Maximum Security: A Hacker's Guide to
Protecting Your Internet Site and
Network
Table of Contents:
• Introduction
I Setting the Stage
• Chapter 1 - Why Did I Write This Book?
• Chapter 2 - How This Book Will Help You
• Chapter 3 - Hackers and Crackers
• Chapter 4 - Just Who Can Be Hacked, Anyway?
II Understanding the Terrain
• Chapter 5 - Is Security a Futile Endeavor?
• Chapter 6 - A Brief Primer on TCP/IP
• Chapter 7 - Birth of a Network: The Internet
• Chapter 8 - Internet Warfare
III Tools
• Chapter 9 - Scanners
• Chapter 10 - Password Crackers
• Chapter 11 - Trojans
• Chapter 12 - Sniffers
• Chapter 13 - Techniques to Hide One's Identity
• Chapter 14 - Destructive Devices
IV Platforms and Security
• Chapter 15 - The Hole
• Chapter 16 - Microsoft
• Chapter 17 - UNIX: The Big Kahuna
, • Chapter 18 - Novell
• Chapter 19 - VAX/VMS
• Chapter 20 - Macintosh
• Chapter 21 - Plan 9 from Bell Labs
V Beginning at Ground Zero
• Chapter 22 - Who or What Is Root?
• Chapter 23 - An Introduction to Breaching a Server Internally
• Chapter 24 - Security Concepts
VI The Remote Attack
• Chapter 25 - The Remote Attack
• Chapter 26 - Levels of Attack
• Chapter 27 - Firewalls
• Chapter 28 - Spoofing Attacks
• Chapter 29 - Telnet-Based Attacks
• Chapter 30 - Language, Extensions, and Security
VII The Law
• Chapter 31 - Reality Bytes: Computer Security and the Law
VIII Appendixes
• Appendix A - How to Get More Information
• Appendix B - Security Consultants
• Appendix C - A Hidden Message About the Internet
• Appendix D - What's on the CD-ROM
© Copyright, Angel722 Computer Publishing. All rights reserved.
, Maximum Security:
A Hacker's Guide to Protecting Your
Internet Site and Network
Dedication
This book is dedicated to Michelle, whose presence has rendered me a prince among
men.
Acknowledgments
My acknowledgments are brief. First, I would like to acknowledge the folks at Sams,
particularly Randi Roger, Scott Meyers, Mark Taber, Blake Hall, Eric Murray, Bob
Correll, and Kate Shoup. Without them, my work would resemble a tangled, horrible
mess. They are an awesome editing team and their expertise is truly extraordinary.
Next, I extend my deepest gratitude to Michael Michaleczko, and Ron and Stacie
Latreille. These individuals offered critical support, without which this book could not
have been written.
Also, I would like to recognize the significant contribution made by John David Sale, a
network security specialist located in Van Nuys, California. His input was invaluable. A
similar thanks is also extended to Peter Benson, an Internet and EDI Consultant in Santa
Monica, California (who, incidentally, is the current chairman of ASC X12E). Peter's
patience was (and is) difficult to fathom. Moreover, I forward a special acknowledgment
to David Pennells and his merry band of programmers. Those cats run the most robust
and reliable wire in the southwestern United States.
About the Author
The author describes himself as a "UNIX propeller head" and is a dedicated advocate of
the Perl programming language, Linux, and FreeBSD.
After spending four years as a system administrator for two California health-care firms,
the author started his own security-consulting business. Currently, he specializes in
testing the security of various networking platforms (breaking into computer networks
and subsequently revealing what holes lead to the unauthorized entry) including but not
limited to Novell NetWare, Microsoft Windows NT, SunOS, Solaris, Linux, and
Microsoft Windows 95. His most recent assignment was to secure a wide area network
that spans from Los Angeles to Montreal.
The author now lives quietly in southern California with a Sun SPARCStation, an IBM
RS/6000, two Pentiums, a Macintosh, various remnants of a MicroVAX, and his wife.
, In the late 1980s, the author was convicted of a series of financial crimes after developing
a technique to circumvent bank security in Automatic Teller Machine systems. He
therefore prefers to remain anonymous.
Tell Us What You Think!
As a reader, you are the most important critic and commentator of our books. We value
your opinion and want to know what we're doing right, what we could do better, what
areas you'd like to see us publish in, and any other words of wisdom you're willing to
pass our way. You can help us make strong books that meet your needs and give you the
computer guidance you require.
Do you have access to the World Wide Web? Then check out our site at
http://www.mcp.com.
NOTE: If you have a technical question about this book, call the technical support line at
317-581-3833 or send e-mail to .
As the team leader of the group that created this book, I welcome your comments. You
can fax, e-mail, or write me directly to let me know what you did or didn't like about this
book--as well as what we can do to make our books stronger. Here's the information:
FAX: 317-581-4669
E-mail:
Mark Taber
Mail:
Mark Taber
Comments Department
Sams Publishing
201 W. 103rd Street
Indianapolis, IN 46290
Introduction
I want to write a few words about this book and how it should be used. This book is not
strictly an instructional, or "How To" book. Its purpose is to get you started on a solid
education in Internet security. As such, it is probably constructed differently from any
computer book you have ever read.
Although this book cannot teach you everything you need to know, the references
contained within this book can. Therefore, if you know very little about Internet security,
you will want to maximize the value of this book by adhering to the following procedure:
Protecting Your Internet Site and
Network
Table of Contents:
• Introduction
I Setting the Stage
• Chapter 1 - Why Did I Write This Book?
• Chapter 2 - How This Book Will Help You
• Chapter 3 - Hackers and Crackers
• Chapter 4 - Just Who Can Be Hacked, Anyway?
II Understanding the Terrain
• Chapter 5 - Is Security a Futile Endeavor?
• Chapter 6 - A Brief Primer on TCP/IP
• Chapter 7 - Birth of a Network: The Internet
• Chapter 8 - Internet Warfare
III Tools
• Chapter 9 - Scanners
• Chapter 10 - Password Crackers
• Chapter 11 - Trojans
• Chapter 12 - Sniffers
• Chapter 13 - Techniques to Hide One's Identity
• Chapter 14 - Destructive Devices
IV Platforms and Security
• Chapter 15 - The Hole
• Chapter 16 - Microsoft
• Chapter 17 - UNIX: The Big Kahuna
, • Chapter 18 - Novell
• Chapter 19 - VAX/VMS
• Chapter 20 - Macintosh
• Chapter 21 - Plan 9 from Bell Labs
V Beginning at Ground Zero
• Chapter 22 - Who or What Is Root?
• Chapter 23 - An Introduction to Breaching a Server Internally
• Chapter 24 - Security Concepts
VI The Remote Attack
• Chapter 25 - The Remote Attack
• Chapter 26 - Levels of Attack
• Chapter 27 - Firewalls
• Chapter 28 - Spoofing Attacks
• Chapter 29 - Telnet-Based Attacks
• Chapter 30 - Language, Extensions, and Security
VII The Law
• Chapter 31 - Reality Bytes: Computer Security and the Law
VIII Appendixes
• Appendix A - How to Get More Information
• Appendix B - Security Consultants
• Appendix C - A Hidden Message About the Internet
• Appendix D - What's on the CD-ROM
© Copyright, Angel722 Computer Publishing. All rights reserved.
, Maximum Security:
A Hacker's Guide to Protecting Your
Internet Site and Network
Dedication
This book is dedicated to Michelle, whose presence has rendered me a prince among
men.
Acknowledgments
My acknowledgments are brief. First, I would like to acknowledge the folks at Sams,
particularly Randi Roger, Scott Meyers, Mark Taber, Blake Hall, Eric Murray, Bob
Correll, and Kate Shoup. Without them, my work would resemble a tangled, horrible
mess. They are an awesome editing team and their expertise is truly extraordinary.
Next, I extend my deepest gratitude to Michael Michaleczko, and Ron and Stacie
Latreille. These individuals offered critical support, without which this book could not
have been written.
Also, I would like to recognize the significant contribution made by John David Sale, a
network security specialist located in Van Nuys, California. His input was invaluable. A
similar thanks is also extended to Peter Benson, an Internet and EDI Consultant in Santa
Monica, California (who, incidentally, is the current chairman of ASC X12E). Peter's
patience was (and is) difficult to fathom. Moreover, I forward a special acknowledgment
to David Pennells and his merry band of programmers. Those cats run the most robust
and reliable wire in the southwestern United States.
About the Author
The author describes himself as a "UNIX propeller head" and is a dedicated advocate of
the Perl programming language, Linux, and FreeBSD.
After spending four years as a system administrator for two California health-care firms,
the author started his own security-consulting business. Currently, he specializes in
testing the security of various networking platforms (breaking into computer networks
and subsequently revealing what holes lead to the unauthorized entry) including but not
limited to Novell NetWare, Microsoft Windows NT, SunOS, Solaris, Linux, and
Microsoft Windows 95. His most recent assignment was to secure a wide area network
that spans from Los Angeles to Montreal.
The author now lives quietly in southern California with a Sun SPARCStation, an IBM
RS/6000, two Pentiums, a Macintosh, various remnants of a MicroVAX, and his wife.
, In the late 1980s, the author was convicted of a series of financial crimes after developing
a technique to circumvent bank security in Automatic Teller Machine systems. He
therefore prefers to remain anonymous.
Tell Us What You Think!
As a reader, you are the most important critic and commentator of our books. We value
your opinion and want to know what we're doing right, what we could do better, what
areas you'd like to see us publish in, and any other words of wisdom you're willing to
pass our way. You can help us make strong books that meet your needs and give you the
computer guidance you require.
Do you have access to the World Wide Web? Then check out our site at
http://www.mcp.com.
NOTE: If you have a technical question about this book, call the technical support line at
317-581-3833 or send e-mail to .
As the team leader of the group that created this book, I welcome your comments. You
can fax, e-mail, or write me directly to let me know what you did or didn't like about this
book--as well as what we can do to make our books stronger. Here's the information:
FAX: 317-581-4669
E-mail:
Mark Taber
Mail:
Mark Taber
Comments Department
Sams Publishing
201 W. 103rd Street
Indianapolis, IN 46290
Introduction
I want to write a few words about this book and how it should be used. This book is not
strictly an instructional, or "How To" book. Its purpose is to get you started on a solid
education in Internet security. As such, it is probably constructed differently from any
computer book you have ever read.
Although this book cannot teach you everything you need to know, the references
contained within this book can. Therefore, if you know very little about Internet security,
you will want to maximize the value of this book by adhering to the following procedure:
