Story Line - Dept. of IE, CUHK Personal User Web Server
Story Line - Dept. of IE, CUHK Personal User Web Server
Story Line - Dept. of IE, CUHK Personal User Web Server
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Story</strong> <strong>Line</strong><br />
In 200x, hkntec.net is nominated by United Nation to launch the "INFO SHARE" project to help<br />
30 developing countries to promote Internet in their economics. hkntec.net accept this challenge and<br />
will set up network infrastructure and basic Internet services for these 30 countries in 12 weeks. Due to<br />
limited resources, hkntec.net cannot afford to hire full-time system administrators or network engineers<br />
to accomplish these tasks. Hence, hkntec.net are recruiting you, the volunteers, to finish these<br />
challenging tasks within 12 weeks.<br />
In the following 12 weeks, you will spend ~ 3 hours in each week to finish the following tasks<br />
for a network:<br />
1. Set up a DNS server<br />
2. Set up a Mail server and Mailing List service<br />
3. Build a Public Key Infrastructure (PKI)<br />
4. Set up the network monitoring system<br />
5. Set up a Firewall and Intrusion Detection system<br />
Each <strong>of</strong> you will get the root access <strong>of</strong> a linux host and discharge the above tasks according to the<br />
following instructions<br />
1
Mission<br />
Week #1-2: DNS <strong>Server</strong> Setup<br />
Each <strong>of</strong> you will be assigned with a code number. This code number is referring to the country you are<br />
working at. At the later stage, this code number will be transferred to the actual domain name <strong>of</strong> that<br />
country.<br />
Notation: N is your code number; where N in [11..25; 81..95].<br />
P is your partner code number;<br />
where if N in [11..25], P = N + 70;<br />
if N in [81..95], P = N -70;<br />
ntecN is the hostname <strong>of</strong> your system. Their host IPs are as follows:<br />
for ntec[11..25]: 192.168.64.[11..25]; netmask 255.255.255.0<br />
for ntec[81..95]: 192.168.128.[81..95]; netmask 255.255.255.0<br />
For example, if your code number is 81, then your hostname that you are going to manage<br />
is ntec81 and the host IP is 192.168.128.81; your partner code number is 11.<br />
You can find the full qualified host name and IP in /etc/hosts file. You can also check with<br />
it at http://info.hkntec.net/ptmsc/host_list.txt<br />
Set up the following domain and sub domain at your host<br />
- sN.hkntec.net<br />
- ss.sN.hkntec.net<br />
Where N is your code number. For example, if your project number is 81, then you need to set<br />
up the domain "s81.hkntec.net" and "ss.s81.hkntec.net".<br />
Instruction:<br />
1. You need to edit the /etc/named.conf file to specify these domains:<br />
e.g.<br />
zone "s81.hkntec.net" {<br />
type master;<br />
file "zone/s81.hkntec.net";<br />
};<br />
zone "ss.81N.hkntec.net" {<br />
type master;<br />
file "zone/ss.s81.hkntec.net";<br />
};<br />
zone "81.18.172.in-addr.arpa" {<br />
type master;<br />
file "zone/81.18.172";<br />
};<br />
2
2. In your zone files (e.g. s81.hkntec.net, ss.s81.hkntec.net and 100.18.172.in-addr.arpa)<br />
2.1 Set the A record for your hostname ntecN and assign this host IP to your netcN IP in your<br />
zone file (e.g s81.hkntec.net, ss.s81.hkntec.net)<br />
e.g.<br />
ntec81 A 192.168.128.81<br />
2.2 Set the CNAME record for www.sN.hkntec.net and www.ss.sN.hkntec.net ; and<br />
assign this web site IP to your ntecN IP. You will need to build the web server for these two<br />
domains later.<br />
e.g.<br />
www CNAME ntec81<br />
2.3 Set the NS and MX record for sN.hkntec.net and ss.sN.hkntec.net. Assign these NS server and<br />
mail exchange servers IP to your ntecN IP. You will need to build the mail server for these two<br />
domains later.<br />
e.g.<br />
NS ntec81.s81.hkntec.net.<br />
MX 10 ntec81.s81.hkntec.net.<br />
2.4 Set the MX record for listserv. SN.hkntec.net too.<br />
e.g.<br />
Listserv. MX 10 ntec81<br />
2.5 the A records for the host in ss.sN.hkntec.net domain.<br />
172.18.N.[1..254]-> host[1..254].ss.sN.hkntec.net<br />
e.g.<br />
host1 A 172.18.81.1<br />
host2 A 172.18.81.2<br />
…..<br />
host254 A 172.18.81.254<br />
2.6 the N.18.172.in-addr.arpa for the ss.sN.hkntec.net domain (edit the 81.18.172.in-addr.arpa<br />
file)<br />
e.g.<br />
1 PTR host1<br />
2 PTR host2<br />
……<br />
254 PTR host254<br />
3
3. Set the slave DNS server for your partner domain ss.sP.hkntec.net when your partner has set his<br />
DNS server<br />
e.g.<br />
In the /etc/named.conf,<br />
zone "ss.s11.hkntec.net" {<br />
type slave;<br />
file "slave/ss.s11.hkntec.net";<br />
masters {192.168.64.11;} ;<br />
};<br />
zone "11.18.172.in-addr.arpa" {<br />
type slave;<br />
file "slave/11.18.172";<br />
masters {192.168.64.11;} ;<br />
};<br />
- Restrict your domain ss.sN.hkntec.net and N.18.172.in-addr.arpa zone transfer to your partner<br />
slave host<br />
e.g.<br />
In the /etc/named.conf<br />
allow-transfer { 192.168.64.11/24; };<br />
- Start up the named and debug<br />
Start the named by "/usr/sbin/ndc start" command and then "tail /var/log/messages" to see if<br />
there is any error messages. After you have fixed the problem, you can restarted the named by<br />
"/usr/sbin/ndc restart"<br />
4. Use nslookup to verify the above setup<br />
e.g.<br />
nslookup www.s81.hkntec.net (query the www.s81.hkntec.net A record)<br />
nslookup www.ss.s81.hkntec.net (query the www.ss.s81.hkntec.net A record)<br />
csh> nslookup<br />
set type=ns (set the query type to ns, name server)<br />
ss.s81.hkntec.net (query the name server <strong>of</strong> ss.s81.hkntec.net)<br />
set type=mx (set the query type to mx, mail exchange)<br />
ss.s81.hkntec.net (query the mail exchange server <strong>of</strong> ss.s81.hkntec.net)<br />
server ntec81 (use the ntec81 as DNS server)<br />
ls ss.s81.hkntec.net (list all the entries in ss.s81.hkntec.net)<br />
server ntec11 (use the slave DNS server, ntec11)<br />
ls ss.s81.hkntec.net (list all the entries in ss.s81.hkntec.net)<br />
4
Here is a complete example <strong>of</strong> setting a DNS server <strong>of</strong> athena.hknec.net and ss.athena.hkntec.net.<br />
Project code<br />
Athena<br />
Partner code<br />
Apollo<br />
Athena domain<br />
Athena.hkntec.net and ss.athena.hkntec.net<br />
Apollo domain<br />
Apollo.hkntec.net and ss.apollo.hkntec.net<br />
Athena Host IP 192.168.64.232<br />
Apollo Host IP 192.168.128.238<br />
ss.athena.hkntec.net IP range 172.18.100.1 - 255 (i.e. 172.18.100.0/24 network)<br />
ss.apollo.hkntec.net IP range 172.18.101.1 - 255 (i.e. 17.2.18.101.0/24 network,)<br />
- The sample /etc/named.conf file is at<br />
http://www.athena.hkntec.net/examples/dns/named.conf<br />
- The sample zone files in /var/named directory is at<br />
http://www.athena.hkntec.net/examples/dns/named/<br />
- The sample nslookup query log for that DNS setup is at<br />
http://www.athena.hkntec.net/examples/dns/nslookup.log<br />
References:<br />
Linux DNS How To<br />
http://www.linuxdoc.org/HOWTO/DNS-HOWTO.html<br />
DNS Resources Directory<br />
http://www.dns.net/dnsrd/<br />
DNS and BIND<br />
By Paul Albitz & Cricket Liu, O'Reilly ISBN 1-56592-523-8<br />
5
Week #3-4 Mail server Setup<br />
Mission #1 Set the mail servers for your domain sN.hkntec.net and ss.sN.hkntec.net<br />
1. Update the /etc/sendmail.cw for accepting mails for the above domain. Add your full quantified<br />
host node name and the listserv entry too.<br />
e.g.<br />
s81.hkntec.net<br />
ss.s81.hkntec.net<br />
ntec81.fox.hkntec.net<br />
listserv.s81.hkntec.net<br />
2. Open the sysadmin accounts for the above domain (adim, ss-adim)<br />
e.g.<br />
csh> adduser -c "Admin" -d /home/admin -g users -s /bin/tcsh -u 800 admin<br />
csh> passwd admin<br />
Changing password for user admin<br />
New UNIX password:<br />
Retype new UNIX password:<br />
passwd: all authentication tokens updated successfully<br />
3. Configure the /etc/aliases file for the mail address webmaster, abuse, noc and security pointing to<br />
admin<br />
e.g<br />
webmaster: admin<br />
abuse: admin<br />
noc:<br />
admin<br />
security: admin<br />
Do not forget to run "newaliases" after updating the /etc/aliases file<br />
4. Configure the mc file for the domain masquerade for ss.sN.hknetc.net and anti-spam measure<br />
4.1 cd /usr/lib/sendmail-cf/cf<br />
4.2 cp redhat.mc ntecN.mc (use the rehat.mc as the mc file template)<br />
4.3 edit the ntecN.mc file.<br />
- Add the masquerade and ct_file entries.<br />
e.g.<br />
MASQUERADE_AS(s81.hkntec.net)<br />
FEATURE(masquerade_envelope)<br />
FEATURE(use_ct_file)<br />
- Comment the accept unresolvable entry<br />
e.g<br />
dnl FEATURE(`accept_unresolvable_domains')<br />
4.4 Make the cf file<br />
6
e.g<br />
make ntecN.cf<br />
4.5 Restart the sendmail daemon<br />
e.g<br />
csh> cp ntecN.cf /etc/sendmail.cf<br />
csh> /etc/rc.d/init.d/sendmail restart<br />
4.6 Try to send mail to webmaster, abuse, noc and security, see if these account can receive these<br />
mail. (e.g check the /var/spool/mail files there)<br />
5. Configure the /etc/mail/virtusertable for the address webmaster, abuse, noc and security at<br />
ss.sN.hkntec.net pointing to ss-admin<br />
e.g.<br />
webmaster@ss.s81.hkntec.net ss-admin<br />
abuse@ss.s81.hkntec.net ss-admin<br />
noc@ss.s81.hkntec.net<br />
ss-admin<br />
security@ss.s81.hkntec.net ss-admin<br />
Do not forget to run "make virtusertable.db" in the /etc/mail directory after updating the<br />
virtusertable file. Try to send mail to the above mail address and see if ss-admin account gets any<br />
mail.<br />
6. Configure the access file for mail relay restriction<br />
- Edit the /etc/mail/access file to allow your partner host to relay mail<br />
e.g<br />
192.168.64.11 RELAY<br />
- Do not forget to "make access.db" after updating the access file<br />
7. Set up a mailing list at sN.hkntec.net<br />
7.1 Get the majordomo package from /usr/local2/pkg/majordomo/dist ( or get you can get it from<br />
http://www.greatcircle.com/majordomo)<br />
7.2 Open the majordomo account<br />
E.g<br />
csh> adduser -c "Majordomo Admin" -d /home/majordomo -g daemon -s /bin/tcsh \<br />
-u 300 majordomo<br />
7.3 Login the majordomo account and extract the package<br />
e.g<br />
csh > gzip -d -c majordomo-1.94.5.tar.gz|tar xvf -<br />
7.4 Edit the Makefile file, update the necessary entries.<br />
E.g.<br />
PERL = /usr/bin/perl<br />
CC = gcc<br />
W_HOME = /home/majordomo<br />
7
W_USER = 300<br />
W_GROUP = 2<br />
7.5 cp sampel.cf majordomo.cf and update the necessary entries;<br />
e.g<br />
$whereami = "listserv.athena.hkntec.net";<br />
$homedir = "/home/majordomo";<br />
$digest_work_dir = "/home/majordomo/digest";<br />
$majordomo_request = 1;<br />
7.6 make wrapper<br />
7.7 make install<br />
7.8 Now use sudo to "make install-wrapper"<br />
7.9 sudo to "./wrapper config-test"<br />
7.10 link the wrapp to /ec/smrch<br />
e.g.<br />
ln -s /home/majordomo/wrapper /etc/smrsh/wrapper<br />
7.11 Edit /etc/sendmail.ct and add the "majordomo" entry<br />
7.12 Create the mail aliases for majordomo in /etc/aliases<br />
e.g<br />
majordomo: "|/home/majordomo/wrapper majordomo"<br />
owner-majordomo: root@s81hkntec.net,<br />
majordomo-owner: root@s81.hkntec.net<br />
Do not forget to run "newaliases" after updating the /etc/aliases file<br />
7.13 create a mailing list<br />
- touch /home /majordomo/lists/test<br />
- echo 'lists' | mail majordomo<br />
- You should receive a return mail from majordomo and a test.config file shoule be created in<br />
the /home /majordomo/lists directly. Update the necessary entries in this test.config file.<br />
e.g<br />
description = A TEST mailing list<br />
7.14 create the mail aliase for the mailing list<br />
e.g.<br />
test: "|/home/majordomo/wrapper resend -l test test-list"<br />
test-list: :include:/home/majordomo/lists/test<br />
owner-test: root@s81.hkntec.net,<br />
test-owner: root@s81.hkntec.net<br />
test-request: "|/home/majordomo/wrapper majordomo -l test"<br />
test-approval: root@s81.hkntec.net<br />
Do not forget to run "newaliases" after updating the /etc/aliases file<br />
8
7.15 Try to subscribe this test mailing list by sending command to majordomo<br />
You may use https://info.hkntec.net/horde/imp/ to check your mail at your host. However, you<br />
need to enable the pop mail at your host first by:<br />
- Uncoment the imap entry in /etc/inetd.conf<br />
imap stream tcp nowait root /usr/sbin/tcpd imapd<br />
- Restart the inetd<br />
killall -1 inetd<br />
Here is a complete example <strong>of</strong> setting a mail and mailing list server @athena.hknec.net<br />
- The sample /etc/sendmail.cw is at<br />
http://www.athena.hkntec.net/examples/mail/sendmail.cw<br />
- The sample /etc/aliases is at<br />
http://www.athena.hkntec.net/examples/mail/aliases<br />
- The sample /usr/lib/sendmail-cf/cf/athena.mc is at<br />
http://www.athena.hkntec.net/examples/mail/athena.mc<br />
- The sample /etc/sendmail.cf is at<br />
http://www.athena.hkntec.net/examples/mail/sendmail.cf<br />
- The sample /etc/mail/virtusertable is at<br />
http://www.athena.hkntec.net/examples/mail/virtusertable<br />
- The sample majordomo Makefile<br />
http://www.athena.hkntec.net/examples/mail/Makefile<br />
- The sample installation log<br />
http://www.athena.hkntec.net/examples/mail/build.log<br />
- The sample majordomo.cf is at<br />
http://www.athena.hkntec.net/examples/mail/majordomo.cf<br />
- The sample test.config is at<br />
http://www.athena.hkntec.net/examples/mail/test.config<br />
References:<br />
sendmail.org<br />
http://www.sendmail.org/<br />
Majordomo<br />
http://www.greatcircle.com/majordomo/<br />
Sendmail<br />
By Bryan Costales & Eric Allman; O'Reilly ISBN 1-56592-222-0<br />
Managing Mailing Lists<br />
By Alan Schwartz; O'Reilly ISBN 1-56592-259-X<br />
9
Week #5-6 E-Commerce: Public Key Infrastructure (PKI)<br />
1. Set up both orginal ( port 80) and secure ( port 443)web server (mod ssl) for<br />
http[s]://www.sN.hknetc.net. Set the security proxy to be proxy.hkntec.net:80 to access your<br />
https://www.sN.hknetc.net.<br />
1.1 get the following packages from /usr/local2/pkg/www/dist<br />
- apache_1.3.12.tar.gz<br />
- mod_ssl-2.6.5-1.3.12.tar.gz<br />
- openssl-0.9.5a.tar.gz<br />
1.2 extract the distributions <strong>of</strong> Apache, mod_ssl and OpenSSL<br />
- gzip -d -c apache_1.3.12.tar.gz | tar xvf -<br />
- gzip -d -c mod_ssl-2.6.5-1.3.12.tar.gz | tar xvf -<br />
- gzip -d -c openssl-0.9.5a.tar.gz | tar xvf -<br />
1.3 Build OpenSSL<br />
- cd openssl-0.9.5a<br />
- ./config<br />
- make<br />
- make install<br />
1.4 Build and install the SSL-aware Apache<br />
- cd ..<br />
- cd mod_ssl-2.6.5-1.3.12<br />
- ./configure \<br />
- --with-apache=../apache_1.3.12 \<br />
- --with-ssl=../openssl-0.9.5a \<br />
- --prefix=/usr/local/apache<br />
- cd ..<br />
- cd apache_1.3.12<br />
- make<br />
- make install<br />
2. Create a certificate for your https site<br />
2.1 extract the distributions <strong>of</strong> ssl.ca<br />
- gzip -d -c ssl.ca-0.1.tar.gz | tar xvf -<br />
- cd ssl.ca-0.1<br />
2.2 set the openssl in your search path<br />
- setenv PATH /usr/local/ssl/bin:$PATH<br />
2.3 Create the self-signed Root CA key by running "./new-root-ca.sh"<br />
After the creation, you should have the following two files:<br />
- ca.cert (CA self signed cert)<br />
- ca.key (CA private key)<br />
10
2.4 Create the server cert<br />
e.g.<br />
./new-server-cert.sh www.s81.hkntec.net<br />
2.5 Sign the server cert<br />
e.g.<br />
./sign-server-cert.sh www.s81.hkntec.net<br />
After the sign, you should have the following three files:<br />
- www.s81.hkntec.net.crt (the web server cert, signed by your CA)<br />
- www.s81.hkntec.net.csr (the web server cert sign request)<br />
- www.s81.hkntec.net.key (the web server private key)<br />
you may copy these files to /usr/local/apache/certs directory for the apache httpd to access<br />
3. Start up the https server<br />
3.1 edit /usr/local/apache/conf/httpd.conf; update the necessary entries:<br />
e.g<br />
<strong>Server</strong>Admin root@s81.hkntec.net<br />
<strong>Server</strong>Name www.s81.hkntec.net<br />
SSLCertificateFile /usr/local/apache/certs/www.s81.hkntec.net.crt<br />
SSLCertificateKeyFile /usr/local/apache/certs/www.s82.hkntec.net.key<br />
3.2 stop the original httpd by "/etc/rc.d/init.d/httpd stop" and start up the SSL httpd by<br />
"/usr/local/apache/bin/ apachectl startssl". Review the log files at /usr/local/apache/logs for<br />
debugging.<br />
4. Check the web site cert.<br />
4.1 Now set your web browser security proxy entry to be proxy.hkntec.net:80 (that is<br />
proxy.hkntec.net server and 80 port)<br />
4.2 Try to access your ssl web site URL<br />
e.g. https://www.s81.hkntec.net<br />
4.3 View the document info (or just click the low left lock icon <strong>of</strong> the browser) and check the site<br />
cert. You should read the information that you have assigned.<br />
5. Act as a CA to sign a user CSR<br />
5.1 Create a user cert<br />
e.g.<br />
./new-user-cert.sh user@s81.hkntec.net<br />
5.2 Sign the user cert<br />
e.g.<br />
./sign-user-cert.sh user@s81.hkntec.net<br />
After the sign, you should have three files:<br />
- user@s81.hkntec.net.crt (the user cert; signed by your CA)<br />
- user@s81.hkntec.net.csr (the user CSR)<br />
11
- user@s81.hkntec.net.key (the user private key)<br />
5.3 Collect the user cert into a pkcs12 file.<br />
e.g.<br />
./p12.sh user@s81.hkntec.net<br />
You need to supply an export password when you create the pkcs12 file. Ftp the "<br />
user@s1.hkntec.net.p12" into your PC and then import this user cert into your browser. (i.e.<br />
click your netscape low left lock icon to pop up the security info window; click the yours under<br />
the certificates; then click the import certificate button in the right window.)<br />
6. Try the Client Authentication and Access Control <strong>of</strong> your https://www.sN.hknetc.net<br />
6.1 Create another user cert name "user2"according to the procedure in step 5<br />
6.2 Create two directories under the htdoc directory<br />
e.g.<br />
mkdir /usr/local/apache/htdocs/secure<br />
mkdir /usr/local/apache/htdocs/sercure/user2<br />
6.3 Edit the /usr/local/apache/conf/httpd.conf to configure the access control for the above two<br />
directory.<br />
e.g.<br />
SSLVerifyClient none<br />
SSLCACertificateFile /usr/local/apache/certs/ca.crt<br />
<br />
SSLVerifyClient require<br />
SSLVerify<strong>Dept</strong>h 1<br />
<br />
<br />
SSLVerifyClient require<br />
SSLVerify<strong>Dept</strong>h 5<br />
SSLOptions<br />
+FakeBasicAuth<br />
SSLRequireSSL<br />
SSLRequire %{SSL_CL<strong>IE</strong>NT_S_DN_CN} eq "user2 "<br />
<br />
6.3 Now delete all user cert in your browser. You will find that your browser cannot access both<br />
"secure" and "secure/user2" web pages<br />
6.4 Now just import a user cert name "user". You can access "secure" but not "secure/user2" web<br />
page<br />
6.5 Now import the user2 cert. You can access both "secure" and "secure/user2" web pages<br />
7. Set up WAP server for wap.sN.hkntec.net<br />
12
Here is a complete example <strong>of</strong> setting the above PKI at athena.hkntec.net<br />
- The sample httpd.conf file<br />
http://www.athena.hkntec.net/examples/pki/httpd.conf<br />
- The sample install log<br />
http://www.athena.hkntec.net/examples/pki/build.log<br />
- The sample web cert signing log<br />
http://www.athena.hkntec.net/examples/pki/build2.log<br />
- The sample user cert signing log<br />
http://www.athena.hkntec.net/examples/pki/build3.log<br />
- The athena PKI demo site<br />
https://www.athena.hkntec.net<br />
References:<br />
Mod_ssl<br />
http://www.modssl.org/<br />
Open-Source PKI Book<br />
http://ospkibook.sourceforge.net/<br />
Apache HTTP <strong>Server</strong><br />
http://www.apache.org/httpd.html<br />
Understanding the Public-Key Infrastructure<br />
By Carlisle Adams, Steve Lloyd; New Riders Publishing; ISBN: 157870166X ;<br />
13
Week #7-9 Network Monitoring and Debugging<br />
- Use SAR to monitor your system CPU, memory and DISK O/I status<br />
- Use SNMP to monitor your system process and network traffic<br />
- Use the following tools to monitor and debug your system and network<br />
top, vmstat, netstat, iostat, ifconfig, tcpdump<br />
- Use MRTG to keep track <strong>of</strong> the above system and network information and status<br />
References:<br />
MRTG<br />
http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html<br />
SNMP network management<br />
By Simoneau, Paul; McGraw-Hill; ISBN:0079130755<br />
Practical Guide to Snmpv3 and Network Management<br />
By David Zeltserman, Dave Zeltserman; Prentice Hall; ISBN: 0130214531<br />
14
Week #10-12 Network Security (3 weeks)<br />
- Hacking Techniques<br />
- Try the following hacking tools<br />
DDOS, Buffer Overflow, Sniffer, Port Scanner<br />
- Firewall Setting<br />
- Setting up access list in IP filtering<br />
- Setting up TCP wrapper<br />
- Setting up gateway and proxy servers<br />
- Intrusion Detection<br />
- Setting up system and network log<br />
- Setting up alert system<br />
- Tools: COPS, Tripewire, Tigers, tcpdump<br />
References:<br />
Smashing The Stack For Fun And Pr<strong>of</strong>it<br />
http://phrack.infonexus.com/search.phtml?view&article=p49-14<br />
Linux IPCHAINS-HOWTO<br />
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html<br />
Linux Firewall and Proxy <strong>Server</strong> HOWTO<br />
http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html<br />
Linux Firewalls<br />
By Robert L. Ziegler; New Riders Publishing; ISBN: 0-7357-0900-9<br />
Building Internet Firewalls<br />
By D. Brent Chapman & Elizabeth D. Zwicky; O'Reilly ISBN 1-56592-124-0<br />
Practical UNIX & Internet Security<br />
By Simson Garfinkel & Gene Spafford; O'Reilly ISBN 1-56592-148-8<br />
Network Intrusion Detection: An Analysts' Handbook<br />
By Stephen Northcutt, Stephen Northcult; New Riders Publishing; ISBN: 0735708681<br />
15