REVIEW: "Security Warrior", Cyrus Peikari/Anton Chuvakin
- BKSECWRR.RVW 20040509
"Security Warrior", Cyrus Peikari/Anton Chuvakin, 2004, 0-596-00545-8,
%A Cyrus Peikari
%A Anton Chuvakin
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%I O'Reilly & Associates, Inc.
%O U$44.95/C$65.95 800-998-9938 fax: 707-829-0104 nuts@...
%P 531 p.
%T "Security Warrior"
The preface isn't a really clear piece of writing, but does,
eventually, get around to stating that the book focuses on security
from an attack, rather than defence, perspective. I have, in numerous
other reviews, pointed out the errors and limitations in this
Part one deals with cracking software, primarily involved with
breaking copy protection. Chapter one explains a few concepts about
assembly language quite well, and then ends abruptly. Some Windows
tools for reverse engineering are listed in chapter two, plus a couple
of poorly explained examples. The material on reverse engineering in
Linux is longer and more detailed, but still has very limited tutorial
value, and is padded with extensive code listings of dubious worth.
Chapter four is supposed to deal with reverse engineering for
Windows CE, but contains an odd mix of CE operating system
architecture, a partial list of ARM CPU opcodes, and a description of
how to crack the registration code check in a program written solely
to allow you to crack the registration code check embedded within it.
Overflow attacks, in chapter five, explains buffer and other overflow
conditions, and gives an example of a buffer overflow as a crack in
another fake program.
Part two presents information about networks. Chapter six is a rather
unstructured overview of TCP/IP and a listing of some sniffing tools.
(TCP is explained before IP itself, and the relationship of the
various protocols in the suite is not discussed. A section on "covert
channels" emphasizes a strange misuse of header fields, and then
drifts into something like session hijacking.) Social engineering can
be used in a variety of ways, so it is strange that chapter seven
should be here rather than in the "Advanced Defence" of part four.
The random content provided has little organization and a fair number
of errors: the authors insist that social engineering attacks can be
divided into active and passive types, but, by its nature, social
engineering is almost entirely active. (The book does seem to tacitly
admit this: there is a list of example "active" attacks, but no
corresponding "passive" list.) Chapter eight mentions a few methods
of reconnaissance with differing levels of detail. Some more advanced
techniques for identifying the operating systems in chapter nine, but
the particulars are similarly inconsistent.
Part three lists attacks against specific platforms. The authors
betray their lack of study once again in chapter eleven: UNIX is *not*
"reborn from" MULTICS (although it was heavily influenced), and TCSEC
(the Trusted Computer System Evaluation Criteria) is definitely *not*
the Common Criteria. The various security related aspects, tools, and
hardening of UNIX are not bad, but lack definition. The UNIX attacks
listed in chapter twelve are good: ironically, because of the generic
nature of the descriptions the examples are probably useful as a guide
to defensive measures, rather than being outdated tricks. The Windows
client attacks listed in chapter thirteen, because they are specific,
have limited the material both in scope and utility. Chapter
fourteen, listing Windows server attacks, notes some interesting
security bugs in Server 2003 and other programs (and one bit on
smartcards.) "SOAP XML Web Services Security," in chapter fifteen, is
a long title for a short piece on XML digital signatures. "SQL
Injection," in chapter sixteen, has some examples of malformed data
attacks, and also points out the dangers of adding programming
functionality to applications. As with social engineering, the tie to
networks is thin, seemingly limited to the PHPNuke program. Some
aspects of wireless antennae, sniffing, and a brief review of the
weaknesses in WEP (Wired Equivalent Privacy) are in chapter seventeen.
Part four looks at more advanced defence. Miscellaneous thoughts on
logging are in chapter eighteen. Chapter nineteen has a confused
explanation of intrusion detection systems (IDS). There is no mention
of rule (or activity monitoring) based engines, signature based
engines are said to be restricted to net-based IDS, different terms
are used for anomaly detection engines on hosts versus networks, and
there is a muddled attempt to tie Bayesian analysis to odd
mathematical ratios of false positive (false rejection) and false
negative (false acceptance) errors. The installation of a simple
honeypot is described in chapter twenty (which probably *should* be in
part two). There is a good initial outline of incident response in
chapter twenty one, but it breaks down when getting into specifics.
Forensics and antiforensics, in chapter twenty two, gives some
background and tools for data recovery and obfuscation.
It is ironic that the book starts out with a quotation from "The Code
of the Samurai," stating that "[a]ll samurai ought certainly to apply
themselves to the study of military science. But a bad use can be
made of this study to puff oneself up and disparage one's colleagues
by a lot of high-flown but incorrect arguments that only mislead the
young ..." This assessment fits Peikari and Chuvakin's work almost
perfectly. There is a lot of interesting information in this volume:
if you have limited technical background in the fields examined, you
will find that a quick perusal will provide you with some superficial
familiarity with the topics. However, the uneven coverage ensures
that the information is spectacular, rather than tutorial. The
disjointed jumps from one subject to the next prove the technical
erudition of the authors, but do not help the reader very much.
copyright Robert M. Slade, 2004 BKSECWRR.RVW 20040509
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
My interest is in the future because I am going to spend the rest
of my life there. - Charles F. Kettering (1876 - 1958)
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade