ebook img

Network Security PDF

480 Pages·2006·7.75 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Network Security

www.it-ebooks.info www.it-ebooks.info NETWORK SECURITY HACKS TM www.it-ebooks.info Other computer security resources from O’Reilly Related titles Wireless Hacks Linux Server Hacks BSD Hacks Linux Server Hacks, Knoppix Hacks Volume 2 Ubuntu Hacks Linux Multimedia Hacks Linux Desktop Hacks Windows XP Hacks Windows Server Hacks Hacks Series Home hacks.oreilly.comisacommunitysitefordevelopersand powerusersofallstripes.Readerslearnfromeachother astheysharetheirfavoritetipsandtoolsforMacOSX, Linux, Google, Windows XP, and more. Security Books security.oreilly.com is a complete catalog of O’Reilly’s Resource Center books on security and related technologies, including sample chapters and code examples. oreillynet.comistheessentialportalfordevelopersinter- estedinopenandemergingtechnologies,includingnew platforms, programming languages, and operating systems. Conferences O’Reilly brings diverse innovators together to nurture theideasthatsparkrevolutionaryindustries.Wespecial- ize in documenting the latest tools and systems, translating the innovator’s knowledge into useful skills forthoseinthetrenches.Visitconferences.oreilly.comfor our upcoming events. SafariBookshelf(safari.oreilly.com)isthepremieronline reference library for programmers and IT professionals. Conduct searches across more than 1,000 books. Sub- scriberscanzeroinonanswerstotime-criticalquestions in a matter of seconds. Read the books on your Book- shelf from cover to cover or simply flip to the page you need. Try it today for free. www.it-ebooks.info SECOND EDITION NETWORK SECURITY HACKS TM Andrew Lockhart Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo www.it-ebooks.info Network Security Hacks™, Second Edition by Andrew Lockhart Copyright © 2007, 2004 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 [email protected]. Editor: Brian Sawyer Cover Designer: Karen Montgomery Production Editor: Philip Dangler Interior Designer: David Futato Copyeditor: Rachel Wheeler Illustrators: Robert Romano Indexer: Ellen Troutman-Zaig and Jessamyn Read Printing History: April 2004: First Edition. November 2006: Second Edition. NutshellHandbook,theNutshellHandbooklogo,andtheO’Reillylogoareregisteredtrademarks ofO’ReillyMedia,Inc.TheHacksseriesdesignations,NetworkSecurityHacks,theimageofbarbed wire, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimedastrademarks.Wherethosedesignationsappearinthisbook,andO’ReillyMedia,Inc.was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. Small print:The technologies discussed in this publication, the limitations on these technologies thattechnologyandcontentownersseektoimpose,andthelawsactuallylimitingtheuseofthese technologies are constantly changing. Thus, some of the hacks described in this publication may notwork,maycauseunintendedharmtosystemsonwhichtheyareused,ormaynotbeconsistent withapplicableuseragreements.Youruseofthesehacksisatyourownrisk,andO’ReillyMedia, Inc.disclaimsresponsibilityforanydamageorexpenseresultingfromtheiruse.Inanyevent,you should take care that your use of these hacks does not violate any applicable laws, including copyright laws. This book uses RepKover™, a durable and flexible lay-flat binding. ISBN 10: 0-596-52763-2 ISBN 13: 978-0-596-52763-1 [C] www.it-ebooks.info Contents Credits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Chapter1. Unix Host Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.Secure Mount Points 2 2.Scan for SUID and SGID Programs 3 3.Scan for World- and Group-Writable Directories 5 4.Create Flexible Permissions Hierarchies with POSIX ACLs 5 5.Protect Your Logs from Tampering 9 6.Delegate Administrative Roles 11 7.Automate Cryptographic Signature Verification 13 8.Check for Listening Services 15 9.Prevent Services from Binding to an Interface 17 10.Restrict Services with Sandboxed Environments 19 11.Use proftpd with a MySQL Authentication Source 23 12.Prevent Stack-Smashing Attacks 26 13.Lock Down Your Kernel with grsecurity 28 14.Restrict Applications with grsecurity 33 15.Restrict System Calls with systrace 36 16.Create systrace Policies Automatically 39 17.Control Login Access with PAM 41 18.Restrict Users to SCP and SFTP 46 19.Use Single-Use Passwords for Authentication 49 20.Restrict Shell Environments 52 v www.it-ebooks.info 21.Enforce User and Group Resource Limits 54 22.Automate System Updates 55 Chapter2. Windows Host Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 23.Check Servers for Applied Patches 59 24.Use Group Policy to Configure Automatic Updates 63 25.List Open Files and Their Owning Processes 66 26.List Running Services and Open Ports 68 27.Enable Auditing 69 28.Enumerate Automatically Executed Programs 71 29.Secure Your Event Logs 73 30.Change Your Maximum Log File Sizes 73 31.Back Up and Clear the Event Logs 75 32.Disable Default Shares 78 33.Encrypt Your Temp Folder 79 34.Back Up EFS 80 35.Clear the Paging File at Shutdown 86 36.Check for Passwords That Never Expire 88 Chapter3. Privacy and Anonymity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 37.Evade Traffic Analysis 91 38.Tunnel SSH Through Tor 95 39.Encrypt Your Files Seamlessly 96 40.Guard Against Phishing 100 41.Use the Web with Fewer Passwords 105 42.Encrypt Your Email with Thunderbird 107 43.Encrypt Your Email in Mac OS X 112 Chapter4. Firewalling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 44.Firewall with Netfilter 117 45.Firewall with OpenBSD’s PacketFilter 122 46.Protect Your Computer with the Windows Firewall 128 47.Close Down Open Ports and Block Protocols 137 48.Replace the Windows Firewall 139 49.Create an Authenticated Gateway 147 50.Keep Your Network Self-Contained 149 vi | Contents www.it-ebooks.info 51.Test Your Firewall 151 52.MAC Filter with Netfilter 154 53.Block Tor 156 Chapter5. Encrypting and Securing Services . . . . . . . . . . . . . . . . . . . . . . . 158 54.Encrypt IMAP and POP with SSL 158 55.Use TLS-Enabled SMTP with Sendmail 161 56.Use TLS-Enabled SMTP with Qmail 163 57.Install Apache with SSL and suEXEC 164 58.Secure BIND 169 59.Set Up a Minimal and Secure DNS Server 172 60.Secure MySQL 176 61.Share Files Securely in Unix 178 Chapter6. Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 62.Detect ARP Spoofing 184 63.Create a Static ARP Table 186 64.Protect Against SSH Brute-Force Attacks 188 65.Fool Remote Operating System Detection Software 190 66.Keep an Inventory of Your Network 194 67.Scan Your Network for Vulnerabilities 197 68.Keep Server Clocks Synchronized 207 69.Create Your Own Certificate Authority 209 70.Distribute Your CA to Clients 213 71.Back Up and Restore a Certificate Authority with Certificate Services 214 72.Detect Ethernet Sniffers Remotely 221 73.Help Track Attackers 227 74.Scan for Viruses on Your Unix Servers 229 75.Track Vulnerabilities 233 Chapter7. Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 76.Turn Your Commodity Wireless Routers into a Sophisticated Security Platform 236 77.Use Fine-Grained Authentication for Your Wireless Network 240 78.Deploy a Captive Portal 244 Contents | vii www.it-ebooks.info Chapter8. Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 79.Run a Central Syslog Server 251 80.Steer Syslog 252 81.Integrate Windows into Your Syslog Infrastructure 254 82.Summarize Your Logs Automatically 262 83.Monitor Your Logs Automatically 263 84.Aggregate Logs from Remote Sites 266 85.Log User Activity with Process Accounting 272 86.Centrally Monitor the Security Posture of Your Servers 273 Chapter9. Monitoring and Trending . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 87.Monitor Availability 283 88.Graph Trends 291 89.Get Real-Time Network Stats 293 90.Collect Statistics with Firewall Rules 295 91.Sniff the Ether Remotely 297 Chapter10. Secure Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301 92.Set Up IPsec Under Linux 301 93.Set Up IPsec Under FreeBSD 306 94.Set Up IPsec in OpenBSD 309 95.Encrypt Traffic Automatically with Openswan 314 96.Forward and Encrypt Traffic with SSH 316 97.Automate Logins with SSH Client Keys 318 98.Use a Squid Proxy over SSH 320 99.Use SSH As a SOCKS Proxy 322 100.Encrypt and Tunnel Traffic with SSL 324 101.Tunnel Connections Inside HTTP 327 102.Tunnel with VTun and SSH 329 103.Generate VTun Configurations Automatically 334 104.Create a Cross-Platform VPN 339 105.Tunnel PPP 345 viii | Contents www.it-ebooks.info

Description:
BSD Hacks™. Knoppix Hacks™. Ubuntu Hacks claimed as trademarks. Where those designations appear in this book, and O'Reilly Media, Inc. was.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.