|Attacking Network Protocols|
Author: James Forshaw
Despite the rather worrying subtitle of 'a hacker's guide to capture, analysis, and exploitation', this is in fact a useful book.
It works on the principle that you should think like an attacker to find the vulnerabilities in your systems, so you can then work out how to overcome or protect the vulnerability.
The author of the book is James Forshaw, a well-known name among those interested in security. He rose to fame as the winner of $100,000 bounty from Microsoft for finding a major security flaw within Windows 8.1. He also won various other bounties for finding security flaws in Internet Explorer, and now works for Google as a security researcher in Project Zero. He's also been a winner at Pwn2Own, the computer hacking contest held annually at the CanSecWest security conference.
The book opens with a chapter on the basics of networking to set the scene, then moves on to a chapter on capturing application traffic. As author James Forshaw points out, this can be more challenging than you might imagine. The chapter discusses passive and active capture, and popular tools for each method.
A more technical discussion of network protocol structures comes next, with details of protocols and how they are represented in binary or text-based protocols. Forshaw then moves on to advanced application traffic capture using techniques such as rerouting traffic using software, and techniques such as network address translation and forwarding traffic to a gateway.
A chapter titled Analysis from the Wire is next. This builds on what was discussed earlier to look at how to analyze captured network protocol traffic from a chat application to understand what protocol is being used so you can assess its security.
Application reverse engineering comes next with a meaty chapter looking at ways that vulnerabilities in an application can be detected by reverse engineering the executable.
A chapter on network protocol security is next, looking at the objectives of secure protocols (data confidentiality and integrity; and protecting server and client from being impersonated). Forshaw looks at how these objectives are usually addressed, and potential weaknesses to look for. Forshaw then moves on to show how to implement a network protocol yourself so you can test it for security purposes. The examples use Forshaw's own testbed chat application so you don't have to do quite as much work yourself.
One of the most interesting (and frightening) chapters from the viewpoint of the casual reader comes next, with a look at the root causes of vulnerabilities. In this case, Forshaw means those that result from the implementation of a protocol as opposed to its specification. The idea is that you're learning patterns in protocols that might identify security vulnerabilities. There are good descriptions of techniques such as memory, storage and CPU exhaustion attacks, format string vulnerabilities, and attacks using command and SQL injection.
If you're reading the book in order to work out how to find and exploit security vulnerabilities for real, the next chapter is where things get interesting. Forshaw shows how to identify security vulnerabilities by manipulating network traffic, and how to use techniques such as fuzz testing and debugging to automate the process of discovering security problems.
The book ends with an appendix giving details of the tools Forshaw has in his 'analysis toolkit' for analysis, investigation, and exploitation.
I began reading this book expecting to be either bored or lost by technicalities. In reality, it's very readable and accessible, with descriptions that are interesting and understandable at the system level even if you're not planning on writing your own ARP poisoner. It's network agnostic with coverage of Windows, Linux and Mac, and the discussion of the tools and how to use them is excellent. This is a book worth reading even if your only interest in network security is as an applications developer.
|Last Updated ( Saturday, 23 June 2018 )|