Special Ops

If maintaining the security of networked machines running Microsoft Windows is part of your job (but you need a touch of Oracle and UNIX advice, too), take heart. elwing writes "Don't let the cover title and camo look turn you away -- Special Ops is a no-nonsense guide to securing your network from inside attackers. This is one of the first books I've seen which covers this topic in detail. It doesn't skimp on external threats, but the majority of the book deals with host based security." Read on for the rest of elwing's review. Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle author Erik Pace Birkholz, et al. pages 1040 publisher Syngress rating 8 - Worth Reading reviewer elwing ISBN 1931836698 summary Taking a look at securing your network from the inside.

In order to get the most out of Special Ops, I suggest that you brush up on your system administration skills, particularly Microsoft technologies. The book is aimed primarily at security and systems administrators, but several of the chapters are either aimed specifically at management (Chaps 17 & 18), or could easily be understood by them (chaps 1-3).

The authors write in a conversational, matter-of-fact style, including personal anecdotes and experiences where appropriate. The editors did a great job of "smoothing out" the styles of the different authors to give Special Ops a consistent feel.

One of the best features of Special Ops is the end-of-chapter content. These summaries include a "Security Checklist" which creates a nice list for admins to take into the field, a one-page summary of the chapter, links to relevant web pages, relevant mailing lists, other books to read for more in-depth information, a "Solutions Fast Track," and a FAQ. Some chapters list all of the freeware and commercial tools used/mentioned in that chapter. The Solutions Fast Track is a great section to hand to your slightly more technical manager explaining why you should secure a specific service. These chapter extras make Special Ops a great reference book, even if you never bother to read the rest of it.

Another great feature is the "Notes from the Underground ..." sections scattered throughout the book. All of the authors have worked in security for several years, and they share specific examples of attacks or other interesting tidbits they've seen over the years.

I had trouble giving Special Ops a rating of 9 or 10 for a few reasons. Even though the book is an easy read, it's a lot of information to digest. The subtitle makes it sound as if Microsoft, UNIX, and Oracle would receive equal treatment: not so. While there are 7 chapters on Microsoft specific technologies, UNIX and Oracle rate one chapter each. I would have preferred to see Special Ops split into 2 or 3 books, giving equal attention to all of the technologies.

The authors' bias towards certain commercial tools shows through as well. Granted, the majority of the authors are also Foundstone employees, but they should have given equal treatment to all tools. Explain the strengths and weaknesses of each tool and allow the reader to decide on the "best" tool.

All in all, Special Ops is a great book. It will definitely reside on my reference shelf for years to come.

Table of Contents

1. Assessing Internal Network Security
2. Inventory and Exposure of Corporate Assets
3. Hunting for High Severity Vulnerabilities (HSV)
4. Attacking and Defending Windows XP Professional
5. Attacking and Defending Windows 2000
6. Securing Active Directory
7. Securing Exchange and Outlook Web Access
8. Attacking and Defending DNS
9. Attacking and Defending Microsoft Terminal Services
10. Securing IIS
11. Hacking Custom Web Applications
12. Attacking and Defending Microsoft SQL Server
13. Attacking and Defending Oracle
14. Attacking and Defending Unix
15. Wireless LANs: Discovery and Defense
16. Network Architecture
17. Architecting the Human Factor
18. Creating Effective Corporate Security Policies

You can purchase the Special Ops from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

I Wonder

[SkArcher]

I f I can get my emplotyer to buy this for me?

It is certainly the kind of problem I often end up facing at work, far too many people know just enough to majorly fuck things up nowadays.

Personally, I would prefer not to have to use M$ware at all, but all too often legacy systems in the workplace are a lock in, so I expect to see things like this continue to be published and be popular for a good while.

Re:I Wonder

[rutledjw]

Here's one way to do it. Start watching the traffic coming in on internal web servers. We've discovered a little part-time hacking on our internal network.

While doing some application debugging, we found we were getting probed. The guy then tried a number of expoits, IIS mostly, but also a couple looking for an insecure J2EE server. It appears to be a script kiddie except that he did figure out we were running Apache (IHS, actually, but there's little difference) and J2EE and did some more probes based on that.

The other issue is that this person would plug a computer into a different physical port in our network from the usual and wouldn't stay long. He knew he could be tracked. A little spooky, he MAY have been a script kiddie or this may have been HIS script.

Either way, we brought it to info-sec and they promptly blew it off. I'd call that kind of thing a "job-terminating, cop-calling activity" but was alone in that. Whatever.

Point is, watch your HTTP logs for wierd stuff. You may be suprised and may be able to use that to get some support for buying the book. Plus, it's kinda fun to know what's going on ouyt there! ;)

crazy

[Boromir+son+of+Faram]

So, this book advertises itself as a guide for administrators who want to secure their systems. Fair enough. But how much do you want to bet that a chapter like "Attacking and Defending Windows 2000" spends 40 pages on hacking techniques, then closes with a short paragraph reading, "install the latest security patches from Microsoft"?

Security is not exactly rocket science from an admin POV. You keep your system up-to-date and pay attention to the latest exploit warnings, and you will be fine 99.9% of the time. Almost without fail, hacking incidents at major companies are found to be due to security holes that have been known about and fixed for months, if not years. Competant admins simply do not get hacked.

Any admin who isn't completely shirking his duties has exactly no use for this book. Who, then, will find it valuable? That's right: hackers. Script kiddies have an easy enough time of it as it is. The computer book industry needs to take some responsibility and stop publishing this sort of hacker how-to.

I see Windows as a challenge...

[Ghengis]

As soon as I read that there are 7 chapters on M$, I knew the M$ flames would be abundant in this thread of comments. I'd like to take a different approach to this; rather than adamently bash microsoft, I'll be more subtle about it. I see securing MS products as a challenge. Yes, they're buggy (release early / often,) and I love my Unixees more, but this could be a fun game. Anyone can RTFM and secure *nix boxen, but someone who can make a windows box truely secure... now they've done something!!