NETWORK SECURITY HACKS

Transcription

1 SECOND EDITION NETWORK SECURITY HACKS 2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Andrew Lockhart O'REILLY Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

2 Contents Credits Preface xi xv Chapter 1. Unix Host Security 1 1. Secure Mount Points 2 2. Scan for SUID and SGID Programs 3 3. Scan for World- and Group-Writable Directories 5 4. Create Flexible Permissions Hierarchies with POSIX ACLs 5 5. Protect Your Logs from Tampering 9 6. Delegate Administrative Roles Automate Cryptographic Signature Verification Check for Listening Services Prevent Services from Binding to an Interface Restrict Services with Sandboxed Environments Use proftpd with a MySQL Authentication Source Prevent Stack-Smashing Attacks Lock Down Your Kernel with grsecurity Restrict Applications with grsecurity Restrict System Calls with systrace Create systrace Policies Automatically Control Login Access with PAM Restrict Users to SCP and SFTP Use Single-Use Passwords for Authentication Restrict Shell Environments 52

3 21. Enforce User and Group Resource Limits 22. Automate System Updates Chapter 2. Windows Host Security 23. Check Servers for Applied Patches 24. Use Group Policy to Configure Automatic Updates 25. List Open Files and Their Owning Processes 26. List Running Services and Open Ports 27. Enable Auditing 28. Enumerate Automatically Executed Programs 29. Secure Your Event Logs 30. Change Your Maximum Log File Sizes 31. Back Up and Clear the Event Logs 32. Disable Default Shares 33. Encrypt Your Temp Folder 34. Back Up EFS 35. Clear the Paging File at Shutdown 36. Check for Passwords That Never Expire Chapter 3. Privacy and Anonymity 37. Evade Traffic Analysis 38. Tunnel SSH Through Tor 39. Encrypt Your Files Seamlessly 40. Guard Against Phishing 41. Use the Web with Fewer Passwords 42. Encrypt Your with Thunderbird 43. Encrypt Your in Mac OS X Chapter 4. Firewaiiing 44. Firewall with Netfilter 45. Firewall with OpenBSD's PacketFilter 46. Protect Your Computer with the Windows Firewall 47. Close Down Open Ports and Block Protocols 48. Replace the Windows Firewall 49. Create an Authenticated Gateway 50. Keep Your Network Self-Contained VI Contents

4 51. Test Your Firewall MAC Filter with Netfilter Block Tor 156 Chapter 5. Encrypting and Securing Services Encrypt IMAP and POP with SSL Use TLS-Enabled SMTP with Sendmail Use TLS-Enabled SMTP with Qmail Install Apache with SSL and suexec Secure BIND Set Up a Minimal and Secure DNS Server Secure MySQL Share Files Securely in Unix 178 Chapter 6. Network Security Detect ARP Spoofing Create a Static ARP Table Protect Against SSH Brute-Force Attacks Fool Remote Operating System Detection Software Keep an Inventory of Your Network Scan Your Network for Vulnerabilities Keep Server Clocks Synchronized Create Your Own Certificate Authority Distribute Your CA to Clients Back Up and Restore a Certificate Authority with Certificate Services Detect Ethernet Sniffers Remotely Help Track Attackers Scan for Viruses on Your Unix Servers Track Vulnerabilities 233 Chapter 7. Wireless Security Turn Your Commodity Wireless Routers into a Sophisticated Security Platform Use Fine-Grained Authentication for Your Wireless Network Deploy a Captive Portal 244 Contents I vii

5 Chapter 8. Logging 79. Run a Central Syslog Server 80. Steer Syslog 81. Integrate Windows into Your Syslog Infrastructure 82. Summarize Your Logs Automatically 83. Monitor Your Logs Automatically 84. Aggregate Logs from Remote Sites 85. Log User Activity with Process Accounting 86. Centrally Monitor the Security Posture of Your Servers Chapter 9. Monitoring and Trending 87. Monitor Availability 88. Graph Trends 89. Get Real-Time Network Stats 90. Collect Statistics with Firewall Rules 91. Sniff the Ether Remotely Chapter 10. Secure Tunnels 92. Set Up IPsec Under Linux 93. Set Up IPsec Under FreeBSD 94. Set Up IPsec in OpenBSD 95. Encrypt Traffic Automatically with Openswan 96. Forward and Encrypt Traffic with SSH 97. Automate Logins with SSH Client Keys 98. Use a Squid Proxy over SSH 99. Use SSH As a SOCKS Proxy 100. Encrypt and Tunnel Traffic with SSL 101. Tunnel Connections Inside HTTP 102. Tunnel with VTun and SSH 103. Generate VTun Configurations Automatically 104. Create a Cross-Platform VPN 105. Tunnel PPP viii I Contents