Actually Useful Internet Security Techniques

Master the complexities of Internet Security!

Offering a unique perspective on Internet security issues, this book takes a comprehensive book at the core applications and protocols used by millions of people. With Actually Useful Internet Security Techniques, network managers, system administrators, and Internet users can build a solid understanding and resolve many of today's security risks. Never before has such timely and valuable information been needed so many.

Actually Useful Internet Security Techniques…

• Details the suite of Internet applications and their inherent dangers — e-mail, news, file sharing, the X Window System, and more
• Presents the leading encryption and digital signature techniques, and their vital role in security
• Discusses numerous methods of authentication, including MIT Kerberos
• Describes many helpful security tools, including SATAN, and where to obtain them
• Explores other network security issues, including firewall strategies, SNMP, and the next generation Internet Protocol

• Part I: Encryption and Authentication
1. Foundations of Internet Security
• Facets of Internet Security
• Authentication
• Access Control
• Integrity
• Confidentiality
• Layered Protocol Models
• Protocol Enveloping
• OSI Reference Model
• Internet TCP/IP Model
• Protocol Enveloping in the TCP/IP Suite
• Security and Layered Internet protocols
• Security at the Physical and Link Layers
• Security at the IP Layer
• Security at the TCP/UDP Layer
• Security at the Application Layer
2. Data Confidentiality and Integrity
• Encryption, Decryption, and Digital Signatures
• A Simple Cryptosystem
• Keys and Keyspace
• Secret-Key and Public-Key Cryptosystems
• Key Management
• Strength of Cryptosystems
• Stream and Block Ciphers
• One-Way Hash Functions
• MD2, MD4, and MD5
• SHA
• Encryption and Decryption Algorithms
• DES
• IDEA
• RC2 and RC4
• Diffie-hellman
• RSA
• Skipjack and Clipper
• U.S. Cryptographic Export Restrictions
3. Authentication
• Authentication Techniques
• User-to-Host Authentication
• Static Passwords in Cleartext
• Static Passwords with One-Way Hash
• One-Time Passwords
• Trusted Third Parties
• Host-to-Host Authentication
• No Authentication
• Disclosing Passwords
• Digital Signatures and Encryption
• User-to-User Authentication
4. The Kerberos Authentication System
• M.I.T. Kerberos Version 4
• Principals and Principal Names
• Tickets and the Ticket Cache
• Authenticators
• User Commands
• The Principal Database
• Configuration Files
• Administration
• Master and Slave KDCs
• Interrealm Authentication
• Kerberizing an Application Client Server
• V4 Limitations and Weaknesses
• V4 Summary
• M.I.T. Version 5
• Differences between V4 and V5
• New V5 Protocol Features
• V4 Compatibility
• Kerberos Availability and Support
• Part II: Communications and Data-Sharing Applications
5. Messaging — Mail and News
• Core Application Protocols
• SMTP
• POP3
• IMAP4
• NNTP
• sendmail
• DEBUG Mode
• .forward Files
• The aliases Database
• CERT Advisories
• Privacy Enhanced Mail (PEM)
• PEM Message Types
• Digital Signatures
• Encryption
• Certificates and Key Management
• RIPEM
• Generating a Key Pair
• Encrypting a Message
• Decrypting a Message
• Signing a Cleartext Message
• Verifying a Signature
• Pretty Good Privacy (PGP)
• Message Types
• Digital Signatures
• Encryption
• Compression and Segmentation
• Sources of PGP
• Generating a Key Pair
• Encrypting a Message
• Decrypting a Message
• Signing a Cleartext Message
• Verifying a Signature
• Anonymous Remailers
• MIME
6. Virtual Terminal Services
• Virtual Terminal Operation
• Secure Terminals
• Telnet
• Host Considerations
• One-Time Passwords
• Kerberized Telnet
• Using Telnet to Attack Other Protocols
• The BSD trusted Host Mechanism
• What's Wrong
• Trust Configuration
• r-commands and r-services
• Kerberized BSD Trust
• Server Filters
• logdaemon
7. File Sharing
• Trivial File Transfer Protocol (TFTP)
• TFTP Client
• TFTP Server (TFTPD)
• File Transfer Protocol (FTP)
• ~/.netrc Files
• PC and Macintosh Concerns
• UNIX FTPD
• Anonymous FTP
• Network File System (NFS)
• RPC and XDR
• RPC Authentication, NFS, and Secure NFS
• User Mapping
• NFS Mounting
• NFS Exporting
• portmapper and rpcbind
• CERT Advisories
8. The X Window System
• The X Client/Server Model
• Window Managers
• Client/Server Communications
• Starting X Clients
• Starting the X Server
• xxdm
• xinit
• Choosing xdm or xinit
• /tmp/.X11-unix/X0 Vulnerability
• Client Authentication and Authorization
• xhost
• MIT-MAGIC-COOKIE-1
• XDM-AUTHORIZATION-1
• SUN-DES-1
• xterm Security
• xrsh and xrlogin
• Part III: Firewalls and Web Security
9. World Wide Web Security
• The Web Model
• Browsers and Servers
• NCSA httpd
• Building the Server
• Server Configuration Files
• Basic Authentication
• Managing Access Control Files
• httpd Log Files
• CGI Programming
• CERT Advisories
• New Directions in Web Security
• Digest Authentication
• S-HTTP
• SSL
10. An Overview of SATAN
• SATAN's Requirements
• How SATAN Works
• Obtaining and Building SATAN
• Directories and Files
• Starting SATAN
• Online Documentation
• Configuring SATAN
• Using SATAN
• Selecting a Database
• Selecting a Target
• Launching a Probe
• Viewing the Results
• SATAN Vulnerabilities
• Detecting SATAN Attacks
11. Network Security Issues
• IP Security Option (IPSO)
• swIPE
• IPv4 and IPv6 Security Protocols
• SNMPv1 andf SNMPv2
• Firewalls: Filters and Gateways
• Packet Filters and Screening Routers
• Application Gateways
12. Actually Useful Security Tools
• Cryptographic Tools
• MD5
• DES
• RSAREF
• Distributed Authentication Systems
• Kerberos
• E-mail Security
• PGP
• RIPEM
• TIS-PEM
• Bellcore PEM Toolkit
• Firewall Tools
• TCP Wrapper (tcpd)
• xinetd
• Drawbridge
• Karlbridge
• screend
• udprelay
• socks
• TIS Toolkit
• tcpr
• Xp-BETA
• FTP Servers
• WU FTPD
• logdaemon FTP
• DECWRL
• Network Encryption Tools
• swIPE
• Network Monitoring Tools
• tcpdump
• argus
• arpwatch
• NFSwatch
• netlog
• cpm
• Unix Auditing Tools
• COPS
• Tripwire
• Tiger
• swatch
• pidentd
• Unix Password and Login Tools
• crack and cracklib
• npasswd
• passwd+
• S/KEY
• shadow
• logdaemon
• Unix System Tools
• chrootuid
• portmapper and rpcbind
• lsof
• Vulnerability Detection
• ISS
• SATAN
• Courtney
• Gabriel
• Scan-detector
• X Tools
• XDM-AUTHORIZATION-1
• Actually Useful Advice
• Part IV: Appendices
1. Security-Related Organizations
• ACM/SIGSAC
• CERT
• CIAC
• CPSR
• EFF
• EPIC
• FIRST
• Internet Society
2. Usenet Newsgroups

Skip, everything in this book is better covered in other places.