Loading ...
Sorry, an error occurred while loading the content.
 

[techbooks] REVIEW: "Hacker Proof", Lars Klander

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKHKRPRF.RVW 990228 Hacker Proof , Lars Klander, 1997, 1-884133-55-X, U$54.95/C$74.95 %A Lars Klander lklander@jamsa.com %C 2975 S. Rainbow Blvd., Suite
    Message 1 of 1 , Apr 6, 1999
      BKHKRPRF.RVW 990228

      "Hacker Proof", Lars Klander, 1997, 1-884133-55-X, U$54.95/C$74.95
      %A Lars Klander lklander@...
      %C 2975 S. Rainbow Blvd., Suite 1, Las Vegas, NV 89102
      %D 1997
      %G 1-884133-55-X
      %I Jamsa Press/Gulf Publishing Co.
      %O U$54.95/C$74.95 800-432-4112 fax 713-525-4670 starksm@...
      %P 660 p. + CD-ROM
      %T "Hacker Proof: The Ultimate Guide to Network Security"

      There is a great deal of information on security contained within this
      book. Unfortunately, it is presented without a cohesive framework.
      The overall impression is good. A lot of the forms that would make up
      a useful work are followed, such as a summary (rather ironically, in
      view of the scattered nature of the text, called "Putting It All
      Together") and a set of resources at the end of every chapter. The
      author seems to be easily distracted, continually jumping to the next,
      more sensational, topic.

      Although not divided into parts, the contents do have some logical
      divisions. Initially, we are presented with what seems to be intended
      as background material, although the scattergun approach leaves all of
      the synthesis up to the reader. Chapter one is a rather unfocussed
      introduction, talking as much about Internet technologies as about
      security. Errors are rather common, ranging from chunks missing out
      of sentences to figures with no cutlines to security weaknesses that
      are essentially duplicates of each other to mailing lists that haven't
      distributed material for years (with contact addresses that are even
      older). Theoretically the networking concepts and details in chapter
      two might aid in understanding system vulnerabilities, but in the fact
      of the book they do not seem to be used effectively. The discussion
      of firewalls does not provide sufficient information about either the
      needs, weaknesses, or possible inconveniences of the different types
      in chapter three. The material on encryption, in chapter four,
      mentions a number of the currently important standards, but the
      explanations are so flawed that the chapter could not be used to
      inform a decision on the strength or use of a cryptographic system.
      Material on the use of digital signatures is fairly short, and the
      remainder of chapter five rehashes, with really expanding, old ground.

      Another section tries to delve into more networking protocols.
      Chapter six, on HTTP (HyperText Transfer Protocol), is somewhat
      disjointed, and, again, fails to seriously examine the security
      implications. S-HTTP (Secure HyperText Transfer Protocol), in chapter
      seven, deals mostly with packets and commands, although it does have
      some limited discussion of function. The Secure Socket Layer (SSL)
      seems to look primarily at arcana rather than use.

      Chapter nine looks at a few common forms of attack, but presents
      information somewhat at random. Kerberos is reasonably well described
      in chapter ten. Some types of electronic commerce technology are
      mentioned in chapter eleven. There is an extremely limited look at
      auditing in chapter twelve, first for UNIX and then for NT. A very
      rough look at security issues within the Java programming language
      makes up chapter thirteen. Chapter fourteen's look at viruses has
      good basic explanations, but is unreliable in practice.

      The remaining chapters generally look at security for specific
      systems. Chapters fifteen to seventeen very quickly talk about
      individual security functions in NT, NetWare, and UNIX, but fail to
      analyze, for example, the effective rights granted by combinations of
      the different privilege granting mechanisms. SATAN (System
      Administrator's Tool for Analyzing Networks) for UNIX and Kane
      Security Analyst for NT get quick overviews in chapter eighteen.
      Chapter nineteen presents a number of security vulnerabilities with
      the Netscape and particularly the Internet Explorer Web browsers. CGI
      (Common Gateway Interface) form weaknesses are discussed in chapter
      twenty, but with so many different languages that the ultimate advice
      is simply don't make a mistake when programming.

      The final chapter is a reasonable look at security policies. However,
      with some many items missing from the background provided, the chance
      of producing a good policy at this point is relatively small.

      As with "Maximum Security" (cf. BKMAXSEC.RVW), this book attempts to
      cover the enormous field of security by throwing out as many bits as
      possible. Therefore large holes are apparent in the coverage. In
      addition, the book lacks an overall framework that could be used to
      build a security structure and point the way to vulnerabilities that
      were not addressed. For those who already are well comfortable with
      security as a concept, this volume does have a lot of references that
      might be of use. For those new to the topic, it is not reliable
      enough to start with.

      copyright Robert M. Slade, 1999 BKHKRPRF.RVW 990228

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Eat well, stay fit, die anyway
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade

      ------------------------------------------------------------------------
      eGroup home: http://www.eGroups.com/list/techbooks
      Free Web-based e-mail groups by eGroups.com
    Your message has been successfully submitted and would be delivered to recipients shortly.