ch15.htm

Maximum Security (First Edition) 网络安全 英文版

far superior to PostScript format, particularly for those not running UNIX.</P>
<P>Important information provided by CIAC to the public includes the following:

<UL>
	<LI>Defense Data Network advisories
	<LI>CERT advisories
	<LI>NASA advisories
	<LI>A comprehensive virus database
	<LI>A computer security journal by Chris McDonald
</UL>

<P>CIAC is located at <A HREF="http://ciac.llnl.gov/"><TT>http://ciac.llnl.gov/</TT></A>
(see Figure 15.4).</P>
<P><A NAME="04"></A><A HREF="04.htm"><B>FIGURE 15.4.</B></A> <I><BR>
The Computer Incident Advisory Capability WWW site.</I>
<H4><FONT COLOR="#000077"><B>The National Institute of Standards and Technology Computer
Security Resource Clearinghouse</B></FONT></H4>
<P>The NIST CSRC WWW site (see Figure 15.5) is a comprehensive starting point. NIST
has brought together a sizable list of publications, tools, pointers, organizations,
and support services.</P>
<P><A NAME="05"></A><A HREF="05.htm"><B>FIGURE 15.5.</B></A> <I><BR>
The NIST CSRC WWW site.</I>
<H4><FONT COLOR="#000077"><B>The Forum of Incident Response and Security Teams (FIRST)</B></FONT></H4>
<P>FIRST is a really a coalition of many organizations, both public and private,
that work to circulate information on and improve Internet security. Some FIRST members
are

<UL>
	<LI>DoE Computer Incident Advisory Capability (CIAC)
	<LI>NASA Automated Systems Incident Response Capability
	<LI>Purdue University Computer Emergency Response Team
	<LI>Stanford University Security Team
	<LI>IBM Emergency Response Service
	<LI>Australian Computer Emergency Response Team
</UL>

<P>The interesting thing about FIRST is that it exercises no centralized control.
All members of the organization share information, but no one exercises control over
any of the other components. FIRST maintains a list of links to all FIRST member
teams with WWW servers. Check out FIRST at <A HREF="http://www.first.org/team-info/"><TT>http://www.first.org/team-info/</TT></A>
(see Figure 15.6).</P>
<P><A NAME="06"></A><A HREF="06.htm"><B>FIGURE 15.6.</B></A> <I><BR>
The FIRST WWW site.</I>
<H4><FONT COLOR="#000077"><B>The Windows 95 Bug Archive</B></FONT></H4>
<P>The Windows 95 Bug Archive is maintained at Stanford University by Rich Graves.
To his credit, it is the only truly comprehensive source for this type of information.
(True, other servers give overviews of Windows 95 security, but nothing quite like
this page.) This archive is located at

<UL>
	<LI><A HREF="http://www-leland.stanford.edu/~llurch/win95netbugs/archives/"><TT>http://www-leland.stanford.edu/~llurch/win95netbugs/archives/</TT></A>
</UL>

<P>Mr. Graves is a Network Consultant, a Webmaster, an Apple Talk specialist, and
a master Gopher administrator. He has painstakingly collected an immense set of resources
about Windows 95 networking (he is, in fact, the author of the Windows 95 Networking
FAQ). His Win95NetBugs List has a searchable index, which is located here:

<UL>
	<LI><A HREF="http://www-leland.stanford.edu/~llurch/win95netbugs/search.html"><TT>http://www-leland.stanford.edu/~llurch/win95netbugs/search.html</TT></A>
</UL>

<P>The site also features an FTP archive of Windows 95 bugs, which can be accessed
via the WWW at this locale:

<UL>
	<LI><A HREF="http://www-leland.stanford.edu/~llurch/win95netbugs/archives/"><TT>http://www-leland.stanford.edu/~llurch/win95netbugs/archives/</TT></A>
</UL>

<H4><FONT COLOR="#000077"><B>The ISS NT Security Mailing List</B></FONT></H4>
<P>This list is made available to the public by Internet Security Systems (ISS).
It is a mailing list archive. Individuals post questions (or answers) about NT security.
In this respect, the messages are much like Usenet articles. These are presented
at the following address in list form and can be viewed by thread (subject tag),
author, or date.

<UL>
	<LI><A HREF="http://www.iss.net/lists/ntsecurity/"><TT>http://www.iss.net/lists/ntsecurity/</TT></A>
</UL>

<P>From this address, you can link to other security mailing lists, including not
only Windows NT-related lists, but integrated security mailing lists, as well. You
also have the option of viewing the most recent messages available.</P>
<P>Such lists are of great value because those posting to them are usually involved
with security on an everyday basis. Moreover, this list concentrates solely on Windows
NT security and, as such, is easier to traverse and assimilate than mailing lists
that include other operating systems.</P>
<P>One particularly valuable element of this page is that you can link to the Windows
NT Security Digest Archive Listing. This is a comprehensive database of all NT postings
to the security list. Appendix A provides a description of various methods to incisively
search these types of archives using agents. For the moment, however, it suffices
to say that there are some very talented list members here. Even if you visit the
list without a specific question in mind, browsing the entries will teach you much
about Windows NT security.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>ISS is also the vendor
	for a suite of scanning products for Windows NT. These products perform extremely
	comprehensive analyses of NT networks. If your company is considering a security
	assessment, you might want to contact ISS (<A HREF="http://iss.net"><TT>http://iss.net</TT></A>).
	
<HR>


</BLOCKQUOTE>

<H4><FONT COLOR="#000077"><B>The National Institutes of Health</B></FONT></H4>
<P>The Computer Security Information page at the National Institutes of Health (NIH)
is a link page. It has pointers to online magazines, advisories, associations, organizations,
and other WWW pages that are of interest in security. Check out the NIH page at this
locale:

<UL>
	<LI><A HREF="http://www.alw.nih.gov/Security/security.html"><TT>http://www.alw.nih.gov/Security/security.html</TT></A>
</UL>

<P>This is a big site. You may do better examining the expanded index as opposed
to the front page. That index is located here:

<UL>
	<LI><A HREF="http://www.alw.nih.gov/Security/tcontents.html"><TT>http://www.alw.nih.gov/Security/tcontents.html</TT></A>
</UL>

<H4><FONT COLOR="#000077"><B>The Bugtraq Archives</B></FONT></H4>
<P>This extraordinary site contains a massive collection of bugs and holes for various
operating systems. The Bugtraq list is famous in the Internet community for being
the number one source for holes.</P>
<P>What makes Bugtraq so incredibly effective (and vital to those studying Internet
security) is that the entire archive is searchable. The information can be searched
so incisively that in just a few seconds, you can pin down not only a hole, but a
fix for it. The archive search index offers several choices on the type of search.</P>
<P>One important amenity of the Bugtraq list is that it is not inundated with advertisements
and other irrelevant information. The majority of people posting to the list are
extremely knowledgeable. In fact, the list is frequented by bona fide security specialists
that solve real problems every day. Chris Chasin, the host of Bugtraq, defines the
list as follows:

<DL>
	<DD>This list is for *detailed* discussion of UNIX security holes: what they are,
	how to exploit, and what to do to fix them. This list is not intended to be about
	cracking systems or exploiting their vulnerabilities. It is about defining, recognizing,
	and preventing use of security holes and risks.
</DL>

<P>In my opinion, Bugtraq is the Internet's most valuable resource for online reporting
of UNIX-based vulnerabilities. Visit it here:

<UL>
	<LI><A HREF="http://www.geek-girl.com/bugtraq/search.html"><TT>http://www.geek-girl.com/bugtraq/search.html</TT></A>
</UL>

<H4><FONT COLOR="#000077"><B>The Computer and Network Security Reference Index</B></FONT></H4>
<P>This index is another fine resource page. It contains links to advisories, newsgroups,
mailing lists, vendors, and archives. Check it out at

<UL>
	<LI><A HREF="http://www.telstra.com.au/info/security.html"><TT>http://www.telstra.com.au/info/security.html</TT></A>
</UL>

<H4><FONT COLOR="#000077"><B>Eugene Spafford's Security Hotlist</B></FONT></H4>
<P>This site can be summed up in five words: <I>the ultimate security resource page.</I>
Of the hundreds of pages devoted to security, this is the most comprehensive collection
of links available. In contrast to many link pages whose links expire, these links
remain current. Check it out on-line at

<UL>
	<LI><A HREF="http://www.cs.purdue.edu/homes/spaf/hotlists/csec-top.html"><TT>http://www.cs.purdue.edu/homes/spaf/hotlists/csec-top.html</TT></A>
</UL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Note to Netscape users: Spaff's
	page utilizes fundamental Web technology to spawn child windows. That means that
	for each link you click, a new window is spawned. New users may be unfamiliar with
	this method of linking and may be confused when they try to use the Back button.
	The Back button does not work because there is no window to go back to. If you plan
	to try multiple links from Spaff's page, you will need to kill each subsequent, child
	window to get back to the main list. If you fail to do this (and instead minimize
	each window) you will soon run out of virtual memory. 
<HR>


</BLOCKQUOTE>

<H3><FONT COLOR="#000077"><B>Mailing Lists</B></FONT></H3>
<P>Table 15.2 contains a list of security-related mailing lists that often distribute
advisories about holes. Most are very useful.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>CAUTION:</B></FONT><B> </B>Remember when I wrote about the
	large volume of mail one could receive from such a list? Beware. Subscribing to a
	handful of these lists could easily result in 10-30MB of mail per month. 
<HR>
</P>
	<P>
<HR>
<FONT COLOR="#000077"><B>TIP:</B></FONT><B> </B>If a list has a sister list that
	calls itself a <I>digest</I>, subscribe to the digest instead. Digests are bundled
	messages that come periodically as a single file. These are more easily managed.
	If you subscribe to three or four lists, you may receive as many as ten messages
	an hour. That can be overwhelming for the average user. (You'll see messages from
	distraught users asking how to get off the list. These messages usually start out
	fairly civil, but end up as &quot;Get me off this damn list! It is flooding my mailbox!&quot;)
	
<HR>


</BLOCKQUOTE>

<H4><FONT COLOR="#000077"><B>Table 15.2. Mailing lists for holes and vulnerabilities.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><I>List</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Subject</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:8lgm-list-request@8lgm.org"><TT>8lgm-list-request@8lgm.org</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Security holes only. No junk mail. Largely UNIX.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:bugtraq-request@fc.ne "><TT>bugtraq-request@fc.ne</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Mailing list for holes. No junk mail. UNIX.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:support@support.mayfield.hp.com"><TT>support@support.mayfield.hp.com</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Hewlett Packard security advisories.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:request-ntsecurity@iss.net"><TT>request-ntsecurity@iss.net</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">The ISS NT Security mailing list. This is the list that generates the NT archive
			mentioned previously.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:coast-request@cs.purdue.edu"><TT>coast-request@cs.purdue.edu</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Holes and discussion on tools. Primarily UNIX.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:security-alert@Sun.COM"><TT>security-alert@Sun.COM</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Sun Microsystems security advisories.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:www-security-request@nsmx.rutgers.edu"><TT>www-security-request@nsmx.rutgers.edu</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Holes in the World Wide Web.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:security-alert@Sun.COM"><TT>security-alert@Sun.COM</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Sun Microsystems security advisories.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><A HREF="mailto:Sneakers@CS.Yale.EDU"><TT>Sneakers@CS.Yale.EDU</TT></A></TD>
		<TD ALIGN="LEFT" VALIGN="TOP">The Sneakers list. Real-life intrusion methods using known holes and tools.</TD>
	</TR>
</TABLE>

<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>In this chapter, you have learned a bit about holes. This knowledge will serve
you throughout the remainder of the book, for I discuss various holes in many chapters.</P>
<P>In closing, if you are new to security, the preceding pages may leave you with
the sense that a hole is evidence of vendor incompetence. Not so. Vendor-based holes
may take a long time to fix. If the vendor is large, this may expand into weeks or
even months. Development teams in the corporate world work much like any other body.
There is a hierarchy to be traversed. A software programmer on a development team
cannot just make a material alteration to a program because he or she feels the need.
There is a standardized process; protocols must be followed. Perhaps even worse is
when the flaw exists in some standard that is administrated by a committee or board.
If so, it may be a long, long time before the hole is fixed.</P>
<P>For the moment, holes are a fact of life. And there is no likelihood of that changing
in the near future. Therefore, all system and network administrators should study
such holes whenever they can. Consider it a responsibility that goes along with the
job title because even if you don't study them, crackers will.</P>
<CENTER>
<P>
<HR>
<A HREF="../ch14/ch14.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch16/ch16.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>