Rating: 
Summary: An Incredible Opportunity to Srutinize Actual Case Studies!
Review: Along with advances in computer and Internet technologies we have also witnessed countless unlawful attempts to break into computer systems around the world with the intent to steal, damage, or otherwise compromise information.Hacker's Challenge by Mike Schiffman offers readers an incredible opportunity to scrutinize actual case studies of intrusion attempts - those attempts to gain unauthorized entry into computers systems to cause deliberate harm or mischief. Hacker's Challenge is broken up into two sections - 20 actual case studies with actual attack scenarios and log files (names and data have been changed for legal and confidentiality concerns), and corresponding solutions to them. Readers are challenged to read the case studies and determine for themselves how the attacks were made, what vulnerabilities were exploited, what harm, if any, had occurred, how to lesson the impact of future intrusions, and what possible remedies can be made to prevent future attacks altogether. Readers will learn how to determine the levels of attacker technical abilities and sophistication used. The case studies cover a broad range of attacks - those perpetrated by "script kiddies" who use existing attack code made available on the Internet and using publicly known attack methods, clever and skilled attackers who use publicly known coding and write their own code, and extremely skilled attackers who use publicly known coding, who write their own code, and who take advantage of non-public exploits and cutting-edge technologies to accomplish their evil work. Of further interest, the case studies and solutions presented in Hacker's Challenge will demonstrate how company officials and security consultant team members can effectively respond to different kinds of intrusion attempts. Their methods of discovery - much like police detective work, are fascinating, detailed, and very professional. Readers will follow along with them step-by-step to determine the order of events, to search log files and research events for clues, to think through issues for themselves, and arrive at their own conclusions. The solutions at the back of the book provide detailed answers, intrusion prevention measures, and a wealth of additional resources for further consideration. An added benefit of this book is that readers will learn about the skills involved in this kind of detective work, such as knowing about software programs and operating systems, knowing their particular vulnerabilities and exploits, knowing programming languages, reading log files, piecing together details, searching computer systems, searching buildings, interviewing suspects and witnesses, consulting with computer security experts, and putting to use essential people skills to obtain helpful information. Hacker's Challenge also presents readers with some valuable lessons to be learned - by learning from the mistakes of others. The case studies point out a number of system weaknesses that can be easily exploited to gain access to computer systems - including the keeping of system software default settings, using dictionary word passwords, failing to install the latest program versions, failing to install updates and security patches in a timely manner, failing to use anti-virus and intrusion detection programs, failing to use an appropriate firewall, failing to filter ports, failing to use appropriate encryption, failing to properly set radio strength - for wireless systems, and failing to either remove or disable unneeded programs and services on Web servers. Hacking poses many problems for a lot of people. Consequences of someone breaking into a computer system can affect the lives of many people - embarrassing downtime, lost revenue, stock market reactions, unemployment, public health and safety. Vigilance is key here - keeping up on the latest vulnerabilities and exploits, using the latest software versions and patches, and incorporating other necessary security precautions. This book will greatly benefit any company or person involved in handling information technology issues. It's also ideally suited for classroom and workshop use!
Rating:
Summary: If this book were a broadway show, it'd be 'Cats!!'
Review: Although it's MUCH better than cats. I'll read it again and again!!
Rating:
Summary: Good read , brilliant book
Review: Even if your not interested in security, this reads like a murder mystery. Enjoyable and easy to read.
20 Chapters, each a different scenario, you get to read the hints clues and storyline, then are asked questions at the end of the chapter. Then another 20 chapters explaining everything to you.
Only bad point, its only got 20 scenario's, I will want to read this sort of thing for months to come. Well recommended, for the novice and professional.
Rating:
Summary: Read it with admire...
Review: I am a Linux lecturer.
And I like to read those books about Hacking and Security. Most of the books are not that easy to read.
Because writers assume that their readers
must have a strong background on those issues.
Sometimes they just throw you the answer without explaination. But this book really makes a difference.
It gives you the situation, makes you to think at first.
And then you can read the answers at the back,
review your original point of view. And every example it provides
show us a possible breach in reality.
Not those theory-based stories... Wanna secure your system?
Just READ IT!! No matter buy it or borrow it...
Rating:
Summary: Read it with admire...
Review: I am a Linux lecturer.
And I like to read those books about Hacking and Security. Most of the books are not that easy to read.
Because writers assume that their readers
must have a strong background on those issues.
Sometimes they just throw you the answer without explaination. But this book really makes a difference.
It gives you the situation, makes you to think at first.
And then you can read the answers at the back,
review your original point of view. And every example it provides
show us a possible breach in reality.
Not those theory-based stories... Wanna secure your system?
Just READ IT!! No matter buy it or borrow it...
Rating: 
Summary: Innovative and practical for technical trainers and students
Review: I am a senior engineer for network security operations. I read "Hacker's Challenge" because one of my work duties involves training tier one and tier two security analysts. (Tier one analysts can recognize insecure digital assets; tier two analysts understand the threats to insecure digital assets; tier three analysts can manipulate most aspects of digital assets to mitigate insecurity.) I hoped "Hacker's Challenge" would educate my tier one and possibly tier two students. I now realize the book offers something for security professionals at all levels of expertise.
"Hacker's Challenge" is a collection of twenty "case studies." By dropping the reader into an incident response scenario, the book challenges security professionals to answer tough questions: How did the intruder gain access? What tools were used after the compromise occurred? How do you mitigate that threat in the future? This approach breathes new life into the world of security reading. Students will learn a lot by taking the time to answer these questions before consulting the well-written "solutions" section.
I noticed several technical themes repeated throughout "Hacker's Challenge." They included wireless vulnerabilities, Unicode and directory traversal attacks against Microsoft IIS, and older Solaris exploits. I particularly enjoyed the SQL server attack (challenge 7), and the thorough description of the sadmind worm (challenge 8). I liked the Macintosh case (challenge 15), but wished for coverage of OS X. Finally, the need for network security monitoring via intrusion detection system was wisely emphasized in many "solutions."
"Hacker's Challenge" isn't perfect, however. HK.exe, mentioned in challenge 10, exploits the "spoofed LPC port request" vulnerability of MS00-003, and doesn't involve directory traversal or Unicode. While an old Checkpoint ACK flood vulnerability was well explained (challenge 17), one of the references pointed to an unrelated IP fragmentation vulnerability. Also, the lead author should change his reference to the Air Force Information Warfare Center from "AFWIC" to AFIWC. He might also re-evaluate his interest in the TAB soft drink. (Read challenge 20!)
I plan to incorporate "Hacker's Challenge" into my analyst development program. I believe challenges 1,4,5,8,12,13, and 16 are suitable for tier one personnel. Challenges 2,3,6,10,11,14,15,17 and 18 are suitable for tier two staff. Tier three personnel may enjoy challenges 7,9,19, and 20. I look forward to second and third follow-on books to further enrich the security community.
(Disclaimer: I received a free review copy from the publisher.)
Rating:
Summary: Innovative and practical for technical trainers and students
Review: I am a senior engineer for network security operations. I read "Hacker's Challenge" because one of my work duties involves training tier one and tier two security analysts. (Tier one analysts can recognize insecure digital assets; tier two analysts understand the threats to insecure digital assets; tier three analysts can manipulate most aspects of digital assets to mitigate insecurity.) I hoped "Hacker's Challenge" would educate my tier one and possibly tier two students. I now realize the book offers something for security professionals at all levels of expertise.
"Hacker's Challenge" is a collection of twenty "case studies." By dropping the reader into an incident response scenario, the book challenges security professionals to answer tough questions: How did the intruder gain access? What tools were used after the compromise occurred? How do you mitigate that threat in the future? This approach breathes new life into the world of security reading. Students will learn a lot by taking the time to answer these questions before consulting the well-written "solutions" section.
I noticed several technical themes repeated throughout "Hacker's Challenge." They included wireless vulnerabilities, Unicode and directory traversal attacks against Microsoft IIS, and older Solaris exploits. I particularly enjoyed the SQL server attack (challenge 7), and the thorough description of the sadmind worm (challenge 8). I liked the Macintosh case (challenge 15), but wished for coverage of OS X. Finally, the need for network security monitoring via intrusion detection system was wisely emphasized in many "solutions."
"Hacker's Challenge" isn't perfect, however. HK.exe, mentioned in challenge 10, exploits the "spoofed LPC port request" vulnerability of MS00-003, and doesn't involve directory traversal or Unicode. While an old Checkpoint ACK flood vulnerability was well explained (challenge 17), one of the references pointed to an unrelated IP fragmentation vulnerability. Also, the lead author should change his reference to the Air Force Information Warfare Center from "AFWIC" to AFIWC. He might also re-evaluate his interest in the TAB soft drink. (Read challenge 20!)
I plan to incorporate "Hacker's Challenge" into my analyst development program. I believe challenges 1,4,5,8,12,13, and 16 are suitable for tier one personnel. Challenges 2,3,6,10,11,14,15,17 and 18 are suitable for tier two staff. Tier three personnel may enjoy challenges 7,9,19, and 20. I look forward to second and third follow-on books to further enrich the security community.
(Disclaimer: I received a free review copy from the publisher.)
Rating:
Summary: GOOD Book
Review: I have read many books about network security, but none had put it so easy to actually test the knowledge gain from my reading.
I would recommend this book to any tech guy entrusted with the security of any network of any site. This is the complement book for hacker exposed
Rating:
Summary: More useful than a kick in the nuts.
Review: I've had many a kick in the nuts, and they range from bothersome to excruciating, like many computer security texts. This book superceeded all those kicks in the nuts, and even beat out most punches in the face. After I read chapter 5 on wireless security, I threw my pager out the window and cursed the name of its inventor for the security issues it had introduced into my network. From here on out, it's only semaphores for communication, and nothing else!
Rating:
Summary: A Wild Ride!
Review: Keeps you on the edge of your seat! Packed with non-stop hacker action from cover to cover. It's also RED, and as you all know, all good hacker books are RED. Looks very intimidating on the shelf. Set it next to your CISSP Exam Prep book for the ultimate bookshelf experience. I pity the foo who doesn't buy this book!
|
