Customer Reviews

Security Warrior

5 star:		(8)
4 star:		(5)
3 star:		(0)
2 star:		(0)
1 star:		(1)

 

 

This book rocks! If you are a neophyte to host/LAN/internet security, I suggest starting out with Hacking Exposed. But if you are ready for something more, this is it. I especially liked the step-by-step on how to compromise a WEP-secured wireless network.

I would have rated this 4.5 stars, but half stars were not offered. My one minor complaint is the weak discussion of hacking PKI on pp. 359-360. I suspect this is most likely due to the fact that the DoD, Microsoft and anal-retentive small companies like mine have bothered to deploy PKI. Little if any exploits are known at this point.

I suspect by the second edition of this book the authors will have many more PKI exploits to discuss.

This has to be one of the best books I've read in quite some time. Security Warrior was easy to read and an attractive feature is the ability to skip between chapters without any problems. References to subjects covered in previous or in preceding chapters are noted. This book not only contains methods used by hackers but also details on how to protect yourself against attacks. It also includes programs (Bastille, IPtables, etc) with overviews of the important aspects. Anothere feature to note are the reference listings at the end of each chapter which include links to various useful sources.

This book is a must get for those who wish to get an idea of what can be done to secure systems as well as showing you things that might be overviewed initially.

In today's interconnected word, it is a race between those who wish to exploit a system, and those who are working to defend it. Security Warrior presents a unique approach in that it not only explains the traps, but also goes in depth on how these traps and exploits actually work.

The author presents each chapter with information about specific exploits, then goes into the actual exploits themselves. The book is geared towards the security professional, and novice users could find the amount of information that is presented overwhelming and confusing. At the end of each chapter is a resource section that invites the read to continue learning about a particular pitfall by providing more books and online sources for information.

One of the caveats of this book is the fact that in the wrong hands it can actually be used against the very systems the author wanted to defend. The amount of technical detail is so great, that a skilled hacker or cracker could take this book and use it as a resource in his toolkit. It is the classic situation of you can't fix the problem without knowing what the problem is.

Don't pick up this book if you want an overview of general computer security; you will be lost in the information overload. Do pick this book up if you are a security administrator or systems administrator and want to take a proactive approach in securing your systems against attack.

This excellent, well-written book can be an enugma at times. The authors indicate that the material is for someone who has read on the subject before, although there is quite a bit of material geared more towards novices like myself. In other places I was defintely out of my depth, not having enough of a C/*Nix background to fully comprehend the material. The authors cover reverse engineering, network attacks, platform attacks, and defense/intrusion detection methods.

I very much liked the samples and references to existing tools, although they clearly indicate the possible criminal repercussions of using some of these tools/techniques. The samples provide invaluable insight and experience into learning the techniques, and how to thwart them, if it's possible at this time. The intrusion detection/defense material is split between information that would benefit everyone, including home pc users, and techniques more suited to professionals, such as advanced intrusion detection and network defense. This would be a very good second book on the subject, and barring any sudden changes in the security landscape, this book should hold it's value for some time to come.

The whole concept of this book is: know your enemy. If you are a software developer or systems administrator, something you touch is bound to be attacked. Software developers need to understand this when writing programs. Likewise, systems administrators must protect their system from outside attack. This book proceeds from the premise that attack is inevitable, but we are more effective in dealing with it if we know the tactics of hackers. As we understand how they think and act, it helps us write and maintain a higher level of security within applications or network infrastructure.

This book is very interesting to read and amazing to see how easy it is to "hack" various kinds of applications with just a few tools. The book discusses the basics of reverse engineering on Windows, Linux, and Pocket PC. Additionally, the authors step through a couple of examples, to show just how easy it is to bypass entering a serial number in a software install. Other "hacks" shows include buffer overflow, TCP/IP, SQL injection attacks, and even social engineering.

I would recommend this book to anyone interested in any kind of software or network security. It is very eye-opening to see just how easy it is to compromise a system. Once you know how your enemy attacks, you can proceed with ways to combat them.

I do not understand the 5-star reviews. To me, this book was useless. I blame not the authors, but the editor. To me, the book seems to alternate rapidly between novice-level triva and material of interest only to the experienced security engineer (I work in system security). I simply can't imagine any one skill level or interest set for whom this volume would be appropriate. O Reilly's mark on a book used to be an assurrance of quality, but I advise the potential buyer to review this one before forking over your hard-earned money.

The scope of this book isn't just broad, it's encyclopedic. Want to understand how hackers hide their tracks? It's in here. Need to know more about wireless security? That's in here, too. The chapter on reconnaissance is particularly interesting. Another chapter, on social engineering, will make you re-examine your security in terms of the people in your own organization who can compromise that security. That's one element many books fail to consider.

Any infosec professional worth his or her salt already knows a lot of what you'll find in here. But none of us knows everything; the authors aim to fill in the blanks in any professional's knowledge. The great thing about this book is that you can instantly flip to the section on what you need to know more about and find clear, in-depth information. If that's not enough, each topic includes a list of additional references to help you learn more.

If I have any complaint about this book, it's the pages and pages of code. How many of us actually read all that code when we encounter it in a book? When code is needed to make a point, I'd like to see no more than ten - fifteen lines of it at a time with appropriate comments in the text. If we really need the rest, it would be far more helpful in appendices at the back of the book, or, better yet, on a CD-ROM included with the book. That said, this book is likely to become an indispensable reference for your library, and well worth the price.

In the preface the authors say that you might enjoy this book if you "... want a single volume that can quickly rachet your knowledge level upward by a few notches." That's a good way to put what this book does for you.

Part 1 covers software cracking. It provides a thorough introduction to the field. I discovered a lot of useful tid-bits and techniques throughout the book. For example, I just didn't know you could customize your gdb sessions by using macros in a .gdbinit file.

Part 2 covers network stalking. At first glance I though I might skip this section, because I'm familiar with the concepts. I'm glad I didn't, because there's nothing stale here. I picked up a few useful tidbits of information in each chapter that I didn't know.

Part 3 covers platform attacks. Familiar ground for most of this books target audience, but there was much fresh information in here. It's as if the authors have read the same books as the rest of us and specifically chosen to research and expand upon areas that were left out of those books.

Part 4 covers advanced defense. This part of the book is very useful. Log file aggregation, IDS, honeypots, and forensics techniques are some of the more significant discussions. I found the case study on setting up SNORT with ACID particularly helpful.

I can't think of a better way to describe it than the authors did in the preface, "ratchet your level of knowledge upward by a few notches." Folks in the trenches will find this quite helpful and enjoyable to read.

Target Audience
Intermediate to advanced programmers, network administrators, or security administrators who need an in-depth understanding of how software and systems can be exploited.

Contents
This is a detailed guide on how to reverse-engineer and analyze software and systems for vulnerabilities and exploits.

The book is divided into five parts:

Part 1 - Software Cracking - Assembly Language; Windows Reverse Engineering; Linux Reverse Engineering; Windows CE Reverse Engineering; Overflow Attacks

Part 2 - Network Stalking - TCP/IP Analysis; Social Engineering; Reconnaissance; OS Fingerprinting; Hiding The Tracks

Part 3 - Platform Attacks - Unix Defense; Unix Attacks; Windows Client Attacks; Windows Server Attacks; SOAP XML Web Services Security; SQL Injection; Wireless Security

Part 4 - Advanced Defenses - Audit Trail Analysis; Intrusion Detection Systems; Honeypots; Incident Response; Forensics and Antiforensics

Part 5 - Appendix

Review
"Know Your Enemy". This phrase is on the cover of the book Security Warrior, and it is an apt subtitle for the book. Very few security books on the market today do more than just tell you about the types of software and network attacks that exist. Peikari and Chuvakin go beyond the "what" of attacks and show you "how" to exploit systems and software.

This book is definitely geared to the experienced developer or network administrator. For instance, the first eight pages is an explanation of assembly language, registers, stacks and the like. Each following chapter on reverse engineering then takes that knowledge and walks you through how to analyze an executable using tools that you can purchase or download. Obviously, if you have absolutely no assembler language knowledge, you'll be lost here. But if you have that background, you'll start to learn how hackers develop exploits, and how you can build more secure software once you understand the vulnerabilities.

At the end of each chapter, the authors list a number of additional references (both books and websites) that can help you to further your understanding of the material presented. This is a great addition if you are looking to focus in on a particular type of attack, like those related to wireless security. At the website for the book, they have also made sample programs available that can be used by the reader to work through exercises in the book. For instance, when they present information on reverse engineering, they also provide a sample program that you can analyze and crack. A perfect way to lead the reader from theory to practical knowledge.

The argument could be made that this book could be used by crackers to learn how to break software. The reality is that this information is already out there. A book like this will help those who are trying to prevent break-ins understand the methods that are being used against them. And henceforth, the sub-title "Know Your Enemy".

One caveat about the book... Be very careful with the material presented in the reverse engineering section. Under the Digital Millennium Copyright Act (DMCA), reverse engineering can be considered a crime in certain circumstances. The authors acknowledge this, and that's probably why they provide their own sample programs for you to work on. Still, just remember that this knowledge, if misused, could land you in some very hot water.

My only complaint about the book... The sumo wrestlers on the cover really needed to be bigger... :-)

Conclusion
This is one of the few books that goes beyond the "what" and deals with the "how" of system and software security. A thorough reading and study of this book will arm you with the tools and knowledge you need to analyze and bight back against software

Security Warrior is an awesome book.

Many security books only get to the juicy stuff around page 150.

Security Warrior gets there on about page 4.

This is an intense advanced book and is one of the best around.