hakin9_StarterKit_02.pdf

~ t q w ~

~ t q w ~

~ t q w ~

Firewalls ABC

Firewalls are believed to be a irst line of defense, and

hence it should be a topic that each serious computer user

knows, like the back of their hand. Firewalls are standard

equipment for each Internet connection nowadays. They

are a necessary part of every organization's IT security

system. Home users who connect to commercial Internet

service providers are also using irewall appliances to

protect their connections.

A irewall is a device conigured to deny, permit or

proxy data connections which is set and conigured by

the organization's security policy. The above deinition

sounds rather simple, but it covers millions of terms,

types, technique and procedures. Thanks to hakin9 start-

erkit – Firewalls Edition you will learn some crucial things

on irewalls – hardware or software based irewalls, net-

work and personal ones, stateful and stateless irewalls,

network layer irewalls, iptables, ISO/OSI stack levels,

and much more...

Together with our authors we created a guide to ire-

walls to present the most important aspects of this great

branch of IT security. We prepared a couple of general

articles that will help you to enter the complex world of

irewalling. The other articles are devoted to certain sec-

tions like:

CD Contents

What's new in the latest hakin9.live version (3.2.1-aur.,

updated versions of Aircrack and Kismet) and what

must-have applications you will ind ( NetConceal Anti-

History & Anonymizer, Enigma Lite Desktop Edition,

MicroWorld e-Scan Internet Security Suite, Water-

mark Factory, Comodo Firewall Pro, m0n0wall ).

Introduction to Firewalls:

From ISO/OSI to DMZ

Michele Orrù

This writing presents irewall generic architecture. It also

projects how the rule parsing works, and how those

rules are managed. Readers will get to know how to

choose the best irewall solution for their situation.

Introduction

to Firewall Rulebases

Gr@ve_Rose (Sean Murray-Ford)

You will get to know how to create irewall rulebases,

what a rulebase looks like in most irewall software.

The author also explains how to understand and

extrapole client requirements and what are the ever-

important Stealth and Clean-up rules.

Knock Knock Knocking

On Firewall’s Door

• Web Application Firewall – mod_security for Apache,

• A Highly-Redundant Network Firewall: pf + CARP,

• An Introduction to Firewall Rulebases.

Raul Siles

After having read this article you will know to deploy

fwknop (an open-source SPA implementation) using

FC6 Linux, and what are basic rules of port knocking

concept. You will also acquire the in-depth knowledge

on technologies presented in the article.

Apart from the technical writing, hakin9 starterkit contains

a lambent column by Matt Yonkman and a CD with inter-

esting surprises prepared exclusively for our dear read-

ers. We hope that you will take advantage of the discounts

we negotiated for you with Dekart, WaterMark Factory,

GlobalTrust and NetConceal.

Highly-Redundant

Network Firewall: pf + CARP

We do realize that a irewalls topic is so broad that we

could have a separate monthly magazine devoted to it. In

this issue, however, we wanted to provide a set of essen-

tial information that would project the importance of ire-

walls and encourage every reader to penetrate it on their

own. Let this edition of hakin9 starterkit be your primer

and initiate your adventure with IT security management.

It is just a second edition of hakin9 starterkit. We are

curious indeed about, what you think of our magazine,

what comments or advise you would give us, etc. Open

to your suggestions, we invite you to contributing to the

next issues.

Carlos Fragoso Mariscal

Thanks to this technical writing you will learn how to

deploy a new network irewall and how to implement

a high-available network irewall.

Linux Netilter – Packet Mangling

and Applications

Lucian Gheorghe

This text sheds the light on the packet mangling...

What is it? As the term mangling might mislead

people to conceive it as malicious, packet mangling is

not like that at all. Packet mangling refers to the proc-

ess of intentionally altering data in IP packet headers

before or after the routing process. Read the article

to get to know more!

Magdalena Błaszczyk

magdalena.blaszczyk@hakin9.org

Basic of Firewalling and iptables

Antonio Merola & Arrigo Triulzi

The authors wanted to teach you everything con-

cerning packet iltering and irewalling, starting from

scratch, basically you have in your hands the fastest

way to learn about basic of irewalling and iptables!

www.en.hakin9.org

hakin9 starter kit 2/2007

~ t q w ~

Much More Than Just a Firewall

Practical IT Security Solutions for Newbies

Editor in Chief: Ewa Dudzic ewa.dudzic@software.com.pl

Editor: Magdalena Błaszczyk magdalena.blaszczyk@hakin9.org

Contributing Editor: Shyaam Sundhar R. S.

DTP Director: Marcin Pieśniewski marcin.piesniewski@software.com.pl

Art Director: Agnieszka Marchocka agnes@software.com.pl

CD: Rafał Kwaśny

Proofreaders: N. Potter, D. F. Leer, M. Szuba, Kelley Dawson

Top betatesters: Wendel Guglielmetti Henrique, Justin Seitz,

Peter Hüwe, Damian Szewczyk, Peter Harmsen, Kevin Bewley,

Steve Lape

Jess Garcia

This article projects which additional security tech-

nologies can be deployed at your irewall. Due to

irewalls role as network bottlenecks and enforcing

points, they are the right place to implement con-

trols and other types of functions that are not strictly

related to traditional trafic iltering.

Web Application Firewall

– ModSecurity for Apache

President: Monika Godlewska monikag @software.com.pl

Senior Consultant/Publisher: Paweł Marciniak pawel@software.com.pl

National Sales Manager: Monika Godlewska monikag@software.com.pl

Production Director: Marta Kurpiewska marta@software.com.pl

Marketing Director: Ewa Dudzic ewa.dudzic@software.com.pl

Advertising Sales: Magdalena Błaszczyk

magdalena.blaszczyk@hakin9.org

Subscription: subscription@software.com.pl

Prepress technician: Marcin Pieśniewski

marcin.piesniewski@software.com.pl

Massimo Fubini

Thanks to this writing you will get to know what are

the most common vulnerabilities in web applica-

tion, when to use an HTTP iltering reverse proxy

as well as why and how to conigure Apache with

mod_security .

Publisher: Software Media LLC

(on Software Publishing House licence www.software.com.pl/en )

Postal adderss:

Software Media LLC

1461 A First Avenue, # 360

New York, NY 10021-2209

USA

Tel: 004822 8871010

www.hakin9.org/en

Easy Firewalling with IPCop

Robert Larsen

The author presents how to set up a basic IPCop

based irewall and how to reconigure IPCop to

better it your needs. A irewall is usually irst line

of defense but anybody who has read the manual

of iptables knows that it can be a hassle to set up

a good irewall, and to have it properly conigured.

This is where IPCop and similar irewall distribu-

tions come in.

Software LLC is looking for partners from all over the World.

If you are interested in cooperating with us,

please contact us by e-mail: cooperation@software.com.pl

Print: 101 Studio, Firma Tęgi

Printed in Poland

Introduction

to Anti-spam Practices

Distributed in the USA by: Source Interlink Fulfillment Division, 27500

Riverview Centre Boulevard, Suite 400, Bonita Springs, FL 34134

Tel: 239-949-4450.

Alina Popescu

Alina simply presents what SPF and DKIM are. The

article provides an overview of the ways of sending

spam and ighting against it.

Distributed in Australia by: Gordon and Gotch, Australia Pty Ltd.

Level 2, 9 Roadborough Road, Locked Bag 527, NSW 2086, Sydney, Australia

Tel: + 61 2 9972 8800

Popular Free Software Firewalls

for Home/Personal Use

Whilst every effort has been made to ensure the high quality

of the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only

for informative purposes. All rights to trade marks presented

in the magazine are reserved by the companies which own them.

Josh Sawyer

There are many free software irewalls for home

use, but there are varying opinions on which is

bestin terms of security, user-friendly interfaces,

overhead, etc. This simple review is meant to help

the home user select the best irewall for their

application.

To create graphs and diagrams we used program by

company.

CDs included to the magazine were tested with AntiVirenKit by G DATA

Software Sp. z o.o

The editors use automatic DTP system

Making Firewalls Smarter

ATTENTION!

Selling current or past issues of this magazine for prices that are

different than printed on the cover is – without permission of the

publisher – harmful activity and will result in judicial liability.

Matthew Jonkman

Upcoming

Here we present the subjects that will be brought up

in the upcoming hakin9 starterkit.

DISCLAIMER!

The techniques described in our articles may only be

used in private, local networks. The editors hold no

responsibility for misuse of the presented techniques

or consequent data loss.

hakin9 starter kit 2/2007

hakin9 Nr 2/2006

~ t q w ~

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: