Building Open Source Network Security Tools

Mike Clark writes "There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book." Read on for the rest of Mike's review. Building Open Source Network Security Tools author Mike D. Schiffman pages 424 publisher John Wiley & Sons rating 9 reviewer Mike Clark ISBN 0471205443 summary How to use open source libraries, such as libpcap and libdnet, to build network security tools.

Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a manager's book.

First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before, and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.

The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mentioned in the book.

I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.

You can purchase Building Open Source Network Security Tools from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Open source is not secure!

[carl67lp]

...at least, that's what Microsoft and companies like them would like you to believe.

I've thought a lot about the idea of securing systems with open source products, and it makes sense to me. The old argument was that a potential hacker could look at the source code to invade a system, and find the weaknesses therein. But there lies the biggest strength of open souce--the fact that, indeed, everyone can see the problems with the code and contribute towards the betterment of the product.

Let me use a rough example. If I purchase a set of blueprints from a home plan book, make no adjustments to the plan before I build it, how does this information grant a burglar any more information than simply casing the house and looking for weaknesses? That's not the best example in the world, but it'll do for now.

True, closed-source (e.g., commercial) software doesn't have the source in full view to scrutinize, and so is ever so slightly more "secure" (at least in the minds of those purchasing the product), but reverse-engineering is still possible, and brute-force, psychological, and other hack tactics can and do work.

Simply put, and to summarize, the idea that open-source software is insecure is simply false. In fact, it's the opposite of the truth--open-source projects benefit from a large community ensuring that all the bugs are squashed, all the holes are sealed, all the back doors are locked, and the software is more secure than anything a commercial entity could produce.

Re:Open source is not secure!

The amount of dedicated professional time that goes into software's development is the only thing that counts. "Open source" or "closed source" is really a side issue. Your software does not become secure if/when you publish your source code. The assumption that there are crowds of elite hackers who can't wait just to tinker with it and scrutinize security holes is false. It may be the case for a few very popular projects, but that's all. An average open source project relies on a not so huge number of key contributors who really know their code inside-out and a far greater number of users who just use their work. Same can be said about a commercial project, mind you.

Re:Open source is not secure!

[Weird+Dave]

You're talking about "security through project obscurity", and I don't buy it. If I were an evil cracker, I might start with a source-based linux distribution, and search for gets in all of the source files. There are probably other obvious buffer overflows that are easily identified. Next, I figure out a way to exploit the hack. Sure, I didn't get onto every computer, but I got onto yours, didn't I?

If anything, Open Source authors should be more alert to exploits, as I can only do this in open source software, though I'll bet a smart person could figure out how to analyze the executable to see if it uses an insecure library function, or something.