The Virtual Bookcase Reviews of 'Stealing the Network: How to Own the Box':
Reviewer Rob Slade wrote:
Like the subsequent "Stealing the Network: How to Own a Continent"
), this is a work that uses fiction to try to
demonstrate some of the techniques and dangers involved in computer
intrusion. In this case, the individual stories stand alone, rather
than being tied in a narrative thread, no matter how tenuous.
Chapter one outlines standard discovery and enumeration. It is very
difficult to say what chapter two is about: it mentions worm
operations and disassembly, but also has a great deal of irrelevant
narrative. A grab bag of industrial espionage makes up chapter three,
mostly to do with physical access. Standard intrusion, with a minor
in printers, makes up the thread in chapter four.
Chapter five notes the more difficult task of directed intrusion. The
dangers of wireless LANs are reviewed in chapter six. Chapter seven
deals primarily with social engineering. The gathering of information
from publicly available sources is outlined in chapter eight, which
also examines physical social engineering. Chapter nine is entitled
"BabelNet," and this is oddly appropriate in view of the perplexing
narrative, but there are some interesting ideas about net scanning and
mapping. Network forensic tracking of an intruder is explained in
chapter ten. Final advice on security is listed in an appendix.
The book is fiction, and therefore (in most places) easier to read
than a technical work. It does provide some indication of the
possibilities of intrusions. Personally, I didn't find it either as
interesting or as useful as "How to Own the Continent," but I can't
find really solid reasons why.
copyright Robert M. Slade, 2005
Add my review for Stealing the Network: How to Own the Box
(Syngress Publishing) Combines fictional stories with real technology. Provides a glimpse into the creative minds of some of today's best hackers. Softcover. Book Info
(Syngress Publishing) Combines fictional stories with real technology. Provides a glimpse into the creative minds of some of today's best hackers. Softcover.
From the Publisher
In the real world, hackers go after the "low-hanging fruit." They take the least risk and go for the greatest reward. They often act alone or in small groups. They dont have government funding or belong to world criminal organizations. What they do have is spare time and a lot of curiosity, and believe me, hacking takes a lot of time. Some of the best hackers spend months working on one exploit. At the end of all that work, the exploit may turn out to not be reliable or to not to function at all! Breaking into a site is the same way. Hackers may spend weeks performing reconnaissance on a site, only to find out there is no practical way in, so its back to the drawing board. In movies, Hollywood tends to gloss over this fact about the time involved in hacking. Who wants to watch while a hacker does research and test bugs for weeks? Its not a visual activity like watching bank robbers in action, and its not something the public has experience with and can relate to. In the movie "Hackers," the director tried to get around this by using a visual montage and some time- lapse effects. In "Swordfish," hacking is portrayed by drinking wine to become inspired to visually build a virus in one night. One of the oldest hacking movies, War Games, is the closest to reality on the big screen. In that movie, the main character spends considerable time doing research on his target, tries a variety of approaches to breaking in, and in the end, is noticed and pursued. But what if
? What would happen if the attackers were highly motivated and highly skilled? What if they had the guts and skills to perform sophisticated attacks? After a few drinks, these authors of the book you are holding in your hands are/were quick to speculate on what would be possible. Now, they have taken the time and effort to create ten stories exploring just what it would take to own the network.
About the Author
Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya's Enterprise Security Practice, where he works on large-scale security infrastructure. Dan's experience includes two years at Cisco Systems, designing security infrastructure for cross-organization network monitoring systems, and he is best known for his work on the ultra-fast port scanner, scanrand, part of the "Paketto Keiretsu," a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. FX of Phenoelit has spent the better part of the last few years becoming familiar with the security issues faced by the foundation of the Internet, including protocol based attacks and exploitation of Cisco routers. He has presented the results of his work at several conferences, including DefCon, Black Hat Briefings, and the Chaos Communication Congress. Mark Burnett is an independent security consultant, freelance writer, and a specialist in securing Windows-based IIS Web servers. Mark is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). Joe Grand is the President and CEO of Grand Idea Studio, Inc., a product design and development firm that brings unique inventions to market through intellectual property licensing. As an electrical engineer, many of his creations including consumer devices, medical products, video games and toys, are sold worldwide. A recognized name in computer security and former member of the legendary hacker think-tank, The L0pht, Joes pioneering research on product design and analysis, mobile devices, and digital forensics is published in various industry journals. Ido Dubrawsky (CCNA, CCDA, SCSA) is a Network Security Architect working in the SAFE architecture group of Cisco Systems, Inc. His responsibilities include research into network security design and implementation. Paul Craig is a network administrator for a major broadcasting company in New Zealand. He has experience securing a great variety of networks and operating systems. Paul has also done extensive research and development in digital rights management (DRM) and copy protection systems. Ken Pfeil is a Senior Security Consultant with Avaya's Enterprise Security Consulting Practice, based in New York. Ken's IT and security experience spans over 18 years with companies such as Microsoft, Dell, Identix and Merrill Lynch in strategic positions ranging from Systems Technical Architect to Chief Security Officer. While at Microsoft, Ken co-authored Microsoft's Best Practices for Enterprise Security white paper series, was a technical contributor to the MCSE Exam, Designing Security for Windows 2000 and official curriculum for the same. Timothy Mullen is CIO and Chief Software Architect for AnchorIS, a developer of secure enterprise-based accounting solutions. Mullen is also a columnist for Security Focus' Microsoft Focus section, and a regular contributor of InFocus technical articles. Also known as Thor, he is the founder of the "Hammer of God" security coop group. Ryan Russell has worked in the IT field for over 13 years, focusing on information security for the last seven. He was the primary author of Hack Proofing Your Network: Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6), and is a frequent technical editor for the Hack Proofing series of books. Ryan founded the vuln-dev mailing list, and moderated it for three years under the alias "Blue Boar." Ryan is the Director of Software Engineering for AnchorIS, where he's developing the anti-worm product, Enforcer.