Building Open Source Network Security Tools

Mike Clark writes "There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book." Read on for the rest of Mike's review. Building Open Source Network Security Tools author Mike D. Schiffman pages 424 publisher John Wiley & Sons rating 9 reviewer Mike Clark ISBN 0471205443 summary How to use open source libraries, such as libpcap and libdnet, to build network security tools.

Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a manager's book.

First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before, and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.

The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mentioned in the book.

I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.

You can purchase Building Open Source Network Security Tools from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Nessus

[bhsx]

For those looking for a great open source remote security scanner, check out www.nessus.org. Nessus is client/server (clients for a few platforms, server runs on unix only) scanner that runs through thousands of exploits and DoS attacks and gives you a full report on what you have open/running and how to secure it along with CERT advisories and all kinds of info. It's a great way to see just how easy it is to break into an unpatched box, whether it's *nix or win32. First few times I ran it I crashed every box on my LAN, by the fourth time I ran it, I was possitively secured. Great tool, can't say enough about it.

Re:Other books?

[foosnarf]

get a free account to the SANS Reading Room; they have whitepapers galore and a few more applied guides, including some on nessus and snort, iirc. with a good theoretical background, you should be able to proceed to use documentation for each product you choose in a mostly referential manner.

How about ...

[Greedo]

... the /. editors take a few seconds to convert submissions with characters like ' to '.

Picky, I know. But when the /. homepage is full of undisplayable characters because the encoding doesn't match the content, it's a bit annying.

Re:Other books?

[Clover_Kicker]

>What other books would people recommend for someone
>interested in network security

Definitely start out with TCP/IP Illustrated, Volume 1, W. Richard Stevens, ISBN 0-201-63346-9. I can't say enough good things about this book.

Internetworking With TCP/IP Volume 1, Douglas Comer, ISBN 0-13-01830-6 is another very good book, but Stevens' book is better.

Complementary books

[Thyrsus]

From the review, it sounds as if this book is a good antidote to the unfortunate simplification that (network security === firewall). Good!

Nonetheless, firewalls and VPN's are still important tools in creating a secure network. My old 1995 edition of Chapman & Zwicky's "Building Internet Firewalls" has been useful to me; I've no reason to think newer versions would be any less so. If you want to build a stateful firewall, Ron Ziegler's "Linux Firewalls" does a good job with the concepts and details of iptables. Another highly recommended book is Kolesnikov & Hatch's "Building Linux Virtual Private Networks". Whenever you do security, you *must* understand what you're doing, and these authors help you do that; that understanding is portable to any OS.

Secure Programming for Linux and Unix HOWTO

[dwheeler]

If you're trying to write secure applications, I suggest taking a look at my book Secure Programming for Linux and Unix HOWTO at http://www.dwheeler.com/secure-programs - it's free, just download and print. I just released the 29 October 2002 (version 3.000) edition.