Loading ...
Sorry, an error occurred while loading the content.

[techbooks] REVIEW: "Maximum Security", Anonymous

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKMAXSEC.RVW 981025 Maximum Security , Anonymous, 1998, 0-672-31341-3, U$49.99/C$70.95/UK#46.95 %A Anonymous %C 201 W. 103rd Street, Indianapolis, IN
    Message 1 of 1 , Jan 11, 1999
    • 0 Attachment
      BKMAXSEC.RVW 981025

      "Maximum Security", Anonymous, 1998, 0-672-31341-3,
      U$49.99/C$70.95/UK#46.95
      %A Anonymous
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 1998
      %E Mark Taber newtech_mgr@...
      %G 0-672-31341-3
      %I Macmillan Computer Publishing (MCP)
      %O U$49.99/C$70.95/UK#46.95 800-858-7674 http://www.mcp.com
      %P 829 p. + CD-ROM
      %T "Maximum Security, second edition"

      Rather loudly promoted on the net these days, the major selling point
      of this book is that it was written "by an experienced hacker."
      Supposedly one who spent some time as a guest of Uncle Sam for
      fiddling bank machines. (Some of what we are told about the author
      does not fit with the contents of the book, but then, as an old
      professional paranoid, I may be unduly suspicious.) Leaving aside
      questions of morality and definitions of the term "hacker," let us
      merely observe that these people are the gnostics. They are the
      devotees of the hidden, esoteric, and arcane knowledge. Such
      knowledge, of course, is cheapened and weakened by being revealed.
      Which may explain a certain reticence on a number of points in the
      first edition of the book. The introduction to that edition made it
      fairly clear: Anonymous assumed that if you did not work diligently at
      his direction you did not deserve to secure your system. One could
      almost feel his glee at the expectation that thousands of sysadmins
      around the world were wracking their brains and flooding Usenet with
      discussions of the significance of his clues to the vital encrypted
      message he had hidden on the CD-ROM.

      The riddle, and that attitude, seem to have been removed from this
      second edition. The author tacitly admits that the first was a bit of
      a kludge: he says that it was written in haste. He also states that
      the second edition is more "solution oriented." It could hardly have
      been less. Be that as it may, the book is, as the author states,
      essentially completely rewritten. It has been much improved in the
      process, moving up from truly awful to merely mediocre. The new
      version provides a good deal of reference information, although
      assessing the quality of that information is left as an exercise to
      the reader.

      The section on viruses is an overview of the book in miniature. The
      hype has been toned down, and the explanation of how viruses work is
      much more reasonable. However, it still insists that "destruction" is
      the major characteristic of a virus. (There is, later, an admission
      that "[m]ost viruses do not actually destroy data.") We are treated
      to the old myth that virus researchers write viruses as a kind of job
      security. While a general background to viruses is provided, there is
      no discussion of protection options. However, there are more listings
      of antiviral programs and resource sites than there are for virus
      creation programs. Many topics within the text have lists of books
      and Web sites for further study, and there is one for viruses that
      includes three of the four tomes recommended by the VIRUS-L FAQ.
      Unfortunately, it also contains some lesser works, and there are no
      annotations to the bibliography.

      Part one is simply two chapters of introduction to the book. A
      somewhat limited overview to security concepts is given in part two,
      concentrating on the Internet. Chapters look at the Internet, TCP/IP
      basics, hackers and crackers, targets, possibilities of fights over
      the net, and very brief data security primer. Various types of
      security and attack software are outlined in part three. There is
      consideration of malicious software, security weakness scanners,
      password crackers, trojans, network packet sniffers, firewalls, and
      audit software. Part four looks at specific operating systems:
      Windows, UNIX, Novell, VMS, and Macintosh. Two chapters look at very
      basic security requirements in part five. Network based attacks are
      discussed in part six, reviewing levels of attack, spoofing, telnet,
      scripting languages and extensions, and hiding of identity. Different
      types of resources and references are contained in appendices. (I was
      disappointed in the loss of a chapter on laws in various countries
      until I found it had been moved back here.)

      If you don't know security, this book is probably not going to teach
      it to you. On the other hand, if you work with security, you may find
      that some of the resources listed here are things that you want to
      explore. For the novice it isn't altogether reliable, but for the
      professional it is at least worth looking at.

      copyright Robert M. Slade, 1998 BKMAXSEC.RVW 981025

      ======================
      rslade@... rslade@... robertslade@... p1@...
      Find virus, book info http://victoria.tc.ca/int-grps/techrev/rms.html
      Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)

      ------------------------------------------------------------------------
      eGroup home: http://www.eGroups.com/list/techbooks
      Free Web-based e-mail groups by eGroups.com
    Your message has been successfully submitted and would be delivered to recipients shortly.