Network Security Hacks [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Network Security Hacks [Electronic resources] - نسخه متنی

Andrew Lockhart

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Network Security Hacks

Table of Contents

Copyright

Credits

About the Author

Contributors

Acknowledgments

Preface

Why Network Security Hacks?

How This Book Is Organized

Conventions Used in This Book

Using Code Examples

How to Contact Us

Got a Hack?

Chapter 1. Unix Host Security

Hacks #1-20

Hack 1 Secure Mount Points

Hack 2 Scan for SUID and SGID Programs

Hack 3 Scan For World- and Group-Writable Directories

Hack 4 Create Flexible Permissions Hierarchies with POSIX ACLs

Hack 5 Protect Your Logs from Tampering

Hack 6 Delegate Administrative Roles

Hack 7 Automate Cryptographic Signature Verification

Hack 8 Check for Listening Services

Hack 9 Prevent Services from Binding to an Interface

Hack 10 Restrict Services with Sandboxed Environments

Hack 11 Use proftp with a MySQL Authentication Source

Hack 12 Prevent Stack-Smashing Attacks

Hack 13 Lock Down Your Kernel with grsecurity

Hack 14 Restrict Applications with grsecurity

Hack 15 Restrict System Calls with Systrace

Hack 16 Automated Systrace Policy Creation

Hack 17 Control Login Access with PAM

Hack 18 Restricted Shell Environments

Hack 19 Enforce User and Group Resource Limits

Hack 20 Automate System Updates

Chapter 2. Windows Host Security

Hacks #21-30

Hack 21 Check Servers for Applied Patches

Hack 22 Get a List of Open Files and Their Owning Processes

Hack 23 List Running Services and Open Ports

Hack 24 Enable Auditing

Hack 25 Secure Your Event Logs

Hack 26 Change Your Maximum Log File Sizes

Hack 27 Disable Default Shares

Hack 28 Encrypt Your Temp Folder

Hack 29 Clear the Paging File at Shutdown

Hack 30 Restrict Applications Available to Users

Chapter 3. Network Security

Hacks #31-53

Hack 31 Detect ARP Spoofing

Hack 32 Create a Static ARP Table

Hack 33 Firewall with Netfilter

Hack 34 Firewall with OpenBSD's PacketFilter

Hack 35 Create an Authenticated Gateway

Hack 36 Firewall with Windows

Hack 37 Keep Your Network Self-Contained

Hack 38 Test Your Firewall

Hack 39 MAC Filtering with Netfilter

Hack 40 Block OS Fingerprinting

Hack 41 Fool Remote Operating System Detection Software

Hack 42 Keep an Inventory of Your Network

Hack 43 Scan Your Network for Vulnerabilities

Hack 44 Keep Server Clocks Synchronized

Hack 45 Create Your Own Certificate Authority

Hack 46 Distribute Your CA to Clients

Hack 47 Encrypt IMAP and POP with SSL

Hack 48 Set Up TLS-Enabled SMTP

Hack 49 Detect Ethernet Sniffers Remotely

Hack 50 Install Apache with SSL and suEXEC

Hack 51 Secure BIND

Hack 52 Secure MySQL

Hack 53 Share Files Securely in Unix

Chapter 4. Logging

Hacks #54-60

Hack 54 Run a Central Syslog Server

Hack 55 Steer Syslog

Hack 56 Integrate Windows into Your Syslog Infrastructure

Hack 57 Automatically Summarize Your Logs

Hack 58 Monitor Your Logs Automatically

Hack 59 Aggregate Logs from Remote Sites

Hack 60 Log User Activity with Process Accounting

Chapter 5. Monitoring and Trending

Hacks #61-66

Hack 61 Monitor Availability

Hack 62 Graph Trends

Hack 63 Run ntop for Real-Time Network Stats

Hack 64 Audit Network Traffic

Hack 65 Collect Statistics with Firewall Rules

Hack 66 Sniff the Ether Remotely

Chapter 6. Secure Tunnels

Hacks #67-81

Hack 67 Set Up IPsec Under Linux

Hack 68 Set Up IPsec Under FreeBSD

Hack 69 Set Up IPsec in OpenBSD

Hack 70 PPTP Tunneling

Hack 71 Opportunistic Encryption with FreeS/WAN

Hack 72 Forward and Encrypt Traffic with SSH

Hack 73 Quick Logins with SSH Client Keys

Hack 74 Squid Proxy over SSH

Hack 75 Use SSH as a SOCKS Proxy

Hack 76 Encrypt and Tunnel Traffic with SSL

Hack 77 Tunnel Connections Inside HTTP

Hack 78 Tunnel with VTun and SSH

Hack 79 Automatic vtund.conf Generator

Hack 80 Create a Cross-Platform VPN

Hack 81 Tunnel PPP

Chapter 7. Network Intrusion Detection

Hacks #82-95

Hack 82 Detect Intrusions with Snort

Hack 83 Keep Track of Alerts

Hack 84 Real-Time Monitoring

Hack 85 Manage a Sensor Network

Hack 86 Write Your Own Snort Rules

Hack 87 Prevent and Contain Intrusions with Snort_inline

Hack 88 Automated Dynamic Firewalling with SnortSam

Hack 89 Detect Anomalous Behavior

Hack 90 Automatically Update Snort's Rules

Hack 91 Create a Distributed Stealth Sensor Network

Hack 92 Use Snort in High-Performance Environments with Barnyard

Hack 93 Detect and Prevent Web Application Intrusions

Hack 94 Simulate a Network of Vulnerable Hosts

Hack 95 Record Honeypot Activity

Chapter 8. Recovery and Response

Hacks #96-100

Hack 96 Image Mounted Filesystems

Hack 97 Verify File Integrity and Find Compromised Files

Hack 98 Find Compromised Packages with RPM

Hack 99 Scan for Root Kits

Hack 100 Find the Owner of a Network

Colophon

Index

index_SYMBOL

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_J

index_K

index_L

index_M

index_N

index_O

index_P

index_R

index_S

index_T

index_U

index_V

index_W

index_X

index_Z

توضیحات
افزودن یادداشت جدید









Hack 41 Fool Remote Operating System Detection Software



Evade remote OS detection attempts by
disguising your TCP/IP stack.


Another method to thwart operating
system detection attempts is to modify the behavior of your
system's TCP/IP
stack and make it emulate the behavior of another operating system.
This may sound difficult, but can be done fairly easily in Linux by
patching your kernel with code available from the
IP
Personality project (http://ippersonality.sourceforge.net). This
code extends the kernel's built-in firewalling
system, Netfilter, as well as its user-space component, the
iptables command.


To set up IP Personality, download the package that corresponds to
your kernel. If you can't find the correct one,
visit the SourceForge patches page for the project (http://sourceforge.net/tracker/?group_id=7557&atid=307557),
which usually has more recent kernel patches available.


To patch your kernel, unpack the IP Personality source distribution
and go to the directory containing your kernel source; then run the
patch command:


# cd /usr/src/linux
# patch -p1 < \ 
../ippersonality-20020819-2.4.19/patches/ippersonality-20020819-linux-2.4.19.diff


If you are using a patch downloaded from the patches page, just
substitute it in your patch command. To verify
that the patch has been applied correctly, you can run this command:


# find ./ -name \*.rej


If the patch was applied correctly, this command should not find any
files.


Now that the kernel is patched, you will need to configure the kernel
for IP Personality support. As mentioned in [Hack #13],
running make xconfig, make
menuconfig, or even make
config while you are in the kernel
source's directory will allow you to configure your
kernel. Regardless of the method you choose, the menu options will
remain the same.


First, be sure that "Prompt for development and/or
incomplete code/drivers" is enabled under
"Code maturity level options".
Under Networking Options, find and enable the option for Netfilter
Configuration.


The list displayed by make xconfig is shown in
Figure 3-7. Find the option labeled IP
"Personality Support", and either
select y to statically compile it into your
kernel, or select m to create a dynamically loaded
module.



Figure 3-7. Enable IP Personality Support





After you have configured in support for IP Personality, save your
configuration. Now compile the kernel and modules, and install them
by running commands similar to these:


# make dep && make clean
# make bzImage && make modules
# cp arch/i386/boot/bzImage /boot/vmlinuz
# make modules_install


Now reboot with your new kernel. In addition to patching your kernel,
you'll also need to patch the user-space portion of
Netfilter, the iptables
command. To do this, go to the
Netfilter web site (http://www.netfilter.org) and download the
version specified by the patch that came with your IP Personality
package. For instance, the
iptables patch included in
ippersonality-20020819-2.4.19.tar.gz is for
Netfilter Version 1.2.2.


After downloading the proper version and unpacking it, you will need
to patch it with the patch included in the IP Personality package.
Then build and install it in the normal way:


# tar xfj iptables-1.2.2.tar.bz2
# cd iptables-1.2.2
# patch -p1 < \
../ippersonality-20020819-2.4.19/patches/ippersonality-20020427-iptables-\1.2.2.diff 
patching file pers/Makefile
patching file pers/example.conf
patching file pers/libipt_PERS.c
patching file pers/pers.h
patching file pers/pers.l
patching file pers/pers.y
patching file pers/pers_asm.c
patching file pers/perscc.c
# make KERNEL_DIR=/usr/src/linux && make install


This will install the modified iptables command,
its supporting libraries, and the manpage under the
/usr/local hierarchy. If you would like to
change the default installation directories, you can edit the
Makefile and change the values of the BINDIR,
LIBDIR, MANDIR, and
INCDIR macros. Be sure to set
KERNEL_DIR to the directory containing the kernel
sources you built earlier.


If you are using Red Hat Linux, you can replace the
iptables command that is
installed by changing the macros to these values:


LIBDIR:=/lib
BINDIR:=/sbin
MANDIR:=/usr/share/man
INCDIR:=/usr/include


In addition to running make install, you may also
want to create a directory for the operating system personality
configuration files. These files are located in the
samples/ directory within the IP Personality
distribution. For example, you could create a directory called
/etc/personalities and copy them there.


Before setting up IP Personality, try running Nmap against the
machine to see which operating system it detects:


# nmap -O colossus
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-12-12 18:36 MST
Interesting ports on colossus (192.168.0.64):
(The 1651 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
111/tcp open  rpcbind
139/tcp open  netbios-ssn
505/tcp open  mailbox-lm
631/tcp open  ipp
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux Kernel 2.4.0 - 2.5.20
Uptime 3.095 days (since Tue Dec 9 16:19:55 2003)
Nmap run completed -- 1 IP address (1 host up) scanned in 7.375 seconds


If your machine has an IP address of 192.168.0.64 and you want it to
pretend that it's running Mac OS 9, you can run
iptables commands like these:


# iptables -t mangle -A PREROUTING -d 192.168.0.64 -j PERS \
--tweak dst --local --conf /etc/personalities/macos9.conf
# iptables -t mangle -A OUTPUT -s 192.168.0.64 -j PERS \
--tweak src --local --conf /etc/personalities/macos9.conf


Now run Nmap again:


# nmap -O colossus
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-12-12 18:47 MST
Interesting ports on colossus (192.168.0.64):
(The 1651 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
111/tcp open  rpcbind
139/tcp open  netbios-ssn
505/tcp open  mailbox-lm
631/tcp open  ipp
Device type: general purpose
Running: Apple Mac OS 9.X
OS details: Apple Mac OS 9 - 9.1
Uptime 3.095 days (since Tue Dec 9 16:19:55 2003)
Nmap run completed -- 1 IP address (1 host up) scanned in 5.274 seconds


You can of course emulate other operating systems that
aren't provided with the IP Personality package. All
you need is a copy of Nmap's operating system
fingerprints file, nmap-os-fingerprints, and
then you can construct your own IP Personality configuration file for
any operating system Nmap knows about.



/ 158