Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry.
> Shop now
Over the past year there has been a shift within the computer security world away from passive, reactive defense towards more aggressive, proactive countermeasures. Although such tactics are extremely controversial, many security professionals are reaching into the dark side of their tool box to identify, target, and suppress their adversaries. This book will provide a detailed analysis of the most timely and dangerous attack vectors targeted at operating systems, applications, and critical infrastructure and the cutting-edge counter-measures used to nullify the actions of an attacking, criminal hacker.
*First book to demonstrate and explore controversial network strike back and countermeasure techniques.
*Provides tightly guarded secrets to find out WHO is really attacking you over the internet.
*Provides security professionals and forensic specialists with invaluable information for finding and prosecuting criminal hackers.
{"itemData":[{"priceBreaksMAP":null,"buyingPrice":34.66,"ASIN":"1931836205","isPreorder":0},{"priceBreaksMAP":null,"buyingPrice":23.71,"ASIN":"0764537105","isPreorder":0},{"priceBreaksMAP":null,"buyingPrice":33.41,"ASIN":"1931836876","isPreorder":0}],"shippingId":"1931836205::8D2x98Z2spWrZIRY1ZFupxjK%2FJD%2BszKoIDC5si4B22ki%2BOpKpXtCiFDMoIbAyMyIzaNb9%2F13y3%2FmCDE6il9uhMGv2unb0TcPggbeYmaaRMFP8v1q01lsIw%3D%3D,0764537105::dF7p9k5WwbBqAb3P6%2B31nZEKqBbNo2Z9UC%2BmEw6OfxaJpfEWkH0ZuwlrFahy1e5mNAQksW1EWieuHFSch6oC%2BUR91xyQ61aMdzR2hgKmDYE%3D,1931836876::LbddZb10NdVFOa%2FM4kTLyPwz6UNSBSHsbbxY8fL226%2BYRXRryRTOEAfpVcGfyF9rQd9OP4CsbS0VwB7cRYXTUIUTSFPTOY3q28s87tYA3uM%3D","sprites":{"addToWishlist":["wl_one","wl_two","wl_three"],"addToCart":["s_addToCart","s_addBothToCart","s_add3ToCart"],"preorder":["s_preorderThis","s_preorderBoth","s_preorderAll3"]},"currenyCode":"USD","shippingDetails":{"xz":"same","yz":"same","xy":"same","xyz":"same"},"tags":["x","y","z"],"strings":{"addToWishlist":["add to wishlist","Add both to Wish List","Add all three to Wish List"],"addToCart":["Add to Cart","Add both to Cart","Add all three to Cart"],"showDetailsDefault":"Show availability and shipping details","shippingError":"An error occurred, please try again","hideDetailsDefault":"Hide availability and shipping details","priceLabel":["Price:","Price for both:","Price for all three:"],"preorder":["Pre-order this item","Pre-order both items","Pre-order all three items"]}}
Neil R. Wyler (JNCIS-FWV, JNCIA-SSL) is an Information Security Engineer and Researcher located on the Wasatch Front in Utah. He is the co-owner of two Utah-based businesses, which include a consulting firm with clients worldwide and a small software start-up. He is currently doing contract work for Juniper Networks, working with the company's Security Products Group. Neil is a staff member of the Black Hat Security Briefings and Def Con hacker conference. He has spoken at numerous security conferences and been the subject of various online, print, film, and television interviews regarding different areas of information security. He was the Lead Author and Technical Editor of Aggressive Network Self-Defense (Syngress, 1-931836-20-5) and serves on the advisory board for a local technical college.
Continuing in the new theme of fiction and technical how-to, Aggressive Network Self-Defense brings together several authors to provide a wide range of material. Syngress' niche in this space seems to be breaking new ground -- and for the most part, it works. While you don't get as in-depth a treatment as a typical technical book gives you, there is an added dimension: namely, a more realistic scenario of how these tools fit together in a real, live series of actions.
Not being a big fan of most fiction (I tend to prefer history), it's hard to say definitively good or bad things about the quality of the writing. What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer. No over-the-top smearing of adjectives to describe the mundane, and no unrealistic sequences of events. Then again, there's no character development and no real story progression, so it's not great fiction.
As a series of hacker vignettes, the book works just fine, and very well for the purposes at hand. Basically, what the authors want you to get from the book is two-fold: First, they want you to debate the issues around "strike back" attack methodologies. Several of the authors are open advocates of what are legal grey areas and open moral questions in the field of network security. Secondly, they want you to see how it's done, what you do when you actually use a tool to achieve a goal. Most books that do this, like Hacking Exposed, cover far more tools, but they usually do so without showing you each tool's use in a real-world scenario.
I won't bore you with a lengthy, detailed overview of the first part of the book. Like I said, it's a series of part fiction, part tutorial series of short stories.... In them, you'll see tools like Metasploit, virus creation, some nmap, sniffers, and keystroke loggers, all in action, being used as an operator would use them, and achieving real goals. This is more valuable than a basic manual, and the stories themselves act as a nice setting. While not great fiction writers, the authors are decent enough at the job, and they write the technical material clearly.
The second part of the book is interesting. It makes up about a fifth of the book in volume, but a lot more in technical weight. The book bills this section as "The technologies and concepts behind network strike-back," and that's an accurate summary. It's a series of four unique perspectives and technical chapters that complement the rest of the book quite well.
The first introduces ADAM, the "Active Defense Algorithm and Model," which develops a methodology for network administrators to actively defend their networks against attacks. It's quite interesting, and brings together a number of risk models in an uncommon take. The authors are academic researchers from the University of Idaho, so it's a lot more academic than the previous material in Aggressive Network Self-Defense, but it formalizes a lot of the thinking that was present in the writing of the stories and techniques.
The second is Tim Mullen's classic "Defending your right to defend." This is the original position paper shared by Mullen with the information security community in 2002 or so. Here, Mullen makes a compelling case for actually striking back at worm infected hosts. After all, the position holds, someone should do something about them to help clean up the Internet. While it's a position I disagreed with at the time and still do, Mullen's writing is articulate and an important read. It really helps you understand a lot of the thinking that went into the book itself.
Dan Kaminsky wrote the next chapter, "MD5 to be considered harmful someday." Largely considered to be a follow-on to Joux and Wang's one-way hash function research, what it shows is how practical such an attack can be. Kaminsky never fails to come up with interesting ideas he puts into practice, and he adds another level of depth to this book.
Finally, Aggressive Network Self-Defense ends with an interesting paper, "When the tables turn: Passive strike-back." Like any good paper, it has a clear and thoughtful motivation, and really demonstrates the principles at play, namely building network resources that don't simply lure the attacker in, they trip her up. There are so many ways to do this, the authors show us, and ultimately it's almost fun. A good way to end the book.
An over-arching concern with the book that I have is the question of ethics. Mullen, in the foreword, states that he hopes the book stirs a debate about the ethics of the actions in the book. However, the book itself falls short in this area. Instead, sometimes the characters get busted, and sometimes they don't, but just because they didn't get caught doesn't mean some ethical lines weren't crossed. All too often the authors leave the ethical debate up in the air. While I prefer this to overt preaching or questions, the style leaves me wondering if this goal was achieved.
So, where do I stand on Aggressive Network Self-Defense? In the end, I like it, more so than a book like Hacking Exposed or other "hacking how-to" types. The style of presentation doesn't lend itself all that well to exploring a very wide number of tools, but it does give you a deeper context to see how they assemble into something larger. For many people I expect it will be a page turner, and I think the format has some utility, as shown here.Read more ›
Most computer security books focus on how to defend a computer system or network from outside attack: that's the basic difference between them and Neil R. Wylder's Aggressive Network Self-Defense: I'm Mad As Hell, And I'm Not Gonna Take It Anymore! The focus here is on the technical, legal and financial ramifications of a 'strike-back' and 'active defense' program which promotes doing more than just defense. Chapters cover 'cyber dogfights' between hackers and defender/attackers, offers up tales of revenge and following the trail of an attacker, accounts of fights at different network levels, and stories of problem-solving in network attacks. Both fictional and many real-life scenarios are covered, with plenty of technical computer detail. A lively, satisfying book for all levels of computer user, but particularly administrators who want to do more than just defend.
The title of this book says "Agressive." A better word might be "Vigilante."
I live in the west. Vigilante's came about because the law enforcement of the time was to weak to handle the problems. I don't know but that this is the situation out on the internet. I understand that CoolWebSearch is written/distributed from Russia. Who is going to go tell them that I don't want their stuff on my machine?
This book presents a series of "fictional" incidents where people being attacked strike back using technological means. Most of the time the police get involved at the end, usually finding the wrong man. None the less, the stories do an excellent job of describing how "aggressive" network defenders might attempt to strike back at attackers. These stories are certainly a more interesting approach than the typical computer manual.
The second part of the manual gets more technical and describes in greater depth the tools and techniques that the defenders in the fictional stories use.
The whole book brings up a series of moral questions. Where do you just build walls and defenses vs. where do you go out and counter-attack the attackers? Where are you counter-attacking illegally, with the potential to get caught yourself? It's quite a book and perhaps a sign of the coming times.
It is fair to say that most of the current strategies for network defense are passive, in that they involve setting up elaborate security shields to thwart or redirect intruders. The reason for this no doubt is that network administrators and IT departments do not want to face the legal consequences if they do as the authors of this book advocate, namely launching an attack on an intruder (human or otherwise) that will effectively disable it or at least frustrate it to a large degree. Interestingly though, the legal framework surrounding "aggressive" network self-defense is far from being clear. It would seem that existing laws on the books dealing with harassment and public nuisance would in fact support a large degree of "strike-back" network defense. The authors of this book seem to agree on this legal right, but the initial discussions in the book do illustrate the severe consequences that could arise if a security administrator were to take up the strike-back philosophy.
The weapons of aggressive self-defense include the PDA, which is discussed in the first chapter of the book, and which are described as being "easy to infect" by the author of the chapter. After bragging how he was able to compromise other people's PDA via the exchange of games, he discovered that his own PDA had been compromised by a key logger. He then describes how he found out exactly how he was infected, called naturally "computer forensics." To carry out the `reverse engineering' requires a debugger, a disassembler, and a hex editor.... His discussion will be fascinating reading, especially those readers (such as this reviewer) who are not committed hackers or security specialists, but who need a good understanding of the issues in order to attempt to emulate them in more sophisticated, distributed computing environments. To get down to the assembly language after possibly many years of high-level programming is intoxicating to say the least. The author's analysis leads him to the conclusion that a backdoor FTP server running on port 69 (instead of the usual port 21). His plan was then to find out who installed the FTP server and then launch a reverse attack. The attack consisted of two phases, with the first one preventing the attacker from having access to his information and trick the attacker into downloading a file of his choice. The manner in which the author communicates convinces the reader that he knows what he is talking about. In order to know for sure one would have to go through the attack procedures as he organizes them. Unfortunately he author lost his job over his escapades, when instead he should have been rewarded for his ingenuity and skill. He was acting properly in taking action against an attack originally targeted to his machine.
The next chapter discusses an attack scenario in a common place these days: the cybercafe. The goal of the chapter is convince the reader to be wary of wireless hotspots that can easily be compromised. The author describes a scenario that actually began with criminal intent, and occurring in a WLAN environment, consisted of tricking users into logging into a person's own laptop. The author describes in detail what this person had to create and install on his laptop in order to pull off this deception, becoming the notorious "man-in-the-middle." He did this in order to obtain the credit card numbers of the customers who unwittingly logged into his machine instead of the correct access point. His scam was discovered and he was rightly arrested after he had run up over $10,000 in charges. But interestingly, his man-in-the-middle scam was detected by the WLAN administrator, and when this individual took it on himself to perform the investigation he attacked the scammer's machine and in the process broke some many laws that the evidence he collected was ruled inadmissible. The credit card companies sued the administrator since he nullified the federal case against the original scammer. Even though he won the case against him, his culpability is a grey area for sure, and this case reflects some of the ambiguities in digital law at the present time (both criminal and civil).
There are many more attack scenarios discussed in the book, all of which serve as tutorials in the many different tools that are have been exploited by both invaders and attackers. These include cache snooping, port knocking, TCPDump, Knoppix STD, Ethereal, Squid, honeypots, Sudo, cookie tracking, Trojan horses, keyloggers, Netcat, Nmap, PatriotBox, Traceroute, ping sweeping, IPSec rule injection, MD5 hashing, Stripwire, passive strike-back, and mass vulnerability scans. There is ample material here to educate oneself on how attacks can be accomplished and how therefore to defend systems against them. By far the most interesting part of the book though is the second one, since it goes into more of the conceptual background behind what the authors call `active defense.' They define this as an "action sequence performed between the time an attack is detected and the time it is known to be finished, in an automated or non-automated fashion, to mitigate a threat against a particular asset." This definition is one that is used in their model of network defense, which they call ADAM (Active Defense Algorithm and Model). The different steps to be taken, and the legal and ethical ramifications of ADAM are discussed in great detail. An interesting part of this discussion concerns the `scoring chart' that is used to compare the risk of a materializing threat with the risk of an active defense action. In addition, the calculation of risk is interesting in that it is similar to what is done in some areas of financial engineering.Read more ›
