Book details of 'Hacking Exposed: Network Security Secrets & Solutions, Third Edition'
Shop for this book
As an Amazon Associate I earn from qualifying purchases
Back to shelf Computer security
The Virtual Bookcase Reviews of 'Hacking Exposed: Network Security Secrets & Solutions, Third Edition':
Reviewer amazon.com wrote:
A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols. The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren't impressed, and don't hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. --David Wall Topics covered: Security vulnerabilities of operating systems, applications, and network devices Administrative procedures that will help defeat them Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls --This text refers to an out of print or unavailable edition of this title.
Reviewer Rob Slade wrote:
Yes, I know that this book has the most sales for any security work,
ever. And, for the life of me, I still can't figure out why.
Part one looks at gathering data for an attack. Chapter one discusses
company information that is generally available. However, while it
may alert some to the fact that a lot of information can be obtained
about them, most of the material deals with facts that you either want
to make available, or that you must make available. Some suggested
countermeasures are useful, while others strain the topic, such as the
protection against domain hijacking. Scanning for weaknesses and
loopholes, mostly with individual tools, in this edition, is the topic
of chapter two. Enumeration, or finding weak user accounts and
unprotected system resources (mostly on Windows 2000) is covered in
Part two looks at details of specific systems. Chapter four touches
on Windows 9x. NT gets a fair amount of detail in chapter five, but
such vital and standard topics as disabling the Administrator account
and setting up auditing are barely mentioned. Windows 2000 now has
its own chapter: six. Some common NetWare attacks are listed in
chapter seven. UNIX has the most extensive coverage, in chapter
eight, but it is hardly comprehensive.
Part three deals with network weaknesses. Most of chapter nine
discusses wardialling and dial-up, but there is a brief mention of
Virtual Private Networks (VPN). Some device weaknesses (vendor
specific bugs, that is) are listed in chapter ten. (There is also a
very brief mention of wardriving and detecting wireless networks.)
Firewalls, in chapter eleven, are primarily addressed in terms of
scanning to (for identification) or through. Chapter twelve describes
a few denial of service attacks. (Something has been lost in the
update: a discussion of IP fragmentation attacks refers to "earlier"
material on teardrop that no longer appears in the book.)
Part four looks at software. Chapter thirteen deals with remote
access software in fair detail. Hijacking and backdoors are discussed
in chapter fourteen. Miscellaneous Web site bugs are reviewed in
chapter fifteen. Chapter sixteen is a confusing amalgam of ActiveX
design flaws, Internet Explorer implementation bugs, and random
discussions of malware.
The original preface (which no longer appears in the work) stated that
the book was intended for system administrators, but it did, and still
does, read more like a cookbook for security breaking. The authors
defend themselves against this charge in advance, and certainly "keep
quiet" versus "let it all hang out" is a constant debate in security
circles. However, the attack descriptions are far more detailed than
the countermeasures sections, and many attacks are presented without
any specific protections being mentioned. There are a number of
points in the book that can be helpful in identifying specific
security weaknesses. However, the book can't be comprehensive in that
regard, and what it fails to do is give an overall concept of, or
framework for, security on an ongoing basis. The examples given are
frightening and stimulating, but the authors present them as the
entire picture. In fact, even the picture as presented is not entire.
A number of descriptions given in the book either do not mention, or
gloss over, the fact that, for example, sniffers must be placed on a
local, promiscuous, network, and session hijacking requires that the
attackers somehow get "between" two systems.
On the other hand, the book is quite readable and can give you some
tips. And, I wouldn't mind seeing a few sysadmins a little more
scared than they are at the moment. As long as they don't think that
this is *all* you need to do.
copyright Robert M. Slade, 2000
Add my review for Hacking Exposed: Network Security Secrets & Solutions, Third Edition