Network Security Hacks, 2nd Edition

Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Chapter 1. Unix Host Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1. Secure Mount Points 2
2. Scan for SUID and SGID Programs 3
3. Scan for World- and Group-Writable Directories 5
4. Create Flexible Permissions Hierarchies with POSIX ACLs 5
5. Protect Your Logs from Tampering 9
6. Delegate Administrative Roles 11
7. Automate Cryptographic Signature Verification 13
8. Check for Listening Services 15
9. Prevent Services from Binding to an Interface 17
10. Restrict Services with Sandboxed Environments 19
11. Use proftpd with a MySQL Authentication Source 23
12. Prevent Stack-Smashing Attacks 26
13. Lock Down Your Kernel with grsecurity 28
14. Restrict Applications with grsecurity 33
15. Restrict System Calls with systrace 36
16. Create systrace Policies Automatically 39
17. Control Login Access with PAM 41
18. Restrict Users to SCP and SFTP 46
19. Use Single-Use Passwords for Authentication 49
20. Restrict Shell Environments 52

21. Enforce User and Group Resource Limits 54
22. Automate System Updates 55
Chapter 2. Windows Host Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
23. Check Servers for Applied Patches 59
24. Use Group Policy to Configure Automatic Updates 63
25. List Open Files and Their Owning Processes 66
26. List Running Services and Open Ports 68
27. Enable Auditing 69
28. Enumerate Automatically Executed Programs 71
29. Secure Your Event Logs 73
30. Change Your Maximum Log File Sizes 73
31. Back Up and Clear the Event Logs 75
32. Disable Default Shares 78
33. Encrypt Your Temp Folder 79
34. Back Up EFS 80
35. Clear the Paging File at Shutdown 86
36. Check for Passwords That Never Expire 88
Chapter 3. Privacy and Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
37. Evade Traffic Analysis 91
38. Tunnel SSH Through Tor 95
39. Encrypt Your Files Seamlessly 96
40. Guard Against Phishing 100
41. Use the Web with Fewer Passwords 105
42. Encrypt Your Email with Thunderbird 107
43. Encrypt Your Email in Mac OS X 112
Chapter 4. Firewalling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
44. Firewall with Netfilter 117
45. Firewall with OpenBSD’s PacketFilter 122
46. Protect Your Computer with the Windows Firewall 128
47. Close Down Open Ports and Block Protocols 137
48. Replace the Windows Firewall 139
49. Create an Authenticated Gateway 147
50. Keep Your Network Self-Contained 149

51. Test Your Firewall 151
52. MAC Filter with Netfilter 154
53. Block Tor 156
Chapter 5. Encrypting and Securing Services . . . . . . . . . . . . . . . . . . . . . . . 158
54. Encrypt IMAP and POP with SSL 158
55. Use TLS-Enabled SMTP with Sendmail 161
56. Use TLS-Enabled SMTP with Qmail 163
57. Install Apache with SSL and suEXEC 164
58. Secure BIND 169
59. Set Up a Minimal and Secure DNS Server 172
60. Secure MySQL 176
61. Share Files Securely in Unix 178
Chapter 6. Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
62. Detect ARP Spoofing 184
63. Create a Static ARP Table 186
64. Protect Against SSH Brute-Force Attacks 188
65. Fool Remote Operating System Detection Software 190
66. Keep an Inventory of Your Network 194
67. Scan Your Network for Vulnerabilities 197
68. Keep Server Clocks Synchronized 207
69. Create Your Own Certificate Authority 209
70. Distribute Your CA to Clients 213
71. Back Up and Restore a Certificate Authority with Certificate
Services 214
72. Detect Ethernet Sniffers Remotely 221
73. Help Track Attackers 227
74. Scan for Viruses on Your Unix Servers 229
75. Track Vulnerabilities 233
Chapter 7. Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
76. Turn Your Commodity Wireless Routers into a Sophisticated
Security Platform 236
77. Use Fine-Grained Authentication for Your Wireless Network 240
78. Deploy a Captive Portal 244