|
From harlequin@fnord.org.uk Sun Aug 18 04:01:13 2002 From: Harlequin <harlequin@fnord.org.uk> Newsgroups: alt.2600,alt.2600.hackerz,alt.hacker,alt.hacking Subject: HowTo: Makeshift Linux Network @ Home .. Organization: Harlequin's Consultancy Expires: Mon, 26 Aug 2002 12:00:00 GMT MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 303 Message-ID: <Z7L79.2736$KK2.16423034@news-text.cableinet.net> Date: Sun, 18 Aug 2002 11:01:13 GMT NNTP-Posting-Host: 62.30.170.40 X-Complaints-To: abuse@blueyonder.co.uk X-Trace: news-text.cableinet.net 1029668473 62.30.170.40 (Sun, 18 Aug 2002 12:01:13 BST) NNTP-Posting-Date: Sun, 18 Aug 2002 12:01:13 BST X-Received-Date: Sun, 18 Aug 2002 13:01:13 MET DST (news01.chello.no) Path: nubby2.!newsfeed4.cidera.com!newsfeed1.cidera.com!Cidera!news100.world-online.no!news100.world-online.no!nntp.newmedia.no!news.powertech.no!newsfeed1.ulv.nextra.no!nextra.com!news01.chello.no!amsnews01.chello.com!news-hub.cableinet.net!blueyonder!internal-news-hub.cableinet.net!news-text.cableinet.net.POSTED!53ab2750!not-for-mail Xref: nubby2 alt.2600:760298 alt.2600.hackerz:247541 alt.hacker:117953 alt.hacking:76403 [Note: I just post this stuff. I didn't write it. Please DO NOT reply to this post quoting its entirety! Downloading costs many people real money. H.] -- [Further note: Due to complaints, this text is currently only being posted once per week. H.] [From VisiGoth: 1. This post was turned over to Quinny on 12.30.98 for an indefinite period of time. 2. This was a post made by Osiris some time ago (year and a half, maybe??) and it has since been asked for and wanted but no one has posted it. Not even Osiris himself, so I took the time to repost it for everyone who wants it because I feel it is a -very- good post and -needs- to be read inside and out.] %%%% %%%% 1. Get Linux or FreeBSD ASAP 2. Acquire one or more books written by Spafford, Bellovin, Cheswick, Rubin, or Ranum 3. Get both the Camel and Llama books on PERL 4. Get ORA's book on TCP/IP 5. Purchase some old boxes (386/486) and install network cards Armed with these items, construct a small UNIX network within your home (garage, perhaps?). If you choose LINUX, read all the HOWTOs, particularly the networking HOWTO. Create at least 5 user accounts, allowing at least shell access for each account on each box. Once this configuration has been established (with all networking up and working properly), make attempts (as various users) to break one or more boxes on the system. (You should ideally attack various services, not just one.) Also: download either the SAFEsuite demo, the old ISS, or SATAN. Run these utilities against your system, and read the tutorials that accompany the documentation provided with these utilities. Next, acquire all tools located at this URL: http://www.giga.or.at/pub/hacker/unix Learn how to use each one. Next, obtain the AUSCERT UNIX securitychecklist here: ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist Next, obtain the UNIX security checklist located here: http://stimpy.cac.washington.edu/~dittrich/R870/security-checklist.html Next, obtain the Site Security Handbook (RFC 1244), which is here: http://stimpy.cac.washington.edu/~dittrich/R870/rfc1244.txt Next, obtain this document from SRI: http://stimpy.cac.washington.edu/~dittrich/R870/SRI-Whitepaper.ps After reading and understanding all accompanying documentation listed above (and trying out some or all of the cited tools), read the following documents: Intrusion Detection Checklist: ftp://info.cert.org/pub/tech_tips/intruder_detection_checklist Dan Farmer's Survey on Various Hosts: http://www.trouble.org/survey/ Improving the Security of Your Site by Breaking Into it: http://www.trouble.org/security/admin-guide-to-cracking.html All the papers on this page, but especially the work by Nancy Cook and her partner: http://www.trouble.org/security/auditing_course/ Murphy's law and computer security by Wietse Venema: http://www.trouble.org/security/murphy.html After absorbing that information, then seek out these papers: CIAC-2308_Securing_Internet_Information_Servers.pdf: http://ciac.llnl.gov/ciac/documents/CIAC-2308_Securing_Internet_Information_Servers.pdf Securing X Windows: http://ciac.llnl.gov/ciac/documents/CIAC-2316_Securing_X_Windows.pdf How to Detect an Intrusion: http://ciac.llnl.gov/ciac/documents/CIAC-2305_UNIX_Incident_Guide_How_to_Detect_an_Intrusion.pdf Finally, go here and begin the process of studying each hole addressed in the BUGTRAQ archive. That is located here: http://www.geek-girl.com/bugtraq/search.html Other things that will help you tremendously are these: 1. Subscribe to all known mailing lists on UNIX security, e.g. BUGTRAQ, CIAC, CERT, etc. 2. From these lists, generate a database of email addresses of known security experts. Good examples would be Farmer, Venema, Spafford, Ranum, etc. 3. Scour the Internet for any instances of their email addresses - whether on lists, discussion groups or the web generally. (Note: do *NOT* bug these guys. Simply read their thoughts and ideas, absorb them, and move on.) 4. As you encounter exploit code on these lists (which you invariably will), compile it and execute it. Record your results. (One good reason to get LINUX or FreeBSD: all compilers are free and already well configured on a full install.) 5. Try to spend one hour a day studying socket programming. 6. Go to a used bookstore and buy every book you can find on system administration. In lieu of this, at least buy books that are in remaindering bins. The cheaper, the better. 7. Don't laugh, but learning at least the basics of these languages would help: A. PERL B. AWK/GAWK/NAWK C. SED D. Expect Also, it would be of some help to get a translation table that shows variances between similar or identical tasks performed in sh/bash/csh. In addition, you may wish to seek out the differences between disparate versions of UNIX. It is worth buying old manuals for AIX, HP-UX, Unicos, IRIX, Data General, SunOS, Solaris, XENIX, SYS V, and so forth. What follows is a list of books that might help you. (These are in alphabetical order, so order does not indicate preference. Personally, I prefer books authored by those I cited above.) Building Internet Firewalls D. Brent Chapman, Elizabeth D. Zwicky (1995)ISBN: 1565921240 Commonsense Computer Security: Your Practical Guide to InformationProtection Martin R. Smith (1994)ISBN: 0077078055 Computer Crime: A Crimefighter's Handbook David J. Icove, David, Seger, Karl Icove, Karl A. Seger, Vonstorch (1995)ISBN: 1565920864 Computer Security John M. Carroll (1996)ISBN: 0750696001 Computer Security Basics Deborah Russell, G.T. Gangemi (1991)ISBN: 0937175714 Computer Security Handbook Arthur E. Hutt, Seymour Bosworth, Douglas B. Hoyt (1995)ISBN: 0471118540 Firewalls and Internet Security: Repelling the Wily Hacker William R. Cheswick, Steven M. Bellovin (1994)ISBN: 0201633574 Fundamentals of Computer Security Technology Edward G. Amoroso (1994)ISBN: 0131089293 Hacker Proof: The Ultimate Guide to Network Security Lars Klander, Edward J. Renehan (1997)ISBN: 188413355X Halting the Hacker: A Practical Guide to Computer Security Donald L. Pipkin (1997)ISBN: 013243718X Information Warfare : Chaos on the Electronic Superhighway Winn Schwartau (1996)ISBN: 1560251328 Internet Firewalls and Network Security Chris Hare, Karanjit S. Siyan (1996)ISBN: 1562056328 Internet Firewalls and Network Security Karanjit, Ph.D. Siyan, Chris Hare (1996)ISBN: 1562054376 Internet Security: Professional Reference Derek Atkins, Tom Sheldon, Tim Petru, Joel Snyder (1997)ISBN: 156205760X Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network Anonymous (1997)ISBN: 1575212684 Personal Computer SecurityEdward Tiley (1996)ISBN: 1568848145 Practical Unix and Internet Security Simson Garfinkel, Gene Spafford (1996)ISBN: 1565921488 Protecting Your Web Site With Firewalls Marcus Goncalves, Vinicius A. Goncalves (1997)ISBN: 0136282075 Protection and Security on the Information Superhighway Frederick B. Cohen (1995)ISBN: 0471113891 Secrets of a Super HackerKnightmare, the Knightmare (1994)ISBN: 1559501065 Security in ComputingCharles P. Pfleeger (1996)ISBN: 0133374866 Web Commerce Cookbook Gordon McComb (1997)ISBN: 0471196630 Web Security Sourcebook Avi Rubin, Daniel Geer, Marcus J. Ranum, Aviel D. Rubin, Dan Geer (1997)ISBN: 047118148X Web Security & Commerce (Nutshell Handbook) Simson Garfinkel, Gene Spafford (1997)ISBN: 1565922697 http://www.amazon.com/exec/obidos/ISBN= 1565922697/t/0560-5831826-082656 Access Control and Personal Identification Systems Dan M. Bowers (1988)ISBN: 0409900834 Internet Security SecretsJohn R. Vacca. (1996)ISBN: 1-56884-457-3 Network and Internetwork Security: Principles and Practice. William Stallings. (1995)ISBN: 0-02-415483-0 Network Security: How to Plan for It and Achieve It. Richard H. Baker. (1994)ISBN: 0-07-005141-0 UNIX Security for the Organization. R. Bringle Bryant. (1994)ISBN: 0-672-30571-2 UNIX Security: A Practical Tutorial. N. Derek Arnold. ISBN: 0-07-002560-6 (1993) UNIX System Security: How to Protect Your Data and Prevent Intruders. Rick Farrow. (1991)ISBN: 0-201-57030-0 UNIX System Security Essentials. Christoph Braun and Siemens Nixdorf. (1995)ISBN: 0-201-42775-3 UNIX System Security. David A. Curry. (1992)ISBN: 0-201-56327-4 UNIX Unleashed. 1994 Susan Peppard, Pete Holsberg, James Armstrong Jr., Salim Douba, S.Lee Henry, Ron Rose, Richard Rummel, Scott Parker, Ann Marshall, Ron Dippold, Chris Negus, John Valley, Jeff Smith, Dave Taylor, Sydney Weinstein and David Till ISBN: 0-672-30402-3. Lastly, you will need to get some good tools to experiment with. They are here: http://ciac.llnl.gov/ciac/SecurityTools.html Basically, that should get you started. It is not necessary that you learn everything all at once. Obviously, the firm offering you the position does not expect the impossible. However, UNIX security is an on-going and complex field. You aren't going to ace it in a day. The idea is to get yourself up to speed with older problems, so that when newer ones crop up, you will understand their basis and origin. The reason for creating a network in your garage is that it offers you a chance to screw things up without any repercussions. Also, it simulates a micro-network, and allows you to view logs and responses from both the attack and victim sides. This is invaluable, as it will prepare you to instantly recognize trouble, just from examining the logs. Chief areas that you should cover are these: 1. NFS 2. The R Services 3. Passwords - proactive password checkers, DES in general, Crack, etc. 4. Spoofing 5. Routing techniques 6. Firewalls 7. CGI (if web servers are an integral part of the architecture of that network). It is recommended that you get the TIS Firewall Tooklit when you are ready. (Though, I suspect that the firm hiring you is more interested in local security that remote problems. Nevertheless, it is worth doing).