Slashdot Mirror

Blaine Hilton contributes this review of the Network Security Portable Reference, part of Osborne's "HackNotes" series. He writes "This book is best suited as an introductory overview to network security. Very little is covered in-depth. However, the book touches on pretty much the whole breadth of security topics. For people that are experienced with computer/network security topics, this book can be used to round out that knowledge and find weak areas." The rest of his review follows. Hack Notes Network Security Portable Reference author Mike Horton and Clinton Mugge pages 228 publisher Osborne rating 9 reviewer Blaine Hilton ISBN 0072227834 summary A concise overview of network security

It may sound like a problem that the book doesn't give all of the details, but if it did there is no way it could be a "Portable Reference". My favorite feature of the book is its small size. I can easily keep it in my laptop bag and reference it as needed. I can then use that as a springboard to look up more information such as man pages. It is important to understand though that one will not become a network security expert after reading this book alone.

The book starts off talking about the Asset and Risk Based INFOSEC Lifecycle Model (ARBIL). This is something that I've heard many times before, but the drawing of the process helped engrain that concept. It also visually demonstrates how security is not just a one-time activity, but a continual process that just keeps going. You analyze the system, find the weaknesses, fix them, and then start over again. In the same fashion the book covers the SMIRA risk assessment process in a highly graphic way.

The Network Security Portable Reference is for people who have access to and are very familiar with both *nix systems and Windows. Depending on what tool or commands they are using both systems are used throughout the references. The book gives a list of tools they think you need, and basically say go to the site to learn about it. If you want detailed information on how to use these tools then this is not the book for you.

The book goes over different security aspects for *nix and Windows machines, it also talks about how the network itself can be compromised, including wired networks, and wireless. The authors also go over web applications and older technology such as phone PBX systems.

The assessment checklist at the end of the book provides a great check to determine your network security baseline and see what areas need work. Along with the assessment checklist there is a list of best practices. However, they are in the front of the book and while I can vaguely understand the difference, it seems to me that they should be together. As I believe when auditing a network you would check if best practices were implemented along with the rest of the checklist.

Another odd layout issue in the book is what they call the Reference Center. This is an area in the middle of the book, with a separate numbering system and the first page in the table of contents. There is no mention as to what this Reference Center is until you flip through the book and find the blue pages in the middle that begin with page rc1.

As I've mentioned before this book is a great springboard that will help point you in the right direction for information. One of the ways the authors do this is by having a Reference Center in the middle of the book and quite a few appendixes in the back of the book, there is also an index which is helpful for quick look ups.

When doing consulting work I've found that using the checklist in this book is a great way to begin looking at a company's network security. I have used this on two networks so far and have found it helpful, it is much better then trying to remember to check everything that you can think of at any particular moment. I have also found the Open Source Security Testing Methodology Manual to be quite thorough.

You can purchase HackNotes Network Security Portable Reference from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

Blaine Hilton writes "Hardware Hacking starts by going over the basics of electronics, just enough so you can understand what is happening later in the book. This gentle beginning means the book is great for people who work with computers on the software side, or people who like to play with electronics. You do not need to be an electrical engineer to understand what they are talking about in this book. As the title suggests, the authors walk you through different methods and processes of modifying common hardware." Read on for the rest of Hilton's review of Hardware Hacking. Hardware Hacking author Joe Grand, Ryan Russell and Kevin Mitnick pages 537 publisher Syngress rating 8 reviewer Blaine Hilton ISBN 1932266836 summary Walks anyone through the process of modifying common electronic hardware.

The authors' explanations of many of the terms and concepts used in the book are very good. For example, the description of "power" on page 20 is the best description of the term that I've ever heard or read. From first-hand experience trying to explain this concept to others I wish I'd known such a lucid explanation -- it explained the concept much better than longer, dryer text would have.

Another positive point to this book is the pace and order of the book. It starts with part one, which is an overview of working with hardware; part two is a collection of hacks that one can do on different devices. If, like me, you never really did any thing with the Atari, you could skip those chapters and still proceed with the book. This book is easy to carry because there the authors frequently provide directions to other resources rather than trying to cram everything into this one book.

Like I said, I'm not too interested in Atari hacking, but the idea presented in this book (in an Atari-centric context) for a standard power connector is good for other things too. This is one of the biggest strengths of this book: The examples themselves are highly specific, but the thinking behind them can easily be generalized.

The first part of the book briefly explores tools that are going to be used later in the hacks and how to use them. However I found it a bit odd that the authors tell you to use a heat gun and heat-shrink tubing, but do not list these items in the tools section.

The fun really begins in part two with the actual hardware hacking. I have never really done anything with hardware before. It seems like whenever I took something apart I could never get it back again, and that those times that I did get something back it would never quite work as it should again. Those experiences have taught me to not mess with things I shouldn't and, this is why I think it's great that part two begins with the ubiquitous and cheap CueCat. I had a couple of these lying around and didn't really care about them so I jumped right in, following the many clear explanatory photos.

Starting with something like this gave me the confidence that I can take stuff apart, and if I'm careful, it will go back again.

The order of chapters seemed a bit odd in part two, though. A book must be arranged in some type of order, and my gut feeling is that it should be by order of difficulty. The second part started off great, going over tools and then the CueCat, but then it seems like the chapters that follow are tossed in at random. This could be from my lack of hardware experience, or that the chapters were designed to be random. This fact really didn't distract from anything though. Just don't expect a linear progression.

I was able to appreciate the integration between the hardware and the software. Hardware Hacking also goes over the software side of the hardware involved.

One of the areas I wish they had given more attention to was in the chapter on the Macintosh where they are hacking a CRT monitor. I believe that the safety warning should probably be a bit bolder, especially considering the earlier, prominent advice about static energy and grounding.

The authors have used part three as a technical reference, including some frank talk about Linux vs. Windows in chapter six. Sure, many people like Linux better, however you have to take into consideration who will be using the system. In a system the whole family uses, it has to be user-friendly enough for the whole family to use.

If changing hardware to better suit your needs sounds like something you would like to try, but you don't know how and are worried about what might happen, then this book may just be able to convince you go for it, along with enough information to make your next warranty-voiding attempt a success.

You can purchase Hardware Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Blaine Hilton writes "Stealing the Network is a refreshing change from more traditional computer books. The authors have created fictional stories based on non-fictional concepts that could really happen to our computer systems today. The realistic fiction approach makes the book much lighter to read and actually entertaining. I also believe this approach makes the true methods behind the fictional stores much more memorable then memorizing thousand page textbooks." Read on for his overview of the book. Stealing the Network: How to Own the Box author Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig pages 328 publisher Syngress rating 8 reviewer Blaine Hilton ISBN 1931836876 summary An interesting fictionalized approach to hacking and other aspects of information security.

I'm leery of books that are written by multiple authors because the writing style always seems to keep me off beat from jumping around, however in this book it works out well since the book is organized as a series of short stories. Each story describes somebody involved in information security -- either somebody trying to access a system, or a person trying to keep the bad guys out.

If you are looking for a step-by-step guide to locking down your computer and network, this is not the book for you. Instead, this book is more to help people who already have at least a basic understanding of information security to see from another perspective. Stealing the Network looks at other reasons why people can break in: everything from being told to go to industry conferences to not collecting access cards when an employee leaves the company. What this book left deepest in my mind is to trust nothing, and assume even less.

After the ten short stories of how hacking is really done, there is a nicely done appendix along with Ryan Russel's "Laws of Security," which finishes this fictionalized book in a very non-fictional way. The laws cover most of the problems with current IT infrastructure, but do not go in-depth with what I believe is the biggest security hole, the user. Many of the stories touch on this fact but that's about the extent of it. I believe this may be because there are not any easy solutions to human behavior. This book says it best with "people are lazy."

At 328 pages (in pretty large text), this is a great easy read, though the book would be better with a lower price tag. However if you work with or around computers and the Internet, this book is very enlightening, if not completely informative.

Table of Contents

• Acknowledgements
• Contributors
• Forward
• Chapters:
  1. Hide and Sneak
  2. The Worm Turns
  3. Just Another Day at the Office
  4. h3X's Adventures in Networkland
  5. The Thief No One Saw
  6. Flying the Friendly Skies
  7. dis-card
  8. Social (In)Security
  9. BabelNet
  10. The Art of Tracking
• Appendix - The Laws of Security

Most of the book's authors have websites you can hit for more information; follow these links to find more from Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky and Mark Burnett, as well as Jeff Moss (who wrote the forward).

You can purchase Stealing the Network from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.