search for books and compare prices
Tables of Contents for Hack Proofing Your Network
Chapter/Section Title
Page #
Page Count
Foreword
xxiii
Introduction
xxvii
Part I: Theory and Ideals
Politics
1
30
Introduction
2
1
Definitions of the Word Hacker
2
7
Hacker
2
1
Cracker
3
2
Script Kiddie
5
1
Phreak
6
1
White Hat/Black Hat
6
1
Grey Hat
7
1
Hacktivism
8
1
The Role of the Hacker
9
6
Criminal
9
1
Magician
10
1
Security Professional
11
1
Consumer Advocate
12
1
Civil Rights Activist
13
1
Cyber Warrior
14
1
Motivation
15
4
Recognition
15
1
Admiration
16
1
Curiosity
16
1
Power & Gain
17
1
Revenge
17
2
Legal/Moral Issues
19
5
What's Illegal
19
2
Reasonably Safe
21
1
What's Right?
22
1
Exceptions?
23
1
The Hacker Code
23
1
Why This Book?
24
3
Public vs. Private Research
25
1
Who Is Affected when a Exploit Is Released?
26
1
Summary
27
1
FAQs
28
3
Laws of Security
31
36
Introduction
32
1
What Are the Laws of Security?
32
1
Client-side Security Doesn't Work
33
4
Applying the Law
34
3
Exceptions
37
1
Defense
37
1
You Can't Exchange Encryption Keys without a Shared Piece of Information
37
4
Applying the Law
38
2
Exceptions
40
1
Defense
41
1
Viruses and Trojans Cannot Be 100 Percent Protected Against
41
3
Applying the Law
42
1
Exceptions
43
1
Defense
44
1
Firewalls Cannot Protect You 100 Percent from Attack
44
5
Applying the Law
45
1
Social Engineering
46
1
Attacking Exposed Servers
46
1
Attacking the Firewall Directly
47
1
Client-side Holes
48
1
Exceptions
48
1
Defense
49
1
Secret Cryptographic Algorithms Are Not Secure
49
2
Applying the Law
50
1
Exceptions
51
1
Defense
51
1
If a Key Isn't Required, You Don't Have Encryption: You Have Encoding
51
2
Applying the Law
52
1
Exceptions
53
1
Defense
53
1
Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
53
4
Applying the Law
55
1
Exceptions
56
1
Defense
57
1
In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
57
1
Applying the Law
57
1
Exceptions
58
1
Defense
58
1
Security Through Obscurity Doesn't Work
58
3
Applying the Law
59
1
Exceptions
60
1
Defense
61
1
People Believe That Something Is More Secure Simply Because It's New
61
3
Applying the Law
62
1
Exceptions
63
1
Defense
63
1
What Can Go Wrong Will Go Wrong
64
3
Applying the Law
64
1
Exceptions
64
1
Defense
64
1
Summary
64
1
FAQs
65
2
Classes of Attack
67
34
Introduction
68
1
What Are the Classes of Attack?
68
20
Denial-of-Service
68
11
Information Leakage
79
3
File Creation, Reading, Modification, Removal
82
1
Misinformation
82
1
Special File/Database Access
83
2
Elevation of Privileges
85
3
Problems
88
2
How Do You Test for Vulnerability without Exercising the Exploit?
89
1
How to Secure Against These Classes of Attack
90
7
Denial-of-Service
91
1
Information Leakage
92
2
File Creation, Reading, Modification, Removal
94
1
Misinformation
95
1
Special File/Database Access
95
2
Elevation of Privileges
97
1
Summary
97
1
FAQs
98
3
Methodology
101
20
Introduction
102
1
Types of Problems
102
1
Black Box
102
5
Chips
102
3
Unknown Remote Host
105
1
Information Leakage
105
2
Translucent Box
107
10
Tools
107
1
System Monitoring Tools
108
4
Packet Sniffing
112
1
Debuggers, Decompilers, and Related Tools
113
4
Crystal Box
117
1
Problems
117
1
Cost/Availability of Tools
117
1
Obtaining/Creating a Duplicate Environment
118
1
How to Secure Against These Methodologies
118
1
Limit Information Given Away
119
1
Summary
119
1
Additional Resources
120
1
FAQs
120
1
Part II: Theory and Ideals
Diffing
121
24
Introduction
122
1
What Is Diffing?
122
18
Files
123
3
Tools
126
1
File Comparison Tools
126
2
Hex Editors
128
4
File System Monitoring Tools
132
4
Other Tools
136
4
Problems
140
2
Checksums/Hashes
140
1
Compression/Encryption
141
1
How to Secure Against Diffing
142
1
Summary
142
1
FAQs
143
2
Cryptography
145
32
Introduction
146
1
An Overview of Cryptography and Some of Its Algorithms (Crypto 101)
146
7
History
146
1
Encryption Key Types
147
2
Algorithms
149
1
Symmetric Algorithms
149
2
Asymmetric Algorithms
151
2
Problems with Cryptography
153
10
Secret Storage
154
3
Universal Secret
157
2
Entropy and Cryptography
159
4
Brute Force
163
6
LOphtCrack
164
2
Crack
166
1
John the Ripper
166
1
Other Ways Brute Force Attacks Are Being Used
167
1
Distributed.net
167
2
Deep Crack
169
1
Real Cryptanalysis
169
4
Differential Cryptanalysis
170
2
Side-Channel Attacks
172
1
Summary
173
1
Additional Resources
173
1
FAQs
174
3
Unexpected Input
177
26
Introduction
178
1
Why Unexpected Data Is Dangerous
178
1
Situations Involving Unexpected Data
179
7
HTTP/HTML
179
2
Unexpected Data in SQL Queries
181
4
Disguising the Obvious
185
1
Finding Vulnerabilities
186
8
Black-Boxing
186
3
Use the Source (Luke)
189
1
Application Authentication
190
4
Protection: Filtering Bad Data
194
4
Escaping Characters Is Not Always Enough
194
1
Perl
194
1
Cold Fusion/Cold Fusion Markup Language (CFML)
195
1
ASP
195
1
PHP
196
1
Protecting Your SQL Queries
196
1
Silently Removing vs. Alerting on Bad Data
197
1
Invalid Input Function
198
1
Token Substitution
198
1
Available Safety Features
198
3
Perl
199
1
PHP
200
1
Cold Fusion/Cold Fusion Markup Language
200
1
ASP
200
1
MySQL
201
1
Summary
201
1
FAQs
202
1
Buffer Overflow
203
56
Introduction
204
1
What Is a Buffer Overflow?
204
3
Smashing the Stack
207
15
Hello Buffer
207
3
What Happens When I Overflow a Buffer?
210
6
Methods to Execute Payload
216
1
Direct Jump (Guessing Offsets)
216
1
Blind Return
216
2
Pop Return
218
1
Call Register
219
1
Push Return
220
1
What Is an Offset?
220
1
No Operation (NOP) Sled
221
1
Off-by-One Struct Pointer
221
1
Dereferencing---Smashing the Heap
222
3
Corrupting a Function Pointer
222
1
Trespassing the Heap
223
2
Designing Payload
225
32
Coding the Payload
225
1
Injection Vector
225
1
Location of Payload
226
1
The Payload Construction Kit
226
11
Getting Bearings
237
1
Finding the DATA Section, Using a Canary
237
1
Encoding Data
238
1
XOR Protection
238
1
Using What You Have---Preloaded Functions
238
5
Hashing Loader
243
2
Loading New Libraries and Functions
245
1
WININET.DLL
246
1
Confined Set Decoding
247
1
Nybble-to-Byte Compression
247
1
Building a Backward Bridge
247
1
Building a Command Shell
247
4
``The Shiny Red Button''---Injecting a Device Driver into Kernel Mode
251
2
Worms
253
1
Finding New Buffer Overflow Exploits
253
4
Summary
257
1
FAQs
258
1
Part III: Remote Attacks
Sniffing
259
26
What Is ``Sniffing?''
260
1
How Is Sniffing Useful to an Attacker?
260
1
How Does It Work?
260
1
What to Sniff?
261
6
Authentication Information
261
1
Telnet (Port 23)
261
1
FTP (Port 21)
262
1
POP (Port 110)
262
1
IMAP (Port 143)
262
1
NNTP (Port 119)
263
1
rexec (Port 512)
263
1
rlogin (Port 513)
264
1
X11 (Port 6000+)
264
1
NFS File Handles
264
1
Windows NT Authentication
265
1
Other Network Traffic
266
1
SMTP (Port 25)
266
1
HTTP (Port 80)
266
1
Common Implementations
267
5
Network Associates Sniffer Pro
267
1
NT Network Monitor
268
1
TCPDump
269
1
dsniff
270
1
Esniff.c
271
1
Sniffit
271
1
Advanced Sniffing Techniques
272
2
Switch Tricks
272
1
ARP Spoofing
273
1
ARP Flooding
273
1
Routing Games
273
1
Operating System Interfaces
274
5
Linux
274
3
BSD
277
1
libpcap
277
2
Windows
279
1
Protection
279
2
Encryption
279
1
Secure Shell (SSH)
279
2
Switching
281
1
Detection
281
2
Local Detection
281
1
Network Detection
282
1
DNS Lookups
282
1
Latency
282
1
Driver Bugs
282
1
AntiSniff
283
1
Network Monitor
283
1
Summary
283
1
Additional Resources
283
1
FAQs
284
1
Session Hijacking
285
22
Introduction
286
1
What Is Session Hijacking?
286
16
TCP Session Hijacking
287
3
TCP Session Hijacking with Packet Blocking
290
1
Route Table Modification
290
2
ARP Attacks
292
1
TCP Session Hijacking Tools
293
1
Juggernaut
293
3
Hunt
296
4
UDP Hijacking
300
1
Other Hijacking
301
1
How to Protect Against Session Hijacking
302
1
Encryption
302
1
Storm Watchers
302
1
Summary
303
2
Additional Resources
304
1
FAQs
305
2
Spoofing: Attacks on Trusted Identity
307
32
Introduction
308
5
What It Means to Spoof
308
1
Spoofing Is Identity Forgery
308
1
Spoofing Is an Active Attack against Identity Checking Procedures
308
1
Spoofing Is Possible at All Layers of Communication
309
1
Spoofing Is Always Intentional
309
2
Spoofing May Be Blind or Informed, but Usually Involves Only Partial Credentials
311
1
Spoofing Is Not the Same Thing as Betrayal
312
1
Spoofing Is Not Always Malicious
312
1
Spoofing Is Nothing New
312
1
Background Theory
313
1
The Importance of Identity
313
1
The Evolution of Trust
314
2
Asymmetric Signatures between Human Beings
314
2
Establishing Identity within Computer Networks
316
14
Return to Sender
317
1
In the Beginning, there was...a Transmission
318
2
Capability Challenges
320
1
Ability to Transmit: ``Can It Talk to Me?''
320
1
Ability to Respond: ``Can It Respond to Me?''
321
3
Ability to Encode: ``Can It Speak My Language?''
324
2
Ability to Prove a Shared Secret: ``Does It Share a Secret with Me?''
326
2
Ability to Prove a Private Keypair: ``Can I Recognize Your Voice?''
328
1
Ability to Prove an Identity Keypair: ``Is Its Identity Independently Represented in My Keypair?''
329
1
Configuration Methodologies: Building a Trusted Capability Index
329
1
Local Configurations vs. Central Configurations
329
1
Desktop Spoofs
330
2
The Plague of Auto-Updating Applications
331
1
Impacts of Spoofs
332
3
Subtle Spoofs and Economic Sabotage
332
1
Subtlety Will Get You Everywhere
333
1
Selective Failure for Selecting Recovery
333
2
Attacking SSL through Intermittent Failures
335
1
Summary
335
2
FAQs
337
2
Server Holes
339
20
Introduction
340
2
What Are Server Holes?
340
1
Denial of Service
340
1
Daemon/Service Vulnerabilities
341
1
Program Interaction Vulnerabilities
341
1
Denial of Service
341
1
Compromising the Server
342
15
Goals
344
1
Steps to Reach Our Goal
344
1
Hazards to Keep in Mind
344
2
Planning
346
1
Network/Machine Recon
347
7
Research/Develop
354
2
Execute the Attack
356
1
Cleanup
356
1
Summary
357
1
FAQs
358
1
Client Holes
359
24
Introduction
360
10
Threat Source
360
1
Malicious Server
360
3
Mass vs. Targeted Attack
363
1
Location of Exploit
364
1
Drop Point
365
1
Malicious Peer
366
2
E-Mailed Threat
368
1
Easy Targets
368
2
Session Hijacking and Client Holes
370
1
How to Secure Against Client Holes
370
8
Minimize Use
370
3
Anti-Virus Software
373
1
Limiting Trust
373
2
Client Configuration
375
3
Summary
378
2
FAQs
380
3
Viruses, Trojan Horses, and Worms
383
24
Introduction
384
1
How Do Viruses, Trojans Horses, and Worms Differ?
384
3
Viruses
384
1
Worms
385
1
Macro Virus
385
1
Trojan Horses
386
1
Hoaxes
387
1
Anatomy of a Virus
387
4
Propagation
388
1
Payload
389
1
Other Tricks of the Trade
390
1
Dealing with Cross-Platform Issues
391
1
Java
391
1
Macro Viruses
391
1
Recompilation
392
1
Proof that We Need to Worry
392
6
Morris Worm
392
1
ADMwOrm
392
1
Melissa and I Love You
393
5
Creating Your Own Malware
398
2
New Delivery Methods
398
1
Other Thoughts on Creating New Malware
399
1
How to Secure Against Malicious Software
400
3
Anti-Virus Software
400
2
Web Browser Security
402
1
Anti-Virus Research
403
1
Summary
403
1
FAQs
404
3
Part IV: Reporting
Reporting Security Problems
407
20
Introduction
408
1
Should You Report Security Problems?
408
1
Who to Report Security Problems To?
409
12
Full Disclosure
411
3
Reporting Security Problems to Vendors
414
4
Reporting Security Problems to the Public
418
2
Publishing Exploit Code
420
1
Problems
421
1
Repercussions from Vendors
421
1
Risk to the Public
422
1
How to Secure Against Problem Reporting
422
3
Monitoring Lists
422
1
Vulnerability Databases
422
1
Patches
423
1
Response Procedure
423
2
Summary
425
2
Index
427