Customer Reviews

Hacking For Dummies

5 star:		(20)
4 star:		(3)
3 star:		(0)
2 star:		(1)
1 star:		(2)

 

 

I used to wonder why anyone would want to break into my computer, there's not much there of any interest. Even I don't find it all that interesting. Then one day I was puzzled when my ISP asked why my machine was putting out millions of bytes of stuff to the point where it was bogging down their T1 line. I didn't know. We unpluged the machine from the network and it stopped sending. We plugged it back in and it wasn't sending. But the next day it was.

It wasn't until we got an e-mail telling us to stop sending out copyrighted movies that we realized what had happened. It wasn't anything in my computer they wanted, it was the bandwidth. Knowing what to look for it wasn't all that hard to stop. Google quickly provided links on this problem.

This book is aimed at people just like me. It gives an overall, if fairly light, view of the overall security problem. Like the other For Dummies books it has a writing style that doesn't (quite) put you to sleep. It has enough humor to enable you to get through it. It won't make you an expert, but it will point out the problem areas so that you can go deeper into those that are important to you. It's a good introduction.

The media often mistakenly characterize hackers as bored technical geniuses. In truth, most hackers, as the media use the term, are not geniuses; they are simply adept at downloading hacking tools that do all of the dirty work for them. These so-called script kiddies often do not know what they are doing until the damage is done.

From the perspective of the victimized company, however, it's not really important who is doing the attacking; all that matters is how organizations can protect themselves from myriad attacks and tools. Hacking for Dummies is written on the premise that to catch a hacker, you have to think and behave like one. This is a well-written and engrossing book that helps the reader understand how hackers compromise computer systems and networks. Its clear, easy-to-read style won't intimidate readers unfamiliar with abstruse security terms and concepts.

The 19 chapters progress from the basics of security to the hardening of an operating system and the hacking of Web applications. While the reader is not expected to have a deep technical background, the book does go into some detail, as it must to provide a hands-on approach. For a high-level theoretical approach to network defense, look elsewhere. This is a down-and-dirty tool for ensuring that the organization's systems and network are secure.

Update (11/2008): My review below is based on the first (2004) edition. In a comment, the author calls the second, 2006 edition substantially different. So, I reviewed the 2006 edition table of contents, except, and index available on amazon. The excerpt and table of contents did not seem substantially different to me. The primary substantive change in the excerpt (Chapter 1) are the bits about the "rogue insider"; much of the writing is word-for-word identical to the 2004 edition. Maybe the other chapters are "substantially" reworked (the index suggests many changes) but the chapters' titles, order and lengths are not much different in the 2006 edition.

This book should be titled "penetration testing" with the subtitle "without any actual information on how to go about penetration testing, per se".

There are two schools of thought about disseminating detailed information on exploiting security vulnerabilities (that "it's a necessary evil" and "it's immoral"). So, the author is in good company to be in the later group.

Only, why then WRITE A BOOK entitled "Hacking"? The title seems close to fraudulent to me. Anyone hoping to find out how to crack from this book is going to be sorely disappointed. For example, while password cracking is passably well-covered, there isn't even a mention of how crackers get their hands on password files. The author spends only two paragraphs and a few bullets on rootkits--treating them like viruses or worms--despite the fact that they are critical cracker tools. There is a lot of discussion of portscanning without any discussion of how to penetrate the systems you've scanned.

So, you say, "Who cares about would-be criminals!?" Ok, but this book is not going to provide much real value to would-be white-hats either. You will find very little concrete advice on penetrating client systems from this book. However, the book does have quite a bit of advice and a number of tips about setting-up the gig (e.g., "Agree in writing"), general issues (e.g., "Don't test production systems during business hours."), and how to write the report (e.g., "prioritize vulnerabilities").

Actual admins will find very, very little of value. The "Plugging security holes" chapter is only five pages long! The tips sprinkled around are often poor or abstract (or common sense). The book provides little information on how attacks will occur. And it's quite marginal in describing the hacker psyche.

The book is full of links to software. But then so is Google and this book won't help much in choosing between most of them (i.e., my favorite tools were barely mentioned :).

I did (finally) identify a group who might benefit from this book: people who HIRE penetration testers--by educating you about how the process works. (Without giving away any of the trade secrets that might allow you to be self-sufficient!) It might also be a broad (shallow) introduction for the complete novice to security in abstract.

This is a great, easy to read and use reference for both non-technical business leaders as well as IT professionals. It is also a great resource for home computer users, and small- to medium-sized businesses who often do not have the resources to hire dedicated security staff. The book covers the entire spectrum of ways in which computer systems can be compromised and attacked, an easy-to-understand description of how the exploits are executed, and, usually lacking in other reference books on this topic, step-by-step instructions for not only how to identify when the hacks occur, but also how to defend against them. Kevin Beaver also includes some very important warnings you need to keep in mind when performing your own vulnerability and hacking tests against your own network and systems to discover your own technical weaknesses.

There is certainly no shortage of books in this genre- Counter Hack, Hack Attacks Revealed and the best-selling Hacking Exposed (and all of its spin-offs) have covered this information in grueling detail. What sets this book apart is that it does not assume you are already a CISSP or network security guru. Being a "For Dummies" book means that it is written from the assumption that you don't know anything and the information is written in plain English and in terms that even a child could often understand.

One of things that makes "For Dummies" books like this one great is the use of humor and icons to help lighten the information while also pointing out the key points and highlighting the "need to know" information. Hacking For Dummies walks the reader through basic computer and network security and progresses through various topics of hacking such as hacking applications or hacking various operating systems.

Anyone interested in this topic, but especially those who are new to the world of computer and network security, should read this book. It is great on its own, but also provides an excellent foundation for someone interested in proceeding to more detailed works such as Hacking Exposed.

(...)

This book is great for beginners, it talks about the ethical hacker and penetration tests. However it also gives out information that can be used for blackhat hacking. It walks you through a tutorial step by step, and gives out names of some other books that can be helpful. If you have no or little experience this book is for you.

This book covers multiple domains of security. The best part of the book is that it not only shows the hacks, tools (freeware and commercial), and new methodologies for the more experienced WHITE HAT (hopefully), but caters to the beginner by showing in each section what is the most important part...the COUNTERMEASURES for each and every hack. Mr. Beaver even covers the most difficult and 11th domain of security, Executive Buy-in/Support. Highly Recommend.

Hacking for Dummies sets a foundation for ethical hacking and should be used as more than the proverbial "how to". When reading the pages, try to realize that you are not just learning true methods of attack; you are also gaining valuable information for prevention.
Businesses, red teams, or professional security consultants will find this book as a top 5 reference toward understanding the attack, and a primer in the defense of a network.
For me, a fellow CISSP, Kevin's book rates up there with Eric Cole's "Hackers Beware".

I work in the developer and IT industry and purchased this book to get a mind set of the criminal mind when it comes to hacking. This book is great for checking your security infrastructure and ensuring its safety, by allowing you to 'hack' your own network, and then patch it to ensure others can not. Great book and easy read, I love all of the 'For Dummies' books and they are a great reference for my growing computer references.

I actually got to read this book for free online via work. However, I enjoyed it so much that I bought a copy so that I could try some of the tools out on my home network. (Word of warning: Be careful if you use these tools even on your home network, I use a separate set of computers that are isolated from the internet and that I don't mind reloading from scratch if things go wrong.) I have liked most of the Dummies series of books that I've read as they're extremely easy reading and lay a good foundation on the subject most of the time and this one was no different. You're not going to become a hacking expert reading this and it doesn't really cover programming or get very technical. What it does is give you a great overview of hacking methodologies and introduce you to a lot of the basic tools used such as nmap, superscan, metasploit, netcat, etc. It covers a lot of the major subjects such as social engineering, physical security, OS vulnerabilites, wireless vulnerabilities, and different types of attacks as well as basic countermeasures that can be taken to help protect your networks. There's also a section on how to get the all important management buy in, if you're tasked with implementing any type of security at work then this is very important. At the back is a great appendix of tools and resources which is another reason I bought this book, it can serve as a great reference.