Maximum Security (3rd Edition)

I cannot recommend this book. The author has done a very diligent work by collecting hundreds of URLs and texts from the web, but I think he gives no concise overall concept of internet security. The mentioned exploits and attaks are now mostly fixed and thus outdated, so many of the URLs are of limited value.

Maybe the book still is a good starting point for further research on the web, but most documents on the 'net give enough material to search for with altavista.

The sections dealing with VMS and Windows NT are superficial. I personally believe that knowing the standard security tools by name is not sufficient for securing a network.

Due to the dynamic nature of the web and the changing operating systems and new forms of security risks/attacks a book focusing on special tools must be outdated in a very short time. A book on general network security gives a better introduction, i think that the view of an hacker (or cracker) does not help very much in securing a network.

Rating:
Summary: Packed with quality links to specific information
Review: There is no task more daunting than one that is fundamentally impossible, extensive and yet necessary. Computer security is like that, as the only secure computer is one that is disconnected from all power sources. The moment it is powered up in a mode that allows useful work to be done, it becomes vulnerable. Furthermore, the number of ways it is vulnerable is effectively infinite, meaning that the number is so large and complex, that it is not possible to handle them all. Finally, it is necessary, as the world is full of a large number of people whose sole purpose in life seems to be to cause as much damage and frustration as they possibly can. Therefore, there is no choice but to apply as many security features as possible to all our computer systems.
This book is an overview of the primary aspects of computer security. Split up into the six broad categories: security concepts, hacking 101, a defender's toolkit, weapons of mass destruction, architecture, platforms and security; and security and integrated services, there is also an extensive bibliography of websites, books and software. If you are interested in an overview of computer security, then this book will provide it.
However, the main value that I get from the book is from the links to more detailed information. I recently taught a special topics course in computer security and I found it invaluable in tracking down detailed information concerning topics such as specific types of distributed denial of service attacks, steganography, password cracking dictionaries and communication protocols. The encyclopedia form of the book makes it very valuable as a primary initial reference.
Useful as an overview for people seeking their first knowledge of computer security, this book will also have value for the IT worker who needs pointers to specific information regarding computer security.

Rating:
Summary: A practitioner's point of view...
Review: Well, I have bought every version of this book since the first and continue to find reasons enclosed to keep it on my bookshelf. I even own Maximum Linux Security. Yep. It's excellent as well.

Not only does the book give you a good feel about where to find the tools of the trade it also gives you insight into their usage.

I regularly investigate computer-based instrusions and find that many of the concepts included in these chapters are enclosed.

I cut my teeth on this series of books a few years ago and continue to keep my skills fresh with them today.

I belieive in this book. I think any serious practitioner should at least browse it to see what he or she is missing. Loved it - Keep them coming.

I'm looking forward to seeing if this edition has anything on the latest exploits concerning the use of Nimda/Code Red/Unicode invasions that I am seeing in conjunction with Scanner Tools and remote control utilities is discussed or not... IRC-Scripters...

Anyone have info contact me ...Thanks...

Rating:
Summary: A Third Edition that's lost its edge
Review: I am a senior engineer for network security operations who hoped Maximum Security, Third Edition (MS:3E) would revive the spirit of the first edition, published in 1997. Some protested its publication, while others welcomed its endorsement of the full disclosure movement. Sadly, the third edition has become, in the author's words on page 22, "another general Internet security book." Few will find it revolutionary.

MS:3E features 14 authors, each commendably given credit for their chapters. Of these, Craig Balding's chapter on UNIX reigns supreme. For a book labeled "intermediate-advanced," only Craig's chapter delivers at that level. I liked his file system risk and kernel rootkit material, and his service-by-service security discussion was great. In contrast, the chapter on Microsoft's operating systems is mainly a laundry list of outdated exploits. I also found the virus, Cisco, and security policy chapters useful. (Note: chapter 7, page 121 -- TCP sequence numbers count BYTES of data, never packets! This is a common misunderstanding.)

Readers seeking no-nonsense product evaluations should look elsewhere. Bland lists of IDS and firewall packages will neither offend vendors nor offer practical guidance to buyers. I prefer authors who take a stand, like Paul Proctor or Stephen Northcutt -- even if I disagree with them!

MS:3E will not shock the security world as the first edition did. Too many other security web sites and books have shared "hacking secrets" with the masses. This condition endorses the Anonymous author's first edition goal, but makes his third edition redundant. If he plans to write "general security books," I suggest he continue his theme of OS-specific titles. (Maximum Linux Security, Second Edition arrives soon, followed by Maximum Windows 2000 Security, First Edition.) Retire Maximum Security, or write a better general guide after transplanting the OS-specific material to their respective titles. Better yet, write a book on how to develop, code, and employ new exploits; that will be ground-breaking work! (Disclaimer: I received my review copy free from the publisher.)

Rating:
Summary: Pretty good...a LOT of resources.
Review:

The book is good, but contains a lot of historical data. I would say that it's an excellent book for someone just starting out in security. For more expreienced users - especially UNIX system administrators - it is more of a refresher course. (And perhaps a stroll down memory lane.)

One thing to note: the writer provides an up-close look at various techniques of cracking a target host. I mean, a REALLY close look. Minus the historical data (the writer discusses the worm, a wide variety of old holes, etc), the most valuable thing about the book - and perhaps the best reason to buy it - is this: there are hundreds of free tools discussed. Their locations are in the book. At best, this book is like a huge toolbox. (There's also hundreds of tech reports, papers and articles discussed. Their locations are also available.) Major drawback: the author is verbose. He engages in extensive analysis of government documents and polcies as well as some now well-known break-in cases. Makes a case that current government policies and training techniques are outmoded, useless, etc.

Major bummer: SAMS apparently forgot to put the "Hidden Message About the Internet" on the CDROM. This was an encrypted file that the reader was supposed to decode. Takes the fun (and challenge) out of it. Otherwise, I would reccomend it. Too bad the author is anonymous, though. I guess there's no hope of a second edition.

Rating:
Summary: Essential information and a lot of it
Review: Security is an enormous task, the amount of information in this book, both written and referenced, is intimidating. Furthermore, the reality that it is necessary for your survival can raise your blood pressure and the number of hours you lay awake at night. Fortunately, it is not necessary to do it all at once and there are software tools that can make the scanning for security problems much easier.
This book contains complete descriptions of the most common forms of computer security problems, including how attackers use the weaknesses and links to additional information. Computer security is an area of computing that is very close to the shadowy world of spies and secret agents. Fourteen contributors other than the lead author are listed on the inside front cover, four of which are not pictured. The lead author is also listed as anonymous.
In terms of content, the descriptions are complete, both in coverage and detail. Somewhere, somehow, the people who manage the IT facilities at organizations must make contact with the material in this book and it is as good a place as any to do so. The authors also do an excellent job in aggregating references to more detailed explanations of the various areas of security. You could literally spend weeks following all the research paths listed for most of the topics.
The only people who can afford to do nothing are those who have nothing. Everyone else should read this book and take the appropriate actions to protect themselves.

Rating:
Summary: Only one piece of the puzzle
Review: Maximum Security has always been a good book for putting things basically in perspective. It is a good book for explaining the basic habits and trends that net/sys admins should know for keeping their networks relatively secure. One reviewer posted that the exploits listed are out dated. Most books have "outdated exploits". For up to date exploit information, one does not buy a book, they subscribe to a newsletter or news forum that deals specifically with security issues related to their OS or software. This book may not be a manual for cracking systems, but it still does bear some useful information to the receptive reader.

Rating:
Summary: Very good, general, requires our iniative
Review: This is a very good book, a bit general, but covers a lot of inportant topics, such as sections of major OSs and a large meaty portion on urls, and lists of various kinds.

Don't get me wrong this is a very good book, but in order to get the best out of it you really must use the links in it. And there are thousands of them. Just reading the book will not make you an expert, or a hacker. For this reason it is a excellent starting book on security, giving a whole host of information, abeit some sections are outdated, for instance VAX/VMS systems (or that may just be my ignorance).

Overral yes, I would heartily reccomend this book to any aspiring hacker, systems administrator, or security professional, but you will have to use your own iniative to get the best out of this book.

Rating:
Summary: Too general
Review: Almost every chapter describes in long elaborate paragraphs, stating the seriousness and the affects of how something could cause damage to your system. But if you trim down all the words, it basically just says "you know hacking is bad, but we like to show off our writing skills so you can learn how to say it like a snobbish aristocrat." You can find much better information almost anywhere on internet. This book is written for amateur IT managerial debutantes who have no clue what is a computer besides having taken a keyboarding class in college and simply need to impress the boss so he can keep his job. Get "Hacking Expose: Second Edtion" instead, you'll learn how to actually accomplish something.

Rating:
Summary: Includes clear, to the point descriptions
Review: Now in a completely updated third edition, Maximum Security: A Hacker's Guide To Protecting Your Internet Site And Network provides comprehensive, platform-by-platform coverage of security issues, and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. A complete and "user friendly" instruction and eference manual, security managers and others interested in computer and network security can learn everything the hackers already know, and then take steps to protect their systems. Very highly recommended for personal and professional computer security and safety reference collections. User Level: Intermediate-Advanced. 896 pp.