PDF
Hacking Exposed: Network Security Secrets and Solutions, 4th ed.
Stuart McClure, Joel Scambray, and George Kurtz
McGraw-Hill, 2003, $49.99, ISBN: 0-072-22742-7
Knowledge is power, and you’ll feel both knowledgeable and powerful after reading this book.
The first chapter of this latest edition of Hacking Exposed discusses footprinting, the methodical process of network reconnaissance. The goal is to gather data about an organization in a controlled fashion and compile a complete security profile, including domain names, individual IP (Internet protocol) addresses, and network blocks.
Chapter 2 describes the process of scanning. Scanning is, in the authors’ words, the equivalent of “knocking on the walls to find the doors and windows.” Chapter 3 explains the process of enumeration, which probes the services identified by scanning for known weaknesses.
In Part 2, you can read the individual chapters that focus on the operating system in which you have the most interest: Windows personal operating systems, Windows servers, Novell, or Unix. Part 3 illustrates techniques that can be used to hack networks, network devices, wireless devices, PBXs (private branch exchanges), VPNs (virtual private networks), and firewalls—and covers DoS (denial of service) attacks.
In Part 4 you learn how hackers can take advantage of remote control insecurities and Web server vulnerabilities, hijack TCP connections, and attack the Internet user. Part 5, the appendices, lists ports and lays out, in the authors’ opinions, the top 14 security vulnerabilities.
New content in the fourth edition includes a DVD with a one-hour Hacking Exposed LIVE! seminar on the mentality of the hacker, case studies of recent security attacks, and up-to-date information on attacks and countermeasures for each area covered. The companion Web site (http://www.hackingexposed.com) includes helpful tools, scripts, and links sections.
Good security requires vigilance, proper policies and procedures, and setting up the network and its components to repel attackers. Think about this, but just for a second. Then buy this book and start improving the security in your organization.—Joy Gumz
Linux in a Nutshell, 4th Edition
Ellen Siever, Stephen Figgins, and Aaron Weber
O’Reilly Books, 2003, $39.95, ISBN: 0-596-00025-1
With more than 1,000 commands to document, any reference that tries to document them is going to be big. Linux in a Nutshell is almost 1,000 pages.
Chapter 3, “Linux Commands,” takes up roughly half of the book and essentially is a command reference. These pages, similar in layout to the Linux man (manual) pages, to a large extent mirror (but do not copy) the content. Sometimes the online man pages are more useful (for example, man), and other times Linux in a Nutshell adds some value (iptable, for example). In many cases, it is useful to have both references.
Chapters 4 and 5 cover boot methods and package managers. They are almost the only part of the book that deals with Linux as distinct from Unix.
The next three chapters cover the shell and go into detail about bash and tcsh. Each of these chapters serves as a useful mini-guide to the shell. There is a short chapter on pattern matching; a longer one with a mini-tutorial would have served the book well.
Chapters 10 through 15 provide an overview of several of the more useful and complex programs. These are Emacs, vi, sed, gawk, rcs, and CVS (concurrent versions system). I would like to have seen something similar for a few more utilities, such as cron and tar.
The final chapters cover the graphical desktop and the main desktop managers, Gnome and KDE (K desktop environment). There is also a chapter on fvwm.
This book is a comprehensive reference to Linux. It is one of O’Reilly’s many books on the subject, and they remain the best source. If you are learning Linux and are looking for a book that will instruct you or offer an introduction to the topic, then this book is not for you. If, on the other hand, you’re looking for a reference book to complement the tutorials and introductory books, then this book should serve as an excellent reference. And if your budget has money for only a single Linux reference, then this book should definitely be the one.—Martin Schweitzer
Originally published in Queue vol. 1, no. 10—
Comment on this article in the ACM Digital Library
© ACM, Inc. All Rights Reserved.