Customer Reviews

Building Open Source Network Security Tools: Components and Techniques

5 star:		(15)
4 star:		(5)
3 star:		(1)
2 star:		(0)
1 star:		(2)

 

 

This exclusive book by Mike Schiffman, a recognized security authority, will not make a good bedtime reading even for the majority of hardcore security professionals. However, the value of this book is not in how fun it is to read, but in the amazing depth and breadth of network security material.

Starting from interesting and original security tool taxonomy - attack, active recon, passive recon and defense -, the book takes the steep road uphill towards the descriptions of several popular security libraries (two written by the book author himself). Libnet (packet injection), libpcap (packet capture), libnids (network IDS development), libsf (OS fingerprinting), libdnet (network parameters manipulation) and openssl (crypto) are covered in the excruciating level of detail. Code and API walkthrough, all functions, variables and primitives are covered complete with usage notes for various platforms. Each chapter is topped off by a complete security tool example, designed and developed using the library. Many pages of superbly commented tool source code are included in the chapter end.

Complete code is also provided at the publisher download site. Experimenting with the code is a good part of the fun brought by the book, so download is highly suggested.

The book is most useful for those wishing to gain truly in-depth understanding of network security tools and for aspiring tool builders. After all, the book is much easier to read and understand then just plain source, even if well commented.

Another bonus is a comprehensive description of buffer overflow and format string exploits, provided in the chapter on attacks and vulnerabilities.

The book ends with painfully detailed "firewalk" recon tool description, created by Mike Schiffman. It starts with design (with flowcharts and diagrams) and goes onwards to implementation and code walkthrough. 2200 lines of tool source code conclude this mighty volume.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

this is pretty much the book i've been looking to add to my library for a while. schiffman covers the major libraries in security (libnet, libdnet, libpcap, openssl, libsf, and libnids) in a smooth and excellent way, and then brings them together in several small apps and then firewalk 5.0. in this book we learn techniques to complement the tools we learn how to craft.

i was a bit let down in some of the details being left out of the libraries schiffman didn't write, such as pcap and ssl. these are really difficult to master libraries, some more attention could have been given here.

another reviewer noted that the book really ignores the windows developer, which is true to an extent. however, what schiffman doesn't say (and the reviewer doesn't state) is that several of the libraries (pcap, libnet, libdnet, openssl) work just fine on windows. it would have been helpful to have seen that covered more, but perhaps in the next edition.

all in all, a reccomended book. now infosec people will have no reason to say they can't write their own network attack apps. and hopefully it will inspire someone to write a better mousetrap, too. i'm still surprised it took so long to appear on the shelves!

This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.

After purchasing "Building Open Source Network Security Tools" I was able to write a full featured libnet 1.1.x based utility for a work related project in four days. I had no previous experience with the libnet library and was extremely impressed with how easy it was to build the tcp/udp/icmp/igmp/ip packets that I needed. The sample programs were short enough (and commented well enough) that I was able to hit the ground running.

There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book.

Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a managers book.

First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.

The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mention in the book.

I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.

I found this book to be extrodinarily helpful. Easy to follow, but with very detailed code examples, I came away from this book with a much better understanding of the open source software libraries available to me.

I highly recommend this book to anybody who intends to use libnet, or libpcap, or any of the other open source libraries.

It is rare to find that such an in depth book on coding is this easy to read and understand It's really encouraging me to get off my [butt] and to start doing some coding again.

If there's anyone who's anyone in the Open Source security tool world, it's Mr. Schiffman. This book is the closest thing to a definitive text on the subject that exists today, and is absolutely worth the read.

My review is much like the book, sweet and to the point! The chapters and sample code that go along with them are thoughfully put together and well written. This is by far the best security reference book I've gotten my grubby hands on! I also received that Libnet mailing and the request for positive feedback was obviously done in a humerous, tongue and cheek fashion. If you've ever read Phrack magazine, you'd understand the authors humor. Go out and buy this book, you won't be disappointed!

While Schiffman's second book is more of a reference manual than his first (Hacker's Challenge), it still maintains a high level of readability. Detailed diagrams and well written sample code highlight the subject matter, while descriptive explanations of functionality provide the foundation. Schiffman has been a contributor of source code and techniques to the computer security world for almost a decade and this book is the culmination of his tool writing. The chapters on libsf and passive reconnaissance are very useful.

I find this book to be an indespensible source of information.