7 of 7 people found the following review helpful
on May 31, 2004
Defend IT book review
I was not a major fan of the author's previous book "Hack I.T.', thus I was a bit skeptical about this one. However, this book delivers! It reminded me of "Hackers Challenge" 1 & 2 books (which I loved it), because the information in the book is structure around the realistic (or maybe even real) cases, illustrating various security aspects.
The stories in the book cover a wide range of issues: from building a secure network from small business all the way to social engineering. Worm/virus infections, wireless security assessments, web applications, forensic investigation, security policy issues, DR and BCP, picking the right NIDS all find their place in the book. Especially, I loved the way they approached a usually boring subject of creating and implementing a security policy and DR planning. The policy case describes everything from 'why you need a policy' to security awareness and compliance verification. Executive fraud case was also lots of fun to read.
Also, this is the first security book I've seen that explicitly mentions regulations and compliance issues. I liked their take on 'HIPAA in plain English.' Another great item were various response flowcharts for virus infection, attacks, etc.
On the downside, the book does contain some technical errors. I would have discounted them as typos, but they look like the actual hands-on skills of the authors are getting rusty in some areas ('tcpdump', 'nmap', etc).
In any case, the book's value lies more in the approach to explaining security, rather than in teaching all the 'nmap's command line options. The cases are detailed enough to engross the reader and I was sometimes wondering 'how it will end', like I would with a good fiction book. This book is both fun and enlightening.
To conclude, while there is no substitute for actually experiencing the things covered in the book, reading about it will help aspiring and actual infosec pros.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
5 of 5 people found the following review helpful
on February 7, 2005
The authors of Defend I.T.: Security By Example, teamed up previously to write Hack I.T.. The previous work was more along the lines of the hacking genre of books such as Hacking Exposed or Counter Hack, providing detailed explanations of various attacks to use in performing a penetration test of your network.
Books like that are great for those with the knowledge and skills to make sense of them, but people who aren't as technical and don't necessarily work the front lines of network security such as managers and executives can still benefit from having an understanding of how such attacks can impact their company and a high-level understanding of how to defend against them.
This book is not written for someone with zero technical knowledge. It does assume a certain level of understanding, but the case studies help to illustrate how the various attack techniques in the other type of books can be used and how you can protect your network.
This book is similar to the Hacker's Challenge books in that it provides real-world scenarios, except that rather than solving the puzzle on your own the solution is included in the story like a short mystery.
Managers of I.T. departments or security personnel and those who control the security budget would benefit from reading a book like this to understand what their people are up against. Those who actually work the front lines would still benefit from being able to associate information with real-world examples and applications.
5 of 5 people found the following review helpful
on August 29, 2006
"Defend I.T.: Security by Example" is one of my first reads on IT security. I am currently a programmer, looking to get into the information security field.
This book has successfully turned my interest in IT security into intrigue. Each chapter is a different real life case study, with techniques used and lessons learned. Coming from a technical background, I appreciated the technical depth that the authors delve into. From the get go in Chapter 1, the authors present a tutorial on the popular scanning tool called NMAP which is fascinating. The network diagrams throughout the book were very helpful in explaining to the reader the difficult concepts such as Distributed Denial-of-Service attack and Ingress and Egress filtering.
"Defend I.T.: Security by Example" introduced me to many new concepts including IDS, INGRESS, EGRESS, DMZ, SSO, ZOMBIE,FIREWALL's, VPN's, PKI, and DOS attacks, just to name a few. Overall, this book is very informative and well-written.
I highly recommend this book as a great addition to your IT Security library.
4 of 4 people found the following review helpful
on July 9, 2004
Defend I.T. is a collection of case studies from the authors experiences in the field. The case studies are representative of the vast array of security consulting engagements they see in the computer security, forensics, and data privacy arena.
It consists entirely of case studies, and that is different. It covers topics ranging from war dialing, wireless security, computer viruses, computer forensics, HIPAA assessment and social engineering. People tend to relate better and comprehend more when issues are presented as real life examples.
Information Security is a challenging area. Organizations face security issues every day, but due to the need for confidentiality around these issues they are reluctant to share lessons learned with their peers and other organizations. This book fills a need. The authors provide the lessons learned in an anonymous fashion so readers can benefit from their experience as well as the experience of other organizations.
The book attempts to illustrate the breadth and scope of knowledge a security consultant should have - covering both the technical and soft skills necessary to be successful in the field.
As stated earlier the book provides perspective and advice on real life security issues many organizations are struggling with. Whether the OS is Linux or Windows-based, the issues are similar. The cases cover many OS's and issues your readers would be dealing with.
The book allows businesses to learn from the mistakes - and successes - of other organization's responses to (commonly occurring) security incidents.
Check it out!!
5 of 6 people found the following review helpful
on May 30, 2004
This is not a book for the technically feint of heart. It starts out with almost no introduction at all into mapping target networks with nmap and never stops for a breath. There is a reasonable amount of explanation, but the heart of the book is in demonstrating hacking techniques at the system and command line level. Graphics are used well to smooth over some of the more difficult topics, which is why I gave the book four stars.
The majority of the book, the first four parts, is dedicated to a command level explanation of various types of exploits, largely in the Unix environment. The last part of the book covers the social and legal aspects of hacking and the security response to hacking.
This is reasonably short (~300 pages) book that gets to the point quickly and doesn't spend a lot of time on exposition. I would recommend it for Unix systems administrators and security professionals looking to round out their understanding of both the threat and strategies to cope with those threats.
4 of 5 people found the following review helpful
on September 16, 2004
The problem with a lot of security books is that they are either really generic or highly specific. They teach the principles of security as well as the software and hardware that are necessary to help to secure a company, but they are either too generalized or are written with the assumption that every company will always and forever have certain hardware (coughCiscocough) in their organization.
Some books take the opposite view and assume that all companies are equal and therefore can successfully utilize a "one size fits all" methodology. Many of these books also include hypothetical situations of hacks and responses to the attack, but many do not go into a lot of detail or solid explanations of what happened.
But the reality is that every company is different; every network is different; every security vulnerability is different; and attacks are real, not hypothetical.
"Defend I.T.: Security By Example" takes a different approach to corporate security. Rather than state a number of hypothetical and theoretical scenarios for computer attacks, this book instead takes numerous case studies of how real companies were hacked, the methods by which the hackers broke in, and the steps that were taken by each company to remediate the situations. This is not hypothetical information - this is the real deal.
Some of the threats (and the way that they were detected and fought) include VPN hacking, worms, virii, WiFi, war dialing (yes, some people still do that), and even complete computer room failure.
Additionally, the book covers incidents like cyber extortion, executive fraud, and industrial espionage. After all, not all attacks against intellectual property are committed from the outside world.
Each chapter reads the same way for the most part. Each scenario is described in generic terms, followed by the way that the attack was successful, including methods that were used to hide the attack, how the attack was discovered, how the remedies were implemented, and a final section of what lessons were learned from the experience.
One thing about this book that irritated me is that fact that the company names were replaced in order to "protect the innocent". The truth is that there are no innocents in security. We have the hacker, of course, who is obviously not innocent. But when we are dealing with a company (in whom a great deal of trust is placed) that did not take adequate steps to protect their network, that company is not totally innocent either.
These companies might have been companies that you or I deal with regularly. If our private information and money is or was at risk, then we have the right to know about that, not only to determine if we want to do business with that company but also to investigate any follow-up work that was done after the incident.
And as expected the author did not dare to touch the very factual notion that replacing Internet Explorer and Outlook could reduce virus and trojan infection by an order of magnitude at the current time. One thing that I have learned over the years is that security writers are terrified of treading on the toes of the Mighty Bill, and this book unfortunately is no exception.
Regardless, this is a good book to have in every I.T. bookshelf.
4 of 5 people found the following review helpful
A nice management level discussion of securing an IT network against attackers. The authors have pitched their overall presentation towards a concerned manager, who may not necessarily have a technical background. Some sections do indeed require a bit of the latter. For example, the usages of network programs like nmap and tcpdump given in the first chapter may not mean too much to you. But most of the book shies away from instances of actual code. Generally, it suffices for you to know that certain programs and certain types of programs can be used against your network.
The authors assume reasonably that for specific countermeasures being implemented, there are technical people in your organisation (perhaps reporting to you) that can implement these.
Essentially, the book has a good level of abstraction. It could, however, do with more discussion of email and browsers. Like mentioning them in the index, for starters. These are still the first and second killer applications of the Internet. It is how most of your users will interact with the net. Granted, the book cites examples involving these. But perhaps a more prominent discussion, of how these usages might permit attacks or unwanted entries into your network, would be handy.
3 of 4 people found the following review helpful
I. T. professionals learn best by doing and second best by learning what others have done. The two primary authors, who are also acting as editors, have taken their work and the contributions of seven other contributing authors to create a series of sixteen case studies of actual problems that have arisen in computer security. Of course, when necessary, the names of individuals and organizations have been changed, but if you follow the instances of security problems reported in the trade journals, some reasonable guesses can be made. Therefore, in this case, you are learning the principles of computer security by finding out how the pros handled the problems.
The sixteen case studies are:
*) Getting to know the enemy: Nmap the target network - how to learn the significant characteristics of a network you may want to penetrate.
*) Home architecture - the topology of the network and how it can lead to security weaknesses.
*) No service for you! - how to recognize and fend off a denial-of-service attack.
*) Look, Ma, no wires! - how to construct and test a secure wireless network.
*) Virus outbreak I - how to recognize and remove a virus on a large network.
*) Virus outbreak II: the worm - how to recognize and remove a polymorphic worm.
*) Changing face - how to harden a web site so that it is not defaced.
*) Protecting borders: perimeter defense with an IDS - choosing, installing and configuring an intrusion detection system.
*) Disaster all around - how to plan for and deal with a disaster that destroys your primary physical location.
*) Security is the best policy - how to write and implement a security policy.
*) HIPAA: security by regulation - how to deal with the security requirements posed by a governmentally mandated compliance.
*) A war-dialing attack - how to stop the hacker who tries to penetrates a system via an insecure modem.
*) A low-tech path into the high-tech world - how to prevent attacks based on social engineering.
*) Industrial espionage - how to keep spies for competitors from learning your secrets.
*) Executive fraud - how to gather electronic evidence to prosecute corporate fraud.
*) Cyber extortion - how to deal with an attempt to hold your computers or data hostage.
Each of the cases begins with some background concerning the situation and any preconditions to the problem. The next step is a description of the situation and the circumstances that caused a security problem to be identified. It then concludes with information about how the problem was handled and any weaknesses in the system that allowed the problem to occur.
This is a very good book for learning some of the basic security problems that are encountered by I. T. security professionals on a daily basis and how they are solved. It is not a how-to book, in the sense that you are given a numerical sequence of steps to perform. I recommend it to all persons who work as or aspire to be a computer security professional.
3 of 4 people found the following review helpful
on August 1, 2004
'Defend IT' is a novel follow-on to 'Hack IT,' a book I reviewed over two years ago. 'Defend IT' is the authors' response to feedback on their first book, where readers (like myself) claimed the case studies were the best aspect of 'Hack IT.' The vast majority of the new book contains 16 case studies, some of which I found very helpful.
My favorite chapter is 'Disaster All Around' (ch 9), where an Internet-centric insurance company suffers complete destruction of their primary data center. A fire caused by electrical problems exposes the company's lack of a disaster recovery plan and process for resuming business operations. Thanks to hard-working staff, the company was online in 72 hours -- but the CEO was fired! I was pleased to see a disaster recovery chapter in a general security book, as acts of God can be as devastating as the uber hacker who thinks he is God.
I commend ch 2 ('Home Architecture') for insights I find lacking in most books on intrusion detection or incident response. The authors astutely state on p. 26 and 33: 'this incident was not discovered by flashing lights and alerts set off by an IDS... In fact, there was no early indication of a network compromise.' This explains the authors' next recommendation: 'It is a good idea to keep access logs that are as detailed as possible -- at least with respect to inbound and outbound connections... Though you may not use these logs on a regular basis, for those instances when you need them, especially including investigations of network compromise, they are invaluable." Exactly!
'Defend IT' suffered a few problems. Ch 3 features listing 3.1, which supposedly shows 'TCP SYN' packets part of a denial of service attack. Listing 3.1 doesn't show a single SYN packet, although many PSH ACK, UDP, and ICMP packets appear. Listing 3.2 claims to show SYN ACK packets from the DoS target, but only RST ACK packets from the victim and null TCP packets (with no flags set) from the attackers. Ch 3 also says 'DSL features fast download speeds... but slow upload speeds... ADSL features both fast upload and download speeds.' This is backwards; the 'A' in ADSL stands for 'asymmetric,' meaning faster downloads than uploads. I also found unnecessary redundancies in the forensics section, where two chapters (14 & 16) by the same author repeated material. I didn't think the conclusion matched the tone or content of the rest of the book, as it featured a hodge-podge of security technologies while the other 300 pages discussed case studies.
Overall, I enjoyed reading 'Defend IT.' I thought the chapters which featured network diagrams were enlightening, as information on real-world architectures can sometimes be difficult to find. I would caution the authors to ensure a second edition has slightly more current case studies. Ch 4, for example, suffers the myth that 'too few packets' on a wireless LAN is protection against cracking WEP; see the recent 'Wi-Foo' book for the real deal. Also, be careful when sanitizing data about clients. GPS coordinates and street names in screen shots might give away the farm, especially when readers have access to online business directories.
1 of 1 people found the following review helpful
on March 1, 2006
This aptly titled book uses plentiful real-world examples to bring the reader into the world of information security. Sixteen chapters present a panoply of actual computer security attacks, each followed by lessons learned.
Case studies come in five areas, from basic hacking to forensics. The book ably mixes introductory and technical material so that it succeeds at being useful without being inscrutable to nonexperts. The authors do, however, assume a basic level of network and security understanding. The case studies show what system and network administrators can do to protect their networks from the most common attacks.
Even at 320 pages, the book is easy to read. It is a well-written work that balances the competing extremes of generality and minutiae. Any network administrator looking for a boot-camp approach to network threats is advised to read this book of example problems. The point is to learn by example so as not to become one.