In the fast-moving world of computers, things are always changing. Since the first edition of this strong-selling book appeared two years ago, network security techniques and tools have evolved rapidly to meet new and more sophisticated threats that pop up with alarming regularity. The second edition offers both new and thoroughly updated hacks for Linux, Windows, OpenBSD, and Mac OS X servers that not only enable readers to secure TCP/IP-based services, but helps them implement a good deal of clever host-based security techniques as well. The new edition of Network Security Hacks offers 100 concise and practical hacks. These hacks are quick, clever, and devilishly effective.

Andrew Lockhart is originally from South Carolina, but currently resides in northern Colorado where he spends his time trying to learn the black art of auditing disassembled binaries and trying to keep from freezing to death. He holds a BS in computer science from Colorado State University and has done security consulting for small businesses in the area. He currently works at a Fortune 100 company when not writing. In his free time he works on Snort-Wireless, a project intended to add wireless intrusion detection popular OpenSource IDS Snort.

Credits

xi

Preface

xv

Unix Host Security

1

(57)

Secure for SUID and SGID Programs

2

(1)

Secure Mount Points

3

(2)

Scan for SUID and SGID Programs

5

(1)

Scan for World-and Group-Writable Directories

5

(1)

Create Flexible Permissions Hierarchies with POSIX ACLs

5

(4)

Protect Your Logs from Tampering

9

(2)

Delegate Administrative Roles

11

(2)

Automate Cryptographic Signature Verification

13

(2)

Check for Listening Services

15

(2)

Prevent Services from Binding to an Interface

17

(2)

Restrict Services with Sandboxed Environments

19

(4)

Use proftpd with a MySQL Authentication Source

23

(3)

Prevent Stack-Smashing Attacks

26

(2)

Lock Down Your Kernel with grsecurity

28

(5)

Restrict Applications with grsecurity

33

(3)

Restrict System Calls with systrace

36

(3)

Create systrace Policies Automatically

39

(2)

Control Login Access with PAM

41

(5)

Restrict Users to SCP and SFTP

46

(3)

Use Single-Use Passwords for Authentication

49

(3)

Restrict Shell Environments

52

(2)

Enforce User and Group Resource Limits

54

(1)

Automate System Updates

55

(3)

Windows Host Security

58

(33)

Check Servers for Applied Patches

59

(4)

Use Group Policy to Configure Automatic Updates

63

(3)

List Open Files and Their Owning Processes

66

(2)

List Running Services and Open Ports

68

(1)

Enable Auditing

69

(2)

Enumerate Automatically Executed Programs

71

(2)

Secure Your Event Logs

73

(1)

Change Your Maximum Log File Sizes

73

(2)

Back Up and Clear the Event Logs

75

(3)

Disable Default Shares

78

(1)

Encrypt Your Temp Folder

79

(1)

Back Up EFS

80

(6)

Clear the Paging File at Shutdown

86

(2)

Check for Passwords That Never Expire

88

(3)

Privacy and Anonymity

91

(26)

Evade Traffic Analysis

91

(4)

Tunnel SSH Through Tor

95

(1)

Encrypt Your Files Seamlessly

96

(4)

Guard Against Phishing

100

(5)

Use the Web with Fewer Passwords

105

(2)

Encrypt Your Email with Thunderbird

107

(5)

Encrypt Your Email in Mac OS X

112

(5)

Firewalling

117

(41)

Firewall with Netfilter

117

(5)

Firewall with OpenBSD's PacketFilter

122

(6)

Protect Your Computer with the Windows Firewall

128

(9)

Close Down Open Ports and Block Protocols

137

(2)

Replace the Windows Firewall

139

(8)

Create an Authenticated Gateway

147

(2)

Keep Your Network Self-Contained

149

(2)

Test Your Firewall

151

(3)

MAC Filter with Netfilter

154

(2)

Block Tor

156

(2)

Encrypting and Securing Services

158

(25)

Encrypt IMAP and POP with SSL

158

(3)

Use TLS-Enabled SMTP with Sendmail

161

(2)

Use TLS-Enabled SMTP with Qmail

163

(1)

Install Apache with SSL and suEXEC

164

(5)

Secure BIND

169

(3)

Set Up a Minimal and Secure DNS Server

172

(4)

Secure MySQL

176

(2)

Share Files Securely in Unix

178

(5)

Network Security

183

(53)

Detect ARP Spoofing

184

(2)

Create a Static ARP Table

186

(2)

Protect Against SSH Brute-Force Attacks

188

(2)

Fool Remote Operating System Detection Software

190

(4)

Keep an Inventory of Your Network

194

(3)

Scan Your Network for Vulnerabilities

197

(10)

Keep Server Clocks Synchronized

207

(2)

Create Your Own Certificate Authority

209

(4)

Distribute Your CA to Clients

213

(1)

Back Up and Restore a Certificate Authority with Certificate Services

214

(7)

Detect Ethernet Sniffers Remotely

221

(6)

Help Track Attackers

227

(2)

Scan for Viruses on Your Unix Servers

229

(4)

Track Vulnerabilities

233

(3)

Wireless Security

236

(14)

Turn Your Commodity Wireless Routers into a Sophisticated Security Platform

236

(4)

Use Fine-Grained Authentication for Your Wireless Network

240

(4)

Deploy a Captive Portal

244

(6)

Logging

250

(32)

Run a Central Syslog Server

251

(1)

Steer Syslog

252

(2)

Integrate Windows into Your Syslog Infrastructure

254

(8)

Summarize Your Logs Automatically

262

(1)

Monitor Your Logs Automatically

263

(3)

Aggregate Logs from Remote Sites

266

(6)

Log User Activity with Process Accounting

272

(1)

Centrally Monitor the Security Posture of Your Servers

273

(9)

Monitoring and Trending

282

(19)

Monitor Availability

283

(8)

Graph Trends

291

(2)

Get Real-Time Network Stats

293

(2)

Collect Statistics with Firewall Rules

295

(2)

Sniff the Enter Remotely

297

(4)

Secure Tunnels

301

(47)

Set Up IPsec Under Linux

301

(5)

Set Up IPsec Under FreeBSD

306

(3)

Set Up IPsec in OpenBSD

309

(5)

Encrypt Traffic Automatically with Openswan

314

(2)

Forward and Encrypt Traffic with SSH

316

(2)

Automate Logins with SSH Client Keys

318

(2)

Use a Squid Proxy over SSH

320

(2)

Use SSH as a Socks Proxy

322

(2)

Encrypt and Tunnel Traffic with SSL

324

(3)

Tunnel Connections Inside HTTP

327

(2)

Tunnel with VTun and SSH

329

(5)

Generate VTun Configurations Automatically

334

(5)

Create a Cross-Platform VPN

339

(6)

Tunnel PPP

345

(3)

Network Intrusion Detection

348

(65)

Detect Intrusions with Snort

349

(4)

Keep Track of Alerts

353

(3)

Monitor Your IDS in Real Time

356

(7)

Manage a Sensor Network

363

(7)

Write Your Own Snort Rules

370

(7)

Prevent and Contain Intrusions with Snort_inline

377

(3)

Automatically Firewall Attackers with SnortSam

380

(4)

Detect Anomalous Behavior

384

(1)

Automatically Update Snort's Rules

385

(3)

Create a Distributed Stealth Sensor Network

388

(1)

Use Snort in High-Performance Environments with Barnyard

389

(3)

Detect and Prevent Web Application Intrusions

392

(5)

Scan Network Traffic for Viruses

397

(3)

Simulate a Network of Vulnerable Hosts

400

(7)

Record Honeypot Activity

407

(6)

Recovery and Response

413

(16)

Image Mounted Filesystems

413

(2)

Verify File Integrity and Find Compromised Files

415

(5)

Find Compromised Packages

420

(2)

Scan for Rootkits

422

(3)

Find the Owner of a Network

425

(4)

Index

429

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.