Special Ops

Host and Network Security for Microsoft, UNIX, and Oracle

Erik Pace Birkholz

Publisher: Syngress, 2003, 1014 pages

ISBN: 1-931836-69-8

Keywords: IT Security, Networks

Last modified: May 28, 2021, 7:06 p.m.

Synopsis

Special Ops: Internal Network Security Guide is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? This book attacks the problem of the soft, chewy center in internal networks. We use a two-pronged approach — Tactical and Strategic — to give readers a complete guide to internal penetration testing. Content includes the newest vulnerabilities and exploits, assessment methodologies, host review guides, secure baselines and case studies to bring it all together. We have scoured the Internet and assembled some of the best to function as Technical Specialists and Strategic Specialists. This creates a diversified project removing restrictive corporate boundaries. The unique style of this book will allow it to cover an incredibly broad range of topics in unparalleled detail. Chapters within the book will be written using the same concepts behind software development. Chapters will be treated like functions within programming code, allowing the authors to call on each other's data. These functions will supplement the methodology when specific technologies are examined thus reducing the common redundancies found in other security books.

This book is designed to be the "one-stop shop" for security engineers who want all their information in one place. The technical nature of this may be too much for middle management; however technical managers can use the book to help them understand the challenges faced by the engineers who support their businesses.

Table of Contents

  1. Assessing Internal Network Security
    • Introduction
      • Creating Opportunity for Curiosity and Mastery
      • Where Is the Cavalry?
      • DEFCON 1
    • Identifying Threats to Internal Network Security
    • Internal Network Security Assessment Methodology
      • Enumerating Business Operations
      • Asset Inventory
      • Prioritizing and Selecting Scope
      • Assessing Host and Network Vulnerabilities
      • Remediating Vulnerabilities
    • Documenting Findings for Management
    • Implementing Secure “Gold Standard” Baselines
    • Summary, Solutions Fast Track, Frequently Asked Questions
  2. Inventory and Exposure of Corporate Assets
    • Introduction
    • Performing Asset Inventory
      • Basic Asset Inventory Tools and Techniques
    • Wardialing to Discover Corporate Assets
      • Wardialing Tools and Techniques
    • Managing Asset Exposure
      • A Scenario Requiring Host Exposure Assessment
      • Exposure Mitigation Recommendations
    • Summary, Solutions Fast Track, Frequently Asked Questions
  3. Hunting for High Severity Vulnerabilities (HSV)
    • Introduction
      • Internal Network Security Is about Resource Management
    • Characteristics of Vulnerability Assessment Products
      • Standard Features
      • Selecting a Commercial Tool
    • Exploring Commercial Vulnerability Scanning Tools
      • FoundScan Enterprise Vulnerability Management System
      • QualysGuard Intranet Scanner
      • ISS Internet Scanner
      • Typhon II
      • Retina
    • Exploring Freeware Vulnerability Scanning Tools
      • Nessus
      • Fire & Water Toolkit
      • LanGuard Network Security Scanner (LNSS)
      • whisker
      • LHF Tool Suite
      • NBTEnum for Windows Enumeration and Password Testing
      • Sensepost’s Quick Kill Script
      • Using SPIKE to Identify Discover High-Severity Vulnerabilities
      • Other Miscellaneous Resources
    • Case Study:Attacking Windows Domains
      • Target Selection in the Windows Domain
      • The Simple (But Effective) Windows HSV Attack
    • Summary, Solutions Fast Track, Frequently Asked Questions
  4. Attacking and Defending Windows XP Professional
    • Introduction
      • Upgrading to XP Professional versus XP Home
    • Windows XP Features
      • Bundled Applications
      • Security Focused Features
    • Attacking XP Professional
      • Profiling Windows XP Professional
      • The Windows XP Professional Target
      • Exploiting Windows XP Professional
    • Attacking Complementary XP Professional Applications
      • Attacking Terminal Services
      • Attacking MSSQL and Oracle
      • Attacking Internet Information Services
      • Attacking Domain Controllers
      • Attacking DNS Servers
    • Defending XP Professional
      • Verifying NTFS Usage
      • Securing Your Local Security Policy
      • Securing System File and Directory Permissions
      • Restricting Anonymous Connections
      • Disabling Unnecessary Services
      • Creating IP Security Policies on Local Computers
      • Securing User Accounts
      • Installing and Configuring Anti-Virus Software
      • Installing Initial System Patches and Hotfixes
    • Maintaining a Good XP Security Posture
      • Automating Maintenance Patches
      • Managing Your Software Restriction Policy
      • Verify Shared Resources and Connections
      • Anti-Virus
      • Log Storage and Monitoring
    • Summary, Solutions Fast Track, Frequently Asked Questions
  5. Attacking and Defending Windows 2000
    • Introduction
    • Windows 2000 Basics
      • Kernel Protection Mechanisms
      • Disk File System Basics and Recommendations
      • Creating, Using, and Maintaining Users and Groups in Windows 2000
    • Windows 2000 Security Essentials
      • What Is Vulnerable in Windows 2000?
      • Providing Basic Security Levels in Windows 2000
    • Attacking Windows 2000
      • System Identification Methods
      • Authentication Attack Methods
      • Attacks Using Common and Known Vulnerabilities
    • Defending and Hardening Windows 2000
      • Evaluate Your Needs and Current Status
      • Secure Your Equipment and OS
      • Securing Access Control Methods
      • Eliminating Unnecessary Components
      • Using Tools and Methodologies to Analyze Weaknesses and Configuration Changes
      • Tracking and Applying Updates, Service Packs, and Patches
    • Summary, Solutions Fast Track, Frequently Asked Questions
  6. Securing Active Directory
    • Introduction
    • Reviewing Active Directory Basics
      • Logical Organization of Information in Active Directory
      • System Files and Backing Up Active Directory
      • Group Policies and IntelliMirror
      • Modes of Operation
      • Schema
      • Global Catalog
      • LDAP
      • DNS Integration with Active Directory
      • Multi-Master Replication
    • Conducting Attacks on Active Directory
      • Reconnaissance
      • Active Attacks
    • Hardening Active Directory
      • Protecting Data
      • Protecting the Schema
      • Protecting Replication
      • Auditing of Active Directory Access
      • Filtering of Active Directory–Related Traffic
    • Summary, Solutions Fast Track, Frequently Asked Questions
  7. Securing Exchange and Outlook Web Access
    • Introduction
    • Introducing Exchange 2000
      • Windows 2000 Dependencies
      • Exchange 2000 Components
    • Understanding the Basic Security Risks Associated with Exchange 2000
      • Guess My Account and UPN Name!
      • Exchange 2000, Windows 2000, and Active Directory
      • Exchange 2000 Administrative Rights
      • Mailbox Rights
      • Denial of Service and Exchange
      • Types of File Vulnerabilities
      • Vulnerability of Transmitted Data
      • Message Authenticity
      • Event Service and Event Sinks
      • Message Relay via SMTP
    • Preventing Exchange Security Problems
      • The W2K/IIS Platform Must Be Solid
      • Dedicate Servers to Specific Functions
      • Disable Unnecessary Services
      • Tightening Mailbox Security
      • Enabling SSL for Internet or Remote Clients
      • Locking Down an IIS/OWA Server
      • Imposing Limits
      • Protecting Critical Files
      • Network Analysis Risk Reduction
      • Denying Client Access
      • Stopping Viruses
      • Exchange 2000 and Firewalls
      • SMTP Security
    • Auditing for Possible Security Breaches
      • Windows 2000 Event Auditing
      • Exchange 2000 Event Auditing
      • Logging Internet Client Access
      • Securing MAPI Clients
      • Enabling Message Encryption (S/MIME)
    • Following Best Practices
    • Summary, Solutions Fast Track, Frequently Asked Questions
  8. Attacking and Defending DNS
    • Introduction
      • History
    • Reviewing the Mechanics of DNS
      • DNS Records
      • Packet-Level Communication
      • DNS Lookup Process
      • Authoritative Answers
      • Domain and IP Registrars
    • Exploiting DNS
      • Zone Transfers
      • Version Discovery
      • DoS Attacks
      • Cache Poisoning
      • Buffer Overflow
      • Alternative Compromise Techniques
    • Securing DNS
      • Restricting Zone Transfers
      • Restricting Version Spoofing
      • Alleviating DoS Damage
      • Protecting Against Cache Poisoning
      • Preventing Buffer Overflows
      • Using Bogon Filters
    • Securely Installing and Configuring DNS Daemons
      • Berkeley Internet Name Domain (BIND)
      • Microsoft Windows 2000 DNS Service (MSDNS)
      • DJBDNS
    • Summary, Solutions Fast Track, Frequently Asked Questions
  9. Attacking and Defending Microsoft
    • Terminal Services
    • Introduction
      • Crash Course in Terminal Services
      • Terminal Services on Windows 2000
      • Windows XP Remote Desktop
      • Windows Server 2003
      • Terminal Server Clients
      • Using Terminal Server Tools
    • Attacking Terminal Servers
      • Locating Terminal Servers
      • Port Scanning
      • Identifying Hidden Terminal Servers
      • Finding Windows Servers with Access to Other Segments
      • Enumerating Users and Logon Rights
      • Application Server Attacks
    • Defending Terminal Servers
      • Install Current Patches
      • Secure the Operating System
      • Set Strong Windows Passwords
      • Use High Encryption for Sessions in Windows 2000
      • Set Strongest Usable Terminal Server Permissions
      • Use the Principle of Least Privilege
      • Remote Administration Mode Specific Defenses
      • Rename the Administrator
      • Remote Administration Specific Group Policy Settings
      • Disable TSInternetUser and Remove Licensing Service
      • Application Server Mode Specific Defenses
    • Case Study: Attacking Terminal Server
    • Summary, Solutions Fast Track, Frequently Asked Questions
  10. Chapter 10 Securing IIS
    • Introduction
      • Knowing the Enemy
      • Knowing What the Enemy Wants
      • Knowing What the Enemy Doesn’t Want
    • Learning from the Past
      • Script Source Access
      • Information Disclosure
      • Denial of Service
      • Buffer Overflows
      • Directory Traversal
      • Cross-Site Scripting
    • Preparing the Operating System
      • Partitioning Hard Drives
      • Installing the OS
      • Preparing the File System
      • Installing IIS
      • Installing Hotfixes
      • Locking Down COM and Database Access
    • Securing Web Services
      • Running the IIS Lockdown Wizard
      • Securing IIS Global Settings
      • Securing the Default and Administration Web Sites
      • Disabling Internet Printing
      • Disabling or Securing the FrontPage Server Extensions
      • Configuring URLScan
    • Securing Web Sites
      • Building a Directory Structure
      • Setting Master WWW Properties
      • Securing by Content Type
    • Authenticating Users
      • Using Anonymous Authentication
      • Using Basic Authentication
      • Using Digest Authentication
      • Using Integrated Windows Authentication
      • Using Client Certificate Mapping
    • Publishing Web Content
      • Staging and Review
      • Setting File Attributes
      • Building File Checksums
      • Moving Content versus Updating Content
    • Summary, Solutions Fast Track, Frequently Asked Questions
  11. Hacking Custom Web Applications
    • Introduction
    • Using the Source
    • Locating Possible Interactivity
    • Pinpointing Attack Vectors
      • Information Gathering
      • Directory Traversal
      • Command Execution
      • Database Query Injection
      • Cross Site Scripting
      • Parameter Passing
      • State Tracking
    • Executing and Examining
      • Countermeasures and Counter-Countermeasures
    • Using Automation
    • Summary, Solutions Fast Track, Frequently Asked Questions
  12. Attacking and Defending Microsoft SQL Server
    • Introduction
    • The Evolution of SQL Server
      • Overcoming a Sybase Past
      • Understanding SQL Server Editions
    • Understanding SQL Server Security Basics
      • Explaining SQL Server Instances
      • Authentication Types
      • Network Libraries
      • Understanding SQL Security Principles
    • Attacking SQL Servers
      • Discovering SQL Servers to Attack
      • Acquiring an Account
      • Escalating Your Privileges
    • Defending SQL Servers
      • Planning for a Secure Installation
      • Configuring a Secure SQL Server
      • Monitoring and Maintenance
      • A Case Study:Things Going Badly
    • Writing Secure Applications for SQL Server
      • Injecting SQL
      • Defending Against SQL Injection
    • Summary, Solutions Fast Track, Frequently Asked Questions
  13. Attacking and Defending Oracle
    • Introduction
      • The Oracle Architecture
      • Downloading Patches
    • Attacking the Listener
      • External Procedure Services
      • Denial of Service When Redirection Occurs
    • Attacking the Database
      • Buffer Overflows in Authentication
      • Buffer Overflows in SQL
      • Left Outer Joins
      • PL/SQL
      • Java Stored Procedures
    • Attacking the Oracle Application Server
      • Vulnerabilities in Oracle 9iAS 2
      • OracleJSP
      • XSQL
      • SOAP Application Deployment
    • Defending Oracle
      • Securing the Listener
      • Securing the Database
    • Summary, Solutions Fast Track, Frequently Asked Questions
  14. Attacking and Defending Unix
    • Introduction
    • Attacking Unix
      • Information Gathering Attacks
      • Gaining Remote Access
      • Local Privilege Elevation
    • Engineering a Secure Unix System
      • System Information Gathering
      • System Design
      • Secure System Implementation
    • Platform-Specific Configurations
      • Access Control Lists
      • Role-Based Accounts
      • Auditing
      • Kernel Parameters
      • Kernel Modules
      • Service Configuration
      • Host-Based Intrusion Detection
    • Securing Inherited Systems
      • Evaluating Inherited Systems
      • The Process of Securing Inherited Systems
    • Summary, Solutions Fast Track, Frequently Asked Questions
  15. Wireless LANs: Discovery and Defense
    • Introduction
    • Introducing 802.11
      • The Standards
      • Components of a Wireless Network
    • Wireless Network Discovery
      • GPS and Mapping
      • Tools for Detecting 802.11 Networks
    • Finding 802.11 Networks from the Wired Side
      • SNMP and Other Management Services
      • 802.11 Client Detection
    • Wireless Network Defense
      • Reviewing Basic Architecture Concepts
      • Implementing Wireless Security
    • Detecting 802.11 Attacks
    • Summary, Solutions Fast Track, Frequently Asked Questions
  16. Network Architecture
    • Introduction
    • Learning About Your Network’s Security Design
      • Analyzing Traffic Flow
      • Useful Tools for Gathering Data
      • Using Network Assessment Tools
      • Ensuring Physical Security
      • Creating a Secure Logical Layout
    • Firewalling the Internal Network
      • Defining the Perimeter and Internal Segments of your Network
      • Selecting the Correct Firewall
      • Implementing Access Control Lists
    • IDS Configuration and Placement
      • Types of Network and Host IDS
      • IDS Placement
      • IDS Tuning and Monitoring
      • Evolution of the IDS
    • Defending Against Layer 2 Attacks
      • MAC Flooding
      • ARP Spoofing
      • VLAN Jumping
      • Cisco Discovery Protocol Denial of Service
    • Managing the Secured Network
    • Summary, Solutions Fast Track, Frequently Asked Questions
  17. Architecting the Human Factor
    • Introduction
    • Balancing Security and Usability
      • Personnel as a Security Risk
      • The State of Internal Security
      • User Community Response
      • The Role of Virus Defense in Overall Security
    • Managing External Network Access
      • Gaining Control: Proxying Services
      • Handling Difficult Services
    • Managing Partner and Vendor Networking
      • Developing VPN Access Procedures
      • Developing Partner Extranets
    • Securing Sensitive Internal Networks
      • Protecting Human Resources and Accounting
      • Protecting Executive and Managerial Staff
    • Developing and Maintaining Organizational Awareness
      • Quantifying the Need for Security
      • Developing Effective Awareness Campaigns
      • Company-Wide Incident Response Teams
    • Summary, Solutions Fast Track, Frequently Asked Questions
  18. Creating Effective Corporate Security Policies
    • Introduction
    • The Founding Principles of a Good Security Policy
    • Safeguarding Against Future Attacks
      • Required: Management Support
    • Avoiding Shelfware Policies
      • Make Policies Readable
      • Make Policies Referable
      • Keep Policies Current
      • Balance Protection and Productivity
      • Recognize Your Value
      • Designate Policy Ownership
      • Obtain Management Support
    • Understanding Current Policy Standards
      • ISO17799
      • SAS70
      • Government Policy
    • Creating Corporate Security Policies
      • Defining the Scope
      • Discovering Current Policies
      • Evaluating Current Policies
      • Creating New Policies
    • Implementing and Enforcing Corporate Security Policies
      • Policy Distribution and Education
      • Policy Enforcement
    • Reviewing Corporate Security Policies
    • Summary, Solutions Fast Track, Frequently Asked Questions

Reviews

Special Ops

Reviewed by Roland Buresund

Decent ****** (6 out of 10)

Last modified: Nov. 15, 2008, 1:43 a.m.

Opinion

This book in fact deliver more than it promises. OK, you won't be an expert after having read it and it is lacking sufficient detail (it doesn't even acknowledge the lack of detail) to make it an excellent book, but it qualifies on anyones reading list if they are concerned about the security in UNIX, Windows (and related applications) and databases.

In Short, it is a book well worth owning.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required