BKHCKEXP.RVW 20020911 "Hacking Exposed", Stuart McClure/Joel Scambray/George Kurtz, 2001, 0-07-219381-6, U$49.99 %A Stuart McClure stuart@hackingexposed.com %A Joel Scambray joel@hackingexposed.com %A George Kurtz george@hackingexposed.com %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2001 %G 0-07-219381-6 %I McGraw-Hill Ryerson/Osborne %O U$49.99 905-430-5000 fax: 905-430-5020 %P 729 p. + CD-ROM %T "Hacking Exposed: Network Security Secrets and Solutions, 3rd Ed" Yes, I know that this book has the most sales for any security work, ever. And, for the life of me, I still can't figure out why. Part one looks at gathering data for an attack. Chapter one discusses company information that is generally available. However, while it may alert some to the fact that a lot of information can be obtained about them, most of the material deals with facts that you either want to make available, or that you must make available. Some suggested countermeasures are useful, while others strain the topic, such as the protection against domain hijacking. Scanning for weaknesses and loopholes, mostly with individual tools, in this edition, is the topic of chapter two. Enumeration, or finding weak user accounts and unprotected system resources (mostly on Windows 2000) is covered in chapter three. Part two looks at details of specific systems. Chapter four touches on Windows 9x. NT gets a fair amount of detail in chapter five, but such vital and standard topics as disabling the Administrator account and setting up auditing are barely mentioned. Windows 2000 now has its own chapter: six. Some common NetWare attacks are listed in chapter seven. UNIX has the most extensive coverage, in chapter eight, but it is hardly comprehensive. Part three deals with network weaknesses. Most of chapter nine discusses wardialling and dial-up, but there is a brief mention of Virtual Private Networks (VPN). Some device weaknesses (vendor specific bugs, that is) are listed in chapter ten. (There is also a very brief mention of wardriving and detecting wireless networks.) Firewalls, in chapter eleven, are primarily addressed in terms of scanning to (for identification) or through. Chapter twelve describes a few denial of service attacks. (Something has been lost in the update: a discussion of IP fragmentation attacks refers to "earlier" material on teardrop that no longer appears in the book.) Part four looks at software. Chapter thirteen deals with remote access software in fair detail. Hijacking and backdoors are discussed in chapter fourteen. Miscellaneous Web site bugs are reviewed in chapter fifteen. Chapter sixteen is a confusing amalgam of ActiveX design flaws, Internet Explorer implementation bugs, and random discussions of malware. The original preface (which no longer appears in the work) stated that the book was intended for system administrators, but it did, and still does, read more like a cookbook for security breaking. The authors defend themselves against this charge in advance, and certainly "keep quiet" versus "let it all hang out" is a constant debate in security circles. However, the attack descriptions are far more detailed than the countermeasures sections, and many attacks are presented without any specific protections being mentioned. There are a number of points in the book that can be helpful in identifying specific security weaknesses. However, the book can't be comprehensive in that regard, and what it fails to do is give an overall concept of, or framework for, security on an ongoing basis. The examples given are frightening and stimulating, but the authors present them as the entire picture. In fact, even the picture as presented is not entire. A number of descriptions given in the book either do not mention, or gloss over, the fact that, for example, sniffers must be placed on a local, promiscuous, network, and session hijacking requires that the attackers somehow get "between" two systems. On the other hand, the book is quite readable and can give you some tips. And, I wouldn't mind seeing a few sysadmins a little more scared than they are at the moment. As long as they don't think that this is *all* you need to do. copyright Robert M. Slade, 2000, 2002 BKHCKEXP.RVW 20020911

- ,