Security Power Tools
Read an excerpt:
Chapter 4: LAN Reconnaissance
Excerpt provided courtesy of O'Reilly Media. Copyright © O'Reilly Media, Inc. Written permission from the publisher is required for any use of this material.
|
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - Network Security Assessment, 2nd Edition; Chris McNab, $24.95, 38% Off!
- Tomcat: The Definitive Guide, 2nd Edition; Jason Brittain, et al, $24.95, 38% Off!
- Apache Cookbook, 2nd Edition; Rich Bowen, et al, $21.95, 37% Off!
- Network Warrior; Gary A. Donahue, $27.95, 38% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
What if you could sit down with some of the most talented security engineers
in the world and ask any network security question you wanted? Security Power
Tools lets you do exactly that! Members of Juniper Networks' Security Engineering
team and a few guest experts reveal how to use, tweak, and push the most popular
network security applications, utilities, and tools available using Windows,
Linux, Mac OS X, and Unix platforms.
Designed to be browsed, Security Power Tools offers you multiple approaches
to network security via 23 cross-referenced chapters that review the best security
tools on the planet for both black hat techniques and white hat defense tactics.
It's a must-have reference for network administrators, engineers and consultants
with tips, tricks, and how-to advice for an assortment of freeware and commercial
tools, ranging from intermediate level command-line operations to advanced programming
of self-hiding exploits.
Security Power Tools details best practices for:
• Reconnaissance -- including tools for network scanning such as nmap; vulnerability
scanning tools for Windows and Linux; LAN reconnaissance; tools to help with
wireless reconnaissance; and custom packet generation
• Penetration -- such as the Metasploit framework for automated penetration
of remote computers; tools to find wireless networks; exploitation framework
applications; and tricks and tools to manipulate shellcodes
• Control -- including the configuration of several tools for use as backdoors;
and a review of known rootkits for Windows and Linux
• Defense -- including host-based firewalls; host hardening for Windows and
Linux networks; communication security with ssh; email security and anti-malware;
and device security testing
• Monitoring -- such as tools to capture, and analyze packets; network monitoring
with Honeyd and snort; and host monitoring of production servers for file changes
• Discovery -- including The Forensic Toolkit, SysInternals and other popular
forensic tools; application fuzzer and fuzzing techniques; and the art of binary
reverse engineering using tools like Interactive Disassembler and Ollydbg
A practical and timely network security ethics chapter written by a Stanford
University professor of law completes the suite of topics and makes this book
a goldmine of security information. Save yourself a ton of headaches and be
prepared for any network security dilemma with Security Power Tools.
Table of Contents
Foreword
Credits
Preface
Part I. Legal and Ethics
1. Legal and Ethics Issues
1.1 Core Issues
1.2 Computer Trespass Laws: No "Hacking" Allowed
1.3 Reverse Engineering
1.4 Vulnerability Reporting
1.5 What to Do from Now On
Part II. Reconnaissance
2. Network Scanning
2.1 How Scanners Work
2.2 Superuser Privileges
2.3 Three Network Scanners to Consider
2.4 Host Discovery
2.5 Port Scanning
2.6 Specifying Custom Ports
2.7 Specifying Targets to Scan
2.8 Different Scan Types
2.9 Tuning the Scan Speed
2.10 Application Fingerprinting
2.11 Operating System Detection
2.12 Saving Nmap Output
2.13 Resuming Nmap Scans
2.14 Avoiding Detection
2.15 Conclusion
3. Vulnerability Scanning
3.1 Nessus
3.2 Nikto
3.3 WebInspect
4. LAN Reconnaissance
4.1 Mapping the LAN
4.2 Using ettercap and arpspoof on a Switched Network
4.3 Dealing with Static ARP Tables
4.4 Getting Information from the LAN
4.5 Manipulating Packet Data
5. Wireless Reconnaissance
5.1 Get the Right Wardriving Gear
5.2 802.11 Network Basics
5.3 802.11 Frames
5.4 How Wireless Discovery Tools Work
5.5 Netstumbler
5.6 Kismet at a Glance
5.7 Using Kismet
5.8 Sorting the Kismet Network List
5.9 Using Network Groups with Kismet
5.10 Using Kismet to Find Networks by Probe Requests
5.11 Kismet GPS Support Using gpsd
5.12 Looking Closer at Traffic with Kismet
5.13 Capturing Packets and Decrypting Traffic with Kismet
5.14 Wireshark at a Glance
5.15 Using Wireshark
5.16 AirDefense Mobile
5.17 AirMagnet Analyzers
5.18 Other Wardriving Tools
6. Custom Packet Generation
6.1 Why Create Custom Packets?
6.2 Hping
6.3 Scapy
6.4 Packet-Crafting Examples with Scapy
6.5 Packet Mangling with Netfilter
6.6 References
Part III. Penetration
7. Metasploit
7.1 Metasploit Interfaces
7.2 Updating Metasploit
7.3 Choosing an Exploit
7.4 Choosing a Payload
7.5 Setting Options
7.6 Running an Exploit
7.7 Managing Sessions and Jobs
7.8 The Meterpreter
7.9 Security Device Evasion
7.10 Sample Evasion Output
7.11 Evasion Using NOPs and Encoders
7.12 In Conclusion
8. Wireless Penetration
8.1 WEP and WPA Encryption
8.2 Aircrack
8.3 Installing Aircrack-ng
8.4 Running Aircrack-ng
8.5 Airpwn
8.6 Basic Airpwn Usage
8.7 Airpwn Configuration Files
8.8 Using Airpwn on WEP-Encrypted Networks
8.9 Scripting with Airpwn
8.10 Karma
8.11 Conclusion
9. Exploitation Framework Applications
9.1 Task Overview
9.2 Core Impact Overview
9.3 Network Reconnaissance with Core Impact
9.4 Core Impact Exploit Search Engine
9.5 Running an Exploit
9.6 Running Macros
9.7 Bouncing Off an Installed Agent
9.8 Enabling an Agent to Survive a Reboot
9.9 Mass Scale Exploitation
9.10 Writing Modules for Core Impact
9.11 The Canvas Exploit Framework
9.12 Porting Exploits Within Canvas
9.13 Using Canvas from the Command Line
9.14 Digging Deeper with Canvas
9.15 Advanced Exploitation with MOSDEF
9.16 Writing Exploits for Canvas
9.17 Exploiting Alternative Tools
10. Custom Exploitation
10.1 Understanding Vulnerabilities
10.2 Analyzing Shellcode
10.3 Testing Shellcode
10.4 Creating Shellcode
10.5 Disguising Shellcode
10.6 Execution Flow Hijacking
10.7 References
Part IV. Control
11. Backdoors
11.1 Choosing a Backdoor
11.2 VNC
11.3 Creating and Packaging a VNC Backdoor
11.4 Connecting to and Removing the VNC Backdoor
11.5 Back Orifice 2000
11.6 Configuring a BO2k Server
11.7 Configuring a BO2k Client
11.8 Adding New Servers to the BO2k Workspace
11.9 Using the BO2k Backdoor
11.10 BO2k Powertools
11.11 Encryption for BO2k Communications
11.12 Concealing the BO2k Protocol
11.13 Removing BO2k
11.14 A Few Unix Backdoors
12. Rootkits
12.1 Windows Rootkit: Hacker Defender
12.2 Linux Rootkit: Adore-ng
12.3 Detecting Rootkits Techniques
12.4 Windows Rootkit Detectors
12.5 Linux Rootkit Detectors
12.6 Cleaning an Infected System
12.7 The Future of Rootkits
Part V. Defense
13. Proactive Defense: Firewalls
13.1 Firewall Basics
13.2 Network Address Translation
13.3 Securing BSD Systems with ipfw/natd
13.4 Securing GNU/Linux Systems with netfilter/iptables
13.5 Securing Windows Systems with Windows Firewall/Internet Connection Sharing
13.6 Verifying Your Coverage
14. Host Hardening
14.1 Controlling Services
14.2 Turning Off What You Do Not Need
14.3 Limiting Access
14.4 Limiting Damage
14.5 Bastille Linux
14.6 SELinux
14.7 Password Cracking
14.8 Chrooting
14.9 Sandboxing with OS Virtualization
15. Securing Communications
15.1 The SSH-2 Protocol
15.2 SSH Configuration
15.3 SSH Authentication
15.4 SSH Shortcomings
15.5 SSH Troubleshooting
15.6 Remote File Access with SSH
15.7 SSH Advanced Use
15.8 Using SSH Under Windows
15.9 File and Email Signing and Encryption
15.10 GPG
15.11 Create Your GPG Keys
15.12 Encryption and Signature with GPG
15.13 PGP Versus GPG Compatibility
15.14 Encryption and Signature with S/MIME
15.15 Stunnel
15.16 Disk Encryption
15.17 Windows Filesystem Encryption with PGP Disk
15.18 Linux Filesystem Encryption with LUKS
15.19 Conclusion
16. Email Security and Anti-Spam
16.1 Norton Antivirus
16.2 The ClamAV Project
16.3 ClamWin
16.4 Freshclam
16.5 Clamscan
16.6 clamd and clamdscan
16.7 ClamAV Virus Signatures
16.8 Procmail
16.9 Basic Procmail Rules
16.10 Advanced Procmail Rules
16.11 ClamAV with Procmail
16.12 Unsolicited Email
16.13 Spam Filtering with Bayesian Filters
16.14 SpamAssassin
16.15 SpamAssassin Rules
16.16 Plug-ins for SpamAssassin
16.17 SpamAssassin with Procmail
16.18 Anti-Phishing Tools
16.19 Conclusion
17. Device Security Testing
17.1 Replay Traffic with Tcpreplay
17.2 Traffic IQ Pro
17.3 ISIC Suite
17.4 Protos
Part VI. Monitoring
18. Network Capture
18.1 tcpdump
18.2 Ethereal/Wireshark
18.3 pcap Utilities: tcpflow and Netdude
18.4 Python/Scapy Script Fixes Checksums
18.5 Conclusion
19. Network Monitoring
19.1 Snort
19.2 Implementing Snort
19.3 Honeypot Monitoring
19.4 Gluing the Stuff Together
20. Host Monitoring
20.1 Using File Integrity Checkers
20.2 File Integrity Hashing
20.3 The Do-It-Yourself Way with rpmverify
20.4 Comparing File Integrity Checkers
20.5 Prepping the Environment for Samhain and Tripwire
20.6 Database Initialization with Samhain and Tripwire
20.7 Securing the Baseline Storage with Samhain and Tripwire
20.8 Running Filesystem Checks with Samhain and Tripwire
20.9 Managing File Changes and Updating Storage Database with Samhain and Tripwire
20.10 Recognizing Malicious Activity with Samhain and Tripwire
20.11 Log Monitoring with Logwatch
20.12 Improving Logwatch's Filters
20.13 Host Monitoring in Large Environments with Prelude-IDS
20.14 Conclusion
Part VII. Discovery
21. Forensics
21.1 Netstat
21.2 The Forensic ToolKit
21.3 Sysinternals
22. Application Fuzzing
22.1 Which Fuzzer to Use
22.2 Different Types of Fuzzers for Different Tasks
22.3 Writing a Fuzzer with Spike
22.4 The Spike API
22.5 File-Fuzzing Apps
22.6 Fuzzing Web Applications
22.7 Configuring WebProxy
22.8 Automatic Fuzzing with WebInspect
22.9 Next-Generation Fuzzing
22.10 Fuzzing or Not Fuzzing
23. Binary Reverse Engineering
23.1 Interactive Disassembler
23.2 Sysinternals
23.3 OllyDbg
23.4 Other Tools
Index
About the Author
Bryan Burns is the technical editor and general project leader of this book.
He is the Chief Security Architect for Juniper Networks with more than a decade
of experience in the security networking field and with numerous posts at leading
network security companies. All other contributors are security engineers and
researchers working at Juniper Networks in various posts both in the security
network lab and in the field.
|
