Network Security Hacks [Electronic resources] نسخه متنی

• Table of Contents

• Index

• Reviews

• Reader Reviews

• Errata

• Academic

Network Security Hacks

By
Andrew Lockhart

Publisher: O''Reilly

Pub Date: April 2004

ISBN: 0-596-00643-8

Pages: 312

Slots: 1.0

Copyright

Credits

About the Author

Contributors

Acknowledgments

Preface

Why Network Security Hacks?

How This Book Is Organized

Conventions Used in This Book

Using Code Examples

How to Contact Us

Got a Hack?

Chapter 1.
Unix Host Security

Hacks #1-20

Section 1.
Secure Mount Points

Section 2.
Scan for SUID and SGID Programs

Section 3.
Scan For World- and Group-Writable Directories

Section 4.
Create Flexible Permissions Hierarchies with POSIX ACLs

Section 5.
Protect Your Logs from Tampering

Section 6.
Delegate Administrative Roles

Section 7.
Automate Cryptographic Signature Verification

Section 8.
Check for Listening Services

Section 9.
Prevent Services from Binding to an Interface

Section 10.
Restrict Services with Sandboxed Environments

Section 11.
Use proftp with a MySQL Authentication Source

Section 12.
Prevent Stack-Smashing Attacks

Section 13.
Lock Down Your Kernel with grsecurity

Section 14.
Restrict Applications with grsecurity

Section 15.
Restrict System Calls with Systrace

Section 16.
Automated Systrace Policy Creation

Section 17.
Control Login Access with PAM

Section 18.
Restricted Shell Environments

Section 19.
Enforce User and Group Resource Limits

Section 20.
Automate System Updates

Chapter 2.
Windows Host Security

Hacks #21-30

Section 21.
Check Servers for Applied Patches

Section 22.
Get a List of Open Files and Their Owning Processes

Section 23.
List Running Services and Open Ports

Section 24.
Enable Auditing

Section 25.
Secure Your Event Logs

Section 26.
Change Your Maximum Log File Sizes

Section 27.
Disable Default Shares

Section 28.
Encrypt Your Temp Folder

Section 29.
Clear the Paging File at Shutdown

Section 30.
Restrict Applications Available to Users

Chapter 3.
Network Security

Hacks #31-53

Section 31.
Detect ARP Spoofing

Section 32.
Create a Static ARP Table

Section 33.
Firewall with Netfilter

Section 34.
Firewall with OpenBSD''s PacketFilter

Section 35.
Create an Authenticated Gateway

Section 36.
Firewall with Windows

Section 37.
Keep Your Network Self-Contained

Section 38.
Test Your Firewall

Section 39.
MAC Filtering with Netfilter

Section 40.
Block OS Fingerprinting

Section 41.
Fool Remote Operating System Detection Software

Section 42.
Keep an Inventory of Your Network

Section 43.
Scan Your Network for Vulnerabilities

Section 44.
Keep Server Clocks Synchronized

Section 45.
Create Your Own Certificate Authority

Section 46.
Distribute Your CA to Clients

Section 47.
Encrypt IMAP and POP with SSL

Section 48.
Set Up TLS-Enabled SMTP

Section 49.
Detect Ethernet Sniffers Remotely

Section 50.
Install Apache with SSL and suEXEC

Section 51.
Secure BIND

Section 52.
Secure MySQL

Section 53.
Share Files Securely in Unix

Chapter 4.
Logging

Hacks #54-60

Section 54.
Run a Central Syslog Server

Section 55.
Steer Syslog

Section 56.
Integrate Windows into Your Syslog Infrastructure

Section 57.
Automatically Summarize Your Logs

Section 58.
Monitor Your Logs Automatically

Section 59.
Aggregate Logs from Remote Sites

Section 60.
Log User Activity with Process Accounting

Chapter 5.
Monitoring and Trending

Hacks #61-66

Section 61.
Monitor Availability

Section 62.
Graph Trends

Section 63.
Run ntop for Real-Time Network Stats

Section 64.
Audit Network Traffic

Section 65.
Collect Statistics with Firewall Rules

Section 66.
Sniff the Ether Remotely

Chapter 6.
Secure Tunnels

Hacks #67-81

Section 67.
Set Up IPsec Under Linux

Section 68.
Set Up IPsec Under FreeBSD

Section 69.
Set Up IPsec in OpenBSD

Section 70.
PPTP Tunneling

Section 71.
Opportunistic Encryption with FreeS/WAN

Section 72.
Forward and Encrypt Traffic with SSH

Section 73.
Quick Logins with SSH Client Keys

Section 74.
Squid Proxy over SSH

Section 75.
Use SSH as a SOCKS Proxy

Section 76.
Encrypt and Tunnel Traffic with SSL

Section 77.
Tunnel Connections Inside HTTP

Section 78.
Tunnel with VTun and SSH

Section 79.
Automatic vtund.conf Generator

Section 80.
Create a Cross-Platform VPN

Section 81.
Tunnel PPP

Chapter 7.
Network Intrusion Detection

Hacks #82-95

Section 82.
Detect Intrusions with Snort

Section 83.
Keep Track of Alerts

Section 84.
Real-Time Monitoring

Section 85.
Manage a Sensor Network

Section 86.
Write Your Own Snort Rules

Section 87.
Prevent and Contain Intrusions with Snort_inline

Section 88.
Automated Dynamic Firewalling with SnortSam

Section 89.
Detect Anomalous Behavior

Section 90.
Automatically Update Snort''s Rules

Section 91.
Create a Distributed Stealth Sensor Network

Section 92.
Use Snort in High-Performance Environments with Barnyard

Section 93.
Detect and Prevent Web Application Intrusions

Section 94.
Simulate a Network of Vulnerable Hosts

Section 95.
Record Honeypot Activity

Chapter 8.
Recovery and Response

Hacks #96-100

Section 96.
Image Mounted Filesystems

Section 97.
Verify File Integrity and Find Compromised Files

Section 98.
Find Compromised Packages with RPM

Section 99.
Scan for Root Kits

Section 100.
Find the Owner of a Network

Colophon

Index