[ISN] Book review: Security Warrior by Cyrus Peikari & Anton Chuvakin

From: InfoSec News (isn@private)
Date: Mon May 10 2004 - 22:50:23 PDT

  • Next message: InfoSec News: "[ISN] Spec in Works to Secure Wireless Networks"

    Forwarded from: security curmudgeon <jericho@private>
    
    http://www.powells.com/cgi-bin/partner?partner_id=28327&cgi=product&isbn=0-596-00545-8
    
    Security Warrior
    Cyrus Peikari & Anton Chuvakin
    Paperback - 581 pages (January, 2004)
    $44.95 - O'Reilly ISBN: 0-596-00545-8
    
    Security Warrior is one of the latest books that attempts to cover
    hacking and security information in a way that appeals to all levels
    of the field. Most books of this nature will present a wide variety of
    concepts and technologies that fall under the "security" blanket.
    These topics usually include an introduction to security, networking,
    reconnaissance, social engineering, attack and defense. As with most
    professions, attempting to disclose the ins and outs in a
    comprehensive manner would take volumes of information and could never
    be summed up in a single book.
    
    Breaking away from the mold, Security Warrior stands out in a crowd of
    security books by delving into the world of software cracking through
    reverse engineering. While this is not a skillset many security
    personell use or know, it can be a very handy skill to have. Peikari
    and Chuvakin spend almost one third of the book on reverse engineering
    by providing detailed explanations, real world examples and even
    excercises to test your ability to break past software that restricts
    your access to a program on your own computer. While the skill of
    reverse engineering is useful, it is also fairly intensive and
    requires a solid programming knowledge. The extensive use of program
    source code in the book can get a bit overdone as most people reading
    the book will already understand it and find no use for it typed out
    in a book, or find themselves lost after the second line.
    
    The next major section covers the basics of networking and
    reconnaissance as relates to security testing. After a brief outline
    of TCP/IP and other protocols that make this big Internet thingy work,
    they immediately dive into the art of Social Engineering before going
    back to network recon, OS fingerprinting and hiding your attacks.
    While this information is all valuable, the sudden turn to Social
    Engineering in the middle of technical network attacks is disjointed
    to say the least.
    
    Once you have identified your targets via network recon, the next step
    is to figure out what specific platform attacks may work for you.
    Unfortunately, you need to read the chapter on Unix defense before
    Unix attacks in this book. While the order of the chapters is a minor
    nuisance, the author's consistancy is a tad annoying. After learning
    about Unix defense and attack, you then get treated to Windows Client
    Attacks and Windows Server Attacks. Apparently, the chapter on Windows
    defense got left on the cutting room floor. Even more odd is the next
    chapter on SOAP XML Web Services Security followed by the SQL
    Injection attack chapter. While these are all well written chapters
    that convey the information very cleanly, the order and choice of
    topics is very messy.
    
    The last section covers Advanced Defense and goes into audit trails,
    intrusion detection, honeypots, incident response and forensics. Each
    chapter receives a good share of attention and falls back into an
    orderly fashion for dispensing the details of each technology. This
    material is a solid conclusion to a book that has a place in the
    security professional's library. For someone just entering the
    security circle, this book will be a rough start.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Tue May 11 2004 - 07:43:11 PDT