Network Security: A Practical Approach. Jan L. Harrington

Transcription

1 Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of Elsevier MORGAN KAUFMANN PUBLISHERS

2 Contents Preface xi Chapter 1: In the Beginning Introduction Defining Security The Two Views of Network Security Sources of External Threats Sources of Internal Threats The Organizational Security Process Top Management Support How Secure Can You Be? The Importance of a Security Policy Legal Issues Security Personnel Outsourcing Security Preparing a Security Policy Security Audits Summary 33 Chapter 2: Basic Security Architecture Introduction Secure Network Layouts Firewalls Packet Filtering Firewalls 41

3 vi Contents Stateful Firewalls Application Proxy Firewalls Comparing Types of Firewalls Hands On: Setting File and Directory Permissions Windows UNIX Mac OS X Summary 51 Chapter 3: Physical Security Introduction Dealing with Theft and Vandalism Protecting the System Console Managing System Failure Backup Solutions Power Protection Hands On: Providing Physical Security Physical Solutions Disaster Recovery Drills Summary 78 Chapter 4: Information Gathering Introduction Social Engineering Electronic Social Engineering: Phishing Using Published Information Port Scanning Network Mapping Hands On Limiting Published Information Disabling Unnecessary Services and Closing Ports Opening Ports on the Perimeter and Proxy Serving Summary 106 Chapter 5: Gaining and Keeping Root Access Introduction Root Kits Root Kit Threat Level How Root Kits Work Brute Force Entry Attacks and Intrusion Detection Examining System Logs 115

4 Contents vii Intrusion Detection Software Intrusion Prevention Software Honeypots Buffer Overflow Attacks Hands On Viewing and Configuring Windows Event Logs Patches and Patch Management Summary 130 Chapter 6: Spoofing Introduction TCP Spoofing DNS Spoofing IP (and ) Spoofing Web Spoofing Hands On Detecting Spoofed Detecting Spoofed Web Sites Summary 156 Chapter 7: Denial of Service Attacks Introduction Single Source DoS Attacks SYN Flood Attacks Ping of Death Smurf UDP Flood Attacks Distributed DoS Attacks Tribe Flood Network Trinoo Stacheldraht Hands On Using an IDS to Detect a DoS Attack Using System Logs to Detect a DoS Attack Handling a DoS Attack in Progress DoS Defense Strategies Finding Files Summary 178 Chapter 8: Malware Introduction 182

5 vlii Contents 8.1 A Bit of Malware History Types of Malware Based on Propagation Methods Hands On "Virus" Scanners Dealing with Removable Media Lockdown Schemes Summary 202 Chapter 9: User and Password Security Introduction Password Policy Strong Passwords Password File Security Windows UNIX Password Audits UNIX: John the Ripper Windows: LOphtCrack Enhancing Password Security with Tokens Hands On: Password Management Software Centralized Password Management Individual Password Management Summary 223 Chapter 10: Remote Access Introduction Remote Access Vulnerabilities Dial-In Access Remote Control Software Remote Access Commands VPNs Remote User Authentication RADIUS Kerberos CHAP and MS-CHAP Hands On: OS VPN Support Windows VPN Support Macintosh OS X VPN Support Summary 258

6 . Contents ix Chapter 11: Wireless Security Introduction Wireless Standards Wireless Standards Bluetooth The Forthcoming Wireless Network Vulnerabilities Signal Bleed and Insertion Attacks Signal Bleed and Interception Attacks SSID Vulnerabilities Denial of Service Attacks Battery Exhaustion Attacks Wireless Security Provisions llx Security Bluetooth Security Hands On: Securing Your lx Wireless Network Summary 275 Chapter 12: Encryption Introduction To Encrypt or Not to Encrypt Single Key Encryption Schemes Substitution Cyphers Single-Key Encryption Algorithms Key Management Problems Two-Key Encryption Schemes The Mathematics of Public Key Encryption Combining Single- and Two-Key Encryption Ensuring Message Integrity Message Digest Algorithms Checksums Message Authentication and Digital Certificates Authenticating with PKE Alone Authenticating with Digital Certificates Composition and Purpose of PKI Hands On Third-Party Certificate Authorities Encryption Software Summary 316

7 Contents Appendix A: The TCP/IP Protocol Stack 319 A.O Introduction 320 A.I The Operation of a Protocol Stack 320 A.2 The Application Layer 322 A.3 The Transport Layer 323 A.3.1TCP324 A.3.2 UDP 326 A.4 The Internet Layer 327 A.5 The Logical Link Control Layer 330 A.6 The MAC Layer 330 A. 7 The Physical Layer 332 Appendix B: TCP and UDP Ports 335 B.O Well-Known Ports 336 B.I Registered Ports 340 B.2 Port List References 341 Appendix C: Security Update Sites 343 CO Professional Security Update Sites 344 C.I Other Sites of Interest 344 Glossary 347 Index 359 Photo Credits 366