BKHKRCHL.RVW 20020221 "Hacker's Challenge", Mike Schiffman, 2001, 0-07-219384-0, U$29.99 %A Mike Schiffman %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2001 %G 0-07-219384-0 %I McGraw-Hill Ryerson/Osborne %O U$29.99 +1-800-565-5758 +1-905-430-5134 fax: 905-430-5020 %P 355 p. %T "Hacker's Challenge" Initially, I was skeptical of the title, considering the wording to be simply jumping on the current security bandwagon, with "hacker" this and "hacker" that on every bookshelf. In an odd way, however, the title is quite appropriate. This volume contains a series of twenty tests that are supposed to challenge your ability to analyze network data (most of the scenarios are network based) in order to identify and assess intrusions. Unfortunately, there are some problems in the implementation. The book is divided into two parts. First come the twenty scenarios, with varying types and degrees of detail about the problems. Then come twenty "solutions," which are supposed to point out how you should have approached the situation, and what indicators should have tipped you off to the intrusion and intruder. This physical division is rather meaningless: it isn't as if the solutions were short phrases that had to be printed upside down at the bottom of the page so that the reader doesn't inadvertently read the answer to the riddle while thinking about it. There is no reason that the solutions could not immediately follow the stories. Actually, the pieces were written by thirteen different authors, and the amount of detail varies tremendously. Therefore, all the possible mistakes that could be made in a work of this type are represented. Sometimes the audit logs presented to us in the scenario contain the relevant details and very little else, but the explanation is very sparse. In other pieces readers are presented with huge amounts of log data, and the relevant points are lost. There are scenarios which are not complete, and the data necessary to solve the problem is not given until the solution write-up. A few pieces contain almost no data for the reader in the problem section, while the solution presents almost no detection information or forensic exegesis. In one case we are given pages of log data and almost no analysis at all in the solution. There are articles that simply reproduce earlier situations with different characters. One solution makes no sense in terms of the data given in the problem outline. Some pieces are unclear, some simplistic, and some can only be described as misleading. The occasional scenario is written up almost poetically, and isolated solutions do have tutelary explanations of how to read network audit logs. If you are very good at forensic network analysis, you might enjoy pitting yourself against these challenges. Of course, if you are good at forensic network analysis you have more work than you can handle, and no time for games. If you are weak at network analysis, this book doesn't have very much to help you out. copyright Robert M. Slade, 2002 BKHKRCHL.RVW 20020221