In Hackers Beware
, Eric Cole succeeds in explaining how hackers break into computers, steal information, and deny services to machines' legitimate users. An intended side effect of his documentary efforts is a feeling for how network-connected computers should be configured for maximum resistance to attack. Cole, who works with the attack-monitoring SANS Institute as an instructor and security consultant, conveys to his readers specific knowledge of offensive and defensive weaponry as well as general familiarity with attack strategies and good security practices. Hackers Beware
is a good primer and really earns its price by going into enough detail to enable readers to actually do
something to make their resources safer. It also enables its readers to understand more specialized security texts, including Stephen Northcutt's fine Intrusion Signatures and Analysis
Cole's didactic style is largely conversational, embracing the fact that most computer exploits can be conveyed as stories about what hackers want and the steps they take to achieve their goals. He punctuates his prose passages with line drawings that clarify what gets passed among the machines involved in an attack, and pauses frequently to show programs' user interfaces and passages from their logs. Cole explains all the jargon he uses--a characteristic that alone distinguishes this book from many of its competitors. --David Wall
Topics covered: What motivates black-hat hackers, and the technical means they use to go about satisfying their ambitions. General attack strategies--spoofing, password cracking, social engineering, and buffer overflows, among others--are explained, and the tools used to carry them out are catalogued. The same goes for defensive tools and practices.
Every example in this book has information on how it works and provides preventive solutions. The technical solutions are excellent. -- Guy Bruneau, Intrusion Detection System Coordinator and an Incident Handling Team Supervisor, Canadian Department of National Defense (CND)
The depth of Eric's understanding is obvious and his extraordinary teaching style comes right through to the reader. -- Alan Paller, Director of Research, The SANS Institute
This book is an excellent referencea tutorial on attacks and insight into the thinking of attackers. -- Stephen Northcutt, Director, Global Incident Analysis Center (GIAC); best-selling co-author of Network Intrusion Detection (Second Edition) and Instrusion Signatures & Analysis
This book is an outstanding reference that will undoubtedly help your efforts to protect your systems from the bad guys. -- Lance Spitzner, Founder, The Honeynet Project; Senior Security Architect, Sun Microsystems, Inc.