Hack the Stack (eBook)
481 Seiten
Elsevier Science (Verlag)
978-0-08-050774-3 (ISBN)
This book is designed to offer readers a deeper understanding of many common vulnerabilities and the ways in which attacker's exploit, manipulate, misuse, and abuse protocols and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they occur.
What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that may be monitored that would have alerted users of an attack.
* Remember being a child and wanting to take something apart, like a phone, to see how it worked? This book is for you then as it details how specific hacker tools and techniques accomplish the things they do.
* This book will not only give you knowledge of security tools but will provide you the ability to design more robust security solutions
* Anyone can tell you what a tool does but this book shows you how the tool works
This book looks at network security in a new and refreshing way. It guides readers step-by-step through the "e;stack"e; -- the seven layers of a network. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found at that layer. The book even includes a chapter on the mythical eighth layer: The people layer. This book is designed to offer readers a deeper understanding of many common vulnerabilities and the ways in which attacker's exploit, manipulate, misuse, and abuse protocols and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they occur. What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that may be monitored that would have alerted users of an attack.* Remember being a child and wanting to take something apart, like a phone, to see how it worked? This book is for you then as it details how specific hacker tools and techniques accomplish the things they do. * This book will not only give you knowledge of security tools but will provide you the ability to design more robust security solutions * Anyone can tell you what a tool does but this book shows you how the tool works
Front Cover 1
Hack The Stack: Using Snort and Ethereal to Master The 8 Layers of an Insecure Network 6
Copyright Page 7
Contents 14
Foreword 26
Chapter 1. Extending OSI to Network Security 28
Introduction 29
Our Approach to This Book 29
Common Stack Attacks 35
Mapping OSI to TCP/IP 40
The Current State of IT Security 43
Using the Information in This Book 46
Summary 50
Solutions Fast Track 50
Frequently Asked Questions 52
Chapter 2. The Physical Layer 54
Introduction 55
Defending the Physical Layer 55
Attacking the Physical Layer 74
Layer 1 Security Project 91
Summary 92
Solutions Fast Track 93
Frequently Asked Questions 94
Chapter 3. Layer 2: The Data Link Layer 96
Introduction 97
Ethernet and the Data Link Layer 97
Understanding PPP and SLIP 100
Working with a Protocol Analyzer 102
Understanding How ARP Works 109
Attacking the Data Link Layer 111
Defending the Data Link Layer 118
SecuringYour Network from Sniffers 118
Employing Detection Techniques 120
Data Link Layer Security Project 122
Using the Auditor Security Collection to Crack WEP 122
Summary 126
Solutions Fast Track 126
Frequently Asked Questions 128
Chapter 4. Layer 3: The Network Layer 130
Introduction 131
The IP Packet Structure 131
The ICMP Packet Structure 145
Attacking the Network Layer 150
Defending the Network Layer 167
Network Layer Security Project 170
Summary 173
Solutions Fast Track 173
Frequently Asked Questions 176
Chapter 5. Layer 4: The Transport Layer 178
Introduction 179
Connection-Oriented versus Connectionless Protocols 179
Protocols at the Transport Layer 180
The Hacker's Perspective 189
Scanning the Network 190
Operating System Fingerprinting 200
Detecting Scans on Your Network 208
Defending the Transport Layer 210
Transport Layer Project—Setting Up Snort 214
Summary 227
Solutions Fast Track 227
Frequently Asked Questions 229
Chapter 6. Layer 5: The Session Layer 232
Introduction 233
Attacking the Session Layer 233
Defending the Session Layer 254
Session Layer Security Project 259
Summary 264
Solutions Fast Track 264
Frequently Asked Questions 266
Chapter 7. Layer 6: The Presentation Layer 268
Introduction 269
The Structure of NetBIOS and SMB 269
Attacking the Presentation Layer 272
Defending the Presentation Layer 293
Presentation Layer Security Project 301
Summary 307
Solutions Fast Track 307
Frequently Asked Questions 309
Notes 310
Chapter 8. Layer 7: The Application Layer 312
Introduction 313
The Structure of FTP 313
Analyzing Domain Name System and Its Weaknesses 319
Other Insecure Application Layer Protocols 326
Attacking the Application Layer 330
Defending the Application Layer 363
Nessus 373
Application-Layer Security Project: Using Nessus to Secure the Stack 374
Summary 377
Solutions Fast Track 377
Frequently Asked Questions 379
Chapter 9. Layer 8: The People Layer 380
Introduction 381
Attacking the People Layer 381
Defending the People Layer 402
Making the Case for Stronger Security 417
People Layer Security Project 422
Summary 425
Solutions Fast Track 425
Frequently Asked Questions 426
Appendix A. Risk Mitigation: Securing the Stack 428
Introduction 429
Physical 429
Data Link 430
Network 431
Transport 432
Session 432
Presentation 433
Application 433
People 447
Summary 449
Index 450
Extending OSI to Network Security
Solutions in this chapter:
■ Mapping the OSI Model to the TCP/IP Model
■ The Current State of IT Security
■ Using the Information in this Book
☑ Summary
Introduction
“Everything old becomes new again.” The goal of this chapter is to take the well-known Open Systems Interconnect (OSI) model and use it to present security topics in a new and unique way. While each of the subsequent chapters focuses on one individual layer, this chapter offers a high-level overview of the entire book.
Our Approach to This Book
This book is compiled of issues and concerns that security professionals must deal with on a daily basis. We look at common attack patterns and how they are made possible. Many attacks occur because of poor protocol design; others occur because of poor programming or lack of forethought when designing code. Finally, the tools that are useful for identifying and analyzing exploits and exposures are discussed—the tools you will return to time and time again.
Warning
Many of the tools discussed in this book can be used by both security professionals and hackers. Always make sure you have the network owner’s permission before using any of these tools, which will save you from many headaches and potential legal problems.
Tools of the Trade
The following sections examine “protocol analyzers” and the Intrusion Detection Systems (IDSes), which are the two main tools used throughout this book.
Protocol Analyzers
Protocol analyzers (or sniffers) are powerful programs that work by placing the host system’s network card into promiscuous mode, thereby allowing it to receive all of the data it sees in that particular collision domain. Passive sniffing is performed when a user is on a hub. When using a hub, all traffic is sent to all ports; thus, all a security professional or attacker has to do is start the sniffer and wait for someone on the same collision domain to begin transmitting data. A collision domain is a network segment that is shared but not bridged or switched; packets collide because users are sharing the same bandwidth.
Sniffing performed on a switched network is known as active sniffing, because it switches segment traffic and knows which particular port to send traffic to. While this feature adds much needed performance, it also raises a barrier when attempting to sniff all potential switched ports. One way to overcome this impediment is to configure the switch to mirror a port. Attackers may not have this capability, so their best hope of bypassing the functionality of the switch is through poisoning and flooding (discussed in subsequent chapters).
Sniffers operate at the data link layer of the OSI model, which means they do not have to play by the same rules as the applications and services that reside further up the stack. Sniffers can capture everything on the wire and record it for later review. They allow user’s to see all of the data contained in the packet. While sniffers are still a powerful tool in the hands of an attacker, they have lost some of their mystical status as many more people are using encryption.
The sniffer used in this book is called Ethereal, which is free and works well in both a Windows and a Linux environment. (Chapter 3 provides a more in-depth review of how to install and use Ethereal.) If you’re eager to start using Ethereal, more details about the program can be found at www.ethereal.com. (Ethereal’s name has been changed to Wireshark.)
Intrusion Detection Systems
Intrusion detection systems (IDSes) play a critical role in protecting the Information Technology (IT) infrastructure. Intrusion detection involves monitoring network traffic, detecting attempts to gain unauthorized access to a system or resource, and notifying the appropriate individuals so that counteractions can be taken. The ability to analyze vulnerabilities and attacks with a sniffer and then craft a defense with an IDS is a powerful combination. The IDS system used in this book is Snort, which can be used with both Linux and Windows and has industry wide support.
Note
Intrusion detection has a short history. In 1983, Dr. Dorothy Denning began developing the first IDS, which would be used by the U.S. government to analyze the audit trails of government mainframe systems.
Snort is a freeware IDS developed by Martin Roesch and Brian Caswell. It’s a lightweight, network-based IDS that can be set up on a Linux or Windows host. While the core program uses a Command Line Interface (CLI), graphical user interfaces (GUIs) can also be used. Snort operates as a network sniffer and logs activity that matches predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
Snort consists of two basic parts:
■ Header Where the rules “actions” are identified
■ Options Where the rules “alert messages” are identified
To learn more about Snort, go to www.Snort.org.
Organization of This Book
This book is arranged in the same manner as the layers of the OSI model, which was developed to provide organization and structure to the world of networking. In 1983, the International Organization for Standardization (ISO) and the International Telegraph and Telephone Consultative Committee (CCITT) merged documents and developed the OSI model, which is based on a specific hierarchy where each layer builds on the output of each adjacent layer (see ISO 7498). Today, it is widely used as a guide for describing the operation of a networking environment, and also serves as a teaching model for hacks, attacks, and defenses.
The OSI model is a protocol stack where the lower layers deal primarily with hardware, and the upper layers deal primarily with software. The OSI model’s seven layers are designed so that control is passed down from layer to layer. The seven layers of the OSI model are shown in Table 1.1
Table 1.1
The Seven-Layer OSI Model
| Layer | Responsibility |
| Application | Application support such as File Transfer Protocol (FTP), Telnet, and Hypertext Transfer Protocol (HTTP) |
| Presentation | Encryption, Server Message Block (SMB), American Standard Code for Information Interchange (ASCII), and formatting |
| Session | Data flow control, startup, shutdown, and error detection/correction |
| Transport | End-to-end communications, UDP and TCP services |
| Network | Routing and routable protocols such as IP and Open Shortest Path First (OSPF). Path control and best effort at delivery |
| Data link | Network interface cards, Media Access Control (MAC) addresses, framing, formatting, and organizing data |
| Physical | Transmission media such as twisted-pair cabling, wireless systems, and fiber-optic cable |
The OSI model functions as follows:
1. Information is introduced into the application layer and passed down until it ends up at the physical layer.
2. Next, it is transmitted over the physical medium (i.e., wire, coax, or wireless) and sent to the target device.
3. Once at the target device, it proceeds back up the stack to the application layer.
For this book, an eighth layer has been added to the OSI model that is called the “people” layer (or “social” layer). Figure 1.1 shows the eight layers and interprets the services of each.
Note
While the OSI model is officially seven layers, for the purposes of this book an additional layer (layer 8 [the “people” layer]) has been added to better address the different hacks and attacks that can occur in a networked environment.
The People Layer
Layer 8 is known as the people layer, and while not an official layer of the OSI model, it is an important consideration; therefore, it has been added to the OSI model for this book. People are often the weakest link. We can implement the best security solutions known at the lower layers of the OSI model and still be vulnerable through people and employees. Social...
| Erscheint lt. Verlag | 6.11.2006 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Informatik ► Theorie / Studium ► Kryptologie | |
| Wirtschaft ► Betriebswirtschaft / Management | |
| ISBN-10 | 0-08-050774-3 / 0080507743 |
| ISBN-13 | 978-0-08-050774-3 / 9780080507743 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
