Customer Reviews

Aggressive Network Self-Defense

5 star:		(2)
4 star:		(4)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

Continuing in the new theme of fiction and technical how-to, Aggressive Network Self-Defense brings together several authors to provide a wide range of material. Syngress' niche in this space seems to be breaking new ground -- and for the most part, it works. While you don't get as in-depth a treatment as a typical technical book gives you, there is an added dimension: namely, a more realistic scenario of how these tools fit together in a real, live series of actions.

Not being a big fan of most fiction (I tend to prefer history), it's hard to say definitively good or bad things about the quality of the writing. What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer. No over-the-top smearing of adjectives to describe the mundane, and no unrealistic sequences of events. Then again, there's no character development and no real story progression, so it's not great fiction.

As a series of hacker vignettes, the book works just fine, and very well for the purposes at hand. Basically, what the authors want you to get from the book is two-fold: First, they want you to debate the issues around "strike back" attack methodologies. Several of the authors are open advocates of what are legal grey areas and open moral questions in the field of network security. Secondly, they want you to see how it's done, what you do when you actually use a tool to achieve a goal. Most books that do this, like Hacking Exposed, cover far more tools, but they usually do so without showing you each tool's use in a real-world scenario.

I won't bore you with a lengthy, detailed overview of the first part of the book. Like I said, it's a series of part fiction, part tutorial series of short stories. In them, you'll see tools like Metasploit, virus creation, some nmap, sniffers, and keystroke loggers, all in action, being used as an operator would use them, and achieving real goals. This is more valuable than a basic manual, and the stories themselves act as a nice setting. While not great fiction writers, the authors are decent enough at the job, and they write the technical material clearly.

The second part of the book is interesting. It makes up about a fifth of the book in volume, but a lot more in technical weight. The book bills this section as "The technologies and concepts behind network strike-back," and that's an accurate summary. It's a series of four unique perspectives and technical chapters that complement the rest of the book quite well.

The first introduces ADAM, the "Active Defense Algorithm and Model," which develops a methodology for network administrators to actively defend their networks against attacks. It's quite interesting, and brings together a number of risk models in an uncommon take. The authors are academic researchers from the University of Idaho, so it's a lot more academic than the previous material in Aggressive Network Self-Defense, but it formalizes a lot of the thinking that was present in the writing of the stories and techniques.

The second is Tim Mullen's classic "Defending your right to defend." This is the original position paper shared by Mullen with the information security community in 2002 or so. Here, Mullen makes a compelling case for actually striking back at worm infected hosts. After all, the position holds, someone should do something about them to help clean up the Internet. While it's a position I disagreed with at the time and still do, Mullen's writing is articulate and an important read. It really helps you understand a lot of the thinking that went into the book itself.

Dan Kaminsky wrote the next chapter, "MD5 to be considered harmful someday." Largely considered to be a follow-on to Joux and Wang's one-way hash function research, what it shows is how practical such an attack can be. Kaminsky never fails to come up with interesting ideas he puts into practice, and he adds another level of depth to this book.

Finally, Aggressive Network Self-Defense ends with an interesting paper, "When the tables turn: Passive strike-back." Like any good paper, it has a clear and thoughtful motivation, and really demonstrates the principles at play, namely building network resources that don't simply lure the attacker in, they trip her up. There are so many ways to do this, the authors show us, and ultimately it's almost fun. A good way to end the book.

An over-arching concern with the book that I have is the question of ethics. Mullen, in the foreword, states that he hopes the book stirs a debate about the ethics of the actions in the book. However, the book itself falls short in this area. Instead, sometimes the characters get busted, and sometimes they don't, but just because they didn't get caught doesn't mean some ethical lines weren't crossed. All too often the authors leave the ethical debate up in the air. While I prefer this to overt preaching or questions, the style leaves me wondering if this goal was achieved.

So, where do I stand on Aggressive Network Self-Defense? In the end, I like it, more so than a book like Hacking Exposed or other "hacking how-to" types. The style of presentation doesn't lend itself all that well to exploring a very wide number of tools, but it does give you a deeper context to see how they assemble into something larger. For many people I expect it will be a page turner, and I think the format has some utility, as shown here.

Most computer security books focus on how to defend a computer system or network from outside attack: that's the basic difference between them and Neil R. Wylder's Aggressive Network Self-Defense: I'm Mad As Hell, And I'm Not Gonna Take It Anymore! The focus here is on the technical, legal and financial ramifications of a 'strike-back' and 'active defense' program which promotes doing more than just defense. Chapters cover 'cyber dogfights' between hackers and defender/attackers, offers up tales of revenge and following the trail of an attacker, accounts of fights at different network levels, and stories of problem-solving in network attacks. Both fictional and many real-life scenarios are covered, with plenty of technical computer detail. A lively, satisfying book for all levels of computer user, but particularly administrators who want to do more than just defend.

The title of this book says "Agressive." A better word might be "Vigilante."

I live in the west. Vigilante's came about because the law enforcement of the time was to weak to handle the problems. I don't know but that this is the situation out on the internet. I understand that CoolWebSearch is written/distributed from Russia. Who is going to go tell them that I don't want their stuff on my machine?

This book presents a series of "fictional" incidents where people being attacked strike back using technological means. Most of the time the police get involved at the end, usually finding the wrong man. None the less, the stories do an excellent job of describing how "aggressive" network defenders might attempt to strike back at attackers. These stories are certainly a more interesting approach than the typical computer manual.

The second part of the manual gets more technical and describes in greater depth the tools and techniques that the defenders in the fictional stories use.

The whole book brings up a series of moral questions. Where do you just build walls and defenses vs. where do you go out and counter-attack the attackers? Where are you counter-attacking illegally, with the potential to get caught yourself? It's quite a book and perhaps a sign of the coming times.

It is fair to say that most of the current strategies for network defense are passive, in that they involve setting up elaborate security shields to thwart or redirect intruders. The reason for this no doubt is that network administrators and IT departments do not want to face the legal consequences if they do as the authors of this book advocate, namely launching an attack on an intruder (human or otherwise) that will effectively disable it or at least frustrate it to a large degree. Interestingly though, the legal framework surrounding "aggressive" network self-defense is far from being clear. It would seem that existing laws on the books dealing with harassment and public nuisance would in fact support a large degree of "strike-back" network defense. The authors of this book seem to agree on this legal right, but the initial discussions in the book do illustrate the severe consequences that could arise if a security administrator were to take up the strike-back philosophy.

The weapons of aggressive self-defense include the PDA, which is discussed in the first chapter of the book, and which are described as being "easy to infect" by the author of the chapter. After bragging how he was able to compromise other people's PDA via the exchange of games, he discovered that his own PDA had been compromised by a key logger. He then describes how he found out exactly how he was infected, called naturally "computer forensics." To carry out the `reverse engineering' requires a debugger, a disassembler, and a hex editor. His discussion will be fascinating reading, especially those readers (such as this reviewer) who are not committed hackers or security specialists, but who need a good understanding of the issues in order to attempt to emulate them in more sophisticated, distributed computing environments. To get down to the assembly language after possibly many years of high-level programming is intoxicating to say the least. The author's analysis leads him to the conclusion that a backdoor FTP server running on port 69 (instead of the usual port 21). His plan was then to find out who installed the FTP server and then launch a reverse attack. The attack consisted of two phases, with the first one preventing the attacker from having access to his information and trick the attacker into downloading a file of his choice. The manner in which the author communicates convinces the reader that he knows what he is talking about. In order to know for sure one would have to go through the attack procedures as he organizes them. Unfortunately he author lost his job over his escapades, when instead he should have been rewarded for his ingenuity and skill. He was acting properly in taking action against an attack originally targeted to his machine.

The next chapter discusses an attack scenario in a common place these days: the cybercafe. The goal of the chapter is convince the reader to be wary of wireless hotspots that can easily be compromised. The author describes a scenario that actually began with criminal intent, and occurring in a WLAN environment, consisted of tricking users into logging into a person's own laptop. The author describes in detail what this person had to create and install on his laptop in order to pull off this deception, becoming the notorious "man-in-the-middle." He did this in order to obtain the credit card numbers of the customers who unwittingly logged into his machine instead of the correct access point. His scam was discovered and he was rightly arrested after he had run up over $10,000 in charges. But interestingly, his man-in-the-middle scam was detected by the WLAN administrator, and when this individual took it on himself to perform the investigation he attacked the scammer's machine and in the process broke some many laws that the evidence he collected was ruled inadmissible. The credit card companies sued the administrator since he nullified the federal case against the original scammer. Even though he won the case against him, his culpability is a grey area for sure, and this case reflects some of the ambiguities in digital law at the present time (both criminal and civil).

There are many more attack scenarios discussed in the book, all of which serve as tutorials in the many different tools that are have been exploited by both invaders and attackers. These include cache snooping, port knocking, TCPDump, Knoppix STD, Ethereal, Squid, honeypots, Sudo, cookie tracking, Trojan horses, keyloggers, Netcat, Nmap, PatriotBox, Traceroute, ping sweeping, IPSec rule injection, MD5 hashing, Stripwire, passive strike-back, and mass vulnerability scans. There is ample material here to educate oneself on how attacks can be accomplished and how therefore to defend systems against them. By far the most interesting part of the book though is the second one, since it goes into more of the conceptual background behind what the authors call `active defense.' They define this as an "action sequence performed between the time an attack is detected and the time it is known to be finished, in an automated or non-automated fashion, to mitigate a threat against a particular asset." This definition is one that is used in their model of network defense, which they call ADAM (Active Defense Algorithm and Model). The different steps to be taken, and the legal and ethical ramifications of ADAM are discussed in great detail. An interesting part of this discussion concerns the `scoring chart' that is used to compare the risk of a materializing threat with the risk of an active defense action. In addition, the calculation of risk is interesting in that it is similar to what is done in some areas of financial engineering.

'Aggressive Network Self-Defense' (ANSD) is another innovative Syngress book. It leaps beyond the theories of digital self-defense initially proposed by Tim Mullen in 2002. Tim tried to justify using 'neutralizing agents' to disable malicious processes (like Code Red or Nimda) on infected hosts attacking one's enterprise. ANSD does not speak of neutralizing agents in the eight fictional cases the comprise the bulk of the book, but those chapters make for thought-provoking reading.

The first eight chapters present creative scenarios where digital strike-back may or may not be justified. Chapter 1 explains how a PDA user retaliates against a miscreant who installs a backdoor on his Pocket PC device. This is a highly technical section where ARM assembly language and virus creation are discussed. In chapter 2 a rogue wireless cafe employee sets up a man-in-the-middle attack to steal customer credit card data. Chapter 3 shows how a game developer retaliates against a software thief. Chapter 4 demonstrates the trouble in which a system administrator can find himself when he installs an unauthorized VPN connection. Chapter 5 -- probably my favorite -- describes hardware and software keyloggers, along with Bluetooth monitoring, to catch a college campus intruder. In chapter 6 two over-zealous administrators decide to patch any machines which attack their honeypots. Chapter 7 is another creative section, where attacker and defender fight for control of a network using unorthodox methods. In chapter 8, a security audit reveals a rogue member who tries to infiltrate a government agency.

I liked all of these chapters. I had a slight problem following the logic in chapter 3, where it was unclear how the intruder compromised sshd to access the victim's system. In all other cases, I found the scenarios plausible and technically accurate. My only real concern with these chapters were many of the screen shots; most were far too small to make the text in the images legible.

ANSD is weaker in the second half, as fiction makes way for discussions of strike-back. All four chapters are previously published material; three are available on the Web right now. I would have preferred more fictional case studies and fewer reprinted papers. The book cover seemed to indicate that legal concerns would be analyzed in the text, but I found nothing authoritative beyond the fate of a few fictional perpetrators.

I recommend those considering digital strike-back read ANSD. Only one of the chapters is close to Tim Mullen's ideal, where neutralizing agents directly disable attacking processes on compromised systems. In many cases the activities of the protagonists in ANSD would land them in jail. In a few chapters, that is the explicit end result! ANSD is a thought-provoking exploration of digital strike-back. Its case study method would be appropriate in classes for security managers and other students.

I liked this book. It has a variety of scenarios that an admin might run into describing how someone might implement a cyber-attack. The interesting part is how each admin chose to "defend" their network, which is laid out in greater detail than the description of the attack.

The fictional attacks were well written and interesting enough just as individual short stories. I learned about a lot of different tools. The stories may even hit close to home if you're an admin. They are explained very well and include a lot of code and/or information; easily understandable if you have a little computer background.

I liked this book, while I was not surprised by the types (and apparent ease) of the fictionalized attacks, I did learn a lot about tools and methods for defending a network.

The book is riddled with sloppy prose that has not seen the attention of a careful editor. Throughout the book, most figures are annoying. They are screen or window captures. The authors chose the quick and dirty way of doing this and then pasting them into the text. But the resolution of the resultant printed images makes the contents out of focus. Yes, perhaps if you squint hard enought and interpolate, you can deduce the text. But this is what I mean. Annoying.

The chapters do offer amusing fictional plots that give tactics on both intruder and defender. Part of the appeal of the book is that these roles can switch. There are enough technical details supplied in the text to make the tactics credible to a computer person.

The discussion on the limitations of MD5 to a crafted collisions attack is well done. Very sneaky. Though still quite speculative, as the text rightfully points out.

The Strike Back chapter describes Armpit - a tool written as a "human detector". It is run as a daemon on a server. It permits access to resources only if the client browser can interpret Flash. This is seen as tantamount to implying that there is a human at the client, and not an automated attack tool, since most instances of the latter cannot do Flash. But this just begs the question. Surely if Armpit becomes common, it gives incentive for future attack tools to be able to run Flash? The narrative gives no technical reason why a cracker cannot take this logical countermeasure.

More importantly, the book fails to recognise that Armpit is a challenge response method. Those of you familiar with antispam ideas should realise this immediately. Plus, Mailblocks has a patent on challenge response. It would have been useful for the book to discuss whether this patent (or any others) could make any infringement claims against the company that wrote Armpit.