DOCSLIB.ORG

Network Security Hacks 2Nd Edition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network Security Hacks 2Nd Edition NETWORK SECURITY HACKSTM Other computer security resources from O’Reilly Related titles Wireless Hacks Linux Server Hacks BSD Hacks Linux Server Hacks, Knoppix Hacks Volume 2 Ubuntu Hacks Linux Multimedia Hacks Linux Desktop Hacks Windows XP Hacks Windows Server Hacks Hacks Series Home hacks.oreilly.com is a community site for developers and power users of all stripes. Readers learn from each other as they share their favorite tips and tools for Mac OS X, Linux, Google, Windows XP, and more. Security Books security.oreilly.com is a complete catalog of O’Reilly’s Resource Center books on security and related technologies, including sample chapters and code examples. oreillynet.com is the essential portal for developers inter- ested in open and emerging technologies, including new platforms, programming languages, and operating systems. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We special- ize in documenting the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit conferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online reference library for programmers and IT professionals. Conduct searches across more than 1,000 books. Sub- scribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Book- shelf from cover to cover or simply flip to the page you need. Try it today for free. SECOND EDITION NETWORK SECURITY HACKSTM Andrew Lockhart Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Network Security Hacks™, Second Edition by Andrew Lockhart Copyright © 2007, 2004 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Brian Sawyer Cover Designer: Karen Montgomery Production Editor: Philip Dangler Interior Designer: David Futato Copyeditor: Rachel Wheeler Illustrators: Robert Romano Indexer: Ellen Troutman-Zaig and Jessamyn Read Printing History: April 2004: First Edition. November 2006: Second Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Hacks series designations, Network Security Hacks, the image of barbed wire, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. Small print: The technologies discussed in this publication, the limitations on these technologies that technology and content owners seek to impose, and the laws actually limiting the use of these technologies are constantly changing. Thus, some of the hacks described in this publication may not work, may cause unintended harm to systems on which they are used, or may not be consistent with applicable user agreements. Your use of these hacks is at your own risk, and O’Reilly Media, Inc. disclaims responsibility for any damage or expense resulting from their use. In any event, you should take care that your use of these hacks does not violate any applicable laws, including copyright laws. This book uses RepKover™, a durable and flexible lay-flat binding. ISBN 10: 0-596-52763-2 ISBN 13: 978-0-596-52763-1 [C] Contents Credits . xi Preface . xv Chapter 1. Unix Host Security . 1 1. Secure Mount Points 2 2. Scan for SUID and SGID Programs 3 3. Scan for World- and Group-Writable Directories 5 4. Create Flexible Permissions Hierarchies with POSIX ACLs 5 5. Protect Your Logs from Tampering 9 6. Delegate Administrative Roles 11 7. Automate Cryptographic Signature Verification 13 8. Check for Listening Services 15 9. Prevent Services from Binding to an Interface 17 10. Restrict Services with Sandboxed Environments 19 11. Use proftpd with a MySQL Authentication Source 23 12. Prevent Stack-Smashing Attacks 26 13. Lock Down Your Kernel with grsecurity 28 14. Restrict Applications with grsecurity 33 15. Restrict System Calls with systrace 36 16. Create systrace Policies Automatically 39 17. Control Login Access with PAM 41 18. Restrict Users to SCP and SFTP 46 19. Use Single-Use Passwords for Authentication 49 20. Restrict Shell Environments 52 v 21. Enforce User and Group Resource Limits 54 22. Automate System Updates 55 Chapter 2. Windows Host Security . 58 23. Check Servers for Applied Patches 59 24. Use Group Policy to Configure Automatic Updates 63 25. List Open Files and Their Owning Processes 66 26. List Running Services and Open Ports 68 27. Enable Auditing 69 28. Enumerate Automatically Executed Programs 71 29. Secure Your Event Logs 73 30. Change Your Maximum Log File Sizes 73 31. Back Up and Clear the Event Logs 75 32. Disable Default Shares 78 33. Encrypt Your Temp Folder 79 34. Back Up EFS 80 35. Clear the Paging File at Shutdown 86 36. Check for Passwords That Never Expire 88 Chapter 3. Privacy and Anonymity . 91 37. Evade Traffic Analysis 91 38. Tunnel SSH Through Tor 95 39. Encrypt Your Files Seamlessly 96 40. Guard Against Phishing 100 41. Use the Web with Fewer Passwords 105 42. Encrypt Your Email with Thunderbird 107 43. Encrypt Your Email in Mac OS X 112 Chapter 4. Firewalling . 117 44. Firewall with Netfilter 117 45. Firewall with OpenBSD’s PacketFilter 122 46. Protect Your Computer with the Windows Firewall 128 47. Close Down Open Ports and Block Protocols 137 48. Replace the Windows Firewall 139 49. Create an Authenticated Gateway 147 50. Keep Your Network Self-Contained 149 vi | Contents 51. Test Your Firewall 151 52. MAC Filter with Netfilter 154 53. Block Tor 156 Chapter 5. Encrypting and Securing Services . 158 54. Encrypt IMAP and POP with SSL 158 55. Use TLS-Enabled SMTP with Sendmail 161 56. Use TLS-Enabled SMTP with Qmail 163 57. Install Apache with SSL and suEXEC 164 58. Secure BIND 169 59. Set Up a Minimal and Secure DNS Server 172 60. Secure MySQL 176 61. Share Files Securely in Unix 178 Chapter 6. Network Security . 183 62. Detect ARP Spoofing 184 63. Create a Static ARP Table 186 64. Protect Against SSH Brute-Force Attacks 188 65. Fool Remote Operating System Detection Software 190 66. Keep an Inventory of Your Network 194 67. Scan Your Network for Vulnerabilities 197 68. Keep Server Clocks Synchronized 207 69. Create Your Own Certificate Authority 209 70. Distribute Your CA to Clients 213 71. Back Up and Restore a Certificate Authority with Certificate Services 214 72. Detect Ethernet Sniffers Remotely 221 73. Help Track Attackers 227 74. Scan for Viruses on Your Unix Servers 229 75. Track Vulnerabilities 233 Chapter 7. Wireless Security . 236 76. Turn Your Commodity Wireless Routers into a Sophisticated Security Platform 236 77. Use Fine-Grained Authentication for Your Wireless Network 240 78. Deploy a Captive Portal 244 Contents | vii Chapter 8. Logging . 250 79. Run a Central Syslog Server 251 80. Steer Syslog 252 81. Integrate Windows into Your Syslog Infrastructure 254 82. Summarize Your Logs Automatically 262 83. Monitor Your Logs Automatically 263 84. Aggregate Logs from Remote Sites 266 85. Log User Activity with Process Accounting 272 86. Centrally Monitor the Security Posture of Your Servers 273 Chapter 9. Monitoring and Trending . 282 87. Monitor Availability 283 88. Graph Trends 291 89. Get Real-Time Network Stats 293 90. Collect Statistics with Firewall Rules 295 91. Sniff the Ether Remotely 297 Chapter 10. Secure Tunnels . 301 92. Set Up IPsec Under Linux 301 93. Set Up IPsec Under FreeBSD 306 94. Set Up IPsec in OpenBSD 309 95. Encrypt Traffic Automatically with Openswan 314 96. Forward and Encrypt Traffic with SSH 316 97. Automate Logins with SSH Client Keys 318 98. Use a Squid Proxy over SSH 320 99. Use SSH As a SOCKS Proxy 322 100. Encrypt and Tunnel Traffic with SSL 324 101. Tunnel Connections Inside HTTP 327 102. Tunnel with VTun and SSH 329 103. Generate VTun Configurations Automatically 334 104. Create a Cross-Platform VPN 339 105. Tunnel PPP 345 viii | Contents Chapter 11. Network Intrusion Detection . 348 106. Detect Intrusions with Snort 349 107. Keep Track of Alerts 353 108. Monitor Your IDS in Real Time 356 109. Manage a Sensor Network 363 110. Write Your Own Snort Rules 370 111. Prevent and Contain Intrusions with Snort_inline 377 112. Automatically Firewall Attackers with SnortSam 380 113. Detect Anomalous Behavior 384 114. Automatically Update Snort’s Rules 385 115. Create a Distributed Stealth Sensor Network 388 116. Use Snort in High-Performance Environments with Barnyard 389 117. Detect and Prevent Web Application Intrusions 392 118. Scan Network Traffic for Viruses 397 119. Simulate a Network of Vulnerable Hosts 400 120. Record Honeypot Activity 407 Chapter 12. Recovery and Response . 413 121. Image Mounted Filesystems 413 122. Verify File Integrity and Find Compromised Files 415 123. Find Compromised Packages 420 124. Scan for Rootkits 422 125. Find the Owner of a Network 425 Index . 429 Contents | ix 0 Credits About the Author AndrewLockhart is originally from South Carolina but currently resides in northern Colorado, where he spends his time trying to learn the black art of auditing disassembled binaries and trying to keep from freezing to death.
Load more

Recommended publications
  • Game Hacking 101
    6627ch02.qxd_lb 6/22/07 7:31 AM Page 19 2 Game Hacking 101 oftware piracy has long been a problem in the computer games busi- Sness—ever since games moved from stand-alone machines in the 1970s to PCs in the 1980s. Game makers, justifiably, have gone to great lengths to thwart piracy. In the past, game makers added various countermeasures to their software to make games harder to crack. The main purpose was to prevent rampant copying so that people who wanted to play the game had to buy it. In the end, these games were always cracked—but in some cases, the countermeasures delayed the release of a cracked version by days or even weeks. This delay earned real revenue for the game companies because delaying a crack for even a week translated into hundreds of thousands of dollars. Antipiracy countermeasures made some economic sense in the over-the- counter paradigm, in which a gamer purchased a copy of the game from a retailer and installed the copy locally on his or her PC. But things have changed. Many modern games have moved online, and with the advent of game consoles connected to the Internet, this trend is likely to accelerate.1 That means companies now have two revenue sources to protect: the 1. The hugely popular Nintendo Wii, which debuted in late 2006, will certainly accelerate this trend. 19 6627ch02.qxd_lb 6/22/07 7:31 AM Page 20 20 Chapter 2 Game Hacking 101 original game price in the retail channel, and a monthly subscription revenue stream for online access.
    [Show full text]
  • America's Cyber Future Security and Prosperity in the Information
    America’s Cyber Future JUNE 2011 Security and Prosperity in the Information Age VOLUME II Edited by Kristin M. Lord and Travis Sharp Contributors: Robert E. Kahn, Mike McConnell, Joseph S. Nye, Jr. and Peter Schwartz (co-chairs); Nova J. Daly, Nathaniel Fick, Martha Finnemore, Richard Fontaine, Daniel E. Geer Jr., David A. Gross, Jason Healey, James A. Lewis, Kristin M. Lord, M. Ethan Lucarelli, Thomas G. Mahnken, Gary McGraw, Roger H. Miksad, Gregory J. Rattray, Will Rogers, Christopher M. Schroeder and Travis Sharp Acknowledgments The authors would like to thank the more than 200 people who generously contributed their time and expertise to this proj- ect. We are especially indebted to our co-chairs Bob Kahn, Mike McConnell, Joe Nye and Peter Schwartz for their tremendous support and guidance over the past year. We also thank our contributing authors for producing such insightful essays. We are particularly grateful to the many people who reviewed drafts of the papers included in this volume, including Irv Lachow, James Mulvenon, Charles Dunlap, Eric Rosenbach, Jeff Lord, Tom Gjelten, Greg Rattray, David Asher, Jeff Pryce, Andrew Lewman, Daniel Calingeart, David Gross, Nova Daly and several anonymous reviewers. In addition, we wish to thank the dozens of dedicated professionals in the U.S. government, armed services and private sector who candidly shared their perspectives. We also thank Global Business Network for hosting a workshop in San Francisco in February 2011, as well as the many technologists and other experts who attended. Peter Schwartz, David Babington and Audrey Plonk deserve special recognition for making the workshop a success.
    [Show full text]
  • APPLICATION of PASSIVE SONAR TECHNOLOGY to MINERALS PROCESSING and OIL SANDS APPLICATIONS “If You Can Measure It, You Can Manage It.”
    APPLICATION OF PASSIVE SONAR TECHNOLOGY TO MINERALS PROCESSING AND OIL SANDS APPLICATIONS “If you can measure it, you can manage it.” DR. CHRISTIAN O’KEEFE Principal Engineer, Business Development – Minerals Processing CiDRA Corporation Wallingford, CT 06492 PH: 203-626-3393 [email protected] JOHN VIEGA Vice President, Business Development – Oil Sands CiDRA Corporation Wallingford, CT 06492 PH: 203-626-3373 [email protected] MARK FERNALD Vice President, Product Realization CiDRA Corporation Wallingford, CT 06492 PH: 203-626-3339 [email protected] Key Words: Flowmeter, gas holdup, gas void fraction, slurries, oil sands, magnetite, acid, flow rate BI0285 Rev. A - 1 – Presented at CMP 2007, January 24, 2007 Ottawa, ON ABSTRACT In this presentation, the SONARtrac™ technology platform will be described. CiDRA's proprietary clamp-on, passive sonar array-based flow meter technology performs two independent measurements – flow rate and fluid characterization. Firstly, the meter provides the volumetric flow rate of the mixture by measuring the speed at which naturally occurring turbulent structures convect with the flow past an axial array of sensors. Secondly, the meter uses similar sonar-based processing techniques and naturally occurring sound in the process fluid to measure entrained air levels. The result is a unique ability to measure the flow rate and entrained air level of most fluids – clean liquids, high solids content slurries, and liquids and slurries with entrained air. Also to be presented is the application of the sonar-based technology platform in a variety of oil sands processes, hydrotransport, and minerals beneficiation applications. In particular, difficult slurry flow measurement and control in the areas of comminution and flotation such as mill discharge, hydrocyclone feed/overflow, final concentrate, thickener discharge, and tailings will be discussed.
    [Show full text]
  • Federal Grant of $32000 Goes to Township Health
    THE MIDDLESEX COUNTY o o TOP' COURAGE Leader-Press and Leader Shoppet —top circulation coverage in >«5 00 Woodbridge area. Serving Woodbridge Township, Carterei and Edison Woodbridge, N. J., Thursday, July 13, 1967 PnMlihtd Wwkly On Thuraday •*ar TEN CENTS FOUR NEW COPS APPOINTED; Federal Grant Of $32,000 Goes Present Civil Service List Exhausted; Police To Township Health Department Head Seeks Examination WOODBRlPfiK - Four men or High School. He graduated ic Film Corporation, Linden, at Tor Adult Health Maintenance' worn appointed to Ihe police de- 1965 from Massanutten Mill present. WOODBRIDGE — A $32,000 grant has been awarded fay the U.S. Depart- pa rlmcnt, today effective Au- ary Academy, Woodstock, Va., A graduate of Woodbridge Se gust 1, hut since one of them is nd attended Pennsylvania Mil- nior High School, class of 1959,, ment of Health, Education and Welfare to Woodbridge Township's Health and in service actually only three tary College, Chester, Pa., for Engel is 26 years old, is married; On Its Way - - Welfare Department, Mayor Ralph Baroone and Dr. Antoine Attalla, head of men will be added to the force year. His Civil Service rat- and the father of a daughter, the Division of Health, announced today. at present. ng was 74.083. three and a half years old. He By RUTH WOLK "Our citizens can be proud of their He alth Department", Dr. Barone said, The four, as listed by Mayor Marine Veteran attended local schools and grad- WOODBRIDGE — Work will start by November 1 on the "because we are one of only four applicants in the entire country who were Ralph P.
    [Show full text]
  • Researching System Administration
    Researching system administration by Eric Arnold Anderson B.S. M.S. Carnegie Mellon University 1994 A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the GRADUATE DIVISION of the UNIVERSITY of CALIFORNIA at BERKELEY Committee in charge: Professor Dave Patterson, Chair Professor Doug Tygar Professor Peter Menell Spring 2002 The dissertation of Eric Arnold Anderson is approved: Chair Date Date Date University of California at Berkeley Spring 2002 Researching system administration Copyright 2002 by Eric Arnold Anderson 1 Abstract Researching system administration by Eric Arnold Anderson Doctor of Philosophy in Computer Science University of California at Berkeley Professor Dave Patterson, Chair System administration is a phenomenally important, yet surprisingly ignored sub-field of Computer Science. We hypothesize that this avoidance is because approaches for perform- ing academic research on system administration problems are not well known. To reduce the difficulty of performing research, we present a small set of principles that can be used to evaluate solutions, a classification of existing research on system administration, and three approaches to research on system administration that we illustrate with the research that we have done. First, we demonstrate the approach of “Let the human handle it” with the CARD clus- ter monitoring system. We show that CARD is more flexible and scalable than earlier approaches. We also show that monitoring is necessary for system administration, but that this research approach is not a complete solution to system administration problems. 2 Second, we demonstrate the approach of “Rewrite everything” with the River I/O pro- gramming infrastructure.
    [Show full text]
  • Beautiful Security
    Beautiful Security Beautiful Security Edited by Andy Oram and John Viega Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo Beautiful Security Edited by Andy Oram and John Viega Copyright © 2009 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com/). For more information, contact our corporate/ institutional sales department: 800-998-9938 or [email protected]. Production Editor: Sarah Schneider Indexer: Lucie Haskins Copyeditor: Genevieve d’Entremont Cover Designer: Mark Paglietti Proofreader: Sada Preisch Interior Designer: David Futato Illustrator: Robert Romano Printing History: April 2009: First Edition. O’Reilly and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Beautiful Security, the image of a cactus, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. ISBN: 978-0-596-52748-8 [V] 1239647579 All royalties from this book will be donated to the Internet Engineering Task Force (IETF).
    [Show full text]
  • “LOVING ME and MY BUTTERFLY WINGS:” a STUDY of HIP-HOP SONGS WRITTEN by ADOLESCENTS in MUSIC THERAPY a Dissertation Submitt
    “LOVING ME AND MY BUTTERFLY WINGS:” A STUDY OF HIP-HOP SONGS WRITTEN BY ADOLESCENTS IN MUSIC THERAPY A Dissertation Submitted to the Temple University Graduate Board in Partial Fulfillment of the Requirements for the Degree of DOCTOR OF PHILOSOPHY _______________________________________________________________________ by Michael Viega January 2013 Examining Committee Members: Kenneth Aigen, Advisory Chair, Music Therapy Cheryl Dileo, Music Therapy Edward Flanagan, Music Lisa Kay, Art and Art Education © by Michael D. Viega, 2013 All Rights Reserved i ABSTRACT The aim of this arts-based research study was to experience, analyze, and gain insight into songs written by adolescents who have had adverse childhood experiences and who identify with Hip Hop culture. This study investigated the aesthetic components of eleven songs including their musical elements, the compositional techniques, the affective- intuitive qualities, and the interaction between the music and the lyrics. An arts-based research design, rooted in the ethos of Hip Hop, was employed to gain a holistic understanding of the songs. My artistic encounters and subsequent analyses of the songs revealed the complex inner struggles and developmental challenges for adolescents who have experienced extreme trauma. Three groupings of songs emerged: Songs that Protect Vulnerability, Songs of Abandonment, and Songs of Faith and Love. Each category reflects a different stage of developmental growth for the songwriters. Employing Fowler’s (1981/1995) stages of faith development, a music-centered
    [Show full text]
  • 2011-2012 New Roundabout at Five Corners the Front Cover Photo Is the Roundabout at Routes 74 and 286 Also Referred to As the Five Corners
    town of ANNUAL REPORT 2011-2012 New Roundabout at Five Corners The front cover photo is the Roundabout at Routes 74 and 286 also referred to as the Five Corners. This roundabout intersects Routes 74, 286, Windsorville Road and Skinner Road. It was constructed by the Connecticut Department of Transportation. Construction began in April of 2011 and was completed with landscaping in the spring of 2012. With the installation of the Welcome to Ellington sign, this has become the gateway to the town. The benefits are improved traffic flow and aesthetics. TOP DOG CONTEST TOWN CLERK’S OFFICE Each year the Town Clerk’s Office runs a Top Dog Contest. People send in photographs of their dogs and the pictures are arranged on a poster. Each photo is as-signed a number and this year the Town employees voted on which dog is the Top Dog. We enjoyed all of the pictures! The Top Dog for 2012-2013 is Molly, who is the companion of Anthony and Barbara Moss. The Top Dog gets tag #1 for the year. 1 Table of Contents GENERAL GOVERNMENT ADMINISTRATION RECREATION Board of Selectmen .............................................. 3 Parks and Recreation Commission ……...………....23 Board of Finance ................................................. 5 Town Assessor.................................................... 5 Land Records Inspector ........................................ 6 INFORMATION GUIDE ………………..….….25 Town Engineer ................................................... 6 Finance Officer/Treasurer ..................................... 6 Tax Collector ...................................................
    [Show full text]
  • United States Bankruptcy Court for the District of Delaware
    Case 19-10303-KJC Doc 302 Filed 05/20/19 Page 1 of 326 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE In re: Chapter 11 1515-Geenergy Holding Co. LLC, et al.,1 Case No. 19-10303 (KJC) Debtors. (Jointly Administered) AFFIDAVIT OF SERVICE STATE OF CALIFORNIA } } ss.: COUNTY OF LOS ANGELES } DARLEEN SAHAGUN, being duly sworn, deposes and says: 1. I am employed by Omni Management Group located at 5955 DeSoto Avenue, Suite 100, Woodland Hills, CA 91367. I am over the age of eighteen years and am not a party to the above-captioned action. 2. On May 8, 2019, I caused to be served the: i. Massachusetts Customer Notice Letter Re: Termination of Agreement with Great Eastern Energy and Return to Utility Service2, (“MA Customer Letter”), ii. New Jersey Customer Notice Letter Re: Termination of Agreement with Great Eastern Energy and Return to Utility Service3, (“NJ Customer Letter”), iii. New York Customer Notice Letter Re: Termination of Agreement with Great Eastern Energy and Return to Utility Service4, (“NY Customer Letter”). By causing true and correct copies to be served via first-class mail, postage pre-paid to the names and addresses of the parties listed as follows: I. the MA Customer Letter to those parties on the annexed Exhibit A, II. the NJ Customer Letter to those parties on the annexed Exhibit B, III. the NY Customer Letter to those parties on the annexed Exhibit C, /// 1 The Debtors in these chapter 11 cases, along with the last four digits of each Debtor’s federal tax identification number, include: 1515- Geenergy Holding Co.
    [Show full text]
  • OPINION SECURITY File Systems NETWORKING Columns Book
    August 2010 VOLUME 35 NUMBER 4 OPINION Musings 2 RikR FaR ow SECURITY Making Sense of Logs 8 R oN DiLLEY THE USENIX MAGAZINE Don’t Take LaTeX Files from Strangers 17 STEPHEN CHECKOWAY, HoVaV SHaCHaM, aND ERiC RESCoRLa SymbianS O Platform Security Model 23 B o Li, ELENa RESHEToVa, aND TUoMaS aURa F ILE SYSTEMS Cephs a a Scalable Alternative to the Hadoop Distributed File System 38 CL aR oS M aLTZaHN, ESTEBaN MoLiNa-ESToLaNo, aMaNDEEP kHURaNa, aLEX J. NELS oN, SCoTT a. BRaNDT, aND SaGE wEiL NETWORKING Improving the Performance and Robustness of P2P Live Streaming with Contracts 50 M iCHaEL PiaTEk aND aRViND kRiSHNaMURTHY C OLUMNS Practical Perl Tools: Random Acts of Kindness 56 Da ViD N. BLaNk-EDELMaN Pete’s All Things Sun: The Status of Sun Products 61 P ETER BaER GaLViN iVoyeur: Pockets-o-Packets, Part 2 67 Da VE JoSEPHSEN /dev/random: A Debatably Helpful Guide to IT Disaster Planning 72 Ro BERT G. FERRELL B OOK reVIEWS Book Reviews 74 ELiZabeth ZwiCkY ET aL. useni X NOTES USENIX Lifetime Achievement Award 77 STUG Award 77 USENIX Association Financial Statements for 2009 78 EL L iE YoUNG C ONFERENCES Reportsn o NSDI ’10: 7th USENIX Symposium on Networked Systems Design and Implementation 80 Report on the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET ’10) 94 2010 Internet Network Management Workshop/Workshop on Research on Enterprise Networking (INM/WREN ’10) 101 9th International Workshop on Peer-to-Peer Systems (IPTPS ’10) 105 BSDCan 2010: The Technical BSD Conference 108 The Advanced Computing Systems Association
    [Show full text]
  • America's Cyber Future Security and Prosperity in the Information
    America’s Cyber Future JUNE 2011 Security and Prosperity in the Information Age VOLUME II Edited by Kristin M. Lord and Travis Sharp Contributors: Robert E. Kahn, Mike McConnell, Joseph S. Nye, Jr. and Peter Schwartz (co-chairs); Nova J. Daly, Nathaniel Fick, Martha Finnemore, Richard Fontaine, Daniel E. Geer Jr., David A. Gross, Jason Healey, James A. Lewis, Kristin M. Lord, M. Ethan Lucarelli, Thomas G. Mahnken, Gary McGraw, Roger H. Miksad, Gregory J. Rattray, Will Rogers, Christopher M. Schroeder and Travis Sharp Acknowledgments The authors would like to thank the more than 200 people who generously contributed their time and expertise to this proj- ect. We are especially indebted to our co-chairs Bob Kahn, Mike McConnell, Joe Nye and Peter Schwartz for their tremendous support and guidance over the past year. We also thank our contributing authors for producing such insightful essays. We are particularly grateful to the many people who reviewed drafts of the papers included in this volume, including Irv Lachow, James Mulvenon, Charles Dunlap, Eric Rosenbach, Jeff Lord, Tom Gjelten, Greg Rattray, David Asher, Jeff Pryce, Andrew Lewman, Daniel Calingeart, David Gross, Nova Daly and several anonymous reviewers. In addition, we wish to thank the dozens of dedicated professionals in the U.S. government, armed services and private sector who candidly shared their perspectives. We also thank Global Business Network for hosting a workshop in San Francisco in February 2011, as well as the many technologists and other experts who attended. Peter Schwartz, David Babington and Audrey Plonk deserve special recognition for making the workshop a success.
    [Show full text]