This book is a practical guide for anyone designing or administering a corporate or e-business network that runs across a number of platforms via the Internet. It will arm systems administrators with a thorough understanding of the problems of network security and their solutions, and thus help realize the tremendous potential of e-business.
With the explosion growth of e-commerce and the opening up of corporate networks to external customers, security is now the number one issue for networking professionals. Concerns about hackers and the possible damage they can do to a business, and the potential vulnerabilities of a system can be overwhelming and can create an unhealthy business environment.
However, a great deal of this is based on lack of information as to exactly how hackers approach their task, and of the exact vulnerabilities that they prey on. In this book, Jeff Crume dispels this fear by putting these threats into perspective and allowing realistic defense mechanisms to be created, to the extent that security becomes a business enabler, rather than inhibitor.
Inside Internet Security describes the underlying principles that crop up again and again in hacker attacks, and then progresses focus on lessons that can be learned, and on how to protect against recurrence.
Practical hands-on advice on securing networked systems
Security checklists for common scenarios
Pointers to other detailed information sources
In-depth theoretical background information
Real-world Examples of actual attacks
A glimpse into the future of IT security
Click below for Sample Chapter related to this title:
Table of Contents
I. SIZING UP THE SITUATION: SECURITY CONCEPTS.
1. Bringing down the Net
2. Is it safe?
3. What is a hacker?
4. Analyzing the risks (and counting the costs)
5. The role of policy
6. Putting all the pieces together
II. THE HACKER'S EDGE: INTERNET SECURITY VULNERABILITIES7. What you don't know can hurt you
8. Hackers don't want you to know that ... firewalls are just the beginning
9. Hackers don't want you to know that...not all the bad guys are 'out there'
10. Hackers don't want you to know that ... humans are the weakest link
11. Hackers don't want you to know that ... passwords aren't secure
12. Hackers don't want you to know that ... they can see you but you can't see them13. Hackers don't want you to know that ... downlevel software is vulnerable
14. Hackers don't want you to know that ... defaults are dangerous
15. Hackers don't want you to know that ... it takes a thief to catch a thief
16. Hackers don't want you to know that ... attacks are getting easier
17. Hackers don't want you to know that ... virus protection is inadequate
18. Hackers don't want you to know that ... active content is more active than you think
19. Hackers don't want you to know that ... yesterday's strong crypto is today's weak crypto
20. Hackers don't want you to know that ... the back door is open
21. Hackers don't want you to know that ... there's no such thing as a harmless attack
22. Hackers don't want you to know that ... information is your best defence
23. Hackers don't want you to know that ... the future of hacking is bright
Appendix A: Crypto tutorialAppendix B: VPN tutorial
One evening, my eight-year-old daughter said excitedly, 'Dad, I want to tell you something.' She then announced with great pride that she had a 'secret password', which was only for her use in the school's computer lab and, since it was a secret, she was not going to tell me what it was, no matter what! She derived great satisfaction from knowing something I didn't (not the first time or the last, I'm sure!). She had been frustrated that I would not tell her the password needed to operate my laptop computer. The fact that this system contained confidential corporate information and that divulging it could cost me my job and my employer far more was lost on her. How could I keep such a secret from her? She wasn't going to tell anybody! Her indignation had now, at least to some extent, been quenched by the fact that the shoe was now on the other foot.
After letting her revel in this great personal triumph for a few moments, I mentioned that the book she had seen me working on for the past year had a whole section on secret passwords and how computer hackers can often figure them out. She was astonished. Why would I want to tell people how to steal passwords? I explained that I wanted to help people understand how to choose better passwords so that they couldn't be stolen so easily. I added that such information is something that hackers would rather not have everyone know because it could make their job a lot more difficult. 'Oh, so that's why you called the book What hackers don't want you to know ..., right?' she responded. 'That must mean you're an "unhacker".' I confessed that I hadn't thought of it that way, but I guessed she was right - maybe it was time to change my business cards ...
My introduction to hacking came when I was in high school in the late 1970s. It began with writing password stealers on the school's DEC PDP-11 minicomputer. Programs were written in the BASIC programming language and accessed via 300 baud acoustic coupled modems which caused garbage to be spewed across the screen if someone slammed the door to the computing lab. From that environment, which sounds unbelievably ancient and crude by today's standards, my compatriots and I streamed together almost unintelligible lines of code that could perfectly emulate the logon sequence and trick unsuspecting users into giving up their passwords. It was quite a thrill when we got them to work.
A key difference between me and the other guys that hung out in the lab after school, though, was that I never felt the need to actually steal another person's password. In other words, it was sufficiently exciting for me merely to know that I could do it so I never felt the need to break any rules. The paradoxical lesson of martial arts training is that you learn to fight so you won't have to. In other words, the mastery of the skills leads to confidence, which leads to self-control, which makes violence essentially unnecessary.
I first peeked inside the mind of a hacker during those pre-Internet days. I was fascinated by what some of the truly gifted hackers could do and equally taken by their reaction to it. The insatiable curiosity, astonishing ingenuity and singular focus on accomplishing a seemingly impossible task were qualities that inspired admiration. On the other hand, the delicate egos, secretive nature, antisocial behaviour and questionable ethics stripped away any remaining illusions. In any case, though, I owe a debt of gratitude to these technologically brilliant classmates who whetted my appetite for computers and the security issues that inevitably come with them, for in doing so they unknowingly provided me with a great deal of material for this book.