Most Helpful First | Newest First
5.0 out of 5 stars Now this is a good book!,
This review is from: Network Security Hacks: 100 Industrial-Strength Tips & Tools (Paperback)Lots of very very very good hints and suggestions!
a valauble title.
4.0 out of 5 stars A handy guide when trying unfamiliar tools or techniques,
This review is from: Network Security Hacks: 100 Industrial-Strength Tips & Tools (Paperback)"Network Security Hacks" (NSH) has something for nearly everyone, although it focuses squarely on Linux, BSD, and Windows, in that order of preference. Administrators for commercial UNIX variants (Solaris, AIX, HP-UX, etc.) should be able to apply much of the book's advice to their environments, but they are not the target audience. NSH is written for admins needing quick-start guides for common security tools, and in this respect it delivers.
I found NSH to be most rewarding when it avoided discussing the same topics everyone else has covered. Lesser known tools like authpf, ftester, sniffdet, SFS, rpcapd, and Sguil caught my interest (especially as I write Sguil installation docs). Even some ways to use familiar tools were helpful, like the -f (fork) and -N (no command) switches for SSH forwarding. In some cases it made sense to mention well-worn topics like BIND or MySQL, with an eye towards quickly augmenting the security of those servers.
Elsewhere I questioned the need to cover certain tools. With the number of Snort titles approaching double digits, and O'Reilly's own Snort books in the wings, was it really necessary to devote several hacks to Snort? In the same respect, I felt mention of Nmap, Nessus, swatch, and ACID was not needed, nor was advice on implementing certain Windows security features.
In some cases the descriptions were too brief to really explain the technologies at hand. For example, the "Secure Tunnels" chapter discusses a very specific IPSec scenario (wireless client to gateway) without informing the reader of the other sorts of tunnels that are possible. I also questioned some of the content, like p. 47's statement that Windows lacks "robust built-in scripting." Brian Knittel's "Windows XP Under the Hood" would quickly change the author's mind. Also, the anomaly detection preprocessor SPADE is described, even though the last version (Spade-030125.1.tgz, released Jan 03) is only available on a Polish student's Web server and no longer cleanly integrates with Snort past version 2.0.5, released in Nov 03.
Despite these comments, I still found NSH a great addition to my security bookshelf. I found the coverage of Windows more than adequate, given that true security innovation in the public sphere is being done in the open source world and not in Redmond's labs. The writing tends to be clear and the descriptions concise. I guarantee you will find a handful of hacks which pique your curiosity and ultimately help secure your enterprise.
4.0 out of 5 stars Good simple reference,
This review is from: Network Security Hacks: 100 Industrial-Strength Tips & Tools (Paperback)When I first got this little book, I was unimpressed by its idea: a seemingly random collection of network security tips, combined under the same cover. However, when I started reading, more and more often I exclaimed "ah, that is how it is done", etc. The book is one cool collection of tips, ranging from mundane ('how to configure iptables on Linux') to fairly esoteric ('how to use MySQL as an authenticating backend for an FTP server'). Always wanted to use 'grsecurity' or 'systrace', but thought it is too complicated - grab the book and give it a shot. Want to set up a fancy encrypted tunnel between two networks - it covers that too. Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place. The book covers selected topics in host security, SSH and VPNs, IDS, monitoring and even touches upon forensics. I also liked its multi-platform coverage, with a slight, but unmistakable UNIX/Linux bias.
Overall, it is a great simple book, provided you don't try to find in it something it isn't: a neat collection of simple network security tips. I somewhat disliked that many tips don't go beyond 'how to install a tool' and stop short of discussing 'how to use it best'.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004) and contributor to "Know Your Enemy II" by the Honeynet Project (AWL, 2004)). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
4.0 out of 5 stars Another great collection of "hacks",
This review is from: Network Security Hacks: 100 Industrial-Strength Tips & Tools (Paperback)As with the other "Hacks" books, there are 100 hacks listed, and these are focused on network security. As another reviewer points out these hacks seem to be heavily slanted toward Unix. Whether this is due to the Windows OS "keeping the administrator out of the loop about the inner workings of her environment," as the book points out or the numerous "helpful features" of Windows that aren't that helpful to Windows admins is unclear. There does appear to be some limits to how secure you can make a Windows network, as opposed to Unix which seems to have many more options. And while we constantly hear about new Windows viruses, we rarely hear about Unix viruses. But I digress.
There definitely are some good ones here, like the "honeypot hack," protecting logs from tampering (thereby making it more difficult for a network intruder to cover their tracks), preventing stack-smashing attacks (thereby preventing an attacker from overwriting the information on a stack), detecting spoofing, testing your firewall, monitoring your logs for any sign of tampering, even defending yourself against web application intrusions. In short, these hacks are the ones deemed most likely by the book's author to be useful in defending your network against any kind of hostile attack or intrusion.
And while you may agree or disagree with the list presented in this book, this book is a valuable tool and reference for any network admin to have on hand.
4.0 out of 5 stars Excellent material, but heavily weighted towards Unix...,
This review is from: Network Security Hacks: 100 Industrial-Strength Tips & Tools (Paperback)If you're at all responsible for or mindful of the security aspects of your network, here's a book you'll enjoy... Network Security Hacks by Andrew Lockhart (O'Reilly). As with all the Hacks titles, this book contains 100 various tips and ideas on how to improve your network security through the use of various software packages or procedures you can implement. The Hacks are grouped into the following chapters:
Unix Host Security; Windows Host Security; Network Security; Logging; Monitoring and Trending; Secure Tunnels; Network Intrusion Detection; Recovery And Response.
This isn't a primer on all you need to know about system security, nor is it meant to be. Network Security Hacks is most helpful for the system or network administrator who understands security but is always looking for various ways to enhance their level of security or ease the administration processes. For instance, in the Monitoring and Trending chapter, you are introduced to a number of free tools you can download that will verify your services, graph your bandwidth trends, monitor real-time network stats, and audit the traffic on your network. While not every hack will appeal or apply to you, you will find plenty of gems that will give you a real and quick payback.
The only "gripe" I have about the book is that it is heavily weighted towards the Unix environment. The Windows chapter is pretty small, and even some of the Windows hacks involve allowing you to work with the data like you can with Unix. So, if you're looking strictly for Windows security tips, you will probably find less satisfaction than you might if you were a hard-core Unix admin. Even so, there is material there that will interest you, such as how to use Snort to set up an intrusion detection system or how to use built-in features of Windows to create your own firewall.
Very good book, and worthy to hold a spot on your bookshelf...
4.0 out of 5 stars Try rummaging thru the hacks,
This review is from: Network Security Hacks: 100 Industrial-Strength Tips & Tools (Paperback)Lockhart has assembled a fascinating collection of 100 hacks to protect your computers against a network intrusion. He covers linux/unix systems and also Microsoft machines. An entire chapter, containing 10 hacks, is devoted to the latter. Most of the other 90 hacks can be applied to both systems, though the example implementations are usually given under linux/unix.
Perusing the list of hacks may cause different readers to be attracted to different hacks. Here, I briefly summarise a few that caught my eye. Consider "Block OS fingerprinting". In an earlier, more innocent age, someone connecting to a telnet, sendmail or ftp daemon would cause it to reply with the machine's operating system label and the version of that daemon. Yes, really! In fact, this is still largely true, by default, on most unixes. Well, nowadays, a sysadmin can stop those daemons doing this. But a cracker can then do other probes. If you are running OpenBSD, you can use pf to block those.
Logically continuing this train of thought, what if you wanted to actively mislead the cracker by mimicking another operating system? This is the honeypot hack. The honeyd daemon lets you masquerade as several types of systems. Pretty crafty, eh? The next hack would then be to record all the cracker's activity on your honeypot via the open source Sebek, which is freely available for linux and Solaris.
Granted, you might be interested in other hacks. But hopefully the above gives you some idea of the book's utility. And a lot of hacks refer to other closely related hacks, in the manner shown above.
Most Helpful First | Newest First
Network Security Hacks: 100 Industrial-Strength Tips & Tools by Andrew Lockhart (Paperback - May 3 2004)
CDN$ 36.95 CDN$ 23.28
Usually ships in 1 to 4 weeks