build your own security lab - gbv
TRANSCRIPT
Build Your Own Security Lab
A Field Guide for Network Testing
Michael Gregg
WILEY
Wiley Publishing, Inc.
Contents
Acknowledgments
Introduction
Chapter 1 Hardware and Gear Why Build a Lab? Hackers Welcome
Hacker Software Hacker Hardware
The Essential Gear Obtaining Requisite Hardware /Software
Stuff You Already Have New-Equipment Purchases Used-Equipment Purchases
Online Auctions Thrift Stores Company Sales
Assembling the Network Lab Starting Clean Configuring the Network Installing Operating Systems
Windows XP Linux
Connecting Everything Together Adding On
Summary Key Terms Exercises
Equipment Checklist Exploring Linux Options Exploring Other Operating System Options
XXI
xxiii
1 2 4 4 5 8 10 10 10 11 12 13 14 14 16 17 21 21 23 23 25 26 27 28 28 29 30
XIII
xiv Contents
Chapter 2 Building a Software Test Platform 31 Server OS Installations 31
Microsoft Windows 32 Linux 36
Navigating in Linux 39 Linux Basics 41
Other Operating Systems 44 Mac OS X 44 ReactOS 45 Windows PE 45
Virtualization 47 VMware Workstation 48 VMware Server 51 Virtual PC 52
Client-Side Tools 53 Learning Applications 55 Summary 56 Key Terms 57 Exercises 58
Using VMware to Build a Windows Image 58 Using VMware to Build a ReactOS Image 59 Running BackTrack from VMware 60
Chapter 3 Passive Information Gathering 63 Starting at the Source 64
Scrutinizing Key Employees 68 Dumpster Diving (Electronic) 71 Analyzing Web Page Coding ,. 74 Exploiting Web Site Authentication Methods 77
Mining Job Ads and Analyzing Financial Data 80 Using Google to Mine Sensitive Information 83 Exploring Domain Ownership 84
WHOIS 85 Regional Internet Registries 88 Domain Name Server 89 Identifying Web Server Software 93 Web Server Location 95
Summary 96 Key Terms 97 Exercises 98
IP Address and Domain Identification 98 Information Gathering 99 Google Hacking 100 Banner Grabbing 101
Telnet 101 Netcat 102
VisualRoute 103
Contents xv
Chapter 4 Detecting Live Systems Detecting Active Systems
Wardriving ICMP (Ping)
Port Scanning TCP/IP Basics
The Network Access Layer The Internet Layer The Host-to-Host Layer The Application Layer
TCP and UDP Port Scanning Advanced Port-Scanning Techniques
Idle Scan Port-Scanning Tools
Nmap SuparScan Other Scanning Tools
OS Fingerprinting Passive Fingerprinting Active Fingerprinting
OS Fingerprinting Tools Scanning Countermeasures Summary Key Terms Exercises
Port Scanning with Nmap Port Scanning with SuperScan Using Look@LAN Passive Fingerprinting Active Fingerprinting
Chapter 5 Enumerating Systems Enumeration
SNMP Services SNMP Enumeration Tools SNMP Enumeration Countermeasures
Routing Devices Routing Enumeration Tools Routing Enumeration Countermeasures
Windows Devices Server Message Block and Interprocess Communication Enumeration and the IPC$ Share Windows Enumeration Tools Windows Enumeration Countermeasures
Advanced Enumeration Password Cracking Protecting Passwords
105 105 106 107 111 111 112 113 116 117 120 123 123 126 126 129 129 131 131 134 135 136 139 140 141 141 142 143 144 146
149 149 150 152 153 154 156 158 161 163 164 165 168 170 170 174
xvi Contents
Chapter 6
Chapter 7
Sniffing Password Hashes Exploiting a Vulnerability Buffer Overflows
Summary Key Terms Exercises
SNMP Enumeration Enumerating Routing Protocols Enumeration with DumpSec Rainbow Table Attacks
Automated Attack and Penetration Tools Why Attack and Penetration Tools Are Important Vulnerability Assessment Tools
Source Code Assessment Tools Application Assessment Tools System Assessment Tools
Attributes of a Good System Assessment Tool Nessus
Automated Exploit Tools Metasploit
Metasploit Web Metasploit Console Metasploit Command-Line Interface Updating Metasploit
ExploitTree Exploitation Framework
Core Impact CANVAS
Determining Which Tools to Use Picking the Right Platform Summary Key Terms Exercises
Metasploit BackTrack Metasploit Windows Exploring N-Stalker, a Vulnerability Assessment Tool Exploring the SecurityForest.com Web Site
Understanding Cryptographic Systems Encryption
Secret Key Encryption Data Encryption Standard Triple DES Advanced Encryption Standard
One-Way Functions (Hashes) MD Series
174 175 178 180 180 181 181 184 185 187
189 190 190 191 192 192 194 195 203 203 204 209 211 211 212 212 213 214 214 215 215 216 216 217 219 221 222
225 225 227 229 230 231 231 232
Contents xvii
SHA 232 Public Key Encryption 232
RSA 233 Diffie-Hellman 234 El Gamal 235 Elliptic Curve Cryptosystem 235
Hybrid Cryptosystems 235 Authentication 236
Password Authentication 237 Password Hashing 237 Challenge-Response 240
Session Authentication 241 Public Key Authentication 242 Public Key Infrastructure 242
Certificate Authority 242 Registration Authority 243 Certificate Revocation List 243 Certificate-Based Authentication 243
Biometrics 245 Encryption and Authentication Attacks 247
Extracting Passwords 248 Password Cracking 249
Dictionary Attack ^ 249 Brute-Force Attack 250 Rainbow Table 250
Other Cryptographic Attacks 251 Summary 252 Key Terms 253 Exercises 254
RainbowCrack 254 CrypTool 255 John the Ripper 257
Chapter 8 Defeating Malware 259 The Evolving Threat 259 Viruses and Worms 261
Viruses 261 Worms 264 Timeline 265 Detecting and Preventing 269 Antivirus 269
Trojans 271 Infection Methods 272 Symptoms 273 Weil-Known Trojans 273 Modern Trojans 274 Distributing Trojans 274
xviii Contents
Rootkits Spyware Botnets Phishing Summary Key Terms Exercises
Virus Signatures Building Trojans Rootkits Finding Malware
Securing Wireless Systems Wi-Fi Basics
Wireless Clients and NICs Wireless Access Points Wireless Communication Standards Bluetooth Basics
Wi-Fi Security Wired Equivalent Privacy Wi-Fi Protected Access 802.1x Authentication
Wireless LAN Threats Wardriving
NetStumbler Kismet
Eavesdropping Rogue and Unauthorized Access Points Denial of Service
Exploiting Wireless Networks Finding and Assessing the Network Setting Up Aerodump Configuring Aireplay Deauthentication and ARP Injection Capturing IVs and Cracking the WEP KEY Other Wireless Attack Tools Exploiting Bluetooth
Securing Wireless Networks Defense in Depth Misuse Detection
Summary Key Terms Exercises
Using NetStumbler Using Wireshark to Capture Wireless Traffic
276 278 281 282 282 283 284 284 285 285 289
291 292 293 294 294 296 297 297 299 301 302 302 304 307 307 311 312 313 314 314 315 315 316 317 318 318 318 319 320 321 322 322 323
Contents xix
Chapter 10
Chapter 11
Intrusion Detection Overview of Intrusion Detection and Prevention IDS Types and Components IDS Engines An Overview of Snort
Platform Compatibility Assessing Hardware Requirements
Installing Snort on a Windows System MySQL Limiting Access Installing the Base Components
Basic Configuration Verification of Configuration
Building Snort Rules The Rule Header Logging with Snort Rule Options Creating and Testing a Simple Rule Set
The Snort User Interface IDScenter
Installing IDScenter Configuring IDScenter
Basic Analysis and Security Engine Advanced Snort: Detecting Buffer Overflows Responding to Attacks /Intrusions Summary Key Terms Exercises
Building a Snort Windows System Making a One-Way Data Cable
Forensic Detection Computer Forensics Acquisition
Drive Removal and Fingerprint Drive-Wiping Logical and Physical Copies
Logical Copies Physical Copies Imaging the Drive
Authentication Trace-Evidence Analysis
Browser Cache Email Evidence Deleted/Overwritten Files and Evidence Other Trace Evidence
325 325 326 328 330 331 331 333 333 333 334 337 339 342 343 345 345 347 349 349 349 350 355 356 357 360 360 361 361 363
365 366 367 369 371 372 373 374 374 376 379 382 383 385 386
xx Contents
Hiding Techniques Common File-Hiding Techniques Advanced File-Hiding Techniques Steganography
Antiforensics Summary Key Terms Exercises
Detecting Hidden Files Basic File-Hiding Advanced File-Hiding
Reading Email Headers Use S-Tools to Embed and Encrypt a Message
About the DVD System Requirements Using the DVD What's on the DVD Troubleshooting Customer Care
387 387 389 391 395 396 396 397 397 397 398 399 400
405 405 406 406 408 408
Index 409