NETWORK SECURITY HACKS



Similar documents
NETWORK SECURITY HACKS *

LINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Exchange Server Cookbook

Mac OS X Lion Server

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

What is included in the ATRC server support

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

WINDOWS SERVER HACKS. HLuHB Darmstadt. O'REILLY 5 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

SonicWALL PCI 1.1 Implementation Guide

Hervey Allen. Network Startup Resource Center. PacNOG 6: Nadi, Fiji. Security Overview

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Topics in Network Security

LINUX NETWORK SECURITY

CONTENTS. PCI DSS Compliance Guide

Rails Cookbook. Rob Orsini. O'REILLY 8 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

A typical router setup between WebSAMS and ITEd network is shown below for reference. DSU. Router

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Apple Pro Training Series. OS X Server. Essentials. Arek Dreyer. and Ben Greisler

Linux VPS with cpanel. Getting Started Guide

Chapter 4: Security of the architecture, and lower layer security (network security) 1

information security and its Describe what drives the need for information security.

Implementing Cisco IOS Network Security

U06 IT Infrastructure Policy

Gigabit SSL VPN Security Router

Network Security and Firewall 1

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

How To Pass A Credit Course At Florida State College At Jacksonville

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Security. TestOut Modules

Locking down a Hitachi ID Suite server

Advanced Linux System Administration Knowledge GNU/LINUX Requirements

Hardening Guide. Installation Guide

Recommended IP Telephony Architecture

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Achieving PCI-Compliance through Cyberoam

Detailed Description about course module wise:

GL-550: Red Hat Linux Security Administration. Course Outline. Course Length: 5 days

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

Web Security, Privacy, and Commerce

Network Security: A Practical Approach. Jan L. Harrington

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

BorderWare Firewall Server 7.1. Release Notes

Programming Flash Communication Server

VMware vcenter Log Insight Security Guide

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Securing Cisco Network Devices (SND)

Network Access Security. Lesson 10

ENTERPRISE LINUX SECURITY ADMINISTRATION

Network Defense Tools

Cornerstones of Security

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Avaya TM G700 Media Gateway Security. White Paper

Avaya G700 Media Gateway Security - Issue 1.0

General Network Security

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

Configuration Guide BES12. Version 12.2

IINS Implementing Cisco Network Security 3.0 (IINS)

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Network Security Policy

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Security and privacy in public WLAN networks

GL550 - Enterprise Linux Security Administration

sendmail Cookbook Craig Hunt O'REILLY' Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

SCP - Strategic Infrastructure Security

ENTERPRISE LINUX SECURITY ADMINISTRATION

Enterprise Security Interests Require SSL with telnet server from outside the LAN

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Copyright 2012 Trend Micro Incorporated. All rights reserved.

CTS2134 Introduction to Networking. Module Network Security

Web Security Testing Cookbook*

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

INFORMATION SECURITY TRAINING CATALOG (2015)

Security + Certification (ITSY 1076) Syllabus

Chapter 1 Network Security

Configuration Guide BES12. Version 12.1

Cisco Certified Security Professional (CCSP)

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Secure Compute Research Environment Data Security Plan (DSP)

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

THE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT. April 2009 EXAMINERS' REPORT. Network Information Systems

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Firewalls. Chapter 3

Chapter 1 The Principles of Auditing 1

Directory and File Transfer Services. Chapter 7

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

RuggedCom Solutions for

Transcription:

SECOND EDITION NETWORK SECURITY HACKS 2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Andrew Lockhart O'REILLY Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

Contents Credits Preface xi xv Chapter 1. Unix Host Security 1 1. Secure Mount Points 2 2. Scan for SUID and SGID Programs 3 3. Scan for World- and Group-Writable Directories 5 4. Create Flexible Permissions Hierarchies with POSIX ACLs 5 5. Protect Your Logs from Tampering 9 6. Delegate Administrative Roles 11 7. Automate Cryptographic Signature Verification 13 8. Check for Listening Services 15 9. Prevent Services from Binding to an Interface 17 10. Restrict Services with Sandboxed Environments 19 11. Use proftpd with a MySQL Authentication Source 23 12. Prevent Stack-Smashing Attacks 26 13. Lock Down Your Kernel with grsecurity 28 14. Restrict Applications with grsecurity 33 15. Restrict System Calls with systrace 36 16. Create systrace Policies Automatically 39 17. Control Login Access with PAM 41 18. Restrict Users to SCP and SFTP 46 19. Use Single-Use Passwords for Authentication 49 20. Restrict Shell Environments 52

21. Enforce User and Group Resource Limits 22. Automate System Updates Chapter 2. Windows Host Security 23. Check Servers for Applied Patches 24. Use Group Policy to Configure Automatic Updates 25. List Open Files and Their Owning Processes 26. List Running Services and Open Ports 27. Enable Auditing 28. Enumerate Automatically Executed Programs 29. Secure Your Event Logs 30. Change Your Maximum Log File Sizes 31. Back Up and Clear the Event Logs 32. Disable Default Shares 33. Encrypt Your Temp Folder 34. Back Up EFS 35. Clear the Paging File at Shutdown 36. Check for Passwords That Never Expire Chapter 3. Privacy and Anonymity 37. Evade Traffic Analysis 38. Tunnel SSH Through Tor 39. Encrypt Your Files Seamlessly 40. Guard Against Phishing 41. Use the Web with Fewer Passwords 42. Encrypt Your Email with Thunderbird 43. Encrypt Your Email in Mac OS X Chapter 4. Firewaiiing 44. Firewall with Netfilter 45. Firewall with OpenBSD's PacketFilter 46. Protect Your Computer with the Windows Firewall 47. Close Down Open Ports and Block Protocols 48. Replace the Windows Firewall 49. Create an Authenticated Gateway 50. Keep Your Network Self-Contained 54 55 58 59 63 66 68 69 71 73 73 75 78 79 80 86. 91 91 95 96 100 105 107 112 117 117 122 128 137 139 147 149 VI Contents

51. Test Your Firewall 151 52. MAC Filter with Netfilter 154 53. Block Tor 156 Chapter 5. Encrypting and Securing Services 158 54. Encrypt IMAP and POP with SSL 158 55. Use TLS-Enabled SMTP with Sendmail 161 56. Use TLS-Enabled SMTP with Qmail 163 57. Install Apache with SSL and suexec 164 58. Secure BIND 169 59. Set Up a Minimal and Secure DNS Server 172 60. Secure MySQL 176 61. Share Files Securely in Unix 178 Chapter 6. Network Security 183 62. Detect ARP Spoofing 184 63. Create a Static ARP Table 186 64. Protect Against SSH Brute-Force Attacks 188 65. Fool Remote Operating System Detection Software 190 66. Keep an Inventory of Your Network 194 67. Scan Your Network for Vulnerabilities 197 68. Keep Server Clocks Synchronized 207 69. Create Your Own Certificate Authority 209 70. Distribute Your CA to Clients 213 71. Back Up and Restore a Certificate Authority with Certificate Services 214 72. Detect Ethernet Sniffers Remotely 221 73. Help Track Attackers 227 74. Scan for Viruses on Your Unix Servers 229 75. Track Vulnerabilities 233 Chapter 7. Wireless Security 236 76. Turn Your Commodity Wireless Routers into a Sophisticated Security Platform 236 77. Use Fine-Grained Authentication for Your Wireless Network 240 78. Deploy a Captive Portal 244 Contents I vii

Chapter 8. Logging 79. Run a Central Syslog Server 80. Steer Syslog 81. Integrate Windows into Your Syslog Infrastructure 82. Summarize Your Logs Automatically 83. Monitor Your Logs Automatically 84. Aggregate Logs from Remote Sites 85. Log User Activity with Process Accounting 86. Centrally Monitor the Security Posture of Your Servers Chapter 9. Monitoring and Trending 87. Monitor Availability 88. Graph Trends 89. Get Real-Time Network Stats 90. Collect Statistics with Firewall Rules 91. Sniff the Ether Remotely Chapter 10. Secure Tunnels 92. Set Up IPsec Under Linux 93. Set Up IPsec Under FreeBSD 94. Set Up IPsec in OpenBSD 95. Encrypt Traffic Automatically with Openswan 96. Forward and Encrypt Traffic with SSH 97. Automate Logins with SSH Client Keys 98. Use a Squid Proxy over SSH 99. Use SSH As a SOCKS Proxy 100. Encrypt and Tunnel Traffic with SSL 101. Tunnel Connections Inside HTTP 102. Tunnel with VTun and SSH 103. Generate VTun Configurations Automatically 104. Create a Cross-Platform VPN 105. Tunnel PPP 250 251 252 254 262 263 266 272 273 282 283 291 293 295 297 301 301 306 309 314 316 318 320 322 324 327 329 334 339 345 viii I Contents

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information