Author Andrew Lockhart has compiled 100 quick and practical ways to secure Linux, UNIXR or Windows networks from hackers. Designed for system administrators, this book provides effective security hacks for more productive time management.

"Network Security Hacks" demonstrates powerful methods for defending servers and networks from a variety of devious and subtle attacks. Besides supplying techniques to use in securing TCP/IP-based services, Lockhart also provides intelligent host-based security approaches with examples covering such methods as applied encryption, intrusion detection, logging, trending and incident response.

Readers will learn how to detect the presence and track every keystroke of network intruders and trap would-be system hackers. Security tools important for securing any network or system are identified and Lockhart presents clever methods for using them to reveal timely and useful information about what is happening on a network.

A sampling of hacks in the book include hack 4 -- create flexible permissions hierarchies with posix acls, hack 40 -- block OS fingerprinting, hack 59 -- aggregate logs from remote sites, hack 86 -- write your own snort rules and hack 99 -- scan for root kits.

Chapter 1 UNIX Host Security:

Securing Mount Points. Scanning for SUID and SGID Programs. Scanning For World- and Group-Writable Directories. Creating Flexible Permissions Hierarchies with POSIX ACLs. Protecting Your Logs from Tampering. Delegating Administrative Roles. Automating Cryptographic Signature Verification. Checking for Listening Services. Preventing Services from Binding to An Interface. Restricting Services with Sandboxed Environments. Using proftp with a MySQL Authentication Source. Preventing Stack-Smashing Attacks. Locking Down Your Kernel with grsecurity. Restricting Applications with Grsecurity. Restricting System Calls with Systrace. Automated Systrace Policy Creation. Controlling Login Access with PAM. Restricted Shell Environments. Enforcing User and Group Resource Limits. Automating System Updates. Chapter 2 Windows Host Security:

Checking Servers for Applied Patches. Getting a List of Open Files and Their Owning Processes. Listing Running Services and Open Ports. Enabling Auditing. Securing Your Event Logs. Changing Your Maximum Log File Sizes. Disabling Default Shares. Encrypting Your Temp Folder. Clearing the Paging File at Shutdown. Restricting Applications Available to Users.

Chapter 3 Network Security:

Creating a Static ARP Table. Firewalling with Netfilter. Firewalling with OpenBSD's PacketFilter. Creating an Authenticated Gateway. Firewalling with Windows. Keeping Your Network Self-Contained. Testing Your Firewall. MAC Filtering with Netfilter. Blocking OS Fingerprinting. Fooling Remote Operating System Detection Software. Keeping an Inventory of Your Network. Scanning Your Network for Vulnerabilities. Keeping Server Clocks Synchronized. Creating Your Own Certificate Authority. Distributing Your CA to Clients. Encrypting IMAP and POP with SSL. Setting Up TLS-Enabled SMTP. Detecting Ethernet Sniffers Remotely. Installing Apache with SSL and suEXEC. Securing BIND. Securing MySQL. Sharing Files Securely in UNIX.

Chapter 4 Logging:

Running a Central Syslog Server. Steering syslog. Integrating Windows into Your Syslog Infrastructure. Automatically Summarizing Your Logs. Monitoring Your Logs Automatically. Aggregating Logs from Remote Sites. Logging User Activity with Process Accounting.

Chapter 5 Monitoring and Trending:

Monitoring Availability. Graphing Trends. Running ntop for Real-Time Network Stats. Auditing Network Traffic. Collecting Statistics with Firewall Rules. Sniffing the Ether Remotely.

Chapter 6 Secure Tunnels:

Setting Up IPsec Under Linux. Setting Up IPsec Under FreeBSD. Setting Up IPsec in OpenBSD. PPTP Tunneling. Opportunistic Encryption with FreeS/WAN. Forwarding and Encrypting Traffic with SSH. Quick Logins with SSH Client Keys. Squid Proxy over SSH. Using SSH As A SOCKS Proxy. Encrypting and Tunneling Traffic with SSL. Tunneling Connections Inside HTTP. Tunneling with VTun and SSH. Automatic vtund.conf Generator. Creating a Cross-Platform VPN. Tunneling PPP.

Chapter 7 Network Intrusion Detection:

Detecting Intrusions with Snort. Keeping Track of Alerts. Real-Time Monitoring. Managing a Sensor Network. Writing Your Own Snort Rules. Preventing and Containing Intrusions with Snort_inline. Automated Dynamic Firewalling with SnortSam. Detecting Anomalous Behavior. Automatically Updating Snort's Rules. Creating a Distributed Stealth Sensor Network. Using Snort in High-Performance Environments with Barnyard. Detecting and Preventing Web Application Intrusions. Simulating a Network of Vulnerable Hosts. Recording Honeypot Activity.

Chapter 8 Recovery and Response:

Imaging Mounted Filesystems. Verifying File Integrity and Finding Compromised Files. Finding Compromised Packages with RPM. Scanning for Root Kits. Finding the Owner of a Network. [...read more...]

From the latest issue:

Recent Blog Entries as of July 4, 2009, 10:33 pm
'Managing ZFS File Systems in Solaris Containers' Demonstrating Out-of-the-box Performance Gains with memcached-1.3.1 The Father of Java on His Progeny's Future Patch Checked Advanced (PCA) - Solaris OS Patch Management Utility VirtualBox 3.0 Released	Doing a Mobile Install of OpenSolaris and VirtualBox on a Laptop Latest Support and Key Features of Solaris Cluster for SAP NetWeaver Stack Solaris News Bites White Paper: Getting Ahead of The Trend in the Mobility Market Intel Xeon 5500 Processor Series on OpenSolaris, Solaris, and Linux
Blog RSS Feed