The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks

[Year : 2004] [Size : 18.0 MB] [Format : PDF] [Pages : 849]
Authors
SUSAN YOUNG AND DAVE AITEL




The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks


Line of Contents

  • 1 Introduction: The Chess Game
  • Book Structure
  • Chapter 2. Case Study in Subversion
  • Chapter 3. Know Your Opponent
  • Chapter 4. Anatomy of an Attack
  • Chapter 5. Your Defensive Arsenal
  • Chapter 6. Programming
  • Chapter 7. IP and Layer 2 Protocols
  • Chapter 8. The Protocols
  • Chapter 9. Domain Name System (DNS)
  • Chapter 10. Directory Services
  • Chapter 11. Simple Mail Transfer Protocol (SMTP)
  • Chapter 12. Hypertext Transfer Protocol (HTTP)
  • Chapter 13. Database Hacking
  • Chapter 14. Malware and Viruses
  • Chapter 15. Network Hardware
  • Chapter 16. Consolidating Gains
  • Chapter 17. After the Fall
  • Chapter 18. Conclusion
  • PART I FOUNDATION MATERIAL
  • 2 Case Study in Subversion
  • Dalmedica
  • The Dilemma
  • The Investigation
  • Notes
  • 3 Know Your Opponent
  • Terminology
  • Script Kiddy
  • Cracker
  • White Hat Hacker
  • Black Hat Hacker
  • Hacktivism
  • Professional Attackers
  • History
  • Computer Industry and Campus
  • System Administration
  • Home Computers
  • Home Computers: Commercial Software
  • Home Computers: The BBS
  • Phone Systems
  • Ethics and Full Disclosure
  • Opponents Inside
  • The Hostile Insider
  • Corporate Politics
  • Conclusion
  • Notes
  • 4 Anatomy of an Attack
  • Overview
  • Reconnaissance
  • Social Engineering and Site Reconnaissance
  • Internet Reconnaissance
  • Internet Search Engines and Usenet Tools
  • Financial Search Tools, Directories, Yellow Pages,
  • and Other Sources
  • IP and Network Reconnaissance
  • Registrar and whois Searches
  • Network Registrar Searches (ARIN)
  • DNS Reconnaissance
  • Mapping Targets
  • War Dialing
  • Network Mapping (ICMP)
  • ICMP Queries
  • TCP Pings: An Alternative to ICMP
  • Traceroute
  • Additional Network Mapping Tools
  • Port Scanning
  • TCP and UDP Scanning
  • Banner Grabbing
  • Packet Fragmentation Options
  • Decoy Scanning Capabilities
  • Ident Scanning
  • FTP Bounce Scanning
  • Source Port Scanning
  • Stack Fingerprinting Techniques
  • Vulnerability Scanning (Network-Based OS
  • and Application Interrogation)
  • Researching and Probing Vulnerabilities
  • System/Network Penetration
  • Account (Password) Cracking
  • Application Attacks
  • Cache Exploits
  • File System Hacking
  • Hostile and Self-Replicating Code
  • Programming Tactics
  • Process Manipulation
  • Shell Hacking
  • Session Hijacking
  • Spoofing
  • State-Based Attacks
  • Traffic Capture (Sniffing)
  • Trust Relationship Exploitation
  • Denial-of-Service
  • Consolidation
  • Security
  • Notes
  • References
  • Texts
  • Web References
  • 5 Your Defensive Arsenal
  • The Defensive Arsenal
  • Access Controls
  • Network Access Controls (Firewalls)
  • State Management Attacks on Firewalls
  • Firewall Ruleset and Packet Filter Reconnaissance
  • IP Spoofing to Circumvent Network Access Controls
  • Denial-of-Service
  • Packet Fragmentation Attacks
  • Application Level Attacks
  • System Access Controls
  • Host-Based Firewalls
  • Operating System Access Controls
  • and Privilege Management
  • Authentication
  • IP Authentication
  • Password Authentication
  • Account/Password Cracking
  • Eavesdropping Attacks
  • Password Guessing Attacks
  • Token-Based Authentication
  • Session Authentication
  • Session Authentication Scheme Cracking
  • Generation of Counterfeit Session Auth Credentials
  • Session ID Brute-Forcing
  • Session Auth Eavesdropping
  • Session Auth/ID Stealing or “Hijacking”
  • Client Session/ID Theft
  • Cryptographic (Key-Based) Authentication
  • Key Transfer and Key Management Vulnerabilities
  • Key Transfer Vulnerabilities
  • Key Management Vulnerabilities
  • (Public Key Infrastructure)
  • Key Binding and Impersonation Vulnerabilities
  • Dictionary and Brute-Force Attacks
  • against Weak Secrets
  • Centralized Authentication Servers
  • RADIUS
  • TACACS
  • Kerberos
  • Human Authentication (Biometrics)
  • Resource Controls
  • Nonrepudiation
  • Digital Signatures (and Digital Certificates)
  • Privacy
  • Virtual Private Network (VPN)
  • Session and Protocol Encryption
  • Secure Sockets Layer (SSL)
  • Certificate and Impersonation Attacks (SSL)
  • Cryptographic Weaknesses (SSL)
  • Attacks against the Handshake Protocol (SSL)
  • SSL Man-in-the-Middle Attacks
  • Man-in-the-Middle Attack Version Rollback (SSL)
  • Viruses, Worms, and other Application Issues (SSL)
  • Secure Shell (SSH)
  • File System Encryption
  • Intrusion Detection
  • Network-Based and Host-Based IDS
  • Anomaly-Based (Behavior-Based) IDS
  • Signature-Based (Knowledge-Based) IDS
  • IDS Hacking Exploits
  • Address Spoofing or Proxying
  • Attacking the IDS
  • Denial-of-Service
  • Instigating Active Events
  • Nondefault Evasion and Pattern Change Evasion
  • Packet Fragmentation and “Session Splicing”
  • Port Scan Evasion
  • TCP Session Synchronization Attacks
  • URL Encoding (Unicode and Hex Attacks)
  • Web Evasion Techniques
  • File System Integrity Checkers
  • Security Information Management
  • Data Integrity
  • Application Proxies
  • Content Assurance (Antivirus, Content Scanning)
  • Notes
  • References
  • Texts
  • Web References
  • 6 Programming
  • Languages
  • Speed and Security Trade-Offs
  • Native Compiled Code: C/C++/Assembly
  • Bytecode/Just in Time Compiled Code
  • (“Managed” Code): C#/Java
  • Interpreted (Usually Compiled into Byte Codes
  • at Runtime): Perl, Python (Scripting Languages),
  • PHP, Visual Basic, .ASP, Lisp, JSP (Web Languages)
  • Language-Specific Flaws and Strategic Ways to Protect
  • against Them
  • The Basics of Buffer Overflows and Other Memory
  • Allocation Errors
  • History
  • Basic Stack Overflows
  • Options for the Hacker after a Stack Overflow
  • So What Is a Stack Canary?
  • Heap Overflows
  • Format String Bugs
  • Integer Overflows
  • Signal Races on UNIX
  • What Is Shellcode?
  • Interpreter Bugs
  • File Name Canonicalization
  • Logic Error War Stories
  • Platform-Specific Programming Security Issues
  • Windows NT Compared to UNIX
  • Types of Applications
  • Web Applications
  • Cross-Site Scripting Vulnerabilities
  • Java J2EE
  • Traditional ASP Net
  • LAMP
  • Remote Procedure Calling
  • Creating an RPC Program
  • Special Cases
  • Setuid Applications on UNIX
  • DCOM Services
  • Auditing Techniques
  • Tools That Aid Source Auditing
  • Tools That Aid Reverse Engineering
  • Fuzzing Audit Tools
  • Web Security Audit Tools
  • General Security Tools
  • Encryption and Authentication
  • Layered Defenses
  • Platform-Specific Defenses (Security through Security
  • and Security through Obscurity)
  • Nonexecutable Stack
  • Using a Different Platform Than Expected
  • File System User Access Controls
  • Process Logging
  • The Insider Problem, Backdoors, and Logic Bombs
  • Buying an Application Assessment
  • Conclusion
  • References
  • 7 IP and Layer 2 Protocols
  • Layer 2 Protocols
  • Address Resolution Protocol (ARP)
  • Protocol
  • Hacking Exploits
  • Security (Mapping ARP Exploits to ARP Defenses)
  • Static ARP Entries on Internet Gateways
  • and Firewalls
  • Network Management
  • ARP Monitoring
  • Port-Level Security
  • Reverse Address Resolution Protocol (RARP)
  • Protocol
  • Hacking Exploits
  • Security (Defenses for RARP-Related Attacks:
  • DHCP, BOOTP)
  • Assignment of Static IP Addresses to Clients
  • Use of DHCP/BOOTP MAC Controls
  • ARP Monitoring
  • Port-Level Security
  • Layer 3 Protocols
  • IP Protocol
  • Protocol
  • Hacking Exploits
  • IP Eavesdropping (Packet Sniffing)
  • IP Spoofing
  • IP Session Hijacking (Man-in-the-Middle Attacks)
  • IP Packet Fragmentation Attacks
  • ICMP-Based Fragmentation Attacks
  • Tiny Fragment Attacks
  • Overlapping Fragment Attacks
  • IP Covert Tunneling
  • Security (Mapping IP Exploits to IP Defenses)
  • Tools and Techniques to Detect Promiscuous
  • Mode Packet Sniffers
  • System Audits to Identify NICs
  • in Promiscuous Mode
  • System Hardening Procedures
  • to Inhibit Sniffer Installation
  • Inspection of Systems for Signs
  • of Rootkit Compromise
  • Institution of Switched Network
  • Institution of ARP Monitoring
  • Institution of Traffic Encryption
  • Implementation of Strong Authentication
  • Institution of Spoof Protection at Firewalls
  • and Access Control Devices
  • Patch TCP/IP Implementations
  • Deny Source Routing at Gateways and Firewalls
  • Deny ICMP Redirects at Gateways and Firewalls
  • Deter the Use of IP Addresses for Authentication
  • or Construction of Trust Relationships
  • Implement ARP Controls
  • Monitor Network Traffic Using Network
  • and Host-based IDS
  • Restrict ICMP Traffic into and out of
  • a Protected Network
  • Patch Firewalls and Intrusion Detection Systems
  • against Packet Fragmentation Attacks
  • Notes
  • References
  • Texts
  • Request for Comments (RFCs)
  • White Papers and Web References
  • 8 The Protocols
  • Layer 3 Protocols
  • Internet Control Message Protocol (ICMP)
  • Protocol
  • Hacking Exploits
  • ICMP-Based Denial-of-Service
  • ICMP Network Reconnaissance
  • ICMP Time Exceeded
  • ICMP Access Control Enumeration
  • ICMP Stack Fingerprinting
  • ICMP Covert Tunneling
  • Security
  • Deny ICMP Broadcasts
  • Network Controls against ICMP Packet Flooding
  • IP Spoofing Defenses
  • Patch TCP/IP Implementations against
  • ICMP Denial-of-Service and ICMP Typing
  • Monitor Network Traffic Using Network and
  • Host-Based Intrusion Detection Systems (IDSs)
  • Restriction of Specific ICMP Message Types
  • Monitor ICMP Activity at Firewalls
  • and Intrusion Detection Systems
  • Layer 4 Protocols
  • Transmission Control Protocol (TCP)
  • Protocol
  • Hacking Exploits
  • Covert TCP
  • TCP Denial-of-Service
  • TCP Sequence Number Prediction
  • (TCP Spoofing and Session Hijacking)
  • TCP Stack Fingerprinting
  • TCP State-Based Attacks
  • Security
  • Network Controls against TCP Packet Flooding
  • IP Spoofing Defenses
  • Patch TCP/IP Implementations against TCP
  • Denial-of-Service, TCP Stack Fingerprinting,
  • and TCP Sequence Number Prediction
  • Monitor Network Traffic Using Network
  • and Host-Based IDS Systems
  • Activation of SYN Flood Protection on Firewalls
  • and Perimeter Gateways
  • Implement Stateful Firewalling
  • User Datagram Protocol (UDP)
  • Protocol
  • Hacking Exploits
  • Covert UDP
  • UDP Denial-of-Service
  • UDP Packet Inspection Vulnerabilities
  • Security
  • Disable Unnecessary UDP Services
  • Network Controls against UDP Packet Flooding
  • IP Spoofing Defenses
  • Patch TCP/IP Implementations against UDP
  • Denial-of-Service
  • Monitor Network Traffic Using Networkand
  • Host-Based IDS Systems
  • Implement Stateful Firewalling
  • Notes
  • References
  • Texts
  • Request for Comments (RFCs)
  • White Papers and Web References
  • PART II SYSTEM AND NETWORK PENETRATION
  • 9 Domain Name System (DNS)
  • The DNS Protocol
  • DNS Protocol and Packet Constructs
  • (Packet Data Hacking)
  • DNS Vulnerabilities
  • DNS Exploits and DNS Hacking
  • Protocol-Based Hacking
  • Reconnaissance
  • DNS Registration Information
  • Name Server Information
  • IP Address and Network Topology Data
  • Information on Key Application Servers
  • Protocol-Based Denial-of-Service
  • Dynamic DNS (DDNS) Hacking
  • Application-Based Attacks
  • Buffer Overflows (Privileged Server Access,
  • Denial-of-Service)
  • Exploiting the DNS Trust Model
  • DNS Registration Attacks
  • DNS Spoofing
  • Cache Poisoning
  • DNS Hijacking
  • DNS Security and Controls
  • Mapping Exploits to Defenses
  • Defensive Strategy
  • Configuration Audit and Verification Tools
  • DDNS Security
  • Name Server Redundancy
  • DNSSEC: Authentication and Encryption of DNS Data
  • Name Server Software Upgrade(s)
  • Network and Name Server Monitoring
  • and Intrusion Detection
  • Berkeley Internet Name Daemon (BIND)
  • Logging Controls
  • Microsoft Windows 2000 DNS Logging Controls
  • Patches and Service Packs
  • Server-Side Access Controls
  • Split-Level DNS Topologies (and DNS Proxying)
  • Split-Level DNS Topology
  • System and Service Hardening
  • Notes
  • References
  • Texts
  • Request for Comments (RFCs)
  • Mailing Lists and Newsgroups
  • Web References
  • 10 Directory Services
  • What Is a Directory Service?
  • Components of a Directory
  • Schema
  • Leaf Object
  • Container Object
  • Namespace
  • Directory Information Tree
  • Directory Information Base (DIB)
  • Directory Features
  • Directory Security
  • Single Sign On
  • Uses for Directory Systems
  • Directory-Enabled Networking
  • Linked Provisioning
  • Global Directory
  • Public Key Infrastructure
  • Directory Models
  • Physical vs. Logical
  • Flat vs. Hierarchical
  • X.500 Directory
  • X.500 Schema
  • X.500 Partitions
  • X.500 Objects and Naming
  • A Word about Aliases
  • X.500 Back-End Processes
  • Directory Information Tree
  • Directory Information Base
  • Replication
  • Agents and Protocols
  • X.500 Directory Access
  • X.500 Security
  • Authentication
  • Simple Authentication
  • Strong Authentication
  • Access Control
  • Rights
  • Summary
  • Lightweight Directory Access Protocol (LDAP)
  • LDAP Schema
  • LDAP Partitions
  • LDAP Objects and Naming
  • LDAP Queries
  • LDAP Data Interchange Format (LDIF)
  • LDAP Security
  • Authentication
  • Anonymous Access
  • Simple Authentication
  • Simple Authentication with Secure Sockets
  • Layer (SSL)/Transport Layer Security (TLS)
  • Simple Authentication and Security Layer (SASL)
  • Access Control
  • Summary
  • Active Directory
  • Windows NT
  • Windows 2000 Schema
  • Windows 2000 Partitions
  • Windows 2000 Objects and Naming
  • The Domain
  • The Tree
  • The Forest
  • The Forest Root Domain
  • Naming Standards and Resolution in Windows 2000
  • Active Directory Back-End Processes
  • The Directory Information Base (DIB)
  • Replication
  • The Global Catalog
  • Windows 2000 Security
  • Authentication
  • Kerberos
  • NTLM
  • Access Control
  • Exploiting LDAP
  • Sun ONE Directory Server 5.1
  • Microsoft Active Directory
  • Summary
  • Future Directions
  • Further Reading
  • 11 Simple Mail Transfer Protocol (SMTP)
  • The SMTP Protocol
  • SMTP Protocol and Packet Constructs
  • (Packet Data Hacking)
  • SMTP Vulnerabilities
  • SMTP Protocol Commands and Protocol Extensions
  • Protocol Commands
  • Protocol Extensions
  • SMTP Exploits and SMTP Hacking
  • SMTP Protocol Attacks
  • Account Cracking
  • Eavesdropping and Reconnaissance
  • ESMTP and Command Set Vulnerabilities
  • Protocol-Based Denial-of-Service
  • Mail Bombing
  • Mail Spamming
  • Man-in-the-Middle Attacks
  • Application-Based Attacks
  • Malicious Content (MIME Attacks)
  • Buffer Overflows (Privileged Server Access)
  • Worms and Automated Attack Tools
  • Application-Based Denial-of-Service
  • Attacks on the Mail Trust Model
  • Mail Spoofing
  • Identity Impersonation
  • Attacks on Data Integrity
  • Delivery Status Notification Manipulation
  • SMTP Security and Controls
  • Mapping Exploits to Defenses
  • Defensive Strategy
  • Antispam/Antirelay Controls
  • Antivirus and Content Scanning
  • Client-Side Access Controls
  • Content or Code Signing
  • Delivery Status Notification Controls
  • Disable Vulnerable ESMTP and SMTP Commands
  • Disable Vulnerable MIME Types
  • Network and SMTP Server Monitoring,
  • Intrusion Detection
  • Patches and Service Packs
  • Separation of SMTP and Intranet Account Databases
  • Server-Side Access Controls
  • Server Redundancy
  • SMTP Header Stripping and Parsing
  • SMTP Source Routing Controls
  • Split SMTP Topology
  • System and Service Hardening
  • Transport Layer Security, Secure Socket
  • Layer Security
  • Notes
  • References
  • Texts
  • Request for Comments (RFCs)
  • White Papers and Web References
  • 12 Hypertext Transfer Protocol (HTTP)
  • The HTTP Protocol
  • HTTP Protocol and Packet Constructs
  • (Packet Data Hacking)
  • HTTP Vulnerabilities
  • HTTP Protocol Methods (and Associated Vulnerabilities)
  • HTTP Exploits and HTTP Hacking
  • HTTP Protocol Attacks
  • Eavesdropping and Reconnaissance
  • Account Cracking
  • Basic Access Authentication
  • Digest Access Authentication
  • HTTP Method Vulnerabilities
  • Content Vulnerabilities
  • Caching Exploits
  • Cache Poisoning
  • Man-in-the-Middle Attacks
  • Unauthorized Retrieval of Cache Data
  • and Cache Monitoring
  • Denial-of-Service
  • Protocol-Based Denial-of-Service
  • Application-Based Attacks
  • Buffer Overflows (Privileged Server Access,
  • Denial-of-Service)
  • Directory Traversal Attacks
  • Application-Based Denial-of-Service
  • Attacks on the HTTP Trust Model
  • State-Based Attacks (Session ID Hacking)
  • HTTP Spoofing/HTTP Redirection
  • Man-in-the-Middle Attacks (Session Hijacking)
  • HTTP Security and Controls
  • Mapping Exploits to Defenses
  • Defensive Strategy
  • Caching Controls and Cache Redundancy
  • Disable Vulnerable HTTP Methods
  • HTTP Header Stripping
  • Implementation of HTTP Digest
  • Access Authentication
  • Load Balancing and Server Redundancy
  • Network and HTTP Server Monitoring,
  • Intrusion Detection
  • Patches and Service Packs
  • Security for Financial Transactions
  • Server-Side Access Controls
  • System and Service Hardening
  • Transport Layer Security or Secure Socket
  • Layer Security
  • Notes
  • References
  • Texts
  • Request for Comments (RFCs)
  • Web References
  • 13 Database Hacking and Security
  • Introduction
  • Enumeration of Weaknesses
  • SQL Injection
  • Introduction
  • Phases of SQL Injection
  • Hacking Microsoft SQL Server
  • Overflows in Microsoft SQL Server
  • You Had Me at Hello
  • SQL Server Resolver Service Stack Overflow
  • Microsoft SQL Server Postauth Vulnerabilities
  • Microsoft SQL Server SQL Injection
  • A Note on Attacking Cold Fusion Web Applications
  • Default Accounts and Configurations
  • Hacking Oracle
  • Buffer Overflows in Oracle Servers
  • SQL Injection on Oracle
  • Default User Accounts
  • Tools and Services for Oracle Assessments
  • Other Databases
  • Connecting Backwards
  • Demonstration and Examples
  • Phase 1. Discovery
  • Phase 2. Reverse Engineering the Vulnerable Application
  • Phase 3. Getting the Results of Arbitrary Queries
  • Conclusions
  • 14 Malware and Viruses
  • Ethics Again
  • Target Platforms
  • Script Malware
  • Learning Script Virus Basics with Anna Kournikova
  • Binary Viruses
  • Binary File Viruses
  • Binary Boot Viruses
  • Hybrids
  • Binary Worms
  • Worst to Come
  • Adware Infections
  • Conclusion
  • Notes
  • 15 Network Hardware
  • Overview
  • Network Infrastructure
  • Routers
  • Switches
  • Load-Balancing Devices
  • Remote Access Devices
  • Wireless Technologies
  • Network Infrastructure Exploits and Hacking
  • Device Policy Attacks
  • Installation Policy
  • Acceptable Use Policy
  • Access Policy
  • Configuration Storage Policy
  • Patch or Update Policy
  • Denial-of-Service
  • Device Obliteration
  • Configuration Removal or Modification
  • Sending Crafted Requests
  • Physical Device Theft
  • Environmental Control Modification
  • Resource Expenditure
  • Diagnostic Port Attack
  • Sequence (SYN) Attack
  • Land Attack
  • Bandwidth Expenditure
  • Broadcast (Smurf) Attacks
  • Other ICMP-Related Attacks
  • Redirects
  • ICMP Router Discovery Protocol (IDRP) Attack
  • Ping O’Death
  • Squelch
  • Fragmented ICMP
  • Network Mapping Exploits
  • Ping
  • Traceroute
  • Broadcast Packets
  • Information Theft
  • Network Sniffing
  • Hijacking Attacks
  • Spoofing
  • Address Spoofing
  • TCP Sequence Attacks
  • Media Access (MAC) Address Exploits
  • Password or Configuration Exploits
  • Default Passwords or Configurations
  • No Passwords
  • Weak Passwords
  • Dictionary Password Attacks
  • Brute-Force Attacks
  • Logging Attacks
  • Log Modification
  • Log Deletion
  • Log Rerouting
  • Spoofed Event Management
  • Network Ports and Protocols Exploits and Attacks
  • Telnet
  • BOOTP
  • Finger
  • Small Services
  • Device Management Attacks
  • Authentication
  • Console Access
  • Modem Access (AUX)
  • Management Protocols
  • Web (HTTP[S])
  • Telnet
  • SSH (Version 1)
  • TFTP
  • SNMP
  • Device Configuration Security Attacks
  • Passwords
  • Remote Loading (Network Loads)
  • Router-Specific Exploits
  • Routing Protocol Attacks
  • Authentication
  • IRDP Attacks
  • Cisco Discovery Protocol (CDP)
  • Classless Routing
  • Source Routing
  • Route Table Attacks
  • Modification
  • Poisoning
  • ARP Table Attacks
  • Modification
  • Poisoning
  • Man-in-the-Middle Attack
  • Access-Control Lists Attacks
  • Switch-Specific Exploits
  • ARP Table
  • Modification
  • Poisoning
  • Man-in-the-Middle Attack
  • Media Access (MAC) Address Exploits
  • Changing a Host’s MAC
  • Duplicate MAC Addresses
  • Load-Balancing Device — Specific Exploits
  • Remote Access Device — Specific Exploits
  • Weak User Authentication
  • Same Account and Login Multiple Devices
  • Shared Login Credentials
  • Home User System Exploitation
  • Wireless Technology — Specific Exploits
  • Interception and Monitoring
  • Jamming
  • Insertion
  • Rogue Access Points
  • Unauthorized Clients
  • Client-to-Client Attacks
  • Media Access (MAC) Address
  • Duplicate IP Address
  • Improper Access Point Configuration
  • Service Set Identifier (SSID)
  • Default SSID
  • SSID Broadcasting
  • Wired Equivalent Privacy (WEP) Exploits
  • Network Infrastructure Security and Controls
  • Defensive Strategy
  • Routing Protocol Security Options
  • Management Security Options
  • Operating System Hardening Options
  • Protecting Running Services
  • Hardening of the Box
  • Explicitly Shut Down All Unused Interfaces
  • Limit or Disable In-Band Access (via Telnet,
  • SSH, SNMP, Etc.)
  • Reset All Default Passwords
  • Use Encrypted Passwords
  • Use Remote AAA Authentication
  • Use Access Lists to Protect Terminal, SNMP,
  • TFTP Ports
  • Remote Login (Telnet) Service
  • SNMP Service
  • Routing Services
  • Limit Use of SNMP
  • Limit Use of Internal Web Servers Used
  • for Configuration
  • Disable Cisco Discovery Protocol (CDP)
  • on Cisco Gear Outside of the Firewall
  • Do Not Leak Info in Banners
  • Keep Up-to-Date on Security Fixes for
  • Your Network Infrastructure Devices
  • DoS and Packet Flooding Controls
  • Use IP Address Spoofing Controls
  • Watch for Traffic Where the Source
  • and Destination Addresses Are the Same
  • Enforce Minimum Fragment Size to Protect
  • against Tiny Fragment Attack, Overlapping
  • Fragment Attack, and Teardrop Attack
  • Disable IP Unreachables on External Interfaces
  • Disable ICMP Redirects on External Interfaces
  • Disable Proxy ARP
  • Disable IP Directed Broadcasts (SMURF Attacks)
  • Disable Small Services (No Service Small-Servers
  • UDP and No Service Small-Servers TCP)
  • Disable IP Source Routing (No IP Source-Route)
  • Use Traffic Shaping (Committed Access Rate)
  • Tools
  • Configuration Audit and Verification Tools
  • Wireless Network Controls
  • Notes
  • References
  • Tools
  • Request for Comments (RFCs)
  • White Paper
  • Web References
  • PART III CONSOLIDATION
  • 16 Consolidating Gains
  • Overview
  • Consolidation (OS and Network Facilities)
  • Account and Privilege Management Facilities
  • Account Cracking
  • SMBCapture
  • Active Directory Privilege Reconnaissance
  • and Hacking
  • Built-In/Default Accounts, Groups,
  • and Associated Privileges
  • Finger Service Reconnaissance
  • Kerberos Hacking and Account Appropriation
  • Keystroke Logging
  • LDAP Hacking and LDAP Reconnaissance
  • Polling the Account Database
  • Social Engineering
  • Trojanized Login Programs
  • File System and I/O Resources
  • File System and Object Privilege Identification
  • File System (Operating System) Hacking
  • File Sharing Exploits
  • NFS (IP) Spoofing
  • SMBRelay
  • File Handle/File Descriptor Hacking
  • File System Device and I/O Hacking
  • File System Exploitation through
  • Application Vulnerabilities
  • Application-Based File System Hacking
  • Extended File System Functionality
  • and File System Hacking
  • Service and Process Management Facilities
  • Processes, Services, and Privilege Identification
  • Starting/Stopping Services and Executing
  • with Specific Privileges
  • API, Operating System, and Application
  • Vulnerabilities
  • Buffer Overflows, Format String,
  • and Other Application Attacks
  • Debugging Processes and Memory Manipulation
  • Inter-Process Communication (IPC), Named Pipe,
  • and Named Socket Hacking
  • Devices and Device Management Facilities
  • Devices and Device Management Hacking
  • Keystroke Logging
  • Packet Sniffing
  • Libraries and Shared Libraries
  • Library (and Shared Library) Hacking
  • Shell Access and Command Line Facilities
  • Shell Hacking
  • Registry Facilities (NT/2000)
  • Registry Hacking
  • Client Software
  • Client Software Appropriation
  • Listeners and Network Services
  • Account/Privilege Appropriation via
  • a Vulnerable Network Service
  • NetBIOS/SMB Reconnaissance
  • Network Information Service (NIS) Reconnaissance
  • NIS Hacking
  • SNMP Reconnaissance
  • Network Trust Relationships
  • Account Cracking
  • IP Spoofing
  • Token Capture and Impersonation
  • Application/Executable Environment
  • Consolidation (Foreign Code)
  • Trojans
  • Backdoors (and Trojan Backdoors)
  • Backdoor Listeners
  • Backdoor Applications
  • Rootkits
  • Kernel-Level Rootkits
  • Security
  • Mapping Exploits to Defenses
  • Notes
  • References and System Hardening References
  • Texts
  • Web References
  • System Hardening References
  • Windows NT/2000
  • UNIX Platforms
  • 17 After the Fall
  • Logging, Auditing, and IDS Evasion
  • Logging and Auditing Evasion
  • Windows NT/2000 Logging/Auditing Evasion
  • IP Spoofing
  • Account Masquerading
  • Deletion/Modification of Log File Entries
  • Deletion of Log Files
  • Disabling Logging
  • Controlling What Is Logged
  • Manipulation of Audit Options
  • Deletion or Update of Audit Files
  • UNIX Platforms
  • UNIX Logging/Auditing Evasion
  • IP Spoofing
  • Account Masquerading
  • Deletion/Modification of Log File Entries
  • Deletion of Log Files
  • Disabling Log Files
  • Controlling What Is Logged
  • Manipulation of Audit and Accounting Options
  • Deletion or Update of Audit Files
  • Routers (Cisco)
  • AAA Protocols (RADIUS, TACACS)
  • Centralized Logging Solutions (Syslog)
  • IP Spoofing
  • Account Masquerading
  • Deletion/Modification of Log File Entries
  • Deletion of Log Files
  • Disabling Log Files
  • Controlling What Is Logged
  • IDS Evasion
  • Forensics Evasion
  • Environment Sanitization
  • Sanitizing History Files
  • Sanitizing Cache Files
  • File Hiding and File System Manipulation
  • Operating System File Hiding Techniques
  • Alternate Data Streams (NT/2000/XP)
  • Steganography
  • Cryptography
  • Covert Network Activities
  • Covert TCP
  • “Normalizing” Traffic (Covert Shells)
  • ICMP Covert Tunneling
  • Investigative, Forensics, and Security Controls
  • Mapping Exploits to Defenses
  • Centralized Logging and Archival of Log File Data
  • Centralized Reporting and Data Correlation
  • Encryption of Local Log File Data
  • Establishment of Appropriate Access Controls
  • for Log Files
  • Implementation of Tools for Remote Monitoring
  • of Log Files
  • Patches and Software Updates
  • Process Monitoring for Logging Services
  • Regular File System Audits
  • Strict Management of Audit and
  • Accounting-Related Privileges
  • Traffic Encryption for Syslog Packet Data
  • Notes
  • References
  • Texts
  • Web References
  • 18 Conclusion
  • Conclusion: Case Study in Subversion
  • Dalmedica’s Perspective
  • Access Points
  • Bastion Hosts
  • Reconnaissance Activity
  • Target Systems
  • Conclusion (Final Thoughts)
  • References
  • Areas of Focus
  • General Hacking and Security Resources
  • Authentication Technologies
  • Cryptography
  • DNS and Directory Services
  • Network Management
  • Route/Switch Infrastructures
  • Storage Networking
  • Voice over IP
  • Wireless Networks
  • Notes


    Downlod Link
  • Oron



1 comment: