Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition

Newly added chapter on Wireless Lan was extremely informative.

Rating:
Summary: Still the best book for vulnerability assessors
Review: It's been nearly two years since I reviewed "Hacking Exposed: 3rd Ed" (HE:3E). Since then I've joined Foundstone and contributed the case study on pages 2-7 in "Hacking Exposed: 4th Ed" (HE:4E), on a non-royalty basis. Since my review could still be seen as being biased, I'll mainly discuss changes between HE:3E and HE:4E.

The most noticeable change is the reorganization of the Windows-specific chapters. HE:3E had one 25 page chapter on 9x/ME/XP and two chapters with 172 pages on NT and 2000. HE:4E offers one 22 page chapter on 9x/ME and one 66 page chapter on the "NT family." The authors wisely direct readers to "Hacking Exposed: Windows 2000" and "Hacking Exposed: Web Applications" for more in-depth discussions of attacking Windows. The material in HE:4E is still sufficient to compromise Windows boxes without having to open HE:W2K or HE:WA. This decision allowed HE:4E to grow by only 2 pages since HE:3E. (I criticized HE:3E with a four star review for including too much material best left in topic-specific HE editions.) Pruning the Windows material allows room for a stand-alone wireless hacking chapter in the nitty-gritty HE style, as well as other improvements.

Another major addition to HE:4E is a completely rewritten enumeration chapter. While HE:3E compartmentalized techniques by operating system (Windows, Novell, UNIX), HE:4E offers port-based techniques. For example, if port 179 is open, try BGP-based queries. If port 524 is open or IPX is in use, try Novell attacks. This approach reflects the methods used by assessors who find listening services, and can't be sure what OS is present. The chapter on network devices (ch 9) offers exceptionally devious hacking tricks, such as performing a T-1 "man-in-the-middle" attack.

HE:3E represents a significant upgrade from HE:3E, with nearly two years between the two books. I wasn't happy with the changes between HE:2E and HE:3E, as both were published in 2001. I would like to see HE:5E add a single chapter on attacking Cisco routers, with discussions of the overflows, tunnels, and remote sniffing pioneered by Phenoelit's FX. A chapter on attacking embedded devices and PDAs would be helpful. I recommend following the lead of frequently-updated hardware books like Scott Mueller's "Upgrading and Repairing PCs": print the latest and greatest, and archive the rest to CD-ROM. I think the chapters on Win 9x/ME and Novell could make way for more exciting discussions in HE:5E. Along with Ed Skoudis' "Counter Hack," HE:4E is one of the books I recommend as absolutely essential reading for all security professionals.

Rating:
Summary: Great Book!
Review: I'm not gonna say much about this one - except what they say works. I guarantee it.

Rating:
Summary: no more solving dirty work blindly
Review: I have read many books about network security, but none had put it so easy to actually test the knowledge gain from my reading.
I would recommend this book to any tech guy entrusted with the security of any network of any site. get as well hacker challenge

Rating:
Summary: Total ... ...
Review: I've owned this book for about 10 minutes now. I can honestly say that everything that they put in versions 1-3 could have been sumerised MUCH better than the [stuff] that they put in here. If you want better info might I suggest that you do a little bit of google searching for vulnerabilities. You'll get more up to date information, and save yourself [$$$]. I am so [mad] that they could have [put] out such a [bad] peice of literature. You're basically buying the video CD, which ... . The SQL section alone is about 8 months old, and any ISO should know this info already. If you're just starting out, I suggest the 3rd edition. More detailed, and less ... . I hate that I had to write such a bad review of such and anticipated book, but I feel I was forced to.

Rating:
Summary: As good as the previous HE books
Review: "Hacking Exposed" series grew from a relative unknown to one of the most famous information security books of all times. The interesting part about it is that its reputation is largely deserved.

The fourth edition presents an incremental improvement over the previous ones. Considering that the previous books were great, it is no mean feat! Its is a pity that the book lacks "What's New" section, which would be useful for those familiar with the series.

As usual, the book offers balanced platform coverage (UNIX, Windows, Novell) and follows the same winning paradigm (from scanning to owning the system). The above is obvious since the same author crew from Foundstone is behind the book. The book is somewhat biased towards the attacker side, just as the title promises. Among new sections are wireless security, web hacking and attacking clients (such as web browsers) by malicious servers. The latter section presents some interesting tips on attacking over email, web browser (via ActiveX and other malicious technologies), IRC, etc.

Overall, if you own the 3rd edition, there is some motivation to go grab this one. However, if you haven't read "Hacking Exposed" yet, run to the store to get your copy if you are involved with network or system security in any role. For novices the book will server as a useful introduction to security and hacking, for intermediate readers the book will bring new tools and techniques and will serve as a useful refresher for experts. Companion website hackingexposed.com has the books' table of contents and some other material.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

Rating:
Summary: Focussed, practical, clear. Excellent Win2K security book.
Review: The author(s) are well-known in the security world. This book is very focussed on what it wants to do - make the user aware of the holes in Windows 2000, how hackers can/do break-in - including a great overview of different tools readily available on the Internet and techniques - and how to plug those holes.

Some of the stuff mentioned stops becoming relevant the moment you start applying current service packs, but still an eye-opener. If you want to specialize in or learn about hardening the Windows platform, this is a must-read - worth every penny spent in time and money.

Bharat Suneja
MCT

Rating:
Summary: Excellent informational reading!
Review: Okay, for all those people who want to learn to become hackers out there, this book is the answer to your prayers. This book was written from a hackers point of view on hacking. It tells you (with severe clarity, supriseingly) what you need to do to successfully hack into another persons CPU.

All those other books out there just simply show you what to do to defend from certain kinds of attacks, but this one show you HOW to actually DO those certain kinds of attacks. This is a must buy if you want to become a hacker, or just want general information on how hackers work their magic.

This book uses extreme clarity in telling you what to do (a sort of extreme version of "The Idiots guide to..." series) and how to successfully pull off an attack on someones system and even how to cover it up. I know this is one book I will keep on my shelf until the fourth edition comes out!

Rating:
Summary: Very detailed.
Review: One of the better books on internet security released in the last few years. It even comes with a CD full of usefull tools.
The explanations are detailed and accurate.
Defineately worth getting if you want to know more about network and internet security.

-Kim

Rating:
Summary: Excellent
Review: I'm a network engineer with several Cisco certifications under my belt. This book was exactly what I was looking for. It seems intuitive to me that to protect our systems from attack it is necessary to find out what the hackers are using to attack the systems. No need to spend a 1000 hours surfing hacker sites trying to reinvent the wheel - which can be a dangerous exercise. This book hands it to you on a silver platter. Well organized, clearly and concisely written. Highly recommended!