Slashdot Mirror

← Back to Stories (view on slashdot.org)

HackNotes Network Security Portable Reference

Posted by timothy on from the checklists-can-be-helpful dept.

Blaine Hilton contributes this review of the Network Security Portable Reference, part of Osborne's "HackNotes" series. He writes "This book is best suited as an introductory overview to network security. Very little is covered in-depth. However, the book touches on pretty much the whole breadth of security topics. For people that are experienced with computer/network security topics, this book can be used to round out that knowledge and find weak areas." The rest of his review follows. Hack Notes Network Security Portable Reference author Mike Horton and Clinton Mugge pages 228 publisher Osborne rating 9 reviewer Blaine Hilton ISBN 0072227834 summary A concise overview of network security

It may sound like a problem that the book doesn't give all of the details, but if it did there is no way it could be a "Portable Reference". My favorite feature of the book is its small size. I can easily keep it in my laptop bag and reference it as needed. I can then use that as a springboard to look up more information such as man pages. It is important to understand though that one will not become a network security expert after reading this book alone.

The book starts off talking about the Asset and Risk Based INFOSEC Lifecycle Model (ARBIL). This is something that I've heard many times before, but the drawing of the process helped engrain that concept. It also visually demonstrates how security is not just a one-time activity, but a continual process that just keeps going. You analyze the system, find the weaknesses, fix them, and then start over again. In the same fashion the book covers the SMIRA risk assessment process in a highly graphic way.

The Network Security Portable Reference is for people who have access to and are very familiar with both *nix systems and Windows. Depending on what tool or commands they are using both systems are used throughout the references. The book gives a list of tools they think you need, and basically say go to the site to learn about it. If you want detailed information on how to use these tools then this is not the book for you.

The book goes over different security aspects for *nix and Windows machines, it also talks about how the network itself can be compromised, including wired networks, and wireless. The authors also go over web applications and older technology such as phone PBX systems.

The assessment checklist at the end of the book provides a great check to determine your network security baseline and see what areas need work. Along with the assessment checklist there is a list of best practices. However, they are in the front of the book and while I can vaguely understand the difference, it seems to me that they should be together. As I believe when auditing a network you would check if best practices were implemented along with the rest of the checklist.

Another odd layout issue in the book is what they call the Reference Center. This is an area in the middle of the book, with a separate numbering system and the first page in the table of contents. There is no mention as to what this Reference Center is until you flip through the book and find the blue pages in the middle that begin with page rc1.

As I've mentioned before this book is a great springboard that will help point you in the right direction for information. One of the ways the authors do this is by having a Reference Center in the middle of the book and quite a few appendixes in the back of the book, there is also an index which is helpful for quick look ups.

When doing consulting work I've found that using the checklist in this book is a great way to begin looking at a company's network security. I have used this on two networks so far and have found it helpful, it is much better then trying to remember to check everything that you can think of at any particular moment. I have also found the Open Source Security Testing Methodology Manual to be quite thorough.

You can purchase HackNotes Network Security Portable Reference from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

44 comments

  1. My copy of this book was hacked by Anonymous Coward · · Score: 2, Funny

    There was a picture of goatse on page 114.

  2. The reference guide is very good. by Muda69 · · Score: 5, Informative

    The refrence guide inside is very useful. It has a list of commonly used ports by attackers and what exploit is mostly used on the specific port. Simple guid on some command line port scanners like nmap and Scanline. Includes some commonly used passwords. The book is a portable reference that has a lot of information.

    1. Re:The reference guide is very good. by DR+SoB · · Score: 2, Insightful

      Whoaf for a second I was worried they'd start trying to attack my IIS server using the traverse directory attack (IIS 4, unpatched), now at least I'll know they are using port 80 to attack me, what a relief, for a minute I thought it was port 4221.. :O

      Common passwords? But password IS my password, what do you mean that's not secure? :O

      It's laughable that anyone would need to run nmap on there OWN COMPUTERS, except maybe for mass scanning.. Never heard of NETSTAT or TCPVIEW?!

      Good thing it's portable, never know when I'll be on the road and wondering "darn, how do I patch this nasty ms Office"!?!

      Seriously, this book so far has had the exact information every other security book has, is there ANYTHING new about it, or are we just impressed by it's small size?!

      --
      Mod +5 Drunk
    2. Re:The reference guide is very good. by Anonymous Coward · · Score: 0

      Exactly. 99.999% of all the security books on the market cover almost the exact same things. Who needs another one? I guess they sell really well though and as long as they bring in lots of money for the publishers we will keep seeing more of them get published.

    3. Re:The reference guide is very good. by |<amikaze · · Score: 2, Insightful

      Netstat and/or TCPView can be trojaned as part of a rootkit.

    4. Re:The reference guide is very good. by Anonymous Coward · · Score: 0

      Parent post:
      It's laughable that anyone would need to run nmap on there OWN COMPUTERS, except maybe for mass scanning.. Never heard of NETSTAT or TCPVIEW?!

      Sibling post:
      Netstat and/or TCPView can be trojaned as part of a rootkit.

      Sibling is very right. In fact, I've done it^H^H^H^H^H^H er, seen it done :)

      Frankly, it's easy to hook the APIs netstat and/or TCPView use to list open connections (hooking right at the IP helper layer is simple enough) and just remove your app from the list. You, sir, are not paranoid enough to be a network security man :)

    5. Re:The reference guide is very good. by jenkin+sear · · Score: 1

      I run nmap on all my servers all the time - from a protected host with lots of tripwire scanners. Some boxes are windows, some are solaris, lots are linux - having a single host running scans against all my boxes helps me spot a new port open up, gives me more trust that my local copy of netstat hasn't been rooted, and lets me archive and compare against the results of a previous run.

      Maybe you don't manage very many machines?

      --
      What a strange bird is the pelican, his beak can hold more than his belly can.
    6. Re:The reference guide is very good. by DR+SoB · · Score: 1

      lmao, that's the first time anyone has ever told me I'm not paranoid 'nouf! Thanks man, you really made my day!

      ps- If you hook the TCP stack, how is nmap going to help you??!

      - I CHECKSUM ALL MY .EXE'S and DLL'S, so maybe I am paranoid 'nouf! BAhAHHHah

      --
      Mod +5 Drunk
  3. Bah by Prince+Vegeta+SSJ4 · · Score: 5, Funny
    this book can be used to round out that knowledge and find weak areas. I have no weak areas, I just run Windows XP, with no security patches, no antivirus, no firewalls, on a wireless lan with no WEP or WAP, Broadcast SSID turned ON, the password for Administrator is administrator. and everything us shared and accessible by the everyone group.

    it is so wide open, all the hackers think it is a honeypot and just leave it alone. now that's security.

    1. Re:Bah by Anonymous Coward · · Score: 0

      So...ahem...I think you forgot to mention your IP-address. I can..erm..audit your network just in case.

    2. Re:Bah by Anonymous Coward · · Score: 0

      I just run Windows XP... the password for Administrator is administrator

      You set a password for your Admin account? Last I checked, default install was blank.

    3. Re:Bah by stratjakt · · Score: 2, Informative

      Last time I installed it prompted me for an administrator password, and warned me when I tried to leave it blank.

      Now, slackwares default install leaves you to log in as root with no password. Luckily virtually no networking gear works out of the box.

      --
      I don't need no instructions to know how to rock!!!!
    4. Re:Bah by DR+SoB · · Score: 1

      How do you have a wireless LAN with no access points? WTF?!! Your right, that IS secure!

      --
      Mod +5 Drunk
    5. Re:Bah by Eastree · · Score: 1
      ... the password for Administrator is administrator ... all the hackers think it is a honeypot ...


      You have an adminstrator password ... that's what tipped them off! Let me guess -- you're also runing a sepearate user account?
    6. Re:Bah by Frizzle+Fry · · Score: 1

      I think xp home allows you to leave a blank password without complaining, while xp pro does not. Could be wrong though.

      --
      I'd rather be lucky than good.
  4. so... by Anonymous Coward · · Score: 2, Funny

    what's your ip address?

    1. Re:so... by HiredMan · · Score: 5, Funny

      His address is 127.0.0.1!

      But don't bother going there - I've pwned his box and I'm busy deleting his files as we speak. SuX0r!

      =tkk

      --
      Bill Gates - Creationist?!?
    2. Re:so... by Anonymous Coward · · Score: 0

      This joke is getting old. I don't think you could break into a real machine. You are welcome to try mine if you want: 192.168.0.1

    3. Re:so... by zaffir · · Score: 1

      From http://bash.org/?119969

      <ruffkin2> HAHAHAH dat dude you sent me 127.0.0.1 iz enfected wit sub7 im fuckin with him now
      <andrw> oh good, format his computer
      <Testicular_One> format his computer
      <TheGreaterZero> format him

      --
      "Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
  5. Typos by andy666 · · Score: 1

    The second and third chapters (at least) are filled with typos!!

    1. Re:Typos by Mikkeles · · Score: 1
      'There is no mention as to what this Reference Center is until you flip through the book and find the blue pages in the middle that begin with page rc1.' [emphasis mine]

      And you couldn't tell us?

      --
      Great minds think alike; fools seldom differ.
  6. I did a traceroute, His IP addy is by Anonymous Coward · · Score: 0

    66.35.250.150

  7. Re:Choosing the right OS for strong network securi by metallikop · · Score: 4, Informative

    Each UNIX flavor, whether it's "Real UNIX", Linux, or BSD has its place in life. Linux is a viable solution for security in many cases. Do some research, there is no catchall OS. Trust me, I do UNIX security for a living.

  8. Text of the article in case it get's /.'ed by Anonymous Coward · · Score: 1, Funny
    [Posting AC so you can't accuse me of charma whoring. :-p ]

    Hack Notes Network Security Portable Reference

    author
    Mike Horton and Clinton Mugge

    pages
    228

    publisher
    Osborne

    rating
    9

    reviewer
    Blaine Hilton

    ISBN
    0072227834

    summary
    A concise overview of network security

    It may sound like a problem that the book doesn't give all of the details, but if it did there is no way it could be a "Portable Reference". My favorite feature of the book is its small size. I can easily keep it in my laptop bag and reference it as needed. I can then use that as a springboard to look up more information such as man pages. It is important to understand though that one will not become a network security expert after reading this book alone.


    The book starts off talking about the Asset and Risk Based INFOSEC Lifecycle Model (ARBIL). This is something that I've heard many times before, but the drawing of the process helped engrain that concept. It also visually demonstrates how security is not just a one-time activity, but a continual process that just keeps going. You analyze the system, find the weaknesses, fix them, and then start over again. In the same fashion the book covers the SMIRA risk assessment process in a highly graphic way.


    The Network Security Portable Reference is for people who have access to and are very familiar with both *nix systems and Windows. Depending on what tool or commands they are using both systems are used throughout the references. The book gives a list of tools they think you need, and basically say go to the site to learn about it. If you want detailed information on how to use these tools then this is not the book for you.


    The book goes over different security aspects for *nix and Windows machines, it also talks about how the network itself can be compromised, including wired networks, and wireless. The authors also go over web applications and older technology such as phone PBX systems.


    The assessment checklist at the end of the book provides a great check to determine your network security baseline and see what areas need work. Along with the assessment checklist there is a list of best practices. However, they are in the front of the book and while I can vaguely understand the difference, it seems to me that they should be together. As I believe when auditing a network you would check if best practices were implemented along with the rest of the checklist.


    Another odd layout issue in the book is what they call the Reference Center. This is an area in the middle of the book, with a separate numbering system and the first page in the table of contents. There is no mention as to what this Reference Center is until you flip through the book and find the blue pages in the middle that begin with page rc1.


    As I've mentioned before this book is a great springboard that will help point you in the right direction for information. One of the ways the authors do this is by having a Reference Center in the middle of the book and quite a few appendixes in the back of the book, there is also an index which is helpful for quick look ups.


    When doing consulting work I've found that using the checklist in this book is a great way to begin looking at a company's network security. I have used this on two networks so far and have found it helpful, it is much better then trying to remember to check everything that you can think of at any particular moment. I have also found the Open Source Security Testing Methodology Manual to be quite thorough.

  9. Re:Choosing the right OS for strong network securi by MrRuslan · · Score: 1

    Evrything thats avalable now is all UNIX derived so theres no "Real UNIX" thats just a title, IMHO

  10. Re:Choosing the right OS for strong network securi by DR+SoB · · Score: 1

    Thanx for summing up the "Use Linux" section of the book.. Nothing new here people!!

    OBTW: If you want a catchall OS, install DOS 5, with no xms memory drivers, no TCP (UDP only), and leave it ANSI only. That'll be more secure then anything I've seen recently (except Big Iron of course), and how many DOS virus are still "in the wild"?

    --
    Mod +5 Drunk
  11. Re:Choosing the right OS for strong network securi by metallikop · · Score: 1

    Or just pop out your NIC/modem, lets see someone try and hack that!

  12. Re:Choosing the right OS for strong network securi by metallikop · · Score: 1

    Hence the quotes. Read my parent post.

  13. Two issues by GoneGaryT · · Score: 3, Informative
    The first couple of things that I thought of:

    Legal: The law tends to steer much about security and defines, outside of the "market", what things are to be held of value and the penalties for not protecting these things. Different countries, different laws. "IT Security" means subtly different things according to your location. How -centric is this book? Would it be useful to me in the UK or EU?

    Secondly, port lists. Above 1024, these change their primary meaning as new worms, bots and sploits emerge. I label ports as information becomes available, just to remind me what nasty is at the other end, and never mind what innocent app used it before. How useful / up to date is the trojan list in the book?

    Just my 2 penn'orth.

    1. Re:Two issues by Anonymous Coward · · Score: 0

      "Legal: The law tends to steer much about security and defines, outside of the "market", what things are to be held of value and the penalties for not protecting these things. Different countries, different laws. "IT Security" means subtly different things according to your location."

      For a second I started to imagine going through a US airport with this book one day and getting a free trip to the Carribean.

  14. Re:Choosing the right OS for strong network securi by metallikop · · Score: 1

    Note: SELinux is a very good solution for security if you're going down the Linux road.

  15. Re:Choosing the right OS for strong network securi by Anonymous Coward · · Score: 0

    At least leave the modem connected to the wall before I try to hack it.

  16. Trust by Anonymous Coward · · Score: 0

    I thought the first rule of security is trust nobody?

  17. Security by Dozix007 · · Score: 1

    All most people need for their security is a simple firewall. I like Tiny Personal Firewall personally. The only other thing is to use common sense. If anyone is interested in PHP or SQL security, check out http://www.uberhacker.com/