Hacking Exposed. Network Security Secrets and Solutions. (Consumer One-Off) [Englisch] [Taschenbuch]

I am a senior engineer for network security operations. I've read and reviewed every edition of the "Hacking Exposed" series since the 1999 original. "Hacking Exposed" is a winner; the authors' powerful example-driven style teaches the tools and tactics of vulnerability assessment and penetration testing. Nevertheless, I've compared this third edition to its "Hacking Linux" and "Hacking Windows 2000" cousins, and I believe the authors should rethink their goals for the "Hacking Exposed" series.

"Hacking Exposed, Third Edition" (HE:3E) describes techniques to attack and defend a wide variety of network assets: Microsoft products (9x, ME, NT, 2000, XP), UNIX variants, Novell's NOS, routers, PBXs, firewalls, and so on. Weaknesses in individual applications are explained, with attention given to remote control tools (VNC, Windows Terminal Server, PCAnywhere), Web technologies (IIS, ColdFusion, ActiveX, Java), and file sharing/chat systems (Napster, IRC). Readers are unlikely to find so many topics given fairly thorough coverage in a single volume.

Unfortunately, at 727 pages, HE:3E has gained too much weight. The 1999 first edition offered 484 pages, and the 2001 (yes, 2001) second edition gave 703 pages. While the authors should be credited for not simply copying and pasting material from their 2001 edition of "Hacking Exposed: Windows 2000," many of the same topics appear in both books. Furthermore, some subjects are redundantly described within HE:3E. For example, why rehash port redirection and rootkits in chapter 14 when they were adequately covered in earlier sections?

I strongly recommend the authors remove the UNIX- and Windows-specific material from a future fourth edition of "Hacking Exposed," directing readers to "Hacking Linux" and "Hacking Windows" when necessary. The authors should briefly describe general UNIX and Windows vulnerabilities in "HE:4E," and devote most of the book to their methodology and systems not covered in other books. This overhaul will give the authors a chance to remove some dated material from "Hacking Exposed," like a reference to ISS RealSecure v3.0 (6.0 is now in use).

I recommend readers who have not read previous "Hacking Exposed" titles buy this book. Despite my concerns, I still learned something new (wireless issues, format string vulnerabilities) and re-acquainted myself with material mentioned in earlier editions (RIP spoofing, enumeration techniques). If you've read "Hacking Exposed, Second Edition," wait for a revamped fourth edition.

(Disclaimer: I received a free review copy from the publisher.)

It's been nearly two years since I reviewed "Hacking Exposed: 3rd Ed" (HE:3E). Since then I've joined Foundstone and contributed the case study on pages 2-7 in "Hacking Exposed: 4th Ed" (HE:4E), on a non-royalty basis. Since my review could still be seen as being biased, I'll mainly discuss changes between HE:3E and HE:4E.

The most noticeable change is the reorganization of the Windows-specific chapters. HE:3E had one 25 page chapter on 9x/ME/XP and two chapters with 172 pages on NT and 2000. HE:4E offers one 22 page chapter on 9x/ME and one 66 page chapter on the "NT family." The authors wisely direct readers to "Hacking Exposed: Windows 2000" and "Hacking Exposed: Web Applications" for more in-depth discussions of attacking Windows. The material in HE:4E is still sufficient to compromise Windows boxes without having to open HE:W2K or HE:WA. This decision allowed HE:4E to grow by only 2 pages since HE:3E. (I criticized HE:3E with a four star review for including too much material best left in topic-specific HE editions.) Pruning the Windows material allows room for a stand-alone wireless hacking chapter in the nitty-gritty HE style, as well as other improvements.

Another major addition to HE:4E is a completely rewritten enumeration chapter. While HE:3E compartmentalized techniques by operating system (Windows, Novell, UNIX), HE:4E offers port-based techniques. For example, if port 179 is open, try BGP-based queries. If port 524 is open or IPX is in use, try Novell attacks. This approach reflects the methods used by assessors who find listening services, and can't be sure what OS is present. The chapter on network devices (ch 9) offers exceptionally devious hacking tricks, such as performing a T-1 "man-in-the-middle" attack.

HE:3E represents a significant upgrade from HE:3E, with nearly two years between the two books. I wasn't happy with the changes between HE:2E and HE:3E, as both were published in 2001. I would like to see HE:5E add a single chapter on attacking Cisco routers, with discussions of the overflows, tunnels, and remote sniffing pioneered by Phenoelit's FX. A chapter on attacking embedded devices and PDAs would be helpful. I recommend following the lead of frequently-updated hardware books like Scott Mueller's "Upgrading and Repairing PCs": print the latest and greatest, and archive the rest to CD-ROM. I think the chapters on Win 9x/ME and Novell could make way for more exciting discussions in HE:5E. Along with Ed Skoudis' "Counter Hack," HE:4E is one of the books I recommend as absolutely essential reading for all security professionals.

I bought this third edition, mostly because of the claims about covering wireless security area. Well, as it turned out, this 'coverage' includes just three lousy pages !!
The book is very like the second edition. No relevant changes are presented, and therefore several issues are now dated.
If you don't already own the second edition, then buy this new third edition, overall, it is a quite comprehensive and useful book. However, if you are looking for a serious wireless security treatment, then you should better try books like ' Hack Proofing Your Wireless Network' or alike.