Reviews (3)

Completely Unusable for Computer Programmers
The book is a graduate-level mathematics dissertation for non-standard, unproven cryptographic techniques.Unless you have advanced cryptographic mathematical skills you won't understand the book.And even more important, you won't be able to verify that the unproven, unorthodox cryptographic techniques shown in the book actually work in the real world.

This book is not for computer programmers.It contains no code - no examples; no framework; no implementation.After extensive searching on the Internet, I could find no implementation of any of Stephen's proprietary algorithms he presents in the book.The book contains only mathematic formulas - which would be extremely challenging to implement in code correctly.Further, none of the algorithms can be implemented using standard cryptographic algorithms - they have to be implemented from scratch!Also, Stephen has patented many, if not all, of his cryptographic techniques - so you might not be able to use them even if you wanted to.

Lastly, the author, Stephen Brands, has completely vanished out of public life since he wrote this book.He has not published anything, anywhere.None of his cryptographic techniques have been implemented - even though he went to work for a software company in Canada which was granted rights to his patents.Some programmers have done residency work with Stephen on cryptographic projects at this company, but none of this work has been made commercial.The very fact that Stephen has been unable to produce any commercial application of this work, shows that something is wrong somewhere.

If someone with the proper mathematical skills can verify that Stephen proprietary cryptographic algorithms are correct; and that they can provide privacy and security; and they can implement them in real code that can be tested and verified secure; and they are not protected by patents; then I would be very interested in this product!

Privacy in a public world - it can be done
Although highly technical, the book really addresses a worsening social problem: trust and privacy. When I need to provide proof that I'm over 21, for example, I may present a driver's license. That can confirm that I'm over 21, certainly. It will also release my exact age and birth date (very different questions), as well as my name, address, license number, and whether I need glasses! The store certainly has a right to know that I am of legal age for some purchase, with a certificate at least as trustworthy as my driver's license. The rest of the information is irrelevant, but can expose me to a lot of unwanted attention, even real danger. I must, however, present all of it or none.

We really can have it both ways. Brands' protocols can give that seller the information needed - am I at least 21 - with extreme certainty. The protocol will release ONLY that information, however - not my exact age, address, or the rest. If I want to release my address, too, I can do that without releasing my driver's license number. The "infrastructure" in Brands' title is the set of mechanisms make this possible. It uses modern cryptography to create the required level of trust. It also uses Brands' techniques to let the owner of information control how it is released.

Brands has given clearer and more detailed meanings of personal privacy that I would ever dreamed exist. He then shows how mathematical techniques can protect each facet of privacy, while releasing all the information I must for living in a modern world. The text is quite mathematical - enough for the dedicated reader to implement any of the protocols described. It is possible, however, to skip past the math. What's left is an excellent discussion of living a safe and dignified life in a society of information.

Fascinating overview of cryptography PKI's underpinnings
Rethinking Public Key Infrastructures and Digital Certificates is Brand's Ph.D. thesis.

The book is a fascinating overview of the cryptography and underpinnings of PKI. Brand's focuses more on PKI from the perspective of privacy, as opposed to authentication and confidentiality.

Brand's has come up with a number of new cryptographic communication techniques that can enable applications to limit the information provided to other parties.This is hugely crucial in that information leakage is a huge threat to personal privacy.

This book is a good complement to Schneier's Applied Cryptography ...

Reviews (8)

Less Than Basic Basics Fails To Keep Up To Date
The problem all computer books have is that they are almost out of date before they reach the bookstore as things change so quickly and unfortunately this 10 year old book, although okay for the casual reader who may want an understanding of security generally, is a dinosaur concentrating on old technologies, orange book concepts and not even touching on modern problems like distributed denial of service, e-mail viruses etc. Very disappointing for an O'Reilly book. An update is long overdue.

Best available introduction to the topic...
This book is a more introductory, and a more theoretical than something like "Practical UNIX & Internet Security, 2nd Edition" (By Simson Garfinkel & Gene Spafford, published by O'Reilly & Assoc.), but it is still a vital book on the topic.

Definitely a must-have for the bookshelf of any Unix or Security administrator, and a good idea for anyone to read if they are working in the IT field.

Reviews (9)

Good but for immediate or better users
I want to begin with whats good about the book. It does a good job of covering Linux security concepts, and centralizing them in a well laid out, easily referenced book. Others have pointed out that a lot of this information is available on the net for free, however without a reference like this they wouldn't know what they should be looking for. (How many folks know their BIND server should run in a chroot environment to even begin the research?).

Despite having Red Hat in its title, and being released as a redhat Press book, the book is surprisingly generic in its treatment. While that may be a welcome releif to Suse/Debian/etc users, its a bit annoying to redhat users who were expecting more specific help, and perhaps less conflicting help. Several of the security measures covered in the book have already been implemented in the default redhat install, except using different usernames, file paths, etc.

Some of this may be an artifact of the book not covering the latest release, but some have been around long enough to convince me the book was written to a far more generic audience originally then given a new title. Which isn't bad by itself, just not what a novice user would expect, and might not catch.

My final concern is that some of the implementation steps are just flat wrong. The section on running BIND in a chroot environment is one, it describes the process in 7 steps (only 6 are enumerated) and does not mention redhat's prefered method of passing the options to the daemon. However, since knowing that it should/can be done is half the battle in linux, the correct procedure can be found on the web.

Good RH reference Freely available info is just as good
A doctrine of the open source movement is that although the software is free, you have to pay for the support and documentation. While anyone can ..get the Red Hat Linux software for free, books on Linux or other open source topics will cost the reader money. But for readers who are willing to shell out [the money]for a book about Linux security, Red Hat Linux Security and Optimization is a good overview on the core concepts of Linux security and how to secure, optimize, and harden Red Hat.

The book is titled Red Hat Linux Security and Optimization, indicating that both topics are covered, but the bulk of this book (chapters 8 - 21) really deals with security topics. Only the first 7 chapters deal with system and network performance.

Part 1 of the book comprises three chapters on system performance. Issues such as performance basics and kernel tuning are discussed. It shows how users can compile and install their own custom kernel. Chapter 3 is on file system tuning and deals with standard issues such as determining which file system to use and the creation of volumes and partitions.

The three chapters of Part 2 (Network and Service Performance) detail the issues of network and server performance. Chapter 5 provides a good overview of tweaking Apache and the use of Squid.

Part 3, System Security, is the heart of the book. The author takes a bottom up approach to security, where he starts with kernel security and progresses to other topics such as file system security, network security, passwords, and more.

Part 4 details network security, from DNS and BIND, to SSL, FTP, and the other major networking protocols. Chapter 17 has a good synopsis of email and the vulnerabilities associated with open email gateways, and how to control mail relays so as not to be used as a spam clearinghouse.

The book finishes with Part 5, which comprises two chapters about Linux firewalls. It also includes information about VPNs, SSL tunnels, and assessment tools.

The enclosed CD-ROM has a lot of security software, including standard security tools such as John the Ripper, netcat, nessus, nmap, and more. Is also includes other software such as Tripwire, Saint, OpenSSH, OpenSSL, tcpdump, and more. Also included is an electronic version of the book. With the exception of the electronic copy of the book, everything on the CD-ROM is available free off the Net. It would have been nice if the book could have included a second CD-ROM with the Linux operating system software. Although the software can be downloaded from Red Hat, the nearly 1 GB of data can take quite a while to download, even with a broadband connection.

Red Hat Linux Security and Optimization is a straightforward book that details all of the rudiments of Linux functionality and security. While the book is written for Red Hat, the majority of the information can be applied to other flavors of Linux. Overall, Red Hat Linux Security and Optimization is a good option for readers who want a security reference book....

Obviously trying to cash in on Red Hat's dominance
Red Hat is synonymous to Linux for many people, and this book is obviously trying to cash in on that.The editing of this book leaves much to be desired - there are some really terrible errors throughout.I am usually partial to books that have CDs with them, but in this case it doesn't add anything.The tools on the CD are freely downloadable from the internet, and are being updated constantly.The versions on the CD are very old, so you need to download new versions anyway.

Reviews (16)

Advanced Crypto for the college mind.
This very detailed work is not for the light hearted. It's an in depth look at the mathmatics behind cryptography. If you're looking for a book to help you program then look for Applied Cryptography by Bruce the crypto king instead. If you're looking for something to help you learn cryptoanalysis and how to break codes then this is the first step.

Fantastic traditional reference
The Chapter 14 - Efficient Implementation - shows several multiple precision algorithms. They are very easy to understand and implement under any microprocessor. It is a very good complement to the book set written by Donald Knuth (The Art of Computer Programming, Volumes 1-3 Boxed Set), another fantastic traditional reference.

A very detailed book, but not for everyone.
This is a fairly strong book on crypto, with heavy detail on the math involved.The upside is that the second chapter is devoted to most of the important mathematical theory you'll need to understand for the rest of the book.The downside?That chapter tries to cover just about the same breadth of information as a semester long course in Number Theory.

If you don't have a ton of mathematical background and are scared of having to take a crash course in number theory, or are looking for a higher level view of things, I'd suggest something more along the lines of Bruce Schneier's 'Applied Cryptography' (ASIN 0471117099). If you have some mathematical background, but want to get into things in detail, this is probably for you.

Editorial Review

Stephen Northcutt and his coauthors note in the superb Intrusion Signatures and Analysis that there's really no such thing as an attack that's never been seen before. The book documents scores of attacks on systems of all kinds, showing exactly what security administrators should look for in their logs and commenting on attackers' every significant command. This is largely a taxonomy of hacker strategies and the tools used to implement them. As such, it's an essential tool for people who want to take a scientific, targeted approach to defending information systems. It's also a great resource for security experts who want to earn their Certified Intrusion Analyst ratings from the Global Incident Analysis Center (GIAC)--it's organized, in part, around that objective.

The book typically introduces an attack strategy with a real-life trace--usually attributed to a real administrator--from TCPdump, Snort, or some sort of firewall (the trace's source is always indicated). The trace indicates what is happening (i.e., what weakness the attacker is trying to exploit) and the severity of the attack (using a standard metric that takes into account the value of the target, the attack's potential to do damage, and the defenses arrayed against the attack). The attack documentation concludes with recommendations on how defenses could have been made stronger. These pages are great opportunities to learn how to read traces and take steps to strengthen your systems' defenses.

The book admirably argues that security administrators should take some responsibility for the greater good of the Internet by, for example, using egress filtering to prevent people inside their networks from spoofing their source address (thus defending other networks from their own users' malice). The authors (and the community of white-hat security specialists that they represent) have done and continue to do a valuable service to all Internet users. Supplement this book with Northcutt's excellent Network Intrusion Detection, which takes a more general approach to log analysis and is less focused on specific attack signatures. --David Wall

Topics covered:

• External attacks on networks and hosts, as they appear to administrators and detection systems monitoring log files
• How to read log files generally
• How to report attacks and interact with the global community of good-guy security specialists
• The most commonplace critical security weaknesses
• Traces that document reconnaissance probes
• Denial-of-service attacks
• Trojans
• Overflow attacks
• Other black-hat strategies

Editorial Review

Two of Sun Solaris's prime attractions are its reliability and the high availability of servers running it. These advantages can be, however, negated by carelessness. Forget to apply a patch, or neglect to synchronize your servers' system clocks, and someone who's paying more attention will exploit the holes you've left in your system. The authors of Hack Proofing Sun Solaris 8 teach you how to run Solaris with flair. They show you how to implement wise security rules and implement popular services--like Common Gateway Interface (CGI) scripts--with a focus on improving security without reducing function. Most of the advice here has to do with Solaris boxes as Web servers, mail servers, and firewalls.

A lot of the authors' advice will be familiar to readers who have done security work before--their advice to disable all nonessential services, for example, falls into this category. Other information, such as the particular syntax of Solaris's native security utilities and third-party programs that are designed for Solaris, is very handy. It'll prove especially nice for people coming to Solaris from security administration on other operating systems. The organizational approach balances quick reference--the ability to quickly locate some detail via the index--with informative background that will help you head off emerging, undocumented attacks. There aren't many earth-shaking revelations in this book, but it contains good documentation of Solaris security tools and procedures. --David Wall

Editorial Review

The Certified Information Systems Security Professional (CISSP) ratingis difficult to earn and rare in the marketplace, which means you're a valuablecommodity if you've proven your skills by passing the exam. The CISSP PrepGuide, one of only a handful of books on its subject, does a good job ofgiving readers a feel for the scope of the test and the style of its questions.It's ideal for use either as a preliminary survey of the CISSP subjectareas (the test's publisher and the authors of this book call them"domains") for relative newcomers to computer security, or as a pure study guideto help more experienced professionals zero in on the weak spots in theirknowledge. Don't expect to do well on the CISSP exam having only read this book.You'll want to have some practical experience and some specialized reading underyour belt.

Ronald Krutz and Russell Vines are good writers and fine teachers;they explain the wide-ranging CISSP domains (which have to do with everythingfrom cryptographic algorithms to fire-suppression techniques to legalprinciples). They take care to explain potentially unfamiliar terms--there's agood glossary in the back of this book--and employ conceptual diagrams well.However, the answer keys for the sample questions that conclude each chapteraren't annotated and some readers will wish for more references to specializedsources. --David Wall

Reviews (34)

Volumes vs editions
Some of the reviewers are confusing 'volumes' with editions.Each edition of this book contains several volumes.Each volume contains new papers, adding them to the current edition of the ISMH.

The current edition of the Information Security Management Handbook is the 5th.At present, it has only 2 volumes.This CD-ROM only contains the 1st volume of the 5th edition.There is a new CD-ROM of the ISMH with a 2005 date (ISBN 0849339422) which I *think* contains the new volume 2 of the 5th edition (ISBN 0849332109)

What makes this CD-ROM valuable over the 5thED-V1 book is that it contains the contents of the 3rd and the 4th editions!I know the 4th edition contained four volumes.

Excellent reference!
Excellent reference!

This is an excellent security reference!

If you are looking for a pure CISSP prep book, this is not the best.But for general info sec, this is an awesome book.

Reviews (34)

Volumes vs editions
Some of the reviewers are confusing 'volumes' with editions.Each edition of this book contains several volumes.Each volume contains new papers, adding them to the current edition of the ISMH.

The current edition of the Information Security Management Handbook is the 5th.At present, it has only 2 volumes.This CD-ROM only contains the 1st volume of the 5th edition.There is a new CD-ROM of the ISMH with a 2005 date (ISBN 0849339422) which I *think* contains the new volume 2 of the 5th edition (ISBN 0849332109)

What makes this CD-ROM valuable over the 5thED-V1 book is that it contains the contents of the 3rd and the 4th editions!I know the 4th edition contained four volumes.

Excellent reference!
Excellent reference!

This is an excellent security reference!

If you are looking for a pure CISSP prep book, this is not the best.But for general info sec, this is an awesome book.

Reviews (34)

Volumes vs editions
Some of the reviewers are confusing 'volumes' with editions.Each edition of this book contains several volumes.Each volume contains new papers, adding them to the current edition of the ISMH.

The current edition of the Information Security Management Handbook is the 5th.At present, it has only 2 volumes.This CD-ROM only contains the 1st volume of the 5th edition.There is a new CD-ROM of the ISMH with a 2005 date (ISBN 0849339422) which I *think* contains the new volume 2 of the 5th edition (ISBN 0849332109)

What makes this CD-ROM valuable over the 5thED-V1 book is that it contains the contents of the 3rd and the 4th editions!I know the 4th edition contained four volumes.

Excellent reference!
Excellent reference!

This is an excellent security reference!

If you are looking for a pure CISSP prep book, this is not the best.But for general info sec, this is an awesome book.

Reviews (25)

Great book
I fell in love with honeypots because of this book. They cover everything from beginner to expert. They tell you all you need to know to start your own honeynet. Well done.

Fills a unique niche...
Most of the time, your only close-up view of a computer attack is trying to sort out how someone compromised your production system.But there is a way to get hands-on experience with attack analysis, and Know Your Enemy - Learning About Security Threats by The Honeynet Project (Addison-Wesley) shows you how.

The chapter breakout:The Beginning; Honeypots; Honeynets; Gen1 Honeynets; Gen2 Honeynets; Virtual Honeynets; Distributed Honeynets; Legal Issues; The Digital Crime Scene; Network Forensics; Computer Forensics Basics; UNIX Computer Forensics; Windows Computer Forensics; Reverse Engineering; Centralized Data Collection and Analysis; Profiling; Attacks and Exploits: Lessons Learned; Windows 2000 Compromise and Analysis; Linux Compromise; Example of Solaris Compromise; The Future; IPTables Firewall Script; Snort Configuration; Swatch Configuration; Network Configuration Summary; Honeywall Kernel Configuration; Gen2 rc.firewall Configuration; Resources and References; About The Authors; Index

If you're not familiar with the concept, a honeypot is a computer set up to gain the attention of network intruders.The concept is that the intruder will spend time with that box and leave the rest of the network alone.A honeynet is the same thing but only at a network level.The authors of this book are experts at setting up these kind of systems in order to see how attackers work and discover new exploits before they are used against actual production systems.They take you through all the different parts of the process; how to set up a honeypot/honeynet, how to analyze an attack, what legal considerations have to be kept in mind, and examples of exploits that actually were recorded and analyzed.

While there are plenty of books that talk about computer security, there are few that show you how to take the offensive and learn first-hand how to analyze and understand real-life attacks.This is a unique offering that will have high appeal for the security professional looking for in-depth understanding of the attacker mindset.

Very good book!
One of most exciting areas to emerge in information security has been in the area of honeynets.These are networks designed to be compromised and capture all of the tools and activity of attackers
The Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned.The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised.Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that.The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today.
Very neat!

A honeynet is the primary tool used to capture attacker's activity.It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them.As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity.This simple concept makes it highly effective in detecting and capturing both known and unknown activity.Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise.

The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts.The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely.The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc).The third part is specific examples of several honeynets being hacked, including Win2000, Linux, and Solaris.What makes the book so interesting is it ties all these different elements together.You can learn more at http://www.honeynet.org/book/

The book was not written by a single individual, but by leading experts in their field. They attempted to combine the best experiences and skills from some of the leading individuals. The book was organized by the Honeynet Project, but the contributing authors include members of the Honeynet Research Alliance, individuals from the Department of Justice, and others who have helped us in the past and wanted to contribute.Some examples of authors include Honeynet Project members Brian Carrier who wrote several chapters and Max Kilger who wrote about profiling. Honeynet Research Alliance members include the work of the Greek Honeynet Project writing about hacked Linux systems, and the Mexican Honeynet Project writing about hacked Solaris systems.They also had outside experts help out, including Richard Salgado of the DoJ author about legal issues, and Dion Mendel from Australia write about Reverse Engineering.

Reviews (7)

Proper content, horrible writing
After having read the book, I was left with a mixed feeling. The content of the book is OK. Not special, just OK. If this book changed your way of thinking about risk, then this is probably one of your first books you read on the subject. I give the book content 4 stars, since it's decent, easy to follow and fairly complete. Besides that, the author included three good articles at the end of the book, one of which (by Caroline Hamilton) is particularly well-written.

Now for the style. I can only agree with one of the other reviewers regarding the comment he made about proofreading the book. I wonder if the book was proofread at all. There are so many errors and annoyances in this book, it starts working on my nerves fairly quickly. To name but a few:


The writer contradicts himself on several occasions. Sometimes this gets hilarious:
- Page 30: [The cost/benefit analysis] is the most important step of any risk analysis process.
- Page 35: As discussed in the previous example, the scope statement is the most important element of the risk analysis process.
- Page 39: The most important element of any risk analysis process is the recommendations of controls and safeguards... etc etc.


I understand that mister O'Leary is his mentor, but don't tell me five $%^$@ times that he is the Director of the Education Resource Center (pages ix, 12, 13, 65, 66).


The spelling errors are a real pain in the butt:

- page 217: "Aurebach" instead of "Auerbach" (my favorite; it's his own publisher).
- page 16: "can shared" instead of "can be shared"
- page 36: ".appropriate" instead of "appropriate"
- page 43: "their role" instead of "his role"
- page 45: "control" instead of "risk" (last word on the page)
- page 46: "these" instead of "there"
- page 47: "guideline" instead of "guidelines"
- page 55: "their" instead of "its" (it refers back to "job")
- page 64: wrong comma usage
- page 71: "in" instead of "it"
- .....
- page 162: "Originizational" instead of "Organizational"
- page 217: "Ozierz's" instead of "Ozier's"


The writer uses the Ctrl+C and Ctrl+V too many times. Definitions should be reworded, not blindly copied. See pages 7 and 57, pages 47 and 72 etc.

Sometimes bulleted items in the same list have a trailing dot, sometimes they haven't.

I can go on and on.

To wrap it up, the writing gets 1 star. Equals 5 stars. Which will be rounded to 2 stars, simply because of his sloppy writing. If the writing were better, I might give it 3 or 4 stars.

Qualitative not Quantitative
The book outlines - over the course of about 50 pages - a simple and qualitative risk metric.IF one is looking for a method to quantify risk then look elsewhere; perhaps to a professional actuary.

Overall it is a decent book for an introduction to qualitative risk analysis.

Awesome Content - hurried writing
I believe that this book was pushed out to the presses much too quickly.Be prepared to rewrite some of the processes because of poor writing (and/or proof reading).Some of the steps in the Qualitative Risk Analysis just strait up don't make sense.

However I give it two thumbs up for content.This book helped me with disaster planning tremendously.

Reviews (25)

Good for review
This book is very good for a review of the CISSP material.

but do not use it as your main reference.

Best for experienced Administrators & Engineers
If you are already a skilled systems engineer that is familiar with the concepts of TCP/IP and account logon policy, then this book will cover the additional areas that ISC(2) require. The ~100 practice questions in this book were very VERY helpful, similar to the Transcender format where it explains why the correct choice, and the reasons the incorrect answers are false.

I reviewed just the practice questions and passed my test on the first try. Just because the test is $500, don't try to "out think" the questions, pick the logical answer and the practice questions in this book will verify you are picking the answers that ISC(2) agree are logical.

For many skilled SE's and SA's, the CISSP study materials are a cure for insomnia and tedious to read, almost like reading your local state DMV drivers license instruction book, almost as bad as a life insurance policy terms and conditions.

For those who are already technically skilled, this book is a great choice.

Editorial Review

Editorial Review

Practical Unix & Internet Security is on its second edition, and its maturity shows. To call this highly readable book comprehensive is an understatement. The breadth is vast, from fundamentals (definitions of computer security; the history of Unix) and commonsense but little-observed security basics (making backups; physical and personnel security; buggy software) to modern software (NFS, WWW, firewalls) and the handling of security incidents. The section on users and passwords alone is 21 pages long--and worth every page. Useful appendices include a Unix security checklist, a list of emergency response organizations, and many references to electronic and paper resources.

Editorial Review

Building Linux and OpenBSD Firewalls tackles considerably more than its title implies. For one thing, it's an introductory Internet security text that explains some of the methods attackers employ and how security strategies (including firewalls) can help thwart them.

Some of this coverage is very basic indeed ("What's an IP address?" and "What's a good Password" are two elementary sidebars), but that's in keeping with this series, which is intended for managers and others somewhat removed from detail work as well as for technicians. Still, the differences between OpenBSD and Linux boil down to a couple of key features, and you'll find yourself halfway through this book before you get to any how-to material on configuring a firewall. The configuration information is easy to follow: the authors explain which options to choose in the operating systems' respective installation routines and outline some supplementary procedures to follow afterward.

This book deserves kudos for treating OpenBSD with the same respect most books lavish over the trendier Linux, and the odds are good you'll learn a lot about it. You'll find the general security material valuable as well, particularly if you're new to the security game and need a primer on firewalls, demilitarized zones (DMZs), and the vulnerabilities of particular protocols and services. Still, this isn't the best practical guide around. Look at Linux Firewalls for detailed information on configuring IP chains under Linux, Maximum Linux Security for an all-purpose take on that system's security characteristics, and Firewalls and Internet Security: Repelling the Wily Hacker for further comprehensive security coverage. --David Wall

Editorial Review

A collection of after-action reports on a variety of network attacks,Network Intrusion Detection enables you to learn from others' mistakes asyou endeavor to protect your networks from intrusion. Authors Stephen Northcuttand Judy Novak document real attacks on systems, and highlight characteristicsthat you--you being a network communications analyst or security specialist--canlook for on your own machines. The authors mince no words, and advise you on thedetection tools to use (they like and use Snort, as well as Shadow, Tripwire,TCP Wrappers, and others) and how to use them. This second edition of the bookincludes less about year-2000 preparation and more about the latest in attacks,countermeasures, and the growing community of white-hat hackers who shareinformation to keep systems safe.

In teaching their readers about the attacks that exploit a particular protocolor service, the authors typically present a TCPdump listing that shows anattack, and then comment upon it. They tell you what the attackers did, howsuccessful they were, and how the attack might have been detected and shut down.To cite one example, there's a very detailed analysis of Kevin Mitnick's famousattack (a SYN flood, combined with TCP hijacking) on one of Tsutomu Shimomura'smachines. By following the advice in this book, you'll likely do well inprotecting your machines against people whom the authors call "script kiddies" --small-time hackers who follow published recipes (or run prewritten routines).Also, you'll be about as prepared as you can be against more skilled attackerswho make up their attacks on their own. This is great reading for anyone who'sinvolved in developing filters to ward off attacks or monitoring networkcommunications for suspicious activity. It's also a valuable resource forsomeone who's evaluating network countermeasures in preparation for deployment.--David Wall

Reviews (2)

Useful to both cryppies and hardware geeks
In 1997, the Electronic Frontier Foundation announced an experiment. On a budget of $200,000, they blew the roof off of something that had long been suspected: the long-time United States Data Encryption Standard was not secure.

This is something that had been suspected for some time. The original Lucifer encrypt that it had been based on had been designed by IBM with a 64-bit keyspace (quite large for the late 70s), but had been reduced to 56 bits, reducing the number of possible keys by two orders of magnitude. It was widely suspected that this was due to the NSA's desire that there not be a standard in the public domain that they couldn't crack; indeed, DES was slowly obsoleted over the years by ciphers like RSA and PGP. In 1997, it was announced that the EFF had created, using an array of custom chips, a relatively inexpensive system that was capable of a brute-force attack on DES, and came to the conclusion that such systems were probably already in the posession of not only the NSA (the largest purchaser of computing power in the world) but also numerous corporate and governmental entities that could afford to pay substantially less than the EFF paid for a technology that was likely not only available on the QT but quite mature.

This book comes with everything needed to build a DES cracker -- operational notes, history, and even the VHDL code needed to build the custom chips and C code to control the chip array. This makes it of interest not only to cryptography researchers (who probably consider this book old news after seven years) but to those learning about hardware and embedded systems development; the extensive listings make for good study material.

It's a worthwhile book to buy for anyone interested in privacy and cryptography concerns, though for the layperson Simon Singh's Code Book is probably a more general introduction to the issues involved.

Detailed blueprint on how-to-do it.
This is a "killer book" in every respect.

The authors have done a tremendous service to the entire population of the World by exposing the vulnerability of the DES algorithm. The DES algorithm is the formulafor encrypting your bank account and keeping other secrets safe.

DES hasbecome unless and the authors have taken more than a little risk to informyou including absolute, undeniable proof in the form of "showing youhow", down to the last detail.

The books not only gives detailedplans and references but also the correct current political motivationbehind the desire to retain the DES and how it affects you.

Details ofhow government "politicking" of your civil rights and how thoserights are being "watered down"for the benefit of theintelligence community is explained, too.

I don't personally plan onspending $200,000 or so to build a "engine for cracking DES", butI do believe that the money spent for this book was one of the betterinvestments I have made. The books contents have been placed into the public domain by the authors. Tell a friend.

Reviews (19)

Innacurate and old
I didn't check out the publication date of this book when I bought it (1998) so my dissapointment is partly my fault.It is, unsuprisingly, very outdated (anyone actually remember the altavista tunnel?).However, much of the info that remains, even general VPN fundamentals, are flawed and innacurate.This book will hinder you if you are trying to understand proper VPN network topologies.

Perfect
This book solved a lot of problems for me. While much of the product coverage no longer applies, the theory and practice of the VPN, as well as the basic need for such a technology gave me the information I needed to convince my upper management to use VPN's better.

Well.. Almost Useless
This book was a big disappointment. It does gloss over alot of the key VPN ideas, but there is not much substance. I've learned more from reading various tidbits off the internet.

Also, before you even consider using PPTP you should read the CounterPane cryptanalysis paper on PPTP.

http://www.counterpane.com/pptpv2-paper.html PPTP on windows NT is just not secure!

For a total newbie, this book might give them an idea of what to look for on the internet, but besides that I don't see too much value in this book.

Editorial Review

In Hackers Beware, Eric Cole succeeds in explaining how hackers break into computers, steal information, and deny services to machines' legitimate users. An intended side effect of his documentary efforts is a feeling for how network-connected computers should be configured for maximum resistance to attack. Cole, who works with the attack-monitoring SANS Institute as an instructor and security consultant, conveys to his readers specific knowledge of offensive and defensive weaponry as well as general familiarity with attack strategies and good security practices. Hackers Beware is a good primer and really earns its price by going into enough detail to enable readers to actually do something to make their resources safer. It also enables its readers to understand more specialized security texts, including Stephen Northcutt's fine Intrusion Signatures and Analysis.

Cole's didactic style is largely conversational, embracing the fact t