Building Open Source Network Security Tools: Components and Techniques (Paperback)

~ (Author) "The preceding definition of a network security tool, although technically accurate, does not offer a tangible description..." (more)
Key Phrases: chaos class query, ramping phase, libnet destroy, Passive Test, Active Test, Internet Control Message Protocol (more...)

Editorial Reviews

Review

“…if you ever write your own networking code, buy this book…” (iSeries Network, 6 March 2003)

Product Description

Learn how to protect your network with this guide to building complete and fully functional network security tools
Although open source network security tools come in all shapes and sizes, a company will eventually discover that these tools are lacking in some area - - whether it's additional functionality, a specific feature, or a narrower scope. Written by security expert Mike Schiffman, this comprehensive book will show you how to build your own network security tools that meet the needs of your company. To accomplish this, you'll first learn about the Network Security Tool Paradigm in addition to currently available components including libpcap, libnet, libnids, libsf, libdnet, and OpenSSL. Schiffman offers a detailed discussion of these components, helping you gain a better understanding of the native datatypes and exported functions. Next, you'll find several key techniques that are built from the components as well as easy-to-parse programming examples. The book then ties the model, code, and concepts together, explaining how you can use this information to craft intricate and robust security programs.
Schiffman provides you with cost-effective, time-saving guidance on how to build customized network security tools using existing components. He explores:
* A multilayered model for describing network security tools
* The ins and outs of several specific security-related components
* How to combine these components into several useful network security techniques
* Four different classifications for network security tools: passive reconnaissance, active reconnaissance, attack and penetration, and defensive
* How to combine techniques to build customized network security tools
The companion Web site contains all of the code from the book.

See all Editorial Reviews

Product Details

• Paperback: 416 pages
• Publisher: Wiley; 1 edition (October 11, 2002)
• Language: English
• ISBN-10: 0471205443
• ISBN-13: 978-0471205449
• Product Dimensions: 9.2 x 7.5 x 1 inches
• Shipping Weight: 1.7 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (23 customer reviews)
• Amazon.com Sales Rank: #760,804 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

18 of 18 people found the following review helpful:

5.0 out of 5 stars One of a kind!, January 22, 2003

By	Dr Anton Chuvakin (CA, USA) - See all my reviews

This exclusive book by Mike Schiffman, a recognized security authority, will not make a good bedtime reading even for the majority of hardcore security professionals. However, the value of this book is not in how fun it is to read, but in the amazing depth and breadth of network security material.

Starting from interesting and original security tool taxonomy - attack, active recon, passive recon and defense -, the book takes the steep road uphill towards the descriptions of several popular security libraries (two written by the book author himself). Libnet (packet injection), libpcap (packet capture), libnids (network IDS development), libsf (OS fingerprinting), libdnet (network parameters manipulation) and openssl (crypto) are covered in the excruciating level of detail. Code and API walkthrough, all functions, variables and primitives are covered complete with usage notes for various platforms. Each chapter is topped off by a complete security tool example, designed and developed using the library. Many pages of superbly commented tool source code are included in the chapter end.

Complete code is also provided at the publisher download site. Experimenting with the code is a good part of the fun brought by the book, so download is highly suggested.

The book is most useful for those wishing to gain truly in-depth understanding of network security tools and for aspiring tool builders. After all, the book is much easier to read and understand then just plain source, even if well commented.

Another bonus is a comprehensive description of buffer overflow and format string exploits, provided in the chapter on attacks and vulnerabilities.

The book ends with painfully detailed "firewalk" recon tool description, created by Mike Schiffman. It starts with design (with flowcharts and diagrams) and goes onwards to implementation and code walkthrough. 2200 lines of tool source code conclude this mighty volume.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

7 of 7 people found the following review helpful:

4.0 out of 5 stars a great resource for security professionals, November 18, 2002

By	jose_monkey_org "jose_monkey_org" (ann arbor, mi, USA) - See all my reviews

this is pretty much the book i've been looking to add to my library for a while. schiffman covers the major libraries in security (libnet, libdnet, libpcap, openssl, libsf, and libnids) in a smooth and excellent way, and then brings them together in several small apps and then firewalk 5.0. in this book we learn techniques to complement the tools we learn how to craft.

i was a bit let down in some of the details being left out of the libraries schiffman didn't write, such as pcap and ssl. these are really difficult to master libraries, some more attention could have been given here.

another reviewer noted that the book really ignores the windows developer, which is true to an extent. however, what schiffman doesn't say (and the reviewer doesn't state) is that several of the libraries (pcap, libnet, libdnet, openssl) work just fine on windows. it would have been helpful to have seen that covered more, but perhaps in the next edition.

all in all, a reccomended book. now infosec people will have no reason to say they can't write their own network attack apps. and hopefully it will inspire someone to write a better mousetrap, too. i'm still surprised it took so long to appear on the shelves!

3 of 3 people found the following review helpful:

5.0 out of 5 stars Excellent guide for the network administrator, April 17, 2003

By	W. Fergerstrom "ferg" (san diego, ca) - See all my reviews (REAL NAME)

This review is from: Building Open Source Network Security Tools: Components and Techniques (Unbound)

This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.