BKCNTRHK.RVW 20011023 "Counter Hack", Ed Skoulis, 2002, 0-13-033273-9, U$49.99/C$75.00 %A Ed Skoulis %C One Lake St., Upper Saddle River, NJ 07458 %D 2002 %G 0-13-033273-9 %I Prentice Hall %O U$49.99/C$75.00 800-576-3800 416-293-3621 %P 564 p. %T "Counter Hack" Chapter one, as in many texts, is an introduction to the book, but is unusually important in this case. First, Skoulis lays out the philosophy behind the work. While the text of the book does concentrate on attacks, the author points out that invaders already have other sources of information. Further, Skoulis proposes that a detailed, complete, and integrated examination of representative samples of classes of attacks will provide an outline of defensive measures that can protect against a wide variety of assaults. A second point in this introduction is a brief examination of the character of attackers. Skoulis does point out that those who attempt to penetrate computer and communications security do so from a diversity of motivations and skill levels. However, he does tend to overstress the participation of "professional hackers," proposing that industrial espionage, terrorism, and organized computer crime activities are common. Certainly such campaigns may become common, making the need for pre-planning even more important, but the vast majority of endeavors we are seeing at present are amateur efforts. Finally, the introduction recommends the establishment of a computer security test laboratory, which is an excellent idea for any large corporation, but probably is not within the financial, personnel, or educational reach of even medium sized businesses. Chapter two provides a background in TCP/IP for the purposes of discussing networking offence and defence. There are frequent forward references to later sections of the book that deal with network attacks. The material could, however, have been condensed somewhat to emphasize those aspects of the protocols that are closely related to security. UNIX and Windows (NT and 2000) are similarly covered in chapters three and four, and, again, the text could be tightened up by focusing on safety factors. Chapter five points out the ways in which people can obtain data in order to direct and mount an attack. While the content is informative, and there are a few suggestions for restricting the release of such intelligence, the defensive value of the text is limited. The information gathering process continues in chapter six with war dialling and port scanning. Defences against application and operating system attacks are covered a bit better than in most "hacking" books (there are descriptions of buffer overflow detection tools), but the protective value of chapter seven is still questionable. Chapter eight examines network sniffing, scanning, spoofing, and hijacking. Denial of service is covered well in chapter nine. Various examples of malware are described in chapter ten. Chapter eleven deals with the means used to hide an attack. A number of scenarios are created in chapter twelve. Chapter thirteen describes some resources for keeping up with the latest computer vulnerabilities. Recently there has been a flood of books to the security marketplace, all based on the premise that if you know how to attack a system, you will know how to defend it. Skoulis has done a better job than most, but the thesis is still unproven. Yes, knowledge of the details of an attack does help you fine tune your defence. Yes, providing specifics of an example of a class of attacks does help you consider a protective mechanism that might work against a whole class. Yes, Skoulis does recommend safeguards for most of the attacks listed. But taking a crowbar to a padlock still doesn't teach you locksmith skills. copyright Robert M. Slade, 2001 BKCNTRHK.RVW 20011023