Slashdot Mirror
Network Security Hacks
The book is structured around many security subjects. These are: UNIX, Windows, Network Security, Logging (covering collecting, summarizing and analyzing log files), Monitoring, (covering system and network monitoring and collecting various statistics), Tunnels (covering various kind of VPNs and encrypted communication), Intrusion Detection, and Recovery and Response (short section covering very basic forensics).
Each section has a dozen or more tips, each taking from a page to several pages. For example, looking for SUID and SGID files takes just half a page, while installing and configuring Snort NIDS takes several pages. As a result, the style is understandably terse and to-the point.
The book ended up being one cool collection of tips, ranging from mundane ('how to configure iptables on Linux') to fairly esoteric ('how to use MySQL as an authenticating backend for an FTP server'). If you've always wanted to use 'grsecurity' or 'systrace,' but thought they were too complicated - grab the book and give it a shot. If you want to set up a fancy encrypted tunnel between two networks, it covers that too. Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place. Network Security Hacks covers selected topics in host security, SSH and VPNs, IDS, monitoring and even touches upon forensics. I also liked its multi-platform coverage, with a slight but unmistakable UNIX/Linux bias.
Overall, Network Security Hacks is a great book, provided you don't try to find in it something it isn't; it is a neat collection of simple network security tips. I somewhat disliked that many tips don't go beyond 'how to install a tool' and so stop short of discussing how to use it best. Another gripe: I'd rather some of the tips skipped the obvious (such as "./configure; make; make install") and focused on little known and cool ways to use technology for security. Network Security Hacks will be useful for people involved with system and network management, those starting up in the security field, as well as for more advanced professionals (as a way to check their knowledge and skills). Also, it helps folks to jump straight to effective ways of doing things in the areas where their skills are less developed.
For example, I knew it was possible to use SSH to create a makeshift VPN, but this books is the first I've seen with a really good description of doing so. Similarly, I found some neat MySQL hardening tips in the book. Overall, there is a lot in the book for most people who are somehow involved in computer security, particularly if they're also running UNIX or Linux.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company, author of Security Warrior (and contributor to Know Your Enemy II), and maintainer of security portal info-secure.org You can purchase Network Security Hacks from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
I've been beating myself over the head trying to find a gift for my Script Kiddie nephew! Thank you Andrew Lockhart!
"Network security hacks" - sounds like some setups I know of.
Its a very good reference book. If anyones looking for a good beginners book thats similar tho this one then check out Steal This Computer Book 3: What They Won't Tell You About the Internet
From what I read in the review, it looks more like a beginner's guide to network security. It could prove to be quite useful for someone fairly new to it. In the Air Force, quite a few people who deal with IT are pretty new to this stuff (a lot of people are straight out of high school), and even though most stuff we deal with is Windows-centric, we still need to know Unix for things such as firewalls. Looks like the book could be handy for both.
It would be cool if it didn't suck.
Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place.
Well duh...
Google knows everything, therefore includes any book, just like sea water contains sugar (and almost any known chemical compound) but it's so diluted it would make a lousy sweetener. Therefore, books are good, whether or not Google contains the information in the book.
why can't I shake the image of Wyle. E. Coyote reading his Acme book of Hacking just before trying something he's about to reget...
"Is this just useless, or is it expensive as well?"
You could probably just look at the table of contents of this book and do a search on each section/topic. Actually I might try just that, might turn up some interesting stuff.
with a title like Network Security Hacks I would expect much more than teaching me how to install a program on my computer or how to use SSH to tunnel a connection like the reviewer has said.
Sorry if im being mean but you can learn just as much by reading the manpages or by using google after the how-tos.
If you really want to learn something useful about networks I suggest the good old Richard Stevens
What is best in life? To crush your enemies, to see them driven before you and to hear the lamentations of their women.
http://slashdot.org/~Andrew%20Lockhart
yvan eht nioj
Ah, that's how it is done!"
In other words, a public admission you've ignored proper procedures in the past and fessed up to knowing just enough to be dangerous.
This deal ends today (7/8) so hurry out:
Hackers and Painters
Network Security Hacks
Windows XP Hacks
Hardware Hacking
Ipod and Itunes: The missing manual
Hardware Hacking projects for geeks
Adobe photoshop CS one on one
Mac OS X Panther: the missing manual
Personally, the TCP/IP author i perfer is Comer, but then that's what i cut my teeth on. Also doesn't hurt that Comer was the advisor of my favorite CS prof in my undergrad career. (because he not only knew what he was talking about, but he could also teach and made things interesting. Not an easy person to have classes with but fair and fascinating)
Everything I need to know I learned by killing smart people and eating their brains.
The fastest, best, AND cheapest way to test network security is to load up an irc client on it and go to a linux channel. Then simply talk about how your "windows" system is unhackble.
This is a biggie. You can prevent users from creating code in /home if you want, and you can keep runnable stuff out of /tmp or /var.
Debian does a really great job of keeping those paths pure so that packages don't rely on them having runnable things. This means great strides in security if you mount with those options, save one terrible exception: dselect wants to run scripts in tmp :(
Representatives of government and industry already have begun addressing the needs of specific infrastructure sectors, but the partnership is intended to bring together these efforts to facilitate a broader industry dialogue and to serve as a catalyst for action, according to the release. Government and industry representatives will meet again early next year to identify and begin addressing specific areas of mutual interest.
Support Texas Troops use TXGoogle
Wonder why the Air Force and other military branches don't have superior IT staff?
When their time to re-enlist comes up, they can take that knowledge (and security clearance) and go get paid 5-10 times what the service pays them to work for a contactor to the NSA, FBI, CIA, or the big defense contractors.
Why would you stay?
Wonder why there are so many guys not re-enlisting? Is it that they don't want to serve or go back to Iraq? Nope. They see the private security guys there making 10-20 times what they make for the same job...
I see a trend here.
My mom says I'm cool.
I was lucky enough to get a review copy from O'reilly. One of the first things I tried was faking your OS signature for port scans. It was interesting to try it out, but I had to downgrade my Linux Kernel to 2.4.18 *gasp*. So after a recompile, and configuring iptables for IP Personalities, nmap detected "Sega DreamCast Console" on aforementioned machine. There are other signatures, I just wanted to try out the most amusing one. The problem is the patch is deprecated, buggy, not being developed, and the sparse documentation mentions it can make your TCP sequences less secure. Hey, it was amusing to try it, but too much hassle, and maybe it is not the most secure solution. Don't know what this one was doing in a security book, considering it could cause your system to be less secure. Nmap detects the faked signature about 90% of the time, depends on how the network is routed and such.
Most of the Windows hacks are a matter of downloading 3rd party software, however there was one registry hack to turn off Default SMB shares (C$ and ADMIN$), this was the only Win Hack.
I have enjoyed reading so far, and will get around to finishing it...eventually. Much like the other hack books there are hacks in here for beginners, intermediates, and wizards.
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
bash-2.05b$ bash -r
bash: SHELL: readonly variable
bash: PATH: readonly variable
bash-2.05b$ ls
bash: ls: No such file or directory
bash-2.05b$
Now users cannot run anything that is not symlinked to their home directory.
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
Restricted shells are primarily useful for cases where you're trying to avoid shooting yourself in the foot, not where you need to stop a
possibly malicious user.
I've just finished a setup with snort, apf, logsurfer and a custom program to create a live repsone firewall.
snort will detect the offensive network traffic and put it into the alert log file. Logsurfer will then trigger and email me with a notice, it will run a program I wrote to blacklist the attacking IP (my program checks to make sure the IP is not already banned and makes sure the IP is not my own so I do not get locked out). Finally, my program updates the firewall to block the bastard.
The only hole I see in this setup is a DoS by attacking with different spoofed "from IPs" until the firewall rules are too big, or too many legit servers are banned.
Can someone point me to a download link for the scripts used in that book.
Thanks in advance.
i'll check it out though, thanx :)
While a good book is always great, most of this stuff is already on SecurityFocus. Not to mention is home of the bugtraq mailing list. I find alot of the material is already covered in their infocus articles, plus some of the best hackers out there, both white hat and black hat, are on the list and give some of the best tips.
You only live once, so you might as well have fun before you die.
> Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place.
Translation: too lazy to find it myself, I'll just eat some potato chips and pay the man for his "research."
While its often funny as hell to set a server signature to something like "General Electric Toaster Oven, Microsoft Windows 3.11", I gotta wonder if doing this results in more malicious pokes at a system? Obviously a hardcore cracker is gonn know its bogus, and I'm willing to bet this only makes him/her more determined to correctly identify the target.
Anybody have some stories/thoughts/example data?
I'm not tense. I'm just terribly, terribly, alert.
are you sure it isn't gilderoy lockhart? the same author of 'magical me'?
or did he change his name after coming out of st.mungo's?
I am a security professional and also have an O'Reilly Safari account. I agree completely with you, lylonius. O'Reilly has few good security titles at all. The SSH, OpenSSL, and Kerberos books are the only ones I have kept on my Safari bookshelf for long.
Looking at my bookshelf in the office, the publishers of security titles I actually purchase from so as to have the hardcopy available for reading/reference/travel are New Riders, Syngress, and Auerbach. O'Reilly isn't represented.
= jombee
What I usually do is a generic search (ie: network security phrases) to find the keywords to use on a proper search. Works great, even if it is a two step process.
For instance, I heard about a liquid that will solidify in the presence of a magnetic field. I type "liquid solidify magnetic field" into google. Then, looking though the pages, I find the term "magnetorheological fluid", which makes a much more refined search.
"That's so plausible, I can't believe it!" - Leela
I can just see it:
Wyle E, sitting in front of a computer trying to hack the nation's defense computers to use starwars satellites to send a deathray down to the road runner's location.
Thought bubble appears showing the roadrunner turning into a cooked turkey.
After a short time, the screen flashes red. Wyle E. starts wiping his HD and eating his printouts and disks.
Just as he finishes, the FBI break in and arrest him. Next, we see them holding Wyle E. over a plastic bag, waiting for the evidence to drop out.
"That's so plausible, I can't believe it!" - Leela
No, google does not know this.
Does Google know about Garfield's OUT IN THE STREETS ? I don't think so. An LP from 1977, with the marvelous "A Private Affair" tune.
No, google does not know this.
Does Google know about Garfield's OUT IN THE STREETS ? I don't think so. An LP from 1977, with the marvelous "A Private Affair" tune.