Maximum Security (3rd Edition)

For the most part, Maximum Security is geared toward systems administrators who need to know how to secure their individual systems, but lack experience with information systems security. Those who are learning about information systems security and want to get their hands wet with hacking tools and concepts will find Maximum Security a good starting point. The book is an interesting read and has loads of information, including a plethora of links for further information. Each chapter lists many tools (both black, gray, and white hat) and additional resources for deeper information. But, those readers who want to understand how to design and engineer secure systems will likely find that the book does not meet their needs.

In Maximum Security, the author (Anonymous, with help from13 contributors) discusses an overview of systems security, and then describes the line of attack a hacker would use to penetrate a system. The downside to having so many contributors is that, with so many different authors, there is not a consistent style and methodology. (A similar title, Hacking Exposed has only three authors and a more methodical and systematic style). This lack of consistency between chapters is not a major concern when looking at individual systems, but when attempting to secure an enterprise with a single methodology, such an approach is often problematic.

The first three parts of the book provide a generic introduction to information systems security and the various threats and vulnerabilities associated with it. Parts four and five get into the nitty gritty of how attacks are carried out. The authors detail vulnerabilities and shortcomings of different types of systems, from firewalls and intrusion detection systems, to network operating systems (Solaris, Windows NT/2000, NetWare) and routers.

Chapter 20 provides a good introduction to the various issues with Unix security. While a lot of different topics are discussed (file system security, network services, host lockdown, and more), none of them are discussed in comprehensive detail.

Nicholas Raba, the author of Chapter 23 on Macintosh does a great job of destroying the myth of the presumed security invincibility of the Macintosh platform. Many people have the false assumption that the Macintosh is somehow more secure than Windows NT and Solaris. Raba astutely notes that for every hack that exists for the PC, there is an equivalent hack for the Mac.

CD-ROMs that accompany books are often of dubious value and only increase the cost of the book. However, the CD-ROM that comes with Maximum Security provides links, tools, and resources discussed in the book that are organized by chapter. It also contains over 25 different hacking and security tools.

One shortcoming of Maximum Security is that, although it provides hundreds of references and URLs, the reader does not come away with a clear understanding of the underlying techniques and methods necessary for the design and rollout of secure systems. The bulk of the book, with its underlying hacker mentality, focuses on security minutiae that make systems vulnerable. The book does not discuss high-level methods and strategies to resolve and ameliorate those security minutiae... Furthermore, Maximum Security does not get into the low-level programming details of how the described vulnerabilities work...Nonetheless, for those who want to experience the feel of hacking and use the tools that real-live hackers often use, Maximum Security is a good place to start.