Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Counter Hack", Ed Skoulis

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCNTRHK.RVW 20011023 Counter Hack , Ed Skoulis, 2002, 0-13-033273-9, U$49.99/C$75.00 %A Ed Skoulis %C One Lake St., Upper Saddle River, NJ 07458 %D
    Message 1 of 1 , Jan 14, 2002
    • 0 Attachment
      BKCNTRHK.RVW 20011023

      "Counter Hack", Ed Skoulis, 2002, 0-13-033273-9, U$49.99/C$75.00
      %A Ed Skoulis
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2002
      %G 0-13-033273-9
      %I Prentice Hall
      %O U$49.99/C$75.00 800-576-3800 416-293-3621
      %P 564 p.
      %T "Counter Hack"

      Chapter one, as in many texts, is an introduction to the book, but is
      unusually important in this case. First, Skoulis lays out the
      philosophy behind the work. While the text of the book does
      concentrate on attacks, the author points out that invaders already
      have other sources of information. Further, Skoulis proposes that a
      detailed, complete, and integrated examination of representative
      samples of classes of attacks will provide an outline of defensive
      measures that can protect against a wide variety of assaults.

      A second point in this introduction is a brief examination of the
      character of attackers. Skoulis does point out that those who attempt
      to penetrate computer and communications security do so from a
      diversity of motivations and skill levels. However, he does tend to
      overstress the participation of "professional hackers," proposing that
      industrial espionage, terrorism, and organized computer crime
      activities are common. Certainly such campaigns may become common,
      making the need for pre-planning even more important, but the vast
      majority of endeavors we are seeing at present are amateur efforts.

      Finally, the introduction recommends the establishment of a computer
      security test laboratory, which is an excellent idea for any large
      corporation, but probably is not within the financial, personnel, or
      educational reach of even medium sized businesses.

      Chapter two provides a background in TCP/IP for the purposes of
      discussing networking offence and defence. There are frequent forward
      references to later sections of the book that deal with network
      attacks. The material could, however, have been condensed somewhat to
      emphasize those aspects of the protocols that are closely related to
      security. UNIX and Windows (NT and 2000) are similarly covered in
      chapters three and four, and, again, the text could be tightened up by
      focusing on safety factors.

      Chapter five points out the ways in which people can obtain data in
      order to direct and mount an attack. While the content is
      informative, and there are a few suggestions for restricting the
      release of such intelligence, the defensive value of the text is
      limited. The information gathering process continues in chapter six
      with war dialling and port scanning. Defences against application and
      operating system attacks are covered a bit better than in most
      "hacking" books (there are descriptions of buffer overflow detection
      tools), but the protective value of chapter seven is still
      questionable. Chapter eight examines network sniffing, scanning,
      spoofing, and hijacking. Denial of service is covered well in chapter
      nine. Various examples of malware are described in chapter ten.
      Chapter eleven deals with the means used to hide an attack.

      A number of scenarios are created in chapter twelve. Chapter thirteen
      describes some resources for keeping up with the latest computer
      vulnerabilities.

      Recently there has been a flood of books to the security marketplace,
      all based on the premise that if you know how to attack a system, you
      will know how to defend it. Skoulis has done a better job than most,
      but the thesis is still unproven. Yes, knowledge of the details of an
      attack does help you fine tune your defence. Yes, providing specifics
      of an example of a class of attacks does help you consider a
      protective mechanism that might work against a whole class. Yes,
      Skoulis does recommend safeguards for most of the attacks listed. But
      taking a crowbar to a padlock still doesn't teach you locksmith
      skills.

      copyright Robert M. Slade, 2001 BKCNTRHK.RVW 20011023


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Health nuts are going to feel stupid someday, lying in hospitals
      dying of nothing.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.