Network Security first-step Tom Thomas Cisco Press 800 East 96th Street Indianapolis, IN 46240 ii Network Security Publisher first-step John Wait Editor-in-Chief John Kane Tom Thomas Cisco Representative Anthony Wolfenden Copyright©2004 Cisco Systems, Inc. Cisco Press Program Published by: Manager Cisco Press Nannette M. Noble 800 East 96th Street Indianapolis, IN 46240 USA Production Manager Patrick Kanouse All rights reserved. No part of this book may be reproduced Senior Development Editor or transmitted in any form or by any means, electronic or Christopher Cleveland mechanical, including photocopying, recording, or by any information storage and retrieval system, without written per- Project Editor mission from the publisher, except for the inclusion of brief San Dee Phillips quotations in a review. Copy Editor Bridget Collins Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 First Printing May 2004 Technical Editors Matt Birkner Library of Congress Cataloging-in-Publication Number: Amos Brown 2003107987 Cary Riddock Mark Zimmerman ISBN: 1-58720-099-6 Team Coordinator Tammi Barnett Warning and Disclaimer Book and Cover Designer Louisa Adair This book is designed to provide information about network Compositor security. Every effort has been made to make this book as com- Mark Shirar plete and as accurate as possible, but no warranty or fitness is Indexer implied. Tim Wright The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liabil- ity nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. iii Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Corporate and Government Sales Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information please contact: U.S. Corporate and Government Sales 1-800-382-3419 [email protected] For sales outside the U.S. please contact: International Sales [email protected] Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regard- ing how we could improve the quality of this book or otherwise alter it to better suit your needs, you can contact us through e-mail at [email protected]. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. iv About the Author Tom Thomas claims he never works because he loves what he does. When you meet him, you will agree! Throughout his many years in the networking industry, Tom has taught thousands of people how networking works. Tom is the author or coauthor of 17 books on networking, including the acclaimed OSPF Network Design Solutions, published by Cisco Press. Beyond his many books, Tom also has taught computer and net- working skills through his roles as an instructor and training-course developer. Tom holds the Cisco Certified Internetwork Expert (CCIE No. 9360) certifica- tion—the pinnacle of networking certifications. Tom also holds Cisco CCNP, CCDA, and CCNA certifications and is a certified Cisco Systems instructor. These certifications support his industry-proven, problem-solving skills through techni- cal leadership with demonstrated persistence and the ability to positively assist businesses in leveraging their IT resources. Tom was the founder of NetCerts.com (now CCPrep.com) and is currently the principal owner and founder of Granite Systems, Inc. (www.GraniteSystems.net ), a managed IT service provider for medium-sized businesses, where he is responsi- ble for the corporate infrastructure, security implementations, and new product service development such as its ground-breaking IP Telephony Management Sys- tem a.k.a. Bedrock. He was previously an instructor for Chesapeake Computer Consultants, Inc. (CCCI) and a course developer for Cisco Systems. v About the Technical Reviewers Matthew H. Birkner, CCIE No. 3719, is a technical advisor at Cisco Systems, where he specializes in IP, MPLS, and QoS network design. He has influenced many large carrier and enterprise network designs worldwide. Matt has spoken at Cisco Networkers on MPLS in both the U.S. and EMEA over the past few years. A dou- ble CCIE, he wrote Cisco Internetwork Design, published by Cisco Press. Matt holds a BSEE from Tufts University, where he majored in electrical engineering. Amos Brown is a Cisco Certified IPT Design engineer and co-founder of Granite Systems, Inc. in the RTP. He has worked with the Cisco AVVID solution for four years in various settings, ranging from small- to mid-sized businesses to campus deployments. Amos has created several web-based management and monitoring tools for Cisco IPT as an added offering for Cisco clients. He still finds time for his hobby, network security and Open Source security tools. Cary Riddock,MCSE, CCDA, CCNP, is the principal and senior engineer for the Aegis Security Group LLC, headquartered in Florida. Cary has more than 16 years of experience as an IT professional, including years of specialization as a network engineer and security specialist. He has extensive experience in the vulnerability analysis and remediation of sensitive information networks, including both government and medical systems. Under Cary’s leadership, Aegis is currently providing IT security consulting services for several federal agencies in the Washington, D.C., area. Cary is a contributing author and technical editor for Cisco Press and other IT security publications. Mark Zimmerman, CCIE No. 11312, is a U.S. channels systems engineer for Cisco Systems outside field office in Research Triangle Park, NC. He is responsible for Cisco partner support and development. This role encompasses partner product training and technical help on solutions. Mark works closely with the enterprise services organization and many other Cisco groups to grow and develop sales. He has worked with Cisco for three years. Before Cisco, Mark was a senior systems engineer for the State of Virginia building and gained valuable hands-on experience by supporting the community college systems networks. He worked for the state for eight years. Before this, Mark spent three years as an engineering consultant in Ohio, where he designed some of the first LANs using Arcnet. He earned his Bachelor of Science degree from Kent State University in electrical engineering technology. vi Dedication How do you put into words the importance someone has in your life? Love and time strengthens the emotions until they are so powerful and deep that the act of holding hands expresses them in such a fundamental way that words cannot. My wife, Rose, knows her importance to my life. Without her love and support, I never would have become the husband, father, Christian, and man that I am today. Rose, you are my partner, foundation, and sharer of dreams, and I dedicate this book to you. Thank you for your support, love, faith, questions, and our two wonderful children (Rebekah and Daniel). We are truly blessed as a family. vii Acknowledgments Special acknowledgments go to my good friend and the best editor, Chris Cleve- land. His insight, abilities, and editorial comments take a rough manuscript and give it life beyond what a simple nerd was able to envision. I also want to thank John Kane for always listening. Amy Moss, whom I have had the privilege and joy of knowing, is a great friend. Her understanding and friendship has been a joy to my family and I over the years. Amy helped me start this book and has been involved in every book I have written for Cisco Press, of which this was the last. Best of luck in the future, Amy; you will be missed! As always, I would like to thank my technical editors, Matt, Amos, Cary, and Mark, for their friendship, insight, and awesome comments. Your knowledge helped to fine-tune my thoughts. I know that this book will help many people, and that was the goal. Thank you. viii Contents at a Glance Introduction xviii Chapter 1 Here There Be Hackers! 3 Chapter 2 Security Policies and Responses 47 Chapter 3 Overview of Security Technologies 85 Chapter 4 Security Protocols 125 Chapter 5 Firewalls 157 Chapter 6 Router Security 189 Chapter 7 IPSec Virtual Private Networks (VPNs) 231 Chapter 8 Wireless Security 275 Chapter 9 Intrusion Detection and Honeypots 321 Chapter 10 Tools of the Trade 353 Appendix A Answers to Chapter Review Questions 395 Glossary 413 Index 433 ix Contents Introduction xviii Chapter 1 Here There Be Hackers! 3 Essentials First: Looking for a Target 3 Hacking Innocent Information 5 Targets of Opportunity 7 Are You a Target of Opportunity? 9 Targets of Choice 10 Are You a Target of Choice? 10 The Process of an Attack 12 Reconnaissance and Footprinting (a.k.a. Casing the Joint) 13 Scanning 18 Enumeration 22 Enumerating Windows 23 Gaining Access 26 Operating System Attacks 27 Application Attacks 28 Misconfiguration Attacks 28 Script Attacks 29 Escalating Privilege 30 Covering Tracks 31 Network Security Organizations 35 CERT Coordination Center 36 SANS 36 Center for Internet Security (CIS) 36 SCORE 37 Internet Storm Center 37 ICAT Metabase 38 Security Focus 38 Learning from the Network Security Organizations 38 Overview of Common Attacks and Exploits 39 Chapter Summary 43 Chapter Review 44