windows 2003 ---- chapter -2

How This Book Will Help You

Prior to writing this book, I had extensive discussions with the Sams.net editorial staff. In

those discussions, one thing became immediately clear: Sams.net wanted a book that was

valuable to all users, not just to a special class of them. An examination of earlier books

on the subject proved instructive. The majority were well written and tastefully presented,

but appealed primarily to UNIX or NT system administrators. I recognized that while this

class of individuals is an important one, there are millions of average users yearning for

basic knowledge of security. To accommodate that need, I aimed at creating an allpurpose

Internet security book.

To do so, I had to break some conventions. Accordingly, this book probably differs from

other Sams.net books in both content and form. Nevertheless, the book contains copious

knowledge, and there are different ways to access it. This chapter briefly outlines how the

reader can most effectively access and implement that knowledge.

Is This Book of Practical Use?

Is this book of practical use? Absolutely. It can serve both as a reference book and a

general primer. The key for each reader is to determine what information is most

important to him or her. The book loosely follows two conventional designs common to

books by Sams.net:

• Evolutionary ordering (where each chapter arises, in some measure, from information in an earlier

one)

• Developmental ordering (where you travel from the very simple to the complex)

This book is a hybrid of both techniques. For example, the book examines services in the

TCP/IP suite, then quickly progresses to how those services are integrated in modern

browsers, how such services are compromised, and ultimately, how to secure against

such compromises. In this respect, there is an evolutionary pattern to the book.

At the same time, the book begins with a general examination of the structure of the

Internet and TCP/IP (which will seem light in comparison to later analyses of sniffing,

where you examine the actual construct of an information packet). As you progress, the

information becomes more and more advanced. In this respect, there is a developmental

pattern to the book.

Using This Book Effectively: Who Are You?

Different people will derive different benefits from this book, depending on their

circumstances. I urge each reader to closely examine the following categories. The

information will be most valuable to you whether you are

• A system administrator

• A hacker

• A cracker

• A business person

• A journalist

• A casual user

• A security specialist

I want to cover these categories and how this book can be valuable to each. If you do not

fit cleanly into one of these categories, try the category that best describes you.

System Administrator

A system administrator is any person charged with managing a network or any portion of

a network. Sometimes, people might not realize that they are a system administrator. In

small companies, for example, programming duties and system administration are

sometimes assigned to a single person. Thus, this person is a general, all-purpose

technician. They keep the system running, add new accounts, and basically perform any

task required on a day-to-day basis. This, for your purposes, is a system administrator.

What This Book Offers the System Administrator

This book presumes only basic knowledge of security from its system administrators, and

I believe that this is reasonable. Many capable system administrators are not well versed

in security, not because they are lazy or incompetent but because security was for them

(until now) not an issue. For example, consider the sysad who lords over an internal

LAN. One day, the powers that be decree that the LAN must establish a connection to the

Net. Suddenly, that sysad is thrown into an entirely different (and hostile) environment.

He or she might be exceptionally skilled at internal security but have little practical

experience with the Internet. Today, numerous system administrators are faced with this

dilemma. For many, additional funding to hire on-site security specialists is not available

and thus, these people must go it alone. Not anymore. This book will serve such system

administrators well as an introduction to Internet security.

Likewise, more experienced system administrators can effectively use this book to learn--

or perhaps refresh their knowledge about--various aspects of Internet security that have

been sparsely covered in books mass-produced for the general public.

For either class of sysad, this book will serve a fundamental purpose: It will assist them

in protecting their network. Most importantly, this book shows the attack from both sides

of the fence. It shows both how to attack and how to defend in a real-life, combat

situation.

Hacker

The term hacker refers to programmers and not to those who unlawfully breach the

security of systems. A hacker is any person who investigates the integrity and security of

an operating system. Most commonly, these individuals are programmers. They usually

have advanced knowledge of both hardware and software and are capable of rigging (or

hacking) systems in innovative ways. Often, hackers determine new ways to utilize or

implement a network, ways that software manufacturers had not expressly intended.

What This Book Offers the Hacker

This book presumes only basic knowledge of Internet security from its hackers and

programmers. For them, this book will provide insight into the Net's most common

security weaknesses. It will show how programmers must be aware of these weaknesses.

There is an ever-increasing market for those who can code client/server applications,

particularly for use on the Net. This book will help programmers make informed

decisions about how to develop code safely and cleanly. As an added benefit, analysis of

existing network utilities (and their deficiencies) may assist programmers in developing

newer and perhaps more effective applications for the Internet.

Cracker

A cracker is any individual who uses advanced knowledge of the Internet (or networks)

to compromise network security. Historically, this activity involved cracking encrypted

password files, but today, crackers employ a wide range of techniques. Hackers also

sometimes test the security of networks, often with the identical tools and techniques

used by crackers. To differentiate between these two groups on a trivial level, simply

remember this: Crackers engage in such activities without authorization. As such, most

cracking activity is unlawful, illegal, and therefore punishable by a term of imprisonment.

What This Book Offers the Cracker

For the budding cracker, this book provides an incisive shortcut to knowledge of cracking

that is difficult to acquire. All crackers start somewhere, many on the famous Usenet

group alt.2600. As more new users flood the Internet, quality information about cracking

(and security) becomes more difficult to find. The range of information is not well

represented. Often, texts go from the incredibly fundamental to the excruciatingly

technical. There is little material that is in between. This book will save the new cracker

hundreds of hours of reading by digesting both the fundamental and the technical into a

single (and I hope) well-crafted presentation.

Business Person

For your purposes, business person refers to any individual who has established (or will

establish) a commercial enterprise that uses the Internet as a medium. Hence, a business

person--within the meaning employed in this book--is anyone who conducts commerce

over the Internet by offering goods or services.

NOTE: It does not matter whether these goods or services are offered free as a

promotional service. I still classify this as business.

What This Book Offers the Business Person

Businesses establish permanent connections each day. If yours is one of them, this book

will help you in many ways, such as helping you make informed decisions about security.

It will prepare you for unscrupulous security specialists, who may charge you thousands

of dollars to perform basic, system-administration tasks. This book will also offer a basic

framework for your internal security policies. You have probably read dozens of dramatic

accounts about hackers and crackers, but these materials are largely sensationalized.

(Commercial vendors often capitalize on your fear by spreading such stories.) The

techniques that will be employed against your system are simple and methodical. Know

them, and you will know at least the basics about how to protect your data.

Journalist

A journalist is any party who is charged with reporting on the Internet. This can be

someone who works for a wire news service or a college student writing for his or her

university newspaper. The classification has nothing to do with how much money is paid

for the reporting, nor where the reporting is published.

What This Book Offers the Journalist

If you are a journalist, you know that security personnel rarely talk to the media. That is,

they rarely provide an inside look at Internet security (and when they do, this usually

comes in the form of assurances that might or might not have value). This book will

assist journalists in finding good sources and solid answers to questions they might have.

Moreover, this book will give the journalist who is new to security an overall view of the

terrain. Technology writing is difficult and takes considerable research. My intent is to

narrow that field of research for journalists who want to cover the Internet. In coming

years, this type of reporting (whether by print or broadcast media) will become more

prevalent.

Casual User

A casual user is any individual who uses the Internet purely as a source of entertainment.

Such users rarely spend more than 10 hours a week on the Net. They surf subjects that are

of personal interest.

What This Book Offers the Casual User

For the casual user, this book will provide an understanding of the Internet's innermost

workings. It will prepare the reader for personal attacks of various kinds, not only from

other, hostile users, but from the prying eyes of government. Essentially, this book will

inform the reader that the Internet is not a toy, that one's identity can be traced and bad

things can happen while using the Net. For the casual user, this book might well be

retitled How to Avoid Getting Hijacked on the Information Superhighway.

Security Specialist

A security specialist is anyone charged with securing one or more networks from attack.

It is not necessary that they get paid for their services in order to qualify in this category.

Some people do this as a hobby. If they do it, they are a specialist.

What This Book Offers the Security Specialist

If your job is security, this book can serve as one of two things:

• A reference book

• An in-depth look at various tools now being employed in the void

NOTE: In this book, the void refers to that portion of the Internet that exists beyond your

router or modem. It is the dark, swirling mass of machines, services, and users beyond

your computer or network. These are quantities that are unknown to you. This term is

commonly used in security circles to refer to such quantities.

Much of the information covered here will be painfully familiar to the security specialist.

Some of the material, however, might not be so familiar. (Most notably, some crossplatform

materials for those maintaining networks with multiple operating systems.)

Additionally, this book imparts a comprehensive view of security, encapsulated into a

single text. (And naturally, the materials on the CD-ROM will provide convenience and

utility.)

The Good, the Bad, and the Ugly

How you use this book is up to you. If you purchased or otherwise procured this book as

a tool to facilitate illegal activities, so be it. You will not be disappointed, for the

information contained within is well suited to such undertakings. However, note that this

author does not suggest (nor does he condone) such activities. Those who unlawfully

penetrate networks seldom do so for fun and often pursue destructive objectives.

Considering how long it takes to establish a network, write software, configure hardware,

and maintain databases, it is abhorrent to the hacking community that the cracking

community should be destructive. Still, that is a choice and one choice--even a bad one--

is better than no choice at all. Crackers serve a purpose within the scheme of security,

too. They assist the good guys in discovering faults inherent within the network.

Whether you are good, bad, or ugly, here are some tips on how to effectively use this

book:

• If you are charged with understanding in detail a certain aspect of security, follow the notes

closely. Full citations appear in these notes, often showing multiple locations for a security

document, RFC, FYI, or IDraft. Digested versions of such documents can never replace having the

original, unabridged text.

• The end of each chapter contains a small rehash of the information covered. For extremely handy

reference, especially for those already familiar with the utilities and concepts discussed, this

"Summary" portion of the chapter is quite valuable.

Certain examples contained within this book are available on the CD-ROM. Whenever

you see the CD-ROM icon on the outside margin of a page, the resource is available on

the CD. This might be source code, technical documents, an HTML presentation, system

logs, or other valuable information.

The Book's Parts

The next sections describe the book's various parts. Contained within each description is

a list of subjects covered within that chapter.

Part I: Setting the Stage

Part I of this book will be of the greatest value to users who have just joined the Internet

community. Topics include

• Why I wrote this book

• Why you need security

• Definitions of hacking and cracking

• Who is vulnerable to attack

Essentially, Part I sets the stage for the remaining parts of this book. It will assist readers

in understanding the current climate on the Net.

Part II: Understanding the Terrain

Part II of this book is probably the most critical. It illustrates the basic design of the

Internet. Each reader must understand this design before he or she can effectively grasp

concepts in security. Topics include

• Who created the Internet and why

• How the Internet is designed and how it works

• Poor security on the Internet and the reasons for it

• Internet warfare as it relates to individuals and networks

In short, you will examine why and how the Internet was established, what services are

available, the emergence of the WWW, why security might be difficult to achieve, and

various techniques for living in a hostile computing environment.

Part III: Tools

Part III of this book examines the average toolbox of the hacker or cracker. It familiarizes

the reader with Internet munitions, or weapons. It covers the proliferation of such

weapons, who creates them, who uses them, how they work, and how the reader can use

them. Some of the munitions covered are

• Password crackers

• Trojans

• Sniffers

• Tools to aid in obscuring one's identity

• Scanners

• Destructive devices, such as e-mail bombs and viruses

The coverage necessarily includes real-life examples. This chapter will be most useful to

readers engaging in or about to engage in Internet security warfare.

Part IV: Platforms and Security

Part IV of this book ventures into more complex territory, treating vulnerabilities inherent

in certain operating systems or applications. At this point, the book forks, concentrating

on issues relevant to particular classes of users. (For example, if you are a Novell user,

you will naturally gravitate to the Novell chapter.)

Part IV begins with basic discussion of security weaknesses, how they develop, and

sources of information in identifying them. Part IV then progresses to platforms,

including

• Microsoft

• UNIX

• Novell

• VAX/VMS

• Macintosh

• Plan 9 from Bell Labs

Part V: Beginning at Ground Zero

Part V of this book examines who has the power on a given network. I will discuss the

relationship between these authoritarian figures and their users, as well as abstract and

philosophical views on Internet security. At this point, the material is most suited for

those who will be living with security issues each day. Topics include

• Root, supervisor, and administrator accounts

• Techniques of breaching security internally

• Security concepts and philosophy

Part VI: The Remote Attack

Part VI of this book concerns attacks: actual techniques to facilitate the compromise of a

remote computer system. In it, I will discuss levels of attack, what these mean, and how

one can prepare for them. You will examine various techniques in depth: so in depth that

the average user can grasp--and perhaps implement--attacks of this nature. Part VI also

examines complex subjects regarding the coding of safe CGI programs, weaknesses of

various computer languages, and the relative strengths of certain authentication

procedures. Topics discussed in this part include

• Definition of a remote attack

• Various levels of attack and their dangers

• Sniffing techniques

• Spoofing techniques

• Attacks on Web servers

• Attacks based on weaknesses within various programming languages

Part VII: The Law

Part VII confronts the legal, ethical, and social ramifications of Internet security and the

lack, compromise, and maintenance thereof.

This Book's Limitations

The scope of this book is wide, but there are limitations on the usefulness of the

information. Before examining these individually, I want to make something clear:

Internet security is a complex subject. If you are charged with securing a network, relying

solely upon this book is a mistake. No book has yet been written that can replace the

experience, gut feeling, and basic savvy of a good system administrator. It is likely that

no such book will ever be written. That settled, some points on this book's limitations

include the following:

• Timeliness

• Utility

Timeliness

I commenced this project in January, 1997. Undoubtedly, hundreds of holes have

emerged or been plugged since then. Thus, the first limitation of this book relates to

timeliness.

Timelines might or might not be a huge factor in the value of this book. I say might or

might not for one reason only: Many people do not use the latest and the greatest in

software or hardware. Economic and administrative realities often preclude this. Thus,

there are LANs now operating on Windows for Workgroups that are permanently

connected to the Net. Similarly, some individuals are using SPARCstation 1s running

SunOS 4.1.3 for access. Because older software and hardware exist in the void, much of

the material here will remain current. (Good examples are machines with fresh installs of

an older operating system that has now been proven to contain numerous security bugs.)

Equally, I advise the reader to read carefully. Certain bugs examined in this book are

common to a single version of software only (for example, Windows NT Server 3.51).

The reader must pay particular attention to version information. One version of a given

software might harbor a bug, whereas a later version does not. The security of the

Internet is not a static thing. New holes are discovered at the rate of one per day.

(Unfortunately, such holes often take much longer to fix.)

Be assured, however, that at the time of this writing, the information contained within

this book was current. If you are unsure whether the information you need has changed,

contact your vendor.

Utility

Although this book contains many practical examples, it is not a how-to for cracking

Internet servers. True, I provide many examples of how cracking is done and even

utilities with which to accomplish that task, but this book will not make the reader a

master hacker or cracker. There is no substitute for experience, and this book cannot

provide that.

What this book can provide is a strong background in Internet security, hacking, and

cracking. A reader with little knowledge of these subjects will come away with enough

information to crack the average server (by average, I mean a server maintained by

individuals who have a working but somewhat imperfect knowledge of security).

Also, journalists will find this book bereft of the pulp style of sensationalist literature

commonly associated with the subject. For this, I apologize. However, sagas of tiger

teams and samurais are of limited value in the actual application of security. Security is a

serious subject, and should be reported as responsibly as possible. Within a few years,

many Americans will do their banking online. Upon the first instance of a private citizen

losing his life savings to a cracker, the general public's fascination with pulp hacking

stories will vanish and the fun will be over.

Lastly, bona fide security specialists might find that for them, only the last quarter of the

book has significant value. As noted, I developed this book for all audiences. However,

these gurus should keep their eyes open as they thumb through this book. They might be

pleasantly surprised (or even downright outraged) at some of the information revealed in

the last quarter of the text. Like a sleight-of-hand artist who breaks the magician's code, I

have dropped some fairly decent baubles in the street.

Summary

In short, depending on your position in life, this book will help you

• Protect your network

• Learn about security

• Crack an Internet server

• Educate your staff

• Write an informed article about security

• Institute a security policy

• Design a secure program

• Engage in Net warfare

• Have some fun

It is of value to hackers, crackers, system administrators, business people, journalists,

security specialists, and casual users. There is a high volume of information, the chapters

move quickly, and (I hope) the book imparts the information in a clear and concise

manner.

Equally, this book cannot make the reader a master hacker or cracker, nor can it suffice as

your only source for security information. That said, let's move forward, beginning with a

small primer on hackers and crackers.

Comments