Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2nd Edition / Edition 2

Paperback (Print)
Rent
Rent from BN.com
$17.71
(Save 78%)
Est. Return Date: 11/01/2014
Used and New from Other Sellers
Used and New from Other Sellers
from $31.37
Usually ships in 1-2 business days
(Save 60%)
Other sellers (Paperback)
  • All (24) from $31.37   
  • New (17) from $43.80   
  • Used (7) from $31.37   

Overview

“I finally get it! I used to hear words like rootkit, buffer overflow, and idle scanning, and they just didn’t make any sense. I asked other people and they didn’t seem to know how these things work, or at least they couldn’t explain them in a way that I could understand. Counter Hack Reloaded is the clearest explanation of these tools I have ever seen. Thank you!”
—Stephen Northcutt, CEO, SANS Institute
“Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a ‘must-have’ and a ‘must-read’ for anyone remotely associated with computers and computer security.”
—Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery
“Ed Skoudis is a rare individual. He knows the innards of all the various systems, knows all the latest exploits and defenses, and yet is able to explain everything at just the right level. The first edition of Counter Hack was a fascinating read. It’s technically intriguing and very clear. . . . A book on vulnerabilities, though, will get out of date, and so we definitely needed this updated and significantly rewritten second edition. This book is a wonderful overview of the field.”
—From the Foreword by Radia Perlman, series editor, The Radia Perlman Series in Computer Networking and Security; author of Interconnections; and coauthor of Network Security: Private Communications in a Public World
“What a great partnership! Ed Skoudis and Tom Liston share an uncanny talent for explaining even the most challenging security concepts in a clear and enjoyable manner. Counter Hack Reloaded is an indispensable resource for those who want to improve their defenses and understand the mechanics of computer attacks.”
—Lenny Zeltser, coauthor of Malware: Fighting Malicious Code
“Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a ‘must-have’ and a ‘must-read’ for anyone remotely associated with computers and computer security.”
—Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery
“In addition to having breadth of knowledge about and probing insights into network security, Ed Skoudis’s real strength is in his ability to show complex topics in an understandable form. By the time he’s done, what started off as a hopeless conglomeration of acronyms starts to sound comfortable and familiar. This book is your best source for understanding attack strategies, attack tools, and the defenses against both.”
—William Stearns, network security expert, www.stearns.org
“This book is a must-have for anyone in the Internet security game. It covers everything from the basic principles to the fine details of online attack methods and counter-strategies and is very engagingly written.”
—Warwick Ford, coauthor of Secure Electronic Commerce

For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security expert Ed Skoudis, with Tom Liston, has thoroughly updated this best-selling guide, showing how to defeat today’s newest, most sophisticated, and most destructive attacks.

For this second edition, more than half the content is new and updated, including coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. The authors walk you through each attack and demystify every tool and tactic. You’ll learn exactly how to establish effective defenses, recognize attacks in progress, and respond quickly and effectively in both UNIX/Linux and Windows environments.

Important features of this new edition include

  • All-new “anatomy-of-an-attack” scenarios and tools
  • An all-new section on wireless hacking: war driving, wireless sniffing attacks, and more
  • Fully updated coverage of reconnaissance tools, including Nmap port scanning and “Google hacking”
  • New coverage of tools for gaining access, including uncovering Windows and Linux vulnerabilities with Metasploit
  • New information on dangerous, hard-to-detect, kernel-mode rootkits
Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
Five years ago, says top infosec expert Ed Skoudis, attacks on corporate computer systems were more likely to come from kids than hardened criminals. Now, though, “with organized crime and, yes, even terrorists mastering their computer attack skills, things have taken a turn for the dark and sinister.” When Skoudis sat down to rewrite his classic Counter Hack, he had his hands full. The result: a new book that’s every bit as useful to IT people as the original, and even more urgently important.

As in the first edition, Skoudis carefully describes the entire attack process: reconnaissance, scanning, and the methods used by attackers to gain, maintain, and hide their access. Skoudis addresses both UNIX/Linux and Windows environments and presents state-of-the-art countermeasures for the exploits he discusses. From wardriving to kernel-mode rootkits, this book tells you what you must know -- and what you must do. Bill Camarda, from the February 2006 Read Only

From The Critics
Infrastructure network consultant Skoudis provides a step-by-step guide that will help network and system administrators defend their information and computing assets, whether or not they have had security experience. The 13 chapters discuss a hacker's view of networks, TCP/IP protocols, and their vulnerabilities; five phases of hacking (reconnaissance, scanning, gaining and maintaining access, and preventing detection); the most dangerous and widespread attack scenarios; key hacker tools and how they work to build elegant attacks from simple building blocks; detecting and preventing IP spoofing, covert channels, denial of service, and other key attacks; how to uncover the handiwork of hackers; and a preview of tomorrow's hacker tools, attacks, and countermeasures. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Soundview Executive Book Summaries
Skoudis, a leading network security expert, has compiled his wealth of knowledge on protecting information and computing assets into a 564-page masterwork. Sharing his insider's view on the destructive tools and tactics used by hackers, Skoudis offers an encyclopedia of hacker tools, attack detecting techniques and preventive measures to protect the vulnerabilities of today and tomorrow. Copyright (c) 2002 Soundview Executive Book Summaries
Read More Show Less

Product Details

Meet the Author

Ed Skoudis is a founder and senior security consultant for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. His expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed information security governance and operations teams for Fortune 500 companies, and responded to computer attacks for clients in financial, high technology, health care, and other industries. Ed has demonstrated hacker techniques for the U.S. Senate and is a frequent speaker on issues associated with hacker tools and defenses. He was also awarded 2004 and 2005 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Prior to Intelguardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).

Tom Liston is a senior analyst for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. He is the author of the popular open source network tarpit, LaBrea, for which he was a finalist for eWeek and PC Magazine’s Innovations In Infrastructure (i3) award in 2002. He is one of the handlers at the SANS Institute’s Internet Storm Center, where he deals daily with cutting edge security issues and authors a popular series of articles under the title “Follow the Bouncing Malware.” Mr. Liston resides in the teeming metropolis of Johnsburg, Illinois, and has four beautiful children (who demanded to be mentioned): Mary, Maggie, Erin, and Victoria.

Read More Show Less

Read an Excerpt

My flight had just landed. It was around midnight. The flight attendant announced that we could turn on our cell phones. As soon as mine booted up, it started buzzing with a frantic call from a newspaper reporter I had recently met. He quickly explained that he had obtained a copy of a manifesto written by a terrorist who had launched some pretty horrific attacks killing hundreds of innocent people a few months back. The reporter had had the text professionally translated so he could get some folks to analyze it. In this 30-page document, this very evil guy was urging his followers to alter their tactics in their struggle. To augment their physical terrorism, the plan was now to start including cyber attacks to maximize their impact on countries that oppose their terrorist agenda. The reporter wanted me to analyze the technical underpinnings of the manifesto, to determine whether it was all smoke and mirrors, or a legitimate cause for concern.

I got to my hotel room and snagged a copy of the manifesto from my e-mail. The document I read startled me. Although not technically deep, it was quite astute. Its author emphasized that the terrorist group could enhance their stature and influence and cause more terror to their enemies by undermining their economic well-being through the use of computer attacks. After this really eerie “motivational” speech introduction, the manifesto turned toward describing how different categories of attack could be used to achieve terrorist goals. Although the author didn’t include technical details, he did provide a huge number of technical references on computer attacks, pressing his faithful followers to study hard the technologies of the infidel so they could undermine them.

The following day I received an unrelated call, this time from a lawyer friend of mine. He explained that a computer attacker had broken into the network of a company and stolen over a million credit card numbers. Because the attacker had pilfered the entire magnetic stripe data stored on the company’s servers, the bad guy could create very convincing counterfeit cards, and begin selling them on the black market. My lawyer friend wanted me to look over the details of the heist and explain in nontechnical jargon how the thief was able to pull this off. I carefully reviewed the case, analyzing the bad guy’s moves, noting sadly that he had used some pretty standard attack techniques to perpetrate this big-time crime.

Given those cases on back-to-back days, I just reread the preface to the original Counter Hack book I wrote almost five years ago. Although it described a real-world attack against an ISP, it still had a fun feeling to it. The biggest worry then was the defacement of some Web sites and my buddy’s boss getting mad, certainly cause for concern, but not the end of the world. I was struck with how much things have changed in computer attacks, and not at all for the better. Five years back, we faced a threat, but it was often manifested in leisurely attacks by kids looking to have some fun. We did face a hardened criminal here and there, of course, but there was a certain whimsy to our work. Today, with organized crime and, yes, even terrorists mastering their computer attack skills, things have taken a turn for the dark and sinister. Sure, the technology has evolved, but increasingly so has the nature of our threat.

Underscoring the problem, if you place an unpatched computer on the Internet today, its average survival time before being completely compromised is less than 20 minutes. That time frame fluctuates a bit over the months, sometimes dropping to less than 10 minutes, and occasionally bumping up over 30 minutes when some particularly good patches are released and quickly deployed. However, even the upper-end number is disheartening. Given this highly aggressive threat, it’s even more important now than ever for computer professionals (system administrators, network administrators, and security personnel) and even laymen to have knowledge of how the bad guys attack and how to defend against each of their moves. If we don’t understand the bad guys’ tactics and how to thwart them, they’ll continue to have their way with our machines, resulting in some major damage. They know how to attack, and are learning more all the time. We defenders also must be equally if not better equipped. This new edition of Counter Hack represents a massive update to the original book; a lot has happened in the last five years in the evolution of computer attack technology. However, the book retains the same format and goal: to describe the attacks in a step-by-step manner and to demonstrate how to defend against each attack using time-tested, real-world techniques.

Oh, and one final note: Although the nature of the threat we face has grown far more sinister, don’t let that get you down in the dumps. A depressed or frightened attitude might make you frustrated and less agile when dealing with attacks, lowering your capabilities. If we are to be effective in defending our systems, we must keep in mind that this information security work we all do is inherently interesting and even fun. It’s incredibly important to be diligent in the face of these evolving threats; don’t get me wrong. At the same time, we must strive to keep a positive attitude, fighting the good fight, and making our systems more secure.

Preface from the First Edition

My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 AM, New Year’s Day. Needless to say, I hadn’t gotten very much sleep that night.

I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues.

“We’ve been hacked big time!” Fred shouted, far too loudly for this time of the morning.

I rubbed my eyes to try to gain a little coherence.

“How do you know they got in? What did they do?” I asked.

Fred replied, “They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!”

I asked, “How did they get in? Have you checked out the logs?”

Fred stuttered, “W-Well, we don’t do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files.”

“Have you applied the latest security fixes from your operating system vendor to your machines?” I asked, trying to learn a little more about Fred’s security posture.

Fred responded with hesitation, “We apply security patches every three months. The last time we deployed fixes was ... um ... two-and-a-half months ago.”

I scratched my aching head and said, “Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any rootkits? Have you checked the consistency of critical files on the system?”

“You know, I was planning to install something like Tripwire, but just never got around to it,” Fred admitted.

I quietly sighed and said, “OK. Just remain calm. I’ll be right over so we can start to analyze your machines.”

You clearly don’t want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4 AM on New Year’s Day. While I’ve changed Fred’s name to protect the innocent, this situation actually occurred. Fred’s organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, many organizations find themselves in the same state of information security unpreparedness.

But the situation goes beyond these security basics. Even if you’ve implemented all of the controls discussed in this Fred narrative, there are a variety of other tips and tricks you can use to defend your systems. Sure, you might apply security patches, use a file integrity checking tool, and have adequate logging, but have you recently looked for unsecured modems? Or, how about activating port-level security on the switches in your critical network segments to prevent powerful, new active sniffing attacks? Have you considered implementing nonexecutable stacks to prevent one of the most common types of attacks today, the stack-based buffer overflow? Are you ready for kernel-level rootkits? If you want to learn more about these topics and more, please read on.

As we will see throughout the book, computer attacks happen each and every day, with increasing virulence. To create a good defense, you must understand the offensive techniques of your adversaries. In my career as a system penetration tester, incident response team member, and information security architect, I’ve seen numerous types of attacks ranging from simple scanning by clueless kids to elite attacks sponsored by the criminal underground. This book boils down the common and most damaging elements from these real-world attacks, while offering specific advice on how you can proactively avoid such trouble from your adversaries. We’ll zoom in on how computer attackers conduct their activities, looking at each step of their process so we can implement in-depth defenses.

The book is designed for system administrators, network administrators, and security professionals, as well as others who want to learn how computer attackers do their magic and how to stop them. The offensive and defensive techniques laid out in the book apply to all types of organizations using computers and networks today, including enterprises and service providers, ranging in size from small to gigantic.

Computer attackers are marvelous at sharing information with each other about how to attack your infrastructure. Their efficiency at information dissemination about victims can be ruthless. It is my hope that this book can help to even the score, by sharing practical advice about how to defend your computing environment from the bad guys. By applying the defenses from this book, you can greatly improve your computer security and, perhaps, we’ll both be able to sleep in late next New Year’s Day.

Acknowledgments

I was surprised to find that writing a new edition for a book was even harder than writing the original book! Deciding what to keep and what to drop is very tough, but I think we’ve struck the right balance. The consistently good input I got from my reviewers made me revise the book significantly and really contributed to this process. My more technical reviewers wanted deeper technical detail, and the less technical folks wanted more tutorial and background. In the end, I am very grateful for all of the wonderful input regarding the balance between the importance of background material and the need for technical details.

In particular, Radia Perlman was instrumental in the development of this book. She originally had the idea for writing it, and finally motivated me to get started writing. She also guided me through the writing process, providing a great deal of support and excellent technical feedback. Many thanks to Radia, the great Queen of Networking!

Catherine Nolan from Prentice Hall was crucial in kicking me in the rear to move this whole process forward. She was firm yet friendly, inspiring me with her e-mails to keep making progress every day.

Mary Franz from Prentice Hall was an inspiring friend, helping to get this revised edition started. This book wouldn’t exist if it weren’t for Mary. She’s now moved on to other opportunities, and I do indeed miss her.

Also, thanks to everyone else at Prentice Hall for their support in getting this done, especially Julie Nahil and Teresa Horton, who shepherded this puppy through the editing process and provided much helpful input.

Thank you also to Harlan Carvey, Kevin Fu, Mike Ressler, and Warwick Ford, who reviewed this book and provided very useful comments. Also, Denise Mickelsen was very helpful in organizing things throughout the review process.

I’d like to thank Tom Liston, a great friend, who did the updates on Chapters 4, 8, and 11. Without Tom’s excellent work on those chapters, I’m not sure we’d have ever finished. Thanks a bunch!

Allan Paller and Stephen Northcutt, from the SANS Institute, have done a tremendous job pushing me to develop my presentation and writing style. I’ve always appreciated their input regarding how to present these concepts in a fun, informative, and professional way.

Also, many thanks go the authors of the tools described throughout the book. Although a small number of the tool developers have sinister motives, the vast majority are focused on helping people find security flaws before the attackers do. Although you might disagree about their motivations, the skill and dedication that goes into devising these tools and attack strategies are remarkable and must not be understated.

The students who’ve attended my live course over the past decade have provided a huge amount of input and clarification. Often, a small comment on the feedback forms has led to some major changes in my materials that have greatly improved the coherence and value of the presentation materials and this book. Thanks to all who have contributed over the years!

But most important, I’d like especially to thank my wonderful wife, Josephine, and our children, Jessica and Joshua, for their help and understanding throughout this process. They were incredibly supportive while I wrote away day and night, giving me far more leeway and understanding than I deserve. It wasn’t easy, but it was fun ... and now it’s done.

Read More Show Less

Table of Contents

(NOTE: Each chapter concludes with Summary).

Foreword.

Preface Reloaded.

About the Authors.

1. Introduction.

The Computer World and the Golden Age of Hacking.

Why This Book?

The Threat: Never Underestimate Your Adversary.

A Note on Terminology and Iconography.

Caveat: These Tools Could Hurt You.

Organization of Rest of the Book.

2. Networking Overview: Pretty Much Everything You Need to Know About Networking to Follow the Rest of This Book.

The OSI Reference Model and Protocol Layering.

How Does TCP/IP Fit In?

Understanding TCP/IP.

Transmission Control Protocol (TCP).

User Datagram Protocol (UDP).

Internet Protocol (IP) and Internet Control Message Protocol (ICMP).

ICMP.

Other Network-Level Issues.

Don’t Forget About the Data Link and Physical Layers!

Security Solutions for the Internet.

Conclusion.

3. Linux and UNIX Overview: Pretty Much Everything You Need to Know About Linux and UNIX to Follow the Rest of This Book.

Introduction.

Architecture.

Accounts and Groups.

Linux and UNIX Permissions.

Linux and UNIX Trust Relationships.

Common Linux and UNIX Network Services.

Conclusion.

4. Windows NT/000/XP/00 Overview: Pretty Much Everything You Need to Know About Windows to Follow the Rest of This Book.

Introduction.

A Brief History of Time.

The Underlying Windows Operating System Architecture.

How Windows Password Representations Are Derived.

Kernel Mode.

From Service Packs and Hotfixes to Windows Update and Beyond.

Accounts and Groups.

Privilege Control.

Policies

Trust.

Auditing.

Object Access Control and Permissions.

Network Security.

Windows 2000 and Beyond: Welcome to the New Millennium.

Conclusion.

5. Phase 1: Reconnaissance.

Low-Technology Reconnaissance: Social Engineering, Caller ID Spoofing, Physical Break-In, and Dumpster Diving.

Search the Fine Web (STFW).

Who is Databases: Treasure Chests of Information.

The Domain Name System.

General-Purpose Reconnaissance Tools.

Conclusion.

6. Phase 2: Scanning.

War Driving: Finding Wireless Access Points.

War Dialing: Looking for Modems in All the Right Places.

Network Mapping.

Determining Open Ports Using Port Scanners.

Vulnerability-Scanning Tools.

Intrusion Detection System and Intrusion Prevention System Evasion.

Conclusion.

7. Phase 3: Gaining Access Using Application and Operating System Attacks.

Script Kiddie Exploit Trolling.

Pragmatism for More Sophisticated Attackers.

Buffer Overflow Exploits.

Password Attacks.

Web Application Attacks.

Exploiting Browser Flaws.

Conclusion.

8. Phase 4: Gaining Access Using Network Attacks.

Sniffing.

IP Address Spoofing.

Session Hijacking.

Netcat: A General-Purpose Network Tool.

Conclusion.

9. Phase 3: Denial-of-Service Attacks.

Locally Stopping Services.

Locally Exhausting Resources.

Remotely Stopping Services.

Remotely Exhausting Resources.

Conclusion.

10. Phase 4: Maintaining Access: Trojans, Backdoors, and Rootkits ... Oh My!

Trojan Horses.

Backdoors.

The Devious Duo: Backdoors Melded into Trojan Horses.

Nasty: Application-Level Trojan Horse Backdoor Tools.

Also Nasty: The Rise of the Bots.

Additional Nastiness: Spyware Everywhere!

Defenses Against Application-Level Trojan Horse Backdoors, Bots, and Spyware.

Even Nastier: User-Mode Rootkits.

Defending Against User-Mode Rootkits.

Nastiest: Kernel-Mode Rootkits.

Defending Against Kernel-Mode Rootkits.

Conclusion.

11. Phase 5: Covering Tracks and Hiding.

Hiding Evidence by Altering Event Logs.

Defenses Against Log and Accounting File Attacks.

Creating Difficult-to-Find Files and Directories.

Hiding Evidence on the Network: Covert Channels.

Defenses Against Covert Channels.

Conclusion.

12. Putting It All Together: Anatomy of an Attack.

Scenario 1: Crouching Wi-Fi, Hidden Dragon.

Scenario 2: Death of a Telecommuter.

Scenario 3: The Manchurian Contractor.

Conclusion.

13. The Future, References, and Conclusions.

Where Are We Heading?

Keeping Up to Speed.

Final Thoughts ... Live Long and Prosper.

Index.

Read More Show Less

Preface

My flight had just landed. It was around midnight. The flight attendant announced that we could turn on our cell phones. As soon as mine booted up, it started buzzing with a frantic call from a newspaper reporter I had recently met. He quickly explained that he had obtained a copy of a manifesto written by a terrorist who had launched some pretty horrific attacks killing hundreds of innocent people a few months back. The reporter had had the text professionally translated so he could get some folks to analyze it. In this 30-page document, this very evil guy was urging his followers to alter their tactics in their struggle. To augment their physical terrorism, the plan was now to start including cyber attacks to maximize their impact on countries that oppose their terrorist agenda. The reporter wanted me to analyze the technical underpinnings of the manifesto, to determine whether it was all smoke and mirrors, or a legitimate cause for concern.

I got to my hotel room and snagged a copy of the manifesto from my e-mail. The document I read startled me. Although not technically deep, it was quite astute. Its author emphasized that the terrorist group could enhance their stature and influence and cause more terror to their enemies by undermining their economic well-being through the use of computer attacks. After this really eerie “motivational” speech introduction, the manifesto turned toward describing how different categories of attack could be used to achieve terrorist goals. Although the author didn’t include technical details, he did provide a huge number of technical references on computer attacks, pressing his faithful followers to study hard the technologies of the infidel so they could undermine them.

The following day I received an unrelated call, this time from a lawyer friend of mine. He explained that a computer attacker had broken into the network of a company and stolen over a million credit card numbers. Because the attacker had pilfered the entire magnetic stripe data stored on the company’s servers, the bad guy could create very convincing counterfeit cards, and begin selling them on the black market. My lawyer friend wanted me to look over the details of the heist and explain in nontechnical jargon how the thief was able to pull this off. I carefully reviewed the case, analyzing the bad guy’s moves, noting sadly that he had used some pretty standard attack techniques to perpetrate this big-time crime.

Given those cases on back-to-back days, I just reread the preface to the original Counter Hack book I wrote almost five years ago. Although it described a real-world attack against an ISP, it still had a fun feeling to it. The biggest worry then was the defacement of some Web sites and my buddy’s boss getting mad, certainly cause for concern, but not the end of the world. I was struck with how much things have changed in computer attacks, and not at all for the better. Five years back, we faced a threat, but it was often manifested in leisurely attacks by kids looking to have some fun. We did face a hardened criminal here and there, of course, but there was a certain whimsy to our work. Today, with organized crime and, yes, even terrorists mastering their computer attack skills, things have taken a turn for the dark and sinister. Sure, the technology has evolved, but increasingly so has the nature of our threat.

Underscoring the problem, if you place an unpatched computer on the Internet today, its average survival time before being completely compromised is less than 20 minutes. That time frame fluctuates a bit over the months, sometimes dropping to less than 10 minutes, and occasionally bumping up over 30 minutes when some particularly good patches are released and quickly deployed. However, even the upper-end number is disheartening. Given this highly aggressive threat, it’s even more important now than ever for computer professionals (system administrators, network administrators, and security personnel) and even laymen to have knowledge of how the bad guys attack and how to defend against each of their moves. If we don’t understand the bad guys’ tactics and how to thwart them, they’ll continue to have their way with our machines, resulting in some major damage. They know how to attack, and are learning more all the time. We defenders also must be equally if not better equipped. This new edition of Counter Hack represents a massive update to the original book; a lot has happened in the last five years in the evolution of computer attack technology. However, the book retains the same format and goal: to describe the attacks in a step-by-step manner and to demonstrate how to defend against each attack using time-tested, real-world techniques.

Oh, and one final note: Although the nature of the threat we face has grown far more sinister, don’t let that get you down in the dumps. A depressed or frightened attitude might make you frustrated and less agile when dealing with attacks, lowering your capabilities. If we are to be effective in defending our systems, we must keep in mind that this information security work we all do is inherently interesting and even fun. It’s incredibly important to be diligent in the face of these evolving threats; don’t get me wrong. At the same time, we must strive to keep a positive attitude, fighting the good fight, and making our systems more secure.

Preface from the First Edition

My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 AM, New Year’s Day. Needless to say, I hadn’t gotten very much sleep that night.

I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues.

“We’ve been hacked big time!” Fred shouted, far too loudly for this time of the morning.

I rubbed my eyes to try to gain a little coherence.

“How do you know they got in? What did they do?” I asked.

Fred replied, “They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!”

I asked, “How did they get in? Have you checked out the logs?”

Fred stuttered, “W-Well, we don’t do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files.”

“Have you applied the latest security fixes from your operating system vendor to your machines?” I asked, trying to learn a little more about Fred’s security posture.

Fred responded with hesitation, “We apply security patches every three months. The last time we deployed fixes was ... um ... two-and-a-half months ago.”

I scratched my aching head and said, “Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any rootkits? Have you checked the consistency of critical files on the system?”

“You know, I was planning to install something like Tripwire, but just never got around to it,” Fred admitted.

I quietly sighed and said, “OK. Just remain calm. I’ll be right over so we can start to analyze your machines.”

You clearly don’t want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4 AM on New Year’s Day. While I’ve changed Fred’s name to protect the innocent, this situation actually occurred. Fred’s organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, many organizations find themselves in the same state of information security unpreparedness.

But the situation goes beyond these security basics. Even if you’ve implemented all of the controls discussed in this Fred narrative, there are a variety of other tips and tricks you can use to defend your systems. Sure, you might apply security patches, use a file integrity checking tool, and have adequate logging, but have you recently looked for unsecured modems? Or, how about activating port-level security on the switches in your critical network segments to prevent powerful, new active sniffing attacks? Have you considered implementing nonexecutable stacks to prevent one of the most common types of attacks today, the stack-based buffer overflow? Are you ready for kernel-level rootkits? If you want to learn more about these topics and more, please read on.

As we will see throughout the book, computer attacks happen each and every day, with increasing virulence. To create a good defense, you must understand the offensive techniques of your adversaries. In my career as a system penetration tester, incident response team member, and information security architect, I’ve seen numerous types of attacks ranging from simple scanning by clueless kids to elite attacks sponsored by the criminal underground. This book boils down the common and most damaging elements from these real-world attacks, while offering specific advice on how you can proactively avoid such trouble from your adversaries. We’ll zoom in on how computer attackers conduct their activities, looking at each step of their process so we can implement in-depth defenses.

The book is designed for system administrators, network administrators, and security professionals, as well as others who want to learn how computer attackers do their magic and how to stop them. The offensive and defensive techniques laid out in the book apply to all types of organizations using computers and networks today, including enterprises and service providers, ranging in size from small to gigantic.

Computer attackers are marvelous at sharing information with each other about how to attack your infrastructure. Their efficiency at information dissemination about victims can be ruthless. It is my hope that this book can help to even the score, by sharing practical advice about how to defend your computing environment from the bad guys. By applying the defenses from this book, you can greatly improve your computer security and, perhaps, we’ll both be able to sleep in late next New Year’s Day.

Acknowledgments

I was surprised to find that writing a new edition for a book was even harder than writing the original book! Deciding what to keep and what to drop is very tough, but I think we’ve struck the right balance. The consistently good input I got from my reviewers made me revise the book significantly and really contributed to this process. My more technical reviewers wanted deeper technical detail, and the less technical folks wanted more tutorial and background. In the end, I am very grateful for all of the wonderful input regarding the balance between the importance of background material and the need for technical details.

In particular, Radia Perlman was instrumental in the development of this book. She originally had the idea for writing it, and finally motivated me to get started writing. She also guided me through the writing process, providing a great deal of support and excellent technical feedback. Many thanks to Radia, the great Queen of Networking!

Catherine Nolan from Prentice Hall was crucial in kicking me in the rear to move this whole process forward. She was firm yet friendly, inspiring me with her e-mails to keep making progress every day.

Mary Franz from Prentice Hall was an inspiring friend, helping to get this revised edition started. This book wouldn’t exist if it weren’t for Mary. She’s now moved on to other opportunities, and I do indeed miss her.

Also, thanks to everyone else at Prentice Hall for their support in getting this done, especially Julie Nahil and Teresa Horton, who shepherded this puppy through the editing process and provided much helpful input.

Thank you also to Harlan Carvey, Kevin Fu, Mike Ressler, and Warwick Ford, who reviewed this book and provided very useful comments. Also, Denise Mickelsen was very helpful in organizing things throughout the review process.

I’d like to thank Tom Liston, a great friend, who did the updates on Chapters 4, 8, and 11. Without Tom’s excellent work on those chapters, I’m not sure we’d have ever finished. Thanks a bunch!

Allan Paller and Stephen Northcutt, from the SANS Institute, have done a tremendous job pushing me to develop my presentation and writing style. I’ve always appreciated their input regarding how to present these concepts in a fun, informative, and professional way.

Also, many thanks go the authors of the tools described throughout the book. Although a small number of the tool developers have sinister motives, the vast majority are focused on helping people find security flaws before the attackers do. Although you might disagree about their motivations, the skill and dedication that goes into devising these tools and attack strategies are remarkable and must not be understated.

The students who’ve attended my live course over the past decade have provided a huge amount of input and clarification. Often, a small comment on the feedback forms has led to some major changes in my materials that have greatly improved the coherence and value of the presentation materials and this book. Thanks to all who have contributed over the years!

But most important, I’d like especially to thank my wonderful wife, Josephine, and our children, Jessica and Joshua, for their help and understanding throughout this process. They were incredibly supportive while I wrote away day and night, giving me far more leeway and understanding than I deserve. It wasn’t easy, but it was fun ... and now it’s done.

Read More Show Less

Introduction

Preface

My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 a.m., New Year's Day. Needless to say, I hadn't gotten very much sleep that night.

I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues.

"We've been hacked big time!" Fred shouted, far too loudly for this time of the morning.

I rubbed my eyes to try to gain a little coherence.

"How do you know they got in? What did they do?" I asked.

Fred replied, "They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!"

I asked, "How did they get in? Have you checked out the logs?"

Fred stuttered, "W-Well, we don't do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files."

"Have you applied the latest security fixes from your operating system vendor to your machines?" I asked, trying to learn a little more about Fred's security posture.

Fred responded with hesitation, "We apply security patches every three months. The last time we deployed fixes was?um?two-and-a-half months ago."

I scratched my aching head and said, "Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any RootKits? Have you checked the consistency of critical files on the system?"

"You know, I was planning to install something like Tripwire, but just never got around to it," Fredadmitted.

I quietly sighed and said, "OK. Just remain calm. I'll be right over so we can start to analyze your machines."

You clearly don't want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4 a.m. on New Year's Day. While I've changed Fred's name to protect the innocent, this situation actually occurred. Fred's organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, many organizations find themselves in the same state of information security unpreparedness.

But the situation goes beyond these security basics. Even if you've implemented all of the controls discussed in my Fred narrative above, there are a variety of other tips and tricks you can use to defend your systems. Sure, you may apply security patches, use a file integrity checking tool, and have adequate logging, but have you recently looked for unsecured modems? Or, how about activating port-level security on the switches in your critical network segments to prevent powerful, new active sniffing attacks? Have you considered implementing non-executable stacks to prevent one of the most common types of attacks today, the stack-based buffer overflow? Are you ready for kernel-level RootKits? If you want to learn more about these topics and more, please read on.

As we will see throughout the book, computer attacks happen each and every day, with increasing virulence. To create a good defense, you must understand the offensive techniques of your adversaries. In my career as a system penetration tester, incident response team member, and information security architect, I've seen numerous types of attacks ranging from simple scanning by clueless kids to elite attacks sponsored by the criminal underground. This book boils down the common and most damaging elements from these real-world attacks, while offering specific advice on how you can proactively avoid such trouble from your adversaries. We'll zoom in on how computer attackers conduct their activities, looking at each step of their process so we can implement in-depth defenses.

The book is designed for system administrators, network administrators, and security professionals, as well as others who want to learn how computer attackers do their magic and how to stop them. The offensive and defensive techniques laid out in the book apply to all types of organizations using computers and networks today, including enterprises and service providers, ranging in size from small to gigantic.

Computer attackers are marvelous at sharing information with each other about how to attack your infrastructure. Their efficiency at information dissemination about victims can be ruthless. It is my hope that this book can help to even the score, by sharing practical advice about how to defend your computing environment from the bad guys. By applying the defenses from this book, you can greatly improve your computer security and, perhaps, we'll both be able to sleep in late next New Year's Day.

Read More Show Less

Customer Reviews

Average Rating 4
( 4 )
Rating Distribution

5 Star

(3)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(1)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 4 Customer Reviews
  • Anonymous

    Posted September 16, 2006

    Counter Hack This Book

    Counter Hack Reloaded Second Edition by Ed Skoudis with Tom Liston Published by Prentice Hall, December 2005 ISBN 0-13-148104-5 This book is an absolute must have for every security professionals bookshelf. If you are new to the arena of Information Systems Security or a CISSP this book leads you down some extremely interesting vulnerability protection paths. Ed Skoudis gives an exhaustive look into the mind and intentions of the ¿Nasties¿ out there and how to protect yourself and your network from them. The chapters are well laid out and each builds on the knowledge from the previous chapter(s). The Table of Contents allows for easy reference back to a specific chapter for later the material is cutting edge and well explained with references to additional material online. All in all a very insightful book that made me double check all of my firewalls and filesystem protection methods and apply some of the knowledge learned.

    2 out of 2 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted January 16, 2006

    explains types of malware and your defenses

    [A review of the 2ND EDITION, December 2005.] In 2001, Skoudis published the first edition of this book. It was a lucid and well received explanation of how crackers can attack your computer. The intervening years have seen significant growth in this field, as both sides have escalated their techniques. Hence this second edition. In hindsight, the first book was written in what seems to be a more innocent time. Then, successful attacks were often the equivalent of graffiti. They gave bragging rights to the cracker, but no economic payoff. Now, the authors point out, there is far more likely to be a financial incentive, as more corporations leave sensitive data on insecure machines. Plus, of course, that book was written before 11 Sept 2001. Today there are scenarios of terrorists attacking computers. Perhaps to finance their operations, or to communicate with each other. However, the authors carefully state that there has thus far been little actual evidence of such terrorist usage. Still, it's an ever-present possibility. The second edition has updates on the latest attack methods. Some of these were virtually unknown in 2001, like wardriving. Here, the massive uptake in wireless computing and the concomitant proliferation of badly administered wireless access points has led to malicious wardriving. The book also shows the use of Intrusion Detection Systems and their more aggressive sibling, Intrusion Prevention Systems. These have improved heavily in sophistication in just a few years. There is a passing reference to phishing. Starting in 2003, we have seen a huge global increase in this scourge. The book explains the most common form of phishing, and how it is based on social engineering, by trying, often successfully, to fool a recipient of a phishing email. The only countermeasure described is to warn the reader to beware of such messages. No technical solution is proposed. Perhaps the most interesting chapters are 10 and 11. These describe Trojans, backdoors and rootkits. Where the latter can be user-mode or the more dangerous kernel-mode. The most dangerous attacks are given in these chapters. But the text explains strong countermeasures that you can do. Including using several white hat websites like chkrootkit.org, knowngoods.org and cisecurity.org. These offer very useful tools and data that you can run against your machines, as extra protection. There are many websites out there with such agendas. But the sheer number of these can be daunting. Who can you rely on? One answer is to use the book as a reliable guide.

    1 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Posted June 3, 2013

    WOW... I love MyDeals247 model - they create competition among t

    WOW... I love MyDeals247 model - they create competition among the sellers real-time.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted August 9, 2011

    No text was provided for this review.

Sort by: Showing all of 4 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)