| |
| |
| List of Figures | |
| |
| |
| List of Tables | |
| |
| |
| Foreword | |
| |
| |
| Acknowledgments | |
| |
| |
| About the Author | |
| |
| |
| |
| Introduction | |
| |
| |
| Introduction to the Second Edition | |
| |
| |
| Who Should Read This Book? | |
| |
| |
| How This Book Is Organized | |
| |
| |
| What Are You Protecting? | |
| |
| |
| Who Are Your Enemies? | |
| |
| |
| What They Hope to Accomplish | |
| |
| |
| Costs: Protection versus Break-Ins | |
| |
| |
| Protecting Hardware | |
| |
| |
| Protecting Network and Modem Access | |
| |
| |
| Protecting System Access | |
| |
| |
| Protecting Files | |
| |
| |
| Preparing for and Detecting an Intrusion | |
| |
| |
| Recovering from an Intrusion | |
| |
| |
| |
| Securing Your System | |
| |
| |
| |
| Quick Fixes for Common Problems | |
| |
| |
| Understanding Linux Security | |
| |
| |
| The Seven Most Deadly Sins | |
| |
| |
| Passwords: A Key Point for Good Security | |
| |
| |
| Advanced Password Techniques | |
| |
| |
| Protecting the System from User Mistakes | |
| |
| |
| Forgiveness Is Better than Permission | |
| |
| |
| Dangers and Countermeasures During Initial System Setup | |
| |
| |
| Limiting Unreasonable Access | |
| |
| |
| Firewalls and the Corporate Moat | |
| |
| |
| Turn Off Unneeded Services | |
| |
| |
| High Security Requires Minimum Services | |
| |
| |
| Replace These Weak Doors with Brick | |
| |
| |
| New Lamps for Old | |
| |
| |
| United We Fall, Divided We Stand | |
| |
| |
| |
| Quick and Easy Hacking and How to Avoid It | |
| |
| |
| X Marks the Hole | |
| |
| |
| Law of the Jungle-Physical Security | |
| |
| |
| Physical Actions | |
| |
| |
| Selected Short Subjects | |
| |
| |
| Terminal Device Attacks | |
| |
| |
| Disk Sniffing | |
| |
| |
| |
| Common Hacking by Subsystem | |
| |
| |
| NFS, mountd, and portmap | |
| |
| |
| Sendmail | |
| |
| |
| Telnet | |
| |
| |
| FTP. The rsh, rcp, rexec, and rlogin Services | |
| |
| |
| DNS (named, a.k.a BIND) | |
| |
| |
| POP and IMAP Servers | |
| |
| |
| Doing the Samba | |
| |
| |
| Stop Squid from Inking Out Their Trail | |
| |
| |
| The syslogd Service | |
| |
| |
| The print Service (lpd) | |
| |
| |
| The ident Service | |
| |
| |
| INND and News | |
| |
| |
| Protecting Your DNS Registration | |
| |
| |
| |
| Common Hacker Attacks | |
| |
| |
| Rootkit Attacks (Script Kiddies) | |
| |
| |
| Packet Spoofing Explained | |
| |
| |
| SYN Flood Attack Explained | |
| |
| |
| Defeating SYN Flood Attacks | |
| |
| |
| Defeating TCP Sequence Spoofing | |
| |
| |
| Packet Storms, Smurf Attacks, and Fraggles | |
| |
| |
| Buffer Overflows or Stamping on Memory with gets() | |
| |
| |
| Spoofing Techniques | |
| |
| |
| Man-in-the-Middle Attack | |
| |
| |
| |
| Advanced Security Issues | |
| |
| |
| Configuring Netscape for Higher Security | |
| |
| |
| Stopping Access to I/O Devices | |
| |
| |
| Scouting Out Apache (httpd) Problems | |
| |
| |
| Special Techniques for Web Servers | |
| |
| |
| One-Way Credit Card Data Path for Top Security | |
| |
| |
| Hardening for Very High Security | |
| |
| |
| Restricting Login Location and Times | |
| |
| |
| Obscure but Deadly Problems | |
| |
| |
| Defeating Login Simulators | |
| |
| |
| Stopping Buffer Overflows with Libsafe | |
| |
| |
| |
| Establishing Security Policies | |
| |
| |
| General Policy | |
| |
| |
| Personal Use Policy | |
| |
| |
| Accounts Policy | |
| |
| |
| E-Mail Policy | |
| |
| |
| Instant Messenger (IM) Policy | |
| |
| |
| Web Server Policy | |
| |
| |
| File Server and Database Policy | |
| |
| |
| Firewall Policy | |
| |
| |
| Desktop Policy | |
| |
| |
| Laptop Policy | |
| |
| |
| Disposal Policy | |
| |
| |
| Network Topology Policy | |
| |
| |
| Problem Reporting Policy | |
| |
| |
| Ownership Policy | |
| |
| |
| Policy Policy | |
| |
| |
| |
| Trusting Other Computers | |
| |
| |
| Secure Systems and Insecure Systems | |
| |
| |
| Trust No One-The Highest Security | |
| |
| |
| Linux and UNIX Systems Within Your Control | |
| |
| |
| Mainframes Within Your Control | |
| |
| |
| A Window Is Worth a Thousand Cannons | |
| |
| |
| Firewall Vulnerabilities | |
| |
| |
| Virtual Private Networks | |
| |
| |
| Viruses and Linux | |
| |
| |
| |
| Gutsy Break-Ins | |
| |
| |
| Mission Impossible Techniques Spies | |
| |
| |
| Fanatics and Suicide Attacks | |
| |
| |
| |
| Case Studies | |
| |
| |
| Confessions of a Berkeley System Mole | |
| |
| |
| Knights of the Realm (Forensics) | |
| |
| |
| Ken Thompson Cracks the Navy | |
| |
| |
| The Virtual Machine Trojan | |
| |
| |
| AOL's DNS Change Fiasco | |
| |
| |
| I'm Innocent, I Tell Ya! Cracking with a Laptop and a Pay Phone | |
| |
| |
| Take a Few Cents off the Top | |
| |
| |
| Nonprofit Organization Runs Out of Luck | |
| |
| |
| Persistence with Recalcitra | |