Counter Hack: A must-read for security professionals

Counter Hack A Step-by-step Guide to Computer Attacks and Effective Defenses Author: Ed Skoudis Publisher: Prentice Hall PTR Price: $49.99

It was a bespectacled twenty-something Cornell graduate student by the name of Robert Tappan Morris Jr, whose antics one fine autumn day back in 1988 clogged and brought down what was then, by current standards, a toy Internet. It alerted the world to the possibility of a new area in computer science emerging that of network security. I was a Ph.D. student in New York back then and it was amazing to see the damage a mastery of Unix and the Internet protocols could unleash. Robert Morris Jr was duly convicted, fined, and sentenced to probation and community service. Over the years, I finished my Ph.D. and the sheer necessities of physical existence dragged me into the mart of economic strife and gain.

Meanwhile the area of network security fuelled by the hacking forays of Kevin Mitnick and a slew of other hackers, the genius of security experts such as Tsutomu Shimomura, as well as advances in areas such as cryptography propelled to a higher plane. The corporate world got involved too, and today network security company shares are one of the hottest new economy stocks to watch for.

Many books have been written on the subject of hacking and security, and Counter Hack A step-by-step Guide to Computer Attacks and Effective Defenses by Ed Skoudis is one of the latest. This book is a sign that this field is beginning to move past adolescence into a stage of maturity.

Ed Skoudis is a security professional based in the US, but interestingly he has taken a hacker’s approach to write this book. Not surprising, since it looks like hackers today play a crucial role in driving the field of network security, albeit not in a very pleasant way as far as security professionals are concerned.

The nice thing about Counter Hack is that it does not restrict itself to one operating system (OS); both Unix and its variants, and NT/2000, the major operating systems in use today, are covered. Short introductory chapters on NT and Unix prepare you with the necessary groundwork on the OSes that you require to read the rest of the book; a similar chapter covers the background required in TCP, IP, and other networking technologies.

Various kinds of tools, especially freeware tools, are described. Without going into too much depth, the author nevertheless does an excellent job of giving a feel for each tool and its capabilities with accompanying diagrams. Covered are tools such as war dialers, port scanners, sniffers, vulnerability assessment tools, password crackers, IDS (intrusion detection system) evasion tools, traffic relaying tools such as Netcat, as well as trojans, backdoors, session-hijackers, application-level and kernel-level rootkits, and what not.

The book is structured well. In fact, the whole process of Counter Hack which means protection against hacking starts off with how a hacker would approach the problem of hacking into a network; a number of stages are detailed: he/she would first start with reconnaissance, follow it up with scanning to figure out vulnerabilities, then continue with breaching the security by exploiting the vulnerabilities found therein, to be then followed up with maintaining access via a backdoor or some other means. Also, the hacker would alter logs so as to cover his/her tracks.

In the end are some interesting scenarios to illustrate how particular hacking episodes can take place. Appropriately named “Putting it all together: Anatomy of an attack”, the chapter considers a few hypothetical situations, and goes on to describe how an attack can be conceived and executed right from square one. The techniques described in the previous chapters are aptly demonstrated here in their on-the-field application. Also provided is a comprehensive list of resources to look for on the Internet, and related conferences that one can attend.

Reading this book makes one realise how the field of network security in general and hacking in particular has progressed in the last few years. Some of the paragraphs, especially the ones in the chapter on maintaining stealth access, can literally send shivers down the spine of a sensitive reader.

There is another interesting covert channel maintaining software described, which wraps its data as an HTTP payload. Appropriately named, “the reverse WWW shell”, the idea here is to fool the firewall into thinking that it is just another user surfing! The reverse WWW shell even times the packets with appropriate intervals between them so that the whole process resembles a Web surfing session; well, this is not all; the height of all covert channel maintaining tools described is the one which carries the data in TCP/IP header fields, namely, IP identification and TCP sequence number fields!

The author belongs to the school of thought that propounds the philosophy of full disclosure as regards hacking and network security issues. For instance, as regards exploits the software code that is used to breach security he has this to say: “Some controversy surrounds the organisations distributing these exploits. Most of the organisations offering these exploits have a philosophy of complete disclosure if the attackers know about these exploits, they should be made public so that everyone can learn about the techniques to defend against them. With this mindset, these purveyors of explicit exploit information argue that they are providing a service to the Internet community. Others take the view that these exploits just make attacks easier and more prevalent. While I respect the arguments of both sides of this disclosure controversy, I tend to fall into the full-disclosure camp (but you could have guessed that, given this book on the same topic).”

Overall, I do not find any major flaws in the book; perhaps it is a bit verbose at times, but that is understandable since the author is trying to cater to a diverse audience not just security professionals. Sadly the book does not have an Indian edition. The book is currently listed on amazon.com. The author also has a website at www.counterhack.net.

Dr Samir Kelekar

Click here for larger image

Norton Internet Security 2002 Contact: Symantec Corporation Ambarish Deshpande Tel: 022-6570658 E-mail: adeshpande@symantec.com Price: Rs. 4,320

You may not realise it, but surfing the Internet can be a dangerous proposition. The moment you go online, your computer becomes vulnerable to hackers, viruses, worms, Trojans and other cyber threats. The solution is to install anti-virus software, a desktop personal firewall, and Internet filtering software. Norton Internet Security 2002 (NIS) includes all three and throws in other useful features like Ad blocking.

NIS hides all the complexity associated with security software, yet provides powerful controls through a simple interface. If you have no knowledge or experience in doing things like configuring firewalls or updating the anti-virus program, begin with the Security Assistant.

Security Assistant: This wizard lets you configure various modules in NIS. It also informs you about the current security status of your system, checks the system for various vulnerabilities, and advises on what needs to be secured.

Personal Firewall: This module protects your computer from unauthorised access attempts hacker attacks or systems that try to take control of your PC. It also prevents certain applications on the PC from accessing the Net.

The Norton Personal Firewall looks out for port scans conducted by hackers. Then the AutoBlock feature takes over and prevents the hacker from gaining access to your PC. It also secures against malicious code that may arrive at your computer through Trojans, Java applets or ActiveX controls. For this it offers three levels of security: High (block everything), medium (prompt each time) and none (allow everything).

Privacy Control: Without you knowing it, confidential information on the PC (your e-mail address, credit card number, passwords, PINs, cookies, home address and phone number), could be transmitted via instant messaging programs to other users. Privacy Control prevents sensitive data from being sent in unencrypted form over non-secure connections to the Internet.

Parental Control: While installing the package you are asked if you want to install this feature. Parental Control is like Net Nanny software it lets you specify which websites other users can or cannot visit. In addition, it also blocks Internet access to chat software and other applications.

The administrator (parent) can set up accounts for different family members (or groups) and specify controls for each user or group.

Ad blocking: Banner ads on Web pages can delay page downloads; pop up Windows can be annoying and distracting. The Ad blocking feature can prevent these (and other clutter) from occurring in future. Just drag the banner into the NIS trashcan and you won’t see it again.

Norton Antivirus: These days more than 90 percent of virus infections come from the Internet. Virus authors are always thinking of new ways to dodge anti-virus software or are looking for new entry points into your system. That’s why it’s important to not just have anti-virus software, but also to update it regularly.

Norton Antivirus can scan e-mail attachments and blocks malicious scripts embedded in Web pages.

The program also offers features like auto-protect, manual scans, and inoculation. Don’t forget to use the LiveUpdate feature every fortnight.

The bonuses in this package are the well-documented manual (that explains all the terminology in a clear and concise manner), online assistance (help features), and system alerts.

You will also appreciate the status reporting for the Firewall and other modules. It shows statistics for events like recent intrusion attempts, recent attack attempts, the most frequent attacker and when you were last attacked. It also provides a technical report for various security parameters like Firewall TCP connections, Firewall Rules, Firewall UDP datagrams and network data.

Brian Pereira