ch02.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 487 行 · 第 1/2 页

<P>Much of the information covered here will be painfully familiar to the security
specialist. Some of the material, however, might not be so familiar. (Most notably,
some cross-platform materials for those maintaining networks with multiple operating
systems.) Additionally, this book imparts a comprehensive view of security, encapsulated
into a single text. (And naturally, the materials on the CD-ROM will provide convenience
and utility.)
<H2><FONT COLOR="#000077"><B>The Good, the Bad, and the Ugly</B></FONT></H2>
<P>How you use this book is up to you. If you purchased or otherwise procured this
book as a tool to facilitate illegal activities, so be it. You will not be disappointed,
for the information contained within is well suited to such undertakings. However,
note that this author does not suggest (nor does he condone) such activities. Those
who unlawfully penetrate networks seldom do so for fun and often pursue destructive
objectives. Considering how long it takes to establish a network, write software,
configure hardware, and maintain databases, it is abhorrent to the hacking community
that the cracking community should be destructive. Still, that is a choice and one
choice--even a bad one--is better than no choice at all. Crackers serve a purpose
within the scheme of security, too. They assist the good guys in discovering faults
inherent within the network.</P>
<P>Whether you are good, bad, or ugly, here are some tips on how to effectively use
this book:

<UL>
	<LI>If you are charged with understanding in detail a certain aspect of security,
	follow the notes closely. Full citations appear in these notes, often showing multiple
	locations for a security document, RFC, FYI, or IDraft. Digested versions of such
	documents can never replace having the original, unabridged text.<BR>
	<BR>
	
	<LI>The end of each chapter contains a small rehash of the information covered. For
	extremely handy reference, especially for those already familiar with the utilities
	and concepts discussed, this &quot;Summary&quot; portion of the chapter is quite
	valuable.
</UL>

<P>Certain examples contained within this book are available on the CD-ROM. Whenever
you see the CD-ROM icon on the outside margin of a page, the resource is available
on the CD. This might be source code, technical documents, an HTML presentation,
system logs, or other valuable information.
<H2><FONT COLOR="#000077"><B>The Book's Parts</B></FONT></H2>
<P>The next sections describe the book's various parts. Contained within each description
is a list of subjects covered within that chapter.
<H3><FONT COLOR="#000077"><B>Part I: Setting the Stage</B></FONT></H3>
<P>Part I of this book will be of the greatest value to users who have just joined
the Internet community. Topics include

<UL>
	<LI>Why I wrote this book
	<LI>Why you need security
	<LI>Definitions of hacking and cracking
	<LI>Who is vulnerable to attack
</UL>

<P>Essentially, Part I sets the stage for the remaining parts of this book. It will
assist readers in understanding the current climate on the Net.
<H3><FONT COLOR="#000077"><B>Part II: Understanding the Terrain</B></FONT></H3>
<P>Part II of this book is probably the most critical. It illustrates the basic design
of the Internet. Each reader must understand this design before he or she can effectively
grasp concepts in security. Topics include

<UL>
	<LI>Who created the Internet and why
	<LI>How the Internet is designed and how it works
	<LI>Poor security on the Internet and the reasons for it
	<LI>Internet warfare as it relates to individuals and networks
</UL>

<P>In short, you will examine why and how the Internet was established, what services
are available, the emergence of the WWW, why security might be difficult to achieve,
and various techniques for living in a hostile computing environment.
<H3><FONT COLOR="#000077"><B>Part III: Tools</B></FONT></H3>
<P>Part III of this book examines the average toolbox of the hacker or cracker. It
familiarizes the reader with Internet munitions, or weapons. It covers the proliferation
of such weapons, who creates them, who uses them, how they work, and how the reader
can use them. Some of the munitions covered are

<UL>
	<LI>Password crackers
	<LI>Trojans
	<LI>Sniffers
	<LI>Tools to aid in obscuring one's identity
	<LI>Scanners
	<LI>Destructive devices, such as e-mail bombs and viruses
</UL>

<P>The coverage necessarily includes real-life examples. This chapter will be most
useful to readers engaging in or about to engage in Internet security warfare.
<H3><FONT COLOR="#000077"><B>Part IV: Platforms and Security</B></FONT></H3>
<P>Part IV of this book ventures into more complex territory, treating vulnerabilities
inherent in certain operating systems or applications. At this point, the book forks,
concentrating on issues relevant to particular classes of users. (For example, if
you are a Novell user, you will naturally gravitate to the Novell chapter.)</P>
<P>Part IV begins with basic discussion of security weaknesses, how they develop,
and sources of information in identifying them. Part IV then progresses to platforms,
including

<UL>
	<LI>Microsoft
	<LI>UNIX
	<LI>Novell
	<LI>VAX/VMS
	<LI>Macintosh
	<LI>Plan 9 from Bell Labs
</UL>

<H3><FONT COLOR="#000077"><B>Part V: Beginning at Ground Zero</B></FONT></H3>
<P>Part V of this book examines who has the power on a given network. I will discuss
the relationship between these authoritarian figures and their users, as well as
abstract and philosophical views on Internet security. At this point, the material
is most suited for those who will be living with security issues each day. Topics
include

<UL>
	<LI>Root, supervisor, and administrator accounts
	<LI>Techniques of breaching security internally
	<LI>Security concepts and philosophy
</UL>

<H3><FONT COLOR="#000077"><B>Part VI: The Remote Attack</B></FONT></H3>
<P>Part VI of this book concerns attacks: actual techniques to facilitate the compromise
of a remote computer system. In it, I will discuss levels of attack, what these mean,
and how one can prepare for them. You will examine various techniques in depth: so
in depth that the average user can grasp--and perhaps implement--attacks of this
nature. Part VI also examines complex subjects regarding the coding of safe CGI programs,
weaknesses of various computer languages, and the relative strengths of certain authentication
procedures. Topics discussed in this part include

<UL>
	<LI>Definition of a remote attack
	<LI>Various levels of attack and their dangers
	<LI>Sniffing techniques
	<LI>Spoofing techniques
	<LI>Attacks on Web servers
	<LI>Attacks based on weaknesses within various programming languages
</UL>

<H3><FONT COLOR="#000077"><B>Part VII: The Law</B></FONT></H3>
<P>Part VII confronts the legal, ethical, and social ramifications of Internet security
and the lack, compromise, and maintenance thereof.
<H2><FONT COLOR="#000077"><B>This Book's Limitations</B></FONT></H2>
<P>The scope of this book is wide, but there are limitations on the usefulness of
the information. Before examining these individually, I want to make something clear:
Internet security is a complex subject. If you are charged with securing a network,
relying solely upon this book is a mistake. No book has yet been written that can
replace the experience, gut feeling, and basic savvy of a good system administrator.
It is likely that no such book will ever be written. That settled, some points on
this book's limitations include the following:

<UL>
	<LI>Timeliness
	<LI>Utility
</UL>

<H3><FONT COLOR="#000077"><B>Timeliness</B></FONT></H3>
<P>I commenced this project in January, 1997. Undoubtedly, hundreds of holes have
emerged or been plugged since then. Thus, the first limitation of this book relates
to timeliness.</P>
<P>Timelines might or might not be a huge factor in the value of this book. I say
might or might not for one reason only: Many people do not use the latest and the
greatest in software or hardware. Economic and administrative realities often preclude
this. Thus, there are LANs now operating on Windows for Workgroups that are permanently
connected to the Net. Similarly, some individuals are using SPARCstation 1s running
SunOS 4.1.3 for access. Because older software and hardware exist in the void, much
of the material here will remain current. (Good examples are machines with fresh
installs of an older operating system that has now been proven to contain numerous
security bugs.)</P>
<P>Equally, I advise the reader to read carefully. Certain bugs examined in this
book are common to a single version of software only (for example, Windows NT Server
3.51). The reader must pay particular attention to version information. One version
of a given software might harbor a bug, whereas a later version does not. The security
of the Internet is not a static thing. New holes are discovered at the rate of one
per day. (Unfortunately, such holes often take much longer to fix.)</P>
<P>Be assured, however, that at the time of this writing, the information contained
within this book was current. If you are unsure whether the information you need
has changed, contact your vendor.
<H3><FONT COLOR="#000077"><B>Utility</B></FONT></H3>
<P>Although this book contains many practical examples, it is not a how-to for cracking
Internet servers. True, I provide many examples of how cracking is done and even
utilities with which to accomplish that task, but this book will not make the reader
a master hacker or cracker. There is no substitute for experience, and this book
cannot provide that.</P>
<P>What this book can provide is a strong background in Internet security, hacking,
and cracking. A reader with little knowledge of these subjects will come away with
enough information to crack the average server (by average, I mean a server maintained
by individuals who have a working but somewhat imperfect knowledge of security).</P>
<P>Also, journalists will find this book bereft of the pulp style of sensationalist
literature commonly associated with the subject. For this, I apologize. However,
sagas of tiger teams and samurais are of limited value in the actual application
of security. Security is a serious subject, and should be reported as responsibly
as possible. Within a few years, many Americans will do their banking online. Upon
the first instance of a private citizen losing his life savings to a cracker, the
general public's fascination with pulp hacking stories will vanish and the fun will
be over.</P>
<P>Lastly, bona fide security specialists might find that for them, only the last
quarter of the book has significant value. As noted, I developed this book for all
audiences. However, these gurus should keep their eyes open as they thumb through
this book. They might be pleasantly surprised (or even downright outraged) at some
of the information revealed in the last quarter of the text. Like a sleight-of-hand
artist who breaks the magician's code, I have dropped some fairly decent baubles
in the street.
<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>In short, depending on your position in life, this book will help you

<UL>
	<LI>Protect your network
	<LI>Learn about security
	<LI>Crack an Internet server
	<LI>Educate your staff
	<LI>Write an informed article about security
	<LI>Institute a security policy
	<LI>Design a secure program
	<LI>Engage in Net warfare
	<LI>Have some fun
</UL>

<P>It is of value to hackers, crackers, system administrators, business people, journalists,
security specialists, and casual users. There is a high volume of information, the
chapters move quickly, and (I hope) the book imparts the information in a clear and
concise manner.</P>
<P>Equally, this book cannot make the reader a master hacker or cracker, nor can
it suffice as your only source for security information. That said, let's move forward,
beginning with a small primer on hackers and crackers.</P>
<CENTER>
<P>
<HR>
<A HREF="../ch01/ch01.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch03/ch03.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>