Showing posts with label Hack Proofing. Show all posts

The Only Way to Stop a Hacker Is to Think Like One

Technical Editor: Larry Loeb, Cover Designer: Michael KavishTechnical Reviewer: Adam Sills and Vitaly Osipov, Page Layout and Art by: Shannon TozierAcquisitions Editor: Catherine B. Nolan, Copy Editor: Adrienne RebelloDevelopmental Editor: Jonothan Babcock, Indexer: Nara Wood

‘ken’@ftu, Dr. Everett F. Carter, Jr., Jeremy Faircloth, Curtis Franklin, Jr., Larry Loeb  Technical Editor

e-books shop
Hack Proofing XML

Hal Flynn is a Threat Analyst at SecurityFocus, the leading provider of
Security Intelligence Services for Business. Hal functions as a Senior
Analyst, performing research and analysis of vulnerabilities, malicious
code, and network attacks. He provides the SecurityFocus team with
UNIX and Network expertise. He is also the manager of the UNIX
Focus Area and moderator of the Focus-Sun, Focus-Linux, Focus-BSD,
and Focus-GeneralUnix mailing lists.
Hal has worked the field in jobs as varied as the Senior Systems and
Network Administrator of an Internet Service Provider, to contracting the
United States Defense Information Systems Agency, to Enterprise-level
consulting for Sprint. He is also a veteran of the United States Navy
Hospital Corps, having served a tour with the 2nd Marine Division at
Camp Lejeune, NC as a Fleet Marine Force Corpsman. Hal is mobile,
living between sunny Phoenix, AZ and wintry Calgary, Alberta, Canada.
Rooted in the South, he still calls Montgomery,AL home.

Curtis Franklin, Jr. is President and Editorial Director of CF2 Group.
CF2 Group is a technology assessment and communications firm headquartered
in Gainesville, FL. CF2 Group provides technology assessment,
product review, competitive product comparison and editorial creative
services to manufacturers, end-user organizations and publications across
the high-tech spectrum. Curtis provides leadership and principal creative
input to project technologies ranging from embedded systems to Webbased
enterprise infrastructure.

Curtis is the Founder of two major industry testing labs, the BYTE
Testing Lab and Client/Server Labs. He has published over 1,400 articles
in his career, and has led performance and technology assessment projects
for clients including IBM, Intel, Microsoft, and HP. Curtis hold’s a bachelor’s
degree from Birmingham-Southern College. He lives in Gainesville,
FL with his family, Carol and Daniel.
Curtis is grateful for the unending support and encouragement of his
wife, Carol, who has been a source of love and inspiration for so very long.

Dr. Everett F. (Skip) Carter, Jr. is President of Taygeta Network
Security Services (a division of Taygeta Scientific Inc.). He is also
CEO/CTO of CaphNet, Inc. Skip has expert level knowledge of multiple
programming/scripting languages (Ada, C, C++, C+ FORTRAN, Forth,
Perl, HTML,WML, and XML) as well as multiple operating systems
(DOS, NT, PalmOS, Unix: SYSV, BSD and Linux). Skip, through Taygeta
Network Security Services, is the “tip of the sword” for Internet intrusion
investigation and network security assessments.Taygeta Scientific Inc. provides
contract and consulting services in the areas of scientific computing,
smart instrumentation, and specialized data analysis. CaphNet, Inc. is a
start-up providing WML, cHTML and xHTML Browser Software
Platforms for mobile devices.
Skip holds both a Ph.D. and master’s in Applied Physics from Harvard
University. In addition, he holds two bachelor’s degrees from the
Massachusetts Institute of Technology—one in Physics and the other in
Earth and Planetary Sciences (Geophysics). Skip is a member of the
American Society for Industrial Security (ASIS). He has authored several
articles for Dr. Dobb’s Journal, and Computer Language magazines as well a
numerous scientific articles and is a past columnist for Forth Dimensions
magazine. Skip resides in Monterey, CA with his wife of 17 years,Trace
and their 12-year-old son, Rhett.

‘ken’@FTU has helped suppliers to conduct B2B XML transactions with
large e-commerce portals including Ariba. He is also credited with discovering
security vulnerabilities in software products by major vendors such as
Microsoft and IBM. Currently he works at a bank doing technical auditing
and penetrating testing of their networks, systems and applications.

Jeremy Faircloth (CCNA, MCSE, MCP+I,A+) is a Systems Analyst for
Gateway, Inc. where he develops and maintains enterprise-wide client/
server and Web-based technologies. He also acts as a technical resource
for other IT professionals, using his expertise to help others expand their
knowledge. As a Systems Analyst with over 10 years of real-world IT
experience, he has become an expert in many areas of IT including
Web development, database administration, programming, enterprise
security, network design, and project management. He is a co-author of
ASP .NET Developer’s Guide (Syngress Publishing, ISBN: 1-928994-51-2)
and C# for Java Programmers (Syngress, ISBN: 1-931836-54-X). Jeremy
currently resides in Dakota City, NE and wishes to thank Christina
Williams for her support in his various technical endeavors.

Joe Dulay (MCSD) is the Vice-President of Technology for the IT Age
Corporation. IT Age Corporation is a project management and software
development firm specializing in customer-oriented business enterprise
and e-commerce solutions located in Atlanta, GA. His current responsibilities
include managing the IT department, heading the technology
steering committee, software architecture, e-commerce product management,
and refining development processes and methodologies.Though
most of his responsibilities lay in the role of manager and architect, he is
still an active participant of the research and development team. Joe holds
a bachelor’s degree from the University of Wisconsin in Computer
Science. His background includes positions as a Senior Developer at
Siemens Energy and Automation, and as an independent contractor specializing
in e-commerce development. Joe is also co-author of Syngress
Publishing’s Hack Proofing Your Web Applications (ISBN:
1-928994-31-8). Joe would like to thank his family for always being
there to help him.

F.William Lynch (SCSA, CCNA, LPI-I, MCSE, MCP, Linux+, A+) is
co-author for Syngress Publishing’s Hack Proofing Sun Solaris 8 (ISBN:
1-928994-44-X) and Hack Proofing Your Network, Second Edition
(1-928994-70-9). He is an independent security and systems administration
consultant and specializes in firewalls, virtual private networks, security
auditing, documentation, and systems performance analysis.William
has served as a consultant to multinational corporations and the Federal
government including the Centers for Disease Control and Prevention
headquarters in Atlanta, GA as well as various airbases of the USAF. He is
also the Founder and Director of the MRTG-PME project, which uses
the MRTG engine to track systems performance of various UNIX-like
operating systems.William holds a bachelor’s degree in Chemical
Engineering from the University of Dayton in Dayton, OH and a master’s
of Business Administration from Regis University in Denver, CO.

Technical Editor
Larry Loeb is the Principal of pbc enterprises in Wallingford, CT, a consulting
firm specializing in IT matters. He has been a Consulting Editor
for BYTE magazine, Contributing Editor for Circuit Cellar Ink, Senior
Editor for WebWeek, Editor of the Macintosh Exchange on BIX, and a
columnist for ITworld. He currently writes a monthly column for IBM’s
online developer Works.
Larry has also contributed to the Internet Business Analyst (U.K.),
MacUser, Internet World, BYTEWeek, Macworld,VARBusiness, Home/Office
Computing, Solutions Integrator, and other publications. He is the author of
the book Secure Electronic Transactions: Introduction and Technical Reference

Technical Reviewers
Adam Sills is a Software Architect at GreatLand Insurance, a small insurance
company parented by Kemper Insurance. He works in a small IT
department that focuses on creating applications to expedite business processes
and manage data from a multitude of locations. Previously, he had a
small stint in consulting and also worked at a leading B2B e-commerce
company designing and building user interfaces to interact with a largescale
enterprise eCommerce application.Adam’s current duties include
building and maintaining Web applications, as well as helping to architect,
build, and deploy new Microsoft .NET technologies into production use.
Adam has contributed to the writing of a number of books for Syngress
including ASP .NET Developer’s Guide (ISBN: 1-928994-51-2), C# .NET
Web Developers Guide (ISBN: 1-9289984-50-4) and the XML.NET
Developer’s Guide (ISBN: 1-928994-47-4). Additionally, Adam is an active
member of a handful of ASP and ASP.NET mailing lists, providing support

and insight whenever he can.

Vitaly Osipov (CISSP, CCSA, CCSE, CCNA) is a Security Specialist
with a technical profile. He has spent the last five years consulting various
companies in Eastern, Central, and Western Europe on information security
issues. Last year Vitaly was busy with the development of managed
security service for a data center in Dublin, Ireland. He is a regular contributor
to various infosec-related mailing lists and recently co-authored
Check Point NG Certified Security Administrator Study Guide (Syngress
Publishing, ISBN: 1-928994-74-1) and Managing Cisco Network Security,
Second Edition (Syngress Publishing, ISBN: 1-931836-56-6).Vitaly has a

degree in mathematics. Currently he lives in the British Isles.

The book you are holding in your hand is a battle plan.You are engaged in mortal
combat and might not even recognize the kind of battle you have to fight. But fight
it you will, and fight it you must.
If you are reading this foreword, the title Hack Proofing XML has interested you.
You might have picked it up in some bookstore and are thumbing through it to get a
sense of whether or not you are willing to plunk down the ducats to buy it. Or you
might have ordered it online. How you got the book into your hands doesn’t matter
a whit.You are here, and the dialogue has begun.
Wherever these words find you, find a comfortable place to sit down and read
these few introductory pages in one swoop. It will only take a few minutes, but it’s
important. Really.

One of the problems of writing (and reading) a technical book is that these
tomes are generally are unreadable.You want information, but the style and manner
of technical writing is usually so dense and impenetrable that getting that information
requires you to navigate the word puzzles implicit in the style in order to come
up with the nuggets of information you are looking for.The book’s publishers
(Syngress) have figured out a way to fix that. (“Yeah, riiiight,” I hear you say.Wait a
moment before you get cynical.) The fact is, the people at Syngress had to convince
me about their solution before I would undertake to write the book you are
holding. And I’m no pushover.

I’ve been writing in the field for the last 20 years or so. Like all writers, I’ve had to
use many styles for many different purposes. My last book was such an effort that I
swore I would never do it again. I didn’t think I could survive the process once more.
When the Syngress folks approached me about doing this book, I was rather
skeptical.They didn’t know it; but two other publishers had recently been sniffing
around my e-mail address.When I asked those other publishers what they would do
to help the process of writing; they mentioned money and let it go at that.When I
asked Syngress, they told me about the Syngress Outline.

Syngress has developed a method to communicate information that actually
works. It is both deceptively simple and flexible. Even better, it encourages communication
among collaborators. It works by focusing on the important information,
thereby eliminating extraneous fluff. Using this method, authors funnel their efforts
into writing that has a positive signal-to-noise ratio, something that doesn’t always
end up happening in books put out by other publishers. Syngress’s method is not a
panacea for bad writing, but it sure does encourage good and effective writing.
Even with this tool, I was somewhat leery of the title Hack Proofing XML. I told
Syngress that I felt that truly “proofing” anything against a determined hacker was
impossible, and I was not interested in leveraging my reputation for delivering the literary
goods on a marketing ploy.They countered that weatherproofing a house
doesn’t protect against all weather conditions, either, but it does mitigate the harm
that weather can cause a house. I realized they had a point, and that idea became the
overall goal of this book.You’ll never make any system totally secure against any and
all attacks. But you don’t have to leave yourself wide open to abuse, either.
Let’s take a look at what you can expect from this book.We made an assumption
during the preparation of the book about who the Reader will be: Just about
anyone—not just the technical folk, but their bosses as well. Both the wizards and the
trolls can stroll under the tent flap and feel confident that they will come away with
something useful. It might be heresy to say so, but it goes back to what I’ve already
mentioned about tech writing.The usual approach to writing on technical subjects
has been that unless you know the secret code words of the field (whatever they are),
you are considered not worth addressing.

I think it crucial that it be understood from the beginning that it is not a cookbook
of magical incantations meant to be sprinkled over code with gleeful abandon.
That kind of approach just does not work in the long term.We don’t just give you a
fish to eat, we want to teach you how to fish. XML is a fluid and changing arena,
and cookie-cutter code would be obsolete even as the book came off the presses.
Not that this book doesn’t contain illustrative code examples, but they are just that:
Illustrative of a concept or method.The code is there to show how something can be
brought down to the practical level from the abstract.
Not to belittle coders, but this book isn’t simply about code. I’ve tried to be
more inclusive in the ground that it covers.Tech writing often focuses on techniques
to the exclusion of everything else.That approach seems to me sterile and limiting.
Living up to the promise made by this book’s title requires a multifaceted approach
to the problem.

We begin by first stepping back from the purely technical side of things to try to
understand the adversary we will be dealing with. A defender (as has been recognized
since the writing of Sun Tzu’s The Art of War in ancient times) has a logistical
problem in that he cannot be everywhere at the same time with the necessary
resources for defense.An enlightened defense strategy has to begin with the threat
model.Who will pose the threat and how they will do so becomes the topic for contemplation.
We try to anticipate the attack by looking at what motivates and drives the attacker.

We then consider the types of attacks that can be made against computer systems
in general. Again, we start from the general and work toward the specific. It is a safe
bet that whatever attack is mounted in the specific instance you experience, but it
will follow the form of one or another that has preceded it. By appreciating the
methods used in the general form of attack, you can get a feel for how your efforts
will progress.The secret knowledge here (don’t tell anyone who doesn’t know the
club handshake!) is that attackers tend to be lazy, and they hate to reinvent the wheel.
If something has worked in the past, there’s a very good chance that someone will
try it again until it no longer works.

Time now to get specifically into XML.We start with a review of what makes up
XML and the syntax used, to get everyone on the same metaphoric page.Although
the VP of sales who has been reading with interest up to this point might feel threatened;
she or he shouldn’t.We’ve made an effort to explain the building blocks used
later in the text in plain American-style English.

The why and how of XML digital signatures is a topic that can get fairly “geeky”
very quickly.This fact has made a thorough understanding of the principles behind
signatures available only to a favored few. Rubbish, say I. If anyone is interested in the
security of a system, they can understand and apply the techniques and assumptions
that lie underneath digital signatures. Even better, they can appreciate when these
tools should be used and when they should be avoided. Like a firewall, signatures can
be eith a useful tool or a security nightmare if misapplied.

The seventh chapter forms what I consider to be the heart of the book: A general
security approach called Role-based Access Control (RBAC) is introduced along
with a look at how it has been implemented in the past.We then go on to show how
this approach can be used in the XML environment and the benefits it provides.
Here is where the rubber meets the metaphoric road, where the Hack Proofing
really gets applied. Of course, the approach can be used in other ways than only
XML, but it works so nicely for it, it’s a shame not to use it. As a bonus, coders will
find example code and tools here.You’re welcome.

It’s a sad but true fact that XML will see a lot of use in the proprietary .NET
environment over the Internet.We therefore take a look at this topic as well.
Wrapping up, we look at the paperwork so often ignored in an attack: reporting.
How you should report an attack and why you should do so are covered.Your own
self-interest demands that you report attacks as well, since the whole idea is to learn
from the problems that others experience.You never can tell on which side of the
fence you’ll be on any given day.

Those are the book’s main points laid out for you. If you’re in some bookstore
sitting in a comfy chair reading this book, get up and buy the doggone thing.To me,
books are like pinball. If you score enough, you get to play again.Working on this
book was fun enough that I want to play again. I think that after reading it, you’ll
want me to do more as well.
—Larry Loeb

Table of Contents
Foreword xix
Chapter 1 The Zen of Hack Proofing 1
Introduction 2
Learning to Appreciate the Tao of the Hack 2
Hacker 3
Cracker 4
Script Kiddie 5
Phreaker 7
Black Hat,White Hat,What’s the Difference? 7
Gray Hat 8
The Role of the Hacker 10
Criminal 10
Magician 11
Security Professional 12
Consumer Advocate 13
Civil Rights Activist 14
Cyber Warrior 15
Motivations of a Hacker 16
Recognition 16
Admiration 17
Curiosity 17
Power and Gain 18
Revenge 19
The Hacker Code 21
Summary 22
Solutions Fast Track 23
Frequently Asked Questions 25

Chapter 2 Classes of Attack 27
Introduction 28
Identifying and Understanding the Classes
of Attack 28
Denial of Service 29
Local Vector Denial of Service 29
Network Vector Denial of Service 32
Information Leakage 37
Service Information Leakage 38
Protocol Information Leakage 39
Leaky by Design 41
Leaky Web Servers 42
A Hypothetical Scenario 42
Why Be Concerned with Information
Leakage? 43
Regular File Access 44
Permissions 44
Symbolic Link Attacks 45
Misinformation 47
Standard Intrusion Procedure 48
Special File/Database Access 50
Attacks against Special Files 50
Attacks against Databases 50
Remote Arbitrary Code Execution 53
The Attack 54
Code Execution Limitations 55
Elevation of Privileges 55
Remote Privilege Elevation 55
Identifying Methods of Testing for Vulnerabilities 58
Proof of Concept 58
Exploit Code 59
Automated Security Tools 59
Versioning 60
Standard Research Techniques 62
Whois 62
Domain Name System 66
Nmap 69
Web Indexing 70
Summary 73
Solutions Fast Track 75
Frequently Asked Questions 76

Chapter 3 Reviewing the Fundamentals of XML 79
Introduction 80
An Overview of XML 80
The Goals of XML 81
What Does an XML Document Look Like? 81
Creating an XML Document 82
Creating an XML Document
in VS.NET XML Designer 82
Empty Element 86
Structure of an XML Document 87
Well-Formed XML Documents 87
Transforming XML through XSLT 88
XSL Use of Patterns 92
XPath 95
Summary 97
Solutions Fast Track 97
Frequently Asked Questions 99

Chapter 4 Document Type: The Validation Gateway 101
Introduction 102
Document Type Definitions and
Well-Formed XML Documents 102
Schema and Valid XML Documents 106
XML Schema Data Types 110
Learning About Plain-Text Attacks 112
Plain-Text Attacks 113
Example: HTML Escape Codes 114
Unicode 116
Understanding How Validation Is Processed
in XML 117
Validate the Input Text 118
Canonicalization 118
Validating Unicode 121
Validate the Document or Message 124
Is the XML Well Formed? 126
Using DTDs for Verifying the Proper
Structure 126
Using Schema for Data Consistency 127
Online Validation Methods and
Mechanisms 128
Summary 135
Solutions Fast Track 138
Frequently Asked Questions 140

Chapter 5 XML Digital Signatures 143
Introduction 144
Understanding How a Digital Signature Works 144
Basic Digital Signature and Authentication
Concepts 144
Why a Signature Is Not a MAC 145
Public and Private Keys 145
Why a Signature Binds Someone to
a Document 146
Learning the W3C XML Digital
Signature 146
Applying XML Digital Signatures to Security 149
Examples of XML Signatures 150
An Enveloping Signature Example 152
An Example of an Enveloped Signature 154
A Detached Signature Example 157
All Together Now: An Example
of Multiple References 161
Signing Parts of Documents 163
Using XPath to Transform a Document 164
Using XSLT to Transform a Document 166
Using Manifests to Manage Lists of Signed
Elements 169
Establishing Identity By Using X509 172
Required and Recommended Algorithms 173
Cautions and Pitfalls 175
Vendor Toolkits 176
Summary 178
Solutions Fast Track 179
Frequently Asked Questions 181

Chapter 6 Encryption in XML 183
Introduction 184
Understanding the Role of
Encryption in Messaging Security 184
Security Needs of Messaging 185
Privacy and Confidentiality 185
Authentication and Integrity 186
Nonrepudiation 190
Encryption Methods 191
AES 191
DES and 3-DES 193
RSA and RC4 195
Stream and Block Ciphers 196
Key Management Schemes 197
Learning How to Apply Encryption to XML 199
XML Transforms Before Encryption 204
Canonicalization 205
Flowchart of Encryption Process 207
Understanding Practical Usage of Encryption 207
Signing in Plain Text, Not Cipher Text 207
XPATH Transforms 210
Signing the Cipher-Text Version
Prevents Encryption Key Changes 210
Authentication by MAC Works on
Cipher Text 210
Cipher Text Cannot Validate Plain Text 211
Encryption Might Not Be Collision
Resistant 211
Summary 213
Solutions Fast Track 213
Frequently Asked Questions 214

Chapter 7 Role-Based Access Control 215
Introduction 216
Learning About Stateful Inspection 216
Packet Filtering 216
Application Layer Gateway 217
The FTP Process 219
Firewall Technologies and XML 220
First,You Inspect the State 221
Baselines 222
Evaluating State Changes 223
Default Behavior Affects Security 225
Learning About Role-Based Access Control
and Type Enforcement Implementations 227
NSA:The Flask Architecture 229
SELinux 232
Applying Role-Based Access Control Ideas
in XML 238
Know When to Evaluate 243
Protect Data Integrity 244
RBAC and Java 245
Fencing in JavaScript 246
Validate Your Java Code 246
Validate Your ActiveX Objects 247
Tools to Implement RBAC Efforts 248
Summary 254
Solutions Fast Track 255
Frequently Asked Questions 256

Chapter 8 Understanding .NET and XML Security 257
Introduction 258
The Risks Associated with Using
XML in the .NET Framework 258
Confidentiality Concerns 259
.NET Internal Security as a Viable Alternative 260
Permissions 261
Principal 262
Authentication 263
Authorization 263
Security Policy 263
Type Safety 264
Code Access Security 264
.NET Code Access Security Model 264
Stack Walking 265
Code Identity 266
Code Groups 267
Declarative and Imperative Security 270
Requesting Permissions 271
Demanding Permissions 275
Overriding Security Checks 277
Custom Permissions 282
Role based Security 283
Principals 284
WindowsPrincipal 284
GenericPrincipal 286
Manipulating Identity 287
Role-Based Security Checks 288
Security Policies 291
Creating a New Permission Set 294
Modifying the Code Group Structure 299
Remoting Security 305
Cryptography 306
Security Tools 309
Securing XML—Best Practices 311
XML Encryption 311
XML Digital Signatures 317
Summary 320
Solutions Fast Track 321
Frequently Asked Questions 326

Chapter 9 Reporting Security Problems 331
Introduction 332
Understanding Why Security Problems Need
to Be Reported 332
Full Disclosure 333
Determining When and to Whom to Report
the Problem 337
Whom to Report Security Problems to? 337
How to Report a Security Problem
to a Vendor 340
Deciding How Much Detail to Publish 341
Publishing Exploit Code 341
Problems 342
Repercussions from Vendors 342
Reporting Errors 344
Risk to the Public 344
Summary 345
Solutions Fast Track 346
Frequently Asked Questions 347
Hack Proofing XML Fast Track 351
Index 369


e-books shop

Purchase Now !
Just with Paypal

Product details
 402 p
 File Size
 7,304 KB
 File Type
 PDF format
 2002 by Syngress Publishing 

═════ ═════

Your Guide to O.S.S

• Step-by-Step Instructions for Deploying Open Source Security Tools
• Hundreds of Tools & Traps and Damage & Defense Sidebars, Security Alerts, and Exercises!
• Bonus Wallet CD with Configuration Examples, Packet Captures and Programs

James Stanger, Ph.D.
Patrick T. Lane
Edgar Danielyan Technical Editor

e-books shop
Hack Proofing Linux

We would like to acknowledge the following people for their kindness and support
in making this book possible.

Richard Kristof and Duncan Anderson of Global Knowledge, for their generous
access to the IT industry’s best courses, instructors, and training facilities.

Ralph Troupe, Rhonda St. John, and the team at Callisma for their invaluable insight
into the challenges of designing, deploying and supporting world-class enterprise networks.

Karen Cross, Lance Tilford,Meaghan Cunningham, Kim Wylie, Harry Kirchner, Bill
Richter, Kevin Votel, and Kent Anderson of Publishers Group West for sharing their
incredible marketing experience and expertise.

Mary Ging, Caroline Hird, Simon Beale, Caroline Wheeler,Victoria Fuller, Jonathan
Bunkell, and Klaus Beran of Harcourt International for making certain that our
vision remains worldwide in scope.

Anneke Baeten, Annabel Dent, and Laurie Giles of Harcourt Australia for all their help.

David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim,
Audrey Gan, Charlotte Chan, and Joseph Chan of Transquest Publishers for the
enthusiasm with which they receive our books.

Kwon Sung June at Acorn Publishing for his support.
Ethan Atkin at Cranbury International for his help in expanding the Syngress program.

Joe Pisco, Helen Moyer, Paul Zanoli, Alan Steele, and the great folks at InterCity
Press for all their help.
Philip Allen at Brewer & Lord LLC for all his work and generosity.

Technical Editors
Edgar Danielyan (CCNA) is a self-employed developer specializing in
GCC, X Window,Tcl/Tk, logic programming, Internet security, and
TCP/IP; as well as having with BSD, SVR4.2, FreeBSD, SCO, Solaris, and
UnixWare. He has a diploma in company law from the British Institute of
Legal Executives as well as a paralegal certificate from the University of
Southern Colorado. He is currently working as the Network
Administrator and Manager of a top-level Armenian domain. He has also
worked for the United Nations, the Ministry of Defense of the Republic
of Armenia, and Armenian national telephone companies and financial
institutions. Edgar speaks four languages, and is a member of ACM, IEEE

Larry Karnis (RHCE, Master ACE, CITP), is a Senior Consultant for
Application Enhancements, a Unix, Linux, and Internet consulting firm
located in Toronto, Canada. His first exposure to Unix was over 20 years
ago where he used Unix Version 6 while completing a bachelor’s degree
in computer science and mathematics. Larry deploys and manages Linuxbased
solutions such as Web and file and print servers, and Linux firewalls.


In spite of the ups and downs of the dot-com industry, open source software has
become a viable alternative to commercial companies such as Microsoft, Sun, and
IBM.Although open source software has its quirks and its problems, the open
source movement has made its niche in the networking market. As a networking
professional, it is in your best interest to understand some of the more important
security applications and services that are available.

This book is designed to provide experienced systems administrators with
open source security tools. Although we have made every effort to include as
many people and as many skill sets as possible, this book assumes a fundamental
knowledge of Linux.This book focuses on open source Linux applications, daemons,
and system fixes. In the book’s first chapters, you will learn how to lock
down your network. Chapter 2 discusses ways to secure and monitor the operating
system, and ways to scan local and remote networks for weaknesses.You will
receive detailed information on how to ensure that your system’s services and the
root account are as secure as possible.

In Chapter 3, you will learn how to deploy antivirus and scanning programs
for your local system. By using these scanning programs, you will be able to mitigate
risk and learn more about the nature of services on your network. Scanners
such as nmap and nessus will help you learn about the open ports on your network,
and how these open ports might pose a threat to your system. Chapter 3
gives you detailed information about practical ways to implement intrusion
detection on your local system and on your network. Using applications such as
Tripwire, Portsentry, and Snort, you will be able to precisely identify system
anomalies and detect inappropriate logins. Chapter 5 shows how you can use
open source tools such as tcpdump, Ethereal, EtherApe, and Ntop to inspect and
gauge traffic on the network.

The second part of the book focuses on ways to enhance authentication using
open source software. In Chapter 6, you will learn about One Time Passwords
(OTP) and Kerberos as ways to ensure that malicious users won’t be able to obtain
your passwords as they cross the network. Chapter 7 discusses ways to use Secure
Shell (SSH) and Secure Sockets Layer (SSL), which are ways to enable on-the-fly
encryption to protect data. In Chapter 8, you will learn about how to enable
IPSec on a Linux system so that you can implement a virtual private network
(VPN).As you learn more about the primary VPN product called Free Secure
Wide Area Network (FreeS/WAN), you will see how it is possible to protect network
traffic as it passes through your own network, and over the Internet.

The final part of the book focuses on ways to create an effective network
perimeter. Chapter 9, shows how to install and configure Ipchains and Iptables on
a Linux system. Kernels earlier than 2.3 can use Ipchains, whereas kernel versions
2.3 and later use Iptables. Regardless of the way you do it, you will learn to filter
traffic with these two packet filtering tools.
In Chapter 10, you will learn how a proxy server can further enhance your
control over your network perimeter. Specifically, you will use the Squid proxy
server to control client access to the Internet.You will also learn how to configure
Linux clients to access the proxy server. Finally, Chapter 11, shows how to
troubleshoot and counteract problems with your network perimeter.You will
learn how to maintain, test, and log the firewall so that you have a functional barrier
between you and the outside world.

It is our intention to create a book that gives you practical information and
advice about the most common open source security tools.

The Tools Used in This Book
This book was written using version 7.0 of the Red Hat Linux operating system.
Although it may not be the “best” Linux distribution (there are at least 100 versions
in the world), it is the most popular.We have tried to ensure that the skills
and tools you obtain in this book will be portable to other Linux versions, and
even other open source operating systems such as FreeBSD (
However, each Linux flavor has its own quirks, and you may find it necessary to
deviate from some of the instructions in this book.


e-books shop

Purchase Now !
Just with Paypal

Product details
 File Size
 12,098 KB
 705 p
 File Type
 PDF format
 2001 by Syngress Publishing  

Foreword xxvii
Chapter 1 Introduction to Open Source Security
Introduction 2
The Tools Used in This Book 3
Using the GNU General Public License 3
Fee-Based GPL Software 5
Can I Use GPL Software in My Company? 5
Soft Skills: Coping with Open Source Quirks 6
General Lack of Installation and Configuration
Support 6
Infrequent or Irregular Update Schedules 6
Command-Line Dominance 6
Lack of Backward Compatibility and No
Regular Distribution Body 7
Inconvenient Upgrade Paths 7
Conflicts in Supporting Libraries and Limited
Platform Support 7
Interface Changes 8
Partially Developed Solutions 8
Should I Use an RPM or Tarballs? 10
Tarball 10
Red Hat Package Manager 11
Debian 11
Obtaining Open Source Software 12
SourceForge 12
Freshmeat 13
Packetstorm 14
SecurityFocus 15
Is That Download Safe? 16
A Brief Encryption Review 16
Symmetric Key Encryption 17
Asymmetric Key Encryption 18
Public Key and Trust Relationships 19
One-Way Encryption 20
GNU Privacy Guard 21
Deploying GNU Privacy Guard 21
Skipping Public Key Verification 29
Using GPG to Verify Signatures on
Tarball Packages 30
Using Md5sum 30
Auditing Procedures 31
Locking Down Your Network Hosts 31
Securing Data across the Network 32
Protecting the Network Perimeter 33
Summary 35
Solutions Fast Track 35
Frequently Asked Questions 38
Chapter 2 Hardening the Operating System
Introduction 42
Updating the Operating System 42
Red Hat Linux Errata and Update Service
Packages 42
Handling Maintenance Issues 43
Red Hat Linux Errata: Fixes and Advisories 44
Bug Fix Case Study 46
Manually Disabling Unnecessary Services
and Ports 47
Services to Disable 47
The xinetd.conf File 48
Locking Down Ports 50
Well-Known and Registered Ports 50
Determining Ports to Block 52
Blocking Ports 53
Xinetd Services 53
Stand-Alone Services 54
Hardening the System with Bastille 55
Bastille Functions 55
Bastille Versions 63
Implementing Bastille 64
Undoing Bastille Changes 74
Controlling and Auditing Root Access with Sudo 77
System Requirements 79
The Sudo Command 79
Downloading Sudo 80
Installing Sudo 82
Configuring Sudo 86
Running Sudo 90
No Password 92
Sudo Logging 93
Managing Your Log Files 96
Using Logging Enhancers 97
Scanlogd 100
Syslogd-ng 101
Summary 103
Solutions Fast Track 104
Frequently Asked Questions 107
Chapter 3 System Scanning and Probing
Introduction 110
Scanning for Viruses Using the AntiVir Antiviru
Application 110
Understanding Linux Viruses 110
Using AntiVir 112
Key Mode and Non-Key Mode 114
Licensing AntiVir 114
Exercise: Updating AntiVir 114
Using TkAntivir 116
Required Libraries and Settings 117
Scanning Systems for Boot Sector and
E-Mail Viruses 117
Additional Information 120
Exercise: Using TkAntivir 120
Scanning Systems for DDoS Attack Software
Using a Zombie Zapper 123
How Zombies Work and How to Stop Them 124
When Should I Use a Zombie Zapper? 125
What Zombie Zapper Should I Use? 125
What Does Zombie Zapper Require
to Compile? 127
Exercise: Using Zombie Zapper 127
Scanning System Ports Using the Gnome Service
Scan Port Scanner 129
Required Libraries 130
Why Use a Port Scanner? 131
Exercise: Using Gnome Service Scanner 131
Using Nmap 133
Isn’t Nmap Just Another Port Scanner? 134
Acquiring and Installing Nmap 136
Common Nmap Options 136
Applied Examples 137
Scanning Entire Networks and Subnets 138
Selective Scanning 139
Adding More Stealth 139
Saving to Text and Reading from Text 140
Testing Firewalls and Intrusion Detection
Systems 141
Example: Spoofing the Source Address
of a Scan 142
Timing Your Scan Speeds 142
Example: Conducting a Paranoid Scan 143
Exercise: Using Nmap 143
Using Nmap in Interactive Mode 144
Exercise: Using Nmap in Interactive
Mode 144
Using NmapFE as a Graphical Front End 146
Exercise: Using NmapFE 147
Using Remote Nmap (Rnmap) as a Central
Scanning Device 147
Exercise: Scanning Systems with Rnmap 148
Deploying Cheops to Monitor Your Network 151
How Cheops Works 153
Obtaining Cheops 154
Required Libraries 154
The Cheops Interface 155
Mapping Relations between Computers 157
Cheops Monitoring Methods 157
Connectivity Features 159
Exercise: Installing and Configuring
Cheops 160
Deploying Nessus to Test Daemon Security 165
The Nessus Client/Server Relationship 167
Windows Nessus Clients 169
Required Libraries 169
Order of Installation 170
Configuring Plug-Ins 173
Creating a New Nessus User 174
The Rules Database 174
Exercise: Installing Nessus and
Conducting a Vulnerability Scan 175
Updating Nessus 179
Understanding Differential, Detached,
and Continuous Scans 180
Exercise: Conducting Detached
and Differential Scans with Nessus 182
Summary 185
Solutions Fast Track 185
Frequently Asked Questions 189
Chapter 4 Implementing an Intrusion Detection System
Introduction 192
Understanding IDS Strategies and Types 194
IDS Types 195
Host-Based IDS Applications 196
Network-Based IDS Applications 196
IDS Applications and Fault Tolerance 197
What Can an IDS Do for Me? 200
Which IDS Strategy Is Best? 203
Network-Based IDS Applications and
Firewalls 203
IDS Applications 204
Installing Tripwire to Detect File Changes on
Your Operating System 206
Tripwire Dependencies 207
Availability 208
Deploying Tripwire 208
Tripwire Files 208
Tripwire Installation Steps 209
Configuring the Tripwire Policy File 209
Creating the Tripwire Policy File 212
Database Initialization Mode 212
Testing E-Mail Capability 214
Integrity Checking Mode 214
Specifying a Different Database 215
Reading Reports 215
Updating Tripwire to Account for Legitimate
Changes in the OS 215
Updating the Policy 216
What Do I Do if I Find a Discrepancy? 217
Configuring Tripwire to Inform You Concerning
Changes 217
Exercise: Installing Tripwire 217
Exercise: Securing the Tripwire Database 219
Exercise: Using Cron to Run Tripwire
Automatically 220
Deploying PortSentry to Act as a
Host-Based IDS 220
Important PortSentry Files 221
Installing PortSentry 222
Configuring PortSentry to Block Users 222
Optimizing PortSentry to Sense Attack Types 223
Exercise: Installing and Configuring
PortSentry 224
Exercise: Clearing Ipchains Rules 227
Exercise: Running an External Command
Using PortSentry 227
Installing and Configuring Snort 229
Availability 229
Supporting Libraries 229
Understanding Snort Rules 230
Snort Variables 230
Snort Files and Directories 231
Snort Plug-Ins 232
Starting Snort 233
Logging Snort Entries 236
Running Snort as a Network-Based IDS 236
Ignoring Hosts 237
Additional Logging Options:Text
files,Tcpdump, and Databases 237
Configuring Snort to Log to a Database 238
Controlling Logging and Alerts 239
Getting Information 240
Exercise: Installing Snort 240
Exercise: Using Snort as an IDS
Application 241
Exercise: Configuring Snort to Log to
a Database 243
Exercise: Querying a Snort Database
from a Remote Host 251
Identifying Snort Add-Ons 251
SnortSnarf 252
Exercise: Using SnortSnarf to Read
Snort Logs 252
Analysis Console for Intrusion Databases 252
Summary 254
Solutions Fast Track 254
Frequently Asked Questions 258
Chapter 5 Troubleshooting the Network with Sniffers
Introduction 262
Understanding Packet Analysis and TCP
Handshakes 264
TCP Handshakes 265
Establishing a TCP Connection 265
Terminating a TCP Connection 266
Creating Filters Using Tcpdump 268
Tcpdump Options 268
Tcpdump Expressions 271
Boolean Operators 275
Installing and Using Tcpdump 276
Configuring Ethereal to Capture Network
Packets 279
Ethereal Options 281
Ethereal Filters 283
Configuring Ethereal and Capturing Packets 283
Viewing Network Traffic between Hosts Using
EtherApe 288
Configuring EtherApe and Viewing Network
Traffic 289
Summary 293
Solutions Fast Track 294
Frequently Asked Questions 296
Chapter 6 Network Authentication and Encryption
Introduction 300
Understanding Network Authentication 300
Attacking Encrypted Protocols 301
Creating Authentication and Encryption
Solutions 303
Implementing One-Time Passwords
(OTP and OPIE) 305
What Files Does OPIE Replace? 305
How Does OPIE Work? 305
OPIE Files and Applications 306
opiepasswd 307
Password Format 308
Using opiekey 309
Using opieinfo and opiekey to Generate
a List 310
Installing OPIE 310
Configuration Options 310
Installation Options 311
Uninstalling OPIE 312
Exercise: Installing OPIE 312
Exercise: Installing the OPIE Client
on a Remote Server 315
Exercise: Using opie-tk and Allowing
Windows Users to Deploy OPIE. 316
Exercise: Installing opieftpd 318
Implementing Kerberos Version 5 319
Why Is Kerberos Such a Big Deal? 320
Kerberos Terms 321
Kerberos Principals 322
The Kerberos Authentication Process 323
How Information Traverses the Network 324
Creating the Kerberos Database 325
Using kadmin.local 325
Using kadmin 326
Using kadmin on the Client 328
Using kadmin and Creating Kerberos Client
Passwords 329
Setting Policies 330
Using Kinit 330
The kinit Command and Time Limits 332
Managing Kerberos Client Credentials 333
The kdestroy Command 333
Exercise: Configuring a KDC 334
Establishing Kerberos Client Trust Relationships
with kadmin 337
Additional Daemon Principal Names 339
Logging On to a Kerberos Host Daemon 340
Common Kerberos Client Troubleshooting
Issues and Solutions 340
Kerberos Client Applications 341
Kerberos Authentication and klogin 342
Exercise: Configuring a Kerberos Client 342
Summary 345
Solutions Fast Track 345
Frequently Asked Questions 348
Chapter 7 Avoiding Sniffing Attacks through Encryption
Introduction 354
Understanding Network Encryption 354
Capturing and Analyzing Unencrypted
Network Traffic 355
Using OpenSSH to Encrypt Network Traffic
between Two Hosts 361
The OpenSSH Suite 362
Installing OpenSSH 364
Configuring SSH 367
How SSH Works 368
Insecure r-command Authentication 368
Secure SSH Authentication 371
Implementing SSH to Secure Data Transmissions
over an Insecure Network 373
Distributing the Public Key 376
Capturing and Analyzing Encyrpted Network
Traffic 381
Summary 385
Solutions Fast Track 386
Frequently Asked Questions 388
Chapter 8 Creating Virtual Private Networks
Introduction 392
Secure Tunneling with VPNs 392
Telecommuter VPN Solution 392
Router-to-Router VPN Solution 394
Host-to-Host VPN Solution 395
Tunneling Protocols 395
Explaining the IP Security Architecture 396
Using IPSec with a VPN Tunneling Protocol 400
Internet Key Exchange Protocol 401
Creating a VPN by Using FreeS/WAN 402
Downloading and Unpacking FreeS/WAN 404
Compiling the Kernel to Run FreeS/WAN 407
Recompiling FreeS/WAN into the New
Kernel 417
Configuring FreeS/WAN 420
Testing IP Networking 420
Configuring Public Key Encryption for
Secure Authentication of VPN
Endpoints 424
Starting the Tunnel 434
Capturing VPN Tunnel Traffic 436
Closing the VPN Tunnel 438
Summary 439
Solutions Fast Track 440
Frequently Asked Questions 441
Chapter 9 Implementing a Firewall with Ipchains and Iptables
Introduction 446
Understanding the Need for a Firewall 447
Building a Personal Firewall 449
Understanding Packet Filtering
Terminology 450
Choosing a Linux Firewall Machine 452
Protecting the Firewall 452
Deploying IP Forwarding and Masquerading 453
Masquerading 456
Configuring Your Firewall to Filter Network
Packets 458
Configuring the Kernel 460
Packet Accounting 460
Understanding Tables and Chains in a Linux
Firewall 461
Built-In Targets and User-Defined Chains 462
Specifying Interfaces 463
Setting Policies 464
Using Ipchains to Masquerade Connections 467
Iptables Masquerading Modules 468
Using Iptables to Masquerade Connections 468
Iptables Modules 470
Exercise: Masquerading Connections
Using Ipchains or Iptables 471
Logging Packets at the Firewall 471
Setting Log Limits 472
Adding and Removing Packet Filtering Rules 472
ICMP Types 473
Exercise: Creating a Personal Firewall
and Creating a User-Defined Chain 475
Redirecting Ports in Ipchains and Iptables 477
Configuring a Firewall 478
Setting a Proper Foundation 478
Creating Anti-Spoofing Rules 479
Counting Bandwidth Usage 483
Listing and Resetting Counters 484
Setting Type of Service (ToS) in a Linux
Router 484
Setting ToS Values in Ipchains and Iptables 486
Using and Obtaining Automated Firewall Scripts
and Graphical Firewall Utilities 488
Firewall Works in Progress 490
Exercise: Using Firestarter to Create a
Personal Firewall 490
Exercise: Using Advanced Firestarter
Features 498
Summary 500
Solutions Fast Track 500
Frequently Asked Questions 505
Chapter 10 Deploying the Squid Web Proxy Cache Server
Introduction 508
Benefits of Proxy Server Implementation 508
Proxy Caching 508
Network Address Translation 510
Differentiating between a Packet Filter and
a Proxy Server 512
Implementing the Squid Web Proxy
Cache Server 513
System Requirements Specific to Proxy
Caching 516
Installing Squid 517
Configuring Squid 520
The http_port Tag 522
The Cache_dir Tag 523
The acl Tag 525
The http_access Tag 526
Starting and Testing Squid 528
Configuring Proxy Clients 529
Configuring Netscape Navigator and Lynx 530
Configuring Netscape Navigator 530
Configuring Lynx 532
Configuring Internet Explorer (Optional) 533
Summary 535
Solutions Fast Track 536
Frequently Asked Questions 538
Chapter 11 Maintaining Firewalls
Introduction 544
Testing Firewalls 544
IP Spoofing 546
Open Ports/Daemons 546
Monitoring System Hard Drives, RAM,
and Processors 547
Suspicious Users, Logins, and Login
Times 547
Check the Rules Database 548
Verify Connectivity with Company
Management and End Users 548
Remain Informed Concerning the
Operating System 549
Port Scans 549
Using Telnet, Ipchains, Netcat, and SendIP to
Probe Your Firewall 550
Ipchains 551
Telnet 551
Using Multiple Terminals 552
Netcat 552
Sample Netcat Commands 554
Additional Netcat Commands 555
Exercise: Using Netcat 557
SendIP:The Packet Forger 558
SendIP Syntax 558
Exercise: Using SendIP to Probe a
Firewall 560
Understanding Firewall Logging, Blocking, and
Alert Options 563
Firewall Log Daemon 563
Obtaining Firelogd 563
Syntax and Configuration Options 563
Message Format 564
Customizing Messages 566
Reading Log Files Generated by Other
Firewalls 568
Exercise: Configuring and Compiling
Firelogd 568
Fwlogwatch 569
Fwlogwatch Modes 570
Fwlogwatch Options and Generating
Reports 572
Exercise: Generating an HTML-Based
Firewall Log with Fwlogwatch 575
Automating Fwlogwatch 575
The Fwlogwatch Configuration File 576
Notification Options 579
Response Options 581
Exercise: Configuring Fwlogwatch to
Send Automatic Alerts and Block Users 583
Using Fwlogwatch with CGI Scripts 584
Obtaining More Information 586
Viewing the Results 587
Exercise: Using Cron and Fwlogwatch
CGI Scripts to Generate an Automatic
HTML Report 588
Additional Fwlog Features 590
Obtaining Additional Firewall Logging Tools 590
Summary 593
Solutions Fast Track 593
Frequently Asked Questions 597
Appendix A Bastille Log 599
Appendix B Hack Proofing
Linux Fast Track 605
Index 637


═════ ═════

Loading... Protection Status