- Paperback: 481 pages
- Publisher: Syngress; 1 edition (December 27, 2006)
- Language: English
- ISBN-10: 1597491098
- ISBN-13: 978-1597491099
- Product Dimensions: 7.1 x 1.4 x 8.9 inches
- Shipping Weight: 1.4 pounds (View shipping rates and policies)
- Average Customer Review: 9 customer reviews
- Amazon Best Sellers Rank: #2,501,363 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Hack the Stack: Using Snort and Ethereal to Master The 8 Layers of An Insecure Network 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
See the Best Books of 2018 So Far
Looking for something great to read? Browse our editors' picks for the best books of the year so far in fiction, nonfiction, mysteries, children's books, and much more.
Customers who bought this item also bought
About the Author
Michael Gregg is the President of Superior Solutions, Inc. and has more than 20 years' experience in the IT field. He holds two associate’s degrees, a bachelor’s degree, and a master’s degree and is certified as CISSP, MCSE, MCT, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA. Michael's primary duty is to serve as project lead for security assessments, helping businesses and state agencies secure their IT resources and assets. Michael has authored four books, including Inside Network Security Assessment, CISSP Prep Questions, CISSP Exam Cram2, and Certified Ethical Hacker Exam Prep2. He has developed four high-level security classes, including Global Knowledge's Advanced Security Boot Camp, Intense School's Professional Hacking Lab Guide, ASPE's Network Security Essentials, and Assessing Network Vulnerabilities. He has written over 50 articles featured in magazines and Web sites, including Certification Magazine, GoCertify, The El Paso Times, and SearchSecurity. Michael is also a faculty member of Villanova University and creator of Villanova's college-level security classes, including Essentials of IS Security, Mastering IS Security, and Advanced Security Management. He also serves as a site expert for four TechTarget sites, including SearchNetworking, SearchSecurity, SearchMobileNetworking, and SearchSmallBiz. He is a member of the TechTarget Editorial Board.
Stephen Watkins (CISSP) is an Information Security Professional with more than 10 years of relevant technology experience, devoting eight of these years to the security field. He currently serves as Information Assurance Analyst at Regent University in southeastern Virginia. Before coming to Regent, he led a team of security professionals, providing in-depth analysis for a global-scale government network. Over the last eight years, he has cultivated his expertise with regard to perimeter security and multilevel security architecture. His Check Point experience dates back to 1998 with FireWall-1 version 3.0b. He earned his B.S. in Computer Science from Old Dominion University and his M.S. in Computer Science, with Concentration in InfoSec, from James Madison University.
George Mays (CISSP, CCNA, A+, Network+, Security+, INet+) is an independent consultant with 35 years' experience in computing, data communications, and network security. He holds a B.S. in Systems Analysis. He is a member of the IEEE, CompTIA, and Internet Society.
Chris Ries is a Security Research Engineer for VigilantMinds Inc., a managed security services provider and professional consulting organization based in Pittsburgh. His research focuses on the discovery, exploitation, and remediation of software vulnerabilities, analysis of malicious code, and evaluation of security software. Chris has published a number of advisories and technical white papers based on his research and has contributed to several books on information security. Chris holds a bachelor’s degree in Computer Science with a Mathematics Minor from Colby College, where he completed research involving automated malicious code detection. Chris has also worked as an analyst at the National Cyber-Forensics & Training Alliance (NCFTA), where he conducted technical research to support law enforcement.
Ronald M. Bandes (CISSP, CCNA, MCSE, Security+) is an independent security consultant. Before becoming an independent consultant, he performed security duties for Fortune 100 companies such as JP Morgan, Dun and Bradstreet, and EDS. Ron holds a B.A. in Computer Science.
Brandon Franklin (GCIA, MCSA, Security+) is a network administrator with KIT Solutions, Inc. KIT (Knowledge Based Inormation Technology) Solutions, Inc. creates intelligent systems for the health and human services industry that monitor and measure impact and performance outcomes and provide knowledge for improved decision making. A KIT system enables policy makers, government agencies, private foundations, researchers, and field practitioners to implement best practices and science-based programs, demonstrate impacts, and continuously improve outcomes. Brandon formerly served as the Team Lead of Intrusion Analysis at VigilantMinds Inc., a Pittsburgh-based managed security services provider.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
I'm an audit professional and while networking is not my field of expertise, I needed to study it for a professional examination I was appearing for.
It was then that this book helped me a lot. When you read the book you can actually appreciate what goes behind that laptop you type on and those chats you have across time and space and what happens when you send an email. Which is essential knowledge when you consider how unsecure networks are and the vulnerability to hacking from viral and rogue parties.
Hack the Stack was written for those who seek to better understand and to gain a deeper knowledge of how TCP/IP systems really work. Such knowledge enables security professionals to make networks more secure. Through this book, though I may not have understood the specifics enough to be an expert, I've become more aware of the attendant risks of being snooped at and having systems hacked. I have recommended this book to others who I am sure will make use of the knowledge to make their Company's network more secure.
The knowledge given here was not too much in detail which was good considering I am not someone from the field. I am planning to start an e-commerce business website soon and this book gave me some tips I will need to consider when I finally get down to that.
This was a helpful book to me.
A critical aspect of a security book is technical accuracy, but HTS does not deliver. In some cases the book is half-right, or it omits important elements. For example, p 9 implies only port 20 TCP is used for TCP data; that's true for the server in active FTP, but passive FTP uses arbitrary ports. p 15 says SOCKS is "Windows Sockets," when SOCKS is a proxy protocol. p 71 says CSMA/CA (wireless) is similar to CSMA/CD (traditional Ethernet), but the two protocols are very different; CSMA/CA is much more complex. p 115 should say IP proto 41 is "IPv6 in IPv4", and not imply that IP proto 41 is somehow "IPv6". p 118 says "ICMP messages cannot be sent in response to other ICMP messages." That's not true; otherwise, ICMP echo would not be able to elicit an ICMP echo reply. (The authors meant ICMP error messages cannot elicit ICMP errors.)
Several times the book makes odd statements. p 14 says the first virus concept appeared in 1984, but non-PC viruses existed in the 1970s and the first PC virus (Elk Cloner) was in the wild in 1982. p 3 says "IDS has a short history" by citing Dorothy Denning's work in 1983, but ignores James Anderson's 1980 work for the Air Force as the first real IDS pioneer. p 119 says "consider disabling ICMP," which ignores breaking path MTU discovery and other crucial ICMP services. p 131 says idle scans were developed in 1988; it's 1998. p 131 also says a SYN to a closed port elicits a RST response, but it's really a RST ACK.
On the production side, Syngress did a very poor job publishing screen shots. HTS advertises "using Snort and Ethereal" in the book's subtitle, but many of the Ethereal screen captures are either too tiny or fuzzy or blacked out to be legible. This defeats the purpose of including them.
As far as organization goes, HTS is supposed to take a layer-by-layer look at security issues. However, material that should stay in one section is sometimes repeated or introduced in other sections. For example, there is no need to be discussing ARP (layer 2) manipulation in the layer 5 chapter, or again in the layer 6 chapter. HTTP interception tools should not appear in the layer 6 chapter when they fit properly in layer 7. SYN floods should not pop up in layer 4 and 5 chapters; pick one and consolidate coverage there. p 162 even says "Exchanges at the Transport layer are typically in clear text... FTP is a good example of this." The first assertion is wrong, and why is FTP appearing in the layer 4 chapter anyway? p 92 should recognize that PGP is not "Pretty Good Protection."
I didn't think it made sense to introduce Ethereal in ch 3, and then split coverage of Snort between ch 5 and ch 6. Furthermore, HTS made the mistake frequently repeated elsewhere of configuring Snort to log directly to a database. Without using unified logging with a spool reader like Barnyard, such a setup is only useful in demonstration purposes where packet loss is not an issue. To the extent necessary, Ethereal and Snort should have appeared in appendices and not the main "layer" text.
Finally, I did not find anything in the technical realm I had not read elsewhere. All of the tools (Nmap, Nessus, Hping, Amap, etc.) are familiar to most every network security practitioner, or they have been documented in great books like Anti-Hacker Toolkit or even other Syngress titles. It's ok to cover such tools if they are used in a novel way, but that didn't happen in HTS. I hoped to read something more original, say in the layer 4 chapter. Instead HTS discusses port scanning, OS fingerprinting, and SYN floods.
The two chapters which may be of interest to readers include those on layer 1 and "layer 8." Layer 1 offers some basic lock picking information as well as the sort of physical security suggestions you'd find in a CISSP book. On a sad note, the vignette on Rick Rescorla on p 35 doesn't mention that he tragically died on 9/11. Layer 8 discusses policies, social engineering, and related "people issues."
Overall, I think there is room for a book like HTS. It's too bad this one did not deliver what I was expecting. I do appreciate the authors citing my network security monitoring methodology on p 232.
I did like some of the directions on testing and building of products, scripts or other methods to verify your own environment however. I do realize you can only fit so much detail, but some definition areas needed more explanation that a simple paragraph. I would have looked to eliminate those and expand on others to give the feeling of deeper information.
Now saying all that, I appreciated the adding of the 8th layer that is not mentioned anywhere else. The reading was fairly straightforward and simple for the intermediate level technical administrator. Some of the references are not for the basic entry level, as it jumps right into topics that assume basic knowledge of networks, protocols and even mail and messaging.
I shared this with some staff in the office for reading of particular areas and will be keeping it on the bookshelf (which means it is a keeper)