DOCSLIB.ORG

A Forensic Web Log Analysis Tool: Techniques And

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Forensic Web Log Analysis Tool: Techniques And A FORENSIC WEB LOG ANALYSIS TOOL: TECHNIQUES AND IMPLEMENTATION Ann Fry A thesis in The Department of Concordia Institute for Information Systems Engineering Presented in Partial Fulfillment of the Requirements For the Degree of Master of Information Systems Security Concordia University Montreal,´ Quebec,´ Canada September 2011 c Ann Fry, 2011 Concordia University School of Graduate Studies This is to certify that the thesis prepared By: Ann Fry Entitled: A Forensic Web Log Analysis Tool: Techniques and Implementa- tion and submitted in partial fulfillment of the requirements for the degree of Master of Information Systems Security complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining commitee: Chair Dr. Benjamin Fung External Examiner Dr. Otmane Ait-Mohamed Examiner Dr. Amir Youssef Supervisor Dr. Mourad Debbabi Approved Dr. Mourad Debbabi Chair of Department or Graduate Program Director 20 Dr. Nabil Esmail, Dean Faculty of Engineering and Computer Science Abstract A Forensic Web Log Analysis Tool: Techniques and Implementation Ann Fry Methodologies presently in use to perform forensic analysis of web applications are decidedly lacking. Although the number of log analysis tools available is exceedingly large, most only employ simple statistical analysis or rudimentary search capabilities. More precisely these tools were not designed to be forensically capable. The threat of online assault, the ever growing reliance on the performance of necessary services conducted online, and the lack of efficient forensic methods in this area provide a background outlining the need for such a tool. The culmination of study emanating from this thesis not only presents a forensic log analysis framework, but also outlines an innovative methodology of analyzing log files based on a concept that uses regular expressions, and a variety of solutions to problems associated with existing tools. The implementation is designed to detect critical web application security flaws gleaned from event data contained within the access log files of the underlying Apache Web Service (AWS). Of utmost importance to a forensic investigator or incident responder is the generation of an event timeline preceeding the incident under investigation. Regular expressions power the search capability of our framework by enabling the detection of a variety of injection-based attacks that represent significant timeline interactions. The knowledge of the underlying event structure of each access log entry is essential to efficiently parse log files and determine timeline interactions. Another feature added to our tool includes the ability to modify, remove, or add regular expressions. This feature addresses the need for investigators to adapt the environment to include investigation specific queries along with suggested default signatures. The regular expressions are signature definitions used to detect attacks toward both applications whose functionality requires a web service and the service itself. The tool provides a variety of default vulnerability signatures to scan for and outputs resulting detections. iii Acknowledgments I would like to thank Dr. Mourad Debbabi, my advisor, for his continuous support and invaluable guidance throughout my academic program. He welcomed me to the Forensics research team in September of 2006. He gave me the freedom to pursue independent ideas, while challenging me with “why, what, how” from time to time to help me clarify my mind. My appreciation extends to the members on my graduation committee: Dr. Amir Youssef, Dr. Otmane Ait-Mohamed, and Dr. Benjamin Fung. Their valuable suggestions helped enhance the content of this thesis. My sincere thanks to my fellow researchers: Adam, Marc-Andre, Nadia, Hatim (R.I.P.), Asaad and Ali. I would also like to thank in particular Lehan Meng for assistance completing the finishing touches on the implementation, reference checking and an effective user guide. Special appreciation is extended to Yosr Jarraya for assistance in corrections and revisions. Special thanks go to Emerson, Simon, Ali, Simsong, Metr0, gdead, Moose and Daemons. Finally and most importantly, my deepest appreciation goes to my parents and my family, without whose support this would not have been possible. Mom, Dad, Tricia, Mike, Joey, Liam and Elliot; the furry members, Luna, Sunshine, Murphy, Merlin, Nexus (R.I.P.) and Orion (R.I.P.); I love you. Many thanks to them for their continuous support, understanding, licks and nudges of encouragement insisting that I get back to work. iv Contents List of Figures xi List of Tables xii Glossary xiv Acronyms xvi 1 Introduction 1 1.1Motivations......................................... 1 1.2ProblemStatement..................................... 4 1.3Objectives.......................................... 5 1.4Contributions........................................ 5 1.5Organization........................................ 7 2 Preliminaries 8 2.1LogAnalysis........................................ 8 2.2WebApplications...................................... 10 2.2.1 ClientSide..................................... 11 2.2.2 ServerSide..................................... 15 2.3OtherApplications..................................... 30 v 2.3.1 Gateway....................................... 30 2.3.2 Tunnels . ..................................... 31 2.3.3 Agents........................................ 32 2.3.4 Caches........................................ 33 2.3.5 Proxies....................................... 33 2.3.6 RetailWebsites................................... 34 2.3.7 BankingandE-Commerce............................. 35 2.3.8 Online E-Mail, Social Networking, Web Logs, and Interactive Information Sites 35 2.3.9 CorporateDevelopedIntranetorVendorSuppliedApplications........ 37 2.4RegularExpressions.................................... 38 2.4.1 Syntax........................................ 39 2.4.2 Regular Expression Control Sequences . ..................... 46 2.5Summary.......................................... 48 3 Log Analysis Tools 50 3.1ApplicationSpecificLogAnalysisTools......................... 51 3.1.1 AcctandAcctsum................................. 51 3.1.2 Analog........................................ 52 3.1.3 Anteater....................................... 52 3.1.4 AWStats...................................... 53 3.1.5 BreadboardBIWebAnalytics.......................... 54 3.1.6 Calamaris...................................... 55 3.1.7 Chklogs....................................... 55 3.1.8 COREWisdom................................... 56 3.1.9 EventLogAnalyzer................................. 56 vi 3.1.10FtpweblogandWwwstat............................. 57 3.1.11 Funnel WebR Analyzer.............................. 57 3.1.12Http-analyze.................................... 58 3.1.13Logjam....................................... 58 3.1.14 Logparser ...................................... 59 3.1.15Lire......................................... 60 3.1.16 Logrep ........................................ 60 3.1.17 Logstalgia ...................................... 60 3.1.18Mywebalizer.................................... 61 3.1.19OpenWebAnalytics................................ 61 3.1.20Pyflag........................................ 62 3.1.21Sawmill....................................... 62 3.1.22SquidjandScansquidlog.............................. 63 3.1.23 Swatch, Logsurfer and Tenshi ........................... 64 3.1.24Visitors....................................... 66 3.1.25Weblogmon..................................... 67 3.2LogAnalysisDevelopmentFrameworks......................... 67 3.2.1 Apachedb, mod log sql andtheApache::DBProject.............. 67 3.2.2 CascadeSoftwarePackages............................ 68 3.2.3 CrystalReports................................... 69 3.2.4 JasperReports................................... 70 3.2.5 SimpleEventCorrelator(SEC).......................... 70 3.3IntrusionDetectionandIntegrityMonitoringTools................... 71 3.3.1 ArcSight Logger and ArcSight ESM ....................... 72 vii 3.3.2 Guard26....................................... 73 3.3.3 OsirisandSamhain................................ 73 3.3.4 OSSec........................................ 75 3.3.5 Snort........................................ 75 3.3.6 Splunk........................................ 76 3.4Conclusion......................................... 77 4 Attack Detection Using Regular Expressions 83 4.1ExploitingWebApplications............................... 84 4.2Methodology........................................ 84 4.3InjectionAttacks...................................... 85 4.3.1 Protocol-RelatedInjection............................. 85 4.3.2 SQLInjection.................................... 87 4.3.3 OperatingSystemCommandInjection...................... 89 4.3.4 Local or Remote File Inclusion .......................... 93 4.4CrossSiteRequestForgery................................ 96 4.4.1 DetectsURL-,Name-,JSON,andReferrer-ContainedPayloads........ 97 4.5CrossSiteScripting.................................... 99 4.5.1 XML-JavascriptDOM,PropertiesorMethods................. 100 4.5.2 JavascriptConcatenationPatterns........................ 102 4.5.3 DetectsJavaScriptObfuscatedbyBaseEncoding................ 102 4.5.4 DetectsHTMLBreakingInjection........................ 103 4.5.5 AttributeBreakingInjections........................... 104 4.5.6 VBScriptInjection................................. 105 4.6DenialofService.....................................
Load more

Recommended publications
  • Integrity Checking of Operating Systems with Respect to Kernel Level Malware”
    To Bianca, for being who you are. Abstract Kernel-mode rootkits have gained a considerable momentum within the blackhat com- munity. They represent a considerable threat to any computer system, as they pro- vide an intruder with the ability to hide the presence of his malicious activity. These rootkits make changes to the operating system’s kernel, thereby providing particularly stealthy hiding techniques. Considering the kernel rootkit threat and other threats, the collection of reliable information from a compromised system becomes a central problem within the domain of computer security. This thesis addresses this problem. It looks at the possibility of using virtualization as a means to facilitate kernel-mode rootkit detection through integrity checking. The thesis describes several areas within the Linux kernel, which are commonly subverted by kernel-mode rootkits. It introduces the reader to the concept of virtual- ization and describes several technologies employing virtualization. The kernel-mode rootkit threat is then addressed through a description of their hiding methodologies. Some of the existing methods for malware detection are also addressed and analysed. A number of general requirements, which need to be satisfied by a general model enabling kernel-mode rootkit detection, are identified. A model addressing these requirements is suggested, and a framework implementing the model is set-up. The detection capabilities of the framework are tested on a couple of rootkits. iii Preface This report presents the results of my master thesis “Integrity checking of operating systems with respect to kernel level malware”. It is written as part of the Master de- gree (Sivilingeniør) in Computer Science at the Norwegian University of Science and Technology (NTNU), during Spring 2005.
    [Show full text]
  • How to Secure Your Web Site Picked up SQL Injection and Cross-Site Scripting As Sample Cases of Failure Because These Two Are the Two Most Reported Vulnerabilities
    How to Secure your Website rd 3 Edition Approaches to Improve Web Application and Web Site Security June 2008 IT SECURITY CENTER (ISEC) INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN This document is a translation of the original Japanese edition. Please be advises that most of the references referred in this book are offered in Japanese only. Both English and Japanese edition are available for download at: http://www.ipa.go.jp/security/english/third.html (English web page) http://www.ipa.go.jp/security/vuln/websecurity.html (Japanese web page) Translated by Hiroko Okashita (IPA), June 11 2008 Contents Contents ......................................................................................................................................... 1 Preface ........................................................................................................................................... 2 Organization of This Book ........................................................................................................... 3 Intended Reader ......................................................................................................................... 3 Fixing Vulnerabilities – Fundamental Solution and Mitigation Measure - .................................... 3 1. Web Application Security Implementation ............................................................................... 5 1.1 SQL Injection .................................................................................................................... 6 1.2
    [Show full text]
  • Specification for JSON Abstract Data Notation Version
    Standards Track Work Product Specification for JSON Abstract Data Notation (JADN) Version 1.0 Committee Specification 01 17 August 2021 This stage: https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.md (Authoritative) https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.html https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.pdf Previous stage: https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02.md (Authoritative) https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02.html https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02.pdf Latest stage: https://docs.oasis-open.org/openc2/jadn/v1.0/jadn-v1.0.md (Authoritative) https://docs.oasis-open.org/openc2/jadn/v1.0/jadn-v1.0.html https://docs.oasis-open.org/openc2/jadn/v1.0/jadn-v1.0.pdf Technical Committee: OASIS Open Command and Control (OpenC2) TC Chair: Duncan Sparrell ([email protected]), sFractal Consulting LLC Editor: David Kemp ([email protected]), National Security Agency Additional artifacts: This prose specification is one component of a Work Product that also includes: JSON schema for JADN documents: https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/schemas/jadn-v1.0.json JADN schema for JADN documents: https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/schemas/jadn-v1.0.jadn Abstract: JSON Abstract Data Notation (JADN) is a UML-based information modeling language that defines data structure independently of data format.
    [Show full text]
  • Other Topics 1 Other Topics
    Other topics 1 Other topics 1 Other topics 15 Feb 2014 1 1.1 Description 1.1 Description Where to learn more about other topics that are useful for mod_perl developers and users. 1.2 Perl The Perl Documentation http://perldoc.perl.org/ The Perl Home Page http://www.perl.com/ The Perl Monks http://www.perlmonks.org/ What Perl Monks is: Our attempt to make learning Perl as nonintimidating and easy to use as possi- ble. A place for you and others to polish, improve, and showcase your Perl skills. A community which allows everyone to grow and learn from each other. The Perl Journal http://www.tpj.com/ The Perl Review http://theperlreview.com/ The Perl Review is a magazine for the Perl community by the Perl community produced with open source tools. CPAN - Comprehensive Perl Archive Network http://cpan.org and http://search.cpan.org/ Perl Module Mechanics http://world.std.com/~swmcd/steven/perl/module_mechanics.html - This page describes the mechan- ics of creating, compiling, releasing and maintaining Perl modules. Creating (and Maintaining) Perl Modules http://www.mathforum.com/~ken/perl_modules.html XS tutorials 2 15 Feb 2014 Other topics 1.3 Perl/CGI Perl manpages: perlguts, perlxs, and perlxstut manpages. Dean Roehrich’s XS CookBookA and CookBookB http://search.cpan.org/search?dist=CookBookA http://search.cpan.org/search?dist=CookBookB a series of articles by Steven McDougall: http://world.std.com/~swmcd/steven/perl/pm/xs/intro/index.html http://world.std.com/~swmcd/steven/perl/pm/xs/concepts.html http://world.std.com/~swmcd/steven/perl/pm/xs/tools/index.html http://world.std.com/~swmcd/steven/perl/pm/xs/modules/modules.html http://world.std.com/~swmcd/steven/perl/pm/xs/nw/NW.html Advanced Perl Programming By Sriram Srinivasan.
    [Show full text]
  • Understanding JSON Schema Release 2020-12
    Understanding JSON Schema Release 2020-12 Michael Droettboom, et al Space Telescope Science Institute Sep 14, 2021 Contents 1 Conventions used in this book3 1.1 Language-specific notes.........................................3 1.2 Draft-specific notes............................................4 1.3 Examples.................................................4 2 What is a schema? 7 3 The basics 11 3.1 Hello, World!............................................... 11 3.2 The type keyword............................................ 12 3.3 Declaring a JSON Schema........................................ 13 3.4 Declaring a unique identifier....................................... 13 4 JSON Schema Reference 15 4.1 Type-specific keywords......................................... 15 4.2 string................................................... 17 4.2.1 Length.............................................. 19 4.2.2 Regular Expressions...................................... 19 4.2.3 Format.............................................. 20 4.3 Regular Expressions........................................... 22 4.3.1 Example............................................. 23 4.4 Numeric types.............................................. 23 4.4.1 integer.............................................. 24 4.4.2 number............................................. 25 4.4.3 Multiples............................................ 26 4.4.4 Range.............................................. 26 4.5 object................................................... 29 4.5.1 Properties...........................................
    [Show full text]
  • Efficient Sorting of Search Results by String Attributes
    Efficient sorting of search results by string attributes Nicholas Sherlock Andrew Trotman Department of Computer Science Department of Computer Science University of Otago University of Otago Otago 9054 New Zealand Otago 9054 New Zealand [email protected] [email protected] Abstract It is sometimes required to order search In addition, the search engine must allocate memory results using textual document attributes such as to an index structure which allows it to efficiently re- titles. This is problematic for performance because trieve those post titles by document index, which, using of the memory required to store these long text a simplistic scheme with 4 bytes required per docu- strings at indexing and search time. We create a ment offset, would require an additional 50 megabytes method for compressing strings which may be used of storage. for approximate ordering of search results on textual For search terms which occur in many documents, attributes. We create a metric for analyzing its most of the memory allocated to storing text fields like performance. We then use this metric to show that, post titles must be examined during result list sorting. for document collections containing tens of millions of As 550 megabytes is vastly larger than the cache mem- documents, we can sort document titles using 64-bits ory available inside the CPU, sorting the list of docu- of storage per title to within 100 positions of error per ments by post title requires the CPU to load that data document. from main memory, which adds substantial latency to query processing and competes for memory bandwidth Keywords Information Retrieval, Web Documents, with other processes running on the same system.
    [Show full text]
  • [MS-LISTSWS]: Lists Web Service Protocol
    [MS-LISTSWS]: Lists Web Service Protocol Intellectual Property Rights Notice for Open Specifications Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise or the Microsoft Community Promise. If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected].
    [Show full text]
  • V10.5.0 (2013-07)
    ETSI TS 126 234 V10.5.0 (2013-07) Technical Specification Universal Mobile Telecommunications System (UMTS); LTE; Transparent end-to-end Packet-switched Streaming Service (PSS); Protocols and codecs (3GPP TS 26.234 version 10.5.0 Release 10) 3GPP TS 26.234 version 10.5.0 Release 10 1 ETSI TS 126 234 V10.5.0 (2013-07) Reference RTS/TSGS-0426234va50 Keywords LTE,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]
  • Name Description
    Perl version 5.10.0 documentation - perlnewmod NAME perlnewmod - preparing a new module for distribution DESCRIPTION This document gives you some suggestions about how to go about writingPerl modules, preparing them for distribution, and making them availablevia CPAN. One of the things that makes Perl really powerful is the fact that Perlhackers tend to want to share the solutions to problems they've faced,so you and I don't have to battle with the same problem again. The main way they do this is by abstracting the solution into a Perlmodule. If you don't know what one of these is, the rest of thisdocument isn't going to be much use to you. You're also missing out onan awful lot of useful code; consider having a look at perlmod, perlmodlib and perlmodinstall before coming back here. When you've found that there isn't a module available for what you'retrying to do, and you've had to write the code yourself, considerpackaging up the solution into a module and uploading it to CPAN so thatothers can benefit. Warning We're going to primarily concentrate on Perl-only modules here, ratherthan XS modules. XS modules serve a rather different purpose, andyou should consider different things before distributing them - thepopularity of the library you are gluing, the portability to otheroperating systems, and so on. However, the notes on preparing the Perlside of the module and packaging and distributing it will apply equallywell to an XS module as a pure-Perl one. What should I make into a module? You should make a module out of any code that you think is going to beuseful to others.
    [Show full text]
  • A Brief Study and Comparison Of, Open Source Intrusion Detection System Tools
    International Journal of Advanced Computational Engineering and Networking, ISSN: 2320-2106, Volume-1, Issue-10, Dec-2013 A BRIEF STUDY AND COMPARISON OF, OPEN SOURCE INTRUSION DETECTION SYSTEM TOOLS 1SURYA BHAGAVAN AMBATI, 2DEEPTI VIDYARTHI 1,2Defence Institute of Advanced Technology (DU) Pune –411025 Email: [email protected], [email protected] Abstract - As the world becomes more connected to the cyber world, attackers and hackers are becoming increasingly sophisticated to penetrate computer systems and networks. Intrusion Detection System (IDS) plays a vital role in defending a network against intrusion. Many commercial IDSs are available in marketplace but with high cost. At the same time open source IDSs are also available with continuous support and upgradation from large user community. Each of these IDSs adopts a different approaches thus may target different applications. This paper provides a quick review of six Open Source IDS tools so that one can choose the appropriate Open Source IDS tool as per their organization requirements. Keywords - Intrusion Detection, Open Source IDS, Network Securit, HIDS, NIDS. I. INTRODUCTION concentrate on the activities in a host without considering the activities in the computer networks. Every day, intruders are invading countless homes On the other hand, NIDS put its focus on computer and organisations across the country via virus, networks without examining the hosts’ activities. worms, Trojans, DoS/DDoS attacks by inserting bits Intrusion Detection methodologies can be classified of malicious code. Intrusion detection system tools as Signature based detection, Anomaly based helps in protecting computer and network from a detection and Stateful Protocol analysis based numerous threats and attacks.
    [Show full text]
  • Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense
    Bleed rule--remove from file Bleed rule--remove from file MITRE’s accumulated Ten Strategies of a World-Class Cybersecurity Operations Center conveys MITRE’s expertise on accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities enterprise- grade of leading Cybersecurity Operations Centers (CSOCs), ranging from their structure and organization, computer MITRE network to processes that best enable effective and efficient operations, to approaches that extract maximum defense Ten Strategies of a World-Class value from CSOC technology investments. This book offers perspective and context for key decision Cybersecurity Operations Center points in structuring a CSOC and shows how to: • Find the right size and structure for the CSOC team Cybersecurity Operations Center a World-Class of Strategies Ten The MITRE Corporation is • Achieve effective placement within a larger organization that a not-for-profit organization enables CSOC operations that operates federally funded • Attract, retain, and grow the right staff and skills research and development • Prepare the CSOC team, technologies, and processes for agile, centers (FFRDCs). FFRDCs threat-based response are unique organizations that • Architect for large-scale data collection and analysis with a assist the U.S. government with limited budget scientific research and analysis, • Prioritize sensor placement and data feed choices across development and acquisition, enteprise systems, enclaves, networks, and perimeters and systems engineering and integration. We’re proud to have If you manage, work in, or are standing up a CSOC, this book is for you. served the public interest for It is also available on MITRE’s website, www.mitre.org. more than 50 years.
    [Show full text]
  • Minimal Perl for UNIX and Linux People
    Minimal Perl For UNIX and Linux People BY TIM MAHER MANNING Greenwich (74° w. long.) For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact: Special Sales Department Manning Publications Co. Cherokee Station PO Box 20386 Fax: (609) 877-8256 New York, NY 10021 email: [email protected] ©2007 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Manning Publications Co. Copyeditor: Tiffany Taylor 209 Bruce Park Avenue Typesetters: Denis Dalinnik, Dottie Marsico Greenwich, CT 06830 Cover designer: Leslie Haimes ISBN 1-932394-50-8 Printed in the United States of America 12345678910–VHG–1009080706 To Yeshe Dolma Sherpa, whose fortitude, endurance, and many sacrifices made this book possible. To my parents, Gloria Grady Washington and William N. Maher, who indulged my early interests in literature. To my limbic system, with gratitude for all the good times we’ve had together.
    [Show full text]