The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site

Book details of 'Hacking Exposed: Network Security Secrets & Solutions, Third Edition'

Cover of Hacking Exposed: Network Security Secrets & Solutions, Third Edition
TitleHacking Exposed: Network Security Secrets & Solutions, Third Edition
Author(s)Stuart McClure, Joel Scambray, George Kurtz
PublishedSeptember 2001
PublisherMcGraw-Hill Osborne Media
Web links for this book
Search at
Wikipedia booksources
Shop for this book
As an Amazon Associate I earn from qualifying purchases

Back to shelf Computer security


Vote for this book

The Virtual Bookcase Reviews of 'Hacking Exposed: Network Security Secrets & Solutions, Third Edition':

Reviewer wrote:
A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols. The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren't impressed, and don't hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. --David Wall Topics covered: Security vulnerabilities of operating systems, applications, and network devices Administrative procedures that will help defeat them Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls --This text refers to an out of print or unavailable edition of this title.

Reviewer Rob Slade wrote:
Yes, I know that this book has the most sales for any security work, ever. And, for the life of me, I still can't figure out why. Part one looks at gathering data for an attack. Chapter one discusses company information that is generally available. However, while it may alert some to the fact that a lot of information can be obtained about them, most of the material deals with facts that you either want to make available, or that you must make available. Some suggested countermeasures are useful, while others strain the topic, such as the protection against domain hijacking. Scanning for weaknesses and loopholes, mostly with individual tools, in this edition, is the topic of chapter two. Enumeration, or finding weak user accounts and unprotected system resources (mostly on Windows 2000) is covered in chapter three. Part two looks at details of specific systems. Chapter four touches on Windows 9x. NT gets a fair amount of detail in chapter five, but such vital and standard topics as disabling the Administrator account and setting up auditing are barely mentioned. Windows 2000 now has its own chapter: six. Some common NetWare attacks are listed in chapter seven. UNIX has the most extensive coverage, in chapter eight, but it is hardly comprehensive. Part three deals with network weaknesses. Most of chapter nine discusses wardialling and dial-up, but there is a brief mention of Virtual Private Networks (VPN). Some device weaknesses (vendor specific bugs, that is) are listed in chapter ten. (There is also a very brief mention of wardriving and detecting wireless networks.) Firewalls, in chapter eleven, are primarily addressed in terms of scanning to (for identification) or through. Chapter twelve describes a few denial of service attacks. (Something has been lost in the update: a discussion of IP fragmentation attacks refers to "earlier" material on teardrop that no longer appears in the book.) Part four looks at software. Chapter thirteen deals with remote access software in fair detail. Hijacking and backdoors are discussed in chapter fourteen. Miscellaneous Web site bugs are reviewed in chapter fifteen. Chapter sixteen is a confusing amalgam of ActiveX design flaws, Internet Explorer implementation bugs, and random discussions of malware. The original preface (which no longer appears in the work) stated that the book was intended for system administrators, but it did, and still does, read more like a cookbook for security breaking. The authors defend themselves against this charge in advance, and certainly "keep quiet" versus "let it all hang out" is a constant debate in security circles. However, the attack descriptions are far more detailed than the countermeasures sections, and many attacks are presented without any specific protections being mentioned. There are a number of points in the book that can be helpful in identifying specific security weaknesses. However, the book can't be comprehensive in that regard, and what it fails to do is give an overall concept of, or framework for, security on an ongoing basis. The examples given are frightening and stimulating, but the authors present them as the entire picture. In fact, even the picture as presented is not entire. A number of descriptions given in the book either do not mention, or gloss over, the fact that, for example, sniffers must be placed on a local, promiscuous, network, and session hijacking requires that the attackers somehow get "between" two systems. On the other hand, the book is quite readable and can give you some tips. And, I wouldn't mind seeing a few sysadmins a little more scared than they are at the moment. As long as they don't think that this is *all* you need to do. copyright Robert M. Slade, 2000

Add my review for Hacking Exposed: Network Security Secrets & Solutions, Third Edition

Book description:

The new edition of this powerful best-seller contains a CD-ROM with links to security tools mentioned in the book, key security tools for download from the CD, and a password database. Inside the book, you'll also get all-new security information on 802.11 (Wireless) hacking, Windows XP, Windows.NET Server (code named Whistler), and IIS 5--plus a whole lot more!

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (120)
Cars and driving (53)
Cartoons (45)
Children's books (180)
Computer (475)
Computer history/fun (113)
Computer networks (382)
Computer programming (215)
Computer security (272)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (71)
History (138)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (85)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (56)
Technology (14)
Travel guides (308)
War and weapons (29)
World Wide Web (213)
Zen (5)
Other books (89)

The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail
Site credits
Copyright © 2000-2020 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement