The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first. | |
 |
Home Recent reviews Collected book news Welcome to this site Add your own book |
Book details of 'Maximum Security'
| Title | Maximum Security |
| Author(s) | Anonymous, Sams Publishing |
| ISBN | 0672313413 |
| Language | English |
| Published | September 1998 |
| Publisher | SAMS |
Back to shelf Computer security
Amazon.com info for Maximum Security
Score:
Vote for this bookThe Virtual Bookcase Reviews of 'Maximum Security':
Reviewer amazon.com wrote:This book is written for system administrators who need to know how to keep their systems secure from unauthorized use. The anonymous author takes a hacker's view of various systems, focusing on how the system can be cracked and how you can secure the vulnerable areas. The book makes it clear from the outset that you cannot rely on commercial software for security. Some of it is flawed, and even the best of it has to be used correctly to provide even the most basic security measures. The author scrutinizes such operating systems as Microsoft Windows, Unix, Novell, and Macintosh. He details many of the tools crackers use to attack the system, including several that have legitimate uses for system administration. Rather than merely cataloging areas of risk and showing how various flaws can be exploited, the author makes every effort to show how security holes can be avoided and remedied. Maximum Security tells you which software to avoid and then details which security tools are invaluable, providing the URLs necessary to acquire them. An enclosed CD-ROM provides links to many of the tools and resources discussed in the book. The CD-ROM also leads you to several online documents where you can learn more about Internet security in general and specifics for securing your own site.
Reviewer Rob Slade wrote:
Rather loudly promoted on the net these days, the major selling point of this book is that it was written "by an experienced hacker." Supposedly one who spent some time as a guest of Uncle Sam for fiddling bank machines. (Some of what we are told about the author does not fit with the contents of the book, but then, as an old professional paranoid, I may be unduly suspicious.) Leaving aside questions of morality and definitions of the term "hacker," let us merely observe that these people are the gnostics. They are the devotees of the hidden, esoteric, and arcane knowledge. Such knowledge, of course, is cheapened and weakened by being revealed. Which may explain a certain reticence on a number of points in the first edition of the book. The introduction to that edition made it fairly clear: Anonymous assumed that if you did not work diligently at his direction you did not deserve to secure your system. One could almost feel his glee at the expectation that thousands of sysadmins around the world were wracking their brains and flooding Usenet with discussions of the significance of his clues to the vital encrypted message he had hidden on the CD-ROM. The riddle, and that attitude, seem to have been removed from this second edition. The author tacitly admits that the first was a bit of a kludge: he says that it was written in haste. He also states that the second edition is more "solution oriented." It could hardly have been less. Be that as it may, the book is, as the author states, essentially completely rewritten. It has been much improved in the process, moving up from truly awful to merely mediocre. The new version provides a good deal of reference information, although assessing the quality of that information is left as an exercise to the reader. The section on viruses is an overview of the book in miniature. The hype has been toned down, and the explanation of how viruses work is much more reasonable. However, it still insists that "destruction" is the major characteristic of a virus. (There is, later, an admission that "[m]ost viruses do not actually destroy data.") We are treated to the old myth that virus researchers write viruses as a kind of job security. While a general background to viruses is provided, there is no discussion of protection options. However, there are more listings of antiviral programs and resource sites than there are for virus creation programs. Many topics within the text have lists of books and Web sites for further study, and there is one for viruses that includes three of the four tomes recommended by the VIRUS-L FAQ. Unfortunately, it also contains some lesser works, and there are no annotations to the bibliography. Part one is simply two chapters of introduction to the book. A somewhat limited overview to security concepts is given in part two, concentrating on the Internet. Chapters look at the Internet, TCP/IP basics, hackers and crackers, targets, possibilities of fights over the net, and very brief data security primer. Various types of security and attack software are outlined in part three. There is consideration of malicious software, security weakness scanners, password crackers, trojans, network packet sniffers, firewalls, and audit software. Part four looks at specific operating systems: Windows, UNIX, Novell, VMS, and Macintosh. Two chapters look at very basic security requirements in part five. Network based attacks are discussed in part six, reviewing levels of attack, spoofing, telnet, scripting languages and extensions, and hiding of identity. Different types of resources and references are contained in appendices. (I was disappointed in the loss of a chapter on laws in various countries until I found it had been moved back here.) If you don't know security, this book is probably not going to teach it to you. On the other hand, if you work with security, you may find that some of the resources listed here are things that you want to explore. For the novice it isn't altogether reliable, but for the professional it is at least worth looking at. copyright Robert M. Slade, 1998
Add my review for Maximum Security