ch23.htm

Maximum Security (First Edition) 网络安全 英文版

	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Find the paper from which
	the preceding paragraph is excerpted at <A HREF="http://www.intrusion.com/ksm.htm"><TT>http://www.intrusion.com/ksm.htm</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>A fully functional trial version is available at

<UL>
	<LI><A HREF="ftp://ftp.intrusion.com/pub/ntev402.exe"><TT>ftp://ftp.intrusion.com/pub/ntev402.exe</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>NetXRay Protocol Analyzer and Network Monitor Software</B></FONT></H3>
<P>Using Windows 95, are we? Try NetXRay by CINCO. This truly is a well-coded package.
It allows monitoring of multiple network segments, and supports multiple instances
of the monitor and capture (and analysis) of just about any type of packet you can
dream of. What's more, you can take it for a test drive (but it will only record
a handful of packets; it's only a demo). To do so, point your browser here:

<UL>
	<LI><A HREF="http://www.cinco.com/register.html"><TT>http://www.cinco.com/register.html</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>LANWatch Network Analyzer for DOS</B></FONT></H3>
<P>LANWatch Network Analyzer for DOS is a well-coded utility that provides over 400
separate filters for LAN traffic. Moreover, LANWatch screens provide color coding
of all events and statistics. It has facilities for ongoing, real-time monitoring
as well as snapshots for close examination of a particular event. It also runs on
very, very low overhead. Requirements are DOS 3.3 and 512KB. This is an ideal tool
for DOS-based network management or for anyone trying to code a utility to run over
a network. If you are writing a custom network application for a DOS network, you
can verify the efficacy of the application using LANWatch by watching your code in
action. Information on LANWatch can be obtained here:

<UL>
	<LI><A HREF="http://www.guesswork.com/lwhome.html"><TT>http://www.guesswork.com/lwhome.html</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>inftp.pl</B></FONT></H3>
<P>inftp.pl is a Perl script that records incoming FTP sessions. It was written by
Stephen Northcutt, a system administrator on a military network. Northcutt is the
developer of a few finely coded utilities. This utility (perhaps used in conjunction
with another from Northcutt, called inpattern.pl) allows you to incisively log FTP
traffic. The combination of the two utilities results in logs that trap specific
events or patterns. Both are available at the location listed here, as is a document
authored by Northcutt titled &quot;What Do Castles Have in Common with Corporate
Networks?&quot; The document offers a brief (but surprisingly clear) treatment of
firewalls. Northcutt provides some good links in the meantime. The scripts are here:

<UL>
	<LI><A HREF="http://pokey.nswc.navy.mil/Docs/intrusion.html"><TT>http://pokey.nswc.navy.mil/Docs/intrusion.html</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>SWATCH</B></FONT></H3>
<P>SWATCH (the name is derived from the term <I>system watcher</I>) is a popular
utility created by Stephen Hansen and Todd Atkins at Stanford. To get a closer look
at what a SWATCH record looks like, you should go to Stephen Northcutt's site. He
has a log posted here:

<UL>
	<LI><A HREF="http://pokey.nswc.navy.mil/SRN/intru_example.html"><TT>http://pokey.nswc.navy.mil/SRN/intru_example.html</TT></A>
</UL>

<P>The cool thing about SWATCH is that it can handle many systems. It is a quick
and painless way to integrate the merging of data from the syslog utilities of several
machines. SWATCH is available here:

<UL>
	<LI><A HREF="ftp://coast.cs.purdue.edu/pub/tools/unix/swatch/"><TT>ftp://coast.cs.purdue.edu/pub/tools/unix/swatch/</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>NOCOL Network Operations Center OnLine</B></FONT></H3>
<P>NOCOL, which is for UNIX systems, monitors traffic on the network. It is a big
package and has many important features. It uses a standard Curses-based interface,
but has support for additional Perl modules written by the user. (It even has a Perl
interface. Appropriately enough, it is called PerlNOCOL.) Authored by Vikas Aggarwal
and released in late 1994, NOCOL is not something you can set up in 10 minutes. This
is a complex and complete package, with separate monitors for each different interface.
Check it out here:

<UL>
	<LI><A HREF="ftp://ftp.navya.com/pub/vikas/nocol.tar.gz"><TT>ftp://ftp.navya.com/pub/vikas/nocol.tar.gz</TT></A>
</UL>

<H3><FONT COLOR="#000077"><B>NeTraMet</B></FONT></H3>
<P>NeTraMet is an interesting utility. It is a bit dated, but it works nicely and
supports both PCs and SunOS. The distribution comes with source for both SunOS and
IRIX, as well as pre-built executables for DOS. You can also obtain the source for
the PC version if desired. (This is a rules-based filter and analysis tool. Be forewarned,
however, that the documentation is in PostScript. Get an interpreter.) NeTraMet is
here:

<UL>
	<LI><A HREF="ftp://ftp.fc.ul.pt/pub/networking/snmp/NeTraMet/"><TT>ftp://ftp.fc.ul.pt/pub/networking/snmp/NeTraMet/</TT></A>
</UL>

<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>Internal network breaches are far more common than you think. The problem is,
they are not reported as fastidiously as other types of cracking activity. This is
due primarily to the need for corporate secrecy. Many in-house crackers are caught
and simply discharged with little fanfare.</P>
<P>In past years, internal network security has been a concern primarily for large
institutions or corporations. However, the rise of the personal computer changed
that climate. Today, most businesses have some form of network. Thus, even if you
maintain a small company, you may want to reevaluate your computer security policies.
Disgruntled employees account for a high percentage of internal damage and theft
of proprietary data. You should have some form of protection and--if possible--a
disaster recovery plan.
<H3><FONT COLOR="#000077"><B>Resources</B></FONT></H3>
<P><B>A Guide to Understanding Data Remanence in Automated Information Systems.</B>
NCSC-TG-025 Library No. 5-236,082. Version 2.

<UL>
	<LI><A HREF="http://bilbo.isu.edu/security/isl/drinais.html"><TT>http://bilbo.isu.edu/security/isl/drinais.html</TT></A>
</UL>

<P><B>Erased Files Often Aren't. </B>M.R. Anderson. <I>Government Technology Magazine</I>,
January, 1997.

<UL>
	<LI><A HREF="http://www.govtech.net/1997/gt/jan/jan-justice&technology2/jan-justice&technology2.shtm"><TT>http://www.govtech.net/1997/gt/jan/jan-justice&amp;technology2/jan-justice&amp;technology2.shtm</TT></A>
</UL>

<P><B>Computer Crime: Tips on Securing and Recovering Electronic Data.</B> Richard
K. Moher. Law Journal Extra and Law Technology Product News, originally published
by New York Law Publishing Company.

<UL>
	<LI><A HREF="http://www.ljextra.com/securitynet/articles/121796s2.html"><TT>http://www.ljextra.com/securitynet/articles/121796s2.html</TT></A>
</UL>

<P><B>CIAC Bulletin G-45: Vulnerability in HP VUE.</B>

<UL>
	<LI><A HREF="http://geek-girl.com/bugtraq/1996_3/0506.html"><TT>http://geek-girl.com/bugtraq/1996_3/0506.html</TT></A>
</UL>

<P><B>Some Remarks on Protecting Weak Secrets and Poorly Chosen Keys from Guessing
Attacks.</B> Gene Tsudik and Els Van Herreweghen.

<UL>
	<LI><A HREF="http://www.zurich.ibm.com/Technology/Security/publications/1993/tv93a.ps.Z"><TT>http://www.zurich.ibm.com/Technology/Security/publications/1993/tv93a.ps.Z</TT></A>
</UL>

<P><B>CERT Guidelines for Responding to a Root Compromise on a UNIX System.</B> Version
2.0, March 1996.

<UL>
	<LI><A HREF="http://www.sevenlocks.com/Root_com.htm"><TT>http://www.sevenlocks.com/Root_com.htm</TT></A>
</UL>

<P><B>Running a Secure Server.</B> Lincoln D. Stein. Whitehead Institute/MIT Center
for Genome Research.

<UL>
	<LI><A HREF="http://www.sevenlocks.com/secservr.htm"><TT>http://www.sevenlocks.com/secservr.htm</TT></A>
</UL>

<P><B>Securing Internet Information Servers.</B> CIAC 2308.

<UL>
	<LI><A HREF="http://ciac.llnl.gov/ciac/documents/ciac2308.html"><TT>http://ciac.llnl.gov/ciac/documents/ciac2308.html</TT></A>
</UL>

<P><B>UNIX Incident Guide How to Detect an Intrusion.</B> CIAC-2305.

<UL>
	<LI><A HREF="http://ciac.llnl.gov/ciac/documents/CIAC-2305_UNIX_Incident_Guide_How_to_Detect_an_Intrusion.pdf"><TT>http://ciac.llnl.gov/ciac/documents/CIAC-2305_UNIX_Incident_Guide_How_to_Detect_an_Intrusion.pdf</TT></A>
</UL>

<P><B>CERT(sm) Coordination Center Generic Security Information.</B> January 1995.

<UL>
	<LI><A HREF="http://www.sevenlocks.com/CERTGenericInfo.htm"><TT>http://www.sevenlocks.com/CERTGenericInfo.htm</TT></A>
</UL>

<P><B>Implementation of a Discretionary Access Control Model for Script-Based Systems.</B>
T. Jaeger and A. Prakash. 8th IEEE Computer Security Foundations Workshop, 1995.

<UL>
	<LI><A HREF="ftp://ftp.eecs.umich.edu/people/aprakash/collaboration/papers/csfw95.ps.Z"><TT>ftp://ftp.eecs.umich.edu/people/aprakash/collaboration/papers/csfw95.ps.Z</TT></A>
</UL>

<P><B>The Distributed Compartment Model for Resource Management and Access Control
Technical Report.</B> Steven J. Greenwald and Richard E. Newman-Wolfe. University
of Florida, Number TR94-035, 1994.

<UL>
	<LI><A HREF="ftp://ftp.cis.ufl.edu/cis/tech-reports/tr94/tr94-035.ps.Z"><TT>ftp://ftp.cis.ufl.edu/cis/tech-reports/tr94/tr94-035.ps.Z</TT></A>
</UL>

<P><B>An Access Model for Shared Interfaces.</B> G. Smith and T. Rodden. Research
report. Lancaster University, Computing Department, Number CSCW/8/1994, 1994.

<UL>
	<LI><A HREF="http://www.lpac.ac.uk/SEL-HPC/Articles/GeneratedHtml/hci.cscw.html"><TT>http://www.lpac.ac.uk/SEL-HPC/Articles/GeneratedHtml/hci.cscw.html</TT></A>
</UL>

<CENTER>
<P>
<HR>
<A HREF="../ch22/ch22.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch24/ch24.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>