Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Hacking for Dummies", Kevin Beaver

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKHACKDM.RVW 20060910 Hacking for Dummies , Kevin Beaver, 2004, 0-7645-5784-X, U$24.99/C$35.99/UK#16.99 %A Kevin Beaver kbeaver@principlelogic.com %C
    Message 1 of 1 , Oct 25, 2006
    • 0 Attachment
      BKHACKDM.RVW 20060910

      "Hacking for Dummies", Kevin Beaver, 2004, 0-7645-5784-X,
      U$24.99/C$35.99/UK#16.99
      %A Kevin Beaver kbeaver@...
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2004
      %G 0-7645-5784-X
      %I John Wiley & Sons, Inc.
      %O U$24.99/C$35.99/UK#16.99 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/076455784X/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/076455784X/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/076455784X/robsladesin03-20
      %O Audience i- Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 358 p.
      %T "Hacking for Dummies"

      Why, yes, now that you mention it, I believe that I *did* use this
      title in an April Fools joke back in 2002 (cf. BKHAKDUM.RVW). Turns
      out the joke's on me: this time they're serious.

      Actually, the introduction points out that the book is about "ethical"
      hacking (otherwise known as penetration testing), and is intended for
      system administrators, information security managers, and security
      consultants who want some tips on security assessment. So it isn't
      exactly a "hack to secure" book, but I can't be expected to be happy
      about the title.

      Part one is supposed to give you a foundation for ethical hacking.
      Chapter one, an introduction, sets out the usual "set a thief to catch
      a thief" argument, lists some attack types, and recommends that
      readers be ethical. The usual "hacker mindset" stereotypes are in
      chapter two. Chapter three has a terse but reasonable list of
      questions that may assist you in planning for a penetration test.
      Some initial sources of information that attackers will use to direct
      their assaults are given in chapter four.

      Part two purports to get you started on the attack itself. Chapter
      five has a basic but haphazard discussion of social engineering.
      Physical security is important, but the material in chapter six is
      incomplete, and concentrates more on attacks than countermeasures.
      Random trivia about passwords is in chapter seven.

      Part three turns to networks. Chapter eight looks at wardialling. (I
      agree that the practice should not be ignored, if only to find
      neglected modems, but the content is still obsolete.) A list of
      vulnerability scanning tools makes up chapter nine. Wireless hacking,
      in chapter ten, has a catalogue of tools, but also suggests useful
      countermeasures.

      Part four looks at hacking the operating system. Chapter eleven
      repeats the inventory of Windows tools, twelve repeats the Linux
      utilities, and thirteen has different tools--because they are
      especially for Novell Netware.

      Part five moves to application hacks. Poor information about malware,
      and weak suggestions about testing, are in chapter fourteen. Attacks
      against email and instant messaging, in chapter fifteen, are random,
      esoteric, and unrealistic. The content about attacks directed against
      web applications, in chapter sixteen, is disorganized and poorly
      explained.

      Part six deals with the outcomes and results of an ethical hack.
      Chapter seventeen provides a terse list of contents for penetration
      test reports. Rectifying security problems is minimally covered in
      chapter eighteen. Ongoing security assessment and awareness programs
      are suggested in nineteen.

      Part seven is the part of tens, comprising ten tips for getting
      management "buy in" (for the idea of "ethical hacking") and ten
      mistakes (in conducting a penetration test).

      This book may be helpful as a source for suggesting vulnerability
      scanning tools, but not much else.

      copyright Robert M. Slade, 2006 BKHACKDM.RVW 20060910


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      90% of all infections are Stoned.
      - the viral corollary to Sturgeon's Law
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.