 | | |
| Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks | 
| Author: Michal Zalewski
Publisher: No Starch Press
Category: Book
List Price: $39.95
Buy New: $7.81
You Save: $32.14 (80%)
Buy New/Used from $7.60
Avg. Customer Rating:  (26 reviews)
Sales Rank: 251837
Format: Illustrated
Languages: English (Original Language), English (Unknown), English (Published)
Media: Paperback
Number Of Items: 1
Pages: 312
Shipping Weight (lbs): 1.3
Dimensions (in): 9.2 x 6.9 x 1
ISBN: 1593270461
Dewey Decimal Number: 005.8
UPC: 689145704617
EAN: 9781593270469
ASIN: 1593270461
Publication Date: April 15, 2005
Availability: Usually ships in 1-2 business days
|
| Customer Reviews:
 The best (most unique, most interesting) security book I've read, period. October 1, 2005
15 out of 16 found this review helpful
I have an extensive library of computer security books, and this is by far the most interesting, most novel, most entertaining computer security book I own. I am actually going through each of the footnotes, reading every paper mentioned in the book. This books is not a textbook for system cracking or defending your system, like O'Reilly's Practical Unix and Internet Security (my second favorite security book). Instead Zalewski has gone somewhere entirely new, showing how your computer leaks information to other parties without 99.999% of the population realizing it. I do network security for a living, am a privacy fanatic, and figured I'd learn a few new things. I was overwhelmed by the amount of new information I learned. Reading this book was a humbling yet exhilirating experience. Some of the sections are written so clearly a lay person could understand them, but other sections assume a great deal of knowledge of computer lore, particularly TCP/IP networking. Buy this book, then run silent, run deep.
Recommended to the attention of technophiles with an interest in computer security August 14, 2005
6 out of 7 found this review helpful
Silence On The Wire: A Field Guide To Passive Reconnaissance And Indirect Attacks by computer security and programming expert Michal Zalewski focuses upon fundamentals of computing so that even non-specialist general readers can understand network design and their own computing activities, becoming able to address computer security issues. Silence On The Wire follows the path of a piece of information from the moment the user's hand touches the computer keyboard to the instant when it is received by a remote party on the other end of the wire. Zalewski notes that security concerns don't simply stem from a set of isolated faults that can be worked around, but represent issues associated with every process and system, and therefore they need to be understood and studied within that broader and more comprehensive context. Informed and informative, thoughtful and thought-provoking, Silence On The Wire should be considered mandatory reading for all security professionals, and is enthusiastically recommended to the attention of technophiles with an interest in computer security for themselves and their associates.
This One Goes On The Short List of July 24, 2005
10 out of 11 found this review helpful
Excellent!
Zalewski's book is packed with information. The level of detail and technical difficulty of a lot of the information seem to make the book geared more toward those already familiar with computer security and information warfare rather than security novices. Those who are familiar with computer and network security may feel that parts of the book are too basic or beneath the level they are looking for, but Zalewski generally has a goal in mind and is just laying the groundwork to build up to it.
Most people in computer security, and even home users with little understanding of network security, are familiar with the major types of overt attacks (viruses, worms, phishing scams, spyware, etc.) and the countermeasures to protect their systems (antivirus, antispyware, firewalls, IDS, etc.), but this book uncovers the ominous volumes of data that can be extracted and exploited using passive reconnaissance techniques.
The book is called a "Field Guide" in the subtitle and it reads more or less like one. It provides the information and details you need in the trenches to wage an effective war against information insecurity. This is one that I would dub a "must read" for anyone working directly with network security.
[...]
Deep and penetrating look at security July 19, 2005
31 out of 35 found this review helpful
Irrespective of the myriad proclamations of systems or products being hackerproof, bulletproof and the like; given enough time and money, everything is breakable. Security purists may argue that one-time pads are provably and perfectly secure. While that is correct in the pristine halls of academic cryptography, the real world is littered with many one-time pads of dubious security.
The fact that everything is breakable from an information security perspective is good news to Luddites and bad news for the paranoid. Hopefully, most people fall between those two opposites and with that, Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks is an fascinating book on knowing when to be suspicious and when to be complacent.
The premise of the book is that there are countless ways that a potential attacker can intercept information and sniff data. The title points out that these silent stealth-like attacks are often difficult to detect, and all the more so to defend against. The better you understand the threats, the better you can monitor and defend against them.
The author writes about his work with data reconnaissance and details how computers and networks operate, with a special emphasis on how they process and transmit data. With such transmissions, there are significant security threats; which is what this book details.
Make note that this is not a For Dummies type of book. It is written for security engineers and experienced system administrators that have a heavy background in networking and security. Electronic engineers will feel very much at home with the many schematics and encodings in the code. The book is written for those that are very comfortable with programming and complex networks.
The books 260 pages contain four parts and 18 chapters. Part one details the long journey that a keystroke takes. Between the keyboard and the ultimate destination of the data, there are myriad ways the data can be misappropriated. These include traditional attacks, in addition to protocol attacks and problems with the CPU.
Part 2 details how data is transmitted and the various avenues of attack that can be launched against the data. Note that the subtitle of the book is a field guide to passive reconnaissance and indirect attacks. The book is all about the passive types of attacks that are often quite prevalent, yet overlooked. In the section The Art of Transmitting Data, the author details the electronic mechanisms on how data traverses a network and the avenues of attacks. One of the easiest attacks is the monitoring of modem or router lights. With the proper analysis and deduction, an attacker can surmise a significant amount about the nature of the traffic.
Part 2 closes with an interesting overview of how to provide better security to switched Ethernet networks. The author notes that that Ethernet networks don't provide a universal and easy way to ensure the integrity and confidentiality (two pillars of security) of the data they transmit, or are they engineered to withstand malicious, intentionally injected traffic. Ethernet is simply a means for interfacing a number of local, presumably trusted systems. With such a premise, it is no wonder that security issues abound.
Part 3 spends about 100 pages on routing and security issues involved with TCP/IP. While there is not a significant amount of new information in these chapter (passive fingerprinting, fragmentation attacks, sequence number issues and more have been heavily documented), it provides a good overview of the inherent insecurity with the TCP/IP set of protocols.
Part 4 is closes with the authors notion of parasitic computing, which is when computations and storage in normal network traffic are hidden. With parasitic computing, data can be stored in mail queues and ICMP echoes, where remote hosts perform remote computations on them.
If you are looking for a book on quick tips to securing your network, Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks will not fill your need. This is a book written for those that want to know what goes on deep in the recesses of their computers, switches and network protocols. After reading the book, some may view it as an exercise in theoretical problems that bare little resemblance to the real world. But the fact is that many security problems that are originally labeled as theoretical and academic, end up being quite practical and devastating. Many software vendors will reply to a threat with a reply that it only applies to a lab scenario, only to quickly retreat and create a patch.
On the down side, the book can be dry at times. When you combine mathematical formulas, electronic engineering and abstract computer security, the book occasionally reads like James Joyce.
Overall, Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks is a most valuable book. It is a densely back whirlwind of deep technical information that gets to the very underpinning of computer security. Silence on the Wire makes you think about serious security problems that you never thought of before, or were even aware existed. Read it and get ready to be humbled.
Plenty of technical details as well as invaluable overviews of system vulnerabilities and results of attacks July 5, 2005
5 out of 7 found this review helpful
Silence On The Wire: A Field Guide To Passive Reconnaissance And Indirect Attacks by computer security expert Michael Zalewski could deserves the widest possible readership for its powerful message on computer vulnerabilities in a today's computer-oriented society. From tracking the source of attacks to security issues in ethernet systems and internet security, Silence On The Wire provides plenty of technical details as well as invaluable overviews of system vulnerabilities and results of attacks. If you have a computer, and are concerned with online scams and attacks, then you need to read Silence On The Wire!
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|
