System Updates
Chapter 2 Windows Host Security
Check Servers for Applied Patches
Use Group Policy to Configure Automatic Updates
List Open Files and Their Owning Processes
List Running Services and Open Ports
Enable Auditing
Enumerate Automatically Executed Programs
Secure Your Event Logs
Change Your Maximum Log File Sizes
Back Up and Clear the Event Logs
Disable Default Shares
Encrypt Your Temp Folder
Back Up EFS
Clear the Paging File at Shutdown
Check for Passwords That Never Expire
Chapter 3 Privacy and Anonymity
Evade Traffic Analysis
Tunnel SSH Through Tor
Encrypt Your Files Seamlessly
Guard Against Phishing
Use the Web with Fewer Passwords
Encrypt Your Email with Thunderbird
Encrypt Your Email in Mac OS X
Chapter 4 Firewalling
Firewall with Netfilter
Firewall with OpenBSD’s PacketFilter
Protect Your Computer with the Windows Firewall
Close Down Open Ports and Block Protocols
Replace the Windows Firewall
Create an Authenticated Gateway
Keep Your Network Self-Contained
Test Your Firewall
MAC Filter with Netfilter
Block Tor
Chapter 5 Encrypting and Securing Services
Encrypt IMAP and POP with SSL
Use TLS-Enabled SMTP with Sendmail
Use TLS-Enabled SMTP with Qmail
Install Apache with SSL and suEXEC
Secure BIND
Set Up a Minimal and Secure DNS Server
Secure MySQL
Share Files Securely in Unix
Chapter 6 Network Security
Detect ARP Spoofing
Create a Static ARP Table
Protect Against SSH Brute-Force Attacks
Fool Remote Operating System Detection Software
Keep an Inventory of Your Network
Scan Your Network for Vulnerabilities
Keep Server Clocks Synchronized
Create Your Own Certificate Authority
Distribute Your CA to Clients
Back Up and Restore a Certificate Authority with Certificate Services
Detect Ethernet Sniffers Remotely
Help Track Attackers
Scan for Viruses on Your Unix Servers
Track Vulnerabilities
Chapter 7 Wireless Security
Turn Your Commodity Wireless Routers into a Sophisticated Security Platform
Use Fine-Grained Authentication for Your Wireless Network
Deploy a Captive Portal
Chapter 8 Logging
Run a Central Syslog Server
Steer Syslog
Integrate Windows into Your Syslog Infrastructure
Summarize Your Logs Automatically
Monitor Your Logs Automatically
Aggregate Logs from Remote Sites
Log User Activity with Process Accounting
Centrally Monitor the Security Posture of Your Servers
Chapter 9 Monitoring and Trending
Monitor Availability
Graph Trends
Get Real-Time Network Stats
Collect Statistics with Firewall Rules
Sniff the Ether Remotely
Chapter 10 Secure Tunnels
Set Up IPsec Under Linux
Set Up IPsec Under FreeBSD
Set Up IPsec in OpenBSD
Encrypt Traffic Automatically with Openswan
Forward and Encrypt Traffic with SSH
Automate Logins with SSH Client Keys
Use a Squid Proxy over SSH
Use SSH As a SOCKS Proxy
Encrypt and Tunnel Traffic with SSL
Tunnel Connections Inside HTTP
Tunnel with VTun and SSH
Generate VTun Configurations Automatically
Create a Cross-Platform VPN
Tunnel PPP
Chapter 11 Network Intrusion Detection
Detect Intrusions with Snort
Keep Track of Alerts
Monitor Your IDS in Real Time
Manage a Sensor Network
Write Your Own Snort Rules
Prevent and Contain Intrusions with Snort_inline
Automatically Firewall Attackers with SnortSam
Detect Anomalous Behavior
Automatically Update Snort’s Rules
Create a Distributed Stealth Sensor Network
Use Snort in High-Performance Environments with Barnyard
Andrew Lockhart is originally from South Carolina, but currently resides in northern Colorado where he spends his time trying to learn the black art of auditing disassembled binaries and trying to keep from freezing to death. He holds a BS in computer science from Colorado State University and has done security consulting for small businesses in the area. He currently works at a Fortune 100 company when not writing. In his free time he works on Snort-Wireless, a project intended to add wireless intrusion detection popular OpenSource IDS Snort.
Comments about oreilly Network Security Hacks, Second Edition:
Title: Network Security Hacks
Subtitle: Tips & Tools for Protecting Your Privacy
Second Edition: October 2006
Series: Hacks
ISBN 10: 0-596-52763-2
ISBN 13: 9780596527631
Pages: 478
By Andrew Lockhart
The book starts with credits, then a preface before 12 chapters and an index. There were 14 contributors including the author according to the credits. The preface states there are 123 hacks in this edition. There were no errors that I found except for one minor one in the preface. Look at the thermometers that indicate the complexity of the hack on page xix. Does it look like the beginner and moderate icons are the same? No big deal, they are different in the text next to the actual hacks.
I do not worry too much about errors until they make me feel like the author[s] may not really be expert in the area they are writing about but all these hacks look good to me.
The book is balanced and starts with two chapters about Unix Host Security and Windows Host Security. They are both extremely well written and have very useful hacks.
This book is light reading. I read it in three days, just a couple of hours a day. The style is light and easy to enjoy. The flow of the style makes it hard to believe that multiple authors are involved in the writing. It seems like one person wrote it.
I liked the following chapters quite a bit:
Chapter 6 Network Security
Chapter 7 Wireless Security
The best chapters were hard to determine, all the chapters were excellent. Here are three that I thought were best:
Chapter 9 Monitoring and Trending
Chapter 11 Network Intrusion Detection
Chapter 12 Recovery and Response
Chapters 11 and 12 were the very best in the book, depending on whether you were more interested in detecting intruders or responding to them.
This book is worth 5 stars and every penny charged for it, taking everything into account. This book will pay for itself over and over. The first time I realized that the book would pay for itself right away was
40. Use the web with fewer passwords: Pwdhash and Remote PwdHash
41. Encrypt your email with Thunderbird
I also liked the sources of the hacks: Stanford and Harvard were cited. I thought this was good work academically and both security centers are heavy hitters with lots of quality talent writing software.
Well done.
Definitive
Frederick J Eccher Jr
MBA
M.S. Management of Information Systems
A.B. Psychology
B.A. Biology
CIO, Community Partners
President, Board of Directors, Saint Louis Visual Basic Users Group
