436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and deliv- ering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional mate- rials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value- added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations. Contact us at sales@syn- gress.com for more information. CUSTOM PUBLISHING Many organizations welcome the ability to combine parts of multiple Syngress books, as well as their own content, into a single volume for their own internal use. Contact us at [email protected] for more information. 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page ii 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page iii How to Cheat at Configuring Raven Alder Josh Burke Chad Keefer Angela Orebaugh Larry Pesce Eric S. Seagren 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page iv Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 BPOQ48722D 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 How to Cheat at Configuring Open Source Security Tools Copyright © 2007 by Elsevier, Inc.All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN-10: 1-59749-170-5 ISBN-13: 978-1-59749-170-9 Publisher:Amorette Pedersen Acquisitions Editor:Andrew Williams Page Layout and Art: Patricia Lupien Cover Designer: Michael Kavish Indexer: Richard Carlson For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights, at Syngress Publishing; email [email protected]. 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page v Contributing Authors Raven Alder is a Senior Security Engineer for IOActive, a consulting firm specializing in network security design and implementation. She specializes in scalable enterprise-level security, with an emphasis on defense in depth. She designs large-scale firewall and IDS systems, and then performs vulner- ability assessments and penetration tests to make sure they are performing optimally. In her copious spare time, she teaches network security for LinuxChix.org and checks cryptographic vulnerabilities for the Open Source Vulnerability Database. Raven lives in Seattle, WA. Raven was a contributor to Nessus Network Auditing (Syngress Publishing, ISBN: 1- 931836-08-6). Josh Burke (CISSP) is an independent information security consultant in Seattle, Washington. He has held positions in networking, systems, and secu- rity over the past seven years in the technology, financial, and media sectors. A graduate of the business school at the University of Washington, Josh concentrates on balancing technical and business needs for companies in the many areas of information security. He also promotes an inclusive, positive security philosophy for companies, which encourages communicating the merits and reasons for security policies, rather than educating only on what the policies forbid. Josh is an expert in open-source security applications such as Snort, Ethereal, and Nessus. His research interests include improving the security and resilience of the Domain Name System (DNS) and the Network Time Protocol (NTP). He also enjoys reading about the mathematics and history of cryptography, but afterward often knows less about the subject than when he started. Chad Keefer is the founder of Solirix, a computer network security com- pany specializing in Information Assurance. Chad is a former developer of Sourcefire’s RNA product team. Chad has over 13 years of industry experi- ence in security, networking, and software engineering. He has worked v 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page vi extensively with the federal government and in a wide range of commercial industries to redefine and sharpen the current perception of security. He has also been a lead architect in this space, overseeing initiatives to redesign and build many security infrastructures. Chad holds a B.S. in Computer Science from the University of Maryland. He currently lives in Annapolis, MD with his wife and daughter. Angela Orebaugh is an industry-recognized security technology visionary and scientist, with over 12 years hands-on experience. She currently per- forms leading-edge security consulting and works in research and develop- ment to advance the state of the art in information systems security.Angela currently participates in several security initiatives for the National Institute of Standards and Technology (NIST). She is the lead scientist for the National Vulnerability Database and author of several NIST Special Publications on security technologies.Angela has over a decade of experi- ence in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. She has a Masters in Computer Science, and is currently pursuing her Ph.D. with a concentration in Information Security at George Mason University.Angela is the author of the Syngress best seller Ethereal Packet Sniffing (ISBN: 1932266828). She has also co-authored the Snort Cookbook and Intrusion Prevention and Active Response: Deploying Network and Host IPS (Syngress; ISBN: 193226647X).Angela is a researcher, writer, and speaker for SANS Institute and faculty for The Institute for Applied Network Security and George Mason University.Angela has a wealth of knowledge from industry, academia, and government from her consulting experience with prominent Fortune 500 companies, the Department of Defense, dot-com startups, and universities. She is a frequently invited speaker at a variety of conferences and security events. Current research interests: intrusion detection, intrusion prevention, data mining, attacker profiling, user behavior analysis, network forensics vi 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page vii Larry Pesce (CCNA, GCFA Silver, GAWN Silver) is the Manager for Information Services Security at Care New England, a mid-sized healthcare organization in New England. In the last 13 years in the computer industry, Larry has become a jack of all trades; PC repair, Network Engineering, Web Design, Non-Linear Audio and Video production, and Computer Security. Larry is also gainfully employed as a Penetration Tester / Ethical Hacker with Defensive Intuition, a Rhode Island-based security consulting com- pany.A graduate of Roger Williams University in Compute Information Systems, Larry is currently exploring his options for graduate education. In addition to his industry experience, Larry is also a Security Evangelist for the PaulDotCom Security Weekly podcast at www.pauldotcom.com. Larry is currently completing a work with his PaulDotCom Security Weekly co-host, Paul Asadoorian on hacking the Linksys WRT54G. More of Larry’s writing, guides, and rants can be found on his blog at www.haxorthematrix.com. Eric S.