A PRACTICAL GUIDE TO SOLARIS SECURITY

where friend@example.org matches the e-mail address of the key you want to sign or manage and must be one of the keys on your public ring. It prints out basic information on the key. Within this mode, type fpr to print the fingerprint of that key. Just like humans, the key fingerpr[r]

NIDS Signature Examples
An NIDS operates by examining packets and comparing them to known signatures. A good example of a common attack that can be clearly identified by its signature is the cmd.exe attack that is used against the Internet Information Server (IIS), which is Mi[r]

This should create enough addresses to solve any foreseeable address space needs. IPv6 also resolves the security and verification issues with IPv4. But for now, you will mostly see IPv4 packets. Then there are the Header Length and the Type Of Service settings (TOS), which allow for[r]

is detail on the data link layer, and so on. The little pluses can be expanded to show even more information on each level. It is amazing how much detail you can see on each packet. Ethereal is like an electron microscope for network packets!
The final section contains the actual packet c[r]

This will create log files in the /var/log/snort directory. Make sure the directory you specify has been created or the program will not load properly. Snort logs packets by IP address and creates a separate directory for each IP logged. If you are logging traffic on a large local network wit[r]

Sample Custom Rule 2
Building off of the scenario described in rule example 1, assume you have to allow some outside access to these servers, but still want to make sure no one was copying certain files. Let’s say there is a file called payroll.xls that has all of the[r]

Considerations for Vulnerability Scanning
Now that you fully understand all the options, you are ready to start scanning. But before you let loose with the packets, here are a few words on responsible scanning. While I have mentioned some of these issues in Chapter 4, there are addit[r]

Identifying Security Holes in Your Systems 125
ried technician trying to set up access for employees or outside parties will often err on the side of more access rather than better security in the effort to get the job done.
Even when the rule sets are well written[r]

There is a special section for testing HTTP login forms. You can give it the specific URL and form fields to be filled in. By default, it will test an index directory for blank user and password fields.
Brute-force login (Hydra) This section lets you take advantage of the add-on p[r]

Considerations for Network Sniffing
In order to do ethical and productive sniffing, you should follow the following guidelines.
Always Get Permission
Network sniffing, like many other security functions, has the potential for abuse. By capturing every transmission on the wire, yo[r]

Certificates are usually tied to a particular domain. They can be issued by a central entity, called a Certificate Authority (CA), or created and signed locally as described above. There are several of these organizations, the biggest of which is VeriSign, the com- pany t[r]

NPI, similar to ACID in its design, uses a MySQL database to store the results and a PHP-enabled Web server to view and query the results. Figure 8.8 illustrates the logical components of NPI. One difference between the Snort and Nessus architectures is that with[r]

2. Select a company and a target within that company. Again, the pull-down menu selections available to you reflect the user level at which you logged in.
3. Select a scan date, time, how often it should run, and how many times to recur. You can have the scan r[r]

The Analysis Console for Intrusion Databases (ACID) is a program designed to make better use of data from intrusion detection devices. It was written by Roman Dany- liw and others for the AirCERT program run by Carnegie Mellon University. They are part of the larger CERT (Computer Em[r]

Log files also contain information that is of interest from a security standpoint. Cer- tain activities are often the precursor of an attack in progress. Failed login attempts can be one of these signs. In Listing 8.1 you can see the user “john” had a failed login. It even tell[r]

In the box on the left of the screen you can see the statistics on this AG: the total num- ber of alerts, the number of unique alerts, and the number of different IP addresses appear- ing in the database, both by source IP and destination IP. If you have multiple sensors in your ACID network, you ca[r]

How Many Units Are You Likely to Sell?
The answer to this is the big one. Treat scaled up numbers with caution. What per- haps is most useful is the feel of the overall response. Are there, for instance, enough potential customers who are really keen on the product? Or do you sense t[r]

Embarrassment/Loss of Customers
Being offline can make a company look very bad. Not being able to communicate via e-mail or missing critical messages can be embarrassing at best. If their Web site is offline, customers will immediately begin asking questions. For public companies, it[r]

xi Preface
Open source software is such an integral part of the Internet that is it safe to say that the Internet wouldn’t exist as we know it today without it. The Internet never would have grown as fast and as dynamically as it did without open source programs such as BIND, which contro[r]

Ubiquitous, Inexpensive Broadband
Not too long ago, dedicated Internet connections were the sole domain of large companies, educational institutions, and the government. Now, you can get DSL or cable modem access for your business or home use for less than $100 per month. Companies are getting onl[r]