Rating: 
Summary: A handy guide when trying unfamiliar tools or techniques
Review: "Network Security Hacks" (NSH) has something for nearly everyone, although it focuses squarely on Linux, BSD, and Windows, in that order of preference. Administrators for commercial UNIX variants (Solaris, AIX, HP-UX, etc.) should be able to apply much of the book's advice to their environments, but they are not the target audience. NSH is written for admins needing quick-start guides for common security tools, and in this respect it delivers.I found NSH to be most rewarding when it avoided discussing the same topics everyone else has covered. Lesser known tools like authpf, ftester, sniffdet, SFS, rpcapd, and Sguil caught my interest (especially as I write Sguil installation docs). Even some ways to use familiar tools were helpful, like the -f (fork) and -N (no command) switches for SSH forwarding. In some cases it made sense to mention well-worn topics like BIND or MySQL, with an eye towards quickly augmenting the security of those servers. Elsewhere I questioned the need to cover certain tools. With the number of Snort titles approaching double digits, and O'Reilly's own Snort books in the wings, was it really necessary to devote several hacks to Snort? In the same respect, I felt mention of Nmap, Nessus, swatch, and ACID was not needed, nor was advice on implementing certain Windows security features. In some cases the descriptions were too brief to really explain the technologies at hand. For example, the "Secure Tunnels" chapter discusses a very specific IPSec scenario (wireless client to gateway) without informing the reader of the other sorts of tunnels that are possible. I also questioned some of the content, like p. 47's statement that Windows lacks "robust built-in scripting." Brian Knittel's "Windows XP Under the Hood" would quickly change the author's mind. Also, the anomaly detection preprocessor SPADE is described, even though the last version (Spade-030125.1.tgz, released Jan 03) is only available on a Polish student's Web server and no longer cleanly integrates with Snort past version 2.0.5, released in Nov 03. Despite these comments, I still found NSH a great addition to my security bookshelf. I found the coverage of Windows more than adequate, given that true security innovation in the public sphere is being done in the open source world and not in Redmond's labs. The writing tends to be clear and the descriptions concise. I guarantee you will find a handful of hacks which pique your curiosity and ultimately help secure your enterprise.
Rating:
Summary: A handy guide when trying unfamiliar tools or techniques
Review: "Network Security Hacks" (NSH) has something for nearly everyone, although it focuses squarely on Linux, BSD, and Windows, in that order of preference. Administrators for commercial UNIX variants (Solaris, AIX, HP-UX, etc.) should be able to apply much of the book's advice to their environments, but they are not the target audience. NSH is written for admins needing quick-start guides for common security tools, and in this respect it delivers. I found NSH to be most rewarding when it avoided discussing the same topics everyone else has covered. Lesser known tools like authpf, ftester, sniffdet, SFS, rpcapd, and Sguil caught my interest (especially as I write Sguil installation docs). Even some ways to use familiar tools were helpful, like the -f (fork) and -N (no command) switches for SSH forwarding. In some cases it made sense to mention well-worn topics like BIND or MySQL, with an eye towards quickly augmenting the security of those servers. Elsewhere I questioned the need to cover certain tools. With the number of Snort titles approaching double digits, and O'Reilly's own Snort books in the wings, was it really necessary to devote several hacks to Snort? In the same respect, I felt mention of Nmap, Nessus, swatch, and ACID was not needed, nor was advice on implementing certain Windows security features. In some cases the descriptions were too brief to really explain the technologies at hand. For example, the "Secure Tunnels" chapter discusses a very specific IPSec scenario (wireless client to gateway) without informing the reader of the other sorts of tunnels that are possible. I also questioned some of the content, like p. 47's statement that Windows lacks "robust built-in scripting." Brian Knittel's "Windows XP Under the Hood" would quickly change the author's mind. Also, the anomaly detection preprocessor SPADE is described, even though the last version (Spade-030125.1.tgz, released Jan 03) is only available on a Polish student's Web server and no longer cleanly integrates with Snort past version 2.0.5, released in Nov 03. Despite these comments, I still found NSH a great addition to my security bookshelf. I found the coverage of Windows more than adequate, given that true security innovation in the public sphere is being done in the open source world and not in Redmond's labs. The writing tends to be clear and the descriptions concise. I guarantee you will find a handful of hacks which pique your curiosity and ultimately help secure your enterprise.
Rating:
Summary: Another great collection of "hacks"
Review: As with the other "Hacks" books, there are 100 hacks listed, and these are focused on network security. As another reviewer points out these hacks seem to be heavily slanted toward Unix. Whether this is due to the Windows OS "keeping the administrator out of the loop about the inner workings of her environment," as the book points out or the numerous "helpful features" of Windows that aren't that helpful to Windows admins is unclear. There does appear to be some limits to how secure you can make a Windows network, as opposed to Unix which seems to have many more options. And while we constantly hear about new Windows viruses, we rarely hear about Unix viruses. But I digress. There definitely are some good ones here, like the "honeypot hack," protecting logs from tampering (thereby making it more difficult for a network intruder to cover their tracks), preventing stack-smashing attacks (thereby preventing an attacker from overwriting the information on a stack), detecting spoofing, testing your firewall, monitoring your logs for any sign of tampering, even defending yourself against web application intrusions. In short, these hacks are the ones deemed most likely by the book's author to be useful in defending your network against any kind of hostile attack or intrusion. And while you may agree or disagree with the list presented in this book, this book is a valuable tool and reference for any network admin to have on hand.
Rating:
Summary: Another great collection of "hacks"
Review: As with the other "Hacks" books, there are 100 hacks listed, and these are focused on network security. As another reviewer points out these hacks seem to be heavily slanted toward Unix. Whether this is due to the Windows OS "keeping the administrator out of the loop about the inner workings of her environment," as the book points out or the numerous "helpful features" of Windows that aren't that helpful to Windows admins is unclear. There does appear to be some limits to how secure you can make a Windows network, as opposed to Unix which seems to have many more options. And while we constantly hear about new Windows viruses, we rarely hear about Unix viruses. But I digress.
There definitely are some good ones here, like the "honeypot hack," protecting logs from tampering (thereby making it more difficult for a network intruder to cover their tracks), preventing stack-smashing attacks (thereby preventing an attacker from overwriting the information on a stack), detecting spoofing, testing your firewall, monitoring your logs for any sign of tampering, even defending yourself against web application intrusions. In short, these hacks are the ones deemed most likely by the book's author to be useful in defending your network against any kind of hostile attack or intrusion.
And while you may agree or disagree with the list presented in this book, this book is a valuable tool and reference for any network admin to have on hand.
Rating:
Summary: Excellent material, but heavily weighted towards Unix...
Review: If you're at all responsible for or mindful of the security aspects of your network, here's a book you'll enjoy... Network Security Hacks by Andrew Lockhart (O'Reilly). As with all the Hacks titles, this book contains 100 various tips and ideas on how to improve your network security through the use of various software packages or procedures you can implement. The Hacks are grouped into the following chapters: Unix Host Security; Windows Host Security; Network Security; Logging; Monitoring and Trending; Secure Tunnels; Network Intrusion Detection; Recovery And Response. This isn't a primer on all you need to know about system security, nor is it meant to be. Network Security Hacks is most helpful for the system or network administrator who understands security but is always looking for various ways to enhance their level of security or ease the administration processes. For instance, in the Monitoring and Trending chapter, you are introduced to a number of free tools you can download that will verify your services, graph your bandwidth trends, monitor real-time network stats, and audit the traffic on your network. While not every hack will appeal or apply to you, you will find plenty of gems that will give you a real and quick payback. The only "gripe" I have about the book is that it is heavily weighted towards the Unix environment. The Windows chapter is pretty small, and even some of the Windows hacks involve allowing you to work with the data like you can with Unix. So, if you're looking strictly for Windows security tips, you will probably find less satisfaction than you might if you were a hard-core Unix admin. Even so, there is material there that will interest you, such as how to use Snort to set up an intrusion detection system or how to use built-in features of Windows to create your own firewall. Very good book, and worthy to hold a spot on your bookshelf...
Rating:
Summary: Excellent material, but heavily weighted towards Unix...
Review: If you're at all responsible for or mindful of the security aspects of your network, here's a book you'll enjoy... Network Security Hacks by Andrew Lockhart (O'Reilly). As with all the Hacks titles, this book contains 100 various tips and ideas on how to improve your network security through the use of various software packages or procedures you can implement. The Hacks are grouped into the following chapters: Unix Host Security; Windows Host Security; Network Security; Logging; Monitoring and Trending; Secure Tunnels; Network Intrusion Detection; Recovery And Response. This isn't a primer on all you need to know about system security, nor is it meant to be. Network Security Hacks is most helpful for the system or network administrator who understands security but is always looking for various ways to enhance their level of security or ease the administration processes. For instance, in the Monitoring and Trending chapter, you are introduced to a number of free tools you can download that will verify your services, graph your bandwidth trends, monitor real-time network stats, and audit the traffic on your network. While not every hack will appeal or apply to you, you will find plenty of gems that will give you a real and quick payback. The only "gripe" I have about the book is that it is heavily weighted towards the Unix environment. The Windows chapter is pretty small, and even some of the Windows hacks involve allowing you to work with the data like you can with Unix. So, if you're looking strictly for Windows security tips, you will probably find less satisfaction than you might if you were a hard-core Unix admin. Even so, there is material there that will interest you, such as how to use Snort to set up an intrusion detection system or how to use built-in features of Windows to create your own firewall. Very good book, and worthy to hold a spot on your bookshelf...
Rating:
Summary: Not for the amateur
Review: It's important to understand who this book is for. It's not for the amateur looking to configure their firewall. The book starts with locking up UNIX filesystems and doesn't turn back the complexity clock as it winds through all the way to advanced topics like Honeypots and various SSH tunneling schemes. I highly recommend this book for network administrators and security professionals looking to make sure they have all of their bases covered. However, for the personal computer user looking to make sure their DSL doesn't get hacked I cannot recommend this book.
Rating:
Summary: Try rummaging thru the hacks
Review: Lockhart has assembled a fascinating collection of 100 hacks to protect your computers against a network intrusion. He covers linux/unix systems and also Microsoft machines. An entire chapter, containing 10 hacks, is devoted to the latter. Most of the other 90 hacks can be applied to both systems, though the example implementations are usually given under linux/unix. Perusing the list of hacks may cause different readers to be attracted to different hacks. Here, I briefly summarise a few that caught my eye. Consider "Block OS fingerprinting". In an earlier, more innocent age, someone connecting to a telnet, sendmail or ftp daemon would cause it to reply with the machine's operating system label and the version of that daemon. Yes, really! In fact, this is still largely true, by default, on most unixes. Well, nowadays, a sysadmin can stop those daemons doing this. But a cracker can then do other probes. If you are running OpenBSD, you can use pf to block those. Logically continuing this train of thought, what if you wanted to actively mislead the cracker by mimicking another operating system? This is the honeypot hack. The honeyd daemon lets you masquerade as several types of systems. Pretty crafty, eh? The next hack would then be to record all the cracker's activity on your honeypot via the open source Sebek, which is freely available for linux and Solaris. Granted, you might be interested in other hacks. But hopefully the above gives you some idea of the book's utility. And a lot of hacks refer to other closely related hacks, in the manner shown above.
Rating: 
Summary: Now this is a good book!
Review: Lots of very very very good hints and suggestions! a valauble title.
Rating: 
Summary: Useful Tips, Limited on Windows
Review: Overall, I find this book to be an enjoyable read. I thumb through it time and time again, and come up with some useful hints and tips (not really necessarily hacks though). It's more oriented toward BSD Unix and Linux, but I did find some useful hints for Windows (the current topic of my studies). I really like the plug for ntsyslod (hack 56), which can take binary event logs and route them to syslogd service. Nice. Finally, logs in Windows are now open for business.
I found some material to be trivial, making problems from non-problems, or rather not practical to implement. For example, one hint advises Windows users to encrypt their temp directory (hack 28). However, there are easy workarounds to bypass EFS, and the temp directory is within a user's profile, and thus secured from other users anyhow. So encrypting it is unecessary, and not useful given users can drag a file to a floppy or non-NTFS filesystem to and bypass the encryption.
One hack recommended flush the page file as some important application data might be in there (hack 29). However, this requires delving into the registry, and to implement across all workstations is too taxing. However, there could be ways to automate this through group policy objects and scripts. There's no coverage on how to automate some of these chores, which is not always straightforward in Windows.
One a final note, I wish there was more coverage of Windows. There's could be equivelent coverage of things like time sychronization (hack 44) for Windows as well.
Overall though, I think there are enough useful tips to make this book valuable. I've already wrote my name on this one...
|
