REVIEW: "Counter Hack", Ed Skoulis
- BKCNTRHK.RVW 20011023
"Counter Hack", Ed Skoulis, 2002, 0-13-033273-9, U$49.99/C$75.00
%A Ed Skoulis
%C One Lake St., Upper Saddle River, NJ 07458
%I Prentice Hall
%O U$49.99/C$75.00 800-576-3800 416-293-3621
%P 564 p.
%T "Counter Hack"
Chapter one, as in many texts, is an introduction to the book, but is
unusually important in this case. First, Skoulis lays out the
philosophy behind the work. While the text of the book does
concentrate on attacks, the author points out that invaders already
have other sources of information. Further, Skoulis proposes that a
detailed, complete, and integrated examination of representative
samples of classes of attacks will provide an outline of defensive
measures that can protect against a wide variety of assaults.
A second point in this introduction is a brief examination of the
character of attackers. Skoulis does point out that those who attempt
to penetrate computer and communications security do so from a
diversity of motivations and skill levels. However, he does tend to
overstress the participation of "professional hackers," proposing that
industrial espionage, terrorism, and organized computer crime
activities are common. Certainly such campaigns may become common,
making the need for pre-planning even more important, but the vast
majority of endeavors we are seeing at present are amateur efforts.
Finally, the introduction recommends the establishment of a computer
security test laboratory, which is an excellent idea for any large
corporation, but probably is not within the financial, personnel, or
educational reach of even medium sized businesses.
Chapter two provides a background in TCP/IP for the purposes of
discussing networking offence and defence. There are frequent forward
references to later sections of the book that deal with network
attacks. The material could, however, have been condensed somewhat to
emphasize those aspects of the protocols that are closely related to
security. UNIX and Windows (NT and 2000) are similarly covered in
chapters three and four, and, again, the text could be tightened up by
focusing on safety factors.
Chapter five points out the ways in which people can obtain data in
order to direct and mount an attack. While the content is
informative, and there are a few suggestions for restricting the
release of such intelligence, the defensive value of the text is
limited. The information gathering process continues in chapter six
with war dialling and port scanning. Defences against application and
operating system attacks are covered a bit better than in most
"hacking" books (there are descriptions of buffer overflow detection
tools), but the protective value of chapter seven is still
questionable. Chapter eight examines network sniffing, scanning,
spoofing, and hijacking. Denial of service is covered well in chapter
nine. Various examples of malware are described in chapter ten.
Chapter eleven deals with the means used to hide an attack.
A number of scenarios are created in chapter twelve. Chapter thirteen
describes some resources for keeping up with the latest computer
Recently there has been a flood of books to the security marketplace,
all based on the premise that if you know how to attack a system, you
will know how to defend it. Skoulis has done a better job than most,
but the thesis is still unproven. Yes, knowledge of the details of an
attack does help you fine tune your defence. Yes, providing specifics
of an example of a class of attacks does help you consider a
protective mechanism that might work against a whole class. Yes,
Skoulis does recommend safeguards for most of the attacks listed. But
taking a crowbar to a padlock still doesn't teach you locksmith
copyright Robert M. Slade, 2001 BKCNTRHK.RVW 20011023
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Health nuts are going to feel stupid someday, lying in hospitals
dying of nothing.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade