http://www.amazon.com/exec/obidos/ASIN/1597491098/c4iorg and http://www.shopinfosecnews.org Title: Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network Authors: Michael Gregg (principal author), Stephen Watkins, George Mays, Chris Ries, Ron Bandes, Brandon Franklin Pages: 442 pages Publisher: Syngress Reviewer: dr.spook at gmail dot com ISBN: 1597491098 Like many books with multiple authors, it's a mixed blessing. I would also like to suggest to Syngress that they hire an editor. This book would have benefited from a stricter hand. It would at least merit a simple grammar check. Please. Is anyone else tired of the word "Hack" or "Hacking" in the title? I wonder if it doesn't take away from the message of the book, when the points are obscured with the obvious memetic charge that such a title gives. For the curious: Open Systems Interconnection Basic Reference Model is described in http://en.wikipedia.org/wiki/OSI_model OSI (the intended replacement for TCP/IP) never caught on, even though, for a time, the government was mandating its use. The seven layer model was still recognized as a useful descriptor of networking, and has come to be used as an abstraction, useful for teaching concepts about networking. This book is arranged in that manner, with the addition of one of the "non-standard" layers as the final chapter. Layers 8, 9, and sometimes 10 have multiple references, such as political, financial, and metaphysical. In this case, the authors have chosen to refer to layer 8 as the people layer. Interesting premise, using the OSI 7-layer model to discuss security, with the addition of the engineer's favorite eighth layer, the user. Point and counterpoint in each chapter of "Attack" and then "Defend" brings some cohesion to this inadequately edited book. This book is tolerable as a beginner's book, but some of the information is old, and it's very uneven. I'm also not sure what the point of it should be. It has some good bits, mixed in there. There's some good information on how networks work, which is explained in understandable terms and language. I don't know that this book contributes to the body of work that should comprise a good computer and network security library. The first chapter is an introduction, explaining the approach of the book. The second, termed the physical layer, is actually defined to include everything from locks, lights, and guards (i.e. physical security) to hardware hacking. [Do we really need a discussion of chain link fence sizes in a security book?] I'm not sure of the rationale for things included in this chapter. We have everything from an explanation of pin tumblers (but not what locks are secure) to an overview of passwords (surely misplaced in a discussion of physical security). Finally, in the last third, we approach some interesting hardware hacking. Even here, I'm a bit puzzled. The construction of a one-way network cable is built, but nowhere is there an acknowledgement that lines can still be tapped (not as easily as in the old vampire tap days of thicknet, but it still can happen). Nowhere is there a discussion of interruptions in the data line, nor any realization that the one-way cable could be used for ill as well as good. On the other hand, there are nice pictures to help the casual user learn how to modify a USB Bluetooth to increase the antenna range. Unfortunately, they still repeat that mantra of urban legend that the Internet (which they confuse with TCP/IP) was built to survive a nuclear attack. http://en.wikipedia.org/wiki/ARPANET There are a couple of other caveats with this book. Although it doesn't say so, it is very Linux/Windows centric, and some tools are described in depth (such as ping), without mentioning that arguments and return values may be different on other operating systems. It seems to have been written a year or two ago, even though the publication date is October 17, 2006, much of the information is out of date, and there's no mention at all of Vista. There's the merest nod to IPv6, and almost nothing mentioned of the serious routing protocols and devices (which I somehow expected). It's not a bad book; I've seen much worse. If you're just starting out, it might not be a bad introduction to some of the tools and methodology, but don't let it be your only book. It lists at $49.95, but Barnes and Noble and Amazon are both discounting it. -- We should not be building surveillance technology into standards. Law enforcement was not supposed to be easy. Where it is easy, it's called a police state. -- Jeff Schiller _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Jan 14 2007 - 22:47:48 PST