Vous voulez voir cette page en français ? Cliquez ici.

Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses [Paperback]

Edward Skoudis
4.9 out of 5 stars  See all reviews (23 customer reviews)

Available from these sellers.

Save Up to 90% on Textbooks
Hit the books in Amazon.ca's Textbook Store and save up to 90% on used textbooks and 35% on new textbooks. Learn more.
There is a newer edition of this item:
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition) Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition) 4.0 out of 5 stars (2)
CDN$ 52.91
In Stock.
Join Amazon Student in Canada

Book Description

July 23 2001 0130332739 978-0130332738 1
This informal, step-by-step guide will empower every network and system administrator to defend their network assets, whether or not they have security experience. It covers both Unix and Windows platforms, presenting in-depth descriptions of the inner workings of the most destructive hacker tools, and proven, step-by-step countermeasures.

Customers Who Bought This Item Also Bought

Product Details

Product Description

From Amazon

In defending your systems against intruders and other meddlers, a little knowledge can be used to make the bad guys--particularly the more casual among them--seek out softer targets. Counter Hack aims to provide its readers with enough knowledge to toughen their Unix and Microsoft Windows systems against attacks in general, and with specific knowledge of the more common sorts of attacks that can be carried out by relatively unskilled "script kiddies". The approach author Ed Skoudis has chosen is effective, in that his readers accumulate the knowledge they need and generally enjoy the process.

The best part of this book may be two chapters, one each for Windows and Unix, which explain the essential security terms, conventions, procedures and behaviours of each operating system. This is the sort of information that readers need--a Unix person getting into Windows administration for the first time needs an introduction to the Microsoft security scheme, and vice versa. A third chapter explains TCP/IP with focus on security. With that groundwork in place, Skoudis explains how (with emphasis on tools) attackers look for vulnerabilities in systems, gain access and maintain their access for periods of time without being discovered. You'll probably want to search online resources for more specific information--Skoudis refers to several--but this book by itself will provide you with the vocabulary and foundation knowledge you need to get the details you want. --David Wall

Topics covered: How black-hat hackers work, what tools and techniques they use, and how to assess and improve your systems' defences. The author explains how Windows, Unix, and TCP/IP can be exploited for nefarious purposes and details a modus operandi that's typical of the bad guys.

From the Inside Flap


My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 a.m., New Year's Day. Needless to say, I hadn't gotten very much sleep that night.

I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues.

"We've been hacked big time!" Fred shouted, far too loudly for this time of the morning.

I rubbed my eyes to try to gain a little coherence.

"How do you know they got in? What did they do?" I asked.

Fred replied, "They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!"

I asked, "How did they get in? Have you checked out the logs?"

Fred stuttered, "W-Well, we don't do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files."

"Have you applied the latest security fixes from your operating system vendor to your machines?" I asked, trying to learn a little more about Fred's security posture.

Fred responded with hesitation, "We apply security patches every three months. The last time we deployed fixes was?um?two-and-a-half months ago."

I scratched my aching head and said, "Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any RootKits? Have you checked the consistency of critical files on the system?"

"You know, I was planning to install something like Tripwire, but just never got around to it," Fred admitted.

I quietly sighed and said, "OK. Just remain calm. I'll be right over so we can start to analyze your machines."

You clearly don't want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4 a.m. on New Year's Day. While I've changed Fred's name to protect the innocent, this situation actually occurred. Fred's organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, many organizations find themselves in the same state of information security unpreparedness.

But the situation goes beyond these security basics. Even if you've implemented all of the controls discussed in my Fred narrative above, there are a variety of other tips and tricks you can use to defend your systems. Sure, you may apply security patches, use a file integrity checking tool, and have adequate logging, but have you recently looked for unsecured modems? Or, how about activating port-level security on the switches in your critical network segments to prevent powerful, new active sniffing attacks? Have you considered implementing non-executable stacks to prevent one of the most common types of attacks today, the stack-based buffer overflow? Are you ready for kernel-level RootKits? If you want to learn more about these topics and more, please read on.

As we will see throughout the book, computer attacks happen each and every day, with increasing virulence. To create a good defense, you must understand the offensive techniques of your adversaries. In my career as a system penetration tester, incident response team member, and information security architect, I've seen numerous types of attacks ranging from simple scanning by clueless kids to elite attacks sponsored by the criminal underground. This book boils down the common and most damaging elements from these real-world attacks, while offering specific advice on how you can proactively avoid such trouble from your adversaries. We'll zoom in on how computer attackers conduct their activities, looking at each step of their process so we can implement in-depth defenses.

The book is designed for system administrators, network administrators, and security professionals, as well as others who want to learn how computer attackers do their magic and how to stop them. The offensive and defensive techniques laid out in the book apply to all types of organizations using computers and networks today, including enterprises and service providers, ranging in size from small to gigantic.

Computer attackers are marvelous at sharing information with each other about how to attack your infrastructure. Their efficiency at information dissemination about victims can be ruthless. It is my hope that this book can help to even the score, by sharing practical advice about how to defend your computing environment from the bad guys. By applying the defenses from this book, you can greatly improve your computer security and, perhaps, we'll both be able to sleep in late next New Year's Day.

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

4.9 out of 5 stars
4.9 out of 5 stars
Most helpful customer reviews
Most recent customer reviews
5.0 out of 5 stars Excellent Book, Easy to Read, Practical & Resourceful
Overall, highly recommended, it's a no doubt five stars quality book. Even though I borrowed this book from library, I just place an order to purchase my own copy. Read more
Published on Feb. 24 2004 by Otto Yuen
5.0 out of 5 stars Great, if a bit dated in 2003
I got a copy back in November 2001, but the book still deserves all the praise. It simply shows that a well-written infosec book doesn't have to be "fresh" or to be in... Read more
Published on May 6 2003 by Dr Anton Chuvakin
5.0 out of 5 stars Excelent
Good book dinamic and simple. it does not use complicated words and easy to fallow.
Published on March 7 2003 by pretty rosa
5.0 out of 5 stars A superb hack/cracking book
I am an MCSE who recently inherited several Linux machines do to downsizing at my company. I purchased several books to help me shore up my unix security knowledge. Read more
Published on Jan. 5 2003 by Nicky Boran
3.0 out of 5 stars Good book for novices.
After reading the introduction chapter, you get excited and think that this book might actually be some what different than any other hacking book on the market. Read more
Published on Dec 16 2002 by Nigel J Clarke
5.0 out of 5 stars Hacking demystified
This book really exposes what hacking is all about. It takes the mystery out of how attackers actually penetrate systems and the tools that they used. Read more
Published on Sept. 12 2002
5.0 out of 5 stars worth the money
Akhou sha7ta,this easy-to-use, step-by-step guide will empower network and system administrators to defend their information and computing assets-whether or not they have security... Read more
Published on June 1 2002 by tony dagher
5.0 out of 5 stars It's Great & I'm Not Done Yet
I decided to purchase this book based in large part on the fact that all the reviews at the time I was shopping gave it 5 stars. Read more
Published on May 16 2002 by Gary
5.0 out of 5 stars Great!
This is a great book, extremely useful to anyone interested in knowing how computer attacks are done - and the tools available on the market. Read more
Published on April 28 2002 by Cyrus Wekesa
5.0 out of 5 stars Excellent and an easily readable security book
Counter Hack is a great book overall. It encapsulates all that should be a good technical book. It's easy to read, easy to follow, contains lots of useful information, and... Read more
Published on Feb. 17 2002 by sporkdude
Search Customer Reviews
Only search this product's reviews

Look for similar items by category