Hack Attacks Testing: How to Conduct Your Own Security Audit

Author: John Chirillo
Pages: 560
Publisher: Wiley
ISBN: 0-471-22946-6

Available for download is chapter 1 entitled “Basic Windows 2000/Windows 2000 Server Installation and Configuration”.

Introduction

As you can see from the title, the author bases this publication on the information containing resources and methodologies needed to start your own security audits. Don’t expect that after reading this book you will become a skilled penetration tester, but if you are interested in security audits it will provide an introduction to some of the best security tools around.

About the author

John Chirillo is Senior Inter-networking Engineer at ValCom, a technology management company in the Midwest. John holds numerous certifications including CCNA, CCDA, CCNP, CISSP, Intel Certified Solutions Consultant, Compaq ASE Enterprise Storage, and Master UNIX certifications, among others. He has more than ten years of experience on various computer systems and more than five years of training experience. John is the author of five Wiley books, including the Hack Attacks Series.

An interview with John Chirillo is available here.

Inside the book

The book is intended to serve as a know-how cookbook, so it starts with theory introducing the reader with guidelines on performing a successful security audit. Mr Chirillo mentions seven important phases:

• Blind testing – remote audits, site scanning, penetration testing and IP and e-mail spoofing testing.
• Knowledgeable penetration – when information on the target is known to the auditor.
• Internet security and services – DNS spoofing schemes, auditing scripting code, IP and ICMP flooding tests and evaluating the issues found in the first two phases.
• Dial-ip audit – wardialing and trying to find rogue modems and misconfigured dial-ups.
• Local infrastructure audit – reporting protocol traffic, network segments and bandwidth utilization.
• Wide Area Network audit – Internetworking equipment discovery and excerpts from actual log files.
• Reporting – compilation of reports received from all the previous phases

Tiger Teams are groups of security professionals that combine various skills into evaluating security risks of the target machines, networks and other assets. Tiger Box is a computer system containing all the needed tools designed for the security auditing purposes. The opening part of the book talks about setting a multisystem Tiger Box. The author notes that a Tiger Box should have a multi-boot configuration as there is a number of programs that don’t run on some operating systems, but they are crucial for making a thorough system security audit. The operating systems covered in this 80 pages long section include Windows 2000, Windows 2000 Server, Linux, Solaris and MacOS X. The guides provided here offer the novice readers information on installation and configuration of these operating systems. I should note that the author walks the user from the first step of starting the computer with the bootable CD to typing the passwords and clicking the final “Install” button. Because most of the security books just skip Mac OS X, the mentioned chapter on creating a Mac OS X Tiger Box comes as a big plus.

After installing a Tiger Box, the author goes into step-by-step installation and configuration of a testing target system. The target environment used in this book is a Microsoft Windows NT system. After installing the operating system, Mr. Chirillo goes deeper with Windows Internet Naming Service (WINS), Domain Name Server (DNS) and Internet Information Server (IIS). All of these guides can be used as a separate HOW-TOs relating to the mentioned services.

Depending to your preferences, you will surely be more interested in either part two or part three. The second part talks about using security analysis tools for the Windows based Tiger Box, while the third one does the same, but is connected to *NIX and Mac OS X operating systems. Neither of these parts should be skipped, as they provide an extensive overview of several OS specific security tools.

Before detailing the tools the author presents some auditing tips for *NIX, Windows and Storage based Networks. Tips provided, focus on default installs, weak passwords, open ports, CGI flaws, buffer overflows, NetBIOS shares, information leakage, Shell Daemon flaws, SNMP issues etc.

Without going deeper into every single tool talked about this book, I will just give an overview of the software tools used in this book. The most important thing is that all of the tools presented are covered with extensive installation and configuration options, usage directions and examples of reports and logs resulted from the scans.

Tools covered within the Windows related part of the book include:

• Cerberus Internet Scanner – about 20 pages mostly dealing with target configuration
• CyberCop Scanner – about 40 pages with graphical screenshots of the sub-tools this software offers
• Internet Scanner – about 30 pages mentioning both console and command-line mode scanning
• STAT (Security Threat Avoidance Technology Scanner) – about 25 pages with provided examples of Executive Summary Extract and Report
• Tiger Suite 4.0 – about 30 pages about this collection of tools providing various system information

As an introduction for the novice users, author gives an overview of basic *NIX commands and operations that should come handy during the Linux or Solaris Tiger Box usage. The book’s appendix continues the overview of essential shortcuts and commands for *NIX operating systems and acts as a reference guide to the administrators.

Tools covered within the *NIX/Mac OS X related part of the book include: spoofing utility hping 2, Nessus, Nmap, Security Administrator Integrated Network Tool (SAINT) and Security Auditor Research Assistant (SARA). Each of these tools is presented with a 20-30 page overview. As a nice ending, author uses the mentioned tools for a comparative vulnerability assessment of the target network.

About the CD-ROM

The accompanying CD-ROM offers interactive presentations of Cerberus Internet Scanner, CyberCop Scanner, Internet Scanner, Nessus, Nmap and SARA. These HTML based presentations, offer the reader the possibility of expanding the topics they read, by showing them on a point-and-click basis, how these scanners work and generate target reports. The CD-ROM also contains a full single license version of TigerSuite 4.0.

My opinion

The book was written so it can be read very easily, with lot of practical examples including screenshots, reports and usage logs. The CD-ROM is nicely done and offers a new interactive dimension, and as such is a valuable supplement to the written material. I recommend this book to novice and inter-mediate readers that are interested in both learning the practical basics of security audits, as well as those interested to see what data others can collect about their computers or networks.