Joel Scambray (Author)
George Kurtz (Author
"This is the book to use for penetration testing and analysis"
By Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
Hardly a week goes by that CNN does not report a high-profile Web site being defiled or an e-commerce site being penetrated. While most people know why these incidents occurred, Hacking Exposed explains how they occurred and, more important, how to prevent them from occurring.
The cover of Hacking Exposed announces that "Network security is Y2K without the deadline." That alarmist statement, however, is the only hype in the book. The work is packed with real-world examples and links to tools needed to assess the security of any type of client/server and Web system. As they detail the myriad vulnerabilities in different types of systems, the authors provide countermeasures for each of them.
Well organized, the book progresses in an orderly fashion. It methodically goes through the process of exploiting a target to penetrate a system--from identification and enumeration to actual penetration. The authors provide detailed instructions and explanations for many security features and flaws in Unix, Linux, Windows, NetWare, routers, firewalls, and more. Topics covered include state-of-the-art computer and network penetration, as viewed by both the attacker and the defender; remote system identification; vulnerability identification; war dialers; firewall circumvention; and denial-of-service attacks. An appendix explores the security characteristics of Windows 2000.
Some may argue that books such as this one only serve to motivate and educate hackers. The truth is that hackers are already aware of the book's contents. This book is designed for system administrators and managers who need to know their systems' risks and vulnerabilities and how to address them. When they are done with this book, system administrators and managers will be familiar with such critical topics as back channels, port redirection, banner grabbing, and buffer overflows. Hacking Exposed is a must-read for anyone who wants to know what is really happening on their network....
Editorial Reviews
A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.
The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren't impressed, and don't hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. --David Wall
Topics covered:
- Security vulnerabilities of operating systems, applications, and network devices
- Administrative procedures that will help defeat them
- Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix
- Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls
... Hacking Exposed, the seminal book on white-hat hacking and countermeasures. Hacking Exposed (www.hackingexposed.com) is now in its second edition, and should be required reading for anyone with a server or a network to secure. (Bill Machrone, VP, Technology for ZiffDavis Media) (PC Magazine )
>> read more...
No comments:
Post a Comment