Building Open Source Network Security Tools Components and Techniques—Components and Techniques - Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] نسخه متنی

Building Open Source Network Security Tools Components and Techniques—Components and Techniques

Mike Schiffman

Wiley Publishing. Inc.

Publisher: Robert Ipsen

Executive Editor: Carol A.Long

Editorial Manager: Kathryn A.Malm

Developmental Editor: Emilie Herman

Managing Editor: Pamela Hanley

New Media Editor: Brian Snapp

Text Design & Composition: D&G Limited, LLC

Designations used by companies to distinguish their products are often claimed as trademarks. In all instances where Wiley Publishing, Inc., is aware of a claim, the product names appear in initial capital or ALL CAPITAL LETTERS. Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration.

Copyright © 2003 Mike Schiffman

All rights reserved.

Published by Wiley Publishing Inc., Indianapolis, Indiana

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspointe Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-Mail: Library of Congress Cataloging-in-Publication Data:

Schiffman, Mike.

Building open source network security tools: components and techniques/Mike Schiffman.

p.cm.

Includes bibliographical references and index.

0-471-20544-3

1. Computer security. 2. Computer networks-Security measures. I. Title

QA76.9.A25 S335 2002

005.8–dc21

2002011320

10 9 8 7 6 5 4 3 2 1

Acknowledgments

Man. First and foremost I have to give big ups to Adam O'Donnell for doing a completely ruling job at being my sole tech editor (and for writing the buffer overflow section in the Attack and Penetration Techniques chapter). This guy is not only super handsome, but also super smart. If you haven't heard of him yet, don't worry—you will soon enough. I'm sure that we'll all be using some invention of his someday or buying products with his picture on them.

I have to give a grip of props to Dominique Brezinski for helping me out with the vast majority of the Defensive Techniques chapter.

And then there's this amazing Dug Song character. Thanks for proofing the Libdnet Component chapter—your library completely rules—and reading your code—ah—such a joy.

OK, so I've wanted to write this book for more than four years. Many of the ideas in these pages have been floating around in my head since back in the "particular" days at Cambridge Technology Partners. Thanks to Carol Long, Emilie Herman, and the rest of the Wiley staff for aggressively pursuing this book and helping me to make it a reality.

I have to thank David Goldsmith for committing to writing a chapter for me and then apologize to him for changing the book's scope and nixing it.

No book is written without an elaborate support structure. I'd also like to thank: Himanshu Dwivedi and Patrick Mullen for initial proofing, Guy Harris for libpcap insights, Rafal Wojczuk for libnids help, Binion's Horseshoe in Las Vegas for having such a fair single deck game, Andy Schneider and Vadim Fedukovich for OpenSSL proofing, Joel Wallenstrom and Dave Pollino for making work rule, Geoff Cooper for finding me a good deal on my first nice watch, Shawn Bracken for pulling an 11th-hour tech edit, Christina Luconi for giving me sound mentoring advice, and last but certainly not least, Alisa Rachelle Albrecht for being my muse.

Finally, how could any computer book's thank-you list be complete without thanking Sir Timothy Newsham? I have never had a question Tim couldn't answer or a problem he couldn't solve; without his unmitigated eliteness (and general newshing), this book would lack a certain little something I like to call heart.

About the Author

Mike Schiffman is the Director of Security Architecture for @stake, the leading provider of digital security services. Previous to @stake, Mike was the Director of Research and Development for Guardent, Inc. and previous to that Mike held senior positions at ISS and Cambridge Technology Partners.

Mike's primary areas of expertise are research and development, consulting, and writing. He has built many network security tools, such as firewalk and tracerx, in addition to the ubiquitously used low-level packet-shaping library libnet. Additionally, Mike has led security consulting engagements for fortune 500 companies in many industries, including financial, automotive, manufacturing, and software. He is a sought after speaker and has presented in front of industry professionals as well as government agencies including the NSA, CIA, DOD, FBI, NASA, AFWIC, SAIC, and Army intelligence.

Mike has written several books on computer security topics, including the Hacker's Challenge book series (Osborne McGraw-Hill), a line of books on computer security forensics and incident responses. He co-authored and contributed to several other books, including Hacking Exposed (Osborne McGraw-Hill) and Hack Proofing Your Network: Internet Tradecraft (Syngress Media Inc.). He has written for numerous technical journals and authored many white papers on topics ranging from UNIX kernel enhancements to network protocol deficiencies. Mike also designed, developed, and now maintains the security portal site http://www.packetfactory.net. He also held senior positions with ISS as well as Cambridge Technology Partners. Schiffman has developed numerous security tools, has written numerous whitepapers, and is the author of Hacker's Challenge.

About the Contributor

Dominique Brezinski's most recent undertaking was In-Q-Tel, the venture capital organization working on behalf of the Central Intelligence Agency, where he spent several years inspiring a diverse group of subject-matter experts tasked with tracking technology trends and evaluating the products and technologies of potential investments. In his responsibilities for technology forecasting and due diligence, Dominique worked closely with the CIA to understand current and prospective technology needs, and to ensure the successful delivery and insertion of mission-critical technologies.

Prior to joining In-Q-Tel, Dominique worked at a number of leading technology companies. Most recently, Dominique worked for Amazon.com, where he was responsible for intrusion detection and security incident response. He also contributed to security architecture, security vulnerability analysis, and developer training initiatives for the billion-dollar enterprise. Previous to Amazon.com, Dominique worked in various research, consulting, and software development roles at Secure Computing, Internet Security Systems, CyberSafe, and Microsoft.

Dominique speaks regularly on the topic of information security and has been published in Windows NT Magazine and Information Security Magazine. Dominique also contributed to the book Hacker's Challenge (Osborne McGraw-Hill, 2001).

About the Technical Reviewer

Adam J. O'Donnell is an NSF Graduate Research Fellow pursuing a Ph.D. in Electrical Engineering at Drexel University. He graduated Summa Cum Laude from Drexel with a Bachelor of Science in Electrical Engineering with a concentration in Digital Signal Processing. Adam has optimized RF Amplifier subsystems at Lucent Technologies, where he was awarded a patent for his work, and has held a research position at Guardent, Inc. His current research interests are in computer security, networking, and distributed systems.