ISECOM
A valuable extension to the Hacking Exposed franchise; the authors do a great job of
incorporating the vast pool of knowledge of security testing from the team who built the Open
Source Security Testing Methodology Manual (OSSTMM) into an easy-to-digest, concise read
on how Linux systems can be hacked.
Steven Splaine
Author, The Web Testing Handbook and Testing Web Security
Industry-Recognized Software Testing Expert
With Pete being a pioneer of open-source security methodologies, directing ISECOM, and
formulating the OPSA certification, few people are more qualified to write this book than him.
Matthew Conover
Principal Software Engineer
Core Research Group, Symantec Research Labs
You’ll feel as if you are sitting in a room with the authors as they walk you through the steps
the bad guys take to attack your network and the steps you need to take to protect it. Or, as the
authors put it: “Separating the asset from the threat.” Great job, guys!
Michael T. Simpson, CISSP
Senior Staff Analyst
PACAF Information Assurance
An excellent resource for security information, obviously written by those with real-world
experience. The thoroughness of the information is impressive —very useful to have it presented in one place.
Jack Louis
Security Researcher
Purchase Now !
Just with Paypal
Just with Paypal
Book Details
Price
|
3.00 USD |
|---|---|
Pages
| 645 p |
File Size
|
10,733 KB |
File Type
|
PDF format |
ISBN
| 0-07-226257-5 |
Copyright
| 2008 by The McGraw-Hill Companies |
This book was written according to the ISECOM (Institute for Security and Open
Methodologies) project methodology. ISECOM is an open, nonprofit security research
and certification organization established in January 2001 with the mission to make sense
of security. They release security standards and methodologies under the Open
Methodology License for free public and commercial use.
This book was written by multiple authors, reviewers, and editors—too many to all
be listed here—who collaborated to create the best Linux hacking book they could. Since
no one person can master everything you may want to do in Linux, a community wrote
the book on how to secure it.
The following people contributed greatly and should be recognized.
About the Project Leader
Pete Herzog
As Managing Director, Pete is the co-founder of ISECOM and creator of the
OSSTMM. At work, Pete focuses on scientific, methodical testing for controlling
the quality of security and safety. He is currently managing projects in development
that include security for homeowners, hacking lessons for teenagers, sourcecode
static analysis, critical-thinking training for children, wireless certification
exam and training for testing the operational electromagnetic spectrum, a
legislator’s guide to security solutions, a Dr. Seuss–type children’s book in metered prose
and rhyme, a security analysis textbook, a guide on human security, solutions for
university security and safety, a guide on using security for national reform, a guide for
factually calculating trust for marriage counselors and family therapists, and of course,
the Open Source Security Testing Methodology Manual (OSSTMM).
In addition to managing ISECOM projects, Pete teaches in the Masters for Security
program at La Salle University in Barcelona and supports the worldwide security
certification network of partners and trainers. He received a bachelor’s degree from
Syracuse University. He currently only takes time off to travel in Europe and North
America with his family.
About the Project Managers
Marta BarcelĂł is Director of Operations, co-founder of ISECOM, and is
responsible for ISECOM business operations. In early 2003, she designed the
process for the Hacker Highschool project, developing and designing teaching
methods for the website and individual and multilingual lessons. Later that
same year, she developed the financial and IT operations behind the ISESTORM
conferences. In 2006, Marta was invited to join the EU-sponsored Open Trusted
Computing consortium to manage ISECOM’s participation within the project, including
financial and operating procedures. In 2007, she began the currently running advertising
campaign for ISECOM, providing all creative and technical skills as well as direction.
Marta maintains the media presence of all ISECOM projects and provides technical
server administration for the websites. She attended Mannheim University of Applied
Sciences in Germany and graduated with a masters in computer science.
In addition to running ISECOM, Marta has a strong passion for the arts, especially
photography and graphic design, and her first degree is in music from the Conservatori
del Liceu in Barcelona.
Rick Tucker has provided ISECOM with technical writing, editing, and general
support on a number of projects, including SIPES and Hacker Highschool. He
currently resides in Portland, Oregon, and works for a small law firm as the goto
person for all manner of mundane and perplexing issues.
About the Authors
Andrea Barisani is an internationally known security researcher. His
professional career began eight years ago, but it all really started with a
Commodore-64 when he was ten-years-old. Now Andrea is having fun with
large-scale IDS/firewall-deployment administration, forensic analysis,
vulnerability assessment, penetration testing, security training, and his
open-source projects. He eventually found that system and security administration are
the only effective way to express his need for paranoia.
Andrea is the founder and project coordinator of the oCERT effort, the Open Source
CERT. He is involved in the Gentoo project as a member of the Security and Infrastructure
Teams and is part of Open Source Security Testing Methodology Manual, becoming an
ISECOM Core Team member. Outside the community, he is the co-founder and chief
security engineer of Inverse Path, Ltd. He has been a speaker and trainer at the PacSec,
CanSecWest, BlackHat, and DefCon conferences among many others.
Thomas Bader works at Dreamlab Technologies, Ltd., as a trainer and solution
architect. Since the early summer of 2007, he has been in charge of ISECOM
courses throughout Switzerland. As an ISECOM team member, he participates
in the development of the OPSE certification courses,
the ISECOM test network, and the OSSTMM.
From the time he first came into contact with open-source software in 1997,
he has specialized in network and security technologies. Over the following years, he
has worked in this field and gained a great deal of experience with different firms as a
consultant and also as a technician. Since 2001, Thomas has worked as a developer and
trainer of LPI training courses. Since 2006, he has worked for Dreamlab Technologies,
Ltd., the official ISECOM representative for the German- and French-speaking countries of Europe.
Simon Biles is the director and lead consultant at Thinking Security, a UK-based
InfoSec Consultancy. He is the author of The Snort Cookbook from O’Reilly, as well
as other material for ISECOM, Microsoft, and SysAdmin magazine. He is in
currently pursuing his masters in forensic computing at the Defence Academy in
Shrivenham. He holds a CISSP, OPSA, is an ISO17799 Lead Auditor, and is also a
Chartered Member of the British Computer Society. He is married with children
(several) and reptiles (several). His wife is not only the most beautiful woman ever, but
also incredibly patient when he says things like “I’ve just agreed to ... <insert time-drain
here>.” In his spare time, when that happens, he likes messing about with Land Rovers
and is the proud owner of a semi-reliable, second-generation Range Rover.
Colby Clark is Guidance Software’s Network Security Manager and has the dayto-
day responsibility for overseeing the development, implementation, and
management of their information security program. He has many years of
security-related experience and has a proven track record with Fortune 500
companies, law firms, financial institutions, educational institutions,
telecommunications companies, and other public and private companies in
regulatory compliance consulting and auditing (Sarbanes Oxley and FTC Consent
Order), security consulting, business continuity, disaster recovery, incident response,
and computer forensic investigations. Colby received an advanced degree in business
administration from the University of Southern California, maintains the EnCE, CISSP,
OPSA, and CISA certifications, and has taught advanced computer forensic and incident
response techniques at the Computer and Enterprise Investigations Conference (CEIC).
He is also a developer of the Open Source Security Testing Methodology Manual (OSSTMM)
and has been with ISECOM since 2003.
Raoul “Nobody” Chiesa has 22 years of experience in information security
and 11 years of professional knowledge. He is the founder and president of
@ Mediaservice.net Srl, an Italian-based, vendor-neutral security consulting
company. Raoul is on the board of directors for the OWASP Italian Chapter,
Telecom Security Task Force (TSTF.net), and the ISO International User Group.
Since 2007, he has been a consultant on cybercrime issues for the UN at the United
Nations Interregional Crime & Justice Research Institute (UNICRI).
He authored Hacker Profile, a book which will be published in the U.S. by Taylor &
Francis in late 2008. Raoul’s company was the first worldwide ISECOM partner, launching
the OPST and OPSA classes back in 2003. At ISECOM, he works as Director of
Communications, enhancing ISECOM evangelism all around the world.
Pablo Endres is a security engineer/consultant and technical solution architect
with a strong background built upon his experience at a broad spectrum of
companies: wireless phone providers, VoIP solution providers, contact centers,
universities, and consultancies. He started working with computers (an XT) in
the late 1980s and holds a degree in computer engineering from the Universidad SimĂłn
BolĂvar at Caracas, Venezuela. Pablo has been working, researching, and playing around
with Linux, Unix, and networked systems for more than a decade.
Pablo would like to thank Pete for the opportunity to work on this book and with
ISECOM, and last but not least, his wife and parents for all the support and time sharing.
Richard has been working in the computer industry since 1989 when he started as
a programmer and has since moved through various roles. He has a good view of
both business and IT and is one of the few people who can interact in both spaces.
He recently started his own small IT security consultancy, Blue Secure. He
currently holds various certifications (CISSP, Prince2 Practitioner, OPST/OPSA
trainer, MCSE, and so on) in a constant attempt to stay up-to-date.
Andrea “Pila” Ghirardini has over seven years expertise in computer forensics
analysis. The labs he leads (@PSS Labs, http://www.atpss.net) have assisted Italian
and Swiss Police Special Units in more than 300 different investigations related
to drug dealing, fraud, tax fraud, terrorism, weapons trafficking, murder,
kidnapping, phishing, and many others.
His labs are the oldest ones in Italy, continuously supported by the company team’s
strong background in building CF machines and storage systems in order to handle and
examine digital evidence, using both open-source-based and commercial tools. In 2007,
Andrea wrote the first book ever published in Italy on computer forensics investigations
and methodologies (Apogeo Editore). In this book, he also analyzed Italian laws related
to these kinds of crimes. Andrea holds the third CISSP certification in Italy.
Julian “HammerJammer” Ho is co-founder of ThinkSECURE Pte, Ltd., (http://securitystartshere.org), an Asia-based practical IT security certification/training
authority and professional IT security services organization and an ISECOMcertified OPST trainer.
Julian was responsible for design, implementation, and maintenance of
security operations for StarHub’s Wireless Hotzones in Changi International
Airport Terminals 1 and 2 and Suntec Convention Centre. He is one half of the design
team for BlackOPS:HackAttack 2004, a security tournament held in Singapore; AIRRAID
(Asia’s first-ever pure wireless hacking tournament) in 2005; and AIRRAID2 (Thailand’s
first-ever public hacking tournament) in 2008. He also contributed toward research and
publication of the WCCD vulnerability in 2006.
Julian created and maintains the OSWA-Assistant wireless auditing toolkit, which
was awarded best in the Wireless Testing category and recommended/excellent in the
LiveCDs category by Security-Database.com in their “Best IT Security and Auditing
Software 2007” article.
Marco Ivaldi (raptor@mediaservice.net) is a computer security researcher and
consultant, a software developer, and a Unix system administrator. His particular
interests are networking, telephony, and cryptology. He is an ISECOM Core
Team member, actively involved in the OSSTMM development process. He
holds the OPST certification and is currently employed as Red Team Coordinator
at @ Mediaservice.net, a leading information-security company based in Italy. His daily
tasks include advanced penetration testing, ISMS deployment and auditing, vulnerability
research, and exploit development. He is founder and editorial board member of
Linux&C, the first Italian magazine about Linux and open source. His homepage and
playground is http://www.0xdeadbeef.info.
Marco wishes to thank VoIP gurus Emmanuel Gadaix of TSTF and thegrugq for their
invaluable and constant support throughout the writing of this book. His work on this
book is dedicated to z*.
Dru Lavigne is a network and systems administrator, IT instructor, curriculum
developer, and author. She has over a decade of experience administering and
teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD
systems. She is author of BSD Hacks and The Best of FreeBSD Basics. She is currently
the editor-in-chief of the Open Source Business Resource, a free monthly
publication covering open source. She is founder and current chair of the BSD Certification
Group, Inc., a nonprofit organization with a mission to create the standard for certifying
BSD system administrators. At ISECOM, she maintains the Open Protocol Database. Her
blog can be found at http://blogs.ittoolbox.com/unix/bsd.
Stéphane is a research scientist who has explored the various facets of trust in
computer science for the past several years. He is currently working at The City
University, London, on service-oriented architectures and trust. His past jobs
include the European project, Open Trusted Computing (http://www.opentc.net) at
Royal Holloway, University of London, and the Trusted Software Agents and
Services (T-SAS) project at the University of Southampton, UK. He enjoys
applying his requirement-analysis and formal-specification computing skills to modern
systems and important properties, such as trust. In 2002, he received a Ph.D. in computing
science from the Grenoble Institute of Technology, France, where he also graduated as a
computing engineer in 1998 from the ENSIMAG Grandes École of Computing and
Applied Mathematics, Grenoble, France.
Christopher Low is co-founder of ThinkSECURE Pte Ltd. (http://securitystartshere.org),
an Asia-based IT-security training, certification, and professional IT security
services organization. Christopher has more than ten years of IT security
experience and has extensive security consultancy and penetration-testing
experience. Christopher is also an accomplished trainer, an ISECOM-certified
OPST trainer and has developed various practical-based security certification courses
drawn from his experiences in the IT security field. He also co-designed the BlackOPS:
HackAttack 2004 security tournament held in Singapore, AIRRAID (Asia’s first-ever
pure wireless hacking tournament) in 2005,
and AIRRAID2 (Thailand’s first-ever public hacking tournament).
Christopher is also very actively involved in security research; he likes to code and
created the Probemapper and MoocherHunter tools, both of which can be found in the
OSWA-Assistant wireless auditing toolkit.
Ty Miller is Chief Technical Officer at Pure Hacking in Sydney, Australia. Ty has
performed penetration tests against countless systems for large banking,
government, telecommunications, and insurance organizations worldwide, and
has designed and managed large security architectures for a number of
Australian organizations within the Education and Airline industries.
Ty presented at Blackhat USA 2008 in Las Vegas on his development of DNS
Tunneling Shellcode and was also involved in the development of the CHAOS Linux
distribution, which aims to be the most compact, secure openMosix cluster platform.
He is a certified ISECOM OPST and OPSA instructor and contributes to the Open Source
Security Testing Methodology Manual. Ty has also run web-application security courses
and penetration-testing tutorials for various organizations and conferences.
Ty holds a bachelors of technology in information and communication systems from
Macquarie University, Australia. His interests include web-application penetration
testing and shellcode development.
Armand Puccetti is a research engineer and project manager at CEA-LIST (a
department of the French Nuclear Energy Agency, http://www-list.cea.fr) where
he is working in the Software Safety Laboratory. He is involved in several
European research projects belonging to the MEDEA+, EUCLID, ESSI, and
FP6 programs. His research interests include formal methods for software and
hardware description languages, semantics of programming languages, theorem
provers, compilers, and event-based simulation techniques. Before moving to CEA
in 2000, he was employed as a project manager at C-S (Communications & Systems,
http://www.c-s.fr/), a privately owned software house. At C-S he contributed to numerous
software development and applied research projects, ranging from CASE tools and
compiler development to military simulation tools and methods (http://escadre.cad.etca.fr/ESCADRE) and consultancy.
He graduated from INPL (http://www.inpl-nancy.fr) where he earned a Ph.D. in 1987
in the Semantics and Axiomatic Proof for the Ada Programming Language.
About the Contributing Authors
Görkem Çetin has been a renowned Linux and open-source professional for more than
15 years. As a Ph.D. candidate, his current doctorate studies focus on human/computer
interaction issues of free/open-source software. Görkem has authored four books on
Linux and networking and written numerous articles for technical and trade magazines.
He works for the National Cryptography and Technology Institute of Turkey (TUBITAK/
UEKAE) as a project manager.
Volkan Erol is a researcher at the Turkish National Research Institute of Electronics and
Cryptology (TUBITAK-NRIEC). After receiving his bachelor of science degree in
computer engineering from Galatasaray University Engineering and Technology Faculty,
Volkan continued his studies in the Computer Science, Master of Science program, at
Istanbul Technical University. He worked as software engineer at the Turkcell Shubuo-
Turtle project and has participated in TUBITAK-NRIEC since November 2005. He works
as a full-time researcher in the Open Trusted Computing project. His research areas are
Trusted Computing, applied cryptography, software development, and design and
image processing.
Chris Griffin has nine years of experience in information security. Chris obtained the
OPST, OPSA, CISSP, and CNDA certifications and is an active contributor to ISECOM’s
OSSTMM. Chris has most recently become ISECOM’s Trainer for the USA. He wants to
thank Pete for this opportunity and his wife and kids for their patience.
Fredesvinda Insa MĂ©rida is the Strategic Development Manager of Cybex. Dr. Insa
graduated in law from the University of Barcelona (1994–1998). She also holds a Ph.D. in
information sciences and communications, from the University Complutense of Madrid.
Dr. Insa has represented Cybex in several computer-forensics and electronic-evidence
meetings. She has a great deal of experience in fighting against computer-related crimes.
Within Cybex, she provides legal assistance to the computer forensics experts.
About the Editors and Reviewers
Chuck Truett is a writer, editor, SAS programmer, and data analyst. In addition to his
work with ISECOM, he has written fiction and nonfiction for audiences ranging from
children to role-playing gamers.
Adrien de Beaupré is practice lead at Bell Canada. He holds the following certifications:
GPEN, GCIH, GSEC, CISSP, OPSA, and OPST. Adrien is very active with isc.sans.org. He
is an ISECOM OSSTMM-certified instructor. His areas of expertise include vulnerability
assessments, penetration testing, incident response, and digital forensics.
Michael Hawkins, CISSP, has over ten years experience in the computer industry, the
majority of time spent at Fortune 500 companies. He is currently the Manager of
Networks and Security at the loudspeaker company Klipsch. He has been a full-time
security professional for over five years.
MatĂas Bevilacqua Trabado graduated in computer engineering from the University of
Barcelona and currently works for Cybex as IT Manager. From a security background,
MatĂas specializes in computer forensics and the admissibility of electronic evidence. He
designed and ran the first private forensic laboratory in Spain and is currently leading
research and development at Cybex.
Patrick Boucher is a senior security consultant for Gardien Virtuel. Patrick has many
years of experience with ethical hacking, security policy, and strategic planning like
disaster recovery and continuity planning. His clients include many Fortune 500
companies, financial institutions, telecommunications companies, and SME enterprises
throughout Canada. Patrick has obtained CISSP and CISA certifications
Bookscreen
INTRODUCTION
GNU-Linux is the ultimate hacker’s playground. It’s a toy for the imagination, not
unlike a box of blocks or a bag of clay. Whether someone is an artist or a scientist,
the possibilities are endless. Anything that you want to try to do and build and
make with a computer is subject only to your creativity. This is why so many people are
interested in Linux.
Many call it Linux instead of GNU-Linux, its full name—much the same way you’d
call a friend by a nickname. Perhaps this is due to the intimacy that you can achieve with
this operating system through its source code. Or from the experience of being part of a
special community. Whatever it is though, everyone can benefit from communicating
with a machine that is honestly attributable to the transparency and openness of Linux.
Although not the dominant operating system on the Internet, Linux is quite prevalent,
considering that the overwhelming majority of servers running web services, email
services, and name services all depend on other open-source code that works with Linux.
And this is where the trouble begins. Can something so open be properly secured?
The difficulty begins when you need secure it. How do you secure something like
this, with its collectively designed hosting components that are built, rebuilt, and
reconfigured by whim and can differ from machine to machine? You will seldom find
two identical systems.
How then can you approach the possibility of providing security for all of them?
This edition of Hacking Exposed Linux is based on the work of ISECOM, an open
security research organization with the mission to “Make sense of security.” ISECOM
has thousands of members worldwide and provides extensive methodologies and
frameworks in regards to security, safety, and privacy. ISECOM uses open collaboration
and extensive peer review to obtain the highest possible quality research—which is also
how this edition was developed. Many security enthusiasts and professionals collaborated
to create a book that is factual, practical, and really captures the spirit of Linux. Only in
this way can you expect to find the means of securing Linux in all of its many forms.
HOW THIS BOOK IS ORGANIZED
This book is meant to be practical; you won’t just learn how to run an exploit or two that
will be patched by the time you finish reading about it. The knowledge and the tools to
do all the hacking is in the book; however, instead of specific exploits, we cover types of
threats. This way even if an exploit is patched, the knowledge as to how the exploit could
work, how a security control can be circumvented, and how an interaction such as trust
can be abused will still help you analyze potential problems. By not securing against
specific threats or exploits, you are much more capable of testing for and applying
security that will cover potential, though yet unknown, threats.
Structurally, this book follows the five channels identified in the Open Source Security
Testing Methodology Manual (OSSTMM) for security interactions: physical, telecommunications,
data networking, human, and wireless. The first three chapters explain
how security and controls work according to the latest ISECOM research and set the
stage for understanding how to analyze security. Then the book follows the logical
separation of the most common uses of Linux to create a compendium of security
knowledge—no matter what you want to do with your Linux system.
It is possible to read the book straight through and absorb all the information like a
sponge if you can. Or you can hop from chapter to chapter depending on what areas you
are concerned about securing on your specific Linux system. Maybe you want to try
testing wireless access points, VoIP, or telecommunications? Just jump to the appropriate
chapter. Or even if you simply want to make sure your desktop applications don’t get
the best of your Linux system through phishing, SPAM, and rootkits, we cover user
attacks as part of the human security channel. Then, again, you could always just browse
through the book at your leisure.
What’s New in This Edition?
Unlike many other books that release edition updates, this particular one has been completely
rewritten to assure a best fit to the ISECOM mission of making sense of security. All the
material is completely new, based upon the most recent and thorough security research.
The hacking and countermeasures are based on the OSSTMM, the security testing
standard, and we made sure that we covered all known attacks on Linux as well as how
to prepare the system to repel the unknown attacks.