Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses

Overview

The Next Generation Hacker Book

The step-by-step guide to defending against hacker intrusions!

  • Defend against today's most powerful hacker attacks!
  • Hands-on, step-by-step techniques for UNIX/Linux and Windows environments
  • Intrusion detection: New evasion techniques—and countermeasures
  • By the security ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (23) from $1.99   
  • New (2) from $65.00   
  • Used (21) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$65.00
Seller since 2014

Feedback rating:

(187)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$65.00
Seller since 2014

Feedback rating:

(187)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

The Next Generation Hacker Book

The step-by-step guide to defending against hacker intrusions!

  • Defend against today's most powerful hacker attacks!
  • Hands-on, step-by-step techniques for UNIX/Linux and Windows environments
  • Intrusion detection: New evasion techniques—and countermeasures
  • By the security expert who demonstrated hacking to the U.S. Senate!

This easy-to-use, step-by-step guide will empower network and system administrators to defend their information and computing assets—whether or not they have security experience. In Counter Hack, leading network security expert Edward Skoudis presents comprehensive, insider's explanations of today's most destructive hacker tools and tactics-and specific, proven countermeasures for both UNIX and Windows environments. Skoudis covers all this and more:

  • Know your adversary: from script kiddies to elite attackers
  • A hacker's view of networks, TCP/IP protocols, and their vulnerabilities
  • Five phases of hacking: reconnaissance, scanning, gaining access, maintaining access, and preventing detection
  • The most dangerous and widespread attack scenarios—explained in depth
  • Key hacker tools: port scanners, firewall scanners, sniffers, session hijackers, RootKits, and more
  • How hackers build elegant attacks from simple building blocks
  • Detecting and preventing IP spoofing, covert channels, denial of service attacks, and other key attacks
  • How hackers cover their tracks—and how you can uncover their handiwork
  • A preview ocountermeasures

Whatever your role in protecting network infrastructure and data, Counter Hack delivers proven solutions you can implement right now—and long-term strategies that will improve security for years to come.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
When Ed Skoudis isn't explaining hacking techniques to U.S. Senate committees, he's busy helping major companies identify and resolve their most serious enterprise security vulnerabilities. And when he's not doing that, he's helping you. How, pray tell? By writing Counter Hack.

In this relentlessly hands-on book, Skoudis begins by identifying the most dangerous cracking tools -- the ones that are most popular and are causing the most damage. Then, he shows sysadmins exactly how to protect themselves from the havoc these tools can wreak in the wrong hands. There are techniques that respond to war dialers, port scanners, firewall scanners, sniffers, and session hijackers -- as well as practical countermeasures for IP spoofing, IP fragmentation, and even (to the extent possible) denial of service attacks.

Skoudis' solutions apply to UNIX and Windows environments, and are presented in relatively easy, step-by-step formats that ought to be usable by any competent sysadmin. There are five elements to cracking: reconnaissance and targeting, identifying vulnerabilities; gaining access; staying in once you're in, and avoiding detection. Unlike many security books, this one covers all five. It should go a long way towards helping you sleep at night. (Bill Camarda)

Bill Camarda is a consultant, writer, and web/multimedia content developer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

From The Critics
Infrastructure network consultant Skoudis provides a step-by-step guide that will help network and system administrators defend their information and computing assets, whether or not they have had security experience. The 13 chapters discuss a hacker's view of networks, TCP/IP protocols, and their vulnerabilities; five phases of hacking (reconnaissance, scanning, gaining and maintaining access, and preventing detection); the most dangerous and widespread attack scenarios; key hacker tools and how they work to build elegant attacks from simple building blocks; detecting and preventing IP spoofing, covert channels, denial of service, and other key attacks; how to uncover the handiwork of hackers; and a preview of tomorrow's hacker tools, attacks, and countermeasures. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Soundview Executive Book Summaries
Skoudis, a leading network security expert, has compiled his wealth of knowledge on protecting information and computing assets into a 564-page masterwork. Sharing his insider's view on the destructive tools and tactics used by hackers, Skoudis offers an encyclopedia of hacker tools, attack detecting techniques and preventive measures to protect the vulnerabilities of today and tomorrow. Copyright (c) 2002 Soundview Executive Book Summaries
Read More Show Less

Product Details

  • ISBN-13: 9780130332738
  • Publisher: Prentice Hall Professional Technical Reference
  • Publication date: 7/24/2001
  • Series: Pearson Temp Security Series
  • Edition description: Older Edition
  • Pages: 592
  • Product dimensions: 7.12 (w) x 9.20 (h) x 1.58 (d)

Meet the Author

Edward Skoudis is Vice President of Security Strategy for Predictive Systems, a leading independent infrastructure network consulting company, helping global enterprises and service providers harness the power of network technology. His specialty is identifying and resolving security vulnerabilities in UNIX, Windows, firewall architectures, and Web servers. Skoudis is a frequent speaker at major security conferences such as SANS and has demonstrated hacker techniques for the United States Senate.
Read More Show Less

Read an Excerpt

1: Introduction

Computer attacks happen each and every day. Simply connect an innocuous computer to the Internet, and someone will try to pry into the machine three, five, or a dozen times each day. Even without any advertisements or links bringing attention to it, your machine will constantly get scanned by attackers looking for vulnerable prey. If the computer is used for actual business purposes, such as a commercial, educational, not-for-profit, or military site, it will get even more attention from attackers.

Many of these attacks are mere scans looking for holes in a system's armor. Others are really sophisticated computer break-ins, which occur with increasing frequency, as any glimpse of recent headlines demonstrates. In just a year's time, major banks have been victims of attackers who could view detailed information about customers' bank accounts. Attackers have stolen gobs of credit card numbers from e-commerce sites, often turning to extortion of the e-commerce company to get paid not to release customers' credit card information. Numerous online trading companies, news firms, and e-commerce sites were temporarily shut down due to major packet floods, causing the companies to lose revenue as customers turned to other sources, and erasing billions from the market capitalization of the victims. A major U.S.-based software development company discovered that attackers had broken into its network and stolen the source code for future releases of its popular products. The stories go on and on.

The purpose of this book is to illustrate how many of these attacks are conducted so that you can defend your computers against cyber siege. By exploring in detail the techniques used by the bad guys, we can learn how to defend our systems and turn the tables on the attackers.

The Computer World and the Golden Age of Hacking

Over the last several decades, our society has rapidly become very dependent on computer technology. We've taken the controls for our whole civilization and loaded them onto digital machines. Our systems are responsible for storing sensitive medical information, guiding aircraft around the world, conducting nearly all financial transactions, planning food distribution, and even transmitting love letters. When I was a kid, computers were for nerds and were avoided by most people. A decade ago, the Internet was the refuge of researchers and academics. Now, as a major component of our population stares into computer screens and talks on cell phones all day long for both business and personal use, these technologies dominate our headlines and economy.

I'm sure you've noticed that the underlying technologies behind computers and networks have many flaws. Sure, there are counterintuitive user interfaces and frequent computer crashes. Beyond these easily observed problems, there are some fundamental flaws in the design and implementation of the underlying operating systems, applications, and protocols. By undermining these flaws, an attacker can steal data, take over systems, or otherwise wreak havoc.

Indeed, we have created a world that is inherently hackable. With our great reliance on computers and the numerous flaws found in most systems, today is the Golden Age of Hacking. New flaws in computer technology are being discovered every day and widely shared through-out a burgeoning computer underground. By setting up a lab in the comfort of their own homes, attackers and security researchers can create a scaled down copy of the computer platforms used by giant corporations, government agencies, or military operations, using the same operating systems, routers, and other gadgetry as their ultimate target. By scouring the systems looking for new vulnerabilities, attackers can hone their skills and discover new vulnerabilities to exploit.

Computer technology is continuing its advance into every nook and cranny of our lives. Companies are now selling electric blankets with network connections, so you can make your bed warm and toasty from across your room or the planet. Andy Grove, the chairman of Intel, frequently discusses a future where your refrigerator will have an Internet connection so it can call the local grocery store and order more milk when you are running low. Scott McNealy, CEO of Sun Microsystems, talks about lightbulbs (yes, lightbulbs!) with network connections that allow them to make calls to lightbulb companies when a bulb is about to burn out. That way, the new bulb can arrive with a map to the dying bulb's location and be changed in real time. In the very near future, your car will have a wireless network connection supporting map downloads, remote troubleshooting, and—God help us—email while you drive. And what underlies all of these rapidly approaching future technologies? Computers and the networks that link them together.

With these advances, our current Golden Age of Hacking could get even more golden for the attackers. Think about it—today, an attacker tries to break into your computer by scanning through your Internet connection. In the near future, someone may try to hack into your net-work- enabled automobile while you are driving down the street. You've heard of carjacking? Get ready for the world of car hacking.

Why This Book?

If you know the enemy and know yourself,
you need not fear the result of a hundred battles.
If you know yourself but not the enemy,
for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself,
you will succumb in every battle.

Sun Tzu, Art of War
Translation and commentary by Lionel Giles (part of Project Gutenberg)

“Golly gee!” you may be thinking. “Why write a book on hacking? You'll just encourage them to attack more!” While I respect your concern, unfortunately there are some flaws behind this logic. Let's face it— the malicious attackers have all the information they need to do all kinds of nasty things. If they don't have the information now, they can get it easily enough on the Internet through a variety of Web sites, mailing lists, and newsgroups devoted to hacking, as described in the concluding chapter of this book. Experienced attackers often selectively share information with new attackers to get them started on the craft. Indeed, the communication channels in the computer underground among attackers are often far better than the communication among computer professionals like you and me. This book is one way to help make things more even.

My purpose here is not to create an army of barbarian hackers mercilessly bent on world domination. The focus of this book is on defense. To create an effective defense, we must understand the offensive tools used by our adversaries. By seeing how the tools truly work and understanding what they can do, not only can we better see the needs for good defenses, but also we can better understand how to apply the appropriate defensive techniques.

This book is designed for system administrators, security personnel, and network administrators whose jobs require them to defend their systems from attack. Additionally, other curious folks who want to learn how attackers work and techniques for defending systems against attacks can benefit. The book includes practical recommendations for people who have to deal with the care and feeding of systems, keeping them running and keeping the bad guys out. With this understanding, we can work to create an environment where effective defensive techniques are commonplace, and not the exception. As good ol' Sun Tzu said, you must understand your enemy's capabilities as well as your own. For each offensive technique described in this book, real-world defenses are also described. You can measure your own security capabilities against these defenses to see how you stack up. Where your policies, procedures, and systems fall short, you can implement appropriate defenses to protect against the enemy. And that's what this book is all about: Learning what the attackers do so we can defend ourselves....

Read More Show Less

Table of Contents

Preface.
Acknowledgments.
1. Introduction.
The Computer World and the Golden Age of Hacking. Why This Book? Why Cover These Specific Tools and Techniques? How This Book Differs. The Threat: Never Underestimate Your Adversary. Attacker Skill Levels From Script Kiddies to the Elite. A Note on Terminology and Iconography. Hackers, Crackers, and Hats of Many Colors: Let's Just Use "Attackers" . Pictures and Scenarios. Naming Names. Caveat: These Tools Could Hurt You. Setting Up a Lab for Experimentation. Additional Concerns. Organization of the Rest of This Book. Getting up to Speed with the Technology. Common Phases of the Attack. Future Predictions, Conclusions, and References.

2. Networking Overview: Pretty Much Everything You Need to Know about TCP/IP to Follow the Rest of This Book, in 55 Pages or Less.
The OSI Reference Model and Protocol Layering. So How Does TCP/IP Fit In? Understanding TCP/IP. The Transmission Control Protocol (TCP). TCP Port Numbers. TCP Control Bits, the Three-Way Handshake, and Sequence Numbers. Other Fields in the TCP Header. The User Datagram Protocol (UDP). Is UDP Less Secure Than TCP? The Internet Protocol (IP) and the Internet Control Message Protocol (ICMP). IP: Drop That Acronym and Put Your Hands in the Air! Local Area Networks and Routers. IP Addresses. Netmasks. Packet Fragmentation in IP. Other Components of the IP Header. Security or (Lack Thereof) in Traditional IP. ICMP. Other Network-Level Issues. Routing Packets. Network Address Translation. Firewalls: Network Traffic Cops and Soccer Goalies. Getting Personal with Firewalls. Don't Forget about the Data Link and Physical Layers! Ethernet, the King of Connectivity. ARP ARP ARP! Hubsand Switches. Security Solutions for Networks. Application-Layer Security. The Secure Socket Layer (SSL). Security at the IP Level: IPSec. Conclusions.

3. UNIX Overview: Pretty Much Everything You Need to Know about UNIX to Follow the Rest of This Book, in 30 Pages or Less.
Introduction. Learning about UNIX. Architecture. UNIX File System Structure. The Kernel and Processes. Automatically Starting up Processes: Init, Inetd, and Cron. Manually Starting Processes. Interacting with Processes. Accounts and Groups. The /etc/passwd File. The /etc/group File. Root: It's a Bird: It' a Plane: No, it's Super-User! Privilege Control: UNIX Permissions. SetUID Programs. UNIX Trust. Logs and Auditing. Common UNIX Network Services. Telnet: Command-Line Remote Access. FTP: The File Transfer Protocol. TFTP: The Trivial File Transfer Protocol. Web Servers: HTTP. Electronic Mail. r-Commands. Domain Name Services. The Network File System (NFS). X Window System. Conclusion.

4. Windows NT/2000 Overview: Pretty Much Everything You Need to Know about Windows to Follow the Rest of This Book, in 40 Pages or Less.
Introduction. A Brief History of Time. Fundamental NT Concepts. Domains: Grouping Machines Together. Shares: Accessing Resources across the Network. Service Packs and Hot Fixes. Architecture. User Mode. How Windows NT Password Representations Are Derived. Kernel Mode. Accounts and Groups. Accounts. Groups. Privilege Control. Policies. Account Policy. User Properties Settings. Trust. Auditing. Object Access Control and Permissions. Ownership. NTFS and NTFS Permissions. Share Permissions. Local Access. Weak Default Permissions and Hardening Guides. Network Security. Limitations in Basic Network Protocols and APIs. The Remote Access Service (RAS). Windows 2000: Welcome to the New Millennium. What Windows 2000 Offers. Security Considerations in Windows 2000. Architecture: Some Refinements over Windows NT. Accounts and Groups. Privilege Control. Windows 2000 Trust. Auditing. Object Access Control. Network Security. Conclusion.

5. Phase 1: Reconnaissance.
Low-Technology Reconnaissance: Social Engineering, Physical Break-in, and Dumpster Diving. Social Engineering. Physical Break-In. Dumpster Diving. Search the Fine Web (STFW). Searching an Organization's Own Web Site. The Fine Art of Using Search Engines. Listening in at the Virtual Watering Hole: Usenet. Defenses against Web-Based Reconnaissance. Who is Databases: Treasure Chests of Information. Researching .com, .net, and .org Domain Names. Researching Domain Names Other than .com, .net, and .org. We've Got the Registrar, Now What? IP Address Assignments through ARIN. Defenses against Who is Searches. The Domain Name System. Interrogating DNS Servers. Defenses from DNS-Based Reconnaissance. General Purpose Reconnaissance Tools. Sam Spade, a General-Purpose Reconnaissance Client Tool. Web-Based Reconnaissance Tools: Research and Attack Portals. Conclusion.

6. Phase 2: Scanning.
War Dialing. War Dialer vs. Demon Dialer. A Toxic Recipe: Modems, Remote Access Products, and Clueless Users. SysAdmins and Insecure Modems. More Free Phone Calls, Please. Finding Telephone Numbers to Feed into a War Dialer. A Brief History of War-Dialing Tools. THC-Scan 2.0. L0pht's TBA War-Dialing Tool. The War Dialer Provides a List of Lines with Modems: Now What? Defenses against War Dialing. Network Mapping. Sweeping: Finding Live Hosts. Traceroute: What Are the Hops? Cheops: A Nifty Network Mapper and General-Purpose Management Tool. Defenses against Network Mapping. Determining Open Ports Using Port Scanners. Nmap: A Full-Featured Port Scanning Tool. Defenses against Port Scanning. Determining Firewall Filter Rules with Firewalk. Vulnerability Scanning Tools. A Whole Bunch of Vulnerability Scanners. Nessus. Vulnerability Scanning Defenses. Intrusion Detection System Evasion. How Network-Based Intrusion Detection Systems Work. How Attackers Can Evade Network-Based Intrusion Detection Systems. IDS Evasion Defenses. Conclusion.

7. Phase 3: Gaining Access Using Application and Operating System Attacks.
Script Kiddie Exploit Trolling. Pragmatism for More Sophisticated Attackers. Stack-Based Buffer Overflow Attacks. What Is a Stack? What is a Stack-Based Buffer Overflow? Exploiting Stack-Based Buffer Overflows. Finding Buffer Overflow Vulnerabilities. The Make up of a Buffer Overflow. Intrusion Detection Systems and Stack-Based Buffer Overflows. Application Layer IDS Evasion for Buffer Overflows. Once the Stack Is Smashed: Now What? Beyond Buffer Overflows. Stack-Based Buffer Overflow and Related Attack Defenses. Password Attacks. Guessing Default Passwords. Password Guessing through Login Scripting. The Art and Science of Password Cracking. Let's Crack Those Passwords! Cracking Windows NT/2000 Passwords Using L0phtCrack. Cracking UNIX (and Other) Passwords Using John the Ripper. Defenses against Password-Cracking Attacks. Web Application Attacks. Account Harvesting. Undermining Web Application Session Tracking. SQL Piggybacking. Defenses against Piggybacking SQL Commands. Conclusions.

8. Phase 3: Gaining Access Using Network Attacks.
Sniffing. Sniffing through a Hub: Passive Sniffing. Active Sniffing: Sniffing through a Switch and Other Cool Goodies. Dsniff, A Sniffing Cornucopia. Sniffing Defenses. IP Address Spoofing. IP Address Spoofing Flavor 1: Simple Spoofing: Simply Changing the IP Address. IP Address Spoofing Flavor 2: Undermining UNIX r-Commands. IP Address Spoofing Flavor 3: Spoofing with Source Routing. IP Spoofing Defenses. Session Hijacking. Session Hijacking with Hunt. Session-Hijacking Defenses. Netcat: A General Purpose Network Tool. Netcat for File Transfer. Netcat for Port Scanning. Netcat for Making Connections to Open Ports. Netcat for Vulnerability Scanning. Using Netcat to Create a Passive Backdoor Command Shell. Using Netcat to Actively Push a Backdoor Command Shell. Relaying Traffic with Netcat. Netcat Defenses. Conclusions.

9. Phase 3: Denial-of-Service Attacks.
Stopping Local Services. Defenses from Locally Stopping Services. Locally Exhausting Resources. Defenses from Locally Exhausting Resources. Remotely Stopping Services. Defenses from Remotely Stopping Services. Remotely Exhausting Resources. SYN Flood. Smurf Attacks. Distributed Denial-of-Service Attacks. Conclusions.

10. Phase 4: Maintaining Access: Trojans, Backdoors, and RootKits: Oh My!
Trojan Horses. Backdoors. Netcat as a Backdoor on UNIX Systems. The Devious Duo: Backdoors Melded into Trojan Horses. Nasty: Application-Level Trojan Horse Backdoor Tools. Let's Check out Back Orifice 2000 (BO2K). Defenses against Application-Level Trojan Horse Backdoors. Bare Minimum: Use Antivirus Tools. Don't Use Single-Purpose BO2K Checkers. Know Your Software. User Education Is Also Critical. Even Nastier: Traditional RootKits. What Do Traditional RootKits Do? The Centerpiece of Traditional RootKits on UNIX: /bin/login Replacement. Traditional RootKits: Sniff Some Passwords. Traditional RootKits: Hide that Sniffer! Traditional RootKits: Hide Everything Else! Traditional RootKits: Covering the Tracks. Some Particular Examples of Traditional RootKits. Defending against Traditional RootKits. Don't Let Them Get Root in the First Place! Looking for Changes in the File System. Host-Based Security Scanners. The Best Defense: File Integrity Checkers. Uh-oh: They RootKitted Me. How Do I Recover? Nastiest: Kernel-Level RootKits. The Power of Execution Redirection. File Hiding with Kernel-Level RootKits. Process Hiding with Kernel-Level RootKits. Network Hiding with Kernel-Level RootKits. How to Implement Kernel-Level RootKits: Loadable Kernel Modules. Some Particular Examples of Kernel-Level RootKits. Defending against Kernel-Level RootKits. Fighting Fire with Fire: Don't Do It! Don't Let Them Get Root in the First Place! Looking for Traces of Kernel-Level RootKits. Automated RootKit Checkers. The Best Answer: Kernels without LKM Support. Conclusion.

11. Phase 5: Covering Tracks and Hiding.
Hiding Evidence by Altering Event Logs. Attacking Event Logs in Windows NT/2000. Attacking System Logs and Accounting Files in UNIX. Altering UNIX Shell History Files. Defenses against Log and Accounting File Attacks. Activate Logging, Please. Set Proper Permissions. Use a Separate Logging Server. Encrypt Your Log Files. Making Log Files Append Only. Protecting Log Files with Write-Once Media. Creating Difficult-to-Find Files and Directories. Creating Hidden Files and Directories in UNIX. Creating Hidden Files in Windows NT/2000. Defenses from Hidden Files. Hiding Evidence on the Network: Covert Channels. Tunneling. More Covert Channels: Using the TCP and IP Headers to Carry Data. Defenses against Covert Channels. Conclusion.

12. Putting It All Together: Anatomy of an Attack.
Scenario 1: Dial "M" for Modem. Scenario 2: Death of a Telecommuter. Scenario 3: The Manchurian Contractor. Conclusion.

13. The Future, Resources, and Conclusions.
Where Are We Heading? Scenario 1: Yikes! Scenario 2: A Secure Future. Scenario 1, Then Scenario 2. Keeping up to Speed. Web Sites. Mailing Lists. Conferences. Final ThoughtsLive Long and Prosper.

Glossary.
Index.
Read More Show Less

Preface

My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 a.m., New Year's Day. Needless to say, I hadn't gotten very much sleep that night.

I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues.

"We've been hacked big time!" Fred shouted, far too loudly for this time of the morning.

I rubbed my eyes to try to gain a little coherence.

"How do you know they got in? What did they do?" I asked.

Fred replied, "They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!"

I asked, "How did they get in? Have you checked out the logs?"

Fred stuttered, "W-Well, we don't do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files."

"Have you applied the latest security fixes from your operating system vendor to your machines?" I asked, trying to learn a little more about Fred's security posture.

Fred responded with hesitation, "We apply security patches every three months. The last time we deployed fixes was?um?two-and-a-half months ago."

I scratched my aching head and said, "Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any RootKits? Have you checked the consistency of critical files on the system?"

"You know, I was planning to install something like Tripwire, but just never got around to it," Fred admitted.

I quietly sighed and said, "OK. Just remain calm. I'll be right over so we can start to analyze your machines."

You clearly don't want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4 a.m. on New Year's Day. While I've changed Fred's name to protect the innocent, this situation actually occurred. Fred's organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, many organizations find themselves in the same state of information security unpreparedness.

But the situation goes beyond these security basics. Even if you've implemented all of the controls discussed in my Fred narrative above, there are a variety of other tips and tricks you can use to defend your systems. Sure, you may apply security patches, use a file integrity checking tool, and have adequate logging, but have you recently looked for unsecured modems? Or, how about activating port-level security on the switches in your critical network segments to prevent powerful, new active sniffing attacks? Have you considered implementing non-executable stacks to prevent one of the most common types of attacks today, the stack-based buffer overflow? Are you ready for kernel-level RootKits? If you want to learn more about these topics and more, please read on.

As we will see throughout the book, computer attacks happen each and every day, with increasing virulence. To create a good defense, you must understand the offensive techniques of your adversaries. In my career as a system penetration tester, incident response team member, and information security architect, I've seen numerous types of attacks ranging from simple scanning by clueless kids to elite attacks sponsored by the criminal underground. This book boils down the common and most damaging elements from these real-world attacks, while offering specific advice on how you can proactively avoid such trouble from your adversaries. We'll zoom in on how computer attackers conduct their activities, looking at each step of their process so we can implement in-depth defenses.

The book is designed for system administrators, network administrators, and security professionals, as well as others who want to learn how computer attackers do their magic and how to stop them. The offensive and defensive techniques laid out in the book apply to all types of organizations using computers and networks today, including enterprises and service providers, ranging in size from small to gigantic.

Computer attackers are marvelous at sharing information with each other about how to attack your infrastructure. Their efficiency at information dissemination about victims can be ruthless. It is my hope that this book can help to even the score, by sharing practical advice about how to defend your computing environment from the bad guys. By applying the defenses from this book, you can greatly improve your computer security and, perhaps, we'll both be able to sleep in late next New Year's Day.

Read More Show Less

Introduction

Preface

My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 a.m., New Year's Day. Needless to say, I hadn't gotten very much sleep that night.

I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues.

"We've been hacked big time!" Fred shouted, far too loudly for this time of the morning.

I rubbed my eyes to try to gain a little coherence.

"How do you know they got in? What did they do?" I asked.

Fred replied, "They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!"

I asked, "How did they get in? Have you checked out the logs?"

Fred stuttered, "W-Well, we don't do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files."

"Have you applied the latest security fixes from your operating system vendor to your machines?" I asked, trying to learn a little more about Fred's security posture.

Fred responded with hesitation, "We apply security patches every three months. The last time we deployed fixes was?um?two-and-a-half months ago."

I scratched my aching head and said, "Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any RootKits? Have you checked the consistency of critical files on the system?"

"You know, I was planning to install something like Tripwire, but just never got around to it," Fredadmitted.

I quietly sighed and said, "OK. Just remain calm. I'll be right over so we can start to analyze your machines."

You clearly don't want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4 a.m. on New Year's Day. While I've changed Fred's name to protect the innocent, this situation actually occurred. Fred's organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, many organizations find themselves in the same state of information security unpreparedness.

But the situation goes beyond these security basics. Even if you've implemented all of the controls discussed in my Fred narrative above, there are a variety of other tips and tricks you can use to defend your systems. Sure, you may apply security patches, use a file integrity checking tool, and have adequate logging, but have you recently looked for unsecured modems? Or, how about activating port-level security on the switches in your critical network segments to prevent powerful, new active sniffing attacks? Have you considered implementing non-executable stacks to prevent one of the most common types of attacks today, the stack-based buffer overflow? Are you ready for kernel-level RootKits? If you want to learn more about these topics and more, please read on.

As we will see throughout the book, computer attacks happen each and every day, with increasing virulence. To create a good defense, you must understand the offensive techniques of your adversaries. In my career as a system penetration tester, incident response team member, and information security architect, I've seen numerous types of attacks ranging from simple scanning by clueless kids to elite attacks sponsored by the criminal underground. This book boils down the common and most damaging elements from these real-world attacks, while offering specific advice on how you can proactively avoid such trouble from your adversaries. We'll zoom in on how computer attackers conduct their activities, looking at each step of their process so we can implement in-depth defenses.

The book is designed for system administrators, network administrators, and security professionals, as well as others who want to learn how computer attackers do their magic and how to stop them. The offensive and defensive techniques laid out in the book apply to all types of organizations using computers and networks today, including enterprises and service providers, ranging in size from small to gigantic.

Computer attackers are marvelous at sharing information with each other about how to attack your infrastructure. Their efficiency at information dissemination about victims can be ruthless. It is my hope that this book can help to even the score, by sharing practical advice about how to defend your computing environment from the bad guys. By applying the defenses from this book, you can greatly improve your computer security and, perhaps, we'll both be able to sleep in late next New Year's Day.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)