Maximum Security:
A Hacker's Guide to Protecting Your Internet Site and Network
2
How This Book Will Help You
Prior to writing this book, I had extensive discussions with the Sams.net editorial
staff. In those discussions, one thing became immediately clear: Sams.net wanted
a book that was valuable to all users, not just to a special class of them. An examination
of earlier books on the subject proved instructive. The majority were well written
and tastefully presented, but appealed primarily to UNIX or NT system administrators.
I recognized that while this class of individuals is an important one, there are
millions of average users yearning for basic knowledge of security. To accommodate
that need, I aimed at creating an all-purpose Internet security book.
To do so, I had to break some conventions. Accordingly, this book probably differs
from other Sams.net books in both content and form. Nevertheless, the book contains
copious knowledge, and there are different ways to access it. This chapter briefly
outlines how the reader can most effectively access and implement that knowledge.
Is This Book of Practical Use?
Is this book of practical use? Absolutely. It can serve both as a reference book
and a general primer. The key for each reader is to determine what information is
most important to him or her. The book loosely follows two conventional designs common
to books by Sams.net:
- Evolutionary ordering (where each chapter arises, in some measure, from information
in an earlier one)
- Developmental ordering (where you travel from the very simple to the complex)
This book is a hybrid of both techniques. For example, the book examines services
in the TCP/IP suite, then quickly progresses to how those services are integrated
in modern browsers, how such services are compromised, and ultimately, how to secure
against such compromises. In this respect, there is an evolutionary pattern to the
book.
At the same time, the book begins with a general examination of the structure
of the Internet and TCP/IP (which will seem light in comparison to later analyses
of sniffing, where you examine the actual construct of an information packet). As
you progress, the information becomes more and more advanced. In this respect, there
is a developmental pattern to the book.
Using This Book Effectively: Who Are You?
Different people will derive different benefits from this book, depending on their
circumstances. I urge each reader to closely examine the following categories. The
information will be most valuable to you whether you are
- A system administrator
- A hacker
- A cracker
- A business person
- A journalist
- A casual user
- A security specialist
I want to cover these categories and how this book can be valuable to each. If
you do not fit cleanly into one of these categories, try the category that best describes
you.
System Administrator
A system administrator is any person charged with managing a network or any portion
of a network. Sometimes, people might not realize that they are a system administrator.
In small companies, for example, programming duties and system administration are
sometimes assigned to a single person. Thus, this person is a general, all-purpose
technician. They keep the system running, add new accounts, and basically perform
any task required on a day-to-day basis. This, for your purposes, is a system administrator.
What This Book Offers the System Administrator
This book presumes only basic knowledge of security from its system administrators,
and I believe that this is reasonable. Many capable system administrators are not
well versed in security, not because they are lazy or incompetent but because security
was for them (until now) not an issue. For example, consider the sysad who lords
over an internal LAN. One day, the powers that be decree that the LAN must establish
a connection to the Net. Suddenly, that sysad is thrown into an entirely different
(and hostile) environment. He or she might be exceptionally skilled at internal security
but have little practical experience with the Internet. Today, numerous system administrators
are faced with this dilemma. For many, additional funding to hire on-site security
specialists is not available and thus, these people must go it alone. Not anymore.
This book will serve such system administrators well as an introduction to Internet
security.
Likewise, more experienced system administrators can effectively use this book
to learn--or perhaps refresh their knowledge about--various aspects of Internet security
that have been sparsely covered in books mass-produced for the general public.
For either class of sysad, this book will serve a fundamental purpose: It will
assist them in protecting their network. Most importantly, this book shows the attack
from both sides of the fence. It shows both how to attack and how to defend in a
real-life, combat situation.
Hacker
The term hacker refers to programmers and not to those who unlawfully breach the
security of systems. A hacker is any person who investigates the integrity and security
of an operating system. Most commonly, these individuals are programmers. They usually
have advanced knowledge of both hardware and software and are capable of rigging
(or hacking) systems in innovative ways. Often, hackers determine new ways to utilize
or implement a network, ways that software manufacturers had not expressly intended.
What This Book Offers the Hacker
This book presumes only basic knowledge of Internet security from its hackers
and programmers. For them, this book will provide insight into the Net's most common
security weaknesses. It will show how programmers must be aware of these weaknesses.
There is an ever-increasing market for those who can code client/server applications,
particularly for use on the Net. This book will help programmers make informed decisions
about how to develop code safely and cleanly. As an added benefit, analysis of existing
network utilities (and their deficiencies) may assist programmers in developing newer
and perhaps more effective applications for the Internet.
Cracker
A cracker is any individual who uses advanced knowledge of the Internet (or networks)
to compromise network security. Historically, this activity involved cracking encrypted
password files, but today, crackers employ a wide range of techniques. Hackers also
sometimes test the security of networks, often with the identical tools and techniques
used by crackers. To differentiate between these two groups on a trivial level, simply
remember this: Crackers engage in such activities without authorization. As such,
most cracking activity is unlawful, illegal, and therefore punishable by a term of
imprisonment.
What This Book Offers the Cracker
For the budding cracker, this book provides an incisive shortcut to knowledge
of cracking that is difficult to acquire. All crackers start somewhere, many on the
famous Usenet group alt.2600. As more new users flood the Internet, quality information
about cracking (and security) becomes more difficult to find. The range of information
is not well represented. Often, texts go from the incredibly fundamental to the excruciatingly
technical. There is little material that is in between. This book will save the new
cracker hundreds of hours of reading by digesting both the fundamental and the technical
into a single (and I hope) well-crafted presentation.
Business Person
For your purposes, business person refers to any individual who has established
(or will establish) a commercial enterprise that uses the Internet as a medium. Hence,
a business person--within the meaning employed in this book--is anyone who conducts
commerce over the Internet by offering goods or services.
NOTE: It does not matter whether these
goods or services are offered free as a promotional service. I still classify this
as business.
What This Book Offers the Business Person
Businesses establish permanent connections each day. If yours is one of them,
this book will help you in many ways, such as helping you make informed decisions
about security. It will prepare you for unscrupulous security specialists, who may
charge you thousands of dollars to perform basic, system-administration tasks. This
book will also offer a basic framework for your internal security policies. You have
probably read dozens of dramatic accounts about hackers and crackers, but these materials
are largely sensationalized. (Commercial vendors often capitalize on your fear by
spreading such stories.) The techniques that will be employed against your system
are simple and methodical. Know them, and you will know at least the basics about
how to protect your data.
Journalist
A journalist is any party who is charged with reporting on the Internet. This
can be someone who works for a wire news service or a college student writing for
his or her university newspaper. The classification has nothing to do with how much
money is paid for the reporting, nor where the reporting is published.
What This Book Offers the Journalist
If you are a journalist, you know that security personnel rarely talk to the media.
That is, they rarely provide an inside look at Internet security (and when they do,
this usually comes in the form of assurances that might or might not have value).
This book will assist journalists in finding good sources and solid answers to questions
they might have. Moreover, this book will give the journalist who is new to security
an overall view of the terrain. Technology writing is difficult and takes considerable
research. My intent is to narrow that field of research for journalists who want
to cover the Internet. In coming years, this type of reporting (whether by print
or broadcast media) will become more prevalent.
Casual User
A casual user is any individual who uses the Internet purely as a source of entertainment.
Such users rarely spend more than 10 hours a week on the Net. They surf subjects
that are of personal interest.
What This Book Offers the Casual User
For the casual user, this book will provide an understanding of the Internet's
innermost workings. It will prepare the reader for personal attacks of various kinds,
not only from other, hostile users, but from the prying eyes of government. Essentially,
this book will inform the reader that the Internet is not a toy, that one's identity
can be traced and bad things can happen while using the Net. For the casual user,
this book might well be retitled How to Avoid Getting Hijacked on the Information
Superhighway.
Security Specialist
A security specialist is anyone charged with securing one or more networks from
attack. It is not necessary that they get paid for their services in order to qualify
in this category. Some people do this as a hobby. If they do it, they are a specialist.
What This Book Offers the Security Specialist
If your job is security, this book can serve as one of two things:
- A reference book
- An in-depth look at various tools now being employed in the void
NOTE: In this book, the void refers
to that portion of the Internet that exists beyond your router or modem. It is the
dark, swirling mass of machines, services, and users beyond your computer or network.
These are quantities that are unknown to you. This term is commonly used in security
circles to refer to such quantities.
Much of the information covered here will be painfully familiar to the security
specialist. Some of the material, however, might not be so familiar. (Most notably,
some cross-platform materials for those maintaining networks with multiple operating
systems.) Additionally, this book imparts a comprehensive view of security, encapsulated
into a single text. (And naturally, the materials on the CD-ROM will provide convenience
and utility.)
The Good, the Bad, and the Ugly
How you use this book is up to you. If you purchased or otherwise procured this
book as a tool to facilitate illegal activities, so be it. You will not be disappointed,
for the information contained within is well suited to such undertakings. However,
note that this author does not suggest (nor does he condone) such activities. Those
who unlawfully penetrate networks seldom do so for fun and often pursue destructive
objectives. Considering how long it takes to establish a network, write software,
configure hardware, and maintain databases, it is abhorrent to the hacking community
that the cracking community should be destructive. Still, that is a choice and one
choice--even a bad one--is better than no choice at all. Crackers serve a purpose
within the scheme of security, too. They assist the good guys in discovering faults
inherent within the network.
Whether you are good, bad, or ugly, here are some tips on how to effectively use
this book:
- If you are charged with understanding in detail a certain aspect of security,
follow the notes closely. Full citations appear in these notes, often showing multiple
locations for a security document, RFC, FYI, or IDraft. Digested versions of such
documents can never replace having the original, unabridged text.
- The end of each chapter contains a small rehash of the information covered. For
extremely handy reference, especially for those already familiar with the utilities
and concepts discussed, this "Summary" portion of the chapter is quite
valuable.
Certain examples contained within this book are available on the CD-ROM. Whenever
you see the CD-ROM icon on the outside margin of a page, the resource is available
on the CD. This might be source code, technical documents, an HTML presentation,
system logs, or other valuable information.
The Book's Parts
The next sections describe the book's various parts. Contained within each description
is a list of subjects covered within that chapter.
Part I: Setting the Stage
Part I of this book will be of the greatest value to users who have just joined
the Internet community. Topics include
- Why I wrote this book
- Why you need security
- Definitions of hacking and cracking
- Who is vulnerable to attack
Essentially, Part I sets the stage for the remaining parts of this book. It will
assist readers in understanding the current climate on the Net.
Part II: Understanding the Terrain
Part II of this book is probably the most critical. It illustrates the basic design
of the Internet. Each reader must understand this design before he or she can effectively
grasp concepts in security. Topics include
- Who created the Internet and why
- How the Internet is designed and how it works
- Poor security on the Internet and the reasons for it
- Internet warfare as it relates to individuals and networks
In short, you will examine why and how the Internet was established, what services
are available, the emergence of the WWW, why security might be difficult to achieve,
and various techniques for living in a hostile computing environment.
Part III: Tools
Part III of this book examines the average toolbox of the hacker or cracker. It
familiarizes the reader with Internet munitions, or weapons. It covers the proliferation
of such weapons, who creates them, who uses them, how they work, and how the reader
can use them. Some of the munitions covered are
- Password crackers
- Trojans
- Sniffers
- Tools to aid in obscuring one's identity
- Scanners
- Destructive devices, such as e-mail bombs and viruses
The coverage necessarily includes real-life examples. This chapter will be most
useful to readers engaging in or about to engage in Internet security warfare.
Part IV: Platforms and Security
Part IV of this book ventures into more complex territory, treating vulnerabilities
inherent in certain operating systems or applications. At this point, the book forks,
concentrating on issues relevant to particular classes of users. (For example, if
you are a Novell user, you will naturally gravitate to the Novell chapter.)
Part IV begins with basic discussion of security weaknesses, how they develop,
and sources of information in identifying them. Part IV then progresses to platforms,
including
- Microsoft
- UNIX
- Novell
- VAX/VMS
- Macintosh
- Plan 9 from Bell Labs
Part V: Beginning at Ground Zero
Part V of this book examines who has the power on a given network. I will discuss
the relationship between these authoritarian figures and their users, as well as
abstract and philosophical views on Internet security. At this point, the material
is most suited for those who will be living with security issues each day. Topics
include
- Root, supervisor, and administrator accounts
- Techniques of breaching security internally
- Security concepts and philosophy
Part VI: The Remote Attack
Part VI of this book concerns attacks: actual techniques to facilitate the compromise
of a remote computer system. In it, I will discuss levels of attack, what these mean,
and how one can prepare for them. You will examine various techniques in depth: so
in depth that the average user can grasp--and perhaps implement--attacks of this
nature. Part VI also examines complex subjects regarding the coding of safe CGI programs,
weaknesses of various computer languages, and the relative strengths of certain authentication
procedures. Topics discussed in this part include
- Definition of a remote attack
- Various levels of attack and their dangers
- Sniffing techniques
- Spoofing techniques
- Attacks on Web servers
- Attacks based on weaknesses within various programming languages
Part VII: The Law
Part VII confronts the legal, ethical, and social ramifications of Internet security
and the lack, compromise, and maintenance thereof.
This Book's Limitations
The scope of this book is wide, but there are limitations on the usefulness of
the information. Before examining these individually, I want to make something clear:
Internet security is a complex subject. If you are charged with securing a network,
relying solely upon this book is a mistake. No book has yet been written that can
replace the experience, gut feeling, and basic savvy of a good system administrator.
It is likely that no such book will ever be written. That settled, some points on
this book's limitations include the following:
Timeliness
I commenced this project in January, 1997. Undoubtedly, hundreds of holes have
emerged or been plugged since then. Thus, the first limitation of this book relates
to timeliness.
Timelines might or might not be a huge factor in the value of this book. I say
might or might not for one reason only: Many people do not use the latest and the
greatest in software or hardware. Economic and administrative realities often preclude
this. Thus, there are LANs now operating on Windows for Workgroups that are permanently
connected to the Net. Similarly, some individuals are using SPARCstation 1s running
SunOS 4.1.3 for access. Because older software and hardware exist in the void, much
of the material here will remain current. (Good examples are machines with fresh
installs of an older operating system that has now been proven to contain numerous
security bugs.)
Equally, I advise the reader to read carefully. Certain bugs examined in this
book are common to a single version of software only (for example, Windows NT Server
3.51). The reader must pay particular attention to version information. One version
of a given software might harbor a bug, whereas a later version does not. The security
of the Internet is not a static thing. New holes are discovered at the rate of one
per day. (Unfortunately, such holes often take much longer to fix.)
Be assured, however, that at the time of this writing, the information contained
within this book was current. If you are unsure whether the information you need
has changed, contact your vendor.
Utility
Although this book contains many practical examples, it is not a how-to for cracking
Internet servers. True, I provide many examples of how cracking is done and even
utilities with which to accomplish that task, but this book will not make the reader
a master hacker or cracker. There is no substitute for experience, and this book
cannot provide that.
What this book can provide is a strong background in Internet security, hacking,
and cracking. A reader with little knowledge of these subjects will come away with
enough information to crack the average server (by average, I mean a server maintained
by individuals who have a working but somewhat imperfect knowledge of security).
Also, journalists will find this book bereft of the pulp style of sensationalist
literature commonly associated with the subject. For this, I apologize. However,
sagas of tiger teams and samurais are of limited value in the actual application
of security. Security is a serious subject, and should be reported as responsibly
as possible. Within a few years, many Americans will do their banking online. Upon
the first instance of a private citizen losing his life savings to a cracker, the
general public's fascination with pulp hacking stories will vanish and the fun will
be over.
Lastly, bona fide security specialists might find that for them, only the last
quarter of the book has significant value. As noted, I developed this book for all
audiences. However, these gurus should keep their eyes open as they thumb through
this book. They might be pleasantly surprised (or even downright outraged) at some
of the information revealed in the last quarter of the text. Like a sleight-of-hand
artist who breaks the magician's code, I have dropped some fairly decent baubles
in the street.
Summary
In short, depending on your position in life, this book will help you
- Protect your network
- Learn about security
- Crack an Internet server
- Educate your staff
- Write an informed article about security
- Institute a security policy
- Design a secure program
- Engage in Net warfare
- Have some fun
It is of value to hackers, crackers, system administrators, business people, journalists,
security specialists, and casual users. There is a high volume of information, the
chapters move quickly, and (I hope) the book imparts the information in a clear and
concise manner.
Equally, this book cannot make the reader a master hacker or cracker, nor can
it suffice as your only source for security information. That said, let's move forward,
beginning with a small primer on hackers and crackers.
© Copyright, Macmillan Computer Publishing. All
rights reserved.
|