rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9781928994343

Hack Proofing Linux : A Guide to Open Source Security

by
  • ISBN13:

    9781928994343

  • ISBN10:

    1928994342

  • Edition: CD
  • Format: Paperback
  • Copyright: 2001-08-05
  • Publisher: Elsevier Science
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $51.95
  • Digital
    $62.34
    Add to Cart

    DURATION
    PRICE

Summary

From the authors of the bestselling E-Mail Virus Protection Handbook! The Linux operating system continues to gain market share based largely on its reputation as being the most secure operating system available. The challenge faced by system administrators installing Linux is that it is secure only if installed and configured properly, constantly and meticulously updated, and carefully integrated with a wide variety of Open Source security tools. The fact that Linux source code is readily available to every hacker means that system administrators must continually learn security and anti-hacker techniques. Hack Proofing Linux will provide system administrators with all of the techniques necessary to properly configure and maintain Linux systems and counter malicious attacks. * Linux operating systems and Open Source security tools are incredibly powerful, complex, and notoriously under-documented - this book addresses a real need * CD-Rom contains Red Hat/Mandrake Linux RPMs as well as tarballs for other Linux distributions and the BSD community * Uses forensics-based analysis to give the reader an insight to the mind of a hacker

Table of Contents

Foreword xxvii
Introduction to Open Source Security
1(40)
Introduction
2(1)
The Tools Used in This Book
3(1)
Using the GNU General Public License
3(3)
Fee-Based GPL Software
5(1)
Can I Use GPL Software in My Company?
5(1)
Soft Skills: Coping with Open Source Quirks
6(4)
General Lack of Installation and Configuration Support
6(1)
Infrequent or Irregular Update Schedules
6(1)
Command-Line Dominance
6(1)
Lack of Backward Compatibility and No Regular Distribution Body
7(1)
Inconvenient Upgrade Paths
7(1)
Conflicts in Supporting Libraries and Limited Platform Support
7(1)
Interface Changes
8(1)
Partially Developed Solutions
8(2)
Should I Use an RPM or Tarballs?
10(2)
Tarball
10(1)
Red Hat Package Manager
11(1)
Debian
11(1)
Obtaining Open Source Software
12(4)
Source Forge
12(1)
Freshmeat
13(1)
Packetstorm
14(1)
SecurityFocus
15(1)
Is That Download Safe?
16(1)
A Brief Encryption Review
16(3)
Symmetric Key Encryption
17(1)
Asymmetric Key Encryption
18(1)
Public Key and Trust Relationships
19(12)
One-Way Encryption
20(1)
GNU Privacy Guard
21(1)
Deploying GNU Privacy Guard
21(8)
Skipping Public Key Verification
29(1)
Using GPG to Verify Signatures on Tarball Packages
30(1)
Using Md5sum
30(1)
Auditing Procedures
31(4)
Locking Down Your Network Hosts
31(1)
Securing Data across the Network
32(1)
Protecting the Network Perimeter
33(2)
Summary
35(1)
Solutions Fast Track
35(3)
Frequently Asked Questions
38(3)
Hardening the Operating System
41(68)
Introduction
42(1)
Updating the Operating System
42(1)
Red Hat Linux Errata and Update Service Packages
42(1)
Handling Maintenance Issues
43(4)
Red Hat Linux Errata: Fixes and Advisories
44(2)
Bug Fix Case Study
46(1)
Manually Disabling Unnecessary Services and Ports
47(3)
Services to Disable
47(1)
The xinetd.conf File
48(2)
Locking Down Ports
50(5)
Well-Known and Registered Ports
50(2)
Determining Ports to Block
52(1)
Blocking Ports
53(1)
Xinetd Services
53(1)
Stand-Alone Services
54(1)
Hardening the System with Bastille
55(22)
Bastille Functions
55(8)
Bastille Versions
63(1)
Implementing Bastille
64(10)
Undoing Bastille Changes
74(3)
Controlling and Auditing Root Access with Sudo
77(19)
System Requirements
79(1)
The Sudo Command
79(1)
Downloading Sudo
80(2)
Installing Sudo
82(4)
Configuring Sudo
86(4)
Running Sudo
90(2)
No Password
92(1)
Sudo Logging
93(3)
Managing Your Log Files
96(1)
Using Logging Enhancers
97(6)
SWATCH
97(3)
Scanlogd
100(1)
Syslogd-ng
101(2)
Summary
103(1)
Solutions Fast Track
104(3)
Frequently Asked Questions
107(2)
System Scanning and Probing
109(82)
Introduction
110(1)
Scanning for Viruses Using the AntiVir Antiviru Application
110(13)
Understanding Linux Viruses
110(2)
Using AntiVir
112(2)
Key Mode and Non-Key Mode
114(1)
Licensing AntiVir
114(1)
Exercise: Updating AntiVir
114(2)
Using TkAntivir
116(1)
Required Libraries and Settings
117(1)
Scanning Systems for Boot Sector and E-Mail Viruses
117(3)
Additional Information
120(1)
Exercise: Using TkAntivir
120(3)
Scanning Systems for DDoS Attack Software Using a Zombie Zapper
123(6)
How Zombies Work and How to Stop Them
124(1)
When Should I Use a Zombie Zapper?
125(1)
What Zombie Zapper Should I Use?
125(2)
What Does Zombie Zapper Require to Compile?
127(1)
Exercise: Using Zombie Zapper
127(2)
Scanning System Ports Using the Gnome Service Scan Port Scanner
129(4)
Required Libraries
130(1)
Why Use a Port Scanner?
131(1)
Exercise: Using Gnome Service Scanner
131(2)
Using Nmap
133(13)
Isn't Nmap Just Another Port Scanner?
134(2)
Acquiring and Installing Nmap
136(1)
Common Nmap Options
136(1)
Applied Examples
137(1)
Scanning Entire Networks and Subnets
138(1)
Selective Scanning
139(1)
Adding More Stealth
139(1)
Saving to Text and Reading from Text
140(1)
Testing Firewalls and Intrusion Detection Systems
141(1)
Example: Spoofing the Source Address of a Scan
142(1)
Timing Your Scan Speeds
142(1)
Example: Conducting a Paranoid Scan
143(1)
Exercise: Using Nmap
143(1)
Using Nmap in Interactive Mode
144(1)
Exercise: Using Nmap in Interactive Mode
144(2)
Using NmapFE as a Graphical Front End
146(1)
Exercise: Using NmapFE
147(1)
Using Remote Nmap (Rnmap) as a Central Scanning Device
147(4)
Exercise: Scanning Systems with Rnmap
148(3)
Deploying Cheops to Monitor Your Network
151(14)
How Cheops Works
153(1)
Obtaining Cheops
154(1)
Required Libraries
154(1)
The Cheops Interface
155(2)
Mapping Relations between Computers
157(1)
Cheops Monitoring Methods
157(2)
Connectivity Features
159(1)
Exercise: Installing and Configuring Cheops
160(5)
Deploying Nessus to Test Daemon Security
165(20)
The Nessus Client/Server Relationship
167(2)
Windows Nessus Clients
169(1)
Required Libraries
169(1)
Order of Installation
170(3)
Configuring Plug-Ins
173(1)
Creating a New Nessus User
174(1)
The Rules Database
174(1)
Exercise: Installing Nessus and Conducting a Vulnerability Scan
175(4)
Updating Nessus
179(1)
Understanding Differential, Detached, and Continuous Scans
180(2)
Exercise: Conducting Detached and Differential Scans with Nessus
182(3)
Summary
185(1)
Solutions Fast Track
185(4)
Frequently Asked Questions
189(2)
Implementing an Intrusion Detection System
191(70)
Introduction
192(2)
Understanding IDS Strategies and Types
194(12)
IDS Types
195(1)
Host-Based IDS Applications
196(1)
Network-Based IDS Applications
196(1)
IDS Applications and Fault Tolerance
197(3)
What Can an IDS Do for Me?
200(3)
Which IDS Strategy Is Best?
203(1)
Network-Based IDS Applications and Firewalls
203(1)
IDS Applications
204(2)
Installing Tripwire to Detect File Changes on Your Operating System
206(9)
Tripwire Dependencies
207(1)
Availability
208(1)
Deploying Tripwire
208(1)
Tripwire Files
208(1)
Tripwire Installation Steps
209(1)
Configuring the Tripwire Policy File
209(3)
Creating the Tripwire Policy File
212(1)
Database Initialization Mode
212(2)
Testing E-Mail Capability
214(1)
Integrity Checking Mode
214(1)
Specifying a Different Database
215(1)
Reading Reports
215(1)
Updating Tripwire to Account for Legitimate Changes in the OS
215(2)
Updating the Policy
216(1)
What Do I Do if I Find a Discrepancy?
217(1)
Configuring Tripwire to Inform You Concerning Changes
217(3)
Exercise: Installing Tripwire
217(2)
Exercise: Securing the Tripwire Database
219(1)
Exercise: Using Cron to Run Tripwire Automatically
220(1)
Deploying PortSentry to Act as a Host-Based IDS
220(2)
Important PortSentry Files
221(1)
Installing PortSentry
222(1)
Configuring PortSentry to Block Users
222(1)
Optimizing PortSentry to Sense Attack Types
223(6)
Exercise: Installing and Configuring PortSentry
224(3)
Exercise: Clearing Ipchains Rules
227(1)
Exercise: Running an External Command Using PortSentry
227(2)
Installing and Configuring Snort
229(7)
Availability
229(1)
Supporting Libraries
229(1)
Understanding Snort Rules
230(1)
Snort Variables
230(1)
Snort Files and Directories
231(1)
Snort Plug-Ins
232(1)
Starting Snort
233(3)
Logging Snort Entries
236(1)
Running Snort as a Network-Based IDS
236(2)
Ignoring Hosts
237(1)
Additional Logging Options: Text files, Tcpdump, and Databases
237(1)
Configuring Snort to Log to a Database
238(13)
Controlling Logging and Alerts
239(1)
Getting Information
240(1)
Exercise: Installing Snort
240(1)
Exercise: Using Snort as an IDS Application
241(2)
Exercise: Configuring Snort to Log to a Database
243(8)
Exercise: Querying a Snort Database from a Remote Host
251(1)
Identifying Snort Add-Ons
251(3)
SnortSnarf
252(1)
Exercise: Using SnortSnarf to Read Snort Logs
252(1)
Analysis Console for Intrusion Databases
252(2)
Summary
254(1)
Solutions Fast Track
254(4)
Frequently Asked Questions
258(3)
Troubleshooting the Network with Sniffers
261(38)
Introduction
262(2)
Understanding Packet Analysis and TCP Handshakes
264(4)
TCP Handshakes
265(1)
Establishing a TCP Connection
265(1)
Terminating a TCP Connection
266(2)
Creating Filters Using Tcpdump
268(11)
Tcpdump Options
268(3)
Tcpdump Expressions
271(4)
Boolean Operators
275(1)
Installing and Using Tcpdump
276(3)
Configuring Ethereal to Capture Network Packets
279(9)
Ethereal Options
281(2)
Ethereal Filters
283(1)
Configuring Ethereal and Capturing Packets
283(5)
Viewing Network Traffic between Hosts Using EtherApe
288(5)
Configuring EtherApe and Viewing Network Traffic
289(4)
Summary
293(1)
Solutions Fast Track
294(2)
Frequently Asked Questions
296(3)
Network Authentication and Encryption
299(54)
Introduction
300(1)
Understanding Network Authentication
300(3)
Attacking Encrypted Protocols
301(2)
Creating Authentication and Encryption Solutions
303(2)
Implementing One-Time Passwords (OTP and OPIE)
305(14)
What Files Does OPIE Replace?
305(1)
How Does OPIE Work?
305(1)
OPIE Files and Applications
306(1)
opiepasswd
307(1)
Password Format
308(1)
Using opiekey
309(1)
Using opieinfo and opiekey to Generate a List
310(1)
Installing OPIE
310(1)
Configuration Options
310(1)
Installation Options
311(1)
Uninstalling OPIE
312(1)
Exercise: Installing OPIE
312(3)
Exercise: Installing the OPIE Client on a Remote Server
315(1)
Exercise: Using opie-tk and Allowing Windows Users to Deploy OPIE
316(2)
Exercise: Installing opieftpd
318(1)
Implementing Kerberos Version 5
319(10)
Why Is Kerberos Such a Big Deal?
320(1)
Kerberos Terms
321(1)
Kerberos Principals
322(1)
The Kerberos Authentication Process
323(1)
How Information Traverses the Network
324(1)
Creating the Kerberos Database
325(1)
Using Kadmin.local
325(1)
Using kadmin
326(2)
Using kadmin on the Client
328(1)
Using kadmin and Creating Kerberos Client Passwords
329(8)
Setting Policies
330(1)
Using Kinit
330(2)
The kinit Command and Time Limits
332(1)
Managing Kerberos Client Credentials
333(1)
The kdestroy Command
333(1)
Exercise: Configuring a KDC
334(3)
Establishing Kerberos Client Trust Relationships with kadmin
337(3)
Additional Daemon Principal Names
339(1)
Logging On to a Kerberos Host Daemon
340(5)
Common Kerberos Client Troubleshooting Issues and Solutions
340(1)
Kerberos Client Applications
341(1)
Kerberos Authentication and klogin
342(1)
Exercise: Configuring a Kerberos Client
342(3)
Summary
345(1)
Solutions Fast Track
345(3)
Frequently Asked Questions
348(5)
Avoiding Sniffing Attacks through Encryption
353(38)
Introduction
354(1)
Understanding Network Encryption
354(1)
Capturing and Analyzing Unencrypted Network Traffic
355(6)
Using OpenSSH to Encrypt Network Traffic between Two Hosts
361(3)
The OpenSSH Suite
362(2)
Installing OpenSSH
364(3)
Configuring SSH
367(6)
How SSH Works
368(1)
Insecure r-command Authentication
368(3)
Secure SSH Authentication
371(2)
Implementing SSH to Secure Data Transmissions over an Insecure Network
373(8)
Distributing the Public Key
376(5)
Capturing and Analyzing Encyrpted Network Traffic
381(4)
Summary
385(1)
Solutions Fast Track
386(2)
Frequently Asked Questions
388(3)
Creating Virtual Private Networks
391(54)
Introduction
392(1)
Secure Tunneling with VPNs
392(4)
Telecommuter VPN Solution
392(2)
Router-to-Router VPN Solution
394(1)
Host-to-Host VPN Solution
395(1)
Tunneling Protocols
395(1)
Explaining the IP Security Architecture
396(6)
Using IPSec with a VPN Tunneling Protocol
400(1)
Internet Key Exchange Protocol
401(1)
Creating a VPN by Using FreeS/WAN
402(37)
Downloading and Unpacking FreeS/WAN
404(3)
Compiling the Kernel to Run FreeS/WAN
407(10)
Recompiling FreeS/WAN into the New Kernel
417(3)
Configuring FreeS/WAN
420(1)
Testing IP Networking
420(4)
Configuring Public Key Encryption for Secure Authentication of VPN Endpoints
424(10)
Starting the Tunnel
434(2)
Capturing VPN Tunnel Traffic
436(2)
Closing the VPN Tunnel
438(1)
Summary
439(1)
Solutions Fast Track
440(1)
Frequently Asked Questions
441(4)
Implementing a Firewall with Ipchains and Iptables
445(62)
Introduction
446(1)
Understanding the Need for a Firewall
447(6)
Building a Personal Firewall
449(1)
Understanding Packet Filtering Terminology
450(2)
Choosing a Linux Firewall Machine
452(1)
Protecting the Firewall
452(1)
Deploying IP Forwarding and Masquerading
453(5)
Masquerading
456(2)
Configuring Your Firewall to Filter Network Packets
458(3)
Configuring the Kernel
460(1)
Packet Accounting
460(1)
Understanding Tables and Chains in a Linux Firewall
461(10)
Built-In Targets and User-Defined Chains
462(1)
Specifying Interfaces
463(1)
Setting Policies
464(3)
Using Ipchains to Masquerade Connections
467(1)
Iptables Masquerading Modules
468(1)
Using Iptables to Masquerade Connections
468(2)
Iptables Modules
470(1)
Exercise: Masquerading Connections Using Ipchains or Iptables
471(1)
Logging Packets at the Firewall
471(7)
Setting Log Limits
472(1)
Adding and Removing Packet Filtering Rules
472(1)
ICMP Types
473(2)
Exercise: Creating a Personal Firewall and Creating a User-Defined Chain
475(2)
Redirecting Ports in Ipchains and Iptables
477(1)
Configuring a Firewall
478(5)
Setting a Proper Foundation
478(1)
Creating Anti-Spoofing Rules
479(4)
Counting Bandwidth Usage
483(5)
Listing and Resetting Counters
484(1)
Setting Type of Service (ToS) in a Linux Router
484(2)
Setting ToS Values in Ipchains and Iptables
486(2)
Using and Obtaining Automated Firewall Scripts and Graphical Firewall Utilities
488(12)
Firewall Works in Progress
490(1)
Exercise: Using Firestarter to Create a Personal Firewall
490(8)
Exercise: Using Advanced Firestarter Features
498(2)
Summary
500(1)
Solutions Fast Track
500(5)
Frequently Asked Questions
505(2)
Deploying the Squid Web Proxy Cache Server
507(36)
Introduction
508(1)
Benefits of Proxy Server Implementation
508(4)
Proxy Caching
508(2)
Network Address Translation
510(2)
Differentiating between a Packet Filter and a Proxy Server
512(1)
Implementing the Squid Web Proxy Cache Server
513(16)
System Requirements Specific to Proxy Caching
516(1)
Installing Squid
517(3)
Configuring Squid
520(2)
The http_port Tag
522(1)
The Cache_dir Tag
523(2)
The acl Tag
525(1)
The http_access Tag
526(2)
Starting and Testing Squid
528(1)
Configuring Proxy Clients
529(6)
Configuring Netscape Navigator and Lynx
530(1)
Configuring Netscape Navigator
530(2)
Configuring Lynx
532(1)
Configuring Internet Explorer (Optional)
533(2)
Summary
535(1)
Solutions Fast Track
536(2)
Frequently Asked Questions
538(5)
Maintaining Firewalls
543(56)
Introduction
544(1)
Testing Firewalls
544(6)
IP Spoofing
546(1)
Open Ports/Daemons
546(1)
Monitoring System Hard Drives, RAM, and Processors
547(1)
Suspicious Users, Logins, and Login Times
547(1)
Check the Rules Database
548(1)
Verify Connectivity with Company Management and End Users
548(1)
Remain Informed Concerning the Operating System
549(1)
Port Scans
549(1)
Using Telnet, Ipchains, Netcat, and SendIP to Probe Your Firewall
550(13)
Ipchains
551(1)
Telnet
551(1)
Using Multiple Terminals
552(1)
Netcat
552(2)
Sample Netcat Commands
554(1)
Additional Netcat Commands
555(2)
Exercise: Using Netcat
557(1)
SendIP: The Packet Forger
558(1)
SendIP Syntax
558(2)
Exercise: Using SendIP to Probe a Firewall
560(3)
Understanding Firewall Logging, Blocking, and Alert Options
563(27)
Firewall Log Daemon
563(1)
Obtaining Firelogd
563(1)
Syntax and Configuration Options
563(1)
Message Format
564(2)
Customizing Messages
566(2)
Reading Log Files Generated by Other Firewalls
568(1)
Exercise: Configuring and Compiling Firelogd
568(1)
Fwlogwatch
569(1)
Fwlogwatch Modes
570(2)
Fwlogwatch Options and Generating Reports
572(3)
Exercise: Generating an HTML-Based Firewall Log with Fwlogwatch
575(1)
Automating Fwlogwatch
575(1)
The Fwlogwatch Configuration File
576(3)
Notification Options
579(2)
Response Options
581(2)
Exercise: Configuring Fwlogwatch to Send Automatic Alerts and Block Users
583(1)
Using Fwlogwatch with CGI Scripts
584(2)
Obtaining More Information
586(1)
Viewing the Results
587(1)
Exercise: Using Cron and Fwlogwatch CGI Scripts to Generate an Automatic HTML Report
588(2)
Additional Fwlog Features
590(1)
Obtaining Additional Firewall Logging Tools
590(3)
Summary
593(1)
Solutions Fast Track
593(4)
Frequently Asked Questions
597(2)
Appendix A Bastille Log 599(6)
Appendix B Hack Proofing Linux Fast Track 605(32)
Index 637

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program