did-you-know? rent-now

Rent More, Save More! Use code: ECRENTAL

did-you-know? rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780131481046

Counter Hack Reloaded A Step-by-Step Guide to Computer Attacks and Effective Defenses

by ;
  • ISBN13:

    9780131481046

  • ISBN10:

    0131481045

  • Edition: 2nd
  • Format: Paperback
  • Copyright: 2005-12-23
  • Publisher: PEARSO

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $84.99 Save up to $35.27
  • Rent Book $49.72
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE

    7-Day eTextbook Access 7-Day eTextbook Access

    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

How To: Textbook Rental

Looking to rent a book? Rent Counter Hack Reloaded A Step-by-Step Guide to Computer Attacks and Effective Defenses [ISBN: 9780131481046] for the semester, quarter, and short term or search our site for other textbooks by Skoudis, Edward; Liston, Tom. Renting a textbook can save you up to 90% from the cost of buying.

Summary

Major revision to the best-selling, step-by-step guide to defending against hacker intrusions - more than 45% new material.

Author Biography

Ed Skoudis is a founder and senior security consultant for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. His expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed information security governance and operations teams for Fortune 500 companies, and responded to computer attacks for clients in financial, high technology, health care, and other industries. Ed has demonstrated hacker techniques for the U.S. Senate and is a frequent speaker on issues associated with hacker tools and defenses. He was also awarded 2004 and 2005 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Prior to Intelguardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).

Tom Liston is a senior analyst for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. He is the author of the popular open source network tarpit, LaBrea, for which he was a finalist for eWeek and PC Magazine’s Innovations In Infrastructure (i3) award in 2002. He is one of the handlers at the SANS Institute’s Internet Storm Center, where he deals daily with cutting edge security issues and authors a popular series of articles under the title “Follow the Bouncing Malware.” Mr. Liston resides in the teeming metropolis of Johnsburg, Illinois, and has four beautiful children (who demanded to be mentioned): Mary, Maggie, Erin, and Victoria.



Table of Contents

Foreword xxi
Preface Reloaded xxiii
Preface from the First Edition xxv
Acknowledgments xxvii
About the Authors xxxi
Introduction
1(24)
The Computer World and the Golden Age of Hacking
2(2)
Why This Book?
4(3)
Why Cover These Specific Tools and Techniques?
5(1)
How This Book Differs
5(2)
The Threat: Never Underestimate Your Adversary
7(5)
Attacker Skill Levels: From Script Kiddies to the Elite
11(1)
A Note on Terminology and Iconography
12(3)
Hackers, Crackers, and Hats of Many Colors: Let's Just Use ``Attackers'' and ``Bad Guys''
12(2)
Pictures and Scenarios
14(1)
Naming Names
14(1)
Caveat: These Tools Could Hurt You
15(4)
Setting Up a Lab for Experimentation
16(1)
Additional Concerns
17(2)
Organization of Rest of the Book
19(4)
Getting Up to Speed with the Technology
19(1)
Common Phases of the Attack
20(1)
Future Predictions, Conclusions, and References
20(1)
Yeah, But What's NEW?
20(3)
Summary
23(2)
Networking Overview: Pretty Much Everything You Need to Know About Networking to Follow the Rest of This Book
25(66)
The OSI Reference Model and Protocol Layering
26(2)
How Does TCP/IP Fit In?
28(4)
Understanding TCP/IP
32(1)
Transmission Control Protocol (TCP)
33(8)
TCP Port Numbers
34(3)
TCP Control Bits, the Three-Way Handshake, and Sequence Numbers
37(4)
Other Fields in the TCP Header
41(1)
User Datagram Protocol (UDP)
41(3)
Is UDP Less Secure Than TCP?
43(1)
Internet Protocol (IP) and Internet Control Message Protocol (ICMP)
44(7)
IP: Drop That Acronym and Put Your Hands in the Air!
45(1)
LANs and Routers
45(1)
IP Addresses
46(1)
Netmasks
47(1)
Packet Fragmentation in IP
48(1)
Other Components of the IP Header
49(2)
ICMP
51(2)
Other Network-Level Issues
53(13)
Routing Packets
53(1)
Network Address Translation
54(2)
Firewalls: Network Traffic Cops and Soccer Goalies
56(10)
Don't Forget About the Data Link and Physical Layers!
66(9)
Ethernet: The King of Wireline Connectivity
67(1)
ARP ARP ARP!!
68(2)
Hubs and Switches
70(2)
802.11: The King of Wireless Connectivity
72(3)
Security Solutions for the Internet
75(11)
Application-Level Security
75(2)
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
77(5)
Security at the IP Level: IPSec
82(4)
Conclusion
86(1)
Summary
87(4)
Linux and UNIX Overview: Pretty Much Everything You Need to Know About Linux and UNIX to Follow the Rest of This Book
91(36)
Introduction
91(4)
Learning About Linux and UNIX
94(1)
Architecture
95(12)
Linux and UNIX File System Structure
95(2)
The Kernel and Processes
97(2)
Automatically Starting Up Processes: Init, Inetd, Xinetd, and Cron
99(4)
Manually Starting Processes
103(2)
Interacting with Processes
105(2)
Accounts and Groups
107(3)
The /etc/passwd File
107(2)
The /etc/group File
109(1)
Root: It's a Bird ... It's a Plane ... No, It's Super-User!
110(1)
Linux and UNIX Permissions
110(5)
SetUID Programs
113(2)
Linux and UNIX Trust Relationships
115(4)
Logs and Auditing
117(2)
Common Linux and UNIX Network Services
119(5)
Telnet: Command-Line Remote Access
119(1)
FTP: The File Transfer Protocol
120(1)
A Better Way: Secure Shell (SSH)
120(1)
Web Servers: HTTP
121(1)
Electronic Mail
121(1)
r-Commands
121(1)
Domain Name Services
122(1)
The Network File System (NFS)
122(1)
X Window System
123(1)
Conclusion
124(1)
Summary
124(3)
Windows NT/2000/XP/2003 Overview: Pretty Much Everything You Need to Know about Windows to Follow the Rest of This Book
127(56)
Introduction
127(1)
A Brief History of Time
128(5)
The BAD (Before Active Directory) Old Days
130(1)
Fundamental Concepts from BAD, or ``This Stuff Still Matters, So Pay Attention''
131(2)
Shares: Accessing Resources Across the Network
133(1)
The Underlying Windows Operating System Architecture
133(4)
User Mode
134(3)
How Windows Password Representations Are Derived
137(2)
Kernel Mode
139(2)
From Service Packs and Hotfixes to Windows Update and Beyond
141(1)
Accounts and Groups
142(5)
Accounts
142(3)
Groups
145(2)
Privilege Control
147(2)
Policies
149(3)
Account Policy
149(2)
User Properties Settings
151(1)
Trust
152(2)
Auditing
154(2)
Object Access Control and Permissions
156(4)
Ownership
156(1)
NTFS and Its Permissions
156(2)
Share Permissions
158(1)
Weak Default Permissions and Hardening Guides
159(1)
Network Security
160(2)
Limitations in Basic Network Protocols and APIs
160(2)
Windows 2000 and Beyond: Welcome to the New Millennium
162(15)
What Windows 2000+ Has to Offer
163(3)
Security Considerations in Windows 2000+
166(2)
Architecture: Some Refinements over Windows NT
168(1)
Accounts and Groups
169(1)
Privilege Control
170(3)
Policies
173(1)
Windows 2000+ Trust
174(1)
Auditing
175(1)
Object Access Control
175(2)
Conclusion
177(1)
Summary
177(6)
Phase 1: Reconnaissance
183(56)
Low-Technology Reconnaissance: Social Engineering, Caller ID Spoofing, Physical Break-In, and Dumpster Diving
184(11)
Social Engineering
184(6)
Physical Break-In
190(3)
Dumpster Diving
193(2)
Search the Fine Web (STFW)
195(17)
The Fine Art of Using Search Engines and Recon's Big Gun: Google
196(11)
Listening in at the Virtual Water Cooler: Newsgroups
207(1)
Searching an Organization's Own Web Site
208(1)
Defenses Against Search Engine and Web-Based Reconnaissance
209(3)
Whois Databases: Treasure Chests of Information
212(8)
Researching .com, .net, .org, and .edu Domain Names
212(3)
Researching Domain Names Other Than .com, .net, .org, .edu, .aero, .arpa, .biz, .coop, .info, .int, and .museum
215(3)
IP Address Assignments Through ARIN and Related Sites
218(1)
Defenses Against Whois Searches
219(1)
The Domain Name System
220(10)
Interrogating DNS Servers
225(2)
Defenses From DNS-Based Reconnaissance
227(3)
General-Purpose Reconnaissance Tools
230(5)
Sam Spade: A General-Purpose Reconnaissance Client Tool
230(3)
Web-Based Reconnaissance Tools: Research and Attack Portals
233(2)
Conclusion
235(1)
Summary
235(4)
Phase 2: Scanning
239(100)
War Driving: Finding Wireless Access Points
240(12)
War Driving Method 1: Active Scanning---Sending Probe Packets with NetStumbler
242(3)
War Driving Method 2: Listening for Beacons and Other Traffic with Wellenreiter
245(2)
War Driving Method 3: Forcing Deauthentication with ESSID-Jack
247(1)
War-Driving Defenses
248(2)
Going All the Way with a VPN
250(2)
War Dialing: Looking for Modems in All the Right Places
252(9)
A Toxic Recipe: Modems, Remote Access Products, and Clueless Users
253(1)
SysAdmins and Insecure Modems
253(1)
Finding Telephone Numbers to Feed into a War Dialer
254(4)
Defenses Against War Dialing
258(1)
Modem Policy
258(3)
Network Mapping
261(7)
Sweeping: Finding Live Hosts
262(1)
Traceroute: What Are the Hops?
262(5)
Defenses Against Network Mapping
267(1)
Determining Open Ports Using Port Scanners
268(39)
Nmap: A Full-Featured Port-Scanning Tool
269(3)
Types of Nmap Scans
272(22)
Defenses Against Port Scanning
294(7)
Determining Firewall Filter Rules with Firewalk
301(6)
Vulnerability-Scanning Tools
307(12)
A Whole Bunch of Vulnerability Scanners
310(1)
Nessus: The Most Popular Free Vulnerability Scanner Available Today
310(6)
Vulnerability-Scanning Defenses
316(2)
Be Aware of Limitations of Vulnerability-Scanning Tools
318(1)
Intrusion Detection System and Intrusion Prevention System Evasion
319(16)
How Network-Based IDS and IPS Tools Work
320(1)
How Attackers Can Evade Network-Based IDSs and IPSs
321(1)
IDS and IPS Evasion at the Network Level
322(6)
IDS and IPS Evasion at the Application Level
328(5)
IDS and IPS Evasion Defenses
333(2)
Conclusion
335(1)
Summary
335(4)
Phase 3: Gaining Access Using Application and Operating System Attacks
339(100)
Script Kiddie Exploit Trolling
339(1)
Pragmatism for More Sophisticated Attackers
340(2)
Buffer Overflow Exploits
342(35)
Stack-Based Buffer Overflow Attacks
343(10)
Exploiting Stack-Based Buffer Overflows
353(1)
Finding Buffer Overflow Vulnerabilities
353(5)
Heap Overflows
358(3)
The Exploit Mess and the Rise of Exploitation Engines
361(6)
Advantages for Attackers
367(1)
Benefits for the Good Guys, Too?
368(3)
Buffer Overflow Attack Defenses
371(6)
Password Attacks
377(29)
Guessing Default Passwords
378(4)
The Art and Science of Password Cracking
382(1)
Let's Crack Those Passwords!
383(18)
Defenses Against Password-Cracking Attacks
401(5)
Web Application Attacks
406(25)
Account Harvesting
407(3)
Account Harvesting Defenses
410(1)
Undermining Web Application Session Tracking and Other Variables
410(2)
Attacking Session Tracking Mechanisms
412(9)
Defending Against Web Application Session Tracking and Variable Alteration Attacks
421(2)
SQL Injection
423(5)
Defenses Against SQL Injection
428(3)
Exploiting Browser Flaws
431(4)
Defending Against Browser Exploits
434(1)
Conclusion
435(1)
Summary
435(4)
Phase 3: Gaining Access Using Network Attacks
439(74)
Sniffing
439(31)
Sniffing Through a Hub: Passive Sniffing
442(4)
``Hey, Don't I Know You?'' Passive OS Identification and Vulnerability Identification
446(3)
Dsniff: A Sniffing Cornucopia
449(18)
Sniffing Defenses
467(3)
IP Address Spoofing
470(12)
IP Address Spoofing Flavor 1: Simple Spoofing---Simply Changing the IP Address
470(3)
IP Address Spoofing Flavor 2: Predicting TCP Sequence Numbers to Attack UNIX r-Commands
473(4)
IP Address Spoofing Flavor 3: Spoofing with Source Routing
477(2)
IP Spoofing Defenses
479(3)
Session Hijacking
482(9)
Another Way: Host-Based Session Hijacking
483(3)
Session Hijacking with Ettercap
486(2)
Attacking Wireless Access Points
488(3)
Session Hijacking Defenses
491(1)
Netcat: A General-Purpose Network Tool
491(19)
Netcat for File Transfer
493(2)
Netcat for Port Scanning
495(1)
Netcat for Making Connections to Open Ports
496(1)
Netcat for Vulnerability Scanning
497(1)
Using Netcat to Create a Passive Backdoor Command Shell
498(1)
Using Netcat to Actively Push a Backdoor Command Shell
499(2)
Relaying Traffic with Netcat
501(5)
Persistent Netcat Listeners and Netcat Honeypots
506(3)
Netcat Defenses
509(1)
Conclusion
510(1)
Summary
510(3)
Phase 3: Denial-of-Service Attacks
513(34)
Locally Stopping Services
515(2)
Defenses from Locally Stopping Services
516(1)
Locally Exhausting Resources
517(1)
Defenses from Locally Exhausting Resources
518(1)
Remotely Stopping Services
518(5)
Defenses from Remotely Stopping Services
522(1)
Remotely Exhausting Resources
523(20)
SYN Flood
523(6)
Smurf Attacks
529(4)
Distributed Denial-of-Service Attacks
533(8)
DDoS: A Look at the Future?
541(1)
Distributed Denial-of-Service Defenses
542(1)
Conclusion
543(1)
Summary
544(3)
Phase 4: Maintaining Access: Trojans, Backdoors, and Rootkits ... Oh My!
547(80)
Trojan Horses
547(1)
Backdoors
548(5)
Netcat as a Backdoor on UNIX Systems
550(3)
The Devious Duo: Backdoors Melded into Trojan Horses
553(2)
Roadmap for the Rest of the Chapter
554(1)
Nasty: Application-Level Trojan Horse Backdoor Tools
555(13)
Remote-Control Backdoors
555(13)
Also Nasty: The Rise of the Bots
568(10)
Distributing Bots: The Worm-Bot Feedback Loop
575(3)
Additional Nastiness: Spyware Everywhere!
578(3)
Defenses Against Application-Level Trojan Horse Backdoors, Bots, and Spyware
581(6)
Bare Minimum: Use Antivirus and Antispyware Tools
581(2)
Looking for Unusual TCP and UDP Ports
583(1)
Knowing Your Software
583(3)
User Education Is Also Critical
586(1)
Even Nastier: User-Mode Rootkits
587(17)
What Do User-Mode Rootkits Do?
589(1)
Linux/UNIX User-Mode Rootkits
589(7)
Windows User-Mode Rootkits
596(8)
Defending Against User-Mode Rootkits
604(4)
Don't Let the Bad Guys Get Super-User Access in the First Place!
604(3)
Uh-oh ... They Rootkitted Me. How Do I Recover?
607(1)
Nastiest: Kernel-Mode Rootkits
608(8)
The Power of Execution Redirection
610(1)
File Hiding with Kernel-Mode Rootkits
611(1)
Process Hiding with Kernel-Mode Rootkits
612(1)
Network Hiding with Kernel-Mode Rootkits
612(1)
Some Particular Examples of Kernel-Mode Rootkits
613(3)
Defending Against Kernel-Mode Rootkits
616(7)
Fighting Fire with Fire: Don't Do It!
616(1)
Don't Let Them Get Root in the First Place!
616(1)
Control Access to Your Kernel
617(1)
Looking for Traces of Kernel-Mode Rootkits by Hand
618(1)
Automated Rootkit Checkers
619(2)
File Integrity Checkers Still Help!
621(1)
Antivirus Tools Help Too!
622(1)
Trusted CDs for Incident Handling and Investigations
622(1)
Conclusion
623(1)
Summary
623(4)
Phase 5: Covering Tracks and Hiding
627(44)
Hiding Evidence by Altering Event Logs
628(9)
Attacking Event Logs in Windows
629(3)
Attacking System Logs and Accounting Files in Linux and UNIX
632(3)
Altering Linux and UNIX Shell History Files
635(2)
Defenses Against Log and Accounting File Attacks
637(4)
Activate Logging, Please
637(1)
Setting Proper Permissions
638(1)
Using a Separate Logging Server
638(2)
Encrypting Your Log Files
640(1)
Making Log Files Append Only
640(1)
Protecting Log Files Using Write-Once Media
640(1)
Creating Difficult-to-Find Files and Directories
641(6)
Creating Hidden Files and Directories in UNIX
641(2)
Creating Hidden Files in Windows
643(3)
Defenses from Hidden Files
646(1)
Hiding Evidence on the Network: Covert Channels
647(18)
Tunneling
649(6)
Covert Channels and Malware
655(10)
Defenses Against Covert Channels
665(3)
Conclusion
668(1)
Summary
668(3)
Putting It All Together: Anatomy of an Attack
671(40)
Scenario 1: Crouching Wi-Fi, Hidden Dragon
673(12)
Scenario 2: Death of a Telecommuter
685(11)
Scenario 3: The Manchurian Contractor
696(12)
Conclusion
708(1)
Summary
709(2)
The Future, References, and Conclusions
711(12)
Where Are We Heading?
711(4)
Scenario 1: Yikes!
712(1)
Scenario 2: A Secure Future
713(1)
Scenario 1, Then Scenario 2
714(1)
Keeping Up to Speed
715(6)
Web Sites
715(3)
Mailing Lists
718(2)
Conferences
720(1)
Final Thoughts ... Live Long and Prosper
721(1)
Summary
722(1)
Index 723

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

My flight had just landed. It was around midnight. The flight attendant announced that we could turn on our cell phones. As soon as mine booted up, it started buzzing with a frantic call from a newspaper reporter I had recently met. He quickly explained that he had obtained a copy of a manifesto written by a terrorist who had launched some pretty horrific attacks killing hundreds of innocent people a few months back. The reporter had had the text professionally translated so he could get some folks to analyze it. In this 30-page document, this very evil guy was urging his followers to alter their tactics in their struggle. To augment their physical terrorism, the plan was now to start including cyber attacks to maximize their impact on countries that oppose their terrorist agenda. The reporter wanted me to analyze the technical underpinnings of the manifesto, to determine whether it was all smoke and mirrors, or a legitimate cause for concern. I got to my hotel room and snagged a copy of the manifesto from my e-mail. The document I read startled me. Although not technically deep, it was quite astute. Its author emphasized that the terrorist group could enhance their stature and influence and cause more terror to their enemies by undermining their economic well-being through the use of computer attacks. After this really eerie "motivational" speech introduction, the manifesto turned toward describing how different categories of attack could be used to achieve terrorist goals. Although the author didn't include technical details, he did provide a huge number of technical references on computer attacks, pressing his faithful followers to study hard the technologies of the infidel so they could undermine them. The following day I received an unrelated call, this time from a lawyer friend of mine. He explained that a computer attacker had broken into the network of a company and stolen over a million credit card numbers. Because the attacker had pilfered the entire magnetic stripe data stored on the company's servers, the bad guy could create very convincing counterfeit cards, and begin selling them on the black market. My lawyer friend wanted me to look over the details of the heist and explain in nontechnical jargon how the thief was able to pull this off. I carefully reviewed the case, analyzing the bad guy's moves, noting sadly that he had used some pretty standard attack techniques to perpetrate this big-time crime. Given those cases on back-to-back days, I just reread the preface to the original Counter Hackbook I wrote almost five years ago. Although it described a real-world attack against an ISP, it still had a fun feeling to it. The biggest worry then was the defacement of some Web sites and my buddy's boss getting mad, certainly cause for concern, but not the end of the world. I was struck with how much things have changed in computer attacks, and not at all for the better. Five years back, we faced a threat, but it was often manifested in leisurely attacks by kids looking to have some fun. We did face a hardened criminal here and there, of course, but there was a certain whimsy to our work. Today, with organized crime and, yes, even terrorists mastering their computer attack skills, things have taken a turn for the dark and sinister. Sure, the technology has evolved, but increasingly so has the nature of our threat. Underscoring the problem, if you place an unpatched computer on the Internet today, its average survival time before being completely compromised is less than 20 minutes. That time frame fluctuates a bit over the months, sometimes dropping to less than 10 minutes, and occasionally bumping up over 30 minutes when some particularly good patches are released and quickly deployed. However, even the upper-end number is disheartening. Given this highly aggressive threat, it's even more important now than ever for computer professionals (system administrators, network administrators, and security personnel) and even laymen to have knowledge of how the bad guys attack and how to defend against each of their moves. If we don't understand the bad guys' tactics and how to thwart them, they'll continue to have their way with our machines, resulting in some major damage. They know how to attack, and are learning more all the time. We defenders also must be equally if not better equipped. This new edition of Counter Hackrepresents a massive update to the original book; a lot has happened in the last five years in the evolution of computer attack technology. However, the book retains the same format and goal: to describe the attacks in a step-by-step manner and to demonstrate how to defend against each attack using time-tested, real-world techniques. Oh, and one final note: Although the nature of the threat we face has grown far more sinister, don't let that get you down in the dumps. A depressed or frightened attitude might make you frustrated and less agile when dealing with attacks, lowering your capabilities. If we are to be effective in defending our systems, we must keep in mind that this information security work we all do is inherently interesting and even fun. It's incredibly important to be diligent in the face of these evolving threats; don't get me wrong. At the same time, we must strive to keep a positive attitude, fighting the good fight, and making our systems more secure. Preface from the First Edition My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4AM, New Year's Day. Needless to say, I hadn't gotten very much sleep that night. I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues. "We've been hacked big time!" Fred shouted, far too loudly for this time of the morning. I rubbed my eyes to try to gain a little coherence. "How do you know they got in? What did they do?" I asked. Fred replied, "They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!" I asked, "How did they get in? Have you checked out the logs?" Fred stuttered, "W-Well, we don't do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files." "Have you applied the latest security fixes from your operating system vendor to your machines?" I asked, trying to learn a little more about Fred's security posture. Fred responded with hesitation, "We apply security patches every three months. The last time we deployed fixes was ... um ... two-and-a-half months ago." I scratched my aching head and said, "Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any rootkits? Have you checked the consistency of critical files on the system?" "You know, I was planning to install something like Tripwire, but just never got around to it," Fred admitted. I quietly sighed and said, "OK. Just remain calm. I'll be right over so we can start to analyze your machines." You clearly don't want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4AMon New Year's Day. While I've changed Fred's name to protect the innocent, this situation actually occurred. Fred's organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, m

Rewards Program