E-Book, Englisch, 481 Seiten
Watkins / Mays / Bandes Hack the Stack
1. Auflage 2006
ISBN: 978-0-08-050774-3
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Using Snort and Ethereal to Master The 8 Layers of An Insecure Network
E-Book, Englisch, 481 Seiten
ISBN: 978-0-08-050774-3
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
This book looks at network security in a new and refreshing way. It guides readers step-by-step through the stack -- the seven layers of a network. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found at that layer. The book even includes a chapter on the mythical eighth layer: The people layer.
This book is designed to offer readers a deeper understanding of many common vulnerabilities and the ways in which attacker's exploit, manipulate, misuse, and abuse protocols and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they occur.
What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that may be monitored that would have alerted users of an attack.
* Remember being a child and wanting to take something apart, like a phone, to see how it worked? This book is for you then as it details how specific hacker tools and techniques accomplish the things they do.
* This book will not only give you knowledge of security tools but will provide you the ability to design more robust security solutions
* Anyone can tell you what a tool does but this book shows you how the tool works
Zielgruppe
Adult: General
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Hack The Stack: Using Snort and Ethereal to Master The 8 Layers of an Insecure Network;6
3;Copyright Page;7
4;Contents;14
5;Foreword ;26
6;Chapter 1. Extending OSI to Network Security;28
6.1;Introduction;29
6.2;Our Approach to This Book;29
6.3;Common Stack Attacks;35
6.4;Mapping OSI to TCP/IP;40
6.5;The Current State of IT Security;43
6.6;Using the Information in This Book;46
6.7;Summary;50
6.8;Solutions Fast Track;50
6.9;Frequently Asked Questions;52
7;Chapter 2. The Physical Layer;54
7.1;Introduction;55
7.2;Defending the Physical Layer;55
7.3;Attacking the Physical Layer;74
7.4;Layer 1 Security Project;91
7.5;Summary;92
7.6;Solutions Fast Track;93
7.7;Frequently Asked Questions;94
8;Chapter 3. Layer 2: The Data Link Layer;96
8.1;Introduction;97
8.2;Ethernet and the Data Link Layer;97
8.3;Understanding PPP and SLIP;100
8.4;Working with a Protocol Analyzer;102
8.5;Understanding How ARP Works;109
8.6;Attacking the Data Link Layer;111
8.7;Defending the Data Link Layer;118
8.8;SecuringYour Network from Sniffers;118
8.9;Employing Detection Techniques;120
8.10;Data Link Layer Security Project;122
8.11;Using the Auditor Security Collection to Crack WEP;122
8.12;Summary;126
8.13;Solutions Fast Track;126
8.14;Frequently Asked Questions;128
9;Chapter 4. Layer 3: The Network Layer;130
9.1;Introduction;131
9.2;The IP Packet Structure;131
9.3;The ICMP Packet Structure;145
9.4;Attacking the Network Layer;150
9.5;Defending the Network Layer;167
9.6;Network Layer Security Project;170
9.7;Summary;173
9.8;Solutions Fast Track;173
9.9;Frequently Asked Questions;176
10;Chapter 5. Layer 4: The Transport Layer;178
10.1;Introduction;179
10.2;Connection-Oriented versus Connectionless Protocols;179
10.3;Protocols at the Transport Layer;180
10.4;The Hacker's Perspective;189
10.5;Scanning the Network;190
10.6;Operating System Fingerprinting;200
10.7;Detecting Scans on Your Network;208
10.8;Defending the Transport Layer;210
10.9;Transport Layer Project—Setting Up Snort;214
10.10;Summary;227
10.11;Solutions Fast Track;227
10.12;Frequently Asked Questions;229
11;Chapter 6. Layer 5: The Session Layer;232
11.1;Introduction;233
11.2;Attacking the Session Layer;233
11.3;Defending the Session Layer;254
11.4;Session Layer Security Project;259
11.5;Summary;264
11.6;Solutions Fast Track;264
11.7;Frequently Asked Questions;266
12;Chapter 7. Layer 6: The Presentation Layer;268
12.1;Introduction;269
12.2;The Structure of NetBIOS and SMB;269
12.3;Attacking the Presentation Layer;272
12.4;Defending the Presentation Layer;293
12.5;Presentation Layer Security Project;301
12.6;Summary;307
12.7;Solutions Fast Track;307
12.8;Frequently Asked Questions;309
12.9;Notes;310
13;Chapter 8. Layer 7: The Application Layer;312
13.1;Introduction;313
13.2;The Structure of FTP;313
13.3;Analyzing Domain Name System and Its Weaknesses;319
13.4;Other Insecure Application Layer Protocols;326
13.5;Attacking the Application Layer;330
13.6;Defending the Application Layer;363
13.7;Nessus;373
13.8;Application-Layer Security Project: Using Nessus to Secure the Stack;374
13.9;Summary;377
13.10;Solutions Fast Track;377
13.11;Frequently Asked Questions;379
14;Chapter 9. Layer 8: The People Layer;380
14.1;Introduction;381
14.2;Attacking the People Layer;381
14.3;Defending the People Layer;402
14.4;Making the Case for Stronger Security;417
14.5;People Layer Security Project;422
14.6;Summary;425
14.7;Solutions Fast Track;425
14.8;Frequently Asked Questions;426
15;Appendix A. Risk Mitigation: Securing the Stack;428
15.1;Introduction;429
15.2;Physical;429
15.3;Data Link;430
15.4;Network;431
15.5;Transport;432
15.6;Session;432
15.7;Presentation;433
15.8;Application;433
15.9;People;447
15.10;Summary;449
16;Index;450
Chapter 1 Extending OSI to Network Security
Solutions in this chapter: ¦ Our Approach to This Book ¦ Common Stack Attacks ¦ Mapping the OSI Model to the TCP/IP Model ¦ The Current State of IT Security ¦ Using the Information in this Book ? Summary ? Solutions Fast Track ? Frequently Asked Questions Introduction
“Everything old becomes new again.” The goal of this chapter is to take the well-known Open Systems Interconnect (OSI) model and use it to present security topics in a new and unique way. While each of the subsequent chapters focuses on one individual layer, this chapter offers a high-level overview of the entire book. Our Approach to This Book
This book is compiled of issues and concerns that security professionals must deal with on a daily basis. We look at common attack patterns and how they are made possible. Many attacks occur because of poor protocol design; others occur because of poor programming or lack of forethought when designing code. Finally, the tools that are useful for identifying and analyzing exploits and exposures are discussed—the tools you will return to time and time again. Warning Many of the tools discussed in this book can be used by both security professionals and hackers. Always make sure you have the network owner’s permission before using any of these tools, which will save you from many headaches and potential legal problems. Tools of the Trade
The following sections examine “protocol analyzers” and the Intrusion Detection Systems (IDSes), which are the two main tools used throughout this book. Protocol Analyzers Protocol analyzers (or sniffers) are powerful programs that work by placing the host system’s network card into promiscuous mode, thereby allowing it to receive all of the data it sees in that particular collision domain. Passive sniffing is performed when a user is on a hub. When using a hub, all traffic is sent to all ports; thus, all a security professional or attacker has to do is start the sniffer and wait for someone on the same collision domain to begin transmitting data. A collision domain is a network segment that is shared but not bridged or switched; packets collide because users are sharing the same bandwidth. Sniffing performed on a switched network is known as active sniffing, because it switches segment traffic and knows which particular port to send traffic to. While this feature adds much needed performance, it also raises a barrier when attempting to sniff all potential switched ports. One way to overcome this impediment is to configure the switch to mirror a port. Attackers may not have this capability, so their best hope of bypassing the functionality of the switch is through poisoning and flooding (discussed in subsequent chapters). Sniffers operate at the data link layer of the OSI model, which means they do not have to play by the same rules as the applications and services that reside further up the stack. Sniffers can capture everything on the wire and record it for later review. They allow user’s to see all of the data contained in the packet. While sniffers are still a powerful tool in the hands of an attacker, they have lost some of their mystical status as many more people are using encryption. The sniffer used in this book is called Ethereal, which is free and works well in both a Windows and a Linux environment. (Chapter 3 provides a more in-depth review of how to install and use Ethereal.) If you’re eager to start using Ethereal, more details about the program can be found at www.ethereal.com. (Ethereal’s name has been changed to Wireshark.) Intrusion Detection Systems Intrusion detection systems (IDSes) play a critical role in protecting the Information Technology (IT) infrastructure. Intrusion detection involves monitoring network traffic, detecting attempts to gain unauthorized access to a system or resource, and notifying the appropriate individuals so that counteractions can be taken. The ability to analyze vulnerabilities and attacks with a sniffer and then craft a defense with an IDS is a powerful combination. The IDS system used in this book is Snort, which can be used with both Linux and Windows and has industry wide support. Note Intrusion detection has a short history. In 1983, Dr. Dorothy Denning began developing the first IDS, which would be used by the U.S. government to analyze the audit trails of government mainframe systems. Snort is a freeware IDS developed by Martin Roesch and Brian Caswell. It’s a lightweight, network-based IDS that can be set up on a Linux or Windows host. While the core program uses a Command Line Interface (CLI), graphical user interfaces (GUIs) can also be used. Snort operates as a network sniffer and logs activity that matches predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). Snort consists of two basic parts: ¦ Header Where the rules “actions” are identified ¦ Options Where the rules “alert messages” are identified To learn more about Snort, go to www.Snort.org. Organization of This Book
This book is arranged in the same manner as the layers of the OSI model, which was developed to provide organization and structure to the world of networking. In 1983, the International Organization for Standardization (ISO) and the International Telegraph and Telephone Consultative Committee (CCITT) merged documents and developed the OSI model, which is based on a specific hierarchy where each layer builds on the output of each adjacent layer (see ISO 7498). Today, it is widely used as a guide for describing the operation of a networking environment, and also serves as a teaching model for hacks, attacks, and defenses. The OSI model is a protocol stack where the lower layers deal primarily with hardware, and the upper layers deal primarily with software. The OSI model’s seven layers are designed so that control is passed down from layer to layer. The seven layers of the OSI model are shown in Table 1.1 Table 1.1 The Seven-Layer OSI Model Layer Responsibility Application Application support such as File Transfer Protocol (FTP), Telnet, and Hypertext Transfer Protocol (HTTP) Presentation Encryption, Server Message Block (SMB), American Standard Code for Information Interchange (ASCII), and formatting Session Data flow control, startup, shutdown, and error detection/correction Transport End-to-end communications, UDP and TCP services Network Routing and routable protocols such as IP and Open Shortest Path First (OSPF). Path control and best effort at delivery Data link Network interface cards, Media Access Control (MAC) addresses, framing, formatting, and organizing data Physical Transmission media such as twisted-pair cabling, wireless systems, and fiber-optic cable The OSI model functions as follows: 1. Information is introduced into the application layer and passed down until it ends up at the physical layer. 2. Next, it is transmitted over the physical medium (i.e., wire, coax, or wireless) and sent to the target device. 3. Once at the target device, it proceeds back up the stack to the application layer. For this book, an eighth layer has been added to the OSI model that is called the “people” layer (or “social” layer). Figure 1.1 shows the eight layers and interprets the services of each. Figure 1.1 Hack the Stack’s Eight Layers Note While the OSI model is officially seven layers, for the purposes of this book an additional layer (layer 8 [the “people” layer]) has been added to better address the different hacks and attacks that can occur in a networked environment. The People Layer
Layer 8 is known as the people layer, and while not an official layer of the OSI model, it is an important consideration; therefore, it has been added to the OSI model for this book. People are often the weakest link. We can implement the best security solutions known at the lower layers of the OSI model and still be vulnerable through people and employees. Social...
