Best Defense

What's going on in your network? Who can you trust? Take a look at Hackproofing Your Network and find out just how vulnerable you may be.

• By T. Brian Granier
• 11/01/2002

In today's high-tech Internet-enabled world, it's generally accepted that the question isn't if you've been attacked, but when and how often. This book serves to educate security professionals in the techniques commonly used to penetrate systems and networks. Topics include low-level physical compromises, such as simple network sniffs; high-level compromises that require a firm understanding of computers; the way the operating systems work on those compromises; and how unexpected inputs can lead to potential vulnerabilities.

The book is organized into highly specialized chapters that can be treated as separate unique methods of system compromise. In general, the author for each section explains the general purpose of a vulnerability, methods of utilizing this vulnerability and techniques used to stop or mitigate related attacks.

The title can be quite misleading when compared to the content of the book. While readers might expect to find this book focused on methods of prevention, the majority of the time was spent explaining how to find and utilize vulnerabilities in order to penetrate a network. This doesn't suggest that the book doesn't address methods of prevention, just that it doesn't dedicate quite as much time to the subject. It would be prudent to caution potential buyers about buying this book by the title alone. Instead, buyers should take the time at the bookstore to read the first chapter, which gives an introduction to the material and lays the groundwork for what to expect.

As each chapter is written by a different author or a different group of authors, it's not surprising that style and technical detail vary. Each section provides enough explanation to convey the knowledge necessary to understand the exploit being described. Some chapters, however, went into highly detailed examples to explain exactly how vulnerabilities are exploited. My biggest concern with this book is the lack of right-brain stimulation. Without a fair amount of sideline quips, situational jokes and amusing banter, I found it difficult to stay focused over a long period of time. The sideline stories, however, did ease the situation by adding real-world perspectives to the mostly theoretical discussions presented in each chapter.

Because information security is an ever-evolving science, it should be no surprise that the publisher provides a companion Web site to the book. By providing a venue to post white papers, make code that was used throughout the book downloadable, and distribute an electronic version of the book, the problem of becoming outdated by the time the book prints is mitigated. Although only one white paper was available at the time of this review, this is most likely due to the recent the publish date. I submitted five questions to the author. Three of these questions received a response in exactly one week. The other two remain unanswered after two weeks. The responses that were received were very satisfactory in answering the question presented, and two of these questions made it to the Web site's "Ask the Author" question and answer page.

Overall, this book is a good addition to any security professional's library. Technical professionals will find this book a valuable introduction to the world of information security and hacking techniques and they'll benefit most if they're already highly skilled as a computer professional (I suggest the targeted audience be someone with equivalent to MCSE skills or higher.)