review Hacking Exposed

[mea culpa <jericho () DIMENSIONAL COM>]

amazon reviews: http://www.amazon.com/exec/obidos/ISBN=0072121270/insekurityorgA/


Hacking Exposed: Network Security Secrets & Solutions
Stuart McClure, [4]Joel Scambray, [5]George Kurtz
http://www.hackingexposed.com

Paperback - 484 pages (September 1, 1999)
McGraw-Hill ISBN: 0072121270

Since 1991, I have been involved in the security field in one way or
another. Starting as a casual hobby and evolving into a career, it has
been a predominat part of my life. In my spare time I have run a number of
FTP archives, Web sites and participated in many mail lists.  Because of
this, many people seek me out for advice and answers. In all these years,
the most frequently asked question of me has no simple answer. "How do I
hack?" To date I have answered this with a wide variety of responses
depending on how the question was asked, who asked it, and my general
mood.

Lucky for me, I now have a quick and dirty way out of what sometimes
proved to be a three page response to the question. While I have always
maintained (and still do) that hacking can not truly be taught, some
aspects certainly can be. The technical steps behind computer intrusion
can be shared by knowledgeable people, giving a solid foundation for the
steps and procedures required in compromising the security of a system.
That is the goal of this book, and it does it quite well. To those with a
basic understanding of how computers and networks operate, this book will
teach them the basiscs of remote system auditing (also known as controlled
penetration).

The book is divided into four main sections: Casing the Establishment,
System Hacking, Network Hacking, and Software Hacking. Each section is
further divided into seperate chapters which cover various methods of
system intrusion on different platforms. By breaking it down and
seperating information related to Unix and Windows NT, it adds clarity and
avoids confusion between tools and techniques specific to a particular
platform.

In Casing the Establishment, you learn the fine art of remote
reconnaissance of machines on a remote network. To a dedicated security
auditer, remote machines can give away a world of information that aids
them in subsequent attacks. Often times administrators are not aware of
just how much information is shared out. The ability to pick this
information out and use it to your advantage can often make the difference
between gaining access and complete failure.

System Hacking goes into the specific details of breaking into remote
hosts. Covering Windows, Novell and Unix, the authors cover a wide variety
of methods, many of which are lost to newcomers to security auditing.
Readers learn the nuances of brute force attacks, buffer overflows,
symlink attacks and a lot more.

Network Hacking looks at the bigger picture and considers multiple
machines as the intended target. Covering dial-ups, Virtual Private
Networks (VPNs), routers and more, these chapters aim to hit the critical
infrastructure of many networks. Another critical appliance in any
sensitive network is the Firewall. The final chapter in this section gives
several ways to poke holes in the firewall so that it no longer acts as a
complete dead end for you.

Software Hacking delves into details of Denial of Service (DoS)  attacks,
remote access software, and advanced techniques. With more and more
corporations using remote access software, they are finding it is leaving
them wide open to attacks. These software packages are often a security
auditers dream.

To everyone who has ever asked me 'how to hack', or anything to do with
system penetration, start with this book. Read it cover to cover and you
will save yourself a lot of time and effot otherwise wasted with search
engines and outdated text files.


review by: Brian Martin

ISN is sponsored by Security-Focus.COM