Digital Library™: The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks

[Year : 2004] [Size : 18.0 MB] [Format : PDF] [Pages : 849]
Authors
SUSAN YOUNG AND DAVE AITEL

The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks

Line of Contents

1 Introduction: The Chess Game

Book Structure

Chapter 2. Case Study in Subversion

Chapter 3. Know Your Opponent

Chapter 4. Anatomy of an Attack

Chapter 5. Your Defensive Arsenal

Chapter 6. Programming

Chapter 7. IP and Layer 2 Protocols

Chapter 8. The Protocols

Chapter 9. Domain Name System (DNS)

Chapter 10. Directory Services

Chapter 11. Simple Mail Transfer Protocol (SMTP)

Chapter 12. Hypertext Transfer Protocol (HTTP)

Chapter 13. Database Hacking

Chapter 14. Malware and Viruses

Chapter 15. Network Hardware

Chapter 16. Consolidating Gains

Chapter 17. After the Fall

Chapter 18. Conclusion

PART I FOUNDATION MATERIAL

2 Case Study in Subversion

Dalmedica

The Dilemma

The Investigation

Notes

3 Know Your Opponent

Terminology

Script Kiddy

Cracker

White Hat Hacker

Black Hat Hacker

Hacktivism

Professional Attackers

History

Computer Industry and Campus

System Administration

Home Computers

Home Computers: Commercial Software

Home Computers: The BBS

Phone Systems

Ethics and Full Disclosure

Opponents Inside

The Hostile Insider

Corporate Politics

Conclusion

Notes

4 Anatomy of an Attack

Overview

Reconnaissance

Social Engineering and Site Reconnaissance

Internet Reconnaissance

Internet Search Engines and Usenet Tools

Financial Search Tools, Directories, Yellow Pages,

and Other Sources

IP and Network Reconnaissance

Registrar and whois Searches

Network Registrar Searches (ARIN)

DNS Reconnaissance

Mapping Targets

War Dialing

Network Mapping (ICMP)

ICMP Queries

TCP Pings: An Alternative to ICMP

Traceroute

Additional Network Mapping Tools

Port Scanning

TCP and UDP Scanning

Banner Grabbing

Packet Fragmentation Options

Decoy Scanning Capabilities

Ident Scanning

FTP Bounce Scanning

Source Port Scanning

Stack Fingerprinting Techniques

Vulnerability Scanning (Network-Based OS

and Application Interrogation)

Researching and Probing Vulnerabilities

System/Network Penetration

Account (Password) Cracking

Application Attacks

Cache Exploits

File System Hacking

Hostile and Self-Replicating Code

Programming Tactics

Process Manipulation

Shell Hacking

Session Hijacking

Spoofing

State-Based Attacks

Traffic Capture (Sniffing)

Trust Relationship Exploitation

Denial-of-Service

Consolidation

Security

Notes

References

Texts

Web References

5 Your Defensive Arsenal

The Defensive Arsenal

Access Controls

Network Access Controls (Firewalls)

State Management Attacks on Firewalls

Firewall Ruleset and Packet Filter Reconnaissance

IP Spoofing to Circumvent Network Access Controls

Denial-of-Service

Packet Fragmentation Attacks

Application Level Attacks

System Access Controls

Host-Based Firewalls

Operating System Access Controls

and Privilege Management

Authentication

IP Authentication

Password Authentication

Account/Password Cracking

Eavesdropping Attacks

Password Guessing Attacks

Token-Based Authentication

Session Authentication

Session Authentication Scheme Cracking

Generation of Counterfeit Session Auth Credentials

Session ID Brute-Forcing

Session Auth Eavesdropping

Session Auth/ID Stealing or “Hijacking”

Client Session/ID Theft

Cryptographic (Key-Based) Authentication

Key Transfer and Key Management Vulnerabilities

Key Transfer Vulnerabilities

Key Management Vulnerabilities

(Public Key Infrastructure)

Key Binding and Impersonation Vulnerabilities

Dictionary and Brute-Force Attacks

against Weak Secrets

Centralized Authentication Servers

RADIUS

TACACS

Kerberos

Human Authentication (Biometrics)

Resource Controls

Nonrepudiation

Digital Signatures (and Digital Certificates)

Privacy

Virtual Private Network (VPN)

Session and Protocol Encryption

Secure Sockets Layer (SSL)

Certificate and Impersonation Attacks (SSL)

Cryptographic Weaknesses (SSL)

Attacks against the Handshake Protocol (SSL)

SSL Man-in-the-Middle Attacks

Man-in-the-Middle Attack Version Rollback (SSL)

Viruses, Worms, and other Application Issues (SSL)

Secure Shell (SSH)

File System Encryption

Intrusion Detection

Network-Based and Host-Based IDS

Anomaly-Based (Behavior-Based) IDS

Signature-Based (Knowledge-Based) IDS

IDS Hacking Exploits

Address Spoofing or Proxying

Attacking the IDS

Denial-of-Service

Instigating Active Events

Nondefault Evasion and Pattern Change Evasion

Packet Fragmentation and “Session Splicing”

Port Scan Evasion

TCP Session Synchronization Attacks

URL Encoding (Unicode and Hex Attacks)

Web Evasion Techniques

File System Integrity Checkers

Security Information Management

Data Integrity

Application Proxies

Content Assurance (Antivirus, Content Scanning)

Notes

References

Texts

Web References

6 Programming

Languages

Speed and Security Trade-Offs

Native Compiled Code: C/C++/Assembly

Bytecode/Just in Time Compiled Code

(“Managed” Code): C#/Java

Interpreted (Usually Compiled into Byte Codes

at Runtime): Perl, Python (Scripting Languages),

PHP, Visual Basic, .ASP, Lisp, JSP (Web Languages)

Language-Specific Flaws and Strategic Ways to Protect

against Them

The Basics of Buffer Overflows and Other Memory

Allocation Errors

History

Basic Stack Overflows

Options for the Hacker after a Stack Overflow

So What Is a Stack Canary?

Heap Overflows

Format String Bugs

Integer Overflows

Signal Races on UNIX

What Is Shellcode?

Interpreter Bugs

File Name Canonicalization

Logic Error War Stories

Platform-Specific Programming Security Issues

Windows NT Compared to UNIX

Types of Applications

Web Applications

Cross-Site Scripting Vulnerabilities

Java J2EE

Traditional ASP Net

LAMP

Remote Procedure Calling

Creating an RPC Program

Special Cases

Setuid Applications on UNIX

DCOM Services

Auditing Techniques

Tools That Aid Source Auditing

Tools That Aid Reverse Engineering

Fuzzing Audit Tools

Web Security Audit Tools

General Security Tools

Encryption and Authentication

Layered Defenses

Platform-Specific Defenses (Security through Security

and Security through Obscurity)

Nonexecutable Stack

Using a Different Platform Than Expected

File System User Access Controls

Process Logging

The Insider Problem, Backdoors, and Logic Bombs

Buying an Application Assessment

Conclusion

References

7 IP and Layer 2 Protocols

Layer 2 Protocols

Address Resolution Protocol (ARP)

Protocol

Hacking Exploits

Security (Mapping ARP Exploits to ARP Defenses)

Static ARP Entries on Internet Gateways

and Firewalls

Network Management

ARP Monitoring

Port-Level Security

Reverse Address Resolution Protocol (RARP)

Protocol

Hacking Exploits

Security (Defenses for RARP-Related Attacks:

DHCP, BOOTP)

Assignment of Static IP Addresses to Clients

Use of DHCP/BOOTP MAC Controls

ARP Monitoring

Port-Level Security

Layer 3 Protocols

IP Protocol

Protocol

Hacking Exploits

IP Eavesdropping (Packet Sniffing)

IP Spoofing

IP Session Hijacking (Man-in-the-Middle Attacks)

IP Packet Fragmentation Attacks

ICMP-Based Fragmentation Attacks

Tiny Fragment Attacks

Overlapping Fragment Attacks

IP Covert Tunneling

Security (Mapping IP Exploits to IP Defenses)

Tools and Techniques to Detect Promiscuous

Mode Packet Sniffers

System Audits to Identify NICs

in Promiscuous Mode

System Hardening Procedures

to Inhibit Sniffer Installation

Inspection of Systems for Signs

of Rootkit Compromise

Institution of Switched Network

Institution of ARP Monitoring

Institution of Traffic Encryption

Implementation of Strong Authentication

Institution of Spoof Protection at Firewalls

and Access Control Devices

Patch TCP/IP Implementations

Deny Source Routing at Gateways and Firewalls

Deny ICMP Redirects at Gateways and Firewalls

Deter the Use of IP Addresses for Authentication

or Construction of Trust Relationships

Implement ARP Controls

Monitor Network Traffic Using Network

and Host-based IDS

Restrict ICMP Traffic into and out of

a Protected Network

Patch Firewalls and Intrusion Detection Systems

against Packet Fragmentation Attacks

Notes

References

Texts

Request for Comments (RFCs)

White Papers and Web References

8 The Protocols

Layer 3 Protocols

Internet Control Message Protocol (ICMP)

Protocol

Hacking Exploits

ICMP-Based Denial-of-Service

ICMP Network Reconnaissance

ICMP Time Exceeded

ICMP Access Control Enumeration

ICMP Stack Fingerprinting

ICMP Covert Tunneling

Security

Deny ICMP Broadcasts

Network Controls against ICMP Packet Flooding

IP Spoofing Defenses

Patch TCP/IP Implementations against

ICMP Denial-of-Service and ICMP Typing

Monitor Network Traffic Using Network and

Host-Based Intrusion Detection Systems (IDSs)

Restriction of Specific ICMP Message Types

Monitor ICMP Activity at Firewalls

and Intrusion Detection Systems

Layer 4 Protocols

Transmission Control Protocol (TCP)

Protocol

Hacking Exploits

Covert TCP

TCP Denial-of-Service

TCP Sequence Number Prediction

(TCP Spoofing and Session Hijacking)

TCP Stack Fingerprinting

TCP State-Based Attacks

Security

Network Controls against TCP Packet Flooding

IP Spoofing Defenses

Patch TCP/IP Implementations against TCP

Denial-of-Service, TCP Stack Fingerprinting,

and TCP Sequence Number Prediction

Monitor Network Traffic Using Network

and Host-Based IDS Systems

Activation of SYN Flood Protection on Firewalls

and Perimeter Gateways

Implement Stateful Firewalling

User Datagram Protocol (UDP)

Protocol

Hacking Exploits

Covert UDP

UDP Denial-of-Service

UDP Packet Inspection Vulnerabilities

Security

Disable Unnecessary UDP Services

Network Controls against UDP Packet Flooding

IP Spoofing Defenses

Patch TCP/IP Implementations against UDP

Denial-of-Service

Monitor Network Traffic Using Networkand

Host-Based IDS Systems

Implement Stateful Firewalling

Notes

References

Texts

Request for Comments (RFCs)

White Papers and Web References

PART II SYSTEM AND NETWORK PENETRATION

9 Domain Name System (DNS)

The DNS Protocol

DNS Protocol and Packet Constructs

(Packet Data Hacking)

DNS Vulnerabilities

DNS Exploits and DNS Hacking

Protocol-Based Hacking

Reconnaissance

DNS Registration Information

Name Server Information

IP Address and Network Topology Data

Information on Key Application Servers

Protocol-Based Denial-of-Service

Dynamic DNS (DDNS) Hacking

Application-Based Attacks

Buffer Overflows (Privileged Server Access,

Denial-of-Service)

Exploiting the DNS Trust Model

DNS Registration Attacks

DNS Spoofing

Cache Poisoning

DNS Hijacking

DNS Security and Controls

Mapping Exploits to Defenses

Defensive Strategy

Configuration Audit and Verification Tools

DDNS Security

Name Server Redundancy

DNSSEC: Authentication and Encryption of DNS Data

Name Server Software Upgrade(s)

Network and Name Server Monitoring

and Intrusion Detection

Berkeley Internet Name Daemon (BIND)

Logging Controls

Microsoft Windows 2000 DNS Logging Controls

Patches and Service Packs

Server-Side Access Controls

Split-Level DNS Topologies (and DNS Proxying)

Split-Level DNS Topology

System and Service Hardening

Notes

References

Texts

Request for Comments (RFCs)

Mailing Lists and Newsgroups

Web References

10 Directory Services

What Is a Directory Service?

Components of a Directory

Schema

Leaf Object

Container Object

Namespace

Directory Information Tree

Directory Information Base (DIB)

Directory Features

Directory Security

Single Sign On

Uses for Directory Systems

Directory-Enabled Networking

Linked Provisioning

Global Directory

Public Key Infrastructure

Directory Models

Physical vs. Logical

Flat vs. Hierarchical

X.500 Directory

X.500 Schema

X.500 Partitions

X.500 Objects and Naming

A Word about Aliases

X.500 Back-End Processes

Directory Information Tree

Directory Information Base

Replication

Agents and Protocols

X.500 Directory Access

X.500 Security

Authentication

Simple Authentication

Strong Authentication

Access Control

Rights

Summary

Lightweight Directory Access Protocol (LDAP)

LDAP Schema

LDAP Partitions

LDAP Objects and Naming

LDAP Queries

LDAP Data Interchange Format (LDIF)

LDAP Security

Authentication

Anonymous Access

Simple Authentication

Simple Authentication with Secure Sockets

Layer (SSL)/Transport Layer Security (TLS)

Simple Authentication and Security Layer (SASL)

Access Control

Summary

Active Directory

Windows NT

Windows 2000 Schema

Windows 2000 Partitions

Windows 2000 Objects and Naming

The Domain

The Tree

The Forest

The Forest Root Domain

Naming Standards and Resolution in Windows 2000

Active Directory Back-End Processes

The Directory Information Base (DIB)

Replication

The Global Catalog

Windows 2000 Security

Authentication

Kerberos

NTLM

Access Control

Exploiting LDAP

Sun ONE Directory Server 5.1

Microsoft Active Directory

Summary

Future Directions

Digital Library™

Pages

The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks

1 comment:

GENERAL

SCIENCE

COMPUTER

ENGINEERING

PHARMACY

MEDICAL

BANK SOAL

Followers

Facebook

Popular Posts