Network Security Hacks Unconfirmed Errata

Errata

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question

Version	Location	Description	Submitted By
Printed	Page 211 4th paragraph	The command line in the 4th paragraph reads "openssl req ... -keyout cakey.pem -out cakey.pem ..."(with ellipsis for irrelevant parts). I.e. the same file name is given for both the certificate and the private key. The command line "openssl req ... -keyout cakey.pem -out cacert.pem ..." would be better.	Anonymous
Printed	Page 211 4th paragraph	The command line in the 4th paragraph reads "openssl req ... -keyout cakey.pem -out cakey.pem ..."(with ellipsis for irrelevant parts). I.e. the same file name is given for both the certificate and the private key. The command line "openssl req ... -keyout cakey.pem -out cacert.pem ..." would be better.	Anonymous
Printed	Page 242 Hack 77 bottom of the page	Hi folks, In Hack #77 ("Use Fine-Grained Authentication for Your Wireless Network") of "Network Security Hacks, 2nd Edition", section 7.2.1 includes this instruction: To add users to the RADIUS server, edit the users file and add entries like this: andrew User-Password == "wlanpass" Perhaps something about the client configuration has changed, or else something about FreeRADIUS has changed (I'm using 2.1.0, current stable), but in my experience, the directive in the users file should be: andrew Cleartext-Password := "wlanpass" Various portions of the "heap of EAP" seem to object to both the "User-Password" keyword and the "==" operator, at this point. This is also borne out by Alan DeKok's PAP HoWTO, here: http://deployingradius.com/documents/configuration/pap.html I'm no RADIUS expert (yet), but believe this assertion to be true. Cheers, -sth -- Sam Hooker \| samuel.hooker@uvm.edu Systems Architecture and Administration Enterprise Technology Services The University of Vermont	Anonymous
Printed	Page 268 2nd Paragraph (hack 96) Page may differ, hack is the same. (1st Ed)	One option that the author does not seem to be aware of is a secondary use for the Suspend2 patchset. Not only is it useful to laptop users, it is also useful on servers. This is because of the essential purpose of software suspend: preserve the filesystem and memory, without disturbing processes. By its nature it does no more damage to the filesystem than a cold shutdown (perhaps less, as caches are flushed), and it throws a perfect memory image into the bargain. Add in that it is undetectable during the first portion unless the intruder is watching top studiously, and locks memory immediately after that, it can be used as a remarkably effective snapshotting tool. All that would remain would be to remove the hard drive (as most BIOS'es force resuming from the same drive as was suspended) and image it, for a perfect image of the system in question. It would probably be most effective with the filewriter target, as it eliminates the necessity of hunting through the swap parti! tion for the memory image. This omission is present in both 1st and 2nd editions (I checked the 2nd via the TOC sampler).	Anonymous