Search Ebook here:

Hack Proofing Your Network


Author: Syngress

Publisher: Syngress

Publish Date: 26th March 2002

ISBN-13: 9780080478166

Pages: 704

Language: English



A new edition the most popular Hack Proofing book around!IT professionals who want to run secure networks, or build secure software, need to know about the methods of hackers. The second edition of the best seller Hack Proofing Your Network, teaches about those topics, including:· The Politics, Laws of Security, Classes of Attack, Methodology, Diffing, Decrypting, Brute Force, Unexpected Input, Buffer Overrun, Sniffing, Session Hijacking, Spoofing, Server Holes, Client Holes, Trojans and Viruses, Reporting Security Problems, Choosing Secure SystemsThe central idea of this book is that it’s better for you to find the holes in your network than it is for someone else to find them, someone that would use them against you. The complete, authoritative guide to protecting your Windows 2000 Network.

Table of Contents

Foreword v 1.5 Foreword v 1.0 Chapter 1 How To Hack Introduction What We Mean by “Hack” Why Hack? Knowing What To Expect in the Rest of This Book Understanding the Current Legal Climate Summary Frequently Asked Questions Chapter 2 The Laws of Security Introduction Knowing the Laws of Security Client-Side Security Doesn’t Work You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information Malicious Code Cannot Be 100 Percent Protected against Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection Firewalls Cannot Protect You 100 Percent from Attack Social Engineering Attacking Exposed Servers Attacking the Firewall Directly Client-Side Holes Any IDS Can Be Evaded Secret Cryptographic Algorithms Are Not Secure If a Key Is Not Required,You Do Not Have Encryption—You Have Encoding Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit Security through Obscurity Does Not Work Summary Solutions Fast Track Frequently Asked Questions Chapter 3 Classes of Attack Introduction Identifying and Understanding the Classes of Attack Denial of Service Information Leakage Regular File Access Misinformation Special File/Database Access Remote Arbitrary Code Execution Elevation of Privileges Identifying Methods of Testing for Vulnerabilities Proof of Concept Standard Research Techniques Summary Solutions Fast Track Frequently Asked Questions Chapter 4 Methodology Introduction Understanding Vulnerability Research Methodologies Source Code Research Binary Research The Importance of Source Code Reviews Searching Error-Prone Functions Reverse Engineering Techniques Disassemblers, Decompilers, and Debuggers Black Box Testing Chips Summary Solutions Fast Track Frequently Asked Questions Chapter 5 Diffing Introduction What Is Diffing? Why Diff? Looking to the Source Code Exploring Diff Tools Using File-Comparison Tools Working with Hex Editors Utilizing File System Monitoring Tools Finding Other Tools Troubleshooting Problems with Checksums and Hashes Problems with Compression and Encryption Summary Solutions Fast Track Frequently Asked Questions Chapter 6 Cryptography Introduction Understanding Cryptography Concepts History Encryption Key Types Learning about Standard Cryptographic Algorithms Understanding Symmetric Algorithms Understanding Asymmetric Algorithms Understanding Brute Force Brute Force Basics Using Brute Force to Obtain Passwords Knowing When Real Algorithms Are Being Used Improperly Bad Key Exchanges Hashing Pieces Separately Using a Short Password to Generate a Long Key Improperly Stored Private or Secret Keys Understanding Amateur Cryptography Attempts Classifying the Ciphertext Monoalphabetic Ciphers Other Ways to Hide Information Summary Solutions Fast Track Frequently Asked Questions Chapter 7 Unexpected Input Introduction Understanding Why Unexpected Data Is Dangerous Finding Situations Involving Unexpected Data Local Applications and Utilities HTTP/HTML Unexpected Data in SQL Queries Application Authentication Disguising the Obvious Using Techniques to Find and Eliminate Vulnerabilities Black-Box Testing Use the Source Untaint Data by Filtering It Escaping Characters Is Not Always Enough Perl Cold Fusion/Cold Fusion Markup Language (CFML) ASP PHP Protecting Your SQL Queries Silently Removing versus Alerting on Bad Data Invalid Input Function Token Substitution Utilizing the Available Safety Features in Your Programming Language Perl PHP ColdFusion/ColdFusion Markup Language ASP MySQL Using Tools to Handle Unexpected Data Web Sleuth CGIAudit RATS Flawfinder Retina Hailstorm Pudding Summary Solutions Fast Track Frequently Asked Questions Chapter 8 Buffer Overflow Introduction Understanding the Stack The Stack Dump Oddities and the Stack Understanding the Stack Frame Introduction to the Stack Frame Passing Arguments to a Function: A Sample Program Stack Frames and Calling Syntaxes Learning about Buffer Overflows A Simple Uncontrolled Overflow: A Sample Program Creating Your First Overflow Creating a Program with an Exploitable Overflow Performing the Exploit Learning Advanced Overflow Techniques Stack Based Function Pointer Overwrite Heap Overflows Advanced Payload Design Using What You Already Have Summary Solutions Fast Track Frequently Asked Questions Chapter 9 Format Strings Introduction Understanding Format String Vulnerabilities Why and Where Do Format String Vulnerabilities Exist? How Can They Be Fixed? How Format String Vulnerabilities Are Exploited How Format String Exploits Work What to Overwrite Examining a Vulnerable Program Testing with a Random Format String Writing a Format String Exploit Summary Solutions Fast Track Frequently Asked Questions Chapter 10 Sniffing Introduction What Is Sniffing? How Does It Work? What to Sniff? Obtaining Authentication Information Capturing Other Network Traffic Popular Sniffing Software Ethereal Network Associates Sniffer Pro NT Network Monitor WildPackets TCPDump dsniff Ettercap Esniff.c Sniffit Carnivore Additional Resources Advanced Sniffing Techniques Man-in-the-Middle (MITM) Attacks Cracking Switch Tricks Routing Games Exploring Operating System APIs Linux BSD libpcap Windows Taking Protective Measures Providing Encryption Secure Sockets Layers (SSL) PGP and S/MIME Switching Employing Detection Techniques Local Detection Network Detection Summary Solutions Fast Track Frequently Asked Questions Chapter 11 Session Hijacking Introduction Understanding Session Hijacking TCP Session Hijacking TCP Session Hijacking with Packet Blocking UDP Hijacking Examining the Available Tools Juggernaut Hunt Ettercap SMBRelay Storm Watchers Playing MITM for Encrypted Communications Man-in-the-Middle Attacks Dsniff Other Hijacking Summary Solutions Fast Track Frequently Asked Questions Chapter 12 Spoofing: Attacks on Trusted Identity Introduction What It Means to Spoof Spoofing Is Identity Forgery Spoofing Is an Active Attack against Identity Checking Procedures Spoofing Is Possible at All Layers of Communication Spoofing Is Always Intentional Spoofing Is Not the Same Thing as Betrayal Spoofing Is Not Necessarily Malicious Spoofing Is Nothing New Background Theory The Importance of Identity The Evolution of Trust Asymmetric Signatures between Human Beings Establishing Identity within Computer Networks Return to Sender In the Beginning,There Was… a Transmission Capability Challenges Configuration Methodologies: Building a Trusted Capability Index Desktop Spoofs The Plague of Auto-Updating Applications Impacts of Spoofs Subtle Spoofs and Economic Sabotage Down and Dirty: Engineering Spoofing Systems Spitting into the Wind: Building a Skeleton Router in Userspace Bring Out the Halon: Spoofing Connectivity Through Asymmetric Firewalls Summary Solution Fast Track Frequently Asked Questions Chapter 13 Tunneling Introduction Strategic Constraints of Tunnel Design Privacy: “Where Is My Traffic Going?” Routability: “Where Can This Go Through?” Deployability: “How Painful Is This to Get Up and Running?” Flexibility: “What Can We Use This for,Anyway?” Quality: “How Painful Will This System Be to Maintain?” Designing End-to-End Tunneling Systems Drilling Tunnels Using SSH Open Sesame: Authentication Basic Access: Authentication by Password Transparent Access: Authentication by Private Key Command Forwarding: Direct Execution for Scripts and Pipes Port Forwarding: Accessing Resources on Remote Networks Local Port Forwards Dynamic Port Forwards Remote Port Forwards When in Rome:Traversing the Recalcitrant Network Crossing the Bridge: Accessing Proxies through ProxyCommands No Habla HTTP? Permuting thy Traffic Show Your Badge: Restricted Bastion Authentication Bringing the Mountain: Exporting SSHD Access Echoes in a Foreign Tongue: Cross-Connecting Mutually Firewalled Hosts Not In Denver, Not Dead: Now What? Standard File Transfer over SSH Incremental File Transfer over SSH CD Burning over SSH Acoustic Tubing: Audio Distribution over TCP and SSH Summary Solutions Fast Track Frequently Asked Questions Chapter 14 Hardware Hacking Introduction Understanding Hardware Hacking Opening the Device: Housing and Mechanical Attacks Types of Tamper Mechanisms External Interfaces Protocol Analysis Electromagnetic Interference and Electrostatic Discharge Analyzing the Product Internals: Electrical Circuit Attacks Reverse-engineering the Device Basic Techniques: Common Attacks Advanced Techniques: Epoxy Removal and IC Delidding Cryptanalysis and Obfuscation Methods What Tools Do I Need? Starter Kit Advanced Kit Example: Hacking the iButton Authentication Token Experimenting with the Device Reverse-engineering the “Random” Response Example: Hacking the NetStructure 7110 E-commerce Accelerator Opening the Device Retrieving the Filesystem Reverse-engineering the Password Generator Summary Solutions Fast Track Frequently Asked Questions Chapter 15 Viruses, Trojan Horses, and Worms Introduction How Do Viruses,Trojans Horses, and Worms Differ? Viruses Worms Macro Virus Trojan Horses Hoaxes Anatomy of a Virus Propagation Payload Other Tricks of the Trade Dealing with Cross-platform Issues Java Macro Viruses Recompilation Shockwave Flash Proof that We Need to Worry The Morris Worm ADMw0rm Melissa and I Love You Sadmind Worm Code Red Worms Nimda Worm Creating Your Own Malware New Delivery Methods Faster Propagation Methods Other Thoughts on Creating New Malware How to Secure Against Malicious Software Anti-Virus Software Updates and Patches Web Browser Security Anti-Virus Research Summary Solutions Fast Track Frequently Asked Questions Chapter 16 IDS Evasion Introduction Understanding How Signature-Based IDSs Work Judging False Positives and Negatives Alert Flooding Using Packet Level Evasion IP Options IP Fragmentation TCP Header TCP Synchronization Using Fragrouter and Congestant Countermeasures Using Application Protocol Level Evasion Security as an Afterthought Evading a Match Web Attack Techniques Countermeasures Using Code Morphing Evasion Summary Solutions Fast Track Frequently Asked Questions Chapter 17 Automated Security Review and Attack Tools Introduction Learning about Automated Tools Exploring the Commercial Tools Exploring the Free Tools Using Automated Tools for Penetration Testing Testing with the Commercial Tools Testing the Free Tools Knowing When Tools Are Not Enough The New Face of Vulnerability Testing Summary Solutions Fast Track Frequently Asked Questions Chapter 18 Reporting Security Problems Introduction Understanding Why Security Problems Need to Be Reported Full Disclosure Determining When and to Whom to Report the Problem Whom to Report Security Problems to? Deciding How Much Detail to Publish Publishing Exploit Code Problems Summary Solutions Fast Track Frequently Asked Questions Index