Network Security Hacks

To the uninitiated, the title may seem like an oxymoron: after all, aren't hacks what network security is supposed to prevent? But if you're network administrator, this book's title not only makes sense; it makes a lot of sense. You know that a busy administrator needs a hatful of devilishly effective security hacks to keep your 12-hour days from becoming all-nighters.

Network Security Hacks is not a long-winded treatise on security theory. Instead, this information packed little book provides 100 quick, practical, and clever things to do to help make your Linux, UNIX, or Windows networks more secure today.

This compendium of security hacks doesn't just cover securing TCP/IP-based services, but also provides intelligent host-based security techniques. Loaded with concise but powerful examples of applied encryption, intrusion detection, logging, trending, and incident response, Network Security Hacks will demonstrate effective methods for defending your servers and networks from a variety of devious and subtle attacks.

Network Security Hacks show how to detect the presence (and track every keystroke) of network intruders, methods for protecting your network and data using strong encryption, and even techniques for laying traps for would-be system crackers. Important security tools are presented, as well as clever methods for using them to reveal real, timely, useful information about what is happening on your network.

O'Reilly's Hacks Series reclaims the term "hacking" for the good guys--innovators who use their ingenuity to solve interesting problems, explore and experiment, unearth shortcuts, and create useful tools. Network Security Hacks lives up to reputation the Hacks series has earned by providing the "roll-up-your sleeves and get-it-done" hacks that most network security tomes don't offer. Every hack can be read in just a few minutes but will save hours of searching for the right answer.

Using just one of these amazing hacks will make this slim book's price seem like a remarkable deal. The other 99 make Network Security Hacks absolutely invaluable.

Table of Contents：

Credits   

Preface   

Chapter 1. Unix Host Security  

       1. Secure Mount Points   

       2. Scan for SUID and SGID Programs   

       3. Scan For World- and Group-Writable Directories   

       4. Create Flexible Permissions Hierarchies with POSIX ACLs   

       5. Protect Your Logs from Tampering   

       6. Delegate Administrative Roles   

       7. Automate Cryptographic Signature Verification   

       8. Check for Listening Services   

       9. Prevent Services from Binding to an Interface   

       10. Restrict Services with Sandboxed Environments   

       11. Use proftp with a MySQL Authentication Source   

       12. Prevent Stack-Smashing Attacks   

       13. Lock Down Your Kernel with grsecurity   

       14. Restrict Applications with grsecurity   

       15. Restrict System Calls with Systrace   

       16. Automated Systrace Policy Creation   

       17. Control Login Access with PAM   

       18. Restricted Shell Environments   

       19. Enforce User and Group Resource Limits   

       20. Automate System Updates   

Chapter 2. Windows Host Security  

       21. Check Servers for Applied Patches   

       22. Get a List of Open Files and Their Owning Processes   

       23. List Running Services and Open Ports   

       24. Enable Auditing   

       25. Secure Your Event Logs   

       26. Change Your Maximum Log File Sizes   

       27. Disable Default Shares   

       28. Encrypt Your Temp Folder   

       29. Clear the Paging File at Shutdown   

       30. Restrict Applications Available to Users   

Chapter 3. Network Security  

       31. Detect ARP Spoofing   

       32. Create a Static ARP Table   

       33. Firewall with Netfilter   

       34. Firewall with OpenBSD's PacketFilter   

       35. Create an Authenticated Gateway   

       36. Firewall with Windows   

       37. Keep Your Network Self-Contained   

       38. Test Your Firewall   

       39. MAC Filtering with Netfilter   

       40. Block OS Fingerprinting   

       41. Fool Remote Operating System Detection Software  

       42. Keep an Inventory of Your Network   

       43. Scan Your Network for Vulnerabilities   

       44. Keep Server Clocks Synchronized   

       45. Create Your Own Certificate Authority   

       46. Distribute Your CA to Clients   

       47. Encrypt IMAP and POP with SSL   

       48. Set Up TLS-Enabled SMTP   

       49. Detect Ethernet Sniffers Remotely   

       50. Install Apache with SSL and suEXEC   

       51. Secure BIND   

       52. Secure MySQL   

       53. Share Files Securely in Unix   

Chapter 4. Logging  

       54. Run a Central Syslog Server   

       55. Steer Syslog   

       56. Integrate Windows into Your Syslog Infrastructure

       57. Automatically Summarize Your Logs   

       58. Monitor Your Logs Automatically   

       59. Aggregate Logs from Remote Sites   

       60. Log User Activity with Process Accounting   

Chapter 5. Monitoring and Trending  

       61. Monitor Availability   

       62. Graph Trends   

       63. Run ntop for Real-Time Network Stats   

       64. Audit Network Traffic   

       65. Collect Statistics with Firewall Rules   

       66. Sniff the Ether Remotely   

Chapter 6. Secure Tunnels  

       67. Set Up IPsec Under Linux   

       68. Set Up IPsec Under FreeBSD   

       69. Set Up IPsec in OpenBSD   

       70. PPTP Tunneling   

       71. Opportunistic Encryption with FreeS/WAN   

       72. Forward and Encrypt Traffic with SSH   

       73. Quick Logins with SSH Client Keys   

       74. Squid Proxy over SSH   

       75. Use SSH as a SOCKS Proxy   

       76. Encrypt and Tunnel Traffic with SSL   

       77. Tunnel Connections Inside HTTP   

       78. Tunnel with VTun and SSH   

       79. Automatic vtund.conf Generator   

       80. Create a Cross-Platform VPN   

       81. Tunnel PPP   

Chapter 7. Network Intrusion Detection  

       82. Detect Intrusions with Snort   

       83. Keep Track of Alerts   

       84. Real-Time Monitoring   

       85. Manage a Sensor Network   

       86. Write Your Own Snort Rules   

       87. Prevent and Contain Intrusions with Snort_inline 

       88. Automated Dynamic Firewalling with SnortSam   

       89. Detect Anomalous Behavior   

       90. Automatically Update Snort's Rules   

       91. Create a Distributed Stealth Sensor Network   

       92. Use Snort in High-Performance Environments with Barnyard   

       93. Detect and Prevent Web Application Intrusions   

       94. Simulate a Network of Vulnerable Hosts   

       95. Record Honeypot Activity   

Chapter 8. Recovery and Response  

       96. Image Mounted Filesystems   

       97. Verify File Integrity and Find Compromised Files 

       98. Find Compromised Packages with RPM   

       99. Scan for Root Kits   

       100. Find the Owner of a Network   

Index