Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Hack Attacks Testing", John Chirillo

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKHKATTS.RVW 20030330 Hack Attacks Testing , John Chirillo, 2003, 0-471-22946-6, U$50.00/C$77.50/UK#34.95 %A John Chirillo %C 5353 Dundas Street West,
    Message 1 of 1 , May 29, 2003
    • 0 Attachment
      BKHKATTS.RVW 20030330

      "Hack Attacks Testing", John Chirillo, 2003, 0-471-22946-6,
      %A John Chirillo
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2003
      %G 0-471-22946-6
      %I John Wiley & Sons, Inc.
      %O U$50.00/C$77.50/UK#34.95 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0471229466/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0471229466/robsladesin03-20
      %P 540 p. + CD-ROM
      %T "Hack Attacks Testing"

      The description in the introduction seems to indicate that this text
      might be similar to SATAN (Security Administrator's Tool for Analyzing
      Networks), in that it explains how to build a set of utilities in
      order to identify vulnerabilities. As such, there is the possibility
      that the work is open to a charge of being more useful to attackers
      than to defenders. Fortunately, the book does not provide a great
      deal of information that could be used to break into systems.
      Unfortunately, it doesn't help much with defence, either.

      Part one is supposed to describe how to build a multisystem "Tiger
      Box," similar to SATAN, and the overview outlines the components of a
      penetration test. Chapters one to four, however, simply narrate the
      installations for Microsoft Windows NT and 2000, Red Hat Linux,
      Solaris, and Mac OS X, using the installation programs provided. The
      material is heavy on screen shots, and light on explanations of what
      is going on and why. There is no provision for specific security
      testing requirements, or even multiboot systems.

      Part two lists penetration analysis tools for Microsoft Windows, and
      the introduction tabulates common vulnerability classes. Chapter five
      explains how to install the Cerberus Internet scanner, enumerates the
      possible reports, and gives one (eight page) sample report. Much the
      same is true for the Cybercop Scanner, Internet Scanner, Security
      Threat Avoidance Technology (STAT), and TigerSuite products in
      chapters six through nine. All of these systems do multiple probes
      and analysis.

      The description of UNIX and OS X tools, in part three, starts with a
      twenty page list of UNIX commands. UNIX utilities tend to be more
      single purpose: hping/2 is for IP spoofing and nmap is for port
      scanning, but Nessus, SAINT (Security Administrator's Integrated
      Network Tool), and SARA (Security Auditor Research Assistant) are

      Part four is entitled "Vulnerability Assessment," but contains only
      chapter fifteen, which contains checklists for securing various
      systems, primarily relying on outside sources.

      Despite the introduction, this book does *not* describe how to set up
      a "Tiger Box." It lists a few vulnerability scanners and utilities.
      There is little in the way of help or explanations, and the material
      seems to be based primarily on product documentation and commonly
      available guides. The content actually by Chirillo often seems so
      oddly written that it is difficult to parse any meaning from the text.

      The book does provide you with a list of vulnerability scanners. But
      then, so would any decent Web search.

      copyright Robert M. Slade, 2003 BKHKATTS.RVW 20030330

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      More than any time in history mankind faces a crossroads. One
      path leads to despair and utter hopelessness, the other to total
      extinction. Let us pray that we have the wisdom to choose
      correctly. - Woody Allen
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.