Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network [ILLUSTRATED] (Paperback)

by Michael Gregg (Author)
Key Phrases: burp proxy, code listing, tunnel mode, The Application Layer, The Transport Layer, The People Layer (more...)

Editorial Reviews

Product Description
This book looks at network security in a new and refreshing way. It guides readers step-by-step through the "stack" -- the seven layers of a network. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found at that layer. The book even includes a chapter on the mythical eighth layer: The people layer.

This book is designed to offer readers a deeper understanding of many common vulnerabilities and the ways in which attacker's exploit, manipulate, misuse, and abuse protocols and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they occur.

What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that may be monitored that would have alerted users of an attack.

* Remember being a child and wanting to take something apart, like a phone, to see how it worked? This book is for you then as it details how specific hacker tools and techniques accomplish the things they do.

* This book will not only give you knowledge of security tools but will provide you the ability to design more robust security solutions

* Anyone can tell you what a tool does but this book shows you how the tool works

About the Author
Michael Gregg is the President of Superior Solutions, Inc. and has more than 20 years experience in the IT field. He holds two associate's degrees, a bachelor's degree, and a master's degree and is certified as: CISSP, MCSE, MCT, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA.

Product Details

• Paperback: 416 pages
• Publisher: Syngress (January 10, 2007)
• Language: English
• ISBN-10: 1597491098
• ISBN-13: 978-1597491099
• Product Dimensions: 8.8 x 7 x 1.4 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 3.2 out of 5 stars See all reviews (5 customer reviews)
• Amazon.com Sales Rank: #636,071 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

22 of 25 people found the following review helpful:

3.0 out of 5 stars Good idea, inadequate execution, November 5, 2006

By	Richard Bejtlich "TaoSecurity.com" (Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

I teach a course called "TCP/IP Weapons School" that involves walking students up the OSI model. We look at network traces generated by tools and techniques to defeat security measures. When I saw "Hack the Stack" (HTS) I thought it might make a good resource for my class, since HTS seemed to advocate a similar approach. Unfortunately, technical errors, shoddy production, internal repetition and poor organization, and a lack of original material make me question the value of HTS.

A critical aspect of a security book is technical accuracy, but HTS does not deliver. In some cases the book is half-right, or it omits important elements. For example, p 9 implies only port 20 TCP is used for TCP data; that's true for the server in active FTP, but passive FTP uses arbitrary ports. p 15 says SOCKS is "Windows Sockets," when SOCKS is a proxy protocol. p 71 says CSMA/CA (wireless) is similar to CSMA/CD (traditional Ethernet), but the two protocols are very different; CSMA/CA is much more complex. p 115 should say IP proto 41 is "IPv6 in IPv4", and not imply that IP proto 41 is somehow "IPv6". p 118 says "ICMP messages cannot be sent in response to other ICMP messages." That's not true; otherwise, ICMP echo would not be able to elicit an ICMP echo reply. (The authors meant ICMP error messages cannot elicit ICMP errors.)

Several times the book makes odd statements. p 14 says the first virus concept appeared in 1984, but non-PC viruses existed in the 1970s and the first PC virus (Elk Cloner) was in the wild in 1982. p 3 says "IDS has a short history" by citing Dorothy Denning's work in 1983, but ignores James Anderson's 1980 work for the Air Force as the first real IDS pioneer. p 119 says "consider disabling ICMP," which ignores breaking path MTU discovery and other crucial ICMP services. p 131 says idle scans were developed in 1988; it's 1998. p 131 also says a SYN to a closed port elicits a RST response, but it's really a RST ACK.

On the production side, Syngress did a very poor job publishing screen shots. HTS advertises "using Snort and Ethereal" in the book's subtitle, but many of the Ethereal screen captures are either too tiny or fuzzy or blacked out to be legible. This defeats the purpose of including them.

As far as organization goes, HTS is supposed to take a layer-by-layer look at security issues. However, material that should stay in one section is sometimes repeated or introduced in other sections. For example, there is no need to be discussing ARP (layer 2) manipulation in the layer 5 chapter, or again in the layer 6 chapter. HTTP interception tools should not appear in the layer 6 chapter when they fit properly in layer 7. SYN floods should not pop up in layer 4 and 5 chapters; pick one and consolidate coverage there. p 162 even says "Exchanges at the Transport layer are typically in clear text... FTP is a good example of this." The first assertion is wrong, and why is FTP appearing in the layer 4 chapter anyway? p 92 should recognize that PGP is not "Pretty Good Protection."

I didn't think it made sense to introduce Ethereal in ch 3, and then split coverage of Snort between ch 5 and ch 6. Furthermore, HTS made the mistake frequently repeated elsewhere of configuring Snort to log directly to a database. Without using unified logging with a spool reader like Barnyard, such a setup is only useful in demonstration purposes where packet loss is not an issue. To the extent necessary, Ethereal and Snort should have appeared in appendices and not the main "layer" text.

Finally, I did not find anything in the technical realm I had not read elsewhere. All of the tools (Nmap, Nessus, Hping, Amap, etc.) are familiar to most every network security practitioner, or they have been documented in great books like Anti-Hacker Toolkit or even other Syngress titles. It's ok to cover such tools if they are used in a novel way, but that didn't happen in HTS. I hoped to read something more original, say in the layer 4 chapter. Instead HTS discusses port scanning, OS fingerprinting, and SYN floods.

The two chapters which may be of interest to readers include those on layer 1 and "layer 8." Layer 1 offers some basic lock picking information as well as the sort of physical security suggestions you'd find in a CISSP book. On a sad note, the vignette on Rick Rescorla on p 35 doesn't mention that he tragically died on 9/11. Layer 8 discusses policies, social engineering, and related "people issues."

Overall, I think there is room for a book like HTS. It's too bad this one did not deliver what I was expecting. I do appreciate the authors citing my network security monitoring methodology on p 232.

4 of 4 people found the following review helpful:

3.0 out of 5 stars Now exactly what I expected, but a good reference starter, December 12, 2006

By	C. Miller "IdoNotes" (Missouri) - See all my reviews (REAL NAME)

I anticipated the book going more in depth in certain areas, but the overview it provided for each section was a great starter. I do agree with another reviewer that stated it was missing references to certain website links or direction to where to gather more information. This was a downside, mainly in dealing with large technical references such as this book. An index or glossary, noting the pages used and full definitions would have gone a long way.

I did like some of the directions on testing and building of products, scripts or other methods to verify your own environment however. I do realize you can only fit so much detail, but some definition areas needed more explanation that a simple paragraph. I would have looked to eliminate those and expand on others to give the feeling of deeper information.

Now saying all that, I appreciated the adding of the 8th layer that is not mentioned anywhere else. The reading was fairly straightforward and simple for the intermediate level technical administrator. Some of the references are not for the basic entry level, as it jumps right into topics that assume basic knowledge of networks, protocols and even mail and messaging.

I shared this with some staff in the office for reading of particular areas and will be keeping it on the bookshelf (which means it is a keeper)

3 of 3 people found the following review helpful:

4.0 out of 5 stars Unique Concept - Good Introduction to Topics, February 9, 2007

By	Psygnosis1 - See all my reviews

Hack the Stack is a Syngress title that primarily focuses on security topics layer by layer. The book takes a concept most people know, the OSI model, and uses that approach to discuss security exploits, vulnerabilities, and defenses. I liked the concept and the manner in which the material was presented. The books takes the 7 layer model and adds one more for people, this made sense to me.

The book starts out with the physical layer and continues up through each layer. The final chapter is a kind of checklist that reviews the material covered in the other chapters. Each chapter provides a hands-on security project. The ones on Snort and Bluetooth were my favorites. The book uses a number of Open Source or free tools like Snort and Wireshark to explain concepts I often wondered about. The authors seem to know the material but as others have said I wish they would have provided more resources and a glossary. With that in mind I rated this book four stars.