Security Power Tools and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
More Buying Choices
Have one to sell? Sell yours here
Start reading Security Power Tools on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Security Power Tools [Paperback]

Bryan Burns , Dave Killion , Nicolas Beauchesne , Eric Moret , Julien Sobrier , Michael Lynn , Eric Markham , Chris Iezzoni , Philippe Biondi , Jennifer Stisa Granick , Steve Manzuik , Paul Guersch

List Price: CDN$ 71.99
Price: CDN$ 39.46 & FREE Shipping. Details
You Save: CDN$ 32.53 (45%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Want it delivered Tuesday, September 23? Choose One-Day Shipping at checkout.

Formats

Amazon Price New from Used from
Kindle Edition CDN $29.96  
Paperback CDN $39.46  
Save Up to 90% on Textbooks
Hit the books in Amazon.ca's Textbook Store and save up to 90% on used textbooks and 35% on new textbooks. Learn more.
Join Amazon Student in Canada


Book Description

Sept. 6 2007 0596009631 978-0596009632 1

What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.

Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.

Security Power Tools details best practices for:

  • Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation
  • Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes
  • Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux
  • Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing
  • Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes
  • Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg
A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools.

Special Offers and Product Promotions

  • Join Amazon Student in Canada


Customers Who Bought This Item Also Bought


Product Details


Product Description

About the Author

Bryan Burns is the technical editor and general project leader of this book. He is the Chief Security Architect for Juniper Networks with more than a decade of experience in the security networking field and with numerous posts at leading network security companies.All other contributors are security engineers and researchers working at Juniper Networks in various posts both in the security network lab and in the field.

Dave Killion (NSCA, NSCP) is a senior security research engineer with Juniper Networks, Inc. Formerly with the U.S. Army's Information Operations Task Force as an Information Warfare Specialist, he currently researches, develops, and releases signatures for the NetScreen Deep Inspection and Intrusion Detection and Prevention platforms. Dave has also presented at several security conventions including DefCon and ToorCon, with a proof-of-concept network monitoring evasion device in affiliation with several local security interest groups that he helped form. Dave lives south of Silicon Valley with his wife Dawn and two children, Rebecca and Justin.

Nicolas Beauchesne is a network security engineer specializing in network penetration. He has worked with Juniper Networks for the past two years.

Eric Moret is originally from France and lives with his wife and two children in the San Francisco Bay Area. He obtained his Masters degree in Computer Sciences in 1997. He currently works at Juniper Networks where he manages a team dedicated to testing and releasing network protocol decoders for security appliance products. In addition to writing he enjoys traveling the world, photography and, depending on the season, snow boarding the Sierra Nevada or scuba diving Mexican caves.

Julien Sobrier is a network security engineer at Zscaler. He works on the web security in the cloud. He was previously working for Juniper Networks. His experience was on the Intrusion Detection and Preventions systems. He is also the creator of http://safe.mn/, a URL shortener focused on security.

Michael Lynn is a network security engineer at Juniper Networks. He has worked there for the past two years.

Eric Markham is a security engineer. He has been with Juniper Networks for the past five years.

Chris Iezzoni has been a security researcher and signature developer with Juniper's security team for several years.

Philippe Biondi is a research engineer at EADS Innovation Works. He works in the IT security lab, and is the creator of many programs like Scapy or ShellForge.

Jennifer Stisa Granick is the Civil Liberties Director at the Electronic Frontier Foundation. Before EFF, Granick was a Lecturer in Law and Executive Director of the Center for Internet and Society at Stanford Law School where she taught Cyberlaw and Computer Crime Law. She practices in the full spectrum of Internet law issues including computer crime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally.

Before teaching at Stanford, Jennifer spent almost a decade practicing criminal defense law in California. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from the New College of the University of South Florida.

Steve Manzuik has more than 13 thirteen years of experience in the information technology and security industry. Steve founded and was the technical lead for Entrench Technologies. Prior to Entrench, Mr. Manzuik was a manager in Ernst & Young's Security & Technology Solutions practice. Steve co-authored Hack Proofing Your Network, Second Edition (Syngress, 1928994709).

Paul Guersch is a security technical writer and one of the developmental editors of Security Power Tools (O'Reilly). He has been with Juniper Networks for a year and a half.


Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.4 out of 5 stars  13 reviews
20 of 21 people found the following review helpful
4.0 out of 5 stars Everyone will find at least one chapter to like Jan. 17 2008
By Richard Bejtlich - Published on Amazon.com
Format:Paperback
I am probably the first reviewer to have read the vast majority of Security Power Tools (SPT). I do not think the other reviewers are familiar with similar books like Anti-Hacker Toolkit, first published in 2002 and most recently updated in a third edition (AHT3E) in Feb 2006. (I doubt the SPT authors read or even were aware of AHT3E.) SPT has enough original material that I expect at least some of it will appeal to many readers, justifying four stars. On the other hand, a good portion of the material (reviewed previously as "the most up-to-date tools") offers nothing new and in some cases is several years old.

I'll begin with my favorite sections. SPT started very strongly with Jennifer Grannick's chapter on law as it pertains to security issues. She is an excellent writer and I would like to see her create her own book on the same subject. I liked Philippe Biondi's work in Ch 6 (Custom Packet Generation) although his coverage of Scapy (while great) is not for the beginner. (Just try as many examples as you can -- Scapy is cool.) Ch 7 (Metasploit) provided a great discussion of Metasploit 3; I learned quite a bit. I was pleasantly surprised by Ch 15 (Securing Communications). It was very practical. I should mention that some of the chapters appeared to be good, but they were outside my expertise and beyond my skill level. These included Ch 10 (Custom Exploitation), Ch 22 (Application Fuzzing) and Ch 23 (Binary Reverse Engineering). I was initially inclined to skip the section on BO2k in Ch 11 (Backdoors), but I didn't know the tool had been updated in Mar 07 and could be considered "viable" in the age of botnets.

Readers may also like SPT because it mixes coverage of open source and commercial tools. For example, Ch 9 (Exploitation Framework Applications) covers CORE IMPACT and Immunity CANVAS. Ch 3 (Vulnerability Scanning) describes WebInspect. Ch 17 (Device Security Testing) describes Traffic IQ Pro. Other commercial tools are mentioned in SPT but these were covered with more than a cursory overview.

The major problems I had with SPT involved indications of old material and lack of originality. Ch 20 (Host Monitoring) doesn't include any URLs for the tools it mentions. Tool versions are incredibly out-of-date, with references to 2006 or even 2005, despite versions from early 2007 (pre-publication) being available. (Examples: Afick 2.10-1, 17 May 07; Samhain 2.3.4, 1 May 07; Tripware Open Source 2.4.1.2, 18 Apr 07). Ch 19 (Network Monitoring) mentions ACID as a Snort console; BASE replaced ACID in Sep 04! The script to download and update Snort rules uses snortrules.tar.gz, which also (besides not working now) dates it to late 2004. Ch 22 says @Stake's WebProxy is a great tool, but it's been unavailable for several years. Ch 23 mentions SoftIce, but it was discontinued in Apr 06. (Unfortunately the same chapter neglects covering PaiMei "since it will probably change" -- although the Web page lists 22 May 07 as the last update.) Ch 2 (Network Scanning) lists PortSentry, but that tool hasn't been supported since '03 and is now replaced by Mike Rash's Psad. Ch 13 spends a lot of time talking about IPFW as a BSD firewall, even though Pf has been the preferred tool for several years. Ch 5 (Wireless Reconnaissance) seems to ignore that AirPcap is a viable solution for wireless sniffing on Windows. Ch 21 (Forensics) offered absolutely nothing new or advanced.

Overall, you will probably find something to really like about SPT. I would take a much different approach in the future. Trying to coordinate so many authors probably resulted in some authors finishing their sections in late '05 or early '06. They waited until the remainder finished so the book could be published in Aug 07. I am not convinced another mammoth book is needed -- maybe smaller books on focused topics would be worthwhile. I would also not bother to cover tools addressed elsewhere --especially in other O'Reilly books.
13 of 14 people found the following review helpful
5.0 out of 5 stars An excellent reference for beginners or experts Sept. 17 2007
By Todd Dailey - Published on Amazon.com
Format:Paperback
I haven't quite digested all 800+ pages yet, but I've found this book to be a useful reference and I believe this book is useful for beginners and experts alike.

Beginners will like the logical structure, beginning with ethical issues and progressing through Reconnaissance, Penetration, Control, Defense, Monitoring and Discovery. This is a logical sequence that closely follows how a new security analyst would actually learn security topics. In particular I thought part II, Reconnaissance, was well-written and clear, covering all the major tools and explaining the complex topics in a way that should be very clear to the newbie.

Experts will like it as a good, and very up-to-date, survey of all the major tools and techniques. I learned quite a bit in the Penetration section that I didn't know before, such as the section on MOSDEF and Canvas. The index is very good, so even if you don't read through this cover-to-cover it's a good reference on tools and common techniques.

The book is edited well and meets my high expectations for an O'Reilly book. Graphics and screenshots are liberally shown throughout, and callout boxes explain advanced topics in many sections. Although there are a bunch of authors the editorial style is pretty consistent and it doesn't feel like a mishmash.

Overall this is a great book for security researchers at any level, and it compares well with my favorite O'Reilly security book, the venerable Building Internet Firewalls.

If you like this book you'd probably also like the excellent Network Warrior by Gary Donahue. This book is a good general survey of everything in security, while Gary's book is a more of a personal testimonial from a professional security researcher about how he does his job. Both are useful in their own way.
7 of 8 people found the following review helpful
5.0 out of 5 stars More than a mere collection of tools... Dec 2 2007
By R. S. Shyaam Sundhar - Published on Amazon.com
Format:Paperback|Verified Purchase
I guess there is a misconception in the field of pentesting that everything is about tools. People started considering pentesting as mere collection of tools. This books is not about that. This book does not only help with knowing the various tools, it helps you to understand them, to tune them according to your need or your customer's need. The real skill is not to write a tool of your own when you already have the same tool out there. The real skill in this field is to take an existing tool and modify it based on your need.
2 of 2 people found the following review helpful
5.0 out of 5 stars If there should be only one book... June 15 2008
By Seb - Published on Amazon.com
Format:Paperback
This is a book that serves its purpose wonderfully.

Its chapters and articles are based on a series of assumptions. First, that the reader won't read the book from head to tail but bit-by-bit. Second, that the reader, although not a complete geek, has a deep interest in computer sciences and computer security, from a practical standpoint.
Given those two conditions, it is a wonderfully easy to read book which will participate in the answering to the following question: "what tool should I use to answer this ____ (fill in the blank) IT Security problem?".
That's a good thing for a "power tool book" isn't it ?
4 of 5 people found the following review helpful
5.0 out of 5 stars Perfect for those working on security systems. Dec 2 2007
By Midwest Book Review - Published on Amazon.com
Format:Paperback
Bryan Burns, et.al.'s SECURITY POWER TOOLS is a top pick for collections catering to network administrators and programmers concerned with security issues. Security engineers have authored this in-depth coverage, which comes from members of the Juniper Networks Security Engineering team and some guests, who tell how to tweak and customize the most popular network security applications. Best practices for control, defense and more are surveyed in detailed, in-depth chapters perfect for those working on security systems.

Look for similar items by category


Feedback