|
To access the contents, click the chapter and section titles.
Internet Security Professional Reference
(Imprint: New Riders)
(Publisher: Macmillan Computer Publishing)
Authors: Derek Atkins, Paul Buis, Chris Hare, Robert Kelley, Carey Nachenberg, Anthony B. Nelson, Paul Phillips, Tim Ritchey, Tom Sheldom, Joel Snyder
ISBN: 156205760x
- Introduction
- About the Authors
- PART I—Managing Internet Security
- Chapter 1—Understanding TCP/IP
- Exploring Addresses, Subnets, and Hostnames
- Address Classes
- Subnets
- Hostnames
- Working with Network Interfaces
- Configuration Using ifconfig
- Reviewing the Network Configuration Files
- The /etc/hosts File
- The /etc/ethers File
- The /etc/networks File
- The /etc/protocols File
- The /etc/services File
- The /etc/inetd.conf File
- Understanding the Network Access Files
- /etc/hosts.equiv File
- The .rhosts File
- User and Host Equivalency
- Examining TCP/IP Daemons
- The slink Daemon
- The ldsocket Daemon
- The cpd Daemon
- The Line Printer Daemon (lpd)
- The SNMP Daemon (snmpd)
- The RARP Daemon (rarpd)
- The BOOTP Daemon (bootpd)
- The ROUTE Daemon (routed)
- The Domain Name Service Daemon (named)
- The System Logger Daemon (syslogd)
- Inetd—The Super-Server
- The RWHO Daemon (rwhod)
- Exploring TCP/IP Utilities
- Administration Commands
- User Commands
- Chapter 2—Understanding and Creating Daemons
- Examining the System Daemons
- init
- swapper
- update and bdflush
- lpd
- lpsched
- cpd and sco_cpd (SCO)
- cron
- syslog
- sendmail
- getty
- rlogind
- deliver
- inetd
- routed
- nfsd
- mountd
- pcnfsd
- statd, rpc.statd
- lockd, rpc.lockd
- Creating Daemons with the Bourne Shell
- Handling Input and Output
- Handling Messages
- Handling Signals
- The dfmon Program
- Creating Daemons with PERL
- Handling Input and Output
- Handling Signals
- The procmon Program
- Unix Run Levels
- Program Listings
- Listing 2.1—The dfmon Program
- Listing 2.2—The dfmon Configuration File
- Listing 2.3—The procmon Command
- Listing 2.4—The procmon.cfg File
- Chapter 3—Using UUCP
- The UUCP Network
- How UUCP Works
- Naming Your Host
- The Naming Process
- The System V Basic Networking Utilities UUCP
- UUCP File Layout
- Configuring UUCP
- Testing the Connection
- The Dialers File
- The Systems File
- The UUCP Chat Script
- Testing the Connection—Using uucico
- Permissions File
- Allowing Anonymous UUCP Access
- UUCP Log Files
- Maintenance
- Configuring Version 2 UUCP
- What Is Version 2 UUCP?
- File Layout
- Configuring UUCP
- The L-devices File
- Testing the Connection
- The L.sys File
- Testing the Connection with uucico
- Version 2 Permissions
- Log Files
- Maintenance
- Configuring UUCP over TCP/IP
- Code Listings
- Listing 3.1—gtimes.c
- Listing 3.2—genUSER
- Chapter 4—Audit Trails
- Common Unix Logs
- Process Accounting
- Useful Utilities in Auditing
- Other Reporting Tools Available Online
- Audit Trails Under Windows NT
- Using the Event Viewer
- Logging the ftp Server Service
- Logging httpd Transactions
- Logging by Other TCP/IP Applications Under NT
- Audit Trails Under DOS
- PC/DACS
- Watchdog
- LOCK
- Using System Logs to Discover Intruders
- Common Break-In Indications
- Potential Problems
- PART II—Gaining Access and Securing the Gateway
- Chapter 5—IP Spoofing and Sniffing
- Sniffing
- Sniffing: How It Is Done
- Sniffing: How It Threatens Security
- Protocol Sniffing: A Case Study
- Sniffing: How to Prevent It
- Hardware Barriers
- Avoiding Transmission of Passwords
- Spoofing
- Hardware Address Spoofing
- ARP Spoofing
- Preventing an ARP Spoof
- Sniffing Case Study Revisited
- Detecting an ARP Spoof
- Spoofing the IP Routing System
- ICMP-Based Route Spoofing
- Misdirecting IP Datagrams from Hosts
- Preventing Route Spoofing
- A Case Study Involving External Routing
- Spoofing Domain Name System Names
- Spoofing TCP Connections
- Chapter 6—How to Build a Firewall
- The TIS Firewall Toolkit
- Understanding the TIS Firewall Toolkit
- How to Get the TIS Firewall Toolkit
- Compiling Under SunOS 4.1.3 and 4.1.4
- Compiling Under BSDI
- Installing the TIS Firewall Toolkit
- Preparing for Configuration
- Configuring TCP/IP
- IP Forwarding
- The netperm Table
- Configuring netacl
- Connecting with netacl
- Restarting inetd
- Configuring the Telnet Proxy
- Connecting Through the Telnet Proxy
- Host Access Rules
- Verifying the Telnet Proxy
- Configuring the rlogin Gateway
- Connecting Through the rlogin Proxy
- Host Access Rules
- Verifying the rlogin Proxy
- Configuring the FTP Gateway
- Host Access Rules
- Verifying the FTP Proxy
- Connecting Through the FTP Proxy
- Allowing FTP with netacl
- Configuring the Sendmail Proxy: smap and smapd
- Installing the smap Client
- Configuring the smap Client
- Installing the smapd Application
- Configuring the smapd Application
- Configuring DNS for smap
- Configuring the HTTP Proxy
- Non-Proxy-Aware HTTP Clients
- Using a Proxy-Aware HTTP Client
- Host Access Rules
- Configuring the X Windows Proxy
- Understanding the Authentication Server
- The Authentication Database
- Adding Users
- The Authentication Shell—authmgr
- Database Management
- Authentication at Work
- Using plug-gw for Other Services
- Configuring plug-gw
- plug-gw and NNTP
- plug-gw and POP
- The Companion Administrative Tools
- portscan
- netscan
- Reporting Tools
- Where to Go for Help
- Sample netperm-table File
- Manual Reference Pages
- Authmgr—Network Authentication Client Program
- authsrv—Network Authentication Third Party Daemon
- ftp-gw—FTP Proxy Server
- http-gw—Gopher/HTTP Proxy
- login-sh—Authenticating Login Shell
- netacl—TCP Network Access Control
- plug-gw—Generic TCP Plug-board Proxy
- rlogin-gw—rlogin Proxy Server
- smap—Sendmail Wrapper Client
- smapd—Sendmail Wrapper Daemon
- tn-gw—telnet Proxy Server
- x-gw—X Gateway Service
- Chapter 7—How to Buy a Firewall
- Firewall Refresher
- Architectures
- Three Buzzwords to Know
- Choosing a Firewall
- Firewall Architecture
- Router Architectures
- Advanced Firewall Architectures
- Evaluating Firewalls
- Choosing Between Stateful Packet Filter and Transport Firewalls
- Evaluating Paths Through the Firewall
- Evaluating Management Interface and GUI
- Evaluating Flexibility and Features
- Evaluating Reporting and Accounting
- Evaluating Firewall Performance
- Packet Filtering Performance Issues
- Transport Proxies Performance Issues
- Performance Testing Results
- Evaluating the Security of Firewalls
- Assessment Strategies
- Summary
- Chapter 8—SATAN and the Internet Inferno
- The Nature of Network Attacks
- Internet Threat Levels (ITL)
- Common Attack Approaches
- An Overview of Holes
- Learning About New Security Holes
- Thinking Like an Intruder
- Gathering Information on Systems
- Know the Code
- Try All Known Problems
- Match Vulnerabilities with Opportunities
- Look for Weak Links
- Summarize the Remote Network Attack
- Automate the Search
- The First Meeting with SATAN
- History
- The Creators
- Comparison to Other Tools
- Vendor Reactions
- Long-Term Impact
- Detecting SATAN
- Courtney
- Gabriel
- TCP Wrappers
- netlog/TAMU
- Argus
- Using Secure Network Programs
- Kerberos
- Secure Shell (ssh)
- SSL
- Firewalls
- Investigating What SATAN Does
- SATAN’s Information Gathering
- Vulnerabilities that SATAN Investigates
- Other Network Vulnerabilities
- Investigating IP Spoofing
- Examining Structural Internet Problems
- Rendezvous with SATAN
- Getting SATAN
- Examining the SATAN Files
- Building SATAN
- Using SATAN’s HTML Interface
- Running a Scan
- Understanding the SATAN Database Record Format
- Understanding the SATAN Rulesets
- Extending SATAN
- Long-Term Benefits of Using SATAN
- Works Cited
- Chapter 9—Kerberos
- How Kerberos Works
- The Kerberos Network
- RFCs
- Goals of Kerberos
- How Authentication Works
- What Kerberos Doesn’t Do
- Encryption
- Private, Public, Secret, or Shared Key Encryption
- Private or Secret Key Encryption
- DES and Its Variations
- Encryption Export Issues
- Encryption and Checksum Specifications
- Versions of Kerberos
- Versions of Kerberos Version 4
- Versions of Kerberos Version 5
- Bones
- Selecting a Vendor
- Vendor Interoperability Issues
- DEC ULTRIX Kerberos
- Transarc’s Kerberos
- DCE
- Interoperability Requirements
- Naming Constraints
- Realm Names
- Principal Names
- Cross-Realm Operation
- Ticket Flags
- Initial and Preauthenticated Tickets
- Invalid Tickets
- Renewable Tickets
- Postdated Tickets
- Proxiable and Proxy Tickets
- Forwardable Tickets
- Authentication Flags
- Other Key Distribution Center Options
- Message Exchanges
- Tickets and Authenticators
- The Authentication Service Exchange
- The Ticket Granting Service (TGS) Exchange
- Specifications for the Authentication Server and Ticket Granting Service Exchanges
- The Client/Server Authentication Exchange
- Client/Server (CS) Message Specifications
- The KRB_SAFE Exchange
- KRB_SAFE Message Specification
- The KRB_PRIV Exchange
- KRB_PRIV Message Specification
- The KRB_CRED Exchange
- KRB_CRED Message Specification
- Names
- Time
- Host Addresses
- Authorization Data
- Last Request Data
- Error Message Specification
- Kerberos Workstation Authentication Problem
- Kerberos Port Numbers
- Kerberos Telnet
- Kerberos ftpd
- Other Sources of Information
- PART III—Messaging: Creating a Secure Channel
- Chapter 10—Encryption Overview
- Overview of Encryption Techniques
- Crypto-Speak
- Applying Cryptography
- The Threats of Hackers and Eavesdroppers
- Goals of Cryptography
- Digital IDs, Certificates, and Certificate Authorities
- Digital Signatures
- Security for Network Logon and Authentication
- Secure Channels
- Secure Internet Tunnels
- Electronic Commerce
- Symmetric (Secret Key) Cryptography
- Transposition
- Deciphering
- Substitution
- Block and Stream Ciphers
- DES (Data Encryption Standard)
- DES Alternatives
- Blowfish
- Asymmetric (Public-Key) Cryptography
- Attacks and Cryptanalysis
- Crypto Links
- Summary
- Chapter 11—PGP
- PGP Overview
- History of PGP
- Why Use PGP?
- Short Encryption Review
- PGP How-To
- Before You Use PGP
- Generate a PGP Key
- Distributing the Public Key
- Signing a Message
- Adding Someone Else’s Key
- Encrypting a Message
- Decrypting and Verifying a Message
- PGP Keys
- What’s in a Name?
- PGP Key Rings
- The Web of Trust
- Degrees of Trust
- Key Management
- Key Generation
- Creating the PGP Userid
- Adding Keys to the Public Key Ring
- Extracting Keys from the Public Key Ring
- Signing Keys
- Viewing the Contents of a Key Ring
- Removing Keys and Signatures
- Key Fingerprints and Verifying Keys
- Revoking Your Key
- Basic Message Operations
- PGP: Program or Filter?
- Compressing the Message
- Processing Text and Binary Files
- Sending PGP Messages Via E-Mail
- Conventional Encryption
- Signing a Message
- Encrypting a Message Using Public Key
- Signing and Encrypting Messages
- Decrypting and Verifying Messages
- Advanced Message Operations
- Clearsigning
- Detached Signatures
- For Her Eyes Only
- Wiping Files
- The PGP Configuration File
- Security of PGP
- The Brute Force Attack
- Secret Keys and Pass Phrases
- Public Key Ring Attacks
- Program Security
- Other Attacks Against PGP
- PGP Add-Ons
- PGP Public Keyservers
- PGPMenu: A Menu Interface to PGP for Unix
- Windows Front-Ends
- Unix Mailers
- Mac PGP
- PART IV—Modern Concerns
- Chapter 12—Windows NT Internet Security
- Windows NT Overview
- Windows NT Architecture
- The Windows NT Operating Environment
- Domains
- User Accounts, Groups, Rights, and Permissions
- Windows NT Logon and Authentication
- Intranet-Related Features in Windows NT
- Using a DNS Server in an Intranet
- Using NetBIOS Name Resolution in an Intranet
- Using a WINS Server for an Intranet
- Considerations for Connecting to the Internet
- Public Web Server Connection for IIS
- Proxy Server Connections
- Configuring Services in Windows NT
- Configuring Ports in Windows NT
- Microsoft Internet Information Server
- IIS Security Features
- Microsoft Proxy Server
- Proxy Server Features
- The New Windows NT Directory Services Model
- Summary
- Chapter 13—Java Security
- Java’s Functionality
- Java Is Portable
- Java Is Robust
- Java Is Secure
- Java Is Object-Oriented
- Java Is High Performance
- Java Is Easy
- History of the Java Language
- Main Features of the Java Environment
- Features of the Java Language
- The Java Architecture
- From Class File to Execution
- The Compilation of Code
- Running Code
- The Java Virtual Machine
- Why a New Machine Code Specification?
- The Java Virtual Machine Description
- Setting Up Java Security Features
- Using the Appletviewer
- Netscape 3.0
- Other Issues in Using Java Programs
- Chapter 14—CGI Security
- Why CGI Is Dangerous
- How CGI Works
- CGI Data: Encoding and Decoding
- CGI Libraries
- Understanding Vulnerabilities
- The HTTP Server
- The HTTP Protocol
- The Environment Variables
- GET and POST Input Data
- Minimizing Vulnerability
- Restrict Access to CGI
- Run CGIs with Minimum Privileges
- Execute in a chrooted Environment
- Secure the HTTP Server Machine
- CGIWrap: An Alternative Model
- Advantages and Disadvantages
- Bypassing CGI
- Server Side Includes (SSI)
- Restrict Access to SSI
- Alternatives to SSI
- Language Issues
- PERL
- C and C++
- Safe Languages
- Protecting Sensitive Data
- Logging
- Chapter 15—Viruses
- A Reality Check
- What Is a Computer Virus?
- Most Likely Targets
- Key Hardware
- Key Software
- The Boot Record
- The FAT
- The Root Directory
- Floppy Boot Records (FBRs)
- Hard Drive Master Boot Record
- Partition Boot Records
- System Services
- Data Files with Macro Capabilities
- IBM PC Computer Virus Types
- Boot Record Viruses
- Floppy Boot Record Viruses
- Partition Boot Record Viruses
- Master Boot Record Viruses
- Program File Viruses
- Companion Viruses
- Potential Damage by File-Infecting Viruses
- Macro Viruses
- Worms
- Network and Internet Virus Susceptibility
- Network Susceptibility to File Viruses
- Boot Viruses
- Macro Viruses
- Virus Classes
- Polymorphic Viruses
- Stealth Viruses
- Slow Viruses
- Retro Viruses
- Multipartite Viruses
- How Antivirus Programs Work
- Virus Scanners
- Memory Scanners
- Integrity Checkers
- Behavior Blockers
- Heuristics
- Preventative Measures and Cures
- Preventing and Repairing Boot Record Viruses
- Preventing and Repairing Executable File Viruses
- Repairing Files Infected with a Read-Stealth Virus
- Preventing and Repairing Macro Viruses
- Profile: Virus Behavior Under Windows NT
- Master Boot Record Viruses Under Windows NT
- Boot Record Viruses Under Windows NT
- DOS File Viruses Under a Windows NT DOS Box
- Windows 3.1 Viruses Under Windows NT
- Macro Viruses Under Windows NT
- Native Windows NT Viruses
- Summary
Appendix A
Appendix B
Index
|
