Customer Reviews

Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network

5 star:		(50)
4 star:		(27)
3 star:		(6)
2 star:		(7)
1 star:		(11)

 

 

Ok, some people said it, the book isn't perfect in an absolute sense. But compare it with other books out there and it's clearly the most real-world reference. Most NT security books merely echo Redmond's news releases and material readily (and free) available on the net. Though more Unix oriented than NT, it discusses plenty of issues that are NOS-independent and apply to everybody. Even if you only care about NT, most hacks will come from Unix/Linux systems. Knowing what tools are available for these platforms is a must, and this book tells you. The only problem is that there are dozens of hacks discovered since the book was written so it's not entirely up to date. Maybe "Anonymous" will get back to the word processor and write a sequel. And can someone tell us what the "secret message about the internet" is already? I'm sooo curious.

I bought this book as a reduced return exemplar a week ago.

I cannot recommend this book. The author has done a very diligent work by collecting hundreds of URLs and texts from the web, but I think he gives no concise overall concept of internet security. The mentioned exploits and attaks are now mostly fixed and thus outdated, so many of the URLs are of limited value.

Maybe the book still is a good starting point for further research on the web, but most documents on the 'net give enough material to search for with altavista.

The sections dealing with VMS and Windows NT are superficial. I personally believe that knowing the standard security tools by name is not sufficient for securing a network.

Due to the dynamic nature of the web and the changing operating systems and new forms of security risks/attacks a book focusing on special tools must be outdated in a very short time. A book on general network security gives a better introduction, i think that the view of an hacker (or cracker) does not help very much in securing a network.

I am a senior engineer for network security operations who hoped Maximum Security, Third Edition (MS:3E) would revive the spirit of the first edition, published in 1997. Some protested its publication, while others welcomed its endorsement of the full disclosure movement. Sadly, the third edition has become, in the author's words on page 22, "another general Internet security book." Few will find it revolutionary.

MS:3E features 14 authors, each commendably given credit for their chapters. Of these, Craig Balding's chapter on UNIX reigns supreme. For a book labeled "intermediate-advanced," only Craig's chapter delivers at that level. I liked his file system risk and kernel rootkit material, and his service-by-service security discussion was great. In contrast, the chapter on Microsoft's operating systems is mainly a laundry list of outdated exploits. I also found the virus, Cisco, and security policy chapters useful. (Note: chapter 7, page 121 -- TCP sequence numbers count BYTES of data, never packets! This is a common misunderstanding.)

Readers seeking no-nonsense product evaluations should look elsewhere. Bland lists of IDS and firewall packages will neither offend vendors nor offer practical guidance to buyers. I prefer authors who take a stand, like Paul Proctor or Stephen Northcutt -- even if I disagree with them!

MS:3E will not shock the security world as the first edition did. Too many other security web sites and books have shared "hacking secrets" with the masses. This condition endorses the Anonymous author's first edition goal, but makes his third edition redundant. If he plans to write "general security books," I suggest he continue his theme of OS-specific titles. (Maximum Linux Security, Second Edition arrives soon, followed by Maximum Windows 2000 Security, First Edition.) Retire Maximum Security, or write a better general guide after transplanting the OS-specific material to their respective titles. Better yet, write a book on how to develop, code, and employ new exploits; that will be ground-breaking work! (Disclaimer: I received my review copy free from the publisher.)

Most of Information is old and can be collected from various Sites/Documents. Most of suggested Utils are out of date. Good Start for Newbies, worthless for people with experience in Network Security.

Maximum Security is one of those books that generate a lot of debate among readers. Business management types (AKA suits) would conjecture that the book is simply a nefarious cookbook for those who want a quick and dirty introduction to hacking and systems penetration. Engineers and experienced systems administrators would argue that the book is not deep enough for their needs. Both sides are right.

For the most part, Maximum Security is geared toward systems administrators who need to know how to secure their individual systems, but lack experience with information systems security. Those who are learning about information systems security and want to get their hands wet with hacking tools and concepts will find Maximum Security a good starting point. The book is an interesting read and has loads of information, including a plethora of links for further information. Each chapter lists many tools (both black, gray, and white hat) and additional resources for deeper information. But, those readers who want to understand how to design and engineer secure systems will likely find that the book does not meet their needs.

In Maximum Security, the author (Anonymous, with help from13 contributors) discusses an overview of systems security, and then describes the line of attack a hacker would use to penetrate a system. The downside to having so many contributors is that, with so many different authors, there is not a consistent style and methodology. (A similar title, Hacking Exposed has only three authors and a more methodical and systematic style). This lack of consistency between chapters is not a major concern when looking at individual systems, but when attempting to secure an enterprise with a single methodology, such an approach is often problematic.

The first three parts of the book provide a generic introduction to information systems security and the various threats and vulnerabilities associated with it. Parts four and five get into the nitty gritty of how attacks are carried out. The authors detail vulnerabilities and shortcomings of different types of systems, from firewalls and intrusion detection systems, to network operating systems (Solaris, Windows NT/2000, NetWare) and routers.

Chapter 20 provides a good introduction to the various issues with Unix security. While a lot of different topics are discussed (file system security, network services, host lockdown, and more), none of them are discussed in comprehensive detail.

Nicholas Raba, the author of Chapter 23 on Macintosh does a great job of destroying the myth of the presumed security invincibility of the Macintosh platform. Many people have the false assumption that the Macintosh is somehow more secure than Windows NT and Solaris. Raba astutely notes that for every hack that exists for the PC, there is an equivalent hack for the Mac.

CD-ROMs that accompany books are often of dubious value and only increase the cost of the book. However, the CD-ROM that comes with Maximum Security provides links, tools, and resources discussed in the book that are organized by chapter. It also contains over 25 different hacking and security tools.

One shortcoming of Maximum Security is that, although it provides hundreds of references and URLs, the reader does not come away with a clear understanding of the underlying techniques and methods necessary for the design and rollout of secure systems. The bulk of the book, with its underlying hacker mentality, focuses on security minutiae that make systems vulnerable. The book does not discuss high-level methods and strategies to resolve and ameliorate those security minutiae... Furthermore, Maximum Security does not get into the low-level programming details of how the described vulnerabilities work...Nonetheless, for those who want to experience the feel of hacking and use the tools that real-live hackers often use, Maximum Security is a good place to start.

I am responsible for a 50+ person intrusion detection mission, and I do recommend this book to my analysts -- but only after "Hacking Exposed," "Network Intrusion Detection," and "Core Internet Protocols." The first edition of this book caused quite a stir in the community, which may have been the greatest contribution made by the Anonymous author. Many other books explaining security and vulnerabilities followed, backed up by corporate-like public resources, like SecurityFocus.com. Now that security professionals are relying upon public databases, and tend to share information more freely, it's not necessary to spend lots of time reading specific vulnerability descriptions in "Maximum Security." I still appreciate the author's candor and courage. I look forward to the third edition, which will hopefully spend less pages cataloging exploits, while still explaining the root causes behind them.

Either reader flak from the terrible previous edition or the author's conscience catching up to him brought about this much improved second edition. I had written off Anonymous as yet another sellout-apparent-self-called "security expert" milking the InfoSec cash cow two years ago, but this latest install is a grand step up from the previous Maximum Security and the author has done a decent bit of work.

This book is a worthy addition to your bookshelf if you are in any way involved with computer security. If you are completely unknowledeable in the field, this book will bring you up to speed on general security history/principles and give you a plethora of resources for educating yourself even further. Actual security conscious admins may just wish to breeze through this, but keep it handy as a reference for the new guy in your section that doesn't have the faintest clue as to what computer security is.

Granted, much if not all of what is put forth in this book can be found on the Internet these days, but I find this book to be an indispensable "bookmark collection" of sorts. In addition to its ability to clearly define much InfoSec terminology in a way that is easily passed on to "users", Maximum Security can best be described as a "stepping off" platform for those that want to be fed the basics quickly, and then nudged in the right direction.

It's not all good, though. The CD that accompanies this book is practically worthless and pales in comparison to the previous edition's CD which wasn't much better. I didn't think they could make a worse CD than the first edition's, but somehow, they did. The one key feature of the CD that is "glorified" in the book by the author (a list of ALL the hyperlinks in the book, links to all the RFCs, and MS security advisories) isn't even ON the CD (eventually it was put out as a download from SAM's support site)! I KNOW that a better resource CD could be made in a matter of DAYS--it is a shame so little effort was put into the one with this book.

It's also important to note that this book fails to properly mention many new security tools and the explosion of Linux in particular-but this is to be expected from a book attempting to generalize such a dynamic field. And of course, the author will soon be releasing a "Maximum Linux Security" book--nice PR touch there.

Overall, this book is a worthy buy. But make sure you follow it up with a healthy learning initiative and catch up with the current state of the computer security field. And when you get this book, immediately throw the CD in the trash or use it as a drink coaster. ;)

Being both a hacker and a Sysadmin (no my boss doesn't know and never will) I read this book with pleasure. It offers a good perspective on the basics of The Deed. Although I must admit, that it wouldn't be a top-shelf-starting book on hacking. It is written primarily for the admins. The information and software in the book is somewhat outdated; what is so good about this book is that is lines out basic defensive measures that any of my fellow sysadmins can grasp and carry out. These are timeless; as is the awareness it will probably give them about their position in this world. Was very amused about the Microsoft-section! If your company is based on NT, and you feel fine about it, get this book QUICKLY. And pick up a copy of Novell for Dummies on your way. For the fellow Haxors: Don't buy this book. The Phracks, the Technicals on Blacksun, or the hackers.com archives will give you much more info than these books might ever provide you with.

Well, I have bought every version of this book since the first and continue to find reasons enclosed to keep it on my bookshelf. I even own Maximum Linux Security. Yep. It's excellent as well.

Not only does the book give you a good feel about where to find the tools of the trade it also gives you insight into their usage.

I regularly investigate computer-based instrusions and find that many of the concepts included in these chapters are enclosed.

I cut my teeth on this series of books a few years ago and continue to keep my skills fresh with them today.

I belieive in this book. I think any serious practitioner should at least browse it to see what he or she is missing. Loved it - Keep them coming.

I'm looking forward to seeing if this edition has anything on the latest exploits concerning the use of Nimda/Code Red/Unicode invasions that I am seeing in conjunction with Scanner Tools and remote control utilities is discussed or not... IRC-Scripters...

Anyone have info contact me ...Thanks...

I bought this book in 1998 and it was an instant knock out at that time. Being interested in hacking and security for a long time this book helped me alot especially the CD cotained some neat software. It also some email addresses for some nice security mailing list. But i think it would be better if they launch a new edition. The sequel to this books Maximum Linux Security ... is much better than this one. I recommend you read the later one.