Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Security Hacks

Posted by timothy on from the tongue-accidentally-in-cheek dept.

Anton Chuvakin writes "When I first got this little book called Network Security Hacks, I was unimpressed by its idea: a seemingly random collection of network security tips combined under the same cover. However, when I started reading, more and more often I exclaimed "Ah, that's how it is done!" as well as found better ways of doing what I was doing." Read on for the rest of Chuvakin's review. Network Security Hacks author Andrew Lockhart pages 312 publisher O'Reilly rating 8 reviewer Anton Chuvakin ISBN 0596006438 summary Surprisingly good; packs a lot of network security knowledge into a small book.

The book is structured around many security subjects. These are: UNIX, Windows, Network Security, Logging (covering collecting, summarizing and analyzing log files), Monitoring, (covering system and network monitoring and collecting various statistics), Tunnels (covering various kind of VPNs and encrypted communication), Intrusion Detection, and Recovery and Response (short section covering very basic forensics).

Each section has a dozen or more tips, each taking from a page to several pages. For example, looking for SUID and SGID files takes just half a page, while installing and configuring Snort NIDS takes several pages. As a result, the style is understandably terse and to-the point.

The book ended up being one cool collection of tips, ranging from mundane ('how to configure iptables on Linux') to fairly esoteric ('how to use MySQL as an authenticating backend for an FTP server'). If you've always wanted to use 'grsecurity' or 'systrace,' but thought they were too complicated - grab the book and give it a shot. If you want to set up a fancy encrypted tunnel between two networks, it covers that too. Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place. Network Security Hacks covers selected topics in host security, SSH and VPNs, IDS, monitoring and even touches upon forensics. I also liked its multi-platform coverage, with a slight but unmistakable UNIX/Linux bias.

Overall, Network Security Hacks is a great book, provided you don't try to find in it something it isn't; it is a neat collection of simple network security tips. I somewhat disliked that many tips don't go beyond 'how to install a tool' and so stop short of discussing how to use it best. Another gripe: I'd rather some of the tips skipped the obvious (such as "./configure; make; make install") and focused on little known and cool ways to use technology for security. Network Security Hacks will be useful for people involved with system and network management, those starting up in the security field, as well as for more advanced professionals (as a way to check their knowledge and skills). Also, it helps folks to jump straight to effective ways of doing things in the areas where their skills are less developed.

For example, I knew it was possible to use SSH to create a makeshift VPN, but this books is the first I've seen with a really good description of doing so. Similarly, I found some neat MySQL hardening tips in the book. Overall, there is a lot in the book for most people who are somehow involved in computer security, particularly if they're also running UNIX or Linux.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company, author of Security Warrior (and contributor to Know Your Enemy II), and maintainer of security portal info-secure.org You can purchase Network Security Hacks from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

34 of 107 comments (clear)

  1. Happy Day! by Anonymous Coward · · Score: 5, Funny

    I've been beating myself over the head trying to find a gift for my Script Kiddie nephew! Thank you Andrew Lockhart!

    1. Re:Happy Day! by brxndxn · · Score: 2, Funny

      Looks like your funny comment was moderated by a script kiddie who took it seriously...

      --
      --- We need more Ron Paul!
  2. Hmmm by Neil+Blender · · Score: 5, Funny

    "Network security hacks" - sounds like some setups I know of.

    1. Re:Hmmm by stor · · Score: 2, Funny

      "Network security hacks" - sounds like some setups I know of.

      Heh, sounds like some techs I know.

      Cheers
      Stor

      --
      "Yeah well there's a lot of stuff that should be, but isn't"
  3. Good book by xOleanderx · · Score: 5, Interesting

    Its a very good reference book. If anyones looking for a good beginners book thats similar tho this one then check out Steal This Computer Book 3: What They Won't Tell You About the Internet

    1. Re:Good book by nacturation · · Score: 4, Funny

      If anyones looking for a good beginners book thats similar tho this one then check out Steal This Computer Book 3: What They Won't Tell You About the Internet

      A note to other geeks out there: I had to learn the hard way that, yes officer, you are expected to purchase this book before leaving the store.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  4. Beginner's book by Zorilla · · Score: 4, Interesting

    From what I read in the review, it looks more like a beginner's guide to network security. It could prove to be quite useful for someone fairly new to it. In the Air Force, quite a few people who deal with IT are pretty new to this stuff (a lot of people are straight out of high school), and even though most stuff we deal with is Windows-centric, we still need to know Unix for things such as firewalls. Looks like the book could be handy for both.

    --

    It would be cool if it didn't suck.
    1. Re:Beginner's book by 0racle · · Score: 4, Interesting

      In the Air Force, quite a few people who deal with IT are pretty new to this stuff.
      Anyone else more then a little bothered by this statement?

      --
      "I use a Mac because I'm just better than you are."
    2. Re:Beginner's book by 0racle · · Score: 2

      Well Military sites have got to be high on the list of sites for random break in attempts, and while I would hope sensitive materials would be under very good lock and key, sometimes they make you wonder. Personally, I would have thought that the people covering their security would be more then a little familiar with what they were doing.

      Though it a nice little insult to everyone trying, they don't care so much that someone who has never done security before can handle all those pansy ass hackers.

      --
      "I use a Mac because I'm just better than you are."
    3. Re:Beginner's book by lylonius · · Score: 4, Interesting

      I have an O'Reilly Safari account and checked out several recent "security" titles:
      - Network Security Hacks
      - Network Security Assessment
      - Security Warrior

      and I have to say that all of them have weak content.

      I don't proclaim to be an expert by any means, but security cannot be administered in such small nuggets of mostly outdated tricks/hacks.

      Example: Hack 40: Block OS Fingerprinting. It briefly mentions nmap's -O option and then immediately demonstrates a fairly complex pf filter on OpenBSD. Does the author explain _any_ of the valid and invalid TCP flags that nmap uses? no. Does the author explain any adverse affects of silently dropping _all_ traffic that is satisfied by this complex ruleset? no. Does the author ever mention passive OS fingerprinting? Does it even mention the simplest/non-intrusive methods used to fool active OS fingerprinters like changing the IP default TTL or manipulating the TCP initial sequence number generation parameters? How do we port these rulesets to ipfw? netfilter? PIX conduits? In short, for this rule to be the slightest bit useful, we must assume that it works perfectly (does not drop a single legitimate frame/packet/segment) and simply cut-and-paste this solution in to our bastion host and hope it works.

      In that sense, you might as well be dealing with the Windows-centric mindset of cut-and-paste and hope it works.

  5. Google by Roland+Piquepaille · · Score: 5, Insightful

    Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place.

    Well duh...

    Google knows everything, therefore includes any book, just like sea water contains sugar (and almost any known chemical compound) but it's so diluted it would make a lousy sweetener. Therefore, books are good, whether or not Google contains the information in the book.

    1. Re:Google by Neil+Blender · · Score: 5, Insightful

      Google knows everything huh? How about all of the Potential pages built dynamically as the rusult of DB queries?

      Google groups knows damn near everything. I have been using it since it was Deja News and I have to say, I have learned more from it than the next top ten resources at my disposal combined. Type in the most specific keywords and 'Re' (this gives you reponses to questions) and you will get answers fast. Google groups is god.

    2. Re:Google by Anonymous Coward · · Score: 2, Funny

      Google knows everything, therefore includes any book, just like sea water contains sugar (and almost any known chemical compound) but it's so diluted it would make a lousy sweetener. Therefore, books are good, whether or not Google contains the information in the book.

      Can you write this u into a "technology trends" article and submit it to slashdot?

    3. Re:Google by BigDave81 · · Score: 5, Funny

      Yes, but does google know what i'm thinking right now??

    4. Re:Google by Anonymous Coward · · Score: 5, Funny

      Yes, but does google know what i'm thinking right now??

      yes

    5. Re:Google by Nasarius · · Score: 5, Funny
      Google groups is god.

      Agreed. It's a wonderful supplement to MSDN when Microsoft neglects to tell you how to actually use their own APIs.

      --
      LOAD "SIG",8,1
    6. Re:Google by Ryosen · · Score: 2, Insightful

      No doubt he put that comment there to head off the obvious, non-essential and (frankly) lame comments from others who post "big deal, I can find this info on google." Which is fine. But I can find it all in this $16 book much quicker...and it's indexed.

      --

      Ryosen
      One man's "Troll, +1" is another man's "Insightful, +1".
    7. Re:Google by sapgau · · Score: 3, Insightful

      Its a catch 22. Google knows everything as long as you ask with the right keywords (i.e jdbc, rmi, DCOM, etc.) If you have no idea what acronyms to include in your query then you are stuck. A good place to get a starting point on the acronyms is reading them from a book!!! :o)

    8. Re:Google by WuphonsReach · · Score: 2, Insightful

      Its a catch 22. Google knows everything as long as you ask with the right keywords (i.e jdbc, rmi, DCOM, etc.) If you have no idea what acronyms to include in your query then you are stuck. A good place to get a starting point on the acronyms is reading them from a book!!!

      Or subscribe to a good technical rag, or skim the newsgroups or mail lists regularly.

      As they like to say, "Knowing is half the battle"... yeah, simply knowing that something exists and what it might be called. I may not know anything about SYN floods today, other then they exist and are generally used as an attack mechanism. But that's plenty enough information to enable me to go read up on them in a few hours for when I really need that knowledge.

      I can't know everything, but I make sure I know where to find out.

      --
      Wolde you bothe eate your cake, and have your cake?
  6. "Ah, that's how it is done!" by blue_adept · · Score: 5, Funny

    why can't I shake the image of Wyle. E. Coyote reading his Acme book of Hacking just before trying something he's about to reget...

    --

    "Is this just useless, or is it expensive as well?"
  7. You could just google the table of contents by Fiz+Ocelot · · Score: 3, Interesting

    You could probably just look at the table of contents of this book and do a search on each section/topic. Actually I might try just that, might turn up some interesting stuff.

  8. sorry ...but im not impressed by brunokummel · · Score: 3, Insightful

    with a title like Network Security Hacks I would expect much more than teaching me how to install a program on my computer or how to use SSH to tunnel a connection like the reviewer has said.
    Sorry if im being mean but you can learn just as much by reading the manpages or by using google after the how-tos.
    If you really want to learn something useful about networks I suggest the good old Richard Stevens

    --
    What is best in life? To crush your enemies, to see them driven before you and to hear the lamentations of their women.
  9. O'Reilly discount by MrWa · · Score: 4, Informative
    There is currently a $20 mail in rebate for this book at Fry's (and elsewhere?). On the 4th, this book and "Windows XP Hacks" were reduced to $20, so you only had to pay sales tax.

    This deal ends today (7/8) so hurry out:
    Hackers and Painters
    Network Security Hacks
    Windows XP Hacks
    Hardware Hacking
    Ipod and Itunes: The missing manual
    Hardware Hacking projects for geeks
    Adobe photoshop CS one on one
    Mac OS X Panther: the missing manual

  10. Call me weird... by bladesjester · · Score: 2, Informative

    Personally, the TCP/IP author i perfer is Comer, but then that's what i cut my teeth on. Also doesn't hurt that Comer was the advisor of my favorite CS prof in my undergrad career. (because he not only knew what he was talking about, but he could also teach and made things interesting. Not an easy person to have classes with but fair and fascinating)

    --
    Everything I need to know I learned by killing smart people and eating their brains.
  11. best, cheapest way to test network security by spacerodent · · Score: 4, Funny

    The fastest, best, AND cheapest way to test network security is to load up an irc client on it and go to a linux channel. Then simply talk about how your "windows" system is unhackble.

  12. First tip: Secure mountpoints by mcgroarty · · Score: 4, Informative
    The first tip covered is securing mountpoints. Did you know you can mount some volums so that suid bits don't work on them, or so you can't even execute files on them?

    This is a biggie. You can prevent users from creating code in /home if you want, and you can keep runnable stuff out of /tmp or /var.

    Debian does a really great job of keeping those paths pure so that packages don't rely on them having runnable things. This means great strides in security if you mount with those options, save one terrible exception: dselect wants to run scripts in tmp :(

    1. Re:First tip: Secure mountpoints by Anonymous Coward · · Score: 3, Informative

      Yes, in fact openbsd mounts various partitions noexec, nosuid, etc by default.

    2. Re:First tip: Secure mountpoints by PacoTaco · · Score: 5, Informative
      You can prevent users from creating code in /home if you want

      Not quite. You can still run stuff as an argument, like:

      perl /home/pacotaco/something.pl

  13. Why is military IT not as good as it could be? by attemptedgoalie · · Score: 4, Insightful

    Wonder why the Air Force and other military branches don't have superior IT staff?

    When their time to re-enlist comes up, they can take that knowledge (and security clearance) and go get paid 5-10 times what the service pays them to work for a contactor to the NSA, FBI, CIA, or the big defense contractors.

    Why would you stay?

    Wonder why there are so many guys not re-enlisting? Is it that they don't want to serve or go back to Iraq? Nope. They see the private security guys there making 10-20 times what they make for the same job...

    I see a trend here.

    --
    My mom says I'm cool.
    1. Re:Why is military IT not as good as it could be? by OhHellWithIt · · Score: 2, Insightful

      The financial incentive was there before 9/11. Several years ago, a college friend who has a B.S. in mechanical engineering let slip the amount of her naval officer's pay. It was about 2/3 what I was getting in private industry with a liberal arts degree. Knowing her personality, she wasn't in it for the money, but out of dedication to the U.S.

      It really bugs me that our military personnel get the short end of the stick, financially, when they face risks most of us do not. (After all, did YOUR boss decide to invade Iraq?) I've heard that U.S. soldiers returning from Iraq on leave are responsible for paying their own transportation from wherever the military drops them when they hit the ground. IMHO, they deserve a first class ticket from there back to their families.

      --
      "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
  14. Haven't finished it yet... by atomic-penguin · · Score: 4, Interesting

    I was lucky enough to get a review copy from O'reilly. One of the first things I tried was faking your OS signature for port scans. It was interesting to try it out, but I had to downgrade my Linux Kernel to 2.4.18 *gasp*. So after a recompile, and configuring iptables for IP Personalities, nmap detected "Sega DreamCast Console" on aforementioned machine. There are other signatures, I just wanted to try out the most amusing one. The problem is the patch is deprecated, buggy, not being developed, and the sparse documentation mentions it can make your TCP sequences less secure. Hey, it was amusing to try it, but too much hassle, and maybe it is not the most secure solution. Don't know what this one was doing in a security book, considering it could cause your system to be less secure. Nmap detects the faked signature about 90% of the time, depends on how the network is routed and such.

    Most of the Windows hacks are a matter of downloading 3rd party software, however there was one registry hack to turn off Default SMB shares (C$ and ADMIN$), this was the only Win Hack.

    I have enjoyed reading so far, and will get around to finishing it...eventually. Much like the other hack books there are hacks in here for beginners, intermediates, and wizards.

    --
    /^([Ss]ame [Bb]at (time, |channel.)){2}$/
  15. BOFH hack -- restricted shell by atomic-penguin · · Score: 5, Interesting

    bash-2.05b$ bash -r

    bash: SHELL: readonly variable

    bash: PATH: readonly variable

    bash-2.05b$ ls

    bash: ls: No such file or directory

    bash-2.05b$

    Now users cannot run anything that is not symlinked to their home directory.

    --
    /^([Ss]ame [Bb]at (time, |channel.)){2}$/
    1. Re:BOFH hack -- restricted shell by Col.+Panic · · Score: 2, Funny

      you've never supported end users, have you?

  16. snort setup by AmishSlayer · · Score: 5, Interesting

    I've just finished a setup with snort, apf, logsurfer and a custom program to create a live repsone firewall.

    snort will detect the offensive network traffic and put it into the alert log file. Logsurfer will then trigger and email me with a notice, it will run a program I wrote to blacklist the attacking IP (my program checks to make sure the IP is not already banned and makes sure the IP is not my own so I do not get locked out). Finally, my program updates the firewall to block the bastard.

    The only hole I see in this setup is a DoS by attacking with different spoofed "from IPs" until the firewall rules are too big, or too many legit servers are banned.