Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Hack Attacks Denied", John Chirillo

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKHKATDN.RVW 20031019 Hack Attacks Denied , John Chirillo, 2003, 0-471-23283-1, U$50.00/C$77.50/UK#37.50 %A John Chirillo %C 5353 Dundas Street West,
    Message 1 of 1 , Feb 11 8:49 AM
    • 0 Attachment
      BKHKATDN.RVW 20031019

      "Hack Attacks Denied", John Chirillo, 2003, 0-471-23283-1,
      U$50.00/C$77.50/UK#37.50
      %A John Chirillo
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2002
      %G 0-471-23283-1
      %I John Wiley & Sons, Inc.
      %O U$50.00/C$77.50/UK#37.50 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0471232831/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0471232831/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0471232831/robsladesin03-20
      %P 689 p. + CD-ROM
      %T "Hack Attacks Denied"

      The introduction states that this book is a companion to "Hack Attacks
      Revealed" and that the audience is everyone.

      Part one is about securing ports and services. Chapter one,
      describing common ports and services, recommends replacing TFTP with
      Tiger FTP, which just happens to be written by the author. Eighteen
      pages are helpfully devoted to reprinting the source code, just in
      case you'd like to type it in for yourself. The level of security
      information varies substantially: there is, for example, no mention of
      the fact that TFTP has no real use in Windows, and that disabling it
      is a very good idea. More detail is provided for UNIX than Windows,
      and some items are helpful, but most are not. Concealed ports and
      services, otherwise known as backdoors or trojans, are discussed in
      chapter two. There is a fourteen page source code listing of a
      crippled trojan, a catalogue of backdoor trojans, and mention of some
      protective software. Chapter three is mostly about how to get other
      information, although less space is devoted to the discovery of
      countermeasures, and an awful lot of the content is of the "you might
      be able to" variety.

      Part two, which consists only of chapter four, is about intrusion
      defence and safeguarding against penetration attacks, but, again, more
      space is devoted to attacks than defence.

      Part three is entitled "Tiger Team Secrets." Chapter five is a random
      list of attacks, including various viruses. Some items, such as the
      "reboot attack," make no sense as described. Seventy five attacks,
      most of which have been recounted before, are in chapter six. The
      countermeasures usually boil down to "protect against this," but are
      short on how. Chapter seven finishes off with a guide for consultants
      who want to write security policies (including an outline that bears a
      striking resemblance to the CISSP CBK). Two sample "audits" are
      given, along with a reprint of a twenty one page router log (with no
      analysis).

      This book is not very revealing, and won't do much to deny access to
      attackers.

      copyright Robert M. Slade, 2003 BKHKATDN.RVW 20031019


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Strange game. The only winning move is not to play. - WOPR, Wargames
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.