fm.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 372 行 · 第 1/2 页

<I>the</I> <I>GS utilities</I>) are free. The chief differences between these two
distributions are that Rops is smaller, easier to configure, and faster. In fact,
it is probably one of the best shareware products I have ever seen; it is incredibly
small for the job that it does and requires minimal memory resources. It was coded
by Roger Willcocks, a software engineer in London, England.</P>
<P>In contrast, the GS utilities are slower, but support many more fonts and other
subtle intricacies you will likely encounter in PostScript documents produced on
disparate platforms. In other words, on documents that Rops fails to decode, the
GS utilities will probably still work. The GS utilities also have more tolerance
for faults within a PostScript document. If you have never used a PostScript interpreter,
there are certain situations you may encounter that seem confusing. One such situation
is where the interpreter cannot find evidence of page numbering. If you encounter
this problem, you will only be able to move forward in the document (you will not
be able to go back to page 1 after you have progressed to page 2). In such instances,
it's best to print the document.</P>
<P>To avoid this problem, I have purposefully (and by hand) searched out alternate
formats. That is, for each PostScript document I encountered, I tried to find the
identical paper in PDF, TXT, DOC, WPG, or HTML. In some cases, I'm afraid, I could
not find the document in any other form (this was especially so with early classic
papers on Internet security). In cases where I did successfully find another format,
I have pointed you there instead of to the PostScript version. I did this because
the majority of PC users (with the exception of Mac users) do not routinely have
PostScript facilities on their machines.</P>
<P>Next I need to say several things about the hyperlinks in this book. Each one
was tested by hand. In certain instances, I have offered links overseas to papers
that are also available here in the United States. This is because I tried to pick
the most reliable links possible. By <I>reliable links</I>, I mean the links most
easily retrieved in the shortest time possible. Although you wouldn't think so, some
overseas links are much faster. Also, in some instances, I could only find a verified
link to a document overseas (<I>verified links</I> means that when I tested the link,
the requested item actually existed at the URL in question). To provide you with
maximum value, I have attempted to reduce the incidences of <TT>Object Not Found</TT>
to practically nil. Naturally, however, your mileage may vary. Sites often change
their structure, so expect a few links to be no longer valid (even though most were
checked just a month or two before the book's printing.)</P>
<P>Also, many hyperlink paths are expressed in their totality, meaning that wherever
possible, I have extracted the <I>total</I> address of an object and not simply the
server on which it resides. In reference to downloadable files (tools, usually),
these links will not bring you to a page. Instead, they will initiate a download
session to your machine, bringing the file directly to you. This will save you time,
but might first be confusing to less experienced users. Don't be surprised when a
dialog box appears, asking you to save a file.</P>
<P>Wherever I specify what language a tool or software program was written in, pay
careful attention. Many tools mentioned require either a compiler or an interpreter
before they can be built and used. If you do not currently have the language or interpreter
necessary (or if your platform is different from that for which the tool was designed),
re-examine the reference. Unless it seems that the distribution contains documents
that are of value to you, you should probably refrain from downloading it. Moreover,
many utilities come in source code form only. Although I have examined much of the
source code myself, I cannot vouch for each and every line of it. If you intend to
download source code and compile it on your own architecture, be aware that neither
I nor Sams can be responsible for trojans or other malicious code that may exist
in these files. The majority of files referenced are actually from reliable sources
and many are accompanied by digital signatures, PGP keys, or other co-signing assurances
of authenticity and integrity. However, code that originated on cracker sites may
or may not be clean. Use your judgment in these instances.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Special note to Windows and Mac
	users: if you have no idea what I am talking about, fear not. You will by the time
	you reach Chapter 6, &quot;A Brief Primer on TCP/IP.&quot; I made every possible
	attempt to make this book easily read and understood for all users. I have taken
	great pains to explain many terms and procedures along the way. If you are already
	aware of the definitions, skip these passages. If you are not, read them carefully.
<HR>


</BLOCKQUOTE>

<P>The majority of the sites referenced are easily viewed by anyone. There may be
a few sites that use extensive table structures or maintain an all-graphic interface.
Those with noncompliant browsers may not be able to view these sites. Nonetheless,
there are very few such sites. Wherever possible, I have attempted to find alternate
pages (that support non-table browsers) so almost all of the pages are viewable using
any browser. However, I am not perfect; my efforts may fail in some cases. For this,
I apologize.</P>
<P>In reference to sites mentioned that I deem &quot;very good,&quot; a word of caution:
This is my opinion only. I classify sites as &quot;good&quot; if they impart information
that is technically sound or point you in many valuable directions. But simply because
I say one site is good and say nothing about another does not mean the other site
is bad. I have hand-picked every site here, and each offers good information on security.
Those I single out as particularly good are so identified usually because the maintainer
of that site has done an exemplary job of presenting the information.</P>
<P>With respect to hyperlinks, I will say this: At the end of Appendix A, &quot;Where
to Get More Information,&quot; I offer an uncommented, bare list of hyperlinks. This
is the equivalent of a huge bookmark file. There is a purpose for this, which I discuss
in detail within that Appendix, but I will briefly address that purpose now. That
list (which will also appear on the CD-ROM) is provided for serious students of security.
By loading that list into a personal robot (Clearweb is one good example), you can
build a huge security library on your local machine. Such personal robots rake the
pages on the list, retrieving whatever file types you specify. For companies that
have adequate disk space and are looking to build a security library, this can be
done automatically. Most robots will clone a remote site within a few minutes.</P>
<P>Be aware, however, that the majority of links offered lead to pages with many
links themselves. Thus, if you are running such a robot, you'd better have adequate
disk space for the output. Printed in their native form, all retrievable documents
in that list (if retrieved with a robot that goes out one level for each link) would
print a stack of paper approximately seven feet tall. I know this because I have
done it. In Appendix A, I describe the procedure to do so. If you decide to retrieve
and print written information and binaries from all the sites listed, you will have
the majority of written security knowledge available on the Internet within two weeks.
In organizations doing serious security research, this could have significant value,
particularly if all documents are reformatted to a single file format (you could
do special indexing and so forth).</P>
<P>Certain books or other documents have been referenced that are not available online.
These documents are obtainable, however. In all cases, I have included as much information
on them as possible. Sometimes, the ISBN or ISSN is included, and sometimes not.
ISBNs were not always obtainable. In these instances (which are admittedly rare),
I have included the Library of Congress catalog number or other, identifying features
that may help you find the referenced material offline. Any sources that could not
be traced down (either on the Net or elsewhere) were omitted from the book.</P>
<P>Moreover, I have made every possible effort to give credit to individuals who
authored or otherwise communicated information that is of technical value. This includes
postings in Usenet newsgroups, mailing lists, Web pages, and other mediums. In almost
all cases (with the exception of the list of vendors that appears in Appendix B,
&quot;Security Consultants&quot;), I have omitted the e-mail addresses of the parties.
True, you can obtain those addresses by going to various sites, but I refrained from
printing them within this book. I have made every effort to respect the privacy of
these individuals.</P>
<P>The list of vendors that appears in Appendix B was not taken from the local telephone
book. In March 1997, I issued a bulletin to several key security groups requesting
that vendors place a listing in this book. The people (and companies) who replied
are all qualified security vendors and consultants. These vendors and individuals
provide security products and services every day. Many deal in products that have
been evaluated for defense-level systems or other typically secure environments.
They represent one small portion of the cream of the crop. If a vendor does not appear
on this list, it does not mean that it is not qualified; it simply means that the
vendor did not want to be listed in a book written by an anonymous author. Security
people are naturally wary, and rightly so.</P>
<P>In closing, I have some final words of advice. Appendix C, &quot;A Hidden Message,&quot;
points to a block of encrypted text located on the CD-ROM. The encryption used was
Pretty Good Privacy (PGP). When (or rather, if) you decrypt it, you will find a statement
that reveals an element of the Internet that is not widely understood. However, within
five years, that element will become more clear to even the average individual. There
are several things that you need to know about that encrypted statement.</P>
<P>First, the encrypted text contains my opinion only. It is not the opinion of Sams.net.
In fact, to ensure that Sams.net is not associated with that statement, I have taken
the precaution of refusing to provide employees of Sams.net with the private passphrase.
Therefore, they have absolutely no idea what the statement is. Equally, I assure
you (as I have assured Sams.net) that the statement does not contain profanity or
any other material that could be deemed unsuitable for readers of any age. It is
a rather flat, matter-of-fact statement that warns of one facet of the Internet that
everyone, including security specialists, have sorely missed. This facet is of extreme
significance, not simply to Americans, but to all individuals from every nation.
At its most basic, the statement is a prognostication.</P>
<P>Now for a little note on how to decrypt the statement. The statement itself is
very likely uncrackable, because I have used the highest grade encryption possible.
However, you can determine the passphrase through techniques once common to the spy
trade. Contained in Appendix C are several lines of clear text consisting of a series
of characters separated by semi-colons (semi-colons are the field separator character).
After you identify the significance of these characters, you are presented with some
interesting possibilities. After trying them all, you will eventually crack that
statement (the significance of the clear text fields will reveal the passphrase).
If you are clever, cracking the message is easier than it looks (certainly, those
wild and crazy characters at NSA will have no problem, as long as the folks doing
it are vintage and not kids; that is about the only clue I will give). The public
key for the message is <TT>root@netherworld.net</TT>.</P>

<P>If you crack the message, you should forward it to all members of Congress. For
them, a group largely uneducated about the Internet, the message within that encrypted
text is of critical importance.</P>

<P>Good luck.<FONT COLOR="#000077"></FONT></P>
<CENTER>
<P>
<HR>
<A HREF="../ch01/ch01.htm"><IMG SRC="../button/next.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Next chapter" BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif"
WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>