Maximum Security (3rd Edition) [Paperback]

Anonymous (Author), Greg Shipley (Author)

Book Description

ISBN-10: 0672318717 | ISBN-13: 978-0672318719 | Publication Date: May 17, 2001 | Edition: 3rd

When the first edition of this book was published in June 1997, its popularity caught everyone by surprise. The hacking community, however, never stands still - a thoroughly updated and revised edition of this book is required on a regular basis to discuss the hundreds of new computer system holes that are always being discovered, and to cover the latest techniques that hackers are developing to crack into computers and networks. This edition includes several completely new chapters on a variety of topics. With the resurgence in popularity of the Mac platform there will be a new chapter on Mac OS security. Additional new chapters include one on Cisco routers and switches, and one on mail security. Additionally, in many cases existing material - such as the chapters on Unix/Linux security and firewalls - will be updated and/or significantly expanded. The CD-ROM includes a comprehensive collection of security products, code examples, technical documents, system logs, utilities and other practical items for implementing Internet and computer system security.

Editorial Reviews

Amazon.com Review

Attacks against computer systems are very personal--the only cracking technique most site administrators care about is the one that's being used against them at the moment, and it's really hard to cater to that requirement in a book. On the other hand, Maximum Security deserves a close reading because it provides a lot of background on security risks and the "good housekeeping" sorts of practices (turning off unused services, to cite a simple example) that can motivate bad guys to ignore your system in favor of easier targets. There's no doubt that this book's advice will enable you to fend off uncreative, cookie-cutter attacks of the kind detailed on Web sites for attackers. And that's probably enough, unless you have some really enthusiastic enemies.

The anonymous author explains most security risks, defense strategies, and security tools in highly readable prose that's mixed with a moderate number of listings (of command-line exchanges and software) and a large number of Internet addresses (where detailed information and software can be found). History lessons--stories of security breaches and how they were stopped, and of product weaknesses and how they were detected--are a big part of this large volume. Readers will put this book down with a solid foundation in Internet security concepts, ready to harden their systems against attack and cope effectively with news of new security risks. --David Wall

Topics covered: How to break into or disable a computer system, and how to defend a computer system from being broken into or disabled. Firewalls, intrusion detectors, log-and-audit utilities, and packet sniffers are covered in detail, as are varieties of attack and the specific vulnerabilities of popular operating systems.

From Library Journal

Network administrators need to read this book closely because a lot of aspiring hackers will be reading it closely and will be looking around for somewhere to practice their new skills, e.g., your lan or web server. This book covers in copious detail internet warfare, programming languages, scanners, sniffers, password crackers, trojans, platform security, remote attacks, spoofing, firewalls, and the law. It is a how-to protect book and, by default, a how-to attack book.
Copyright 1997 Reed Business Information, Inc. --This text refers to an out of print or unavailable edition of this title.

See all Editorial Reviews

Product Details

• Paperback: 896 pages
• Publisher: Sams; 3rd edition (May 17, 2001)
• Language: English
• ISBN-10: 0672318717
• ISBN-13: 978-0672318719
• Product Dimensions: 9 x 7.3 x 2.1 inches
• Shipping Weight: 3.3 pounds
• Average Customer Review: 4.0 out of 5 stars  See all reviews (101 customer reviews)
• Amazon Best Sellers Rank: #2,015,521 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

15 of 17 people found the following review helpful:

5.0 out of 5 stars Knock it all you want, still worth its money, March 10, 1998

By A Customer

This review is from: Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network (Paperback)

Ok, some people said it, the book isn't perfect in an absolute sense. But compare it with other books out there and it's clearly the most real-world reference. Most NT security books merely echo Redmond's news releases and material readily (and free) available on the net. Though more Unix oriented than NT, it discusses plenty of issues that are NOS-independent and apply to everybody. Even if you only care about NT, most hacks will come from Unix/Linux systems. Knowing what tools are available for these platforms is a must, and this book tells you. The only problem is that there are dozens of hacks discovered since the book was written so it's not entirely up to date. Maybe "Anonymous" will get back to the word processor and write a sequel. And can someone tell us what the "secret message about the internet" is already? I'm sooo curious.

18 of 21 people found the following review helpful:

2.0 out of 5 stars I cannot agree with the other reviews at all..., July 4, 1999

By A Customer

This review is from: Maximum Security (Paperback)

I bought this book as a reduced return exemplar a week ago.

I cannot recommend this book. The author has done a very diligent work by collecting hundreds of URLs and texts from the web, but I think he gives no concise overall concept of internet security. The mentioned exploits and attaks are now mostly fixed and thus outdated, so many of the URLs are of limited value.

Maybe the book still is a good starting point for further research on the web, but most documents on the 'net give enough material to search for with altavista.

The sections dealing with VMS and Windows NT are superficial. I personally believe that knowing the standard security tools by name is not sufficient for securing a network.

Due to the dynamic nature of the web and the changing operating systems and new forms of security risks/attacks a book focusing on special tools must be outdated in a very short time. A book on general network security gives a better introduction, i think that the view of an hacker (or cracker) does not help very much in securing a network.

8 of 8 people found the following review helpful:

3.0 out of 5 stars A Third Edition that's lost its edge, June 18, 2001

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Maximum Security (3rd Edition) (Paperback)

I am a senior engineer for network security operations who hoped Maximum Security, Third Edition (MS:3E) would revive the spirit of the first edition, published in 1997. Some protested its publication, while others welcomed its endorsement of the full disclosure movement. Sadly, the third edition has become, in the author's words on page 22, "another general Internet security book." Few will find it revolutionary.

MS:3E features 14 authors, each commendably given credit for their chapters. Of these, Craig Balding's chapter on UNIX reigns supreme. For a book labeled "intermediate-advanced," only Craig's chapter delivers at that level. I liked his file system risk and kernel rootkit material, and his service-by-service security discussion was great. In contrast, the chapter on Microsoft's operating systems is mainly a laundry list of outdated exploits. I also found the virus, Cisco, and security policy chapters useful. (Note: chapter 7, page 121 -- TCP sequence numbers count BYTES of data, never packets! This is a common misunderstanding.)

Readers seeking no-nonsense product evaluations should look elsewhere. Bland lists of IDS and firewall packages will neither offend vendors nor offer practical guidance to buyers. I prefer authors who take a stand, like Paul Proctor or Stephen Northcutt -- even if I disagree with them!

MS:3E will not shock the security world as the first edition did. Too many other security web sites and books have shared "hacking secrets" with the masses. This condition endorses the Anonymous author's first edition goal, but makes his third edition redundant. If he plans to write "general security books," I suggest he continue his theme of OS-specific titles. (Maximum Linux Security, Second Edition arrives soon, followed by Maximum Windows 2000 Security, First Edition.) Retire Maximum Security, or write a better general guide after transplanting the OS-specific material to their respective titles. Better yet, write a book on how to develop, code, and employ new exploits; that will be ground-breaking work! (Disclaimer: I received my review copy free from the publisher.)