Network Security Hacks

Contents
Credits
About the Author
Contributors
Acknowledgments
Preface
Why Network Security Hacks?
How This Book Is Organized
Conventions Used in This Book
Safari® Enabled
Using Code Examples
How to Contact Us
Got a Hack?
Unix Host Security
Secure Mount Points
Scan for SUID and SGID Programs
Scan for World- and Group-Writable Directories
Create Flexible Permissions Hierarchies with POSIX ACLs
Enabling ACLs
Managing ACLs
Protect Your Logs from Tampering
Delegate Administrative Roles
Automate Cryptographic Signature Verification
Check for Listening Services
Prevent Services from Binding to an Interface
Restrict Services with Sandboxed Environments
Using chroot()
Using FreeBSD’s jail()
Use proftpd with a MySQL Authentication Source
See Also
Prevent Stack-Smashing Attacks
Lock Down Your Kernel with grsecurity
Patching the Kernel
Configuring Kernel Options
Low security
Medium security
High security
Customized security settings
Restrict Applications with grsecurity
Restrict System Calls with systrace
Create systrace Policies Automatically
Control Login Access with PAM
Limiting Access by Origin
Restricting Access by Time
Restrict Users to SCP and SFTP
Setting Up rssh
Configuring chroot()
Use Single-Use Passwords for Authentication
OPIE Under FreeBSD
S/Key Under OpenBSD
Restrict Shell Environments
Enforce User and Group Resource Limits
Automate System Updates
Windows Host Security
Check Servers for Applied Patches
Using HFNetChk
See Also
Use Group Policy to Configure Automatic Updates
Some Recommendations
Digging Deeper
List Open Files and Their Owning Processes
List Running Services and Open Ports
Enable Auditing
Enumerate Automatically Executed Programs
Secure Your Event Logs
Change Your Maximum Log File Sizes
Back Up and Clear the Event Logs
The Code
Running the Hack
Disable Default Shares
Encrypt Your Temp Folder
Back Up EFS
Backing Up Encrypted Data and EFS Keys
Restoring EFS Keys
Backing Up Recovery Agent Keys
Clear the Paging File at Shutdown
Check for Passwords That Never Expire
The Code
Running the Hack
Privacy and Anonymity
Evade Traffic Analysis
Onion Routing
Installing Tor
Installing Privoxy
Configuring Privoxy for Tor
See Also
Tunnel SSH Through Tor
See Also
Encrypt Your Files Seamlessly
Guard Against Phishing
SpoofGuard
Installing SpoofGuard
How SpoofGuard Works
Use the Web with Fewer Passwords
PwdHash
Remote PwdHash
Encrypt Your Email with Thunderbird
Setting Up Thunderbird
Providing a Public/Private Key Pair
Importing an existing key pair
Generating a new key pair
Sending and Receiving Encrypted Email
Encrypt Your Email in Mac OS X
Installing GPG
Creating a GPG Key
Installing GPGMail
Sending and Receiving Encrypted Email
Firewalling
Firewall with Netfilter
Setting the Filtering Policy
Rule Examples
A Word About Stateful Inspection
Ordering Rules
Firewall with OpenBSD’s PacketFilter
Configuring PF
Global Options
Traffic Normalization Rules
Filtering Rules
Protect Your Computer with the Windows Firewall
Allow Programs to Bypass the Firewall
Tracking Firewall Activity with a Windows Firewall Log
Problems with Email and the Windows Firewall
Hacking the Hack
See Also
Close Down Open Ports and Block Protocols
Replace the Windows Firewall
Installing CORE FORCE
The Configuration Wizard
Manual Configuration
Create an Authenticated Gateway
Keep Your Network Self-Contained
Test Your Firewall
MAC Filter with Netfilter
Block Tor
Encrypting and Securing Services
Encrypt IMAP and POP with SSL
Use TLS-Enabled SMTP with Sendmail
Use TLS-Enabled SMTP with Qmail
Install Apache with SSL and suEXEC
Apache 1.x
Apache 2.x
Secure BIND
See Also
Set Up a Minimal and Secure DNS Server
Installing daemontools
Installing Djbdns
Adding Records
Secure MySQL
Share Files Securely in Unix
Network Security
Detect ARP Spoofing
Create a Static ARP Table
Protect Against SSH Brute-Force Attacks
Changing the Port
Disabling Password Authentication
Firewalling the SSH Daemon
Limiting connections to your sshd
Parsing logs and blocking an IP
Rate-limiting SYN packets
Fool Remote Operating System Detection Software
Keep an Inventory of Your Network
Scan Your Network for Vulnerabilities
Nessus 2.x
Nessus 3.x
Keep Server Clocks Synchronized
Create Your Own Certificate Authority
Creating the CA
Signing Certificates
Distribute Your CA to Clients
Back Up and Restore a Certificate Authority with Certificate Services
Backing Up a CA
The Certification Authority Backup Wizard
Restoring a CA to a Working Server
Restoring a CA to a Different Server
Decommissioning the Old CA
Detect Ethernet Sniffers Remotely
Sniffing Shared Mediums
Sniffing in Switched Environments
Installing SniffDet
Testing with ARP Queries
Help Track Attackers
Scan for Viruses on Your Unix Servers
Installing ClamAV
Configuring clamd
Track Vulnerabilities
Mailing Lists
RSS Feeds
Cassandra
Summary
Wireless Security
Turn Your Commodity Wireless Routers into a Sophisticated Security Platform
Use Fine-Grained Authentication for Your Wireless Network
Deploying the RADIUS Server
Configuring Your AP
Deploy a Captive Portal
The Authentication Server
Installing the Gateway
Logging
Run a Central Syslog Server
Steer Syslog
Integrate Windows into Your Syslog Infrastructure
Using NTsyslog
Using Eventlog to Syslog
Summarize Your Logs Automatically
Monitor Your Logs Automatically
Installing swatch
Configuration Syntax
Aggregate Logs from Remote Sites
Compiling syslog-ng
Configuring syslog-ng
Translating Your syslog.conf
Log User Activity with Process Accounting
Centrally Monitor the Security Posture of Your Servers
Installation
Adding Agents
Installing a Windows Agent
Configuration
Active Responses
See Also
Monitoring and Trending
Monitor Availability
Installing Nagios
Installing Plug-ins
Configuring Nagios
Adding hosts to monitor
Creating host groups
Creating contacts and contact groups
Configuring services to monitor
Defining time periods
Graph Trends
Get Real-Time Network Stats
Collect Statistics with Firewall Rules
Sniff the Ether Remotely
Secure Tunnels
Set Up IPsec Under Linux
Set Up IPsec Under FreeBSD
Client Configuration
Gateway Configuration
Using x.509 Certificates
Set Up IPsec in OpenBSD
Password Authentication
Certificate Authentication
Encrypt Traffic Automatically with Openswan
Forward and Encrypt Traffic with SSH
Automate Logins with SSH Client Keys
Use a Squid Proxy over SSH
Use SSH As a SOCKS Proxy
Encrypt and Tunnel Traffic with SSL
Building Stunnel
Configuring stunnel
Encrypting Services
Tunnel Connections Inside HTTP
Tunnel with VTun and SSH
Configuring VTun
Testing VTun
Encrypting the Tunnel
Generate VTun Configurations Automatically
The Code
Running the Hack
Create a Cross-Platform VPN
Installing OpenVPN
Testing OpenVPN
Creating Your Configuration
Using OpenVPN and Windows
Using OpenVPN with Mac OS X
Tunnel PPP
See Also
Network Intrusion Detection
Detect Intrusions with Snort
Installing Snort
Testing Snort
Configuring Snort
See Also
Keep Track of Alerts
Monitor Your IDS in Real Time
Creating the Database
Setting Up the Server
Installing a Sensor
Patching Snort
Patching Barnyard
Finishing Up
Manage a Sensor Network
Installing the Prerequisites
Setting Up the Console
Setting Up an Agent
Adding an Agent to the Console
Write Your Own Snort Rules
Rule Basics
Actions
Protocols
IP addresses
Ports
Options
Adding human-readable messages
Inspecting packet content
Matching TCP flags
Thresholding
Thresholding by signature ID
Thresholding with rule options
Suppression
Prevent and Contain Intrusions with Snort_inline
Automatically Firewall Attackers with SnortSam
Installing SnortSam
Configuring SnortSam
See Also
Detect Anomalous Behavior
Automatically Update Snort’s Rules
Create a Distributed Stealth Sensor Network
Use Snort in High-Performance Environments with Barnyard
Installation
Configuring Snort
Configuring Barnyard
Testing Barnyard
Detect and Prevent Web Application Intrusions
Installing mod_security
Enabling and Configuring mod_security
Creating Filters
See Also
Scan Network Traffic for Viruses
Patching Snort
Configuring the Preprocessor
Ports to scan
Direction to scan
Blocking propagation
Miscellaneous options
Trying It Out
Simulate a Network of Vulnerable Hosts
Compiling honeyd
Configuring honeyd
Running honeyd
Testing honeyd
Record Honeypot Activity
Installing the Linux Client
Setting Up the Server
Installing the Windows Client
Recovery and Response
Image Mounted Filesystems
Verify File Integrity and Find Compromised Files
Building and Installing Tripwire
Configuring Tripwire
Day-to-Day Use
See Also
Find Compromised Packages
Using RPM
Using Other Package Managers
Scan for Rootkits
Find the Owner of a Network
Getting DNS Information
Getting Netblock Information
Index