"Network Security Tools": Write, Hack, and Modify Open Source Security Tools
Publication date: Monday, 18 April 2005
Sebastopol, CA--Each time a software vulnerability is discovered and announced, organizations that use the affected software have to rush to install vendor-issued patches before their networks are compromised. But vendors are often one step behind the announcement, and even casual attackers with few skills are able to launch assaults and compromise the networks of major corporations before the patch is installed. This makes it vital for anyone with hosts connected to the Internet to perform routine audits to detect unpatched remote vulnerabilities.
But how does one go about performing a thorough network assessment? According to Nitesh Dhanjani and Justin Clarke, authors of Network Security Tools (O'Reilly, US $34.95), most security books teach readers only how to use the out-of-the-box functionality provided by existing network security tools, which is often limited. "Malicious attackers are sophisticated enough to understand that the real power of the most popular network security tools doesn't lie in their out-of-the-box functionality, but in the framework that allows you to extend and tweak their functionality," explain Dhanjani and Clarke. "These sophisticated attackers also know how to quickly write their own tools to break into remote networks."
Although a security tool will occasionally do exactly what a network administrator wants, right out of the box, more frequently, it's necessary to customize the tool to fit the needs of the network structure. In Network Security Tools, Dhanjani and Clarke show network administrators how to use popular open source security assessment tools such as Ettercap, Hydra, Metasploit, Nessus, Nitkeo, and Nmap, and then customize them to defend against even the most experienced attackers.
While most security books focus on keeping networks and systems secure, Network Security Tools also provides information on determining vulnerabilities in web applications. "Historically, network and operating system-level vulnerabilities have been the sweet spot for attackers," Dhanjani and Clarke observe. "These days, though, hardened firewalls, patched systems, and secure server configurations make these vulnerabilities less desirable than web applications. By their nature, web applications are designed to be convenient for the end user, and security is either overlooked or built in as an afterthought."
Beginning with an overview of the popular open source security tools, the book discusses the common customizations and extensions for these tools. The first half of the book, "Modifying and Hacking Security Tools," provides overviews describing how the specific tool is used to test for vulnerabilities. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Clear, step-by-step instructions show how to use both the plug-ins and code for security testing. The second half of the book, "Writing Network Security Tools," shows how to customize the open source assessment tools and write even more specialized attack and penetration tools. Topics covered include:
# Writing customized network sniffers and packet injection tools
# Writing plugins for Nesssus, Ettercap, and Nikto
# Developing exploits for Metasploit
# Performing code analysis for web applications
# Writing kernel modules for security applications
# Understanding rootkits
Network Security Tools takes an evenhanded and accessible approach--neither tediously academic nor overly sensational--allowing readers to review security problems quickly and implement new, practical solutions. In an age when security is crucial, this book is the resource every network administrator needs when locking down a network.
|
|
