Maximum Security, Fourth Edition

Whatever. I think the book is good. (No doubt, there are some errors. Utilities often get grouped into the wrong categories and such, but overall, the book is very good).

I bought it just for the bibiographical section at the back, which is almost 40 pages. There's also several hundred (maybe a thousand, I am not so sure) tools described. The book also shows the locations of these and that's very useful. It would take weeks to track down all that stuff.

But, the reviewer from Maryland is mistaken. He's talking about 14 year olds like they're idiots and can barely spell UNIX. He needs to get a clue. In the book, the anonymous author meticulously discusses these "idiot" 14 year olds. They are the same _idiots_ that penetrated DoD computers this past month. (In fact, those kids probably bought a copy of Maximum Security. Maybe the FBI should check their bookshelf. :-) And these "14 year old idiots" consistently penetrate supposedly secure computer systems all over the world. Phreakers and Hackers have historically always been young people. So, I have this to say: if the only people buying Maximum Securityare 14 year olds, then we have a problem. Becausde, the rule used to be that a kid had to search high and low through 2600, Phrack nd a million other on-line zines to learn someting. Maximum Security has totally dipensed with that process. The book is an instant hack manual. There is no better intro to hacking, period. I think detractors are just jealous they didn't write the book.

Rating:
Summary: Too general
Review: Almost every chapter describes in long elaborate paragraphs, stating the seriousness and the effects of how something could cause damage to your system. But if you trim down all the words, it basically just says "you know hacking is bad, but we like to show off our writing skills so you can learn how to say it like a snobbish aristocrat." You can find much better information almost anywhere on internet. This book is written for amateur IT managerial debutantes who have no clue what is a computer besides having taken a keyboarding class in college and simply need to impress the boss so he can keep his job. Get "Hacking Expose: Second Edtion" instead, you'll learn how to actually accomplish something.

Rating:
Summary: This guy knows his UNIX...
Review: I have been a UNIX Administrator for more than 10 years. I have have worked for major banks around the world and always put my highest priority on Security. After reading Maximum Security (3rd Edition) I am a bit worried. I thought I had a firm grasp on UNIX Security...I have been proven wrong. This author goes into great detail and depth concerning the various vulnerabilities of a UNIX operating system. He covers the "basics" - mistakes an amateur administrator would make, as well as (what I call) "the epicenter" - vulnerabilities which can only be understood at the conceptual level. Since reading M.S., I have revisited my configurations and have found that I have left many, many holes unpatched. My employer and I thank you very much. I can't wait for the next edition!

Rating:
Summary: Good place to start Hacking 101
Review: Maximum Security is one of those books that generate a lot of debate among readers. Business management types (AKA suits) would conjecture that the book is simply a nefarious cookbook for those who want a quick and dirty introduction to hacking and systems penetration. Engineers and experienced systems administrators would argue that the book is not deep enough for their needs. Both sides are right.

For the most part, Maximum Security is geared toward systems administrators who need to know how to secure their individual systems, but lack experience with information systems security. Those who are learning about information systems security and want to get their hands wet with hacking tools and concepts will find Maximum Security a good starting point. The book is an interesting read and has loads of information, including a plethora of links for further information. Each chapter lists many tools (both black, gray, and white hat) and additional resources for deeper information. But, those readers who want to understand how to design and engineer secure systems will likely find that the book does not meet their needs.

In Maximum Security, the author (Anonymous, with help from13 contributors) discusses an overview of systems security, and then describes the line of attack a hacker would use to penetrate a system. The downside to having so many contributors is that, with so many different authors, there is not a consistent style and methodology. (A similar title, Hacking Exposed has only three authors and a more methodical and systematic style). This lack of consistency between chapters is not a major concern when looking at individual systems, but when attempting to secure an enterprise with a single methodology, such an approach is often problematic.

The first three parts of the book provide a generic introduction to information systems security and the various threats and vulnerabilities associated with it. Parts four and five get into the nitty gritty of how attacks are carried out. The authors detail vulnerabilities and shortcomings of different types of systems, from firewalls and intrusion detection systems, to network operating systems (Solaris, Windows NT/2000, NetWare) and routers.

Chapter 20 provides a good introduction to the various issues with Unix security. While a lot of different topics are discussed (file system security, network services, host lockdown, and more), none of them are discussed in comprehensive detail.

Nicholas Raba, the author of Chapter 23 on Macintosh does a great job of destroying the myth of the presumed security invincibility of the Macintosh platform. Many people have the false assumption that the Macintosh is somehow more secure than Windows NT and Solaris. Raba astutely notes that for every hack that exists for the PC, there is an equivalent hack for the Mac.

CD-ROMs that accompany books are often of dubious value and only increase the cost of the book. However, the CD-ROM that comes with Maximum Security provides links, tools, and resources discussed in the book that are organized by chapter. It also contains over 25 different hacking and security tools.

One shortcoming of Maximum Security is that, although it provides hundreds of references and URLs, the reader does not come away with a clear understanding of the underlying techniques and methods necessary for the design and rollout of secure systems. The bulk of the book, with its underlying hacker mentality, focuses on security minutiae that make systems vulnerable. The book does not discuss high-level methods and strategies to resolve and ameliorate those security minutiae... Furthermore, Maximum Security does not get into the low-level programming details of how the described vulnerabilities work...Nonetheless, for those who want to experience the feel of hacking and use the tools that real-live hackers often use, Maximum Security is a good place to start.

Rating:
Summary: Includes clear, to the point descriptions
Review: Now in a completely updated third edition, Maximum Security: A Hacker's Guide To Protecting Your Internet Site And Network provides comprehensive, platform-by-platform coverage of security issues, and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. A complete and "user friendly" instruction and eference manual, security managers and others interested in computer and network security can learn everything the hackers already know, and then take steps to protect their systems. Very highly recommended for personal and professional computer security and safety reference collections. User Level: Intermediate-Advanced. 896 pp.

Rating:
Summary: Knock it all you want, still worth its money
Review: Ok, some people said it, the book isn't perfect in an absolute sense. But compare it with other books out there and it's clearly the most real-world reference. Most NT security books merely echo Redmond's news releases and material readily (and free) available on the net. Though more Unix oriented than NT, it discusses plenty of issues that are NOS-independent and apply to everybody. Even if you only care about NT, most hacks will come from Unix/Linux systems. Knowing what tools are available for these platforms is a must, and this book tells you. The only problem is that there are dozens of hacks discovered since the book was written so it's not entirely up to date. Maybe "Anonymous" will get back to the word processor and write a sequel. And can someone tell us what the "secret message about the internet" is already? I'm sooo curious.

Rating:
Summary: Essential information and a lot of it
Review: Security is an enormous task, the amount of information in this book, both written and referenced, is intimidating. Furthermore, the reality that it is necessary for your survival can raise your blood pressure and the number of hours you lay awake at night. Fortunately, it is not necessary to do it all at once and there are software tools that can make the scanning for security problems much easier.
This book contains complete descriptions of the most common forms of computer security problems, including how attackers use the weaknesses and links to additional information. Computer security is an area of computing that is very close to the shadowy world of spies and secret agents. Fourteen contributors other than the lead author are listed on the inside front cover, four of which are not pictured. The lead author is also listed as anonymous.
In terms of content, the descriptions are complete, both in coverage and detail. Somewhere, somehow, the people who manage the IT facilities at organizations must make contact with the material in this book and it is as good a place as any to do so. The authors also do an excellent job in aggregating references to more detailed explanations of the various areas of security. You could literally spend weeks following all the research paths listed for most of the topics.
The only people who can afford to do nothing are those who have nothing. Everyone else should read this book and take the appropriate actions to protect themselves.

Rating:
Summary: Packed with quality links to specific information
Review: There is no task more daunting than one that is fundamentally impossible, extensive and yet necessary. Computer security is like that, as the only secure computer is one that is disconnected from all power sources. The moment it is powered up in a mode that allows useful work to be done, it becomes vulnerable. Furthermore, the number of ways it is vulnerable is effectively infinite, meaning that the number is so large and complex, that it is not possible to handle them all. Finally, it is necessary, as the world is full of a large number of people whose sole purpose in life seems to be to cause as much damage and frustration as they possibly can. Therefore, there is no choice but to apply as many security features as possible to all our computer systems.
This book is an overview of the primary aspects of computer security. Split up into the six broad categories: security concepts, hacking 101, a defender's toolkit, weapons of mass destruction, architecture, platforms and security; and security and integrated services, there is also an extensive bibliography of websites, books and software. If you are interested in an overview of computer security, then this book will provide it.
However, the main value that I get from the book is from the links to more detailed information. I recently taught a special topics course in computer security and I found it invaluable in tracking down detailed information concerning topics such as specific types of distributed denial of service attacks, steganography, password cracking dictionaries and communication protocols. The encyclopedia form of the book makes it very valuable as a primary initial reference.
Useful as an overview for people seeking their first knowledge of computer security, this book will also have value for the IT worker who needs pointers to specific information regarding computer security.

Rating:
Summary: Only one piece of the puzzle
Review: This is a very good book, a bit general, but covers a lot of inportant topics, such as sections of major OSs and a large meaty portion on urls, and lists of various kinds.

Don't get me wrong this is a very good book, but in order to get the best out of it you really must use the links in it. And there are thousands of them. Just reading the book will not make you an expert, or a hacker. For this reason it is a excellent starting book on security, giving a whole host of information, abeit some sections are outdated, for instance VAX/VMS systems (or that may just be my ignorance).

Overral yes, I would heartily reccomend this book to any aspiring hacker, systems administrator, or security professional, but you will have to use your own iniative to get the best out of this book.

Rating:
Summary: A practitioner's point of view...
Review: Well, I have bought every version of this book since the first and continue to find reasons enclosed to keep it on my bookshelf. I even own Maximum Linux Security. Yep. It's excellent as well.

Not only does the book give you a good feel about where to find the tools of the trade it also gives you insight into their usage.

I regularly investigate computer-based instrusions and find that many of the concepts included in these chapters are enclosed.

I cut my teeth on this series of books a few years ago and continue to keep my skills fresh with them today.

I belieive in this book. I think any serious practitioner should at least browse it to see what he or she is missing. Loved it - Keep them coming.

I'm looking forward to seeing if this edition has anything on the latest exploits concerning the use of Nimda/Code Red/Unicode invasions that I am seeing in conjunction with Scanner Tools and remote control utilities is discussed or not... IRC-Scripters...

Anyone have info contact me ...Thanks...