Superb, well balanced content   June 3, 2003

The coverage is balanced between the various colors of hats people wear and contains masses of recommendations for hardening the various components discussed.


Overall good - great to see focus on internal security   April 28, 2003
  3 out of 6 found this review helpful

There is many hacking books out there right now. Many of these are concerned with external penetration testing, which most non-security professionals are obsessed with - thanks to all the sensationalized hacking stories by the often clueless press.

"Special Ops" discusses the internal threat, which in most cases is more important to the majority of businesses. A simple and straight forward methodology is presented to deal with internal security. Analyze your business, identity your business assets, profile them, group them and prioritize them and then finally secure these assets using the 80/20 pareto principle. This is common sense but great to see that someone has written a book about it.

There are separate chapters covering various platforms (WinX, Unix etc), database & application servers (Exchange, Oracle etc) and web applications. The final chapter discusses the most important topic - security policies. Without a security policy driven by business requirements - there will be no "real" security... The chapters are written by various subject matter experts, which makes the book feel like a collection of white papers. A few chapters are very high level - the books spans a very wide range of topics. Most of the information can be easily found on the internet if you know where to go and look.

One complaint is the pages with code examples. Put code examples on a CD and include the CD with the book. I do not think people are interested in spending time typing in the code examples. This should be supplied with the book on a CD.

To summarize, overall an interesting book, due to the focus on internal testing. Wide area of topics, which makes the content a bit too high level at times. One thought that always strike me is the emphasis on the technology. Technology is only a business tool. It is more important to understand your business, manage your people and physical security before you should worry about the technology. What good is all the network and host security if you can either call your business and social engineer passwords or even worse - just walk into your secure areas uncontested and do whatever I want to do? I guess it is easier to control about deal with the logical aspects and technology than irrational people who never do what they are supposed to,


The CISO or Auditor Survival Guide   April 3, 2003
  24 out of 27 found this review helpful

Yesterday morning I spent the better part of an hour in an interview with a reporter. The topic: "If you were giving advice to a brand new security officer, a CSO, or CISO, about how to avoid being fired in their first year, what would you tell them?" After the interview I started to read Special Ops and if there was any way to go back in time I would have told that reporter, tell them to buy Special Ops and read it at least three times.

I normally classify books into a couple of categories; there are books about things and books that tell you how to do things. Special Ops weighs in at a thousand plus pages and covers Windows XP, 2000, Outlook, Exchange, Unix, Security Policy and much more, yet does not fall neatly into either category. So what category is Special Ops?

Dan Lynch, a founder of the Internet and the founder of Interop once used a term, Bogon filter, years before BGP was invented. Bogon, apparently, was a synonym for blarney if you get my drift. Technical people will tell managers and auditors almost anything because they are pretty sure they can get away with it. The chapters in this book are written by brilliant people; they are packed with useful information. You will not learn enough about securing XP to hang out your shingle, but if you read that chapter a couple times you will certainly be on solid ground to determine if the consultant you are considering hiring to secure your XP systems knows enough to even get near your computer facility. The auditor that invests the time to read this book cover to cover three times should be given a t-shirt that says "Fear me". Special Ops can help you develop a bogon filter better than any other single book I have seen on the marketplace.

Chapter 18, Creating Effective Corporate Security Policies, is one of the most fascinating chapters in the book. Though obviously it covers material that can be found in other places, the authors clearly knows their stuff; it is pure pragmatic advice. The warnings ring true and the links are there.

Though content is the most important ingredient of a technical book and Special Ops is packed with content, layout is also important. The book was happy to lay flat within the first four minutes I was playing with it. The fonts are well chosen and large enough to be readable, the paper is substantial. I do have two complaints regarding layout. After the first reading, it will primarily serve as a reference book, so running a camouflage overprint across half of the table of contents was less than brilliant. The same goes for the silly FAQ stamp on top of the questions. Never intentionally make a book hard to read! On the other hand, summary links for more information and an FAQ for every chapter show a real concern for the needs of the reader. As always, just buying the book and putting it on the shelf will not make your systems and network more secure. I have only met Erik Birkholz twice, but I truly believe that if you come up to him hoping for his autograph he is going to reserve a special word for the person with a copy of Special Ops that is full of sticky notes and scribble in the margins. This author team must have worked very hard to produce something this powerful; drink deep of their knowledge.


Tons of new stuff!   March 27, 2003
  4 out of 5 found this review helpful

I'm not sure what book this guy from Orange, CA was reading, but I found all kinds of new and relevant information in several chapters! The chapter on Terminal Services was especially enlightening. Many new things to consider when rolling this one out to the enterprise! Yikes.

I think the reader from Orange missed the whole point of the book. It wasn't intended to be a catalog of the latest and greatest tools on the market - like the Hacking Exposed series - it looks like it was designed to help internal security staffs think differently about how they secure the critical components of the enterprise. This includes how they write their policies, and consider the human factor in the security equation.

I have personally used the book's content to create focused audit programs and been very successful at doing so.

Please create more books in this series!


Huh?   March 27, 2003
  2 out of 3 found this review helpful

I just finished this book and I found it to be well written, comprehensive, and incredibly informative and up to the minute in terms of the vulnerabilities covered. I specialize in SQL security and I'm not sure if the negative reviewer below actually read this chapter. He complains the SQL chapter: "...mentions nothing about port blocking which is the first thing I would do. UDP Port 1434 really has no purpose and should be blocked..." The following is from page 637 of the SQL chapter in Special Ops: "It cannot be stressed enough just how important it is to either apply this patch [from MS] or block all UDP 1434 inbound to the server." It's a great book and I don't think people should be turned off by incorrect criticsisms.