Hackers beware the ultimate guide to network security


Published on

Book on Network Security both on individual and corporate perspective.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Hackers beware the ultimate guide to network security

  1. 1. “Hackers Beware “ New Riders Publishing 1 Hackers Beware Eric Cole Publisher: New Riders Publishing First Edition August 13, 2001 ISBN: 0-7357-1009-0, 800 pages A good defense starts with a thorough understanding of your opponent’s offense. Hackers Beware teaches you how hackers think, what tools they use, and the techniques they utilize to compromise a machine. Eric Cole, a leading expert in information security, shows you not only how to detect these attacks, but what you can do to protect yourself against them. When it comes to securing your site, knowledge is power. This book gives you the knowledge to build a proper defense against attackers. Copyright © 2002 by New Riders Publishing FIRST EDITION: August, 2001 All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Library of Congress Catalog Card Number: 00102952 06 05 04 03 02 7 6 5 4 3 2 1 Interpretation of the printing code: The rightmost double-digit number is the year of the book’s printing; the right-most single-digit number is the number of the book’s printing. For example, the printing code 02-1 shows that the first printing of the book occurred in 2002. Composed in Bembo and MCPdigital by New Riders Publishing Printed in the United States of America Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. New Riders Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
  2. 2. “Hackers Beware “ New Riders Publishing 2 Warning and Disclaimer This book is designed to provide information about computer security. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an as-is basis. The authors and New Riders Publishing shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. Credits Publisher David Dwyer Associate Publisher Al Valvano Executive Editor Stephanie Wall Managing Editor Kristy Knoop Product Marketing Manager Stephanie Layton Publicity Manager Susan Nixon Acquisitions Editor Jeff Riley Development Editors Katherine Pendergast Joell Smith
  3. 3. “Hackers Beware “ New Riders Publishing 3 Project Editor Sean Monkhouse Copy Editors Kelli Brooks Sarah Cisco Indexer Christine Karpeles Manufacturing Coordinator Jim Conway Book Designer Louisa Klucznik Cover Designer Aren Howell Proofreaders Katherine Shull Mitch Stark Composition Amy Parker Rebecca Harmon I would like to dedicate this book to my wonderful son, Jackson. He is a blessing to me and brings joy and happiness to me every day. Hackers Beware About the Author About the Technical Reviewers Acknowledgments
  4. 4. “Hackers Beware “ New Riders Publishing 4 Tell Us What You Think Introduction 1. Introduction The Golden Age of Hacking How Bad Is the Problem? What Are Companies Doing? What Should Companies Be Doing? Defense in Depth Purpose of This Book Legal Stuff What’s Covered In This Book Summary 2. How and Why Hackers Do It What Is an Exploit? The Attacker’s Process The Types of Attacks Categories of Exploits Routes Attackers Use to Get In Goals Attackers Try to Achieve Summary 3. Information Gathering Steps for Gathering Information Information Gathering Summary Red Teaming Summary 4. Spoofing Why Spoof? Types of Spoofing Summary 5. Session Hijacking Spoofing versus Hijacking Types of Session Hijacking TCP/IP Concepts Detailed Description of Session Hijacking ACK Storms Programs That Perform Hijacking Dangers Posed by Hijacking Protecting Against Session Hijacking Summary 6. Denial of Service Attacks What Is a Denial of Service Attack? What Is a Distributed Denial of Service Attack? Why Are They Difficult to Protect Against? Types of Denial of Service Attacks Tools for Running DOS Attacks Tools for Running DDOS Attacks Preventing Denial of Service Attacks Preventing Distributed Denial of Service Attacks Summary
  5. 5. “Hackers Beware “ New Riders Publishing 5 7. Buffer Overflow Attacks What Is a Buffer Overflow? How Do Buffer Overflows Work? Types of Buffer Overflow Attacks Why Are So Many Programs Vulnerable? Sample Buffer Overflow Protecting Our Sample Application Ten Buffer Overflow Attacks Protection Against Buffer Overflow Attacks Summary 8. Password Security Typical Attack The Current State of Passwords History of Passwords Future of Passwords Password Management Password Attacks Summary 9. Microsoft NT Password Crackers Where Are Passwords Stored in NT? How Does NT Encrypt Passwords? All Passwords Can Be Cracked (NT Just Makes It Easier) NT Password-Cracking Programs Comparison Extracting Password Hashes Protecting Against NT Password Crackers Summary 10. UNIX Password Crackers Where Are the Passwords Stored in UNIX? How Does UNIX Encrypt Passwords? UNIX Password-Cracking Programs Comparison Protecting Against UNIX Password Crackers Summary 11. Fundamentals of Microsoft NT Overview of NT Security Availability of Source Code NT Fundamentals Summary 12. Specific Exploits for NT Exploits for NT Summary 13. Fundamentals of UNIX Linux Vulnerable Areas of UNIX UNIX Fundamentals Summary 14. Specific Exploits for UNIX
  6. 6. “Hackers Beware “ New Riders Publishing 6 UNIX Exploits Summary 15. Preserving Access Backdoors and Trojans Rootkits NT Backdoors Summary 16. Covering the Tracks How To Cover One’s Tracks Summary 17. Other Types of Attacks Bind 8.2 NXT Exploit Cookies Exploit SNMP Community Strings Sniffing and Dsniff PGP ADK Exploit Cisco IOS Password Vulnerability Man-in-the-Middle Attack Against Key Exchange HTTP Tunnel Exploit Summary 18. SANS Top 10 The SANS Top 10 Exploits Commonly Probed Ports Determining Vulnerabilities Against the SANS Top 10 Summary 19. Putting It All Together Attack Scenarios Summary 20. Summary Security Cannot Be Ignored General Tips for Protecting a Site Things Will Get Worse Before They Get Better What Does the Future Hold? Conclusion A. References Hacker/Security Related URLs Hacker/Security Tools General Security Related Sites
  7. 7. “Hackers Beware “ New Riders Publishing 7 About the Author Eric Cole (CISSP, CCNA, MCSE) is a former Central Intelligence Agency (CIA) employee who today is a highly regarded speaker for the SANS Institute. He has a BS and MS in Computer Science from New York Institute of Technology and is finishing up his Ph.D. in network security—emphasizing intrusion detection and steganography. Eric has extensive experience with all aspects of Information Security, including cryptography, steganography, intrusion detection, NT security, UNIX security, TCP/IP and network security, Internet security, router security, security assessment, penetration testing, firewalls, secure web transactions, electronic commerce, SSL, IPSEC, and information warfare. Eric is among SANS’ highest-rated instructors; he has developed several courses and speaks on a variety of topics. An adjunct professor at Georgetown University, Eric also has taught at New York Institute of Technology. He also created and led Teligent’s corporate security About the Technical Reviewers These reviewers contributed their considerable hands-on expertise to the entire development process for Hackers Beware. As the book was being written, these dedicated professionals reviewed all the material for technical content, organization, and flow. Their feedback was critical to ensuring that Hackers Beware fits our reader’s need for the highest quality technical information. Scott Orr has been involved with the networking efforts of the Purdue School of Engineering and Technology at Indiana University-Purdue University at Indianapolis from the very beginning. Starting out as a 20-node Novell network, it expanded to include more the 400 Microsoft-and UNIX-based workstations within several years. Since then, he moved over to the computer science department where he manages all student and research lab PC and UNIX clusters. In addition, he teaches an undergraduate course and conducts research in the areas of system administration, networking, and computer security. Scott has also made numerous presentations to local industry on the deployment of Internet security measures and has assisted several large corporations with the configuration and testing of their firewalls. Larry Paccone is a Senior National/Systems Security Analyst at Litton/TASC. As both a technical lead and project manager, he has worked in the Internet and network/systems security arena for more than seven years. He has been the technical lead for several network security projects supporting a government network/systems security research and development laboratory. Prior to that, Larry worked for five years at The Analytical Sciences Corporation (TASC) as a national security analyst assessing conventional military force structures. He has an MS in information systems, an M.A. in international relations, and a B.A. in political science. He also has completed eight professional certifications in network and systems security, internetworking, WANs, Cisco routing, and Windows NT.
  8. 8. “Hackers Beware “ New Riders Publishing 8 John Furlong is an independent Network Security Consultant based in Dallas, Texas. After graduating from a university in England as a systems programmer, John immigrated to the United States. After extensive development of IDS signatures and modular software for business environments utilizing the Aggressor security suite, John opened his own consulting firm in 1998. John continues to develop and educate business professionals on the growing need for intranet and Internet security. As a freelance consultant, John has provided remote storage systems for security conscious industries, such as medical and insurance affiliations, and enhanced and strengthened operating systems for numerous Internet service providers. Steve Smaha is an Austin-based angel investor and philanthropist. Previously he was founder and CEO of Haystack Labs, Inc., an early developer of Internet security software, until its acquisition in October 1997 by Trusted Information Systems (TIS). At TIS, Steve served as Vice President for Technology until TIS was acquired by Network Associates in April 1998. Since 1998, he has served on several computer company boards of directors and technical advisory boards and is actively involved in mentoring startup tech companies and working with non-profit organizations. He is married with a young child. His undergraduate degree is from Princeton University and graduate degrees are from the University of Pittsburgh and Rutgers University. Patrick “Swissman” Ramseier, CCNA, GSEC, CISSP, is a Security Services Director for Exodus Communications, Inc. Exodus is a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. Patrick started as a UNIX system administrator. Over the past 13 years, he has been involved with corporate-level security architecture reviews, vulnerability assessments, VPN support, network and operating system security (UNIX-Solaris, Linux, BSD, and Windows NT/2000), training, research, and development. He has a B.A. in business and is working concurrently on his masters and doctorate in computer science Acknowledgments I wanted to thank New Riders for the help and support through this process. Mainly Jeff Riley, Katherine Pendergast, and Sean Monkhouse. They are a great publisher to work with. I also wanted to thank SANS for having such a great organization. Alan Paller and Stephen Northcutt are wonderful people to work with and very helpful. They gave great advice and support through the entire process. Also, I want to thank all of the SANS GIAC students who provided excellent information via their practicals. What always makes me nervous with acknowledgement sections is the thought that I am overlooking someone. When the book comes out I am going to remember who I forgot. So I am going to leave a blank line, so whoever I forgot can write their name into this section __________________________________________. Now on to all of the great friends and family I have that have helped me through this process. Tony Ventimiglia, who has provided great editing support and who has been a great friend through thick and thin. Mathew Newfield, who has helped out in numerous ways—probably even in some ways that he doesn’t even know about. Jim Conley, who provided editing and guidance. Gary Jackson, who provides continual guidance, wisdom, knowledge and is a great friend. Marc Maloof, who has provided guidance and direction. Most of all, I want to thank God for blessing me with a great life and a wonderful family: Kerry Magee Cole, a loving and supportive wife; my wonderful son Jackson, who brings joy and happiness to me everyday; Ron and Caroline Cole, and Mike and Ronnie Magee,
  9. 9. “Hackers Beware “ New Riders Publishing 9 have been great parents to me—offering tons of love and support. I’d also like to thank my wonderful sister, brother-in-law, nieces, and nephews: Cathy, Tim, Allison, Timmy, and Brianna. For anyone who I forget or did not mention by name, I thank all of my friends, family and co-workers who have supported me in a variety of ways through this entire process. Tell Us What You Think As the reader of this book, you are the most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way. As the Executive Editor for the Web Development team at New Riders Publishing, I welcome your comments. You can fax, email, or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books stronger. Please note that I cannot help you with technical problems related to the topic of this book, and that due to the high volume of mail I receive, I might not be able to reply to every message. When you write, please be sure to include this book’s title and author as well as your name and phone or fax number. I will carefully review your comments and share them with the author and editors who worked on the book. Fax: 317-581-4663 Email: stephanie.wall@newriders.com Mail: Stephanie Wall Executive Editor New Riders Publishing 201 West 103rd Street Indianapolis, IN 46290 USA Introduction With so much going on in regard to network security (or the lack thereof), a book on this topic almost needs no introduction. Less than 10 years ago, most people didn’t even know what the Internet or email was. To take a further step back, most people did not even have computers at work or home, and some even questioned their usefulness. Things have really changed. As I am writing this, the Carousel of Progress ride at Disney World goes through my mind. Things that we considered science fiction a decade ago are not only a reality, but an engrained part of our life. Heck, if the dedicated line at my house goes down for more than 30 minutes, my wife is screaming at me to fix it. This is truly the age of computers. From a functionality standpoint, computers are great when they are stand-alone devices. If I have a computer in my home with no network connection, do I really need any computer security? The house usually provides enough security to protect it. But now that everyone is connecting their computers together via the Internet, we are building this web of trust where everyone trusts everyone else. There is just one problem: everyone does not trust everyone else. Yet, in most cases, we are giving everyone full access to this information. At this point, let’s step back and look at how this happened.
  10. 10. “Hackers Beware “ New Riders Publishing 10 This happened because people got so caught up in technology and functionality that no one worried about security—yet security is critical in this day and age. Ten years ago when I worked in security, I remember that no one wanted anything to do with me. The security guy was like the smelly kid in school. No one would sit next to me at meetings. No one would even want to go to lunch with me out of fear that his manager would see him with the security psycho, and he wouldn’t get that big promotion. Why did people hate security so much? People did not see the value of security; they thought it was a waste of money and did not think the threat was real. With most other technologies, there is an immediate tangible benefit. For example, you can directly see the benefit of installing a new network or a new server for a company— faster access, more storage space, more efficient calculations, and so on. With security, there is no direct benefit, only an indirect benefit—your data and information will be secure. In most cases, a company does not realize the benefit of security until it is too late. Only after an attacker breaks into its system and steals $10 million does a company see the need for security and becomes willing to pay the money. Think of how much money the company would have saved if it had invested in security originally. As more and more companies suffer losses, hopefully, more and more companies will start investing in security from the beginning and not wait for a major breach in security to realize how much they need it. Think about car insurance. Everyone who buys a car gets insurance immediately, just in case an accident occurs. I know people who have never been in an accident for 30 years and still get insurance because they know that it is cheaper to have insurance and not have an accident than not have insurance and get into an accident. Companies need to use the same logic with security. No matter what size company you are or what type of business you do, security is always a wise investment. No systems are safe. Any system that is connected to the Internet is getting probed and possibly broken into. If you do not believe me, run the following simple experiment. Because most home computers have either direct connections or dial-up connections, you can use your home computer for this experiment. Purchase or download one of the personal firewall products that are available on the Internet. There are several programs out there, but Zone Alarm, available from www.zonelabs.com, has a free version for non- commercial use. Install the program on your system, keep your system up for at least 48 hours, and get ready to be amazed. Usually within less than two days, your systems will be probed several times and even broken into. For example, I called up an ISP, received an IP address, connected, and within 30 minutes, I received over five probes of the system. Think about this for a minute. If your home computer, with no domain name, that no one cares about, gets probed and attacked, what does that say for a company? It basically says that systems will be attacked, and without good security, they will be broken into and compromised. I have had companies tell me that they have never had an attempted attack against their systems. That statement is false. The correct statement is that they have never had an attempted breach that they detected. Just because you are looking in the wrong places does not mean that your site is secure. It is critical that companies know the right places to look and the proper way to secure their systems. Hopefully, this book will show you what attackers are up to and give you insight into their tools and techniques so that you can look in the right places and better defend your sites. Remember, the best way to have a good defense is to understand the offense. That is the main goal of this book: to make people aware of the techniques, methods, and tools attackers are using to compromise systems and use that knowledge to build secure networks. Security cannot be done in a vacuum; you must understand what the threat is. In this field, ignorance is deadly and knowledge is power.
  11. 11. “Hackers Beware “ New Riders Publishing 11 Hopefully, this book will give you insight into hackers and how you can protect against them. Securing a network is a never-ending journey; but based on my experience, it is a very enjoyable and rewarding journey. Let’s get started on our journey into the wonderful world of network security. Chapter 1. Introduction No matter what field you work in, you cannot help but notice the impact that the Internet has had on society. It has opened up opportunities and markets that people only dreamed of before. As with any new technology, there is always a positive and negative aspect. The positive side is the tremendous business opportunities. The negative side is the huge security risk that is now posed to so many companies, yet few companies are truly aware of the potential danger. It’s like getting in a brand new car and driving down the road at 80mph, only to realize that the engineers did not equip the car with breaks. If this did occur and a large number of people bought the car, the net result would be a high number of fatalities because the proper breaking was not built into the car. The same thing is occurring with the Internet. Now that companies have invested millions of dollars in this new infrastructure, they realize that security was not properly built in, and now their entire companies are vulnerable. The point of this book is that there is no way to properly protect a company’s network unless you know what you’re up against. Only by understanding how attacks work and what an attacker does to compromise a machine can a company position itself so that it can be properly protected. If someone tells you to protect a site against a certain threat and you don’t understand what the threat is or how it works, you cannot protect against it. Knowing what an attacker can do to compromise your system and what that compromise looks like on a network allows you to build a secure system. Although this book goes into techniques used to hack a machine and perform common exploits, it is not meant to be a handbook on how to hack. It is meant to help a company properly close up its vulnerabilities and protect its computers. I want to make you aware of the tools that are available and how easy they are to use, and I want to show you what a company must do to have a secure network. The Golden Age of Hacking Based on everything we know, this truly seems to be the golden age of hacking. To sum things up, it is a great time to be a hacker. Because there are so many possible systems to break into and most of them have such weak security, attackers can pick and choose which machines to go after. To make matters worse, most companies have insufficient information or resources to track these attackers, so even if they are detected, their chances of getting caught are slim. No one polices the Internet, and in terms of knowledge and experience, attackers have the upper hand. Not only is it a good time to
  12. 12. “Hackers Beware “ New Riders Publishing 12 be a hacker, but it is a good time to be a security professional. There is plenty of work and a whole lot of challenges ahead. A recent and well-known example of hacking attacks happened in February of 2000. Several large sites on the Internet were attacked within in a short period of time. The type of attack was a distributed Denial of Service attack in which company web sites became unreachable to legitimate users. These attacks will be discussed in detail in Chapter 6, “Denial of Service Attacks.” From a business perspective, this had a large impact on the victim companies. For one company, an online bookstore, the attack resulted in lost revenue—not only did the company lose sales, but it lost customers. L