REVIEW - Hack Attacks Revealed - A Complete Reference for UNIX, Windows, and Linux with Custom Security Toolkit


Title:

Hack Attacks Revealed

A Complete Reference for UNIX, Windows, and Linux with Custom Security Toolkit

Author:

John Chirillo

ISBN:

Publisher:

Wiley (2002)

Pages:

928pp

Reviewer:

Francis Glassborow

Reviewed:

December 2002

Rating:

★★☆☆☆


I reviewed the first edition of this book about eighteen months ago. At that time I suggested that if you were responsible for a local network you should find time to read it. With the growth of always on, broadband connections to the Internet, security becomes ever more important. You may think that your personal computer is of so little importance that crackers will ignore it. I have news for you; your innocent and apparently harmless home computer is a potential weapon in a war that is being waged. Let me explain a little:

Last month there was a concerted 'denial of service attack' on the root DNS servers of the Internet. (Excuse me if my terminology is not exactly correct, the substance is). There are thirteen of these that are widely distributed geographically to ensure that they cannot all be destroyed by a physical attack. Those responsible believe that at least five of these servers must be operating for the Internet to continue to function at all levels. It is a bit like cutting the roots of a tree, cut enough of them and the tree will continue to appear to live on the surface but problems will increasingly manifest as it dies.

The 'denial of service' attack took out seven of the root servers for an hour and intermittently took out two others. Do the arithmetic and you will realise that we were close to the critical boundary. Denial of service relies on being able to pervert ordinary computers so those massive amounts of data are dispatched from many places to the computer(s) being attacked. By itself your little machine is pretty harmless, couple it with a few million others and we have a very different scenario.

Now the real problem is that there is no way that the ordinary member of the public is going to understand how to defend their computer from being hijacked to do nefarious deeds. All that most of us can do is to insist that those having long-term Internet connections should add such things as firewalls and keep them up to date. The latter is a serious problem. Failing to back-up your own data is your choice, but failing to protect your equipment from being perverted is potentially harmful to the wider community.

Enough said. Most will not have time to read this book, but the more that make time the more likely that the message about our computers vulnerability will get spread. Note that I have not said anything about this book, only why you might make time to read it. Let me finish with a quotation from the Introduction.

The primary difference between this second edition and the original Hack Attacks Revealed, aside from some rectified errata, is more than 170 new advanced discovery techniques, malicious code coverage of Myparty, Goner, Sircam, BadTrans, Nimda, Code Red I/II, and more; current vulnerabilities, advisories, and hacking labs, plus additional illustrations, and techniques for routers, operating systems (including Windows 2000/Pro and XP, Solaris, LINUX), and server softwaredaemons. You'll also find a special chapter dedicated to the Top 75 Hack Attacks. To accommodate the new material, in this edition, most of the extraneous information, lists, and some source code has been moved from the body of the book to the CD-ROM.

A traditional Chinese curse is 'May you live in interesting times.' Well we do and we need to do our bit to make them less interesting.


Book cover image courtesy of Open Library.





Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED


By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED



Settings can be changed at any time from the Cookie Policy page.