The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Hack Attacks Testing: How to Conduct Your Own Security Audit'

Cover of Hack Attacks Testing: How to Conduct Your Own Security Audit
TitleHack Attacks Testing: How to Conduct Your Own Security Audit
Author(s)John Chirillo
ISBN0471229466
LanguageEnglish
PublishedNovember 2002
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for Hack Attacks Testing: How to Conduct Your Own Security Audit

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Hack Attacks Testing: How to Conduct Your Own Security Audit':

Reviewer Rob Slade wrote:
The description in the introduction seems to indicate that this text might be similar to SATAN (Security Administrator's Tool for Analyzing Networks), in that it explains how to build a set of utilities in order to identify vulnerabilities. As such, there is the possibility that the work is open to a charge of being more useful to attackers than to defenders. Fortunately, the book does not provide a great deal of information that could be used to break into systems. Unfortunately, it doesn't help much with defence, either. Part one is supposed to describe how to build a multisystem "Tiger Box," similar to SATAN, and the overview outlines the components of a penetration test. Chapters one to four, however, simply narrate the installations for Microsoft Windows NT and 2000, Red Hat Linux, Solaris, and Mac OS X, using the installation programs provided. The material is heavy on screen shots, and light on explanations of what is going on and why. There is no provision for specific security testing requirements, or even multiboot systems. Part two lists penetration analysis tools for Microsoft Windows, and the introduction tabulates common vulnerability classes. Chapter five explains how to install the Cerberus Internet scanner, enumerates the possible reports, and gives one (eight page) sample report. Much the same is true for the Cybercop Scanner, Internet Scanner, Security Threat Avoidance Technology (STAT), and TigerSuite products in chapters six through nine. All of these systems do multiple probes and analysis. The description of UNIX and OS X tools, in part three, starts with a twenty page list of UNIX commands. UNIX utilities tend to be more single purpose: hping/2 is for IP spoofing and nmap is for port scanning, but Nessus, SAINT (Security Administrator's Integrated Network Tool), and SARA (Security Auditor Research Assistant) are collections. Part four is entitled "Vulnerability Assessment," but contains only chapter fifteen, which contains checklists for securing various systems, primarily relying on outside sources. Despite the introduction, this book does *not* describe how to set up a "Tiger Box." It lists a few vulnerability scanners and utilities. There is little in the way of help or explanations, and the material seems to be based primarily on product documentation and commonly available guides. The content actually by Chirillo often seems so oddly written that it is difficult to parse any meaning from the text. The book does provide you with a list of vulnerability scanners. But then, so would any decent Web search. copyright Robert M. Slade, 2003
Add my review for Hack Attacks Testing: How to Conduct Your Own Security Audit

Book description:

This book leverages the Hack Attack franchise creating a strong "spin-off" title, unique to the market. There is no literature available that allows the IT professional to perform their own security audit, only expensive contracts to sign for audit companies. It is, however, possible to test your own network security if you have step-by-step guidance and customized software. That's what this book does. It fills the gap in security books by providing detailed information on how to build and operate a "Tiger Box" or security analysis/monitoring system. Covering both Windows and UNIX-in a dual boot configuration--the book covers building and operating your own vulnerability analysis system, using only the top-quality tools available today. The CD contain these tools, demos of, and/or links to the software and interactive virtual simulations of each.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (445)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement