Maximum Security

The author is an experienced computer hacker who now works as a writer, trainer, Internet and Unix site manager, and security consultant in California.

Introduction. A Few Words About This Book. I. SETTING THE STAGE. 1. Why Did I Write This Book? Our Need for Security: Real or Imagined? The Root of the Problem. Misconfiguration of the Target Host. Why Education in Security Is Important. The Loneliness of the Long-Distance NetSurfer. Summary. 2. How to Use This Book. How to Use This Book? Duh! FTP Clients. Programming Languages. Methods of Using This Book. This Books Limitations. The Books Parts. Odds and Ends to Know About Maximum Security. Cool Stuff on the CD-ROM. Summary. II. UNDERSTANDING THE TERRAIN. 3. Birth of a Network: The Internet. In the Beginning: 1962-1969. UNIX Is Born: 1969-1973. About C. Moving On: The Modern Internet. Summary. 4. A Brief Primer on TCP/IP. What Is TCP/IP? How Does TCP/IP Work? The Individual Protocols. TCP/IP Is the Internet. Summary. 5. Hackers and Crackers. What Is the Difference Between a Hacker and a Cracker? Where Did This All Start? The Situation Today: A Network at War. Summary. 6. Just Who Can Be Hacked, Anyway? What Is Meant by the Term Cracked? Government. The Public Sector. A Warning. Summary. 7. Internet Warfare. The Internet Can Change Your Life. Cant We All Just Get Along? Friend or Foe? Can the Internet Be Used for Espionage? The Threat Gets More Personal. What Would an Information Attack Look Like? Y2K. The Immediate Future. Summary. Resources on Information Warfare. Resources on Y2K. 8. Security Concepts. We Need the Internet and We Need It Fast! Assessing Your Particular Situation. Certification and Assurance. Where to Get Training. General Training. Advanced Training. Co-Location as a Solution. Hiring an Outside Security Consultant. Consultants and Other Solutions. III. TOOLS. 9. Destructive Devices. What Are Destructive Devices? Summary. 10. Scanners. The Scanners. On Other Platforms. Summary. 11. Password Crackers. What Is a Password Cracker? The Value of Password Crackers. The Password Crackers. Password Crackers for Windows NT. Password Crackers for UNIX. Other Types of Password Crackers. Resources. Summary. 12. Trojans. What Is a Trojan? Where Do Trojans Come From? Where Will I Find a Trojan? Cmon! How Often Are Trojans Really Discovered? What Level of Risk Do Trojans Represent? How Do I Detect a Trojan? Resources. Summary. 13. Sniffers. Sniffers as Security Risks. What Level of Risk Do Sniffers Represent? Has Anyone Actually Seen a Sniffer Attack? What Information Do Sniffers Capture? Where Is One Likely to Find a Sniffer? Where Can I Get a Sniffer? Freely Available Sniffers. Defeating Sniffer Attacks. Summary. Further Reading on Sniffers. 14. Firewalls. What Is a Firewall? Other Tasks Performed by Firewalls. What Are the Components of a Firewall? Types of Firewalls. Firewalls Generally. Building a Firewall: The Important Steps. Commercial Firewalls. Summary. 15. Logging and Audit Tools. Logging Tools. Why Use More Logs? Network Monitoring and Data Collection. Tools for Analyzing Log Files. Specialized Logging Utilities. Summary. IV. PLATFORMS AND SECURITY. 16. The Hole. The Concept of the Hole. About Timeliness. How a Hole Emerges. Mining the Data Monster. How Much Security Do You Need? General Sources. Mailing Lists. Usenet Newsgroups. Vendor Security Mailing Lists, Patch Depositories, and Resources. Summary. 17. Microsoft. Modern Vulnerabilities in Microsoft Applications. Internal Windows NT Security. Summary. 18. UNIX: The Big Kahuna. Beginning at the Beginning. Addressing Physical Security. Console Security. Installation Media. Default Configurations. Password Security. Installing a Proactive Password-Checking Program. Patches. Particular Vulnerabilities. The Next Step: Examining Services. FTP. FTP in General. Gopher. Network File System. HTTP. Preserving a Record of the File System. About X. Checklists and Guides. Selected Exploits for UNIX (General). Publications and Things. Books. Online Publications. Summary. 19. Novell. Default Passwords. Sniffers and Novell. Remote Attacks on NetWare. Spoofing. Denial of Service. Utilities for Securing and Managing Novell Networks. Utilities for Cracking Novell Networks or Testing Their Security. Getit. Burglar. Setpass. NWPCRACK. IPXCntrl. Crack. Snoop. Novelbfh.exe. Resources. 20. VAX/VMS. VMS. Security in VMS. Some Old Holes. Audits and Monitoring. Changing Times. Summary. Resources. 21. Macintosh. Vulnerabilities on the Macintosh Platform. About File Sharing and Security. Password Crackers and Related Utilities. Tools Designed Specifically for America Online. Summary. Resources. V. BEGINNING AT GROUND ZERO. 22. Whos in Charge? The General Idea. About Access Control. About Gaining Root. Root May Be a Thing of the Past. Root on Other Operating Systems. The Cracker Who Is Root. Beware of Root. Summary. 23. Internal Security. Internal Security. Do I Really Need Internal Security? Why Are Internal Attacks So Prevalent? About Policies. Hardware Considerations. Drives, Directories, and Files. General Internal Security Assessments. Internal Security Scanners. Controlling Employee Access to the Internet. Developing Best Practice Checklists. Summary. VI. THE REMOTE ATTACK. 24. The Remote Attack. What Is a Remote Attack? The First Steps. Getting a Brief Look at the Network. finger and rusers. The Operating System. The Research Phase. Doing a Test Run. Summary. 25. Levels of Attack. When Can an Attack Occur? What Operating Systems Do Crackers Use? Origins of Attack. What Is the Typical Cracker Like? What Is the Typical Target Like? Why Do They Want to Attack? About Attacks. The Sams Crack Level Index. Summary. Resources. 26. Spoofing Attacks. What Is Spoofing? Internet Security Fundamentals. The Mechanics of a Spoofing Attack. The Ingredients of a Successful Spoofing Attack. Guessing the Sequence Number. Documents Related Specifically to IP Spoofing. ARP Spoofing. DNS Spoofing. Summary. 27. Telnet-Based Attacks. Telnet. Summary. 28. Languages, Extensions, and Security. The World Wide Web Grows Up. CGI and Security. ActiveX. Scripting Languages. Summary. 29. Hiding Your Identity. Degrees of Exposure. Web Browsing and Invasion of Privacy. Browser Security. Cookies. VII. APPENDIXES. Appendix A. Security Bibliography--Further Reading. TCP/IP. On NetWare. Appendix B. How to Get More Information. Establishment Resources. Underground Resources. Appendix C. Security Consultants. The Listings. Appendix D. Reference Documents Linked on the CD-ROM. Selected Microsoft Access Violation Advisories. RFC Documents Relevant to Security. Appendix E. Reality Bytes: Computer Security and the Law. The United States. China. Russia and the CIS. The European Economic Community (EEC). The United Kingdom. Finland. Free Speech. Summary. Sources for General Information. Appendix F. Whats on the CD-ROM. Macintosh Software. Windows Software--Network Utilities. UNIX Software. Documents and Media. Appendix G. Security Glossary. Index.