Internet Security

This comprehensive reference details how Internet and network security is implemented and explains ways you can keep it from being violated.

Inadequacies in current security products and setups are pointed out and strategies to overcome them are detailed step by step. Security issues such as daemons, auditing, IP spoofing and sniffing, firewalls, encryption, Java security, CGI security, and viruses are covered in thorough detail. Hands-on instruction of security tools such as SATAN, Kerberos, and PGP is also included.

Whether you're planning to implement an Internet security system or optimize an existing one, Internet Security Professional Reference has all the answers you need!

Find and eliminate weaknesses in your existing security system

• Tighten up Internet security with tips from the experts
• Find flaws in your existing setup
• React proactively to possible security risk
• Discover how intruders bypass security checkpoints

• Introduction
1. Managing Internet Security
1. Understanding TCP/IP
• The History of TCP/IP
• Exploring Addresses, Subnets, and Hostnames
• Address Classes
• Subnets
• Hostnames
• Working with Network Interfaces
• Configuration Using ifconfig
• Reviewing the Network Configuration Interfaces
• The /etc/hosts File
• The /etc/ethers File
• The /etc/networks File
• The /etc/protocols File
• The /etc/services File
• The /etc/inetd.conf File
• Understanding the Network Access Files
• /etc/hosts.equiv File
• The .rhosts File
• User and Host Equivalency
• Examining TCP/IP Daemons
• The slink Daemon
• The ldsocket Daemon
• The cpd Daemon
• The Line Printer Daemon (lpd)
• The SNMP Daemon (snmpd)
• The RARP Daemon (rarpd)
• The BOOTP Daemon (bootpd)
• The ROUTE Daemon (routed)
• The Domain Name Service Daemon (named)
• The System Logger Daemon (syslogd)
• Inetd — The Super-Server
• The RWHO Daemon (rwhod)
• Exploring TCP/IP Utilities
• Administrative Commands
• User Commands
2. Understanding and Creating Daemons
• What Is a Daemon?
• Examining the System Daemons
• init
• swapper
• update and bdflush
• lpd
• lpsched
• cpd and sco_cpd (SCO)
• cron
• syslog
• sendmail
• getty
• rlogind
• deliver
• inetd
• routed
• nfsd
• mountd
• pcnfsd
• statd, rpc.statd
• lockd, rpc.lockd
• Creating Daemons with the Bourne Shell
• Handling Input and Output
• Handling Messages
• Handling Signals
• The dfmon Program
• Creating Daemons with PERL
• Handling Input and Output
• Handling Signals
• The procmon Program
• Unix Run Levels
• Program Listings
• Listing 2.1 — The dfmon Program
• Listing 2.2 — The dfmon Configuration File
• Listing 2.3 — The procmon Command
• Listing 2.4 — The procmon.cfg File
3. Using UUCP
• The History of UUCP
• The UUCP Network
• How UUCP Works
• Naming Your Host
• The Naming Process
• The System V Basic Networking Utilities UUCP
• UUCP File Layout
• Configuring UUCP
• Testing the Connection
• The Dialers File
• The Systems File
• The UUCP Chat Scripts
• Testing the Connection — Using uucico
• Permissions File
• Allowing Anonymous UUCP Access
• UUCP Log Files
• Maintenance
• Configuring Version 2 UUCP
• What Is Version 2 UUCP?
• File Layout
• Configuring UUCP
• The L-devices File
• Testing the Connection
• The L.sys File
• Testing the Connection with uucico
• Version 2 Permissions
• Log Files
• Maintenance
• Configuring UUCP over TCP/IP
• Code Listings
• Listing 3.1 — gtimes.c
• Listing 3.2 — genUSER
4. Audit Trails
• Audit Trails under Unix
• Common Unix Logs
• Process Accounting
• Useful Utilities in Auditing
• Other Reporting Tools Available Online
• Audit Trails under Windows NT
• Using the Event Viewer
• Logging the ftp Server Service
• Logging httpd Transactions
• Logging by Other TCP/IP Applications under NT
• Audit Trails under DOS
• PC/DACS
• Watchdog
• LOCK
• Using System Logs to Discover Intruders
• Common Break-In Indications
• Potential Problems
5. RFC 1244 -- The Site Security Handbook
• Contributing Authors
1. Introduction
1. Purpose of this Work
2. Audience
3. Definitions
4. Related Work
5. Scope
6. Why Do We Need Security Policies and Procedures?
7. Basic Approach
8. Organization of this Document
2. Establishing Official Site Policy on Computer Security
1. Brief Overview
2. Risk Assessment
3. Policy Issues
4. What Happens When the Policy is Violated
5. Locking In or Out
6. Interpreting the Policy
7. Publicizing the Policy
3. Establishing Procedures to Prevent Security Problems
1. Security Policy Defines What Needs to be Protected
2. Identifying Possible Problems
3. Choose Controls to Protect Assets in a Cost-Effective Way
4. Use Multiple Strategies to Protect Assets
5. Physical Security
6. Procedures to Recognize Unauthorized Activity
7. Define Actions to Take When Unauthorized Activity is Suspected
8. Communicating Security Policy
9. Resources to Prevent Security Breaches
4. Types of Security Procedures
1. System Security Audits
2. Account Management Procedures
3. Password Management Procedures
4. Configuration Management Procedures
5. Incident Handling
1. Overview
2. Evaluation
3. Possible Types of Notification
4. Response
5. Legal/Investigative
6. Documentation Logs
6. Establishing Post-Incident Procedures
1. Overview
2. Removing Vulnerabilities
3. Capturing Lessons Learned
4. Upgrading Policies and Procedures
7. References
8. Annotated Bibliography
1. Computer Law
2. Computer Security
3. Ethics
4. The Internet Worm
5. National Computer Security Center (NCSC)
6. Security Checklists
7. Additional Publications
9. Acknowledgments
10. Security Considerations
11. Authors' Addresses
2. Gaining Access and Securing the Gateway
6. IP Spoofing and Sniffing
• Sniffing
• Sniffing: How It Is Done
• Sniffing: How It Threatens Security
• Protocol Sniffing: A Case Study
• Sniffing: How to Prevent It
• Hardware Barriers
• Avoiding Transmission of Passwords
• Spoofing
• Hardware Address Spoofing
• ARP Spoofing
• Preventing an ARP Spoof
• Sniffing Case Study Revisited
• Detecting an ARP Spoof
• Spoofing the IP Routing System
• ICMP-Based Route Spoofing
• Misdirecting IP Datagrams from Hosts
• Preventing Route Spoofing
• A Case Study Involving External Routing
• Spoofing Domain Name System Names
• Spoofing TCP Connections
7. How to Build a Firewall
• The TIS Firewall Toolkit
• Understanding TIS
• Where to Get TIS Toolkit
• Compiling under SunOS 4.1.3 and 4.1.4
• Compiling under BSDI
• Installing the Toolkit
• Preparing for Configuration
• Configuration TCP/IP
• IP Forwarding
• The netperm Table
• Configuring netacl
• Connecting with netacl
• Restarting inetd
• Configuring the Telnet Proxy
• Connecting through the Telnet Proxy
• Host Access Rules
• Verifying the Telnet Proxy
• Configuring the rlogin Gateway
• Connecting through the rlogin Proxy
• Host Access Rules
• Verifying the rlogin Proxy
• Configuring the FTP Gateway
• Host Access Rules
• Verifying the FTP Proxy
• Connecting through the FTP Proxy
• Allowing FTP with netacl
• Configuring the Sendmail Proxy: smap and smapd
• Installing the smap Client
• Configuring the smap Client
• Installing the smapd Application
• Configuring the smapd Application
• Configuring DNS for smap
• Configuring the HTTP Proxy
• Non-Proxy Aware HTTP Clients
• Using a Proxy Aware HTTP Client
• Host Access Rules
• Configuring the X Windows Proxy
• Understanding Authentication Server
• The Authentication Database
• Adding Users
• The Authentication Shell — authmgr
• Database Management
• Authentication at Work
• Using plug-gw for Other Services
• Configuration plug-gw
• plug-gw and NNTP
• plug-gw and POP
• The Companion Administrative Tools
• portscan
• netscan
• Reporting Tools
• Where to Go for Help
• Sample netperm-table File
• Manual Reference Pages
• Authmgr — Network Authentication Client Program
• authsrv — Network Authenticatrion Third-Party Daemon
• ftp-gw — FTP Proxy Server
• http-gw — Gopher/HTTP Proxy
• login-sh --- Authenticating Login Shell
• netacl — TCP Network Access Control
• plug-gw — Generic TCP Plugboard Proxy
• rlogin-gw — rlogin Proxy Server
• smap — Sendmail Wrapper Client
• smapd — Sendmail Wrapper Daemon
• tn-gw — telnet Proxy Server
• x-gw — X Gateway Service
8. SATAN and the Internet Inferno
• The Nature of Network Attacks
• Internet Threat Levels (ITL)
• Common Attack Approaches
• An Overview of Holes
• Learning about New Security Holes
• Thinking Like an Intruder
• Gathering Information on Systems
• Know the Code
• Try All Known Problems
• Match Vulnerabilities with Opportunities
• Look for Weak Links
• Summarize the Remote Network Attack
• Automate the Search
• The First Meeting with SATAN
• History
• The Creators
• Comparison to Other Tools
• Vendor Reactions
• Long-Term Impact
• Detecting SATAN
• Courtney
• Gabriel
• TCP Wrappers
• netlog/TAMU
• Argus
• Using Secure Network Programs
• Kerberos
• Secure Shell (ssh)
• SSL
• Firewalls
• Investigating What SATAN Does
• SATAN's Information Gathering
• Vulnerabilities that SATAN Investigates
• Other Network Vulnerabilities
• Investigating IP Spoofing
• Examining Structural Internet Problems
• Rendezvous with SATAN
• Getting SATAN
• Examining the SATAN Files
• Building SATAN
• Using SATAN's HTML Interface
• Running a Scan
• Understanding the SATAN Database Record Format
• Understanding the STATN Rulesets
• Extending SATAN
• Long-Term Benefits of Using SATAN
• Works Cited
9. Kerberos
• How Kerberos Works
• The Kerberos Network
• RFCs
• Goals of Kerberos
• How Authentication Works
• What Kerberos Doesn't Do
• Encryption
• Private, Public, Secret, or Shared Key Encryption
• Private or Secret Key Encryption
• DES and Its Variations
• Encryption Export Issues
• Encryption and Checksum Specifications
• Versions of Kerberos
• Versions of Kerberos V4
• Versions of Kerberos V5
• Bones
• Selecting a Vendor
• Vendor Interoperability Issues
• DEC Ultrix Kerberos
• Transarc's Kerberos
• DCE
• Interoperability Requirements
• Naming Constraints
• Realm Names
• Principal Names
• Cross-Realm Operation
• Ticket Flags
• Initial and Preauthenticated Tickets
• Invalid Tickets
• Renewable Tickets
• Postdated Tickets
• Proxiable and Proxy Tickets
• Forwardable Tickets
• Authentication Flags
• Other Key Distribution Center Options
• Message Exchanges
• Tickets and Authentication
• The Authentication Service Exchange
• The Ticket-Granting Service (TGS) Exchange
• Specifications for the Authentication Server and Ticket Granting Service Exchange
• The Client/Server Authentication Exchange
• Client/Server (CS) Message Specificatrion
• The KRB_SAFE Exchange
• KRB_SAFE Message Specification
• The KRB_PRIV Exchange
• KRB_PRIV Message Specification
• The KRB_CRED Exchange
• KRB_CRED Messaged Specification
• Names
• Time
• Host Addresses
• Authorization Data
• Last Request Data
• Error Message Specification
• Kerberos Workstation Authentication Problems
• Kerberos Port Numbers
• Kerberos Telnet
• Kerberos ftpd
• Other Sources of Information
3. Messaging: Creating a Secure Channel
10. Encryption Overview
• What Is Encryption
• Transposition
• Deciphering
• Substitution
• Caesar Cipher
• Monoalphabetic Substitutions
• Vigenere Encryption
11. PGP
• PGP Overview
• History of PGP
• Why Use PGP?
• Short Encryption Review
• PGP How-To
• Before You Use PGP
• Generate a PGP Key
• Distributing the Public Key
• Signing a Message
• Adding Someone Else's Key
• Encrypting a Message
• Decrypting and Verifying a Message
• PGP Keys
• What's in a Name?
• PGP Key Rings
• The Web of Trust
• Degrees of Trust
• Key Management
• Key Generation
• Adding Keys to the Public Key Ring
• Extracting Keys from the Public Key Ring
• Signing Keys
• Viewing the Contents of a Key Ring
• Removing Keys and Signatures
• Key Fingerprints and Verifying Keys
• Revoking Your Key
• Basic Message Operations
• PGP: Program or Filter?
• Compressing the Message
• Processing Text and Binary Files
• Sending PGP Messages via E-Mail
• Conventional Encryption
• Signing a Message
• Encrypting a Message Using Public Key
• Signing and Encrypting Messages
• Decrypting and Verifying Messages
• Advanced Message Operations
• Clearsigning
• Detached Signatures
• For Her Eyes Only
• Wiping Files
• The PGP Configuration File
• Security of PGP
• The Brute Force Attack
• Secret Keys and Pass Phrases
• Public Key Ring Attacks
• Program Security
• Other Attacks Against PGP
• PGP Add-Ons
• PGP Public Keyservers
• PGPMenu: A Menu Interface to PGP for Unix
• MITSign: A Kerberized PGP Key Signer
• Windows Front-Ends
• Unix Mailers
• Mac PGP
4. Modern Concerns
12. Java Security
• Java's Functionality
• Java Is Portable
• Java Is Robust
• Java Is Secure
• Java Is Object-Oriented
• Java Is High-Performance
• Java Is Easy
• History of the Java Language
• Main Features of the Java Environment
• Features of the Java Language
• The Java Architecture
• From Class File to Extension
• The Compilation of Code
• Running Code
• The Java Virtual Machine
• Why a New Machine Code Specification?
• The Java Virtual Machine Description
• Setting Up Java Security Features
• Using the Appletviewer
• Netscape 2.0
• Other Issues in Using Java Programs
13. CGI Security
• Introducing the CGI Interface
• Why CGI Is Dangerous
• How CGI Works
• CGI Data: Encoding and Decoding
• CGI Libraries
• Understanding Vulnerabilities
• The HTTP Server
• The HTTP Protocol
• The Environment Variable
• GET and POST Input Data
• Minimizing Vulnerability
• Restricts Access to CGI
• Run CGI with Minimum Privileges
• Execute an a chrooted Environment
• Secure the HTTP Server Machine
• CGIWrap: An Alternative Model
• Advantages and Disadvantages
• Bypassing CGI
• Server Side Includes (SSI)
• Restrict Access to SSI
• Alternatives to SSI
• Language Issues
• PERL
• C and C++
• Safe Languages
• Protecting Sensitive Data
• Logging
14. Viruses
• What Is a Computer Virus?
• Most Likely Targets
• Key Hardware
• Key Software
• Floppy Boot Records (FBRs)
• Hard Drive Master Boot Record
• Partition Boot Records
• System Services
• Program Files
• Data Files with Macro Capabilities
• IBM PC Computer Virus Types
• Boot Record Viruses
• Floppy Boot Record Viruses
• Partition Boot Record Viruses
• Master Boot Record Viruses
• Program File Viruses
• SYS File Infections
• Companion Viruses
• Potential Damage by File Infecting Viruses
• Macro Viruses
• Worms
• Network and Internet Virus Susceptibility
• Networks Susceptibility to File Viruses
• Boot Viruses
• Macro Viruses
• Virus Classes
• Polymorphic Viruses
• Stealth Viruses
• Slow Viruses
• Retro Viruses
• Multipartite Viruses
• How Antivirus Program Work
• Virus Scanners
• Memory Scanners
• Integrity Checkers
• Behavior Blockers
• Heuristics
• Preventive Measures and Cures
• Preventing and Repairing Boot Record Viruses
• Preventing and Repairing Executable File Viruses
• Repairing Files Infected with a Read-Stealth Virus
• Preventing and Repairing Macro Viruses
• Profile: Virus Behavior under Windows NT
• Master Boot Record Viruses under Windows NT
• The NT Bootup Process with MBR Infection
• Boot Record Viruses under Windows NT
• Possible Damage Due to Boot Record Virus Infection
• Windows NT Installation with Existing Boot Record Infection
• MBR and Boot Record Viruses — The Bottom Line
• DOS File Viruses under a Windows NT DOS Box
• Damage by File Viruses under a Windows NT DOS Box
• File Virus Infections under Windows NT — Outside a DOS Box
• DOS File Viruses under Windows NT — System Susceptibility during Bootup
• DOS File Viruses — The Bottom Line
• Windows 3.1 Viruses under Windows NT
• Macro Viruses under Windows NT
• Native Windows NT Viruses
5. Appendices
1. Security Information Sources
• CIAC
• COAST
• CERT
• FIRST
• 8lgm: Eight Little Green Men
• bugtraq
• Vendors
• Others
2. Internet Security References

My spontane reaction is: trash.

Other comments are unnecessary.