Cover image for SANS GIAC certification : security essentials toolkit (GSEC)
Title:
SANS GIAC certification : security essentials toolkit (GSEC)
Author:
Cole, Eric.
Personal Author:
Publication Information:
Indianapolis, Ind. : Que, [2002]

©2002
Physical Description:
xiv, 368 pages : illustrations ; 28 x 22 cm
General Note:
Includes index.
Language:
English
ISBN:
9780789727749
Format :
Book

Available:*

Library
Call Number
Material Type
Home Location
Status
Central Library QA76.3 .C654 2002 Adult Non-Fiction Non-Fiction Area-Oversize
Searching...

On Order

Summary

Summary

Master the tools of the network security trade with the official book from SANS Press! You need more than a hammer to build a house, and you need more than one tool to secure your network. Security Essentials Toolkit covers the critical tools that you need to secure your site, showing you why, when, and how to use them. Based on the SANS Institute's renowned Global Information Assurance Certification (GIAC) program, this book takes a workbook-style approach that gives you hands-on experience and teaches you how to install, configure, and run the best security tools of the trade.


Author Notes

About the Authors

Eric Cole has worked in the information security arena for more than 10 years. He holds several professional certifications and has helped develop several of the SANS GIAC certifications and corresponding courses. Eric has a BS and MS in computer science from New York Institute of Technology and is completing his Ph.D. in network security. He has extensive experience with all aspects of information security including the following: cryptography, stenography, intrusion detection, NT security, Unix security, TCP/IP and network security, Internet security, router security, security assessment, penetration testing, firewalls, secure Web transactions, electronic commerce, SSL, TLS,IPSec, and information warfare.

Eric has created and headed up corporate security for several large organizations, built several security consulting practices, and worked for more than five years at the Central Intelligence Agency. He was an adjunct professor at New York Institute of Technology and is currently an adjunct professor at Georgetown University. Eric is author of the book Hackers Beware and contributing author to Know Thy Enemy: The HoneyNet Project. Eric teaches a wide range of courses for SANS and is actively involved with several of there search projects that SANS is performing. He led the SANS Top 20 vulnerability consensus project and is actively involved with the Cyber Defense Initiative.

Mathew Newfield serves as a Senior Security Analyst for TruSecure Corporation. His background includes penetration testing, security architecture, and design and network consulting. He currently works with several companies in securing their environments and obtaining corporate security certifications.

John M. Millican has been providing information consulting services since 1978. During that time, he has supported numerous versions of Unix, including AT&T, CTIX, SCO Unix, AIX, Unixware, and Linux. John was the first person to earn all the GIAC Level 2 Certifications offered by the SANS Institute. He is certified by SANS GIAC for Intrusion Detection In Depth (GCIA); Advanced Incident Handling and Hacking Exploits (GCIH); Firewalls, VPNs, and Perimeter Protection (GCFW); Securing Windows (GCFW); Securing Unix (GCUX); and Auditing Networks, Perimeters, and Systems (GCNA). He is currently the chairman of the SANS Unix Security Certification Board. John also assisted in the development of the SANS Security Essentials Bootcamp.

Technical Reviewers

Mike Poor is a security analyst for Compugenx, a Washington, D.C.-based consulting company. He holds SANS, GSEC, and GCIA certifications. As a security analyst, he conducts vulnerability assessments, penetration tests and security audits and administers intrusion detection systems. Previously, Mike has worked in network engineering and systems, network, and Web administration. He is currently working on merging Snort, Shadow, and ngrep to bring more analytical power to the analyst.

.

Sheila Ettinger is gainfully employed as a Unix Systems Administrator at Concordia University in Montreal. In her previous life, she worked in contract research and as a technical writer, software tester, and Windows trainer. Sheila is currently part of the design team involved in a project to reorganize Concordia''s IT services. (She is being dragged kicking and screaming into the world of Active Directory. We''ll let you know if she survives.)

In addition to her day job, Sheila teaches evening computer courses at Concordia''s Center for Continuing Education and is a Program Consultant for the center''s Computer Institute. In her down time, she enjoys playing clarinet in a number of community concert bands and taking courses in the university''s music department.

David Goldsmith has been working in the computer and network industry for over 10 years, of which he has focused the last 3 on Internet connectivity and system/network security. From 1990 to 1995, he worked for the USMC as a system/network administrator and systems engineer. From 1995 to 1999, he worked for Ocean Systems Engineering Corporation providing system administration and network security support for the USMC. David currently has his own business, Rappahannock Technologies, Incorporated, which focuses on providing network security consulting services to commercial companies. He holds a degree in computer science from the University of California, San Diego.


Table of Contents

Introductionp. 1
Who Should Read This Bookp. 1
What's in This Bookp. 2
Conventions Used in This Bookp. 2
I Security Overviewp. 5
Introduction to Security Toolsp. 5
Exercise 1 Configuring Your Systemp. 9
Descriptionp. 9
Requirementsp. 9
Challenge Procedurep. 10
Challenge Procedure Step-by-Stepp. 10
Additional Readingp. 29
Summaryp. 29
Acronyms Listp. 29
Part 1 Security Overview
2 Trojansp. 41
Exercise 1 Trust Relationshipsp. 41
Descriptionp. 41
Objectivep. 42
Requirementsp. 42
Challenge Procedurep. 42
Challenge Procedure Step-by-Stepp. 43
Additional Readingp. 44
Summaryp. 44
Exercise 2 Trojan Software NetBusp. 45
Descriptionp. 45
Objectivep. 45
Requirementsp. 45
Challenge Procedurep. 45
Challenge Procedure Step-by-Stepp. 45
Additional Readingp. 48
Summaryp. 48
Exercise 3 Trojan Software SubSevenp. 49
Descriptionp. 49
Objectivep. 49
Requirementsp. 49
Challenge Procedurep. 49
Challenge Procedure Step-by-Stepp. 49
Additional Readingp. 53
Summaryp. 53
3 Host-Based Intrusion Detectionp. 55
Exercise 1 TCP Wrappersp. 55
Descriptionp. 55
Objectivep. 56
Requirementsp. 56
Challenge Procedurep. 56
Challenge Procedure Step-by-Stepp. 56
Additional Readingp. 59
Summaryp. 59
Exercise 2 xinetdp. 60
Descriptionp. 60
Objectivep. 60
Requirementsp. 60
Challenge Procedurep. 60
Challenge Procedure Step-by-Stepp. 61
Additional Readingp. 65
Summaryp. 65
Exercise 3 Tripwirep. 66
Descriptionp. 66
Objectivep. 66
Requirementsp. 66
Challenge Procedurep. 66
Challenge Procedure Step-by-Stepp. 67
Additional Readingp. 73
Summaryp. 73
Exercise 4 Swatchp. 74
Descriptionp. 74
Objectivep. 74
Requirementsp. 74
Challenge Procedurep. 74
Challenge Procedure Step-by-Stepp. 74
Additional Readingp. 78
Summaryp. 78
Exercise 5 PortSentryp. 79
Descriptionp. 79
Objectivep. 79
Requirementsp. 79
Challenge Procedurep. 79
Challenge Procedure Step-by-Stepp. 79
Additional Readingp. 82
Summaryp. 82
Exercise 6 Auditing Your Systemp. 83
Descriptionp. 83
Objectivep. 83
Requirementsp. 83
Challenge Procedurep. 83
Challenge Procedure Step-by-Stepp. 83
Additional Readingp. 88
Summaryp. 88
4 Network-Based Intrusion Detectionp. 89
Exercise 1 Sniffing with tcpdumpp. 89
Descriptionp. 89
Objectivep. 89
Requirementsp. 89
Challenge Procedurep. 90
Challenge Procedure Step-by-Stepp. 90
Additional Readingp. 93
Summaryp. 93
Exercise 2 Nuking a Systemp. 94
Descriptionp. 94
Objectivep. 94
Requirementsp. 94
Challenge Procedurep. 94
Challenge Procedure Step-by-Stepp. 94
Additional Readingp. 98
Summaryp. 98
Exercise 3 Snortp. 99
Descriptionp. 99
Objectivep. 99
Requirementsp. 99
Challenge Procedurep. 99
Challenge Procedure Step-by-Stepp. 99
Additional Readingp. 103
Summaryp. 103
5 Firewallsp. 105
Exercise 1 Personal Firewalls and ZoneAlarmp. 105
Descriptionp. 105
Objectivep. 105
Requirementsp. 105
Challenge Procedurep. 105
Challenge Procedure Step-by-Stepp. 105
Additional Readingp. 109
Summaryp. 109
Exercise 2 Tiny Firewallp. 110
Descriptionp. 110
Objectivep. 110
Requirementsp. 110
Challenge Procedurep. 110
Challenge Procedure Step-by-Stepp. 110
Additional Readingp. 116
Summaryp. 116
Exercise 3 ipchainsp. 117
Descriptionp. 117
Objectivep. 118
Requirementsp. 118
Challenge Procedurep. 118
Challenge Procedure Step-by-Stepp. 118
Additional Readingp. 124
Summaryp. 124
6 Scanning Toolsp. 125
Exercise 1 Scanning with Nmapp. 125
Descriptionp. 125
Objectivep. 125
Requirementsp. 125
Challenge Procedurep. 126
Challenge Procedure Step-by-Stepp. 126
Additional Readingp. 130
Summaryp. 130
Exercise 2 Scanning with SuperScanp. 131
Descriptionp. 131
Objectivep. 131
Requirementsp. 131
Challenge Procedurep. 131
Challenge Procedure Step-by-Stepp. 132
Summaryp. 135
Exercise 3 Vulnerability Scanning with Nessusp. 136
Descriptionp. 136
Objectivep. 136
Requirementsp. 136
Challenge Procedurep. 136
Challenge Procedure Step-by-Stepp. 136
Additional Readingp. 140
Summaryp. 140
Exercise 4 Legionp. 141
Descriptionp. 141
Objectivep. 141
Requirementsp. 141
Challenge Procedurep. 141
Challenge Procedure Step-by-Stepp. 141
Summaryp. 144
Exercise 5 hping2p. 145
Descriptionp. 145
Objectivep. 145
Requirementsp. 145
Challenge Procedurep. 145
Challenge Procedure Step-by-Stepp. 145
Additional Readingp. 148
Summaryp. 149
Part II Security Concepts
7 Understanding Exploitsp. 153
Exercise 1 Null Session Exploitsp. 153
Descriptionp. 153
Objectivep. 153
Requirementsp. 154
Challenge Procedurep. 154
Challenge Procedure Step-by-Stepp. 154
Additional Readingp. 155
Summaryp. 155
Exercise 2 Extracting Information with DumpSecp. 156
Descriptionp. 156
Objectivep. 156
Requirementsp. 156
Challenge Procedurep. 156
Challenge Procedure Step-by-Stepp. 156
Additional Readingp. 159
Summaryp. 159
8 Security Policyp. 161
Exercise 1 Developing a Security Policyp. 161
Descriptionp. 161
Objectivep. 161
Requirementsp. 161
Challenge Procedurep. 161
Challenge Procedure Step-by-Stepp. 161
Additional Readingp. 165
Summaryp. 165
9 Password Crackingp. 167
Exercise 1 John the Ripperp. 167
Descriptionp. 167
Objectivep. 167
Requirementsp. 167
Challenge Procedurep. 168
Challenge Procedure Step-by-Stepp. 168
Additional Readingp. 170
Summaryp. 170
Exercise 2 LOpht Crack (LC3)p. 171
Descriptionp. 171
Objectivep. 171
Requirementsp. 171
Challenge Procedurep. 171
Challenge Procedure Step-by-Stepp. 171
Additional Readingp. 176
Summaryp. 176
10 Forensic Backupsp. 177
Exercise 1 Disk Imaging with Ghostp. 177
Descriptionp. 177
Objectivep. 177
Requirementsp. 177
Challenge Procedurep. 177
Challenge Procedure Step-by-Stepp. 178
Additional Readingp. 186
Summaryp. 186
Exercise 2 Forensics with ddp. 187
Descriptionp. 187
Objectivep. 187
Requirementsp. 187
Challenge Procedurep. 187
Challenge Procedure Step-by-Stepp. 187
Additional Readingp. 189
Summaryp. 190
11 Denial of Service and Deception Attacksp. 191
Exercise 1 Denial of Service with TFN2Kp. 191
Descriptionp. 191
Objectivep. 191
Requirementsp. 191
Challenge Procedurep. 192
Challenge Procedure Step-by-Stepp. 192
Summaryp. 194
Exercise 2 Deception with Fragrouterp. 195
Descriptionp. 195
Objectivep. 195
Requirementsp. 195
Challenge Procedurep. 195
Challenge Procedure Step-by-Stepp. 195
Summaryp. 198
12 Web Securityp. 199
Exercise 1 Web Security with BlackWidowp. 199
Descriptionp. 199
Objectivep. 199
Requirementsp. 199
Challenge Procedurep. 200
Challenge Procedure Step-by-Stepp. 200
Additional Readingp. 202
Summaryp. 202
Exercise 2 Web Security with WebSleuthp. 203
Descriptionp. 203
Objectivep. 203
Requirementsp. 203
Challenge Procedurep. 203
Challenge Procedure Step-by-Stepp. 204
Additional Readingp. 208
Summaryp. 208
Exercise 3 Finding Web Vulnerabilities with Whiskerp. 209
Descriptionp. 209
Objectivep. 209
Requirementsp. 209
Challenge Procedurep. 210
Challenge Procedure Step-by-Stepp. 210
Additional Readingp. 214
Summaryp. 214
Part III Network Security
13 Network Designp. 217
Exercise 1 Cisco ConfigMakerp. 217
Descriptionp. 217
Objectivep. 217
Requirementsp. 217
Challenge Procedurep. 217
Challenge Procedure Step-by-Stepp. 218
Additional Readingp. 235
Summaryp. 235
14 Base Conversions, IP Addressing, and Subnettingp. 237
Exercise 1 Binary Conversionp. 237
Descriptionp. 237
Objectivep. 237
Requirementsp. 237
Challenge Questionsp. 237
Challenge Procedure Step-by-Stepp. 237
Challenge Solutionp. 238
Additional Readingp. 238
Summaryp. 238
Exercise 2 Subnettingp. 239
Descriptionp. 239
Objectivep. 239
Requirementsp. 239
Challenge Procedurep. 240
Challenge Procedure Step-by-Stepp. 240
Additional Readingp. 244
Summaryp. 244
15 Network Security Toolsp. 245
Exercise 1 Router ACLsp. 245
Descriptionp. 245
Objectivep. 245
Requirementsp. 245
Challenge Procedurep. 245
Challenge Procedure Step-by-Stepp. 246
Additional Readingp. 248
Summaryp. 248
Exercise 2 Scanning Hosts with Ping Warp. 249
Descriptionp. 249
Objectivep. 249
Requirementsp. 249
Challenge Procedurep. 249
Challenge Procedure Step-by-Stepp. 249
Additional Readingp. 252
Summaryp. 252
Exercise 3 Analysis with Etherealp. 253
Descriptionp. 253
Objectivep. 254
Requirementsp. 254
Challenge Procedurep. 254
Challenge Procedure Step-by-Stepp. 254
Summaryp. 269
Part IV Secure Communications
16 Secure Communicationsp. 273
Exercise 1 PGPp. 273
Descriptionp. 273
Objectivep. 273
Requirementsp. 273
Challenge Procedurep. 274
Challenge Procedure Step-by-Stepp. 274
Additional Readingp. 277
Summaryp. 277
Exercise 2 Steganography with JPHSp. 278
Descriptionp. 278
Objectivep. 278
Requirementsp. 278
Challenge Procedurep. 278
Challenge Procedure Step-by-Stepp. 278
Summaryp. 284
Exercise 3 Steganography with S-Toolsp. 285
Descriptionp. 285
Objectivep. 285
Requirementsp. 285
Challenge Procedurep. 285
Challenge Procedure Step-by-Stepp. 285
Additional Readingp. 288
Summaryp. 288
Part V Windows
17 Windows Securityp. 291
Exercise 1 Security Configuration and Analysisp. 291
Descriptionp. 291
Objectivep. 291
Requirementsp. 291
Challenge Procedurep. 291
Challenge Procedure Step-by-Stepp. 292
Additional Readingp. 296
Summaryp. 296
Exercise 2 Startup Copp. 297
Descriptionp. 297
Objectivep. 297
Requirementsp. 297
Challenge Procedurep. 297
Challenge Procedure Step-by-Stepp. 297
Summaryp. 299
Exercise 3 Hfnetchkp. 300
Descriptionp. 300
Objectivep. 300
Requirementsp. 300
Challenge Procedurep. 300
Challenge Procedure Step-by-Stepp. 300
Additional Readingp. 304
Summaryp. 304
Exercise 4 Mpsap. 305
Descriptionp. 305
Objectivep. 305
Requirementsp. 305
Challenge Procedurep. 305
Challenge Procedure Step-by-Stepp. 305
Summaryp. 307
Exercise 5 How to Baseline and Audit Your Systemp. 308
Descriptionp. 308
Objectivep. 308
Requirementsp. 308
Challenge Procedurep. 308
Challenge Procedure Step-by-Stepp. 308
Additional Readingp. 314
Summaryp. 314
Exercise 6 Backupsp. 315
Descriptionp. 315
Objectivep. 315
Requirementsp. 315
Challenge Procedurep. 315
Challenge Procedure Step-by-Stepp. 315
Additional Readingp. 320
Summaryp. 321
Exercise 7 IIS Lockdownp. 322
Descriptionp. 322
Objectivep. 322
Requirementsp. 322
Challenge Procedurep. 322
Challenge Procedure Step-by-Stepp. 322
Additional Readingp. 325
Summaryp. 325
Exercise 8 Socket80p. 326
Descriptionp. 326
Objectivep. 326
Requirementsp. 326
Challenge Procedurep. 326
Challenge Procedure Step-by-Stepp. 326
Additional Readingp. 329
Summaryp. 329
Part VI Unix
18 Unixp. 333
Exercise 1 The Unix File Systemp. 333
Descriptionp. 333
Objectivep. 333
Requirementsp. 333
Challenge Procedurep. 333
Challenge Procedure Step-by-Stepp. 333
Additional Readingp. 338
Summaryp. 338
Exercise 2 Sudop. 339
Descriptionp. 339
Objectivep. 339
Requirementsp. 339
Challenge Procedurep. 339
Challenge Procedure Step-by-Stepp. 339
Additional Readingp. 342
Summaryp. 342
Exercise 3 Unix Permissionsp. 343
Descriptionp. 343
Objectivep. 343
Requirementsp. 343
Challenge Procedurep. 343
Challenge Procedure Step-by-Stepp. 343
Additional Readingp. 345
Summaryp. 345
Exercise 4 Unix Network Commandsp. 346
Descriptionp. 346
Objectivep. 346
Requirementsp. 346
Challenge Procedurep. 346
Challenge Procedure Step-by-Stepp. 346
Additional Readingp. 347
Summaryp. 347
Exercise 5 Log Filesp. 348
Descriptionp. 348
Objectivep. 348
Requirementsp. 348
Challenge Procedurep. 348
Challenge Procedure Step-by-Stepp. 348
Additional Readingp. 350
Summaryp. 350
Exercise 6 tarp. 351
Descriptionp. 351
Objectivep. 351
Requirementsp. 351
Challenge Procedurep. 351
Challenge Procedure Step-by-Stepp. 351
Additional Readingp. 352
Summaryp. 352
19 Summaryp. 353
Indexp. 355

Google Preview