Network Security Hacks | O'Reilly Media

Network Security Hacks 100 Industrial-Strength Tips & Tools By Andrew Lockhart
April 2004
Pages: 316

| Table of Contents | Index | Sample Hacks | Colophon

Chapter 1 Unix Host Security
1. Hacks #1-20
2. Secure Mount Points
3. Scan for SUID and SGID Programs
4. Scan For World- and Group-Writable Directories
5. Create Flexible Permissions Hierarchies with POSIX ACLs
6. Protect Your Logs from Tampering
7. Delegate Administrative Roles
8. Automate Cryptographic Signature Verification
9. Check for Listening Services
10. Prevent Services from Binding to an Interface
11. Restrict Services with Sandboxed Environments
12. Use proftp with a MySQL Authentication Source
13. Prevent Stack-Smashing Attacks
14. Lock Down Your Kernel with grsecurity
15. Restrict Applications with grsecurity
16. Restrict System Calls with Systrace
17. Automated Systrace Policy Creation
18. Control Login Access with PAM
19. Restricted Shell Environments
20. Enforce User and Group Resource Limits
21. Automate System Updates
Chapter 2 Windows Host Security
1. Hacks #21-30
2. Check Servers for Applied Patches
3. Get a List of Open Files and Their Owning Processes
4. List Running Services and Open Ports
5. Enable Auditing
6. Secure Your Event Logs
7. Change Your Maximum Log File Sizes
8. Disable Default Shares
9. Encrypt Your Temp Folder
10. Clear the Paging File at Shutdown
11. Restrict Applications Available to Users
Chapter 3 Network Security
1. Hacks #31-53
2. Detect ARP Spoofing
3. Create a Static ARP Table
4. Firewall with Netfilter
5. Firewall with OpenBSD's PacketFilter
6. Create an Authenticated Gateway
7. Firewall with Windows
8. Keep Your Network Self-Contained
9. Test Your Firewall
10. MAC Filtering with Netfilter
11. Block OS Fingerprinting
12. Fool Remote Operating System Detection Software
13. Keep an Inventory of Your Network
14. Scan Your Network for Vulnerabilities
15. Keep Server Clocks Synchronized
16. Create Your Own Certificate Authority
17. Distribute Your CA to Clients
18. Encrypt IMAP and POP with SSL
19. Set Up TLS-Enabled SMTP
20. Detect Ethernet Sniffers Remotely
21. Install Apache with SSL and suEXEC
22. Secure BIND
23. Secure MySQL
24. Share Files Securely in Unix
Chapter 4 Logging
1. Hacks #54-60
2. Run a Central Syslog Server
3. Steer Syslog
4. Integrate Windows into Your Syslog Infrastructure
5. Automatically Summarize Your Logs
6. Monitor Your Logs Automatically
7. Aggregate Logs from Remote Sites
8. Log User Activity with Process Accounting
Chapter 5 Monitoring and Trending
1. Hacks #61-66
2. Monitor Availability
3. Graph Trends
4. Run ntop for Real-Time Network Stats
5. Audit Network Traffic
6. Collect Statistics with Firewall Rules
7. Sniff the Ether Remotely
Chapter 6 Secure Tunnels
1. Hacks #67-81
2. Set Up IPsec Under Linux
3. Set Up IPsec Under FreeBSD
4. Set Up IPsec in OpenBSD
5. PPTP Tunneling
6. Opportunistic Encryption with FreeS/WAN
7. Forward and Encrypt Traffic with SSH
8. Quick Logins with SSH Client Keys
9. Squid Proxy over SSH
10. Use SSH as a SOCKS Proxy
11. Encrypt and Tunnel Traffic with SSL
12. Tunnel Connections Inside HTTP
13. Tunnel with VTun and SSH
14. Automatic vtund.conf Generator
15. Create a Cross-Platform VPN
16. Tunnel PPP
Chapter 7 Network Intrusion Detection
1. Hacks #82-95
2. Detect Intrusions with Snort
3. Keep Track of Alerts
4. Real-Time Monitoring
5. Manage a Sensor Network
6. Write Your Own Snort Rules
7. Prevent and Contain Intrusions with Snort_inline
8. Automated Dynamic Firewalling with SnortSam
9. Detect Anomalous Behavior
10. Automatically Update Snort's Rules
11. Create a Distributed Stealth Sensor Network
12. Use Snort in High-Performance Environments with Barnyard
13. Detect and Prevent Web Application Intrusions
14. Simulate a Network of Vulnerable Hosts
15. Record Honeypot Activity
Chapter 8 Recovery and Response
1. Hacks #96-100
2. Image Mounted Filesystems
3. Verify File Integrity and Find Compromised Files
4. Find Compromised Packages with RPM
5. Scan for Root Kits
6. Find the Owner of a Network

Colophon

Return to Network Security Hacks

Table of Contents

Chapter 1 Unix Host Security

Hacks #1-20

Secure Mount Points

Scan for SUID and SGID Programs

Scan For World- and Group-Writable Directories

Create Flexible Permissions Hierarchies with POSIX ACLs

Protect Your Logs from Tampering

Delegate Administrative Roles

Automate Cryptographic Signature Verification

Check for Listening Services

Prevent Services from Binding to an Interface

Restrict Services with Sandboxed Environments

Use proftp with a MySQL Authentication Source

Prevent Stack-Smashing Attacks

Lock Down Your Kernel with grsecurity

Restrict Applications with grsecurity

Restrict System Calls with Systrace

Automated Systrace Policy Creation

Control Login Access with PAM

Restricted Shell Environments

Enforce User and Group Resource Limits

Automate System Updates

Chapter 2 Windows Host Security

Hacks #21-30

Check Servers for Applied Patches

Get a List of Open Files and Their Owning Processes

List Running Services and Open Ports

Enable Auditing

Secure Your Event Logs

Change Your Maximum Log File Sizes

Disable Default Shares

Encrypt Your Temp Folder

Clear the Paging File at Shutdown

Restrict Applications Available to Users

Chapter 3 Network Security

Hacks #31-53

Detect ARP Spoofing

Create a Static ARP Table

Firewall with Netfilter

Firewall with OpenBSD's PacketFilter

Create an Authenticated Gateway

Firewall with Windows

Keep Your Network Self-Contained

Test Your Firewall

MAC Filtering with Netfilter

Block OS Fingerprinting

Fool Remote Operating System Detection Software

Keep an Inventory of Your Network

Scan Your Network for Vulnerabilities

Keep Server Clocks Synchronized

Create Your Own Certificate Authority

Distribute Your CA to Clients

Encrypt IMAP and POP with SSL

Set Up TLS-Enabled SMTP

Detect Ethernet Sniffers Remotely

Install Apache with SSL and suEXEC

Secure BIND

Secure MySQL

Share Files Securely in Unix

Chapter 4 Logging

Hacks #54-60

Run a Central Syslog Server

Steer Syslog

Integrate Windows into Your Syslog Infrastructure

Automatically Summarize Your Logs

Monitor Your Logs Automatically

Aggregate Logs from Remote Sites

Log User Activity with Process Accounting

Chapter 5 Monitoring and Trending

Hacks #61-66

Monitor Availability

Graph Trends

Run ntop for Real-Time Network Stats

Audit Network Traffic

Collect Statistics with Firewall Rules

Sniff the Ether Remotely

Chapter 6 Secure Tunnels

Hacks #67-81

Set Up IPsec Under Linux