Customer Reviews

Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting

5 star:		(0)
4 star:		(0)
3 star:		(2)
2 star:		(1)
1 star:		(0)

 

 

As the name implies, this is a collection of writings on the various uses of virtualization in the context of computer security. And while it does provide a decent amount of information to get you started using virtualization in the various areas of computer security discussed, it does a poor job of exploring the various options available to the security practitioner. Furthermore, while the book description claims to cover all major and widely deployed virtualization products, it makes only brief mention of XEN on page 57, where it discusses the caveats of paravirtualization, and it is never touched upon again. Microsoft Hyper-V is given the same treatment, appearing only once on pages 153-154 where it talks about limiting network traffic from virtual machines. This is disappointing when it the book states it covers VMware, XEN, and Microsoft Hyper-V, then only mentions XEN and Hyper-V briefly and in no real detail.

Of course, that is not to say that this book is not valuable, because it is a useful resource if you wish to use virtualization for security tasks such as research or investigations, and it discusses in good detail some of the caveats of using virtualization for those tasks, especially in malware investigation. There are also some great real-world examples of what tools to use and how to use them for various tasks. But, the book concentrates nearly its entire focus on using VMWare, and if you are interested in using other tools like XEN, as I am, you will be disappointed. Some of the details covered in the book about virtualization in general will be helpful with running XEN virtualization for security, but you will need to look at other resources for the details on how to get that running and how to use it, because this book simply does not address it. The book also lacks a bit of cohesion, since it is the collected and edited works of several disparate authors. I could forgive the cohesion issue if it existed on its own, because it is to be expected with this type of book, but the cost of the book coupled with the lack of details on products outside of the VMware family is disappointing enough to give it only three stars.

This book reminds me why I rarely buy any Syngress publication any more. I've found that all too frequently Syngress titles over-promise and under-deliver. The same is true for this book. Others have commented on the dearth of information concerning Xen, Hyper-V, or VirtualBox, as well as the CWSandbox tool not being freely available. I myself am OK with focusing solely on VMware, but the version covered is this book is out of date, and several security additions to the platform (such as VMSafe and vShield) aren't covered. Details are missing that would be useful to the practitioner: consider the section on in Chapter 14, "Training," entitled "Suggested Vulnerabilities for Linux." Turning to this section lists exactly one: a modification to an FTP server such that permits an anonymous user access to a user's home directory.

There's also the issue of filler. Let me quote. "Finally, a number of packages were installed which had known buffer overflow issues. Again, these were packages with known buffer management issues." Is there an echo in here? Not to mention the over-size typeface and the pages with a single screen-shot.

It also annoys me no end that the back cover announces in red-accented type: "Buy this book and Syngress gives you access to the e-book version -- FREE!" Go ahead and visit, and try to "find the directions for activating ..." I for one could not.

So: there are some nuggets worth mining in this book, especially if you're new to the whole area of V12n and Security. If you have on-line subscription for technical books, such as Safari, it may be worth a look. But save your hard-earned currency and book-shelf space for some other book.

Recommendation? OK read, no buy.

Overall the book is decent, it covers a variety of topics and fairly in-depth. One of the items that upset me was that the book states in Chapter 3 page 73, that CWSandbox has a research version that is offered for free from Sunbelt software. That is completely false as I called the organization, scoured Google and turned up nothing is offered for free, CWSandbox costs 15k annually. The individual I spoke with at Sunbelt even informed me it was never offered for free ever in its existence, it only offers a reduced cost for academia. So I believe the author got his information wrong or needs to provide where we as readers can get it for free. In addition this affects Chapter 6 which is the malware analysis portion, which demonstrates using CWSandbox, so two chapters are worthless unless you have a copy of CWSandbox. The rest of the book is an interesting read but if you are looking to read this book as I was for the Sandboxing be prepared to be disappointed.