Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed) [Paperback]

Victor Oppleman (Author), Oliver Friedrichs (Author), Brett Watson (Author)

Book Description

ISBN-10: 0072259558 | ISBN-13: 978-0072259551 | Publication Date: July 18, 2005 | Edition: 1

Protect your network and web sites from malicious attacks with help from this cutting-edge guide. Extreme Exploits is packed with never-before-published advanced security techniques and concise instructions that explain how to defend against devastating vulnerabilities in software and network infrastructure. This book will give a detailed analysis of modern threats and their solutions along with a checklist for developing defenses at the end of each chapter. You’ll also be introduced to a winning methodology for custom vulnerability assessments including attack profiling and the theatre of war concept. Through in-depth explanations of underlying technologies, you’ll learn to prepare your network and software from threats that don’t yet exist. This is a must-have volume for anyone responsible for network security.

Editorial Reviews

From the Back Cover

Protect your network and web sites from malicious attacks with help from this cutting-edge guide. Extreme Exploits is packed with never-before-published advanced security techniques and concise instructions that explain how to defend against devastating vulnerabilities in software and network infrastructure. This book gives you detailed analyses of modern threats and their solutions along with checklists for developing defenses. You’ll also be introduced to a winning methodology for custom vulnerability assessments including attack profiling and the theatre of war concept. Through in-depth explanations of underlying technologies, you’ll learn to prepare your network and software from threats that don’t yet exist. This is a must-have volume for anyone responsible for network security.

• Secure your critical domain name system (DNS) infrastructure
• Ensure reliable Internet connectivity amidst a myriad of attacks
• Implement effective intrusion detection and prevention technologies
• Prevent e-mail abuse using advanced filtering, encryption, and other methods
• Stop data theft and egress exploitation by altering packet filtering rules
• Defend against viruses, worms, bots, Trojans, and other malicious code
• Use IP sinkholes and backscatter analysis to trap and gain knowledge from scanning and infiltration attempts
• Secure wireless networks using a variety of technologies
• Create a customized vulnerability assessment methodology for your organization
• Use proven digital forensics techniques to investigate attacks
• Learn to protect your software from little-known vulnerabilities

About the Authors: Victor Oppleman is an accomplished author, speaker, and patent-holder in the field of network security and a specialized consultant to some of the world’s most admired companies. His open source software is used by thousands of engineers worldwide. Oliver Friedrichs is a Senior Manager in Symantec Security Response, the organization responsible for the delivery of anti-virus definitions, intrusion detection updates, and early warning technologies within Symantec. Mr. Friedrichs also co-founded SecurityFocus and Secure Networks. Brett Watson has 17 years experience in networks and security for some of the world’s largest Internet Service Providers and enterprise networks. He holds a patent for one of the first large-scale content distribution platforms known as Hopscotch.

About the Author

Victor Oppleman (Phoenix, AZ) is an accomplished author, speaker, and patent-holder in the field of network security and a specialized consultant to some of the world’s most admired companies. Mr. Oppleman’s open source software is used by thousands of engineers worldwide and some of the largest global companies call upon Mr. Oppleman to perform advanced vulnerability assessments, provide expert counsel, and navigate complex regulatory issues concerning information security.

Oliver Friedrichs(Woodside, CA) is a Senior Manager in Symantec Security Response, the organization responsible for the delivery of AntiVirus definitions, intrusion detection updates, and early warning technologies within Symantec. Mr. Friedrichs also co-founded securityfocus.com and Secure Networks and has shared his expertise with many of the world’s most powerful organizations, including the U.S. Department of Homeland Security, U.S. Secret Service, the IRS, the DOD, NASA, AFOSI, and the Canadian DND.

Brett Watson (Phoenix, AZ) has 17 years experience in networks and security, including large-scale IP networking, optical networking, and security and vulnerability assessments for some of the world’s largest Internet Service Providers and enterprise networks. In addition, Mr. Watson holds a patent for one of the first large-scale content distribution platforms known as Hopscotch.

Product Details

• Paperback: 448 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (July 18, 2005)
• Language: English
• ISBN-10: 0072259558
• ISBN-13: 978-0072259551
• Product Dimensions: 9.2 x 7.4 x 0.9 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #1,479,931 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

4.0 out of 5 stars Awesome stuff about infrastructure attacks, December 1, 2005

By 

Dr Anton Chuvakin "Dr. Anton Chuvakin" (CA, USA) - See all my reviews

This review is from: Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed) (Paperback)

Here is the thing - I am giving this book a high score (4) since it contains unique and fun content related to network infrastructure attacks and defenses, which I have not seen anywhere else. In my view, the good stuff justifies such score, although I suspect that some other reviewers will sledgehammer the book for having too much of routine material covered in other previous books, including the venerable Hacking Exposed.

While I had a general idea of how providers mitigate DDoS attacks, I did not know the specifics of unicast reverse-path forwarding method, described in the book. Similarly, I picked up a lot of material of setting up sinkholes for dropping traffic (and, more specifically, how they are better than ACLs in many cases).

From other topics, I liked their coverage on the evolution of DMZ from simple designs of years past to current security zone design.

The book also presents a lot of up-to-date material, such as the coverage of security information management (SIM), vulnerability management and recent security standards, such as CVSS. It doesn't go into details in some places where I'd wanted it to, but still is interesting to read.

On the other hand, some chapters are disappointing and seem to be in the book for it to appear "comprehensive". Forensics chapter is one of those (it is also mistakenly called "Exploiting Forensics", while no exploitation is taking place)

I recommend the book for most people, from beginners to advanced, since the former will enjoy the breadth of coverage while the latter will likely benefit from the network infrastructure protection (and devastation, of course!) tips. In addition, defense checklists in the end of each chapter are useful for those who do not have time to go and study the material in-depth. The book is slightly biased towards the defense side, with good coverage of the attacking side as well.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and book author. In his current role as a Security Strategist with netForensics, a security information management company, he is involved with defining future features and conducting security research. A frequent conference speaker, he also represents the company at various security meetings and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". Anton also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal at info-secure.org and a blog at O'Reilly"

3 of 3 people found the following review helpful:

4.0 out of 5 stars For going from the basics to the advanced..., October 30, 2005

By 

Thomas Duff "Duffbert" (Portland, OR United States) - See all my reviews
(VINE VOICE)    (TOP 500 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed) (Paperback)

Regardless of how many steps you take to secure your organizational computing environment, there's always some new exploit waiting to nail you. The best you can do is to understand your network and stay on top of the technology. Extreme Exploits - Advanced Defenses Against Hardcore Hacks by Victor Oppleman, Oliver Friedrichs, and Brett Watson can help you in that pursuit, especially in the networking realm...

Contents:
Part 1 - Core Internet Infrastructure for Security Professionals: Internet Infrastructure for Security Professionals; ISP Security Practices - Separating Fact from Fiction; Securing the Domain Name System
Part 2 - Defending Your Perimeter and Critical Internet Infrastructure: Reliable Connectivity; Securing the Perimeter; Redefining the DMZ - Securing Critical Systems; Intrusion Detection and Prevention; E-mail Gateways, Filtering, and Redundancy; Data Leaks - Exploiting Egress; Sinkholes and Backscatter; Securing Wireless Networks
Part 3 - Network Vulnerability Assessments: Vulnerability and Patch Management; A Winning Methodology for Vulnerability Assessments; Performing the Assessment - Part 1, Performing the Assessment - Part 2
Part 4 - Designing Countermeasures for Tomorrow's Threats: Exploiting Digital Forensics; Viruses, Worms, Trojans, and Other Malicious Code; Exploiting Software
Index

The authors of this book are real gurus when it comes to networking technology. I worked with Brett Watson at a prior place of employment, and I can attest to the fact that he really knows his trade. In the first part of this book, they go into networking and security probably deeper than any other book I've had the opportunity to review. To get the most out of the material, it helps to be firmly grounded in networking technology. If you're not a network administrator or if you're just starting out, you'll probably struggle to keep up. Parts 2 and 3 are also valuable sections. Part 2 continues the in-depth analysis of how best to protect your network from attack, along with software recommendations to implement your security plans. And if you aren't already using a formal methodology to continuously review your network security, Part 3 will help you set up the necessary framework to implement a solid security review. Part 4 probably is the weakest part of the book, in that most of the material is available from multiple other sources, and doesn't necessarily fit into the "extreme exploits" flavor of the rest of the book. It's good information, to be sure... Just not all that unique or special if you've read more than one other security book.

One feature at the end of each chapter stood out and works well... It's a "Checklist for Developing Defenses" along with a recommended reading list. Using the checklist allows you to make sure you understood what each chapter was getting at, as well as giving you a roadmap for implementing security in the particular area that was just discussed. And if a particular chapter was really applicable to your organization, the follow-up reading can help you get even deeper into the material. Good practical technique for helping the reader move from theory to application...

If you have the basics of network security down, it's time to pick up a copy of this book. While you may have to work at understanding the material, it will pay off in a system network that is much more secure than most...

7 of 9 people found the following review helpful:

4.0 out of 5 stars Network infrastructure security sections are excellent, August 15, 2005

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed) (Paperback)

I read Extreme Exploits because the content looked intriguing and I am familiar with applications written by lead author Victor Oppleman. The back cover states the book is "packed with never-before-published advanced security techniques," but I disagree with that assessment. While I found all of the content helpful, between 1/3 and 1/2 of it is probably available in older books -- including several by publisher McGraw-Hill/Osborne. Nevertheless, I find the strength of the network infrastructure security sections powerful enough to recommend Extreme Exploits.

I found Extreme Exploit's most innovative material in chapter 1 (Internet Infrastructure), 2 (ISP Security Practices), 4 (Reliable Connectivity), 8 (Email Gateways, Filtering, and Redundancy), 10 (Sinkholes and Backscatter, and 14 (Performing the Assessment, Part 1). These chapters introduced projects like RADB, IRRd, INOC-DBA (a VoIP "hotline" for ISPs), the Distributed Checksum Clearinghouse (an anti-spam system), and Hashcash (to consume CPU cycles and frustrate spammers). Subjects like questions to ask ISPs, ways to multi-home, and using anycast to improve redundancy were also welcome. A comment that spammers are using people who register with porn sites to pass CAPTCHA tests really surprised me! Ch 10's coverage of ISP sinkholes was clear, and I learned about triggered blackhole routing. Advice on checking publicly announced routes was cool, especially the reference to the author's Pwhois system.

Although the vulnerability and patch management information in ch 12 was fairly routine, I also liked the author's mention of recent industry projects like the NIAC vulnerability lifecycle and Common Vulnerability and Scoring System.

Other chapters mainly covered topics found in other books, like Hacking Exposed, Gray Hat Hacking, or Hardening Network Security (all Osborne titles). Most of the book contains sound advice, but I must disagree with several assertions made in ch 7 (Intrusion Detection and Prevention). These include the "rejection" of the value of passive detection (p 116), the "logical transition" where detection and prevention converges into firewalls (p 116), the idea that intrusion prevention systems are "less prone to insertion and evasion attacks" (p 120), and "signature-based IDS normally do not have an understanding of the underlying protocol that they are examining and simply perform byte-by-byte pattern matching" (p 121).

Almost all of the vulnerability assessment material could have been cut, aside from the BGP query and network infrastructure advice in ch 14. The misnamed "exploiting digital forensics" chapter (16) tempts the reader into thinking it will cover anti-forensics, but really it's an overview of network-, host-, and memory forensics in 26 pages. An excerpt from p 332 summarizes the problem with the chapter: "At this point, you might be asking, what do I do with the data?" Still, ch 16 deserves an honorable mention for describing multiple tools with which I was not familiar or had only passing familiarity. These included Foremost by Jesse Kornblum and Kris Kendall, Disktype, and Memdump.

In terms of structure, I liked the fact that every chapter concluded with a "checklist for developing defenses" summarizing important points in an actionable format. The writing is always clear, and the diagrams are excellent. Many of the network infrastructure suggestions are supported by command-line syntax and examples, consistent with Osborne's Hacking Exposed style.

Overall, I think most everyone will learn something by reading Extreme Exploits. Those with a decent amount of experience or who have read books already mentioned might find some of the book repetitive. Despite this, I learned a lot about network infrastructure and I look forward to reading Victor's upcoming book on "Carrier Class Network Security."