[ Pobierz całość w formacie PDF ]
." Most sites usually don't want to report attacks (successful or not) due to the potentialembarrassment and related public relations problems." Most quick attacks, denial of service attacks and the like are spoofed.Tracking down thereal attacker is very difficult and resource intensive." Even if all goes well there is a chance law enforcement will seize your equipment asevidence, and hold it, not something to be taken lightly." Do you know how the attacker got in (i.e.NFR recorded it), if so you might just want toplug the holes and go on.Also before you deal with an attack, you should consult your company policy, if you don'thave one consult your manager, the legal department, etc.It's also a good idea to have a gameplan to deal with attacks (i.e.the mail server is first priority, checking fileservers is numbertwo, who to notify, etc) will prevent a lot of problems when it happens (be prepared).Thebook  Practical Unix and Internet Security covers this topic in great detail so I m not goingto rehash it, go buy the book.105Examples of attacksWithout going into to much detail and helping the black hats I want to give a few examples ofattacks, to show how innocuous looking things can be problematic and other complicate yourlife.Ping flooding (a.k.a.smurfing)Simply flooding a network with data is an old fashioned but effective tactic, made worse bythe fact most networks have faulty firewall configurations.By pinging the network address ofa remote network (say a cablemodem ISP) you can receive several hundred ping replies foreach ping packet you send.Now if you spoof the IP address and label the outgoing packets asfrom a network you do not like you can have someone else's improperly setup network do thedirty work and flood the victim.DNS cache poisoningSince so many services rely on DNS to work properly it provides a wonderful part of thenetwork to attack.Subverting the information in DNS servers is easier then it should be, andyou can insert false data if successful.For example if I convinced your name server thatupdates.redhat.com actually pointed at updates.badpeople.com, I could probably trick you intodownloading and installing my software.This of course is negated by the fact RedHat PGPsigns their packages, but do you check those signatures? As well, if you use an automated toolsuch as autorpm it will happen without user intervention, the compromised packages aredownloaded and installed, all I have to do is watch my ftp log and then exploit the sites thatdownload packages.If I managed to convince your mail server that othercompany.com wasactually one of my servers I could not only receive email you send to othercompany.com, Icould read the email, and perhaps send it along with minor modifications (like add an extra 0to the cost of your bid).106General Security Mailing listsBugtraqBugtraq is a full disclosure list aimed at administrators.It covers pretty much everything, NT,Windows, *nix, protocols, online commerce, etc.The archives and subscription information isavailable at: http://www.geek-girl.com/bugtraq/.107Distribution specific toolsRedHatNot yet written.DebianNot yet written.SlackwareNot yet written.CalderaNot yet written.SuSEOne of SuSE's employees (Marc Heuse) has written a few useful utilities for SuSE Linux,available at: http://www.suse.de/~marc/.The first one is called "Harden SuSE" and basicallygoes about removing sharp objects, tightening up file permissions, turning off daemons and soon.The second one "SuSE security check" is a set of shell scripts that check the password filefor sanity, lists out all installed packages once a month and so on.108Distribution specific errata and security listsRedHatErratahttp://www.redhat.com/support/docs/errata.htmlSecurityhttp://www.redhat.com/support/docs/errata.htmlMailing listshttp://archive.redhat.com/DebianErratahttp://www.debian.org/distrib/packages/Securityhttp://www.debian.org/security/Mailing listshttp://www.debian.org/MailingLists/subscribe/SlackwareErrataftp://ftp.cdrom.com/pub/linux/slackware-current/ChangeLog.txtSecurityftp://ftp.cdrom.com/pub/linux/slackware-current/ChangeLog.txtMailing ListsNO URLCalderaErratahttp://www.calderasystems.com/support/download.htmlSecurityhttp://www.calderasystems.com/news/security/index.htmlMailing Listshttp://www.calderasystems.com/support/forums.htmlSuSEErratahttp://www.suse.de/e/patches/Securityhttp://www.suse.de/security/Mailing Listshttp://www.suse.com/Mailinglists/index.html109TurboLinuxErratahttp://www.turbolinux.com/support/solutions.htmlSecurityhttp://www.turbolinux.com/support/solutions.htmlMailing ListsNO URLStampede GNU/LinuxErrataftp://ftp.stampede.org/current/README.CHANGESSecurityftp://ftp.stampede.org/current/README.CHANGESMailing Listshttp://www.stampede.org/maillists.php3MandrakeErratahttp://www.linux-mandrake.com/en/fupdates.htmlSecurityhttp://www.linux-mandrake.com/en/fupdates.htmlMailing Listshttp://www.linux-mandrake.com/en/flists.htmlLinuxPPCErrataNO URLSecurityNO URLMailing Listshttp://lists.linuxppc.org/Linux ProErrataNO URLSecurityNO URLMailing ListsNO URL110LinuxWareErrataNO URLSecurityNO URLMailing ListsNO URLMKLinuxErrataNO URLSecurityNO URLMailing Listshttp://www.mklinux.org/mailinglists.htmlYggdrasilErrataNO URLSecurityNO URLMailing ListsNO URLConnectivaErrataNO URLSecurityNO URLMailing ListsNO URL111DLDErrataNO URLSecurityNO URLMailing ListsNO URLEagle Linux M68KErrataNO URLSecurityNO URLMailing ListsNO URLEurielecErrataNO URLSecurityNO URLMailing ListsNO URLKheops LinuxErrataNO URLSecurityNO URLMailing ListsNO URLMNIS LinuxErrataNO URLSecurityNO URLMailing ListsNO URL112ContributorsNone listed yet.113Security consultants and consulting firms for LinuxNone listed yet.114Appendix A: Books, Magazines and otherSendmail - http://www.oreilly.com/catalog/sendmail2/Linux Network Admin Guide (NAG) - http://www.oreilly.com/catalog/linag/Running Linux - http://www.oreilly.com/catalog/runux2/noframes.htmlDNS & BIND - http://www.oreilly.com/catalog/dns3/Apache - http://www.oreilly.com/catalog/apache2/Learning The Bash Shell - http://www.oreilly.com/catalog/bash2/Building Internet Firewalls - http://www.oreilly.com/catalog/fire/Computer Crime - http://www.oreilly.com/catalog/crime/Computer Security Basics - http://www.oreilly.com/catalog/csb/Cracking DES - http://www.oreilly.com/catalog/crackdes/Essential System Administration - http://www.oreilly.com/catalog/esa2/Linux in a nutshell - http://www.oreilly.com/catalog/linuxnut2/Managing NFS and NIS - http://www.oreilly.com/catalog/nfs/Managing Usenet - http://www.oreilly.com/catalog/musenet/PGP - http://www.oreilly.com/catalog/pgp/Practical Unix and Internet Security - http://www.oreilly.com/catalog/puis/Running Linux - http://www.oreilly.com/catalog/runux2/Using and Managing PPP - http://www.oreilly.com/catalog/umppp/Virtual Private Networks - http://www.oreilly.com/catalog/vpn2/RedHat/SAMS also publish several interesting books:Maximum RPM (available as a postscript document on www.rpm.org)RedHat User's Guide (available as HTML on ftp.redhat.com)SNMP, SNMPv2 and RMON - W.Stallings (ISBN: 0-201-63479-1)Magazines:Linux Journal (of course, monthly)Sys Admin (intelligent articles, monthly)Perl Journal (quarterly)115Appendix B: ftp/www sites and online resourcesDistributionshttp://www.calderasystems.com/  Caldera OpenLinuxhttp://www.redhat.com/  RedHathttp://www.suse.com/  SuSEhttp://www.debian.org/  Debianhttp://www.slackware.org/  Slackwarehttp://www.turbolinux.com/ - TurboLinuxhttp://www [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

rozszczep.opx.pl