Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Security Hacks

Posted by timothy on from the tongue-accidentally-in-cheek dept.

Anton Chuvakin writes "When I first got this little book called Network Security Hacks, I was unimpressed by its idea: a seemingly random collection of network security tips combined under the same cover. However, when I started reading, more and more often I exclaimed "Ah, that's how it is done!" as well as found better ways of doing what I was doing." Read on for the rest of Chuvakin's review. Network Security Hacks author Andrew Lockhart pages 312 publisher O'Reilly rating 8 reviewer Anton Chuvakin ISBN 0596006438 summary Surprisingly good; packs a lot of network security knowledge into a small book.

The book is structured around many security subjects. These are: UNIX, Windows, Network Security, Logging (covering collecting, summarizing and analyzing log files), Monitoring, (covering system and network monitoring and collecting various statistics), Tunnels (covering various kind of VPNs and encrypted communication), Intrusion Detection, and Recovery and Response (short section covering very basic forensics).

Each section has a dozen or more tips, each taking from a page to several pages. For example, looking for SUID and SGID files takes just half a page, while installing and configuring Snort NIDS takes several pages. As a result, the style is understandably terse and to-the point.

The book ended up being one cool collection of tips, ranging from mundane ('how to configure iptables on Linux') to fairly esoteric ('how to use MySQL as an authenticating backend for an FTP server'). If you've always wanted to use 'grsecurity' or 'systrace,' but thought they were too complicated - grab the book and give it a shot. If you want to set up a fancy encrypted tunnel between two networks, it covers that too. Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place. Network Security Hacks covers selected topics in host security, SSH and VPNs, IDS, monitoring and even touches upon forensics. I also liked its multi-platform coverage, with a slight but unmistakable UNIX/Linux bias.

Overall, Network Security Hacks is a great book, provided you don't try to find in it something it isn't; it is a neat collection of simple network security tips. I somewhat disliked that many tips don't go beyond 'how to install a tool' and so stop short of discussing how to use it best. Another gripe: I'd rather some of the tips skipped the obvious (such as "./configure; make; make install") and focused on little known and cool ways to use technology for security. Network Security Hacks will be useful for people involved with system and network management, those starting up in the security field, as well as for more advanced professionals (as a way to check their knowledge and skills). Also, it helps folks to jump straight to effective ways of doing things in the areas where their skills are less developed.

For example, I knew it was possible to use SSH to create a makeshift VPN, but this books is the first I've seen with a really good description of doing so. Similarly, I found some neat MySQL hardening tips in the book. Overall, there is a lot in the book for most people who are somehow involved in computer security, particularly if they're also running UNIX or Linux.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company, author of Security Warrior (and contributor to Know Your Enemy II), and maintainer of security portal info-secure.org You can purchase Network Security Hacks from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

9 of 107 comments (clear)

  1. Re:sorry ...but im not impressed by Anonymous Coward · · Score: 1, Informative

    Nice but couldn't you post the ed2k link?

    God damn, fine, I'll do it myself.

    Addison Wesley - TCP-IP Illustrated Volume 1 - The Protocols (W. Richard Stevens)(1993).chm

    Damn lazy kids.

  2. O'Reilly discount by MrWa · · Score: 4, Informative
    There is currently a $20 mail in rebate for this book at Fry's (and elsewhere?). On the 4th, this book and "Windows XP Hacks" were reduced to $20, so you only had to pay sales tax.

    This deal ends today (7/8) so hurry out:
    Hackers and Painters
    Network Security Hacks
    Windows XP Hacks
    Hardware Hacking
    Ipod and Itunes: The missing manual
    Hardware Hacking projects for geeks
    Adobe photoshop CS one on one
    Mac OS X Panther: the missing manual

  3. Call me weird... by bladesjester · · Score: 2, Informative

    Personally, the TCP/IP author i perfer is Comer, but then that's what i cut my teeth on. Also doesn't hurt that Comer was the advisor of my favorite CS prof in my undergrad career. (because he not only knew what he was talking about, but he could also teach and made things interesting. Not an easy person to have classes with but fair and fascinating)

    --
    Everything I need to know I learned by killing smart people and eating their brains.
  4. First tip: Secure mountpoints by mcgroarty · · Score: 4, Informative
    The first tip covered is securing mountpoints. Did you know you can mount some volums so that suid bits don't work on them, or so you can't even execute files on them?

    This is a biggie. You can prevent users from creating code in /home if you want, and you can keep runnable stuff out of /tmp or /var.

    Debian does a really great job of keeping those paths pure so that packages don't rely on them having runnable things. This means great strides in security if you mount with those options, save one terrible exception: dselect wants to run scripts in tmp :(

    1. Re:First tip: Secure mountpoints by Anonymous Coward · · Score: 3, Informative

      Yes, in fact openbsd mounts various partitions noexec, nosuid, etc by default.

    2. Re:First tip: Secure mountpoints by PacoTaco · · Score: 5, Informative
      You can prevent users from creating code in /home if you want

      Not quite. You can still run stuff as an argument, like:

      perl /home/pacotaco/something.pl

    3. Re:First tip: Secure mountpoints by Anonymous Coward · · Score: 1, Informative

      The worst interpreter for this is in fact the userland ELF linker, ld.so. For example:

      # chmod -x /usr/bin/xmms
      # /usr/bin/xmms -v
      bash: /usr/bin/xmms: Permission denied
      # /lib/ld-linux.so.2 /usr/bin/xmms -v
      xmms 1.2.10
  5. Re:BOFH hack -- restricted shell by Anonymous Coward · · Score: 1, Informative

    Restricted shell is more of a security illusion than anything else. From apps ran from it, no restrictions occur. i.e. if vi/vim is linked, then a simple :!cmd executes any cmd. As you can't rely on the "authorized" app security level, there are no inforcement with restricted shells, therefore no use.

    My 2 cents...

  6. Re:snort setup by Anonymous Coward · · Score: 1, Informative

    This has been done to death when portsentry was released shortly followed by fuckportsentry.pl that could cripple any machine running it.

    The exploit uses the method you describe, spoofing the source addresses so you block a machine that you should actually trust.

    If you use snort then you've upped the stakes a bit in that the spoofed traffic is quite a lot harder to create but its not impossible. You only need to lose DNS access and the system will be knackered.

    It's a nice idea, pro-active IDS, but unfortunately until the world implements proper egress filtering then it will probably be exploitable. You can reduce the odds of being caught by doing things like rate-limiting the addition of new firewall rules, I've yet to see one of these systems that I couldn't mess up though, and I'm hardly a master hacker.