Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit

This book gives great detail and offers a set of tools which allow the reader to test and explore their own computer or network in order to safeguard themselves and the companies they work for.

If you can only buy on ebook, then this is the one to get.

Rating:
Summary: Hack Attacks Revealed
Review: Great book and excellent tools. As a manager of a large IT enterprise this book has helped educate me on what to look out for and how to better understand what my Security Staff are telling me!

Rating:
Summary: Security Management Online Reviews Hack Attacks
Review: Consider the warnings at the beginning of this book: "This book is sold for information purposes only" and "without written consent from the target companies, most of the procedures contained in the book are illegal in the United States and many other countries." This opening seizes the reader's attention on a work that shares the hands-on experiences of author John Chirillo, a self-described "renowned superhacker."

As the threat to information systems grows and information technology evolves faster than information security technology, it is imperative for security professionals to understand the hacker community and the tools used to pry into, compromise, and damage information systems. Chirillo emphasizes such awareness in this book, which is written from the hacker perspective.

Hack Attacks Revealed is not only aimed at managers and policy makers, but it also targets specialists including network administrators and engineers. The book will give readers a better understanding of how their network vulnerabilities can be exploited. But Chirillo also supplies effective information security technologies and provides the steps for designing and implementing a security policy.

Accompanying this massive book is a CD-ROM that provides links to more than 15,000 security resources, a toolbox of security products, viral kits, password crackers, and stealth scanners. From these, the user can craft his or her own toolkit.

A good bibliography, a user-friendly glossary, and a well-organized index round out this excellent work. With its current and detailed information and a disk that enables hands-on experience, Hack Attacks Revealed would serve well as a reference or as a resource for teaching Internet security at the college and university level.

Rating:
Summary: Good Beginning
Review: This book is a good introduction to network security, even the more experienced should be able to pick up a trick or two. Worth the money!

Rating:
Summary: A Great Intro to the subject
Review: If you're new to this area, this a great place to start. I'd recommend this book along with Hacking Exposed. It pretty much covers all sub-categories of modern day hacking and will sit well as a reference on your bookshelf.

Rating:
Summary: Hack Attacks
Review: The latest book by John Chirillo is totally awesome! He fills the gaps where many others fail to give a clear view of computer security and how it's breached. This is a great book to add to your collection of security related references. The software that accompanies the book gives even newbies a clear vision of what computer hacks do, how they do it and how to know what to look for to prevent it. My nephew even could understand some of the harder concepts. Great work John. I highly recommend this book to others.

Rating:
Summary: Highly recommended
Review: An outstanding practical guide which delivers on the promise of revealing details of today's common hacking exploits. This book should be considered required reading for any IT/Information Security specialist. Also recommend you buy the companion book - Hack Attacks Denied!!

Rating:
Summary: Great Reference and Tutorial Book
Review: I like this book for the simple fact of all of the great information packed in it, It has tables of ports, trojans, viruses, it even comes with a cd of all the tools he talks about on the book. I just think this book is great! I have used it to track down someone who has been stealing my ISP password through a trojan.

Rating:
Summary: Carmada reviews Hack Attacks Revealed
Review: Bill gets right to the point here:
"I'm going to make a virtuous hacker guru out of you."

That's how John Chirillo begins his "challenging technogothic journey," Hack Attacks Revealed. And whoever "you" are -- sysadmin, internetworking engineer, or hacker (disaffected or otherwise), you'll find that Chirillo is selling authentic goods. (He's been hired by many Fortune 1000 companies to break into their networks.) This book offers a systematic tour of network vulnerabilities, hacking tools and techniques, and a whole lot more.

Be warned: "This book is sold for information purposes only. Without written consent from the target company, most of these procedures are illegal in the United States and many other countries as well. Neither the author nor the publisher will be held accountable for the use and misuse of the information contained in this book."

Whew. Now that we've got that out of the way, let's see what's really in here...

The first section of Hack Attacks Revealed reintroduces each of today's communications protocols from a hacker's point of view. For example, it's one thing to know that when IP datagrams traveling in frames cross networks with different size limits, the routers must sometimes fragment the datagrams. It's another to recognize that this introduces a potential vulnerability to both passive and intrusive attacks. It's one thing to know that Address Resolution Protocol (ARP) broadcasts packets to all the hosts attached to a physical network, which store this information for later use; it's another to recognize that this represents an opportunity for a spoofing attack.

In Part II, Chirillo moves on to the communications media that tie workstations into LANs, LANs into WANs, and WANs into internets -- Ethernet, Token Ring, FDDI, ISDN, xDSL, point-to-point links, and frame relay. Then, it's on to start attacking the most vulnerable of those 65,000 ports into your computer.

Chirillo starts with Port 7, echo, explaining echo overloads, Ping of Death attacks, and Ping flooding, which takes advantage of a computer's responsiveness by bombarding it with pings or ICMP echo requests. There's Port 19, chargen, vulnerable to a telnet connection that generates a string of characters with output redirected to a telnet connection. There's Port 53, domain, which leads to a discussion of how DNS caching servers can be spoofed, forwarding visitors to the wrong location.

And so it continues, through more than 50 vulnerable TCP and UDP ports, all the way up to Port 540, uucp, Port 543, klogin, and beyond. Chirillo exposes a veritable who's who of viruses, worms, and trojans: Executor, Cain & Abel, Satanz Backdoor, ServeU, ShadowPhyre, SubSeven Apocalypse, Voodoo Doll, Portal of Doom...

Next, you're introduced to scanning: IP, port, and service site scans, tools, and techniques -- including techniques that can penetrate or "stealth" their way past firewalls (a comforting thought).

There's detailed coverage of mail bombing, spamming, and spoofing; web page hacking, and vulnerabilities of specific *nix and Windows operating systems, as well as internetworking hardware (Cisco, 3Com, et al.). You'll find tons of useful charts (from common ports to Ethernet frame formats). There's even an introductory guide to the lingua franca of hacking, the C programming language.

The accompanying CD-ROM contains an extensive collection of security and hacking software, plus TigerSuite -- all you need to uncover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and generally prevent (or perform) all manner of havoc. We hope you'll use the software -- and the book -- for good, not evil. (Bill Camarda)

Rating:
Summary: A great insight into hacking attacks
Review: This book is very well written with chapters introducing the technology behind the internet and how hackers use its weakness to gain access to private systems. Because of this the book appeals to users of all experience levels. Overall a good read to learn what attacks hackers are using and the means in which to protect against them.