Hack Proofing Your Network 2nd Ed.

The Only Way to Stop a Hacker is to Think Like One

David M. Ahmad, Ido Dubrawsky, Hal Flynn, Joseph Grand, Robert Graham, Norris Johnson, Jr., K2, Dan "Effugas" Kaminsky, F. William Lynch, Steve W. Manzuik, Ryan Permeh, Ken Pfeil, Rain Forest Puppy, Ryan Russell

Publisher: Syngress, 2002, 789 pages

ISBN: 1-928994-70-9

Keywords: IT Security, Networks

Last modified: April 25, 2021, 2:44 a.m.

Synopsis

The Complete Guide to Protecting Your Network

Called "a bold, unsparing tour of information that never swerves from the practical", this updated and considerable expanded bestseller will quickly achieve top shelf placement on your information security bookshelf. Hack Proofing Your Network, Second Edition shows you that the only way to stop a hacker is to think like one.

  1. Know the Laws of Security
    Review the author's guidelines for discovering security problems when reviewing or designing a system.
  2. Learn the Seven Categories of Attack
    See how denial of service, information leakage, regular file access, misinformation, special file/database access, remote arbitrary code execution, and elevation of privileges can hurt you!
  3. Prevent Diffing
    See how comparison of a program, library, or file before and after some action can affect your network data.
  4. Learn about Standard Cryptographic Algorithms
    See how secure your encrypted files and passwords really are.
  5. Understand Format String Vulnerabilities
    Learn about one of the newest additions to the hacker's bag of tricks.
  6. Learn about Session Hijacking Types
    Review TCP session hijacking, ARP attacks, route table modification, UDP hijacking, and man-in-the-middle attacks.
  7. Understand the Strategic Constraints of Tunnel Design
    Create tunnels that are end-to-end secure and learn how to use authentication in OpenSSH.
  8. Hack Proof Your Hardware
    Design products with tamper mechanisms: resistance, evidence, detection, and response.
  9. Download a Free Sniffer from the Book's Web Site
    Access the Hack Proofing Web site for complete source code and Carnivore Source Code.
  10. Register for your 1-year upgrade
    The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!

Table of Contents

  1. How To Hack
    • Introduction
    • What We Mean by “Hack”
      • Why Hack?
    • Knowing What To Expect in the Rest of This Book
    • Understanding the Current Legal Climate
    • Summary
    • Frequently Asked Questions
  2. The Laws of Security
    • Introduction
    • Knowing the Laws of Security
    • Client-Side Security Doesn’t Work
    • You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
    • Malicious Code Cannot Be 100 Percent Protected against
    • Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
    • Firewalls Cannot Protect You 100 Percent from Attack
      • Social Engineering
      • Attacking Exposed Servers
      • Attacking the Firewall Directly
      • Client-Side Holes
    • Any IDS Can Be Evaded
    • Secret Cryptographic Algorithms Are Not Secure
    • If a Key Is Not Required,You Do Not Have Encryption — You Have Encoding
    • Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
    • In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
    • Security through Obscurity Does Not Work
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  3. Classes of Attack
    • Introduction
    • Identifying and Understanding the Classes of Attack
      • Denial of Service
        • Local Vector Denial of Service
        • Network Vector of Denial of Service
      • Information Leakage
        • Service Information Leakage
        • Protocol Information Leakage
        • Leaky by Design
        • Leaky Web Servers
        • A Hypothetical Scenario
        • Why Be Concerned with Information Leakage?
      • Regular File Access
        • Permissions
        • Symbolic Link Attacks
      • Misinformation
        • Standard Intrusion Procedure
      • Special File/Database Access
        • Attacks against Special Files
        • Attacks against Databases
      • Remote Arbitrary Code Execution
        • The Attack
        • Code Execution Limitations
      • Elevation of Privileges
        • Remote Privilege Elevation
    • Identifying Methods of Testing for Vulnerabilities
      • Proof of Concept
        • Exploit Code
        • Automated Security Tools
        • Versioning
      • Standard Research Techniques
        • Whois
        • Domain Name System
        • Nmap
        • Web Indexing
      • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  4. Methodology
    • Disassemblers, Decompilers, and Debuggers
    • Introduction
    • Understanding Vulnerability Research Methodologies
      • Source Code Research
        • Searching For Error-Prone Functions
        • Line-by-Line Review
      • Binary Research
        • Tracing Binaries
        • Debuggers
        • Guidelines-Based Auditing
        • Sniffers
    • The Importance of Source Code Reviews
      • Searching Error-Prone Functions
        • Buffer Overflows
        • Input Validation Bugs
        • Race Conditions
    • Reverse Engineering Techniques
      • Disassemblers, Decompilers, and Debuggers
    • Black Box Testing
      • Chips
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  5. Diffing
    • Introduction
    • What Is Diffing?
      • Why Diff?
      • Looking to the Source Code
        • Going for the Gold: A Gaming Example
    • Exploring Diff Tools
      • Using File-Comparison Tools
        • Using the fc tools
        • Using the diff command
      • Working with Hex Editors
        • Hackman
        • [N] Curses Hexedit
        • Hex Workshop
      • Utilizing File System Monitoring Tools
        • Doing it the Hard Way: Manual Comparison
        • Comparing File Attributes
        • Examining Checksums and Hashes
      • Finding Other Tools
    • Troubleshooting
      • Problems with Checksums and Hashes
      • Problems with Compression and Encryption
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  6. Cryptography
    • Introduction
    • Understanding Cryptography Concepts
      • History
      • Encryption Key Types
    • Learning about Standard Cryptographic Algorithms
      • Understanding Symmetric Algorithms
        • DES
        • AES (Rijndael)
        • IDEA
      • Understanding Asymmetric Algorithms
        • Diffie-Hellman
        • RSA
      • Understanding Brute Force
        • Brute Force Basics
        • Using Brute Force to Obtain Passwords
          • L0phtcrack
          • Crack
          • John the Ripper
      • Knowing When Real Algorithms Are Being Used Improperly
        • Bad Key Exchanges
        • Hashing Pieces Separately
        • Using a Short Password to Generate a Long Key
        • Improperly Stored Private or Secret Keys
      • Understanding Amateur Cryptography Attempts
        • Classifying the Ciphertext
          • Frequency Analysis
          • Ciphertext Relative Length Analysis
          • Similaar Plaintext Analysis
        • Monoalphabetic Ciphers
        • Other Ways to Hide Information
          • XOR
          • UUEncode
          • Base64
          • Compression
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  7. Unexpected Input
    • Introduction
    • Understanding Why Unexpected Data Is Dangerous
    • Finding Situations Involving Unexpected Data
      • Local Applications and Utilities
      • HTTP/HTML
      • Unexpected Data in SQL Queries
      • Application Authentication
      • Disguising the Obvious
    • Using Techniques to Find and Eliminate Vulnerabilities
      • Black-Box Testing
        • Discovering Network and System Problems
      • Use the Source
      • Untaint Data by Filtering It
      • Escaping Characters Is Not Always Enough
      • Perl
      • Cold Fusion/Cold Fusion Markup Language (CFML)
      • ASP
      • PHP
      • Protecting Your SQL Queries
      • Silently Removing versus Alerting on Bad Data
      • Invalid Input Function
      • Token Substitution
    • Utilizing the Available Safety Features in Your Programming Language
      • Perl
      • PHP
      • ColdFusion/ColdFusion Markup Language
      • ASP
      • MySQL
    • Using Tools to Handle Unexpected Data
      • Web Sleuth
      • CGIAudit
      • RATS
      • Flawfinder
      • Retina
      • Hailstorm
      • Pudding
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  8. Buffer Overflow
    • Introduction
    • Understanding the Stack
        • The Code
        • Disassembly
      • The Stack Dump
      • Oddities and the Stack
    • Understanding the Stack Frame
      • Introduction to the Stack Frame
      • Passing Arguments to a Function: A Sample Program
        • The Disassembly
        • The Stack Dumps
      • Stack Frames and Calling Syntaxes
    • Learning about Buffer Overflows
      • A Simple Uncontrolled Overflow: A Sample Program
        • The Disassembly
        • The Stack Dumps
    • Creating Your First Overflow
      • Creating a Program with an Exploitable Overflow
        • Writing the Overflowable Code
        • Disassembling the Overflowable Code
        • Stack Dump after the Overflow
      • Performing the Exploit
        • General Exploit Concepts
        • Buffer Injection Techniques
        • Methods to Execute Payload
        • Designing Payload
        • Performing the Exploit on Linux
        • Performing the Exploit on Windows NT
    • Learning Advanced Overflow Techniques
      • Input Filtering
      • Incomplete Overflows and Data Corruption
    • Stack Based Function Pointer Overwrite
    • Heap Overflows
      • Corrupting a Function Pointer
      • Trespassing the Heap
    • Advanced Payload Design
      • Using What You Already Have
        • Dynamic Loading New Libraries
        • Eggshell Payloads
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  9. Format Strings
    • Introduction
    • Understanding Format String Vulnerabilities
      • Why and Where Do Format String Vulnerabilities Exist?
      • How Can They Be Fixed?
      • How Format String Vulnerabilities Are Exploited
        • Denial of Service
        • Reading Memory
        • Writing to Memory
      • How Format String Exploits Work
        • Constructing Values
      • What to Overwrite
        • Overwriting Return Addresses
        • Overwriting Global Offset Table Entries and Other Function Pointers
    • Examining a Vulnerable Program
    • Testing with a Random Format String
    • Writing a Format String Exploit
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  10. Sniffing
    • Introduction
    • What Is Sniffing?
      • How Does It Work?
    • What to Sniff?
      • Obtaining Authentication Information
        • Monitoring Telnet (Port 23)
        • Monitoring FTP (Port 21)
        • Monitoring POP (Port 110)
        • Monitoring IMAP (Port 143)
        • Monitoring NNTP (Port 119)
        • Monitoring rexec (Port 512)
        • Monitoring rlogin (Port 513)
        • Monitoring X11 (Port 6000+)
        • Monitoring NFS File Handles
        • Capturing Windows NT Authentication Information
      • Capturing Other Network Traffic
        • Monitoring SMTP (Port 25)
        • Monitoring HTTP (Port 80)
    • Popular Sniffing Software
      • Ethereal
      • Network Associates Sniffer Pro
      • NT Network Monitor
      • WildPackets
      • TCPDump
      • dsniff
      • Ettercap
      • Esniff.c
      • Sniffit
      • Carnivore
      • Additional Resources
    • Advanced Sniffing Techniques
      • Man-in-the-Middle (MITM) Attacks
      • Cracking
      • Switch Tricks
        • ARP Spoofing
        • MAC Flooding
      • Routing Games
    • Exploring Operating System APIs
      • Linux
      • BSD
      • libpcap
      • Windows
    • Taking Protective Measures
      • Providing Encryption
        • Secure Shell (SSH)
      • Secure Sockets Layers (SSL)
      • PGP and S/MIME
      • Switching
    • Employing Detection Techniques
      • Local Detection
      • Network Detection
        • DNS Lookups
        • Latency
        • Driver Bugs
        • AntiSniff
        • Network Monitor
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  11. Session Hijacking
    • Introduction
    • Understanding Session Hijacking
      • TCP Session Hijacking
      • TCP Session Hijacking with Packet Blocking
        • Route Table Modification
        • ARP Attacks
      • UDP Hijacking
    • Examining the Available Tools
      • Juggernaut
      • Hunt
      • Ettercap
      • SMBRelay
      • Storm Watchers
        • ACK Storms
    • Playing MITM for Encrypted Communications
      • Man-in-the-Middle Attacks
      • Dsniff
      • Other Hijacking
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  12. Spoofing: Attacks on Trusted Identity
    • Introduction
    • What It Means to Spoof
      • Spoofing Is Identity Forgery
      • Spoofing Is an Active Attack against Identity Checking Procedures
      • Spoofing Is Possible at All Layers of Communication
      • Spoofing Is Always Intentional
        • Spoofing May Be Blind or Informed, but Usually Involves Only Partial Credentials
      • Spoofing Is Not the Same Thing as Betrayal
      • Spoofing Is Not Necessarily Malicious
      • Spoofing Is Nothing New
    • Background Theory
      • The Importance of Identity
    • The Evolution of Trust
      • Asymmetric Signatures between Human Beings
    • Establishing Identity within Computer Networks
      • Return to Sender
      • In the Beginning,There Was… a Transmission
    • Capability Challenges
        • Ability to Transmit: "Can It Talk to Me?"
        • Ability to Respond: "Can It Respond to Me?"
        • Ability to Encode: "Can It Speak My Language?"
        • Ability to Prove a Shared Secret: "Does It Share a Secret With Me?"
        • Ability to Prove a Private Keypair: "Can I Recognize Your Voice?"
        • Ability to Prove an Identity Keypair: "Is Its Identity Independently Represented in My Keypair?"
      • Configuration Methodologies: Building a Trusted Capability Index
        • Local Configurations vs. Central Configurations
    • Desktop Spoofs
      • The Plague of Auto-Updating Applications
    • Impacts of Spoofs
      • Subtle Spoofs and Economic Sabotage
        • Flattery Will get You Nowhere
        • Subtlety Will Get You Everywhere
        • Selective Failure for Selecting Recovery
        • Bait and Switch: Spoofing the Presence of SSL Itself
    • Down and Dirty: Engineering Spoofing Systems
      • Spitting into the Wind: Building a Skeleton Router in Userspace
        • Designing the Nonexistent: The Network card That Didn't Exist but Responded Anyway
        • Implementation: DoxRoute: Section by Section
      • Bring Out the Halon: Spoofing Connectivity Through Asymmetric Firewalls
        • Symmetric Outgoing TCP
        • A Highly Experimental Framework for Handshake-Only TCP Connection Brokering
    • Summary
    • Solution Fast Track
    • Frequently Asked Questions
  13. Tunneling
    • Introduction
    • Strategic Constraints of Tunnel Design
      • Privacy: “Where Is My Traffic Going?”
      • Routability: “Where Can This Go Through?”
      • Deployability: “How Painful Is This to Get Up and Running?”
      • Flexibility: “What Can We Use This for,Anyway?”
      • Quality: “How Painful Will This System Be to Maintain?”
    • Designing End-to-End Tunneling Systems
      • Drilling Tunnels Using SSH
        • Security Analysis: OpenSSH 3.02
    • Open Sesame: Authentication
      • Basic Access: Authentication by Password
      • Transparent Access: Authentication by Private Key
        • Server to Client Authentication
        • Client to Server Authentication
    • Command Forwarding: Direct Execution for Scripts and Pipes
    • Port Forwarding: Accessing Resources on Remote Networks
      • Local Port Forwards
      • Dynamic Port Forwards
        • Internet Explorer 6: Making the Web Safe for Work
        • Speak Freely: Instant Messaging over SSH
        • That's a Wrap: Encapsulating Arbitrary Win32 Apps within the Dynamic Forwarder
        • Summoning Virgil: Using Dante's Socksify to Wrap UNIX Applications
      • Remote Port Forwards
    • When in Rome:Traversing the Recalcitrant Network
      • Crossing the Bridge: Accessing Proxies through ProxyCommands
      • No Habla HTTP? Permuting thy Traffic
      • Show Your Badge: Restricted Bastion Authentication
      • Bringing the Mountain: Exporting SSHD Access
      • Echoes in a Foreign Tongue: Cross-Connecting Mutually Firewalled Hosts
    • Not In Denver, Not Dead: Now What?
      • Standard File Transfer over SSH
      • Incremental File Transfer over SSH
      • CD Burning over SSH
      • Acoustic Tubing: Audio Distribution over TCP and SSH
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  14. Hardware Hacking
    • Introduction
    • Understanding Hardware Hacking
    • Opening the Device: Housing and Mechanical Attacks
      • Types of Tamper Mechanisms
        • Tamper Resistance
        • Tamper Evidence
        • Tamper Detection
        • Tamper Response
      • External Interfaces
      • Protocol Analysis
      • Electromagnetic Interference and Electrostatic Discharge
    • Analyzing the Product Internals: Electrical Circuit Attacks
      • Reverse-engineering the Device
      • Basic Techniques: Common Attacks
        • Device Packaging
        • Memory Retrieval
        • Timing Attacks
      • Advanced Techniques: Epoxy Removal and IC Delidding
        • Silicon Die Analysis
      • Cryptanalysis and Obfuscation Methods
    • What Tools Do I Need?
      • Starter Kit
      • Advanced Kit
    • Example: Hacking the iButton Authentication Token
      • Experimenting with the Device
      • Reverse-engineering the “Random” Response
    • Example: Hacking the NetStructure 7110 E-commerce Accelerator
      • Opening the Device
      • Retrieving the Filesystem
      • Reverse-engineering the Password Generator
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  15. Viruses, Trojan Horses, and Worms
    • Introduction
    • How Do Viruses,Trojans Horses, and Worms Differ?
      • Viruses
      • Worms
      • Macro Virus
      • Trojan Horses
      • Hoaxes
    • Anatomy of a Virus
      • Propagation
      • Payload
      • Other Tricks of the Trade
    • Dealing with Cross-platform Issues
      • Java
      • Macro Viruses
      • Recompilation
      • Shockwave Flash
    • Proof that We Need to Worry
      • The Morris Worm
      • ADMw0rm
      • Melissa and I Love You
      • Sadmind Worm
      • Code Red Worms
      • Nimda Worm
    • Creating Your Own Malware
      • New Delivery Methods
      • Faster Propagation Methods
      • Other Thoughts on Creating New Malware
    • How to Secure Against Malicious Software
      • Anti-Virus Software
      • Updates and Patches
      • Web Browser Security
      • Anti-Virus Research
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  16. IDS Evasion
    • Introduction
    • Understanding How Signature-Based IDSs Work
      • Judging False Positives and Negatives
      • Alert Flooding
    • Using Packet Level Evasion
      • IP Options
      • IP Fragmentation
      • TCP Header
      • TCP Synchronization
        • TCB Creation
        • Stream Reassembly
        • TCB Teardown
      • Using Fragrouter and Congestant
      • Countermeasures
    • Using Application Protocol Level Evasion
      • Security as an Afterthought
      • Evading a Match
        • Alternate data Encodings
      • Web Attack Techniques
        • Method Matching
        • Directory and File Referencing
      • Countermeasures
    • Using Code Morphing Evasion
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  17. Automated Security Review and Attack Tools
    • Introduction
    • Learning about Automated Tools
      • Exploring the Commercial Tools
        • CyberCop Scanner
        • Internet Security Systems (ISS) Internet Scanner
        • BlindView's BV-Control for Internet Security
        • eEye Retina
        • Other products
      • Exploring the Free Tools
        • Nessus
        • Security Administrators Integrated Network Tool (SAINT)
        • Security Administrators Research Assistant (SARA)
        • ShadowScan
        • Nmap and NmapNT
        • Whisker
        • VLAD the Scanner
        • Other Resources
    • Using Automated Tools for Penetration Testing
      • Testing with the Commercial Tools
      • Testing the Free Tools
    • Knowing When Tools Are Not Enough
      • The New Face of Vulnerability Testing
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  18. Reporting Security Problems
    • Introduction
    • Understanding Why Security Problems Need to Be Reported
      • Full Disclosure
    • Determining When and to Whom to Report the Problem
      • Whom to Report Security Problems to?
        • How to Report a Security Problem to a Vendor
    • Deciding How Much Detail to Publish
      • Publishing Exploit Code
      • Problems
        • Repercussions from Vendors
        • Reporting Errors
        • Risk to the Public
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions

    Reviews

    Hack Proofing Your Network

    Reviewed by Roland Buresund

    Disappointing *** (3 out of 10)

    Last modified: May 21, 2007, 3:06 a.m.

    Opinion

    This must be one of the most irresponsible books ever written in the pretext of IT security! A number of black hats gets to show how their handicraft works, while making a buck and inspiring others. Any serious countermeasures are not really mentioned. If you're hacked by any of the techniques shown in this book, sue the technical editor, as he should know better.

    Comments

    There are currently no comments

    New Comment

    required

    required (not published)

    optional

    required

    captcha

    required