A Hackers Guide to Protecting Your Internet Site and Network.pdf

Maximum Security: A Hacker's Guide to

Protecting Your Internet Site and

Network

Table of Contents:

•

Introduction

I Setting the Stage

•

Chapter 1 - Why Did I Write This Book?

•

Chapter 2 - How This Book Will Help You

•

Chapter 3 - Hackers and Crackers

•

Chapter 4 - Just Who Can Be Hacked, Anyway?

II Understanding the Terrain

•

Chapter 5 - Is Security a Futile Endeavor?

•

Chapter 6 - A Brief Primer on TCP/IP

•

Chapter 7 - Birth of a Network: The Internet

•

Chapter 8 - Internet Warfare

III Tools

•

Chapter 9 - Scanners

•

Chapter 10 - Password Crackers

•

Chapter 11 - Trojans

•

Chapter 12 - Sniffers

•

Chapter 13 - Techniques to Hide One's Identity

•

Chapter 14 - Destructive Devices

IV Platforms and Security

•

Chapter 15 - The Hole

•

Chapter 16 - Microsoft

•

Chapter 17 - UNIX: The Big Kahuna

•

Chapter 18 - Novell

•

Chapter 19 - VAX/VMS

•

Chapter 20 - Macintosh

•

Chapter 21 - Plan 9 from Bell Labs

V Beginning at Ground Zero

•

Chapter 22 - Who or What Is Root?

•

Chapter 23 - An Introduction to Breaching a Server Internally

•

Chapter 24 - Security Concepts

VI The Remote Attack

•

Chapter 25 - The Remote Attack

•

Chapter 26 - Levels of Attack

•

Chapter 27 - Firewalls

•

Chapter 28 - Spoofing Attacks

•

Chapter 29 - Telnet-Based Attacks

•

Chapter 30 - Language, Extensions, and Security

VII The Law

•

Chapter 31 - Reality Bytes: Computer Security and the Law

VIII Appendixes

•

Appendix A - How to Get More Information

•

Appendix B - Security Consultants

•

Appendix C - A Hidden Message About the Internet

•

Appendix D - What's on the CD-ROM

Maximum Security:

A Hacker's Guide to Protecting Your

Internet Site and Network

Dedication

This book is dedicated to Michelle, whose presence has rendered me a prince among

men.

Acknowledgments

My acknowledgments are brief. First, I would like to acknowledge the folks at Sams,

particularly Randi Roger, Scott Meyers, Mark Taber, Blake Hall, Eric Murray, Bob

Correll, and Kate Shoup. Without them, my work would resemble a tangled, horrible

mess. They are an awesome editing team and their expertise is truly extraordinary.

Next, I extend my deepest gratitude to Michael Michaleczko, and Ron and Stacie

Latreille. These individuals offered critical support, without which this book could not

have been written.

Also, I would like to recognize the significant contribution made by John David Sale, a

network security specialist located in Van Nuys, California. His input was invaluable. A

similar thanks is also extended to Peter Benson, an Internet and EDI Consultant in Santa

Monica, California (who, incidentally, is the current chairman of ASC X12E). Peter's

patience was (and is) difficult to fathom. Moreover, I forward a special acknowledgment

to David Pennells and his merry band of programmers. Those cats run the most robust

and reliable wire in the southwestern United States.

About the Author

The author describes himself as a "UNIX propeller head" and is a dedicated advocate of

the Perl programming language, Linux, and FreeBSD.

After spending four years as a system administrator for two California health-care firms,

the author started his own security-consulting business. Currently, he specializes in

testing the security of various networking platforms (breaking into computer networks

and subsequently revealing what holes lead to the unauthorized entry) including but not

limited to Novell NetWare, Microsoft Windows NT, SunOS, Solaris, Linux, and

Microsoft Windows 95. His most recent assignment was to secure a wide area network

that spans from Los Angeles to Montreal.

The author now lives quietly in southern California with a Sun SPARCStation, an IBM

RS/6000, two Pentiums, a Macintosh, various remnants of a MicroVAX, and his wife.

In the late 1980s, the author was convicted of a series of financial crimes after developing

a technique to circumvent bank security in Automatic Teller Machine systems. He

therefore prefers to remain anonymous.

Tell Us What You Think!

As a reader, you are the most important critic and commentator of our books. We value

your opinion and want to know what we're doing right, what we could do better, what

areas you'd like to see us publish in, and any other words of wisdom you're willing to

pass our way. You can help us make strong books that meet your needs and give you the

computer guidance you require.

Do you have access to the World Wide Web? Then check out our site at

http://www.mcp.com .

NOTE: If you have a technical question about this book, call the technical support line at

317-581-3833 or send e-mail to suppor@mcp.com .

As the team leader of the group that created this book, I welcome your comments. You

can fax, e-mail, or write me directly to let me know what you did or didn't like about this

book--as well as what we can do to make our books stronger. Here's the information:

FAX: 317-581-4669

E-mail:

Mark Taber

newtech_mgr@sams.mcp.com

Mail:

Mark Taber

Comments Department

Sams Publishing

201 W. 103rd Street

Indianapolis, IN 46290

Introduction

I want to write a few words about this book and how it should be used. This book is not

strictly an instructional, or "How To" book. Its purpose is to get you started on a solid

education in Internet security. As such, it is probably constructed differently from any

computer book you have ever read.

Although this book cannot teach you everything you need to know, the references

contained within this book can. Therefore, if you know very little about Internet security,

you will want to maximize the value of this book by adhering to the following procedure:

Each chapter (except early ones that set the stage) contains intermittent references that

might point to white papers, technical reports, or other sources of solid, reliable

information of substance (pertaining to the topic at hand). Those references appear in

boxes labeled XREF. As you encounter each source, stop for a moment to retrieve that

source from the Net. After you retrieve the source, read it, then continue reading the

book. Throughout the book, perform this operation whenever and wherever applicable. If

you do so, you will finish with a very solid basic education on Internet security.

I have constructed this book in this manner because Internet security is not a static field;

it changes rapidly. Nonetheless, there are certain basics that every person interested in

security must have. Those basics are not contained (in their entirety) in any one book

(perhaps not even in dozens of them). The information is located on the Internet in the

form of documents written by authorities on the subject. These are the people who either

designed and developed the Internet or have designed and developed its security features.

The body of their work is vast, but each paper or technical report is, at most, 40 pages in

length (most are fewer than 10).

Those readers who want only a casual education in Internet security may read the book

without ever retrieving a single document from the Internet. But if you are searching for

something more, something deeper , you can obtain it by adhering to this procedure.

If you choose to use the book as a reference tool in the manner I have described, there are

certain conventions that you need to know. If the resource you have been directed to is a

tool, consider downloading it even if it is not for your platform. With a proper archive

tool (like Winzip), you can extract the documents that accompany the distribution of that

tool. Such documents often contain extremely valuable information. For example, the

now famous scanner named SATAN (made expressly for UNIX) contains security

tutorials in HTML. These do not require that you have UNIX (in fact, all they require is a

browser). Likewise, many other tools contain documents in PDF, TXT, DOC, PS, and

other formats that are readable on any platform.

TIP: SATAN is a special case. Some of the tutorials are in HTML but have *.PL

extensions. These extensions are used to signify documents that are written in Perl. If you

do not have Perl installed, convert these documents to raw HTML. To do so, open them

in a text editor and replace the first line ( << HTML ) with <HTML> . Then rename the file

with either an *.HTM or an *.HTML extension. From that point on, your browser will

load the pages perfectly.

Also, note that many of the Internet documents referenced in this book are available in

PostScript form only. PostScript is a wonderful interpreted language that draws graphics

and text. It is used primarily in technical fields. To view some of these documents,

therefore, you will require a PostScript reader (or interpreter). If you do not already have

Adobe Illustrator or some other proprietary PostScript package, there are two leading

utilities:

•

Rops

•

Ghostscript/Ghostview

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: