Rating: 
Summary: One of the best books on computer security...
Review: This has got to be one of the best books that I've read on computer security, hands down. Ed obviously put a great deal of time and creativity into designing a book that would give a system/network administrator exactly what s/he needs to do useful computer security work: a solid understanding of the fundamentals. He follows that up with excellent descriptions and tutorials on the hacking process, including tools and techniques. I loved Ed's introductory chapters, titled "Pretty Much Everything You Need to Know about {"TCP/IP","Windows NT/2000", "Unix"} to Follow the Rest of This Book, in N pages or Less." This was just an incredibly good idea. It provides a great introduction to what you need if you're new to this. It also provides great review on material that you might use every day but need to remember or understand more deeply. And, once you finish these, you're ready to learn about hacking/auditting tools and techniques. Now, Ed takes a much *better* approach than most of the other books coming out today: for every tool, technique, or topic, he works to help you understand it very deeply. For example, most books include a short description of a tool, possibly accompanied by a table listing its command-line options. Ed takes the opposite approach -- he explains the tool's use and functionality in the right amount of detail and describes how the tool works, turning you into an instant power-user for every tool you use! I knew this book got it right when I saw 17 pages on Fyodor's nmap (the premier network mapping and scanning tool) -- to truly use nmap effectively, you've got to understand what it is that you're doing. The whole book shows this strong attention to exactly the right amount of focus on each topic and it shows. This is one of the best designed well-written books on computer security that I've read in a while. If you don't buy anything else on network auditting or penetration testing, buy this book!
Rating:
Summary: Learn hacking strategies and defenses and have fun reading!!
Review: This is a "fun to read" book that fully describes the methodology of hacking attacks. It is by far the most enjoyable book I have read on the subject. The book is not a textbook or a reference book, yet I found that I learned a lot while I read it and I have continuously referenced it for specifics of the techniques that are described.
Ed starts by providing short intros to UNIX, NT and IP networking, which provide valuable info to readers who don't have good backgrounds in all three. He then walks the reader through the typical steps of an attack. Each of the sections, Reconnaissance, Scanning, Gaining and Maintaining Access and Covering Your Tracks contain well-written, up-to-the minute descriptions of the current methodologies found in the field as well as descriptions of the tools that are used.
He references the authors of the tools and points to their web-sites. There is great info on Sam Spade, THC-Scan, Cheops, nmap, nessus, IDS evasion techniques, buffer overflows, L0phtCrack, John the Ripper, Dsniff, Hunt, Netcat, TFN2K, BO2K, RootKit and others. Yet this isn't a set of man pages or an attempt to prove that he knows more tools than anyone else does. The usage of each tool is described in the context of the methodology that he is explaining.
My favorite chapter is "Putting it all Together: Anatomy of an Attack", where Ed describes three different "real-life" attack scenarios. In each scenario, fictional hackers use the tools and methodologies described in the earlier chapters to break the security of fictional target companies. This chapter really ties it all together!
Anybody who has heard Ed speak at numerous conferences will recognize his fun, fact-filled, informative style. This book is suitable for system administrators, technical experts, security practioners and business executives. I would recommend this book to everyone interested in the security of their systems and networks.
Rating:
Summary: Learn hacking strategies and defenses and have fun reading!!
Review: This is a "fun to read" book that fully describes the methodology of hacking attacks. It is by far the most enjoyable book I have read on the subject. The book is not a textbook or a reference book, yet I found that I learned a lot while I read it and I have continuously referenced it for specifics of the techniques that are described.
Ed starts by providing short intros to UNIX, NT and IP networking, which provide valuable info to readers who don't have good backgrounds in all three. He then walks the reader through the typical steps of an attack. Each of the sections, Reconnaissance, Scanning, Gaining and Maintaining Access and Covering Your Tracks contain well-written, up-to-the minute descriptions of the current methodologies found in the field as well as descriptions of the tools that are used.
He references the authors of the tools and points to their web-sites. There is great info on Sam Spade, THC-Scan, Cheops, nmap, nessus, IDS evasion techniques, buffer overflows, L0phtCrack, John the Ripper, Dsniff, Hunt, Netcat, TFN2K, BO2K, RootKit and others. Yet this isn't a set of man pages or an attempt to prove that he knows more tools than anyone else does. The usage of each tool is described in the context of the methodology that he is explaining.
My favorite chapter is "Putting it all Together: Anatomy of an Attack", where Ed describes three different "real-life" attack scenarios. In each scenario, fictional hackers use the tools and methodologies described in the earlier chapters to break the security of fictional target companies. This chapter really ties it all together!
Anybody who has heard Ed speak at numerous conferences will recognize his fun, fact-filled, informative style. This book is suitable for system administrators, technical experts, security practioners and business executives. I would recommend this book to everyone interested in the security of their systems and networks.
Rating:
Summary: Great!
Review: This is a great book, extremely useful to anyone interested in knowing how computer attacks are done - and the tools available on the market. I used to wonder also, but for the first time, I have got the light. I plan to go through it again, this time taking notes.Buy this book!
Rating:
Summary: Very Easy and Enjoyable to Follow...
Review: This is an excellent and very readable introduction on the technical subjects which could be very lengthy and complicated. The author has done a superb job from cover to cover, for a naive or veteran reader to follow with joyful expression and masterful flow, without being flooded or intimidated. I recommend for those who need a quick survey on the field.
Richard,
Rating:
Summary: Serious Security
Review: This is the kind of book that every serious security professional should read and keep by their console for reference. It provides the technical information you need to protect your systems and the advice you require to handle the unexpected!
|
