 | | |
| Hack Proofing Your Network (Second Edition) | 
| Authors: Dan Kaminsky, Rain Forest Puppy, Joe Grand, K2, David Ahmad, Hal Flynn, Ido Dubrawsky, Steve W. Manzuik, Ryan Permeh
Creator: Ryan Russell
Publisher: Syngress
Category: Book
List Price: $49.95
Buy New: $7.15
You Save: $42.80 (86%)
Buy New/Used from $2.50
Avg. Customer Rating:  (5 reviews)
Sales Rank: 738276
Media: Paperback
Edition: 2
Number Of Items: 1
Pages: 824
Shipping Weight (lbs): 3.1
Dimensions (in): 9.1 x 7.4 x 1.7
ISBN: 1928994709
Dewey Decimal Number: 005.8
EAN: 9781928994701
ASIN: 1928994709
Publication Date: March 2002
Availability: Usually ships in 1-2 business days
|
| Editorial Reviews:
Product Description
Called a bold, unsparing tour of information that never swerves from the practical, this updated and considerably expanded bestseller will quickly achieve top shelf placement on your information security bookshelf. Hack Proofing Your Network, Second Edition shows you that the only way to stop a hacker is to think like one. 1. Know the Laws of Security Review the authors guidelines for discovering security problems when reviewing or designing a system. 2. Learn the Seven Categories of Attack See how denial of service, information leakage, regular file access, misinformation, special file/database access, remote arbitrary code execution, and elevation of privileges can hurt you! 3. Prevent Diffing See how the comparison of a program, library, or file before and after some action can affect your network data. 4. Learn about Standard Cryptographic Algorithms See how secure your encrypted files and passwords really are. 5. Understand Format String Vulnerabilities Learn about one of the newest additions to the hackers bag of tricks. 6. Read About Session Hijacking Types Review TCP session hijacking, ARP attacks, route table modification, UDP hijacking, and man-in-the-middle attacks. 7. Understand the Strategic Constraints of Tunnel Design Create tunnels that are end-to-end secure and learn how to use authentication in OpenSSH. 8. Hack Proof Your Hardware Design products with tamper mechanisms: resistance, evidence, detection, and response. 9. Download a Free Sniffer from the Books Web Site Access the Hack Proofing Web site for complete source code and Carnivore Source Code. 10. Register for Your 1 Year Upgrade The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!
|
| Customer Reviews:
 Not the best one, but good for the price/size October 14, 2004
1 out of 1 found this review helpful
The books offers some basic theory and knowledge. Not very practical though. Good starting point and reference book.
 Big Names, Great Book April 28, 2002
15 out of 15 found this review helpful
When I read the first edition of this book, was truly disappointed. I was wondering how such people could have written such book. Not that the book was worthless, but too 'standard' to met the expectations I had from these guys.
Still the idea was very interesting (information directly from the real experts), and I kept waiting for a new edition.
Well the second edition is now out, and not only fulfills, but exceeds all my original expectations !!Let's take a look: The Approach: Understanding attacks and vulnerabilities, by understanding 'how to hack' (good hacking of course. . . .ahem ) The Book: Rewritten, expanded and improved, the book consists of 800+ pages well structured into 18 chapters (against 450+ pages and 15 chapters of the first edition).
Well written, well presented, with a real fancy table of contents, the chapters include url's, a FAQ section and a SOLUTIONS FAST TRACK one.
A lot of CLEVER code is included as well as helpful 'Tool & Traps' and 'Notes from the Underground. . . ' outlines. The new sections (all outstanding) include:
- Hardware Hacking (otherwise only found in papers)
- Tunneling (excellent)
- IDS evasion (very easily explained)
- Format strings attacks The Intended Audience: People willing to become network security pros. Contents: - Introduction to Security, Attacks and related Methodologies.
- Cryptography.
- Unexpected Input, Buffer Overflow, Format Strings.
- Sniffing, Hijacking and Spoofing.
- Tunneling, Hardware Hacking, Viruses (et al.).
- IDS Evasion.
- Automated Tools.
- Reporting Security Problems. The Bottom Line: It is not just a good book, it is the best book among high level network security books, and the only that compares with specialized papers. Only quite easier.
I got more than 60 papers on buffer overflows. None compares with the classical 'Smashing The Stack For Fun And Profit' by Aleph One. IMHO, however, the corresponding chapter from this book, does compare and is really easier to understand.
Finally, the 'piece de resistance' of the book, is the chapter about Spoofing. Really enjoyed it, and by the way got surprised reading the innovative (to me) technique to 'Spoof Connectivity Through Asymmetric Firewalls'. Good Job Dan ;-)
As an added bonus, as an owner of this book, you'll find a lot of code files, applications and links...
Original content will satisfy security professionals March 29, 2002
8 out of 8 found this review helpful
It's difficult to find original material in most security books. "Hack Proofing Your Network, 2nd Edition" (HPYN2E) breaks that trend. Responding to feedback on the first edition, the authors have made numerous improvements in the second edition. If you're looking for relatively novel content in a security book, read the sections of HPYN2E I discuss next. HPYN2E shines in many respects. The "laws of security" in chapter 2 are accurate and enlightening. Chapter 4 helps teach secure programming techniques by comparing insecure and secure code snippets. Chapter 4 also demonstrates debugging and disassembling code, usually not seen in security texts. Chapter 8 probably contains the most advanced coverage of buffer overflows I've read in a book. By actually showing and explaining stack traces, the authors share a level of detail sufficient to satisfy all but the most elite coders. Chapters on "diffing" (5) and format strings (9) are robust. Hardware hacking, thoroughly described in chapter 14, is fascinating. The author cared enough to include numerous clear photographs of disassembled equipment, and mentioned many helpful external web references.
While these great chapters comprise more than half of HPYN2E, the remainder is not exceptional. I was not happy with the rambling, wordy chapters on spoofing (12) and tunneling (13). Spare us the quotes from Dante's "Divine Comedy"! Still, this material is easily skimmed.
Because HPYN2E is written more from an intruder's point of view, the title doesn't seem to reflect the material. The book isn't exactly a "how to hack" manual, but it expertly illuminates many facets of compromising information resources.
Better than the rest! March 14, 2002
2 out of 2 found this review helpful
I have the first edition of this book also, and I was really glad to see the second edition come out. There are some great hacking books out now, but I really think these ones are the best. I found in depth coverage on a lot of stuff you just can't find any place else. Some very cool info. on administering hosts locked behind a firewall and tips for making a "poor man's VPN". I also like that a lot of big names wrote the book, and their personalities really come through. A lot of tech. books can be a little dry even if they are well written. This one is actually entertaining also.
5+ Stars are Deserved on this one! March 12, 2002
6 out of 6 found this review helpful
I picked this book up about a week ago, and have been reading it ever since- I'm reading slow because it's *really* packed with info. There is tremendous coverage on everything from Buffer Overflow, Format Strings, Tunneling, etc. I've spent a ton of time reading Chapter 12 on Spoofing- extremely well-done! There's coverage here of such things as:
* Spoofing SSL by using web graphics to simulate the appearance of an SSL encrypted connection. After all, the user doesn't know what's on the wire, only what's on the screen.
* Routing packets in userspace using libnet and libpcap- a step by step tutorial
* Establishing a TCP connection between two firewalled and NATted hosts by setting a low time-to-live on a connection request and having some broker on the internet spoof a connection response.
This book is an absolute must to own...
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|