Hack Proofing Your Network [Download: PDF] [Digital]

Ryan Russell (Author)

Editorial Reviews

Review

Essential reading for your IT security organization." -Deena Joyce, Director of Information Technology and Network Security, Casino Magic --This text refers to the Paperback edition.

About the Author

Ryan Russell is the best-selling author of Hack Proofing Your Network: Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6). He is an Incident Analyst at SecurityFocus, has served as an expert witness on security topics, and has done internal security investigation for a major software vendor. Ryan has been working in the IT field for over 13 years, the last 7 of which have been spent primarily in information security. He has been an active participant in various security mailing lists, such as BugTraq, for years, and is frequently sought after as a speaker at security conferences. Ryan has contributed to four other Syngress Publishing titles on the topic of networking, and four on the topic of security. He holds a Bachelors of Science degree in Computer Science.

Dan “Effugas” Kaminsky (CISSP) worked for two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems. Dan has delivered presentations at several major industry conferences including Linuxworld, DEF CON, and the Black Hat Briefings, and he also contributes actively to OpenSSH, one of the more significant cryptographic systems in use today.He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University in California.

Rain Forest Puppy is a security research and development consultant for a Midwest-based security consulting company. RFP has been working in R&D and coding in various languages for over seven years. While the Web is his primary hobby focus point, he has also played in other realms including: Linux kernel security patches, lockdown of various Windows and UNIX operating systems, and the development of honeypots and other attack alert tools. In the past he's reported on SQL tampering and common CGI problems, and has contributed security tools (like whisker) to the information security community. --This text refers to the Paperback edition.

Product Details

Do you have the free reader for this item?

• Format: Adobe Reader (PDF)
• Printable: Yes. This title is printable
• Mac OS Compatible: OS 9.x or later
• Windows Compatible: Yes
• Handheld Compatible: Yes. Adobe Reader is available for PalmOS, Pocket PC, and Symbian OS.
• Publisher: Syngress (July 25, 2000)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #3,258,613 Paid in Books (See Top 100 Paid in Books)
  • #8 in Books > e-Docs > By Publisher > Syngress
  • #16 in Books > e-Docs > Subjects > Computers & Internet > Networking
  • #20 in Books > e-Docs > Subjects > Computers & Internet > Security
• Required Free Software: Adobe Reader

Customer Reviews

Most Helpful Customer Reviews

18 of 18 people found the following review helpful:

5.0 out of 5 stars Big Names, Great Book, April 27, 2002

By 

Marco De Vivo "Mr. TCP/IP" (Miami, Florida United States) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Hack Proofing Your Network (Second Edition) (Paperback)

When I read the first edition of this book, was truly disappointed. I was wondering how such people could have written such book. Not that the book was worthless, but too 'standard' to met the expectations I had from these guys.
Still the idea was very interesting (information directly from the real experts), and I kept waiting for a new edition.
Well the second edition is now out, and not only fulfills, but exceeds all my original expectations !!

Let's take a look:

The Approach:

Understanding attacks and vulnerabilities, by understanding 'how to hack' (good hacking of course. . . .ahem )

The Book:

Rewritten, expanded and improved, the book consists of 800+ pages well structured into 18 chapters (against 450+ pages and 15 chapters of the first edition).
Well written, well presented, with a real fancy table of contents, the chapters include url's, a FAQ section and a SOLUTIONS FAST TRACK one.
A lot of CLEVER code is included as well as helpful 'Tool & Traps' and 'Notes from the Underground. . . ' outlines.

The new sections (all outstanding) include:
- Hardware Hacking (otherwise only found in papers)
- Tunneling (excellent)
- IDS evasion (very easily explained)
- Format strings attacks

The Intended Audience:

People willing to become network security pros.

Contents:

- Introduction to Security, Attacks and related Methodologies.
- Cryptography.
- Unexpected Input, Buffer Overflow, Format Strings.
- Sniffing, Hijacking and Spoofing.
- Tunneling, Hardware Hacking, Viruses (et al.).
- IDS Evasion.
- Automated Tools.
- Reporting Security Problems.

The Bottom Line:

It is not just a good book, it is the best book among high level network security books, and the only that compares with specialized papers. Only quite easier.
I got more than 60 papers on buffer overflows. None compares with the classical 'Smashing The Stack For Fun And Profit' by Aleph One. IMHO, however, the corresponding chapter from this book, does compare and is really easier to understand.
Finally, the 'piece de resistance' of the book, is the chapter about Spoofing. Really enjoyed it, and by the way got surprised reading the innovative (to me) technique to 'Spoof Connectivity Through Asymmetric Firewalls'. Good Job Dan ;-)
As an added bonus, as an owner of this book, you'll find a lot of code files, applications and links...

9 of 9 people found the following review helpful:

4.0 out of 5 stars Original content will satisfy security professionals, March 28, 2002

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Hack Proofing Your Network (Second Edition) (Paperback)

It's difficult to find original material in most security books. "Hack Proofing Your Network, 2nd Edition" (HPYN2E) breaks that trend. Responding to feedback on the first edition, the authors have made numerous improvements in the second edition. If you're looking for relatively novel content in a security book, read the sections of HPYN2E I discuss next.

HPYN2E shines in many respects. The "laws of security" in chapter 2 are accurate and enlightening. Chapter 4 helps teach secure programming techniques by comparing insecure and secure code snippets. Chapter 4 also demonstrates debugging and disassembling code, usually not seen in security texts. Chapter 8 probably contains the most advanced coverage of buffer overflows I've read in a book. By actually showing and explaining stack traces, the authors share a level of detail sufficient to satisfy all but the most elite coders. Chapters on "diffing" (5) and format strings (9) are robust. Hardware hacking, thoroughly described in chapter 14, is fascinating. The author cared enough to include numerous clear photographs of disassembled equipment, and mentioned many helpful external web references.

While these great chapters comprise more than half of HPYN2E, the remainder is not exceptional. I was not happy with the rambling, wordy chapters on spoofing (12) and tunneling (13). Spare us the quotes from Dante's "Divine Comedy"! Still, this material is easily skimmed.

Because HPYN2E is written more from an intruder's point of view, the title doesn't seem to reflect the material. The book isn't exactly a "how to hack" manual, but it expertly illuminates many facets of compromising information resources.

6 of 7 people found the following review helpful:

5.0 out of 5 stars 5+ Stars are Deserved on this one!, March 11, 2002

By 

Ryan Smyth (New York) - See all my reviews

This review is from: Hack Proofing Your Network (Second Edition) (Paperback)

I picked this book up about a week ago, and have been reading it ever since- I'm reading slow because it's *really* packed with info. There is tremendous coverage on everything from Buffer Overflow, Format Strings, Tunneling, etc. I've spent a ton of time reading Chapter 12 on Spoofing- extremely well-done! There's coverage here of such things as:
* Spoofing SSL by using web graphics to simulate the appearance of an SSL encrypted connection. After all, the user doesn't know what's on the wire, only what's on the screen.
* Routing packets in userspace using libnet and libpcap- a step by step tutorial
* Establishing a TCP connection between two firewalled and NATted hosts by setting a low time-to-live on a connection request and having some broker on the internet spoof a connection response.
This book is an absolute must to own...