Publisher: McGraw-Hill Professional
In every day life people do all sorts of things with all sorts of tools. But, do they get it right? Every tool has to be used in a certain manner, and if one doesnít know how to use it, the result can be damage. It's the same is with computer and network security tools. Before you can select the right tools for the job, you have to know what tools are available and learn how to use them.
This book is a comprehensive guide through the field of security tools that provides advice on how to use them. The authors cover tools for auditing and prevention, detection of incidents, investigation, response and remediation. It is important to stress that this book gives knowledge about the usage of certain tools, and not comprehensive methodologies for securing a computer network.
About the authors
Mike Shema is the Director of Research for NT Objectives, Inc., where he is working on improving the accuracy and scope of application security testing techniques and tools. He has performed security tests ranging from network penetrations to firewall and VPN reviews to web applications reviews. He is the author of the "HackNotes Web Security Pocket Reference" and co-author of "Hacking Exposed Web Applications".
Bradley C. Johnson is a network security specialist with a great deal of experience designing, implementing, and maintaining secure networks. He is involved in secure network and infrastructure design; secure network implementation, UNIX computer/network security training, and computer/network security assessments. He is the co-author, with Mike Shema, of the first edition of this book.
Inside the book
The first part of the book describes multifunctional tools which can be used in several different scenarios and for different operating systems. Here you get acquainted with Netcat and Cryptcat. These two tools have many uses like: obtaining remote access to a shell or stealthy port scanning, service spilling, etc. Netcat is explained through a few uses, while Cryptcat is shortly briefed as Netcat with encryption.
As we move on, the X Windows System architecture is laid out. What the authors wanted to stress here is the idea of the potential security risks you take when running X-based applications. Although X isnít a security tool, itís usefully described how it works and how to secure it since it handles your keyboard, mouse, and output screen.
Almost every IT professional has a dual-boot workstation with both Windows and UNIX. By simply rebooting their system they can work with a different interface. To avoid constant rebooting, many use emulators which provide the ability to execute an application in an alternative environment. VMware is one such emulator - it enables you to run multiple operating systems concurrently. This part of the book covers the download and installation of the emulator, its configuration and implementation. Open source alternatives are also brought forth.
Part two of the book covers tools for auditing and defending the hosts. Here you learn about port scanners, UNIX and Windows enumeration tools, web hacking tools, password cracking and brute-force tools, host hardening tools, and more.
Port scanners are useful because they help identify potential targets. Presented here are Nmap, TCH-Amap, Netscantools, SuperScan, IPEye, ScanLine, WUPS, and Udp_scan. Each of these tools is briefly described through their usage and process of installation and implementation. Some case studies are included and the authors describe the basic methods of TCP and UDP port scanning as well as OS fingerprinting, followed by examples. Three case studies help you learn about the types of ports found on the host, the technique of banner grabbing and how a hostís operating system might be identified.
What follows is a presentation on UNIX and Windows. For all the tools mentioned here, the authors write about their implementation and some beginner usage. This chapter also hosts a long list of tools options as well as a few case studies.
With the same approach as in earlier chapters, readers can learn about web hacking tools. The authors discuss tools used to check a web server for common vulnerabilities (such as Nikto and Stealth). Also, a handful of tools described here address web applications security problems (Achilles, WebSleuth, etc.).
The tendency to crack passwords exists as long as passwords do. Password management is surely important because one weak password can circumvent all the installed security measures. The authors start with Windows and UNIX password policies and then show you the process of cracking passwords with John the Ripper and L0pthCrack. Next they present tools for grabbing Windows password hashes and some brute-force tools. A really interesting read are the case studies that come afterwards.
Presented simply are simple source auditing tools: Flawfinder, which collects the most common C and C++ programming errors; and RATS, that smoothes rough edges of C, C++, Perl, PHP, Python or OpenSSL applications. What follows is a presentation of Nessus, the STAT suite of commercial products, Retina, Tripwire, etc.
Part three of the book covers network auditing and defending tools - firewalls, network reconnaissance tools, sniffers, wireless tools, war dialers, and TCP/IP stack tools.
Certain network services should be run only from behind a firewall. In order to learn how to use a firewall properly the readers get some basic theory material, followed by NAT devices, port forwarding, and a VPN and DMZ explanation. In this part the authors additionally include both freeware and commercial firewalls.
Another interesting category of tools is comprised of sniffers. They listen and record any raw data that passes through the network interface. Sniffers are not as dangerous as they once were because of the increasing usage of encryption. But, if you want to diagnose network problems, you will certainly use them at some point. Wireless networks offer the convenience of mobility and reduce the amount of network equipment. After reviewing a few wireless terms, the authors present two wireless tools: NetStumbler and AiroPeek. The main difference between the two is the capability of displaying web traffic that AiroPeek has. Both NetStumbler and AiroPeek identify wireless access points and peer networks. Wellenreiter and Kismet, also describe here, have the same capabilities, but they are used on Linux platforms.
Introduced are also TCP/IP Stack tools that can help you verify access control lists and patch levels. They can be used to create arbitrary TCP, UDP, or DNS packets. They provide a method for analyzing how servers respond to Denial of Service attacks.
Part four describes computer forensics and incident response tools. This chapter will teach you how to create a bootable response media that contains all tools needed to perform a proper analysis of a compromised system. Linux, UNIX and Windows toolkits are presented, each with their own features. When an investigation takes place, itís usually a good idea to obtain a forensic image of the computer involved in the incident. There are a several choices of forensics duplication tool kits and some are presented here.
The last part of this massive volume is comprised of 2 appendixes. Appendix A contains useful charts and diagrams that help the reader in security-related endeavors. It shows protocol headers and ASCII table. Appendix B covers CD-ROM material.
About the CD-ROM
The CD-ROM included with this book contains the 40 security tools covered in the book and some links to the web sites with the latest versions of security related tools. The list of tools shows: name of the tool, purpose of the tool, OS, license type and URL.
My 2 cents
For network managers and administrators itís very important to find the vulnerabilities on their system before someone else does. This book is an excellent guide that IT professionals must keep handy. Itís organized by category and that makes it easier to provide complete details.
I can recommend this book to basically anybody interested in computer security. This book must be on your bookshelf as it will definitely point you in the right direction and enable you to choose the right tool for the job every time.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.