Customer Reviews

White-Hat Security Arsenal: Tackling the Threats

5 star:		(10)
4 star:		(3)
3 star:		(0)
2 star:		(0)
1 star:		(3)

 

 

This is not your standard how-to security book. This is a well-designed, well-written volume on what the threats are, how they work, and what there is on hand to resist those threats.

Viruses, worms, denial of service attacks are just the beginning of this. Rubin dissects the Morris Worm, Melissa, ILove You, and several other malicious invertebrates. His explanations of just how these infiltrative beasties work is just brilliant.

The sections on secure transfer, setting up session keys, SSL, and encrypted email are really fine.

This is a ``different'' security book: and it's one you need.

I am a senior engineer for network security operations. I read this book because I try to learn from authors who have demonstrated expertise in the security field. I recommend reading "White Hat Security Arsenal" (WHSA) if you are looking for a bridge between the academic/research security world and the practical, hands-on world. I also recommend it if you want in-depth discussions of the how and why of various security "solutions."

Two aspects of WHSA differentiate it from the competition. First, the author (Avi) shows he keeps tabs on the security research community, and relates important findings to the reader. For example, as an intrusion detector I recognized the author's references to papers on "traceback" problems. For areas I don't monitor closely, like cryptography, Avi explains how certain less publicized protocols and algorithms could benefit users and administrators. Should I want to progress beyond Avi's discussion, I can follow the links and read the papers he cites.

Second, the author delivers content via a "problem-threat-answer" method. He doesn't simply list technologies. For example, in chapter 9 Avi asks "Assume that Alice and Bob have session keys for encryption and authentication. How do they protect their communication?" Avi then describes the threat (essentially an adversary who controls the network between Alice and Bob). He continues with a discussion of alternatives (encryption, authentication, etc.) and concludes with a case study (IPSec). Avi's focus on problems rather than technologies is refreshing.

WHSA has a few shortcomings. A good portion of the book (chapters 4-9) centers on cryptography. Users who can decipher function notations like "a^y mod p" and so on will be comfortable, but others may cringe. I also felt a mismatch existed between the explanation of threats (mainly viruses in chapter 3) and the material that followed. While Avi's discussion of historically important malicious code (Morris worm, Melissa virus, etc.) was useful, it seems to reinforce the uninformed manager's opinion that malicious code is the ultimate threat to computer security. (DDoS was briefly a concern, but viruses impacting end users gets the most air time.)

Overall, WHSA is a good book for security professionals looking to answer the how and why questions. Avi gives insights on such topics as PGP vs. S/MIME, the drawbacks of Microsoft Passport, and why long-term secret keys should be used to create short-term session keys. Readers are guided by his problem-threat-solution framework, and have an opportunity to learn of some of the best academic work available. Given that all of the material is framed with case studies (how to use SSL in a web browser, how to perform back-ups, and so on), most readers will find WHSA valuable.

For any IT professional, or any executive management that is supported by or has to manage and collaborate with technology teams, finally a book that addresses "problems" and "solutions" across the tech landscape -- all in one book. The sections deal with how to secure systems across the IT landscape, specifically Threat, Storage, Data Transmission, Network Threats, Privacy & Commerce. Whether you are a non-technical manager needing a primer, or a CTO of a Fortune 500 company, Mr. Rubin lays out the landscape in an accessible format, covering the theory and practice of security. Then he goes farther by helping today's execs and IT professionals accomplish what he does for his hi-tech clients, with actionable strategies and solutions.

+AH4-Every year, tens of thousands of people land a network security management job for the first time - often by accident, as they get promoted to be the senior system administrator or network operations manager. They need to learn about threats and countermeasures, fast, and don't have the time to go into the kind of detail you find in an infosec MSc course or even a CISSP qualification.

What book do you recommend to someone in that situation?

Until I got a copy of Avi Rubin's `White Hat+AH4-+AH4- Security Arsenal', I'd probably have suggested that they read Cheswick and Bellovin's `Firewalls and Internet Security', or Spafford and Garfinkel's `Practical Unix and Internet Security'. Now, I think Avi's book has edged into the lead. I believe that, like them, it will come to be seen as a classic; unlike them, it was written recently rather than in the early-to-mid 1990s.

As well as the basic nuts and bolts of things like access control, firewalls, and cryptography, it looks at the+AH4-+AH4- latest viruses and worms (on which surprisingly little has been written since Word viruses took over the lead from DOS viruses several years ago); remote backup services; popular crypto protocols and products such as SSL and Passport; and anonymity services.

It is not so much aimed at the engineer who has to design and build new systems (for that, see my own book `Security Engineering'), but the user or administrator who wants to take commodity products such as web servers, routers and+AH4-+AH4- firewalls, and configure them in an intelligent way. I believe it succeeds in this task; it teaches enough of the underlying cryptography and system science, without getting too bogged down in detail. It also includes a number of case studies that illustrate, motivate, and help the reader develop some feel for the technical aspects of security management.

I expect that this book will do well. It deserves to,+AH4-

When I first saw this cover, I thought it was silly. I still think that it is a silly cover, but it is a great book. The first thing I like about it is the idea of chapters covering specific problems. The PGP Disk section that explains how to store data on a computer was great, and I've started using that program. It's not just a product endorsement book, though. The explanations are very detailed, and simple enough to follow even though I do not have a security background. My degree is in general computer science. I've checked out other security books, but this is the one I like the most. The writing style is very entertaining. There is good information, and it is presented in an interesting way. That is rare. I wish that the book covered more problems. For example, there is only a brief section on denial of service, which is something many of my clients are asking about. Also, the virus section is very good, but it is dated. Obviously, it was written before Code Red. I'm not sure what the author could do about that, but maybe a companion web site would be good. I also thought that the chapter about backup systems might get dated quickly. There are companies presented, and many of them are probably already out of business. However, the author covers the philosophy behind these companies and why they are good or bad, so I guess it will not be dated that quickly. All in all, I think this is the best security book I have seen, and for someone who has actual security problems, or in my case, clients with real security problems, it is a great educational tool.

This book explained to me how to solve the problems that I deal with all the time in my job. I like the fact that someone took the time to think about the reader and not to focus so much on all of the esoteric aspects of security that you find in most books. I already loaned my copy out to a colleague, and I'm recommending this book for everyone.

I bought this book along with many others a while back. I am a network security consultant. I wanted to broaden my skills a bit and make sure my knowledge was up to par with others in the field.

I found this book very incomplete and dated. Most of the information was relevant about 5 years ago. Since then tatics and technologies have changed rather significantly.

For example, the book does not even mention intrusion detection systems. This is a staple technology of the security community and any hacker worth his weight would focus a great deal of energy on circumnavigating or overloading these devices.

Also, the book treats firewalls as the "end all be all" of network security. Which simply is not the case. Firewalls are important, but certainly not the only security product you implement.

Pass this book by and go for much better books such as Hackers Challenge or Know Your Enemy by the Honeynet team.

I have known Avi Rubin for many years now, and whenever he writes something it's almost always worth reading. As an early reviewer of the manuscript, I knew that the IT community, charged with actually implementing security as opposed to simply studying it, was in for a real treat. While most security books (including my two books "Java Security" and "Securing Java") focus on technologies and require readers to internalize many concepts in order to get something useful out of them, the "White-Hat Security Arsenal" keeps its eye on the ball. It is directly focused on solving real security problems that IT professonals have to contend with every day. For example, Avi's book has answers that explain:
How to secure data.
The threats on the Internet, and what can you do about them.
Why malicious code is an issue, and how to deal with it.

Avi did an excellent job bringing the right problems to the forefront, and the solutions demonstrate his great expertise and experience. Building secure systems (and especially software...see my new book "Building Secure Software") is the best pro-active solution to security, but as long as we're stuck in the real world, there are plenty of other things to focus on! Avi's book complements "Building Secure Software" wonderfully.

Buy this book.

Computer security is only one of many things that everyone knows is critical, but few have time for until the situation requires it. However, like documentation, process and all of the other neglected facets we all struggle to achieve, the only way to do it effectively is to incorporate it into your daily schedule. To do that, it is necessary to know the fundamentals of security, which is the point of this book. The security of a computer system is an ultimate team sport. No matter how talented your security experts, all of their efforts can be defeated by a simple error made by the most junior member of the team. In fact, there is an enormous amount of anecdotal evidence indicating that most security breaches are preventable by utilizing the most simple of rules. However, the very simplicity of those rules tend to numb people to their essential nature, as the typical person is more likely to break a simple rule than a complex one that appears critical. After all, doing this simple thing one time wont hurt will it?
The security principles put forward in this book are all in the basic category, presented in a clear, concise manner that is easy to understand. The topics are:

* Viruses and worms
* Secure data storage
* Secure data transfers
* Protecting a network
* Performing secure e-commerce transactions.

I fall into the category of someone who is concerned about security, knows something about it, wants to know more, but always puts it aside because I quickly grow tired of reading material that comes across as sensational. The one thing that really sold me on this book is the lack of sensationalism, with security problems being presented in a professional, non-technical manner rather than dire predictions of disasters lurking on the flip side of every hard drive.
All of us in computing need to know the basics of security at the very least and even basic users should know more than that. This book is a good place to start and I urge everyone to learn the simple rules. Admonitions like dont play with fire may be simple, but they save more grief than any complex rule set could ever do.

This was a curiosity read and I found it a pretty good introduction to the security world.

Due to the age of the book; it is becoming dated as some links in the book no longer work. But I will say that I found the missing information on the Net. Some of the software mentioned have been retired or no longer exists. For example; Netscape communicator and the old PGP package offered by the old Network Associates.

One area that might make a neophyte go into a comma was chapters 4-9 as a rather dry discussion of cryptology is presented. The information is good but to somebody who is curious about security might find it rather boring.

A good thing about this book is that it doesn't provide solutions via the favorite software or devices of the day. It presents a problem and offer ways to analyze it and deploy a solution. This is something lacking in a few books as it does open a readers mind to thinking about how to deal with issues.

The book also talks a little about the famous incidents of the past such as the Morris worm and some viral attacks. But again due to the age, spyware is not really discussed.

Overall, this is a decent book as it will discuss things like PGP, S/MIME, SSL, and tools such as a sniffer.

The best part of the book is the information offered at the end of each chapter. If a reader wants to learn more, you will find places to get this information.