Table of Contents

Credits Preface Chapter 1. Unix Host Security 1. Secure Mount Points 2. Scan for SUID and SGID Programs 3. Scan for World- and Group-Writable Directories 4. Create Flexible Permissions Hierarchies with POSIX ACLs 5. Protect Your Logs from Tampering 6. Delegate Administrative Roles 7. Automate Cryptographic Signature Verification 8. Check for Listening Services 9. Prevent Services from Binding to an Interface 10. Restrict Services with Sandboxed Environments 11. Use proftpd with a MySQL Authentication Source 12. Prevent Stack-Smashing Attacks 13. Lock Down Your Kernel with grsecurity 14. Restrict Applications with grsecurity 15. Restrict System Calls with systrace 16. Create systrace Policies Automatically 17. Control Login Access with PAM 18. Restrict Users to SCP and SFTP 19. Use Single-Use Passwords for Authentication 20. Restrict Shell Environments 21. Enforce User and Group Resource Limits 22. Automate System Updates Chapter 2. Windows Host Security 23. Check Servers for Applied Patches 24. Use Group Policy to Configure Automatic Updates 25. List Open Files and Their Owning Processes 26. List Running Services and Open Ports 27. Enable Auditing 28. Enumerate Automatically Executed Programs 29. Secure Your Event Logs 30. Change Your Maximum Log File Sizes 31. Back Up and Clear the Event Logs 32. Disable Default Shares 33. Encrypt Your Temp Folder 34. Back Up EFS 35. Clear the Paging File at Shutdown 36. Check for Passwords That Never Expire Chapter 3. Privacy and Anonymity 37. Evade Traffic Analysis 38. Tunnel SSH Through Tor 39. Encrypt Your Files Seamlessly 40. Guard Against Phishing 41. Use the Web with Fewer Passwords 42. Encrypt Your Email with Thunderbird 43. Encrypt Your Email in Mac OS X Chapter 4. Firewalling 44. Firewall with Netfilter 45. Firewall with OpenBSD's PacketFilter 46. Protect Your Computer with the Windows Firewall 47. Close Down Open Ports and Block Protocols 48. Replace the Windows Firewall 49. Create an Authenticated Gateway 50. Keep Your Network Self-Contained 51. Test Your Firewall 52. MAC Filter with Netfilter 53. Block Tor Chapter 5. Encrypting and Securing Services 54. Encrypt IMAP and POP with SSL 55. Use TLS-Enabled SMTP with Sendmail 56. Use TLS-Enabled SMTP with Qmail 57. Install Apache with SSL and suEXEC 58. Secure BIND 59. Set Up a Minimal and Secure DNS Server 60. Secure MySQL 61. Share Files Securely in Unix Chapter 6. Network Security 62. Detect ARP Spoofing 63. Create a Static ARP Table 64. Protect Against SSH Brute-Force Attacks 65. Fool Remote Operating System Detection Software 66. Keep an Inventory of Your Network 67. Scan Your Network for Vulnerabilities 68. Keep Server Clocks Synchronized 69. Create Your Own Certificate Authority 70. Distribute Your CA to Clients 71. Back Up and Restore a Certificate Authority with Certificate Services 72. Detect Ethernet Sniffers Remotely 73. Help Track Attackers 74. Scan for Viruses on Your Unix Servers 75. Track Vulnerabilities Chapter 7. Wireless Security 76. Turn Your Commodity Wireless Routers into a Sophisticated Security Platform 77. Use Fine-Grained Authentication for Your Wireless Network 78. Deploy a Captive Portal Chapter 8. Logging 79. Run a Central Syslog Server 80. Steer Syslog 81. Integrate Windows into Your Syslog Infrastructure 82. Summarize Your Logs Automatically 83. Monitor Your Logs Automatically 84. Aggregate Logs from Remote Sites 85. Log User Activity with Process Accounting 86. Centrally Monitor the Security Posture of Your Servers Chapter 9. Monitoring and Trending 87. Monitor Availability 88. Graph Trends 89. Get Real-Time Network Stats 90. Collect Statistics with Firewall Rules 91. Sniff the Ether Remotely Chapter 10. Secure Tunnels 92. Set Up IPsec Under Linux 93. Set Up IPsec Under FreeBSD 94. Set Up IPsec in OpenBSD 95. Encrypt Traffic Automatically with Openswan 96. Forward and Encrypt Traffic with SSH 97. Automate Logins with SSH Client Keys 98. Use a Squid Proxy over SSH 99. Use SSH As a SOCKS Proxy 100. Encrypt and Tunnel Traffic with SSL 101. Tunnel Connections Inside HTTP 102. Tunnel with VTun and SSH 103. Generate VTun Configurations Automatically 104. Create a Cross-Platform VPN 105. Tunnel PPP Chapter 11. Network Intrusion Detection 106. Detect Intrusions with Snort 107. Keep Track of Alerts 108. Monitor Your IDS in Real Time 109. Manage a Sensor Network 110. Write Your Own Snort Rules 111. Prevent and Contain Intrusions with Snort_inline 112. Automatically Firewall Attackers with SnortSam 113. Detect Anomalous Behavior 114. Automatically Update Snort's Rules 115. Create a Distributed Stealth Sensor Network 116. Use Snort in High-Performance Environments with Barnyard 117. Detect and Prevent Web Application Intrusions 118. Scan Network Traffic for Viruses 119. Simulate a Network of Vulnerable Hosts 120. Record Honeypot Activity Chapter 12. Recovery and Response 121. Image Mounted Filesystems 122. Verify File Integrity and Find Compromised Files 123. Find Compromised Packages 124. Scan for Rootkits 125. Find the Owner of a Network Index

About the Author

Andrew Lockhart is originally from South Carolina, but currently resides in northern Colorado where he spends his time trying to learn the black art of auditing disassembled binaries and trying to keep from freezing to death. He holds a BS in computer science from Colorado State University and has done security consulting for small businesses in the area. However, he currently works at a Fortune 100 company when not writing. In his free time he works on Snort-Wireless, a project intended to add wireless intrusion detection popular OpenSource IDS Snort.