The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Hack Proofing Your Network: Internet Tradecraft'

Cover of Hack Proofing Your Network: Internet Tradecraft
TitleHack Proofing Your Network: Internet Tradecraft
Author(s)Ryan Russell, Stace Cunningham
PublishedJanuary 2000
PublisherSyngress Media Inc
Web links for this book
Search at
Wikipedia booksources
Shop for this book

Back to shelf Computer security
Back to shelf Computer networks info for Hack Proofing Your Network: Internet Tradecraft

Score: score: 5.0 *****  Vote for this book

The Virtual Bookcase Reviews of 'Hack Proofing Your Network: Internet Tradecraft':

Reviewer wrote:
Too many network administrators depend on the "big sky" principle of network security--they believe that the large number of Internet-connected machines out there will keep black-hat hackers away. Hack Proofing Your Network: Internet Tradecraft points out that statistics are no defense, and that such an attitude is irresponsible. The book shows steps that you can take to harden your resources against attack. Although most of the material in this book isn't up-to-the-minute (how could it be, when the tactics of attackers change daily), you can discourage hackers by implementing the strategies that it describes. Many antihacking texts assume a fair bit of knowledge, but this one doesn't. Ryan Russell and coauthors explain many terms and concepts, such as traffic sniffing, cryptography, and file differentiation ("diffing"), and the tools that evildoers use to wreak havoc on the systems that they attack--complete with Internet addresses from which you can download them. The book walks you through sample attacks, too, such as hijacking a connection by using a tool called Hunt. Overall, this is a fine introductory-to-intermediate antihacking volume that leads well into more current and advanced resources. You might want to supplement it with two other practical computer-security books: Hacking Exposed catalogues many of the tools that bad guys use, while Network Intrusion Detection helps you analyze security logs and spot attacks in progress. --David Wall Topics covered: Modes of attack, and means of defending against them Political environment governing software and networking Laws and policies springing from that environment Approaches to the problem of breaking into systems or denying their services to legitimate users Spoofing Sniffing Transmission interception Several other popular tactics
Reviewer Rob Slade wrote:
According to the introduction, this book will teach you how to hack, or break into computer systems. With the best of intentions, of course. As it states, if you don't hack your system, who will? The intent is to teach you how to approach security breaking, with a view to finding, and then patching, the holes in your network. Being an educator, and fairly cynical about anyone who tells me something is "safe," I have a lot of sympathy for this position. In theory. The implementation, though, may leave something to be desired. After all, those who are charged with protecting systems generally have other things to do. They have limited resources. They don't have a lot of leisure, or interest, in testing every single piece of software for any possible buffer overflow condition. So security managers may not be all that interested in spending all of their non-existent free time obsessively hacking their own systems. Well, having reviewed the book, and sent off the draft, the lead author, Ryan Russell, informed me that security managers were not the real intended audience. This work was actually aimed at the keeners, those few who *do* really want to get behind the user interface, and poke about in the workings. But it may have some use beyond that rather select crowd. In Russell's own words, this is what you do after you've got good policies in place, and you've got your routine down for applying patches, watching for new vulnerability announcements, and so forth. Part one, rather oddly entitled "Theory and Ideals," seems to concentrate on basic concepts. It also may seem strange that chapter one, called "Politics," starts out by defining "hacker" and other related terms. On the other hand, any text that tries to argue for the social value of criminals and frauds is bound to be considered political. Ultimately, this piece seems to be trying to justify system breaking activities. All the usual arguments are trotted out, and make the normal amount of sense (very little). (I should also point out that this book started life as an electronic text. This is evident in the frequent citations of Web sites in the course of the work. They may support the content in the context of a Web page, but in print they are annoying, since the relevant material is not incorporated into the book.) Chapter two, "Security Laws," is more a set of cliches: what can go wrong will go wrong, security by obscurity doesn't work. Some of them are wrong (passwords can be securely stored with one-way encryption, albeit still at some risk of brute force attacks; and the NSA has goofed on an algorithm), some are naive (the assertion that there is no guaranteed protection against viruses makes no mention of Fred Cohen's work), and most are of questionable utility. The classes of attack listed in chapter three are neither comprehensive nor fully explained. (Most of the space in the chapter is given over to source listings of attack tools.) "Methodologies" seems to be a collection of random thoughts on analysis in chapter four. Part two describes some activities intended to be undertaken on a computer over which you have complete control, mostly related to decryption. Chapter five looks at making small changes to a system, and checking for modifications. This is a useful function in any kind of analysis, but the examples chosen will hardly be of use to sysadmins. The author admits that chapter six really does not explain cryptography, it really only mentions some password cracking tools. Both chapters seven and eight essentially deal with bad data, first in general terms and then in the specific problem of buffer overflows. While the discussion might be of interest to programmers, it is of limited use to security managers. Part three talks about attacks on remote systems. There is a little explanation about sniffing (which requires some level of local access), session hijacking, and spoofing. Chapters twelve and thirteen list some security holes in server and client software respectively. Oddly, given all the problems in earlier parts of the book, the material on viruses and malware, in chapter fourteen, isn't too bad. It's not great, it displays too much virus code to very little effect, and has a few holes, but it is generally better than the stuff found in standard security texts, and stands out above the rest of the book. Part four contains a single chapter. Although the titular subject is reporting, most of the material promotes the concept of "full disclosure." This is the tenet that security is best served by having all security loopholes disclosed. The discussion does take a fairly responsible tack, recommending that vendors be contacted first, and allowed some time to fix the problem, before the vulnerability or exploit is released to the public. The text is fairly reasonable, although is does contain the full text of a number of email exchanges which add little to the debate. The remaining pages concentrate on the importance of continual study in the security field. The people who have contributed to this book are a step above the usual "wannabes" who tend to write "hacker" security books. The information presented is also somewhat more reliable, and covers a broader range. However, both the thesis and the execution of the work contain flaws. The material still seems more interested in justifying security breaking expeditions than in giving the security administrator a complete and useful reference for protection. Errors, while less rampant than in other, similar texts, are still too common for the content to be considered really dependable. In particular, basic concepts are too quickly dismissed in the eagerness to pass along news of the latest "cool tool." Experienced security managers may find some helpful recent data in this volume, but probably already have resources of their own. Newcomers to the field are advised not to rely too heavily on this as a single source of knowledge. As noted, though, the authors were not really writing for managers or novices. For software engineers, programmers, and testers, there is possibly more utility. Those doing sophisticated software evaluations, and particularly those with sufficient resources to really "test to destruction," might get the most out of the book, especially considering the concentration on breaking, rather than fixing. Still, some research in the RISKS and BUGTRAQ archives would likely get you just as much. copyright Robert M. Slade, 2000
Add my review for Hack Proofing Your Network: Internet Tradecraft

Book description:

If you don't hack your systems, who will? One of the reasons I put this book project together is that I believe security professionals should be hackers. In this case, by hackers, I mean people who are capable of defeating security measures. This book purports to teach people how to be hackers. In reality, most of the people who buy this book will do so because they want to protect their own systems and those of their employer. So, how can you prevent break-ins to your system if you don?t know how they are accomplished? How do you test your security measures? How do you make a judgment about how secure a new system is? When you?re through reading Hack Proofing Your Network, you?ll understand terms like ?smashing the stack,? ?blind spoofing,? ?building a backward bridge,? ?steganography,? ?buffer overflow? and you?ll see why you need to worry about them. You will learn how to protect your servers from attacks by using a 5-step approach: 1. Planning 2. Network/Machine Recon 3. Research/Develop 4. Execute Attack and Achieve Goal 5. Cleanup And you?ll understand the theory of hacking, how to fend off local and remote attacks, and how to report and evaluate security problems. The Only Way to Stop a Hacker Is to Think Like One. ---Ryan Russell, Hack Proofing Your Network

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (120)
Cars and driving (53)
Cartoons (45)
Children's books (180)
Computer (475)
Computer history/fun (113)
Computer networks (382)
Computer programming (215)
Computer security (272)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (71)
History (138)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (85)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (56)
Technology (14)
Travel guides (308)
War and weapons (29)
World Wide Web (213)
Zen (5)
Other books (89)

The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail
Site credits
Copyright © 2000-2017 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement