Hack Proofing Your Network

Foreword v 1.5
Foreword v 1.0
Chapter 1 How To Hack
Introduction
What We Mean by “Hack”
Why Hack?
Knowing What To Expect in the Rest of This Book
Understanding the Current Legal Climate
Summary
Frequently Asked Questions
Chapter 2 The Laws of Security
Introduction
Knowing the Laws of Security
Client-Side Security Doesn’t Work
You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
Malicious Code Cannot Be 100 Percent Protected against
Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
Firewalls Cannot Protect You 100 Percent from Attack
Social Engineering
Attacking Exposed Servers
Attacking the Firewall Directly
Client-Side Holes
Any IDS Can Be Evaded
Secret Cryptographic Algorithms Are Not Secure
If a Key Is Not Required,You Do Not Have Encryption—You Have Encoding
Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
Security through Obscurity Does Not Work
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Classes of Attack
Introduction
Identifying and Understanding the Classes of Attack
Denial of Service
Information Leakage
Regular File Access
Misinformation
Special File/Database Access
Remote Arbitrary Code Execution
Elevation of Privileges
Identifying Methods of Testing for Vulnerabilities
Proof of Concept
Standard Research Techniques
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Methodology
Introduction
Understanding Vulnerability Research Methodologies
Source Code Research
Binary Research
The Importance of Source Code Reviews
Searching Error-Prone Functions
Reverse Engineering Techniques
Disassemblers, Decompilers, and Debuggers
Black Box Testing
Chips
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Diffing
Introduction
What Is Diffing?
Why Diff?
Looking to the Source Code
Exploring Diff Tools
Using File-Comparison Tools
Working with Hex Editors
Utilizing File System Monitoring Tools
Finding Other Tools
Troubleshooting
Problems with Checksums and Hashes
Problems with Compression and Encryption
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Cryptography
Introduction
Understanding Cryptography Concepts
History
Encryption Key Types
Learning about Standard Cryptographic Algorithms
Understanding Symmetric Algorithms
Understanding Asymmetric Algorithms
Understanding Brute Force
Brute Force Basics
Using Brute Force to Obtain Passwords
Knowing When Real Algorithms Are Being Used Improperly
Bad Key Exchanges
Hashing Pieces Separately
Using a Short Password to Generate a Long Key
Improperly Stored Private or Secret Keys
Understanding Amateur Cryptography Attempts
Classifying the Ciphertext
Monoalphabetic Ciphers
Other Ways to Hide Information
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Unexpected Input
Introduction
Understanding Why Unexpected Data Is Dangerous
Finding Situations Involving Unexpected Data
Local Applications and Utilities
HTTP/HTML
Unexpected Data in SQL Queries
Application Authentication
Disguising the Obvious
Using Techniques to Find and Eliminate Vulnerabilities
Black-Box Testing
Use the Source
Untaint Data by Filtering It
Escaping Characters Is Not Always Enough
Perl
Cold Fusion/Cold Fusion Markup Language (CFML)
ASP
PHP
Protecting Your SQL Queries
Silently Removing versus Alerting on Bad Data
Invalid Input Function
Token Substitution
Utilizing the Available Safety Features in Your Programming Language
Perl
PHP
ColdFusion/ColdFusion Markup Language
ASP
MySQL
Using Tools to Handle Unexpected Data
Web Sleuth
CGIAudit
RATS
Flawfinder
Retina
Hailstorm
Pudding
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Buffer Overflow
Introduction
Understanding the Stack
The Stack Dump
Oddities and the Stack
Understanding the Stack Frame
Introduction to the Stack Frame
Passing Arguments to a Function: A Sample Program
Stack Frames and Calling Syntaxes
Learning about Buffer Overflows
A Simple Uncontrolled Overflow: A Sample Program
Creating Your First Overflow
Creating a Program with an Exploitable Overflow
Performing the Exploit
Learning Advanced Overflow Techniques
Stack Based Function Pointer Overwrite
Heap Overflows
Advanced Payload Design
Using What You Already Have
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Format Strings
Introduction
Understanding Format String Vulnerabilities
Why and Where Do Format String Vulnerabilities Exist?
How Can They Be Fixed?
How Format String Vulnerabilities Are Exploited
How Format String Exploits Work
What to Overwrite
Examining a Vulnerable Program
Testing with a Random Format String
Writing a Format String Exploit
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Sniffing
Introduction
What Is Sniffing?
How Does It Work?
What to Sniff?
Obtaining Authentication Information
Capturing Other Network Traffic
Popular Sniffing Software
Ethereal
Network Associates Sniffer Pro
NT Network Monitor
WildPackets
TCPDump
dsniff
Ettercap
Esniff.c
Sniffit
Carnivore
Additional Resources
Advanced Sniffing Techniques
Man-in-the-Middle (MITM) Attacks
Cracking
Switch Tricks
Routing Games
Exploring Operating System APIs
Linux
BSD
libpcap
Windows
Taking Protective Measures
Providing Encryption
Secure Sockets Layers (SSL)
PGP and S/MIME
Switching
Employing Detection Techniques
Local Detection
Network Detection
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Session Hijacking
Introduction
Understanding Session Hijacking
TCP Session Hijacking
TCP Session Hijacking with Packet Blocking
UDP Hijacking
Examining the Available Tools
Juggernaut
Hunt
Ettercap
SMBRelay
Storm Watchers
Playing MITM for Encrypted Communications
Man-in-the-Middle Attacks
Dsniff
Other Hijacking
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 12 Spoofing: Attacks on Trusted Identity
Introduction
What It Means to Spoof
Spoofing Is Identity Forgery
Spoofing Is an Active Attack against Identity Checking Procedures
Spoofing Is Possible at All Layers of Communication
Spoofing Is Always Intentional
Spoofing Is Not the Same Thing as Betrayal
Spoofing Is Not Necessarily Malicious
Spoofing Is Nothing New
Background Theory
The Importance of Identity
The Evolution of Trust
Asymmetric Signatures between Human Beings
Establishing Identity within Computer Networks
Return to Sender
In the Beginning,There Was… a Transmission
Capability Challenges
Configuration Methodologies: Building a Trusted Capability Index
Desktop Spoofs
The Plague of Auto-Updating Applications
Impacts of Spoofs
Subtle Spoofs and Economic Sabotage
Down and Dirty: Engineering Spoofing Systems
Spitting into the Wind: Building a Skeleton Router in Userspace
Bring Out the Halon: Spoofing Connectivity Through Asymmetric Firewalls
Summary
Solution Fast Track
Frequently Asked Questions
Chapter 13 Tunneling
Introduction
Strategic Constraints of Tunnel Design
Privacy: “Where Is My Traffic Going?”
Routability: “Where Can This Go Through?”
Deployability: “How Painful Is This to Get Up and Running?”
Flexibility: “What Can We Use This for,Anyway?”
Quality: “How Painful Will This System Be to Maintain?”
Designing End-to-End Tunneling Systems
Drilling Tunnels Using SSH
Open Sesame: Authentication
Basic Access: Authentication by Password
Transparent Access: Authentication by Private Key
Command Forwarding: Direct Execution for Scripts and Pipes
Port Forwarding: Accessing Resources on Remote Networks
Local Port Forwards
Dynamic Port Forwards
Remote Port Forwards
When in Rome:Traversing the Recalcitrant Network
Crossing the Bridge: Accessing Proxies through ProxyCommands
No Habla HTTP? Permuting thy Traffic
Show Your Badge: Restricted Bastion Authentication
Bringing the Mountain: Exporting SSHD Access
Echoes in a Foreign Tongue: Cross-Connecting Mutually Firewalled Hosts
Not In Denver, Not Dead: Now What?
Standard File Transfer over SSH
Incremental File Transfer over SSH
CD Burning over SSH
Acoustic Tubing: Audio Distribution over TCP and SSH
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 14 Hardware Hacking
Introduction
Understanding Hardware Hacking
Opening the Device: Housing and Mechanical Attacks
Types of Tamper Mechanisms
External Interfaces
Protocol Analysis
Electromagnetic Interference and Electrostatic Discharge
Analyzing the Product Internals: Electrical Circuit Attacks
Reverse-engineering the Device
Basic Techniques: Common Attacks
Advanced Techniques: Epoxy Removal and IC Delidding
Cryptanalysis and Obfuscation Methods
What Tools Do I Need?
Starter Kit
Advanced Kit
Example: Hacking the iButton Authentication Token
Experimenting with the Device
Reverse-engineering the “Random” Response
Example: Hacking the NetStructure 7110 E-commerce Accelerator
Opening the Device
Retrieving the Filesystem
Reverse-engineering the Password Generator
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 15 Viruses, Trojan Horses, and Worms
Introduction
How Do Viruses,Trojans Horses, and Worms Differ?
Viruses
Worms
Macro Virus
Trojan Horses
Hoaxes
Anatomy of a Virus
Propagation
Payload
Other Tricks of the Trade
Dealing with Cross-platform Issues
Java
Macro Viruses
Recompilation
Shockwave Flash
Proof that We Need to Worry
The Morris Worm
ADMw0rm
Melissa and I Love You
Sadmind Worm
Code Red Worms
Nimda Worm
Creating Your Own Malware
New Delivery Methods
Faster Propagation Methods
Other Thoughts on Creating New Malware
How to Secure Against Malicious Software
Anti-Virus Software
Updates and Patches
Web Browser Security
Anti-Virus Research
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 16 IDS Evasion
Introduction
Understanding How Signature-Based IDSs Work
Judging False Positives and Negatives
Alert Flooding
Using Packet Level Evasion
IP Options
IP Fragmentation
TCP Header
TCP Synchronization
Using Fragrouter and Congestant
Countermeasures
Using Application Protocol Level Evasion
Security as an Afterthought
Evading a Match
Web Attack Techniques
Countermeasures
Using Code Morphing Evasion
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 17 Automated Security Review and Attack Tools
Introduction
Learning about Automated Tools
Exploring the Commercial Tools
Exploring the Free Tools
Using Automated Tools for Penetration Testing
Testing with the Commercial Tools
Testing the Free Tools
Knowing When Tools Are Not Enough
The New Face of Vulnerability Testing
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 18 Reporting Security Problems
Introduction
Understanding Why Security Problems Need to Be Reported
Full Disclosure
Determining When and to Whom to Report the Problem
Whom to Report Security Problems to?
Deciding How Much Detail to Publish
Publishing Exploit Code
Problems
Summary
Solutions Fast Track
Frequently Asked Questions
Index