Book description
To the uninitiated, the title may seem like an oxymoron: after all, aren't hacks what network security is supposed to prevent? But if you're network administrator, this book's title not only makes sense; it makes a lot of sense. You know that a busy administrator needs a hatful of devilishly effective security hacks to keep your 12-hour days from becoming all-nighters. Network Security Hacks is not a long-winded treatise on security theory. Instead, this information packed little book provides 100 quick, practical, and clever things to do to help make your Linux, UNIX, or Windows networks more secure today. This compendium of security hacks doesn't just cover securing TCP/IP-based services, but also provides intelligent host-based security techniques. Loaded with concise but powerful examples of applied encryption, intrusion detection, logging, trending, and incident response, Network Security Hacks will demonstrate effective methods for defending your servers and networks from a variety of devious and subtle attacks. Network Security Hacks show how to detect the presence (and track every keystroke) of network intruders, methods for protecting your network and data using strong encryption, and even techniques for laying traps for would-be system crackers. Important security tools are presented, as well as clever methods for using them to reveal real, timely, useful information about what is happening on your network. O'Reilly's Hacks Series reclaims the term "hacking" for the good guys--innovators who use their ingenuity to solve interesting problems, explore and experiment, unearth shortcuts, and create useful tools. Network Security Hacks lives up to reputation the Hacks series has earned by providing the "roll-up-your sleeves and get-it-done" hacks that most network security tomes don't offer. Every hack can be read in just a few minutes but will save hours of searching for the right answer. Using just one of these amazing hacks will make this slim book's price seem like a remarkable deal. The other 99 make Network Security Hacks absolutely invaluable.
Table of contents
-
Network Security Hacks
- Credits
- Preface
-
1. Unix Host Security
- Hacks #1-20
- Secure Mount Points
- Scan for SUID and SGID Programs
- Scan For World- and Group-Writable Directories
- Create Flexible Permissions Hierarchies with POSIX ACLs
- Protect Your Logs from Tampering
- Delegate Administrative Roles
- Automate Cryptographic Signature Verification
- Check for Listening Services
- Prevent Services from Binding to an Interface
- Restrict Services with Sandboxed Environments
- Use proftp with a MySQL Authentication Source
- Prevent Stack-Smashing Attacks
- Lock Down Your Kernel with grsecurity
- Restrict Applications with grsecurity
- Restrict System Calls with Systrace
- Automated Systrace Policy Creation
- Control Login Access with PAM
- Restricted Shell Environments
- Enforce User and Group Resource Limits
- Automate System Updates
-
2. Windows Host Security
- Hacks #21-30
- Check Servers for Applied Patches
- Get a List of Open Files and Their Owning Processes
- List Running Services and Open Ports
- Enable Auditing
- Secure Your Event Logs
- Change Your Maximum Log File Sizes
- Disable Default Shares
- Encrypt Your Temp Folder
- Clear the Paging File at Shutdown
- Restrict Applications Available to Users
-
3. Network Security
- Hacks #31-53
- Detect ARP Spoofing
- Create a Static ARP Table
- Firewall with Netfilter
- Firewall with OpenBSD’s PacketFilter
- Create an Authenticated Gateway
- Firewall with Windows
- Keep Your Network Self-Contained
- Test Your Firewall
- MAC Filtering with Netfilter
- Block OS Fingerprinting
- Fool Remote Operating System Detection Software
- Keep an Inventory of Your Network
- Scan Your Network for Vulnerabilities
- Keep Server Clocks Synchronized
- Create Your Own Certificate Authority
- Distribute Your CA to Clients
- Encrypt IMAP and POP with SSL
- Set Up TLS-Enabled SMTP
- Detect Ethernet Sniffers Remotely
- Install Apache with SSL and suEXEC
- Secure BIND
- Secure MySQL
- Share Files Securely in Unix
- 4. Logging
- 5. Monitoring and Trending
-
6. Secure Tunnels
- Hacks #67-81
- Set Up IPsec Under Linux
- Set Up IPsec Under FreeBSD
- Set Up IPsec in OpenBSD
- PPTP Tunneling
- Opportunistic Encryption with FreeS/WAN
- Forward and Encrypt Traffic with SSH
- Quick Logins with SSH Client Keys
- Squid Proxy over SSH
- Use SSH as a SOCKS Proxy
- Encrypt and Tunnel Traffic with SSL
- Tunnel Connections Inside HTTP
- Tunnel with VTun and SSH
- Automatic vtund.conf Generator
- Create a Cross-Platform VPN
- Tunnel PPP
-
7. Network Intrusion Detection
- Hacks #82-95
- Detect Intrusions with Snort
- Keep Track of Alerts
- Real-Time Monitoring
- Manage a Sensor Network
- Write Your Own Snort Rules
- Prevent and Contain Intrusions with Snort_inline
- Automated Dynamic Firewalling with SnortSam
- Detect Anomalous Behavior
- Automatically Update Snort’s Rules
- Create a Distributed Stealth Sensor Network
- Use Snort in High-Performance Environments with Barnyard
- Detect and Prevent Web Application Intrusions
- Simulate a Network of Vulnerable Hosts
- Record Honeypot Activity
- 8. Recovery and Response
- Index
- Colophon
Product information
- Title: Network Security Hacks
- Author(s):
- Release date: April 2004
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596006433
You might also like
book
Kali Linux Wireless Penetration Testing Cookbook
Over 60 powerful recipes to scan, exploit, and crack wireless networks for ethical purposes About This …
article
Managing Encryption Keys
This collection of shortcuts provides a practical and concise guide to securing cloud environments. It covers …
book
Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure Connectivity and Virtualization
The essential reference for security pros and CCIE Security candidates: identity, context sharing, encryption, secure connectivity …
book
Internet Security: How to Defend Against Attackers on the Web, 2nd Edition
The Second Edition of Security Strategies in Web Applications and Social Networking provides an in-depth look …