This appendix lists some additional sources of information that are referenced in the book, as well as some sources that were not referenced but might be helpful.
The Common Vulnerabilities and Exposures (CVE) index and security bulletins from software vendors: http://cve.mitre.org
"The Ten Immutable Laws of Security" at http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx
"The Definition of a Security Vulnerability" at http://www.microsoft.com/technet/archive/community/columns/security/essays/vulnrbl.mspx
Writing Secure Code, Second Edition, by Michael Howard and David LeBlanc (Microsoft Press, 2003)
In February, 2002, CERT announced a critical vulnerability in SNMP that affected many products from many vendors: http://www.cert.org/advisories/CA-2002-03.html
Security templates for Windows XP from the Microsoft website at http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.asp
Microsoft Office Resource Kit Tools from http://www.microsoft.com/office/downloads
Microsoft Security Bulletins 03-026 and 03-039 at http://www.microsoft.com/security/security_bulletins/ms03-039.asp
Microsoft Baseline Security Analyzer (MBSA) Version 1.2 at http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Command-line scanner named KB824146Scan.exe at http://support.microsoft.com/?kbid=827363
FXCop tool for .NET Framework–based applications is available on the GotDotNet website at http://www.gotdotnet.com/team/fxcop/
"Vulnerability Assessment Scanners" by Jeff Forristal and Greg Shipley for Network Computing at http://www.nwc.com/1201/1201f1b1.html
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll (Pocket Books, 2000)
Gramm-Leach-Bliley (GLB) regulations on the Federal Trade Commission’s website at http://www.ftc.gov/privacy/glbact/glb-faq.htm
Heath Insurance Portability and Accountability Act (HIPAA) of 1996 on the United States Department of Health and Human Services’ webite at http://www.dhhs.gov/ocr/hipaa
The ASSET guidebook from the NSIT Computer Security Resource Center at http://csrc.nist.gov
Chicago Manual of Style, 15th Edition (University of Chicago Press, 2003)
Black Hat Security Conferences at http://www.blackhat.com
USENIX Security Symposium at http://www.usenix.org/events/
RSA Conference at http://www.rsaconference.com
Security Focus website at http://www.securityfocus.com, including the Bugtraq mailing list at http://www.securityfocus.com/archive
Common Vulnerability and Exposures list at http://cve.mitre.org/
Technical Cyber Security Alerts issued by the U.S. Computer Emergency Readiness Team (US-CERT) at http://www.us-cert.gov/cas/techalerts/index.html
Phrack’s website at http://www.phrack.org
PacketStorm’s website at http://packetstormsecurity.org
Security Developer section on MSDN at http://msdn.microsoft.com/security/
The InterNIC Whois search interface at http://www.internic.com/whois.html
Registrar information at http://www.dotgov.gov/whois.html and http://whois.nic.mil
American Registry for Internet Numbers (ARIN) at http://www.arin.net
Réseaux IP Européens Network Coordination Centre (RIPE NCC) at http://www.ripe.net
Asia Pacific Network Information Center (APNIC) at http://www.apnic.net
Latin America and Caribbean Internet Address Registry at http://www.lacnic.net
Detail about regular expressions and their uses in Findstr.exe can be found at http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/findstr.asp
Edgar Online at http://www.edgar-online.com/
The Internet Archive at http://www.archive.org
Counter Hack by Ed Skoudis (Prentice Hall PTR, 2001)
iDefense, at http://www.idefense.com, offers Internet monitoring services
Google Groups, a search engine for online newsgroups, at http://groups.google.com
DNS and BIND, Fourth Edition, by Cricket Liu and Paul Albitz (O’Reilly & Associates, 2001)
DNS RFCs at http://www.dns.net/dnsrd/rfc/
Ofir Arkin’s paper on ICMP scanning techniques at http://www.syssecurity.com
The article "Security Problems in the TCP/IP Protocol Suite" by S. M. Bellovin at http://www.research.att.com/~smb/papers/ipext.pdf
The article "IP-spoofing Demystified" at http://www.phrack.org/show.php?p=48&a=14
"Strange Attractors and TCP/IP Sequence Number Analysis" by Michal Zalewski can be found at http://razor.bindview.com/publish/papers/tcpseq.html
The Nmap utility at http://www.nmap.org
A reference on TCP/IP scans at http://www.totse.com/en/hack/hacking_lans_wans_networks_outdials/162024.html
Information about FTP scans at http://www.cert.org/tech_tips/ftp_port_attacks.html
Information about honeypots at http://www.honeynet.org
The Xprobe tool at http://www.sys-security.com
"War Dialing," by Michael Gunn at http://www.sans.org/rr/papers/index.php?id=268
The official Bluetooth website at http://www.bluetooth.com and http://www.bluetooth.com/upload/24Security_Paper.PDF
http://www.dis.org/filez/Wardial_ShipleyGarfinkel.pdf from Peter Shipley’s website at http://www.dis.org/filez/#shipley
Wireless Network Basics website at http://www.netgear.com/docs/refdocs/Wireless/wirelessBasics.htm
The Kismet too at http://www.kismetwireless.net
The AirSnort tool at http://airsnort.shmoo.com
The article "Debunking the Myth of SSID Hiding" by Robert Moskowitz at http://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding.pdf
Popular war dialers at:
Tool Name | Link |
---|---|
PhoneSweep | |
THC-Scan | |
ToneLoc | |
PhoneTag | |
Xiscan |
Microsoft Security Bulletin MS00-031 at http://www.microsoft.com/technet/security/Bulletin/MS00-031.mspx
Common Vulnerabilities and Exposures (CVE) list at http://cve.mitre.org
A dictionary at http://wordlist.sourceforge.net
Bindview’s Razor at http://razor.bindview.com
"What Administrators Should Know About Passwords" at http://www.microsoft.com/technet/security/readiness/content/documents/password_tips_for_administrators.doc
Cert Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks at http://www.cert.org/advisories/CA-1996-21.html
Information about denial of service attacks at: http://www.cert.org/tech_tips/denial_of_service.html
Protecting Windows servers from SYN floods at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/HTHardTCP.asp
Writing Secure Code, Second Edition, by Michael Howard and David LeBlanc (Microsoft Press, 2003)
Information about integer overflows and the SafeInt C++ class at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure01142004.asp
"Integer Handling with the C__ SafeInt Class" by David LeBlanc at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure01142004.asp
Writing Solid Code: Microsoft’s Techniques for Developing Bug-Free C Programs, by Steve Maguire (Microsoft Press, 1993)
A trial version of SQL Server 2000 can be obtained at http://www.microsoft.com/sql/evaluation/trial/default.asp
PortQry tool at http://www.microsoft.com/downloads/details.aspx?FamilyID=89811747-c74b-4638-a2d5-ac828bdc6983&displaylang=en
Details about the Hide Server option in SQL Server at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_97cb.asp
Information about MBSA at http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Information about the Odbcping utility at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/coprompt/cp_odbcping_194p.asp
Information about the SQLPing utility at http://www.sqlsecurity.com
Microsoft security bulletin MS02-039 at http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx
Information about the ServerVersion property in the System.Data .SqlClient.SqlConnection class, along with sample code, can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemdatasqlclientsqlconnectionclassserverversiontopic.asp
Information about determining the SQL Server service pack version and edition can be found at http://support.microsoft.com/default.aspx?kbid=321185
Information about a system stored procedure named xp_msver at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_xp_aa-sz_0o4y.asp
An article about keeping SQL Server installations up-to-date can be found at http://www.microsoft.com/sql/howtobuy/staycurrent.asp
Information about how to enable IPSec to provide secure communications between two servers at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT18.asp
Third-party tools for detecting weak passwords on SQL Server installations:
Next Generation Security Software offers SQLCrack at http://www.nextgenss.com
An article about enabling and interpreting SQL Server 2000 audit logs can be found at http://www.microsoft.com/technet/security/prodtech/dbsql/sql2kaud.mspx
Information about how to enable SSL communications with SQL Server 2000 and verify encrypted channels can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht19.asp
Writing Secure Code, Second Edition, by Michael Howard and David LeBlanc (Microsoft Press, 2003)
SQL Server Security by Chip Andrews, David Litchfield, and Bill Grindlay (McGraw-Hill Osborne Media, 2003)
The article titled "10 Steps to Help Secure SQL Server 2000" is found at http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp
Database Scanner product from Internet Security Systems at http://www.iss.net
AppDetective product from Application Security at http://www.appsecinc.com
SQL Sever security from Microsoft at http://www.microsoft.com/sql/techinfo/administration/2000/security/default.asp
Oracle Corporation at http://www.oracle.com
IBM Corporation at http://www.ibm.com
Sybase, Inc., at http://www.sybase.com
MySQL AB at http://www.mysql.com
Information about protecting hosts from ICMP Redirect attacks at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/HTHardTCP.asp
Network Programming for Windows by Anthony Jones and Jim Ohlund (Microsoft Press, 1999)
Hack Proofing Your Network: Internet Trade Craft by Ryan Russell and Stace Cunningham (Syngress Publishing, 2000)
System Scanner from Internet Security Systems, Inc., at http://www.iss.net
The proDETECT tool at http://sourceforge.net/projects/prodetect
Information about NetMon can be found at http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/cdetect.htm
Network sniffers for penetration testing:
Ethereal | |
Microsoft Network Monitor Capture Utility | http://support.microsoft.com/default.aspx?scid=kb;EN-US;310875 |
Microsoft Network Monitor | http://support.microsoft.com/default.aspx?scid=kb;en-us;294818 |
Network Associates Technology, Inc. Sniffer | |
Tcpdump | |
WinDump |
The dsniff suite can be found at http://monkey.org/~dugsong/dsniff
The ifstatus tool by David Curry at http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ifstatus/ifstatus-4.0.tar.gz
An article in Phrack 11, "The Electronic Serial Number: a Cellular ’Sieve’? ’Spoofers’ Can Defraud Users and Carriers," can be found at http://www.phrack.org/show.php?p=11&a=9
Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw—By the Man Who Did It by Tsutomu Shimomura and John Markoff (contributor) (Hyperion Press, 1996)
CERT summary about e-mail spoofing at http://www.cert.org/tech_tips/email_spoofing.html
Overview of DNS attacks of all kinds by Doug Sax in an article at http://www.giac.org/practical/gsec/Doug_Sax_GSEC.pdf
Tsutomu Shimomura’s article at http://www.gulker.com/ra/hack/tsattack.html
Steve Bellovin’s paper entitled "Security Problems in the TCP/IP Protocol Suite" at http://www.research.att.com/~smb/papers/ipext.pdf
Hack Proofing Your Networking: Internet Tradecraft by Ryan Russell and Stace Cunningham (Syngress Publishing, 2000)
"How To: Harden the TCP/IP Stack" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/HTHardTCP.asp
An article about attacking Linux kernels by Halflife for Phrack magazine at http://www.phrack.org/phrack/50/P50-05
An article about hijacking a user session on a UNIX host by Orabidoo for Phrack magazine issue at http://www.phrack.org/phrack/51/P51-05
UNIX Network Programming, Volume 1: The Sockets Networking API, Third Edition, by W. Richard Stevens (Addison-Wesley, 2003)
The Sysinternals, Inc., tool Streams.exe at http://www.sysinternals.com/ntw2k/source/misc.shtml#streams
Tools for detecting steganography schemes at http://www.outguess.org/detection.php
"Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection" by Thomas H. Ptacek and Timothy N. Newsham at http://www.securityfocus.com/library/745
"IDS Evasion Techniques and Tactics" at http://www.securityfocus.com/infocus/1577
Information about NTFS file streams at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/file_streams.asp
Information about files and clusters at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/files_and_clusters.asp
United States government standards on the display of data sources at http://www.dss.mil/isec/nispom.htm
Robert Graham’s website at http://www.robertgraham.com/
"Security Code Review" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod94.asp
"Cross-Site Scripting Overview" at http://www.microsoft.com/technet/security/news/csoverv.mspx
"Quick Start: What Customers Can Do to Protect Themselves from Cross-Site Scripting" at http://www.microsoft.com/technet/security/news/crsstqs.mspx
Writing Secure Code, Second Edition, by Michael Howard and David LeBlanc (Microsoft Press, 2003)
Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw (Addison-Wesley, 2001)
NetCraft Ltd.’s Webserver Search tool at http://www.netcraft.com
Microsoft Security Bulletin MS03-003 at http://www.microsoft.com/technet/security/bulletin/ms03-003.mspx
Secunia Advisory 9729 at http://www.secunia.com/advisories/9729
Microsoft Security Bulletin Search website at http://www.microsoft.com/technet/security/current.aspx
Information about the LoveLetter worm at http://www.microsoft.com/technet/security/topics/virus/vbslvltr.mspx
Microsoft Knowledge Base Article 823166 at http://support.microsoft.com/default.aspx?scid=kb;en-us;823166
Exchange Server 2003 Security Hardening Guide at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exsecure.mspx
Microsoft Security Bulletin MS03-046 at http://www.microsoft.com/technet/security/bulletin/MS03-046.mspx
Microsoft Baseline Security Analzyer (MBSA) tool at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/mbsahome.asp
"Finding unwanted e-mail (spam)" article at http://www.microsoft.com/security/articles/spam.asp
"Outlook 2003 Junk E-Mail Filter" article at http://www.microsoft.com/office/outlook/prodinfo/filter.mspx
"Antispam Capabilities in Exchange 2003" article at http://www.microsoft.com/exchange/techinfo/security/antispam.asp
Chapter 4, "Hardening Domain Controllers," in the Windows Server 2003 Security Guide at http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch04.mspx
Windows Server 2003 Resource Kit tools at http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96eeb18c4790cffd&displaylang=en
"Password Filter Programming Considerations" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/password_filter_programming_considerations.asp
"How to Prevent Windows from Storing a LAN Manager Hash of Your Password in Active Directory and Local SAM Databases" at http://support.microsoft.com/default.aspx?scid=kb;en-us;299656&sd=tech
Windows Update website at http://windowsupdate.microsoft.com
MBSA can be downloaded from http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Windows Server 2003 Security Guide can be downloaded from http://go.microsoft.com/fwlink/?LinkId=14846
VPN Consortium website at http://www.vpnc.org/vpn-technologies.pdf
"Internet Authentication Service for Windows 2000" article at http://www.microsoft.com/technet/prodtechnol/windows2000serv/evaluate/featfunc/ias.mspx
Building Internet Firewalls, Second Edition, by Zwicky, Cooper, and Chapman (O’Reilly, 2000)
3.147.104.120