Thwarting the Enemy

Hacker’s Challenge 2 tests your defensive skills.

• By Michael Toot
• 05/01/2003

Hacker’s Challenge 2 is a collection of scenarios based on the authors’ real-world experiences as professional security consultants. The book is divided into two parts: The first part contains scenarios for you to work through, while the second section provides the solutions. In the first segment, each scenario contains all the necessary facts to detect, identify and solve the problem. This includes network topologies, server and application logs, and relevant “soft” information such as employee discussions. To help you focus your analysis, questions are provided at the end of each scenario that should be answered in order to solve the problem.

The scenarios cover a broad range of attacks, from social engineering and wireless wardriving to buffer overflow attacks and VLAN configuration problems (along with a man-in-the-middle scenario to keep things interesting). Some of the scenarios may seem obvious, including the “default-password-on-the-router” scheme, but they’re all handled with humor and, sometimes, with a bit of misdirection. To protect the innocent—and, occasionally, the guilty—all identifying information has been removed.
In the second section, the solutions contain scenario analyses, showing which relevant information helped solve the cases, and provide answers to the questions posed. The solutions also include sections on prevention and mitigation, and a list of additional resources to pursue if any of these scenarios hit close to home.

While this book offers many good tips, it isn’t for the novice network or systems administrator looking for an instant knowledge transfer. Much of the problem analysis involves reading logs, many of which don’t have the fields or data explained, so previous experience with this level of data diagnosis is highly recommended. Some of it can be worked out in context, but other bits of data require actual knowledge of the subject matter.

Where this book will be most useful is either as a training manual or as a companion volume to Hacking Exposed. Along with its predecessor Hacker’s Challenge (Schiffman, Osborne, 300 pages, $29.99, ISBN 0072193840), Hacker’s Challenge 2 tests your ability to recognize attacks and shows you how to respond quickly when they occur. One good training method would be to assign a scenario at your next team meeting and see how quickly the team can diagnose the problem and propose a solution. One thing these scenarios subtly point out is that no one person typically has all the pieces of the puzzle or all the tools needed to find the answer. Using this book to help identify your teammates’ skill sets and domain knowledge may be the best investment you can make toward intrusion detection and prevention. If nothing else, the scenarios make you wonder just how safe your own environment is and help you realize that security truly is a journey, not a destination.