Inside Internet Security

Hackers know things that you don't. That's their edge. It's the reason that they are able to break into networks, leaving a path of destruction in their wake. This book discusses some of the tricks of the hacker trade -- things that are well known in the hacker community but all too foreign to the I/T support staff. The intention is to dispel some of the common myths and misconceptions surrounding computer network security which lead to vulnerabilities that hackers can exploit. Techniques and tools for defending against such attacks are also discussed

Contents
Preface
Introduction
Magic or just a trick?
Striking the right balance
'Hacker' disclaimer
Part 1 Sizing up the situation: Security concepts
Chapter 1 Bringing down the Net
1.1 Talking the talk
1.2 Insecure from the start
Chapter 2 Is it safe?
2.1 Rising from the ashes
2.2 You can't have it all
2.3 The hacker's obstacle course
2.4 The lesson of Lord Lovell - or - Too much of a good thing?
2.5 But what's all this going to cost?
2.6 News from the front
Chapter 3 What is a hacker?
3.1 Homogenized hackers?
3.2 Portrait of a hacker
3.3 The joy of hacking
3.4 What do they want?
3.5 The real payback
3.6 An eye for an eye
3.7 Cyberterrorism
3.8 Hacking for fun and profit
3.9 Prime-time hacking
3.10 You've got the money and they've got the time
Chapter 4 Analyzing the risks (and counting the costs)
4.1 Risk Analysis or post mortem
4.2 Acceptable risk
4.3 Sizing up the situation
4.4 Cumulative insecurity
4.5 A meteorite-proof car?
4.6 Cost-effective countermeasures
4.7 Evaluating countermeasures
Chapter 5 The role of policy
5.1 How to mess up a security policy without even trying
5.2 KISS that policy goodbye
5.3 Policy that teaches
5.4 Getting it right
6 Putting all the pieces together
Part 2 The hacker's edge: Internet security vulnerabilities
Chapter 7 What you don't know can hurt you
7.1 Gotcha!
Chapter 8 Hackers don't want you to know that ... firewalls
are just the beginning
8.1 What is a firewall?
8.2 Under the hood
8.3 What a firewall can do
8.4 Drawing the battle lines
8.5 What a firewall should not do ...
8.6 Firewalls and policy
8.7 Holes in the firewall filter
8.8 Traditional firewall options
8.9 Firewalls, firewalls, everywhere ...
8.10 Keeping the firewall in its place
Chapter 9 Hackers don't want you to know that ... not all the bad
guys are 'out there'
9.1 Model employee or spy?
9.2 Good firewalls make good neighbours
9.3 Managing the revolving door
Chapter 10 Hackers don't want you to know that ... humans are
the weakest link
10.1 Hacker or con man?
10.2 It's a dirty job but somebody's going to do it
10.3 I know who you are and what you did
10.4 Plugging the leaks
10.5 The spirit of the law
Chapter 11 Hackers don't want you to know that ... passwords aren't secure
11.1 The problem with passwords
11.2 Insecurity administrators?
11.3 Password guessing
11.4 Password nabbing
11.5 Password cracking
11.6 Throwing the book at them
11.7 Doing it the hard way
11.8 Exceptions to the (password) rules
11.9 Following the rules
11.10 Sign me on
11.11 Are you really you?
11.12 The burden of proof
Chapter 12 Hackers don't want you to know that ... they can see you but
you can't see them
12.1 What's that smell?
12.2 Aroma or stench?
12.3 The 'silent attack'
12.4 Sniffing for sniffers
12.5 Hanging up on the party line
12.6 Moving to a private line
12.7 Choices, choices, choices ...
Chapter 13 Hackers don't want you to know that ... downlevel software
is vulnerable
13.1 It's dCj... vu all over again
13.2 Pardon me, but your buffer is overflowing
13.3 You're breaking me up
13.4 This doesn't belong here!
13.5 A cure that's worse than the disease?
13.6 Exterminating the bugs
13.7 Spreading the word
Chapter 14 Hackers don't want you to know that ... defaults are dangerous
14.1 'De'faults are your faults
14.2 The security afterthought
14.3 Minding the virtual store
Chapter 15 Hackers don't want you to know that ... it takes a thief
to catch a thief
15.1 Levelling the playing field
15.2 Eating from the same trough
15.3 Keeping up with the hackers
Chapter 16 Hackers don't want you to know that ... attacks are getting easier
16.1 A deal with the devil?
16.2 Tools of the hacker trade
16.3 Coming in through the back door
16.4 Burning bridges
16.5 'You've got mail ... bombs'
16.6 I hope you can swim
16.7 Lowering the bar
16.8 The bottom line
Chapter 17 Hackers don't want you to know that ... virus protection
is inadequate
17.1 Merry Christmas and a Happy New Worm
17.2 One good worm deserves another
17.3 Pick your parasite
17.4 Where do they come from?
17.5 How do they spread?
17.6 I'm not feeling so well ...
17.7 Epidemic or hysteria?
17.8 Publish and perish
17.9 The virus is in the mail
17.10 Viruses in the pipes
17.11 Killer viruses!
17.12 The sky is falling!!!
17.13 Crying 'wolf'
17.14 In search of a cure
Chapter 18 Hackers don't want you to know that ... active content is more
active than you think
18.1 Active hacking
Chapter 19 Hackers don't want you to know that ... yesterday's strong
crypto is today's weak crypto
19.1 Cracking 101
19.2 The mathematician's war
19.3 Strong crypto?
19.4 How strong is strong?
19.5 The politics of cryptography
19.6 Securing the information highway for e-business
Chapter 20 Hackers don't want you to know that ... the back door is open
20.1 Lessons from the battlefront
20.2 High-tech defences
20.3 The door swings both ways
20.4 Dialling for dollars
20.5 Switching off
20.6 Locking the back door
Chapter 21 Hackers don't want you to know that ... there's no such thing as
a harmless attack
21.1 E-graffiti
21.2 But it's only ...
21.3 We've only just begun ... to hack
21.4 Winning by losing
21.5 'Unimportant' systems
Chapter 22 Hackers don't want you to know that ... information is
your best defence
22.1 The hacker's prize
22.2 Your best defence
22.3 Information for the masses
22.4 Calling in reinforcements
22.5 Winning the war
Chapter 23 Hackers don't want you to know that ... the future of
hacking is bright
23.1 I see more IT in your future
23.2 Upping the ante
23.3 Naked on the Net
23.4 Networks out of thin air
23.5 Cryptic solutions
23.6 Computers everywhere
23.7 The NC's niche
23.8 Conclusion
Appendix A Crypto tutorial
A.1 The 'key' to understanding crypto
A.2 Symmetric cryptography
A.3 Asymmetric cryptography
A.4 The best of both worlds
A.5 Getting 'carded' in cyberspace
A.6 Digital ink?
Appendix B VPN tutorial
B.1 Inside the VPN tunnel
B.2 VPN defined
B.3 Virtual privacy or virtually private?
B.4 Standards, standards everywhere ...
B.5 Opening the IPSec envelope
B.6 Are you really you?
B.7 Just between you and me
B.8 Who has the key?
B.9 The envelope, please ...
B.10 And if that weren't enough ...
B.11 The light at the end of the tunnel
Glossary
Bibliography
Index