Amazon.co.uk
Endorsed by no less than the hacker god, Kevin Mitnick, himself,
Hack Proofing Your Network is a collaborative work, with contributions from a dozen or so network security experts, many of whom were prominent in the hacking community until fairly recently. Now these poachers have turned gamekeeper and are selling their expertise to corporate networks anxious to prevent people like them from hacking their systems.
The book is based on the rather shaky premise that you need a thief to catch a thief and so the best way to make sure your network security is up to scratch is to use "real world" hacking techniques to test it. To this end the book covers a wide remit, covering such areas as the hacker psyche, classes of attack, cryptography, buffer overflows, remote attacks, spoofing and viruses. The book is littered with fragments of sample hacking code, backed with URLs for hacking "resources". There is even a line-by-line analysis of the Melissa worm. Unfortunately, while there are plenty of examples of hacking code and tricks, the book is suspiciously light on measures you could take to prevent such attacks.
Overall, the book suffers from a lack of structure, being constructed from a large collection of hacker "nuggets" and this, coupled with the large number of authors makes Hack Proofing a rather bitty concoction, occasionally lacking coherence.
Whether the book will give you useful insights in to tightening security depends on your attitude to "ethical hackers". If you favour the concept, then this book will undoubtedly help you get inside the mind of the hacker and the tools they use. If you don't, then you will view this book as a thinly disguised Hacker's Handbook. --Roger Gann
Amazon.com
Too many network administrators depend on the "big sky" principle of network security--they believe that the large number of Internet-connected machines out there will keep black-hat hackers away.
Hack Proofing Your Network: Internet Tradecraft points out that statistics are no defense, and that such an attitude is irresponsible. The book shows steps that you can take to harden your resources against attack. Although most of the material in this book isn't up-to-the-minute (how could it be, when the tactics of attackers change daily), you can discourage hackers by implementing the strategies that it describes.
Many antihacking texts assume a fair bit of knowledge, but this one doesn't. Ryan Russell and coauthors explain many terms and concepts, such as traffic sniffing, cryptography, and file differentiation ("diffing"), and the tools that evildoers use to wreak havoc on the systems that they attack--complete with Internet addresses from which you can download them. The book walks you through sample attacks, too, such as hijacking a connection by using a tool called Hunt. Overall, this is a fine introductory-to-intermediate antihacking volume that leads well into more current and advanced resources. You might want to supplement it with two other practical computer-security books: Hacking Exposed catalogues many of the tools that bad guys use, while Network Intrusion Detection helps you analyze security logs and spot attacks in progress. --David Wall
Topics covered:
- Modes of attack, and means of defending against them
- Political environment governing software and networking
- Laws and policies springing from that environment
- Approaches to the problem of breaking into systems or denying their services to legitimate users
- Spoofing
- Sniffing
- Transmission interception
- Several other popular tactics
