How This Book Will Help You
Prior to writing this book, I had extensive discussions with the Sams.net editorial staff. In
those discussions, one thing became immediately clear: Sams.net wanted a book that was
valuable to all users, not just to a special class of them. An examination of earlier books
on the subject proved instructive. The majority were well written and tastefully presented,
but appealed primarily to UNIX or NT system administrators. I recognized that while this
class of individuals is an important one, there are millions of average users yearning for
basic knowledge of security. To accommodate that need, I aimed at creating an allpurpose
Internet security book.
To do so, I had to break some conventions. Accordingly, this book probably differs from
other Sams.net books in both content and form. Nevertheless, the book contains copious
knowledge, and there are different ways to access it. This chapter briefly outlines how the
reader can most effectively access and implement that knowledge.
Is This Book of Practical Use?
Is this book of practical use? Absolutely. It can serve both as a reference book and a
general primer. The key for each reader is to determine what information is most
important to him or her. The book loosely follows two conventional designs common to
books by Sams.net:
• Evolutionary ordering (where each chapter arises, in some measure, from information in an earlier
one)
• Developmental ordering (where you travel from the very simple to the complex)
This book is a hybrid of both techniques. For example, the book examines services in the
TCP/IP suite, then quickly progresses to how those services are integrated in modern
browsers, how such services are compromised, and ultimately, how to secure against
such compromises. In this respect, there is an evolutionary pattern to the book.
At the same time, the book begins with a general examination of the structure of the
Internet and TCP/IP (which will seem light in comparison to later analyses of sniffing,
where you examine the actual construct of an information packet). As you progress, the
information becomes more and more advanced. In this respect, there is a developmental
pattern to the book.
Using This Book Effectively: Who Are You?
Different people will derive different benefits from this book, depending on their
circumstances. I urge each reader to closely examine the following categories. The
information will be most valuable to you whether you are
• A system administrator
• A hacker
• A cracker
• A business person
• A journalist
• A casual user
• A security specialist
I want to cover these categories and how this book can be valuable to each. If you do not
fit cleanly into one of these categories, try the category that best describes you.
System Administrator
A system administrator is any person charged with managing a network or any portion of
a network. Sometimes, people might not realize that they are a system administrator. In
small companies, for example, programming duties and system administration are
sometimes assigned to a single person. Thus, this person is a general, all-purpose
technician. They keep the system running, add new accounts, and basically perform any
task required on a day-to-day basis. This, for your purposes, is a system administrator.
What This Book Offers the System Administrator
This book presumes only basic knowledge of security from its system administrators, and
I believe that this is reasonable. Many capable system administrators are not well versed
in security, not because they are lazy or incompetent but because security was for them
(until now) not an issue. For example, consider the sysad who lords over an internal
LAN. One day, the powers that be decree that the LAN must establish a connection to the
Net. Suddenly, that sysad is thrown into an entirely different (and hostile) environment.
He or she might be exceptionally skilled at internal security but have little practical
experience with the Internet. Today, numerous system administrators are faced with this
dilemma. For many, additional funding to hire on-site security specialists is not available
and thus, these people must go it alone. Not anymore. This book will serve such system
administrators well as an introduction to Internet security.
Likewise, more experienced system administrators can effectively use this book to learn--
or perhaps refresh their knowledge about--various aspects of Internet security that have
been sparsely covered in books mass-produced for the general public.
For either class of sysad, this book will serve a fundamental purpose: It will assist them
in protecting their network. Most importantly, this book shows the attack from both sides
of the fence. It shows both how to attack and how to defend in a real-life, combat
situation.
Hacker
The term hacker refers to programmers and not to those who unlawfully breach the
security of systems. A hacker is any person who investigates the integrity and security of
an operating system. Most commonly, these individuals are programmers. They usually
have advanced knowledge of both hardware and software and are capable of rigging (or
hacking) systems in innovative ways. Often, hackers determine new ways to utilize or
implement a network, ways that software manufacturers had not expressly intended.
What This Book Offers the Hacker
This book presumes only basic knowledge of Internet security from its hackers and
programmers. For them, this book will provide insight into the Net's most common
security weaknesses. It will show how programmers must be aware of these weaknesses.
There is an ever-increasing market for those who can code client/server applications,
particularly for use on the Net. This book will help programmers make informed
decisions about how to develop code safely and cleanly. As an added benefit, analysis of
existing network utilities (and their deficiencies) may assist programmers in developing
newer and perhaps more effective applications for the Internet.
Cracker
A cracker is any individual who uses advanced knowledge of the Internet (or networks)
to compromise network security. Historically, this activity involved cracking encrypted
password files, but today, crackers employ a wide range of techniques. Hackers also
sometimes test the security of networks, often with the identical tools and techniques
used by crackers. To differentiate between these two groups on a trivial level, simply
remember this: Crackers engage in such activities without authorization. As such, most
cracking activity is unlawful, illegal, and therefore punishable by a term of imprisonment.
What This Book Offers the Cracker
For the budding cracker, this book provides an incisive shortcut to knowledge of cracking
that is difficult to acquire. All crackers start somewhere, many on the famous Usenet
group alt.2600. As more new users flood the Internet, quality information about cracking
(and security) becomes more difficult to find. The range of information is not well
represented. Often, texts go from the incredibly fundamental to the excruciatingly
technical. There is little material that is in between. This book will save the new cracker
hundreds of hours of reading by digesting both the fundamental and the technical into a
single (and I hope) well-crafted presentation.
Business Person
For your purposes, business person refers to any individual who has established (or will
establish) a commercial enterprise that uses the Internet as a medium. Hence, a business
person--within the meaning employed in this book--is anyone who conducts commerce
over the Internet by offering goods or services.
NOTE: It does not matter whether these goods or services are offered free as a
promotional service. I still classify this as business.
What This Book Offers the Business Person
Businesses establish permanent connections each day. If yours is one of them, this book
will help you in many ways, such as helping you make informed decisions about security.
It will prepare you for unscrupulous security specialists, who may charge you thousands
of dollars to perform basic, system-administration tasks. This book will also offer a basic
framework for your internal security policies. You have probably read dozens of dramatic
accounts about hackers and crackers, but these materials are largely sensationalized.
(Commercial vendors often capitalize on your fear by spreading such stories.) The
techniques that will be employed against your system are simple and methodical. Know
them, and you will know at least the basics about how to protect your data.
Journalist
A journalist is any party who is charged with reporting on the Internet. This can be
someone who works for a wire news service or a college student writing for his or her
university newspaper. The classification has nothing to do with how much money is paid
for the reporting, nor where the reporting is published.
What This Book Offers the Journalist
If you are a journalist, you know that security personnel rarely talk to the media. That is,
they rarely provide an inside look at Internet security (and when they do, this usually
comes in the form of assurances that might or might not have value). This book will
assist journalists in finding good sources and solid answers to questions they might have.
Moreover, this book will give the journalist who is new to security an overall view of the
terrain. Technology writing is difficult and takes considerable research. My intent is to
narrow that field of research for journalists who want to cover the Internet. In coming
years, this type of reporting (whether by print or broadcast media) will become more
prevalent.
Casual User
A casual user is any individual who uses the Internet purely as a source of entertainment.
Such users rarely spend more than 10 hours a week on the Net. They surf subjects that are
of personal interest.
What This Book Offers the Casual User
For the casual user, this book will provide an understanding of the Internet's innermost
workings. It will prepare the reader for personal attacks of various kinds, not only from
other, hostile users, but from the prying eyes of government. Essentially, this book will
inform the reader that the Internet is not a toy, that one's identity can be traced and bad
things can happen while using the Net. For the casual user, this book might well be
retitled How to Avoid Getting Hijacked on the Information Superhighway.
Security Specialist
A security specialist is anyone charged with securing one or more networks from attack.
It is not necessary that they get paid for their services in order to qualify in this category.
Some people do this as a hobby. If they do it, they are a specialist.
What This Book Offers the Security Specialist
If your job is security, this book can serve as one of two things:
• A reference book
• An in-depth look at various tools now being employed in the void
NOTE: In this book, the void refers to that portion of the Internet that exists beyond your
router or modem. It is the dark, swirling mass of machines, services, and users beyond
your computer or network. These are quantities that are unknown to you. This term is
commonly used in security circles to refer to such quantities.
Much of the information covered here will be painfully familiar to the security specialist.
Some of the material, however, might not be so familiar. (Most notably, some crossplatform
materials for those maintaining networks with multiple operating systems.)
Additionally, this book imparts a comprehensive view of security, encapsulated into a
single text. (And naturally, the materials on the CD-ROM will provide convenience and
utility.)
The Good, the Bad, and the Ugly
How you use this book is up to you. If you purchased or otherwise procured this book as
a tool to facilitate illegal activities, so be it. You will not be disappointed, for the
information contained within is well suited to such undertakings. However, note that this
author does not suggest (nor does he condone) such activities. Those who unlawfully
penetrate networks seldom do so for fun and often pursue destructive objectives.
Considering how long it takes to establish a network, write software, configure hardware,
and maintain databases, it is abhorrent to the hacking community that the cracking
community should be destructive. Still, that is a choice and one choice--even a bad one--
is better than no choice at all. Crackers serve a purpose within the scheme of security,
too. They assist the good guys in discovering faults inherent within the network.
Whether you are good, bad, or ugly, here are some tips on how to effectively use this
book:
• If you are charged with understanding in detail a certain aspect of security, follow the notes
closely. Full citations appear in these notes, often showing multiple locations for a security
document, RFC, FYI, or IDraft. Digested versions of such documents can never replace having the
original, unabridged text.
• The end of each chapter contains a small rehash of the information covered. For extremely handy
reference, especially for those already familiar with the utilities and concepts discussed, this
"Summary" portion of the chapter is quite valuable.
Certain examples contained within this book are available on the CD-ROM. Whenever
you see the CD-ROM icon on the outside margin of a page, the resource is available on
the CD. This might be source code, technical documents, an HTML presentation, system
logs, or other valuable information.
The Book's Parts
The next sections describe the book's various parts. Contained within each description is
a list of subjects covered within that chapter.
Part I: Setting the Stage
Part I of this book will be of the greatest value to users who have just joined the Internet
community. Topics include
• Why I wrote this book
• Why you need security
• Definitions of hacking and cracking
• Who is vulnerable to attack
Essentially, Part I sets the stage for the remaining parts of this book. It will assist readers
in understanding the current climate on the Net.
Part II: Understanding the Terrain
Part II of this book is probably the most critical. It illustrates the basic design of the
Internet. Each reader must understand this design before he or she can effectively grasp
concepts in security. Topics include
• Who created the Internet and why
• How the Internet is designed and how it works
• Poor security on the Internet and the reasons for it
• Internet warfare as it relates to individuals and networks
In short, you will examine why and how the Internet was established, what services are
available, the emergence of the WWW, why security might be difficult to achieve, and
various techniques for living in a hostile computing environment.
Part III: Tools
Part III of this book examines the average toolbox of the hacker or cracker. It familiarizes
the reader with Internet munitions, or weapons. It covers the proliferation of such
weapons, who creates them, who uses them, how they work, and how the reader can use
them. Some of the munitions covered are
• Password crackers
• Trojans
• Sniffers
• Tools to aid in obscuring one's identity
• Scanners
• Destructive devices, such as e-mail bombs and viruses
The coverage necessarily includes real-life examples. This chapter will be most useful to
readers engaging in or about to engage in Internet security warfare.
Part IV: Platforms and Security
Part IV of this book ventures into more complex territory, treating vulnerabilities inherent
in certain operating systems or applications. At this point, the book forks, concentrating
on issues relevant to particular classes of users. (For example, if you are a Novell user,
you will naturally gravitate to the Novell chapter.)
Part IV begins with basic discussion of security weaknesses, how they develop, and
sources of information in identifying them. Part IV then progresses to platforms,
including
• Microsoft
• UNIX
• Novell
• VAX/VMS
• Macintosh
• Plan 9 from Bell Labs
Part V: Beginning at Ground Zero
Part V of this book examines who has the power on a given network. I will discuss the
relationship between these authoritarian figures and their users, as well as abstract and
philosophical views on Internet security. At this point, the material is most suited for
those who will be living with security issues each day. Topics include
• Root, supervisor, and administrator accounts
• Techniques of breaching security internally
• Security concepts and philosophy
Part VI: The Remote Attack
Part VI of this book concerns attacks: actual techniques to facilitate the compromise of a
remote computer system. In it, I will discuss levels of attack, what these mean, and how
one can prepare for them. You will examine various techniques in depth: so in depth that
the average user can grasp--and perhaps implement--attacks of this nature. Part VI also
examines complex subjects regarding the coding of safe CGI programs, weaknesses of
various computer languages, and the relative strengths of certain authentication
procedures. Topics discussed in this part include
• Definition of a remote attack
• Various levels of attack and their dangers
• Sniffing techniques
• Spoofing techniques
• Attacks on Web servers
• Attacks based on weaknesses within various programming languages
Part VII: The Law
Part VII confronts the legal, ethical, and social ramifications of Internet security and the
lack, compromise, and maintenance thereof.
This Book's Limitations
The scope of this book is wide, but there are limitations on the usefulness of the
information. Before examining these individually, I want to make something clear:
Internet security is a complex subject. If you are charged with securing a network, relying
solely upon this book is a mistake. No book has yet been written that can replace the
experience, gut feeling, and basic savvy of a good system administrator. It is likely that
no such book will ever be written. That settled, some points on this book's limitations
include the following:
• Timeliness
• Utility
Timeliness
I commenced this project in January, 1997. Undoubtedly, hundreds of holes have
emerged or been plugged since then. Thus, the first limitation of this book relates to
timeliness.
Timelines might or might not be a huge factor in the value of this book. I say might or
might not for one reason only: Many people do not use the latest and the greatest in
software or hardware. Economic and administrative realities often preclude this. Thus,
there are LANs now operating on Windows for Workgroups that are permanently
connected to the Net. Similarly, some individuals are using SPARCstation 1s running
SunOS 4.1.3 for access. Because older software and hardware exist in the void, much of
the material here will remain current. (Good examples are machines with fresh installs of
an older operating system that has now been proven to contain numerous security bugs.)
Equally, I advise the reader to read carefully. Certain bugs examined in this book are
common to a single version of software only (for example, Windows NT Server 3.51).
The reader must pay particular attention to version information. One version of a given
software might harbor a bug, whereas a later version does not. The security of the
Internet is not a static thing. New holes are discovered at the rate of one per day.
(Unfortunately, such holes often take much longer to fix.)
Be assured, however, that at the time of this writing, the information contained within
this book was current. If you are unsure whether the information you need has changed,
contact your vendor.
Utility
Although this book contains many practical examples, it is not a how-to for cracking
Internet servers. True, I provide many examples of how cracking is done and even
utilities with which to accomplish that task, but this book will not make the reader a
master hacker or cracker. There is no substitute for experience, and this book cannot
provide that.
What this book can provide is a strong background in Internet security, hacking, and
cracking. A reader with little knowledge of these subjects will come away with enough
information to crack the average server (by average, I mean a server maintained by
individuals who have a working but somewhat imperfect knowledge of security).
Also, journalists will find this book bereft of the pulp style of sensationalist literature
commonly associated with the subject. For this, I apologize. However, sagas of tiger
teams and samurais are of limited value in the actual application of security. Security is a
serious subject, and should be reported as responsibly as possible. Within a few years,
many Americans will do their banking online. Upon the first instance of a private citizen
losing his life savings to a cracker, the general public's fascination with pulp hacking
stories will vanish and the fun will be over.
Lastly, bona fide security specialists might find that for them, only the last quarter of the
book has significant value. As noted, I developed this book for all audiences. However,
these gurus should keep their eyes open as they thumb through this book. They might be
pleasantly surprised (or even downright outraged) at some of the information revealed in
the last quarter of the text. Like a sleight-of-hand artist who breaks the magician's code, I
have dropped some fairly decent baubles in the street.
Summary
In short, depending on your position in life, this book will help you
• Protect your network
• Learn about security
• Crack an Internet server
• Educate your staff
• Write an informed article about security
• Institute a security policy
• Design a secure program
• Engage in Net warfare
• Have some fun
It is of value to hackers, crackers, system administrators, business people, journalists,
security specialists, and casual users. There is a high volume of information, the chapters
move quickly, and (I hope) the book imparts the information in a clear and concise
manner.
Equally, this book cannot make the reader a master hacker or cracker, nor can it suffice as
your only source for security information. That said, let's move forward, beginning with a
small primer on hackers and crackers.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment